The following issues were found
Userland/Utilities/test-crypto.cpp
14 issues
Line: 130
Column: 33
CWE codes:
362
warnln("File does not exist");
return 1;
}
auto file = Core::File::open(filename, Core::OpenMode::ReadOnly);
if (file.is_error()) {
warnln("Failed to open {}: {}", filename, file.error());
return 1;
}
auto buffer = file.value()->read_all();
Reported by FlawFinder.
Line: 420
Column: 41
CWE codes:
362
warnln("Nonexistent CA certs file '{}'", ca_certs_file);
return 1;
}
auto config = Core::ConfigFile::open(ca_certs_file);
auto now = Core::DateTime::now();
auto last_year = Core::DateTime::create(now.year() - 1);
auto next_year = Core::DateTime::create(now.year() + 1);
for (auto& entity : config->groups()) {
Certificate cert;
Reported by FlawFinder.
Line: 469
Column: 45
CWE codes:
362
warnln("Nonexistent CA certs file '{}'", ca_certs_file);
return 1;
}
auto config = Core::ConfigFile::open(ca_certs_file);
auto now = Core::DateTime::now();
auto last_year = Core::DateTime::create(now.year() - 1);
auto next_year = Core::DateTime::create(now.year() + 1);
for (auto& entity : config->groups()) {
Certificate cert;
Reported by FlawFinder.
Line: 2682
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
I_TEST((BigInteger | BigEndian Export));
auto number = "448378203247"_bigint;
char exported[8] { 0 };
auto exported_length = number.export_data({ exported, 8 }, true);
if (exported_length == 5 && memcmp(exported + 3, "hello", 5) == 0) {
PASS;
} else {
FAIL(Invalid value);
Reported by FlawFinder.
Line: 151
Column: 31
CWE codes:
120
20
tls->set_root_certificates(s_root_ca_certificates);
tls->connect(server ?: DEFAULT_SERVER, port);
tls->on_tls_ready_to_read = [](auto& tls) {
auto buffer = tls.read();
if (buffer.has_value())
out("{}", StringView { buffer->data(), buffer->size() });
};
tls->on_tls_ready_to_write = [&](auto&) {
if (write.size()) {
Reported by FlawFinder.
Line: 503
Column: 17
CWE codes:
126
warnln("Invalid key size for AES: {}", key_bits);
return 1;
}
if (strlen(secret_key) != (size_t)key_bits / 8) {
warnln("Key must be exactly {} bytes long", key_bits / 8);
return 1;
}
return run(aes_cbc);
}
Reported by FlawFinder.
Line: 659
Column: 23
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
auto out_span = out.bytes();
cipher.encrypt(in, out_span, iv);
if (out.size() != sizeof(result))
FAIL(size mismatch);
else if (memcmp(out_span.data(), result, out_span.size()) != 0) {
FAIL(invalid data);
print_buffer(out_span, Crypto::Cipher::AESCipher::block_size());
} else
PASS;
Reported by FlawFinder.
Line: 722
Column: 32
CWE codes:
126
auto iv = ByteBuffer::create_zeroed(Crypto::Cipher::AESCipher::block_size());
auto out_span = out.bytes();
cipher.decrypt(in, out_span, iv);
if (out_span.size() != strlen(true_value)) {
FAIL(size mismatch);
outln("Expected {} bytes but got {}", strlen(true_value), out_span.size());
} else if (memcmp(out_span.data(), true_value, strlen(true_value)) != 0) {
FAIL(invalid data);
print_buffer(out_span, Crypto::Cipher::AESCipher::block_size());
Reported by FlawFinder.
Line: 723
Column: 23
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
auto out_span = out.bytes();
cipher.decrypt(in, out_span, iv);
if (out_span.size() != strlen(true_value)) {
FAIL(size mismatch);
outln("Expected {} bytes but got {}", strlen(true_value), out_span.size());
} else if (memcmp(out_span.data(), true_value, strlen(true_value)) != 0) {
FAIL(invalid data);
print_buffer(out_span, Crypto::Cipher::AESCipher::block_size());
} else
Reported by FlawFinder.
Line: 724
Column: 51
CWE codes:
126
cipher.decrypt(in, out_span, iv);
if (out_span.size() != strlen(true_value)) {
FAIL(size mismatch);
outln("Expected {} bytes but got {}", strlen(true_value), out_span.size());
} else if (memcmp(out_span.data(), true_value, strlen(true_value)) != 0) {
FAIL(invalid data);
print_buffer(out_span, Crypto::Cipher::AESCipher::block_size());
} else
PASS;
Reported by FlawFinder.
Userland/Libraries/LibSQL/Heap.cpp
14 issues
Line: 34
Column: 38
CWE codes:
362
if (file_size > 0)
m_next_block = m_end_of_file = file_size / BLOCKSIZE;
auto file_or_error = Core::File::open(name(), Core::OpenMode::ReadWrite);
if (file_or_error.is_error()) {
warnln("Couldn't open '{}': {}", name(), file_or_error.error());
VERIFY_NOT_REACHED();
}
m_file = file_or_error.value();
Reported by FlawFinder.
Line: 149
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void Heap::read_zero_block()
{
char file_id[256];
auto bytes_or_error = read_block(0);
if (bytes_or_error.is_error())
VERIFY_NOT_REACHED();
auto buffer = bytes_or_error.value();
memcpy(file_id, buffer.offset_pointer(0), strlen(FILE_ID));
Reported by FlawFinder.
Line: 154
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (bytes_or_error.is_error())
VERIFY_NOT_REACHED();
auto buffer = bytes_or_error.value();
memcpy(file_id, buffer.offset_pointer(0), strlen(FILE_ID));
file_id[strlen(FILE_ID)] = 0;
if (strncmp(file_id, FILE_ID, strlen(FILE_ID)) != 0) {
warnln("Corrupt zero page in {}", name());
VERIFY_NOT_REACHED();
}
Reported by FlawFinder.
Line: 161
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
VERIFY_NOT_REACHED();
}
dbgln_if(SQL_DEBUG, "Read zero block from {}", name());
memcpy(&m_version, buffer.offset_pointer(VERSION_OFFSET), sizeof(u32));
dbgln_if(SQL_DEBUG, "Version: {}.{}", (m_version & 0xFFFF0000) >> 16, (m_version & 0x0000FFFF));
memcpy(&m_schemas_root, buffer.offset_pointer(SCHEMAS_ROOT_OFFSET), sizeof(u32));
dbgln_if(SQL_DEBUG, "Schemas root node: {}", m_tables_root);
memcpy(&m_tables_root, buffer.offset_pointer(TABLES_ROOT_OFFSET), sizeof(u32));
dbgln_if(SQL_DEBUG, "Tables root node: {}", m_tables_root);
Reported by FlawFinder.
Line: 163
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dbgln_if(SQL_DEBUG, "Read zero block from {}", name());
memcpy(&m_version, buffer.offset_pointer(VERSION_OFFSET), sizeof(u32));
dbgln_if(SQL_DEBUG, "Version: {}.{}", (m_version & 0xFFFF0000) >> 16, (m_version & 0x0000FFFF));
memcpy(&m_schemas_root, buffer.offset_pointer(SCHEMAS_ROOT_OFFSET), sizeof(u32));
dbgln_if(SQL_DEBUG, "Schemas root node: {}", m_tables_root);
memcpy(&m_tables_root, buffer.offset_pointer(TABLES_ROOT_OFFSET), sizeof(u32));
dbgln_if(SQL_DEBUG, "Tables root node: {}", m_tables_root);
memcpy(&m_table_columns_root, buffer.offset_pointer(TABLE_COLUMNS_ROOT_OFFSET), sizeof(u32));
dbgln_if(SQL_DEBUG, "Table columns root node: {}", m_table_columns_root);
Reported by FlawFinder.
Line: 165
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dbgln_if(SQL_DEBUG, "Version: {}.{}", (m_version & 0xFFFF0000) >> 16, (m_version & 0x0000FFFF));
memcpy(&m_schemas_root, buffer.offset_pointer(SCHEMAS_ROOT_OFFSET), sizeof(u32));
dbgln_if(SQL_DEBUG, "Schemas root node: {}", m_tables_root);
memcpy(&m_tables_root, buffer.offset_pointer(TABLES_ROOT_OFFSET), sizeof(u32));
dbgln_if(SQL_DEBUG, "Tables root node: {}", m_tables_root);
memcpy(&m_table_columns_root, buffer.offset_pointer(TABLE_COLUMNS_ROOT_OFFSET), sizeof(u32));
dbgln_if(SQL_DEBUG, "Table columns root node: {}", m_table_columns_root);
memcpy(&m_free_list, buffer.offset_pointer(FREE_LIST_OFFSET), sizeof(u32));
dbgln_if(SQL_DEBUG, "Free list: {}", m_free_list);
Reported by FlawFinder.
Line: 167
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dbgln_if(SQL_DEBUG, "Schemas root node: {}", m_tables_root);
memcpy(&m_tables_root, buffer.offset_pointer(TABLES_ROOT_OFFSET), sizeof(u32));
dbgln_if(SQL_DEBUG, "Tables root node: {}", m_tables_root);
memcpy(&m_table_columns_root, buffer.offset_pointer(TABLE_COLUMNS_ROOT_OFFSET), sizeof(u32));
dbgln_if(SQL_DEBUG, "Table columns root node: {}", m_table_columns_root);
memcpy(&m_free_list, buffer.offset_pointer(FREE_LIST_OFFSET), sizeof(u32));
dbgln_if(SQL_DEBUG, "Free list: {}", m_free_list);
memcpy(m_user_values.data(), buffer.offset_pointer(USER_VALUES_OFFSET), m_user_values.size() * sizeof(u32));
for (auto ix = 0u; ix < m_user_values.size(); ix++) {
Reported by FlawFinder.
Line: 169
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dbgln_if(SQL_DEBUG, "Tables root node: {}", m_tables_root);
memcpy(&m_table_columns_root, buffer.offset_pointer(TABLE_COLUMNS_ROOT_OFFSET), sizeof(u32));
dbgln_if(SQL_DEBUG, "Table columns root node: {}", m_table_columns_root);
memcpy(&m_free_list, buffer.offset_pointer(FREE_LIST_OFFSET), sizeof(u32));
dbgln_if(SQL_DEBUG, "Free list: {}", m_free_list);
memcpy(m_user_values.data(), buffer.offset_pointer(USER_VALUES_OFFSET), m_user_values.size() * sizeof(u32));
for (auto ix = 0u; ix < m_user_values.size(); ix++) {
if (m_user_values[ix]) {
dbgln_if(SQL_DEBUG, "User value {}: {}", ix, m_user_values[ix]);
Reported by FlawFinder.
Line: 171
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dbgln_if(SQL_DEBUG, "Table columns root node: {}", m_table_columns_root);
memcpy(&m_free_list, buffer.offset_pointer(FREE_LIST_OFFSET), sizeof(u32));
dbgln_if(SQL_DEBUG, "Free list: {}", m_free_list);
memcpy(m_user_values.data(), buffer.offset_pointer(USER_VALUES_OFFSET), m_user_values.size() * sizeof(u32));
for (auto ix = 0u; ix < m_user_values.size(); ix++) {
if (m_user_values[ix]) {
dbgln_if(SQL_DEBUG, "User value {}: {}", ix, m_user_values[ix]);
}
}
Reported by FlawFinder.
Line: 56
Column: 24
CWE codes:
120
20
dbgln_if(SQL_DEBUG, "Read heap block {}", block);
if (!seek_block(block))
VERIFY_NOT_REACHED();
auto ret = m_file->read(BLOCKSIZE);
if (ret.is_empty())
return String("Could not read block");
return ret;
}
Reported by FlawFinder.
Userland/Libraries/LibGfx/Bitmap.cpp
13 issues
Line: 142
#define __ENUMERATE_IMAGE_FORMAT(Name, Ext) \
if (path.ends_with(Ext, CaseSensitivity::CaseInsensitive)) \
return load_##Name(path);
ENUMERATE_IMAGE_FORMATS
#undef __ENUMERATE_IMAGE_FORMAT
return nullptr;
}
Reported by Cppcheck.
Line: 241
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return {};
bitmap->m_palette = new RGBA32[palette_size];
memcpy(bitmap->m_palette, palette.data(), palette_size * sizeof(RGBA32));
data.copy_to({ bitmap->scanline(0), bitmap->size_in_bytes() });
return bitmap;
}
Reported by FlawFinder.
Line: 300
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return nullptr;
VERIFY(size_in_bytes() == new_bitmap->size_in_bytes());
memcpy(new_bitmap->scanline(0), scanline(0), size_in_bytes());
return new_bitmap;
}
RefPtr<Gfx::Bitmap> Bitmap::rotated(Gfx::RotationDirection rotation_direction) const
Reported by FlawFinder.
Line: 491
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
auto bitmap = Bitmap::try_create_with_anonymous_buffer(m_format, move(buffer), size(), scale(), palette_to_vector());
if (!bitmap)
return nullptr;
memcpy(bitmap->scanline(0), scanline(0), size_in_bytes());
return bitmap;
}
Bitmap::~Bitmap()
{
Reported by FlawFinder.
Line: 597
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
m_palette = new RGBA32[size];
if (!source_palette.is_empty()) {
VERIFY(source_palette.size() == size);
memcpy(m_palette, source_palette.data(), size * sizeof(RGBA32));
}
}
Vector<RGBA32> Bitmap::palette_to_vector() const
{
Reported by FlawFinder.
Line: 211
Column: 20
CWE codes:
120
20
Vector<RGBA32> palette;
auto read = [&]<typename T>(T& value) {
if (stream.read({ &value, sizeof(T) }) != sizeof(T))
return false;
return true;
};
if (!read(actual_size) || !read(width) || !read(height) || !read(scale_factor) || !read(format) || !read(palette_size))
Reported by FlawFinder.
Line: 216
Column: 105
CWE codes:
120
20
return true;
};
if (!read(actual_size) || !read(width) || !read(height) || !read(scale_factor) || !read(format) || !read(palette_size))
return nullptr;
if (format > BitmapFormat::BGRA8888 || format < BitmapFormat::Indexed1)
return nullptr;
Reported by FlawFinder.
Line: 216
Column: 32
CWE codes:
120
20
return true;
};
if (!read(actual_size) || !read(width) || !read(height) || !read(scale_factor) || !read(format) || !read(palette_size))
return nullptr;
if (format > BitmapFormat::BGRA8888 || format < BitmapFormat::Indexed1)
return nullptr;
Reported by FlawFinder.
Line: 216
Column: 10
CWE codes:
120
20
return true;
};
if (!read(actual_size) || !read(width) || !read(height) || !read(scale_factor) || !read(format) || !read(palette_size))
return nullptr;
if (format > BitmapFormat::BGRA8888 || format < BitmapFormat::Indexed1)
return nullptr;
Reported by FlawFinder.
Line: 216
Column: 48
CWE codes:
120
20
return true;
};
if (!read(actual_size) || !read(width) || !read(height) || !read(scale_factor) || !read(format) || !read(palette_size))
return nullptr;
if (format > BitmapFormat::BGRA8888 || format < BitmapFormat::Indexed1)
return nullptr;
Reported by FlawFinder.
Kernel/FileSystem/VirtualFileSystem.cpp
12 issues
Line: 463
Column: 28
CWE codes:
362
Suggestion:
Use fchmod( ) instead
return custody;
}
KResult VirtualFileSystem::chmod(Custody& custody, mode_t mode)
{
auto& inode = custody.inode();
auto& current_process = Process::current();
if (current_process.euid() != inode.metadata().uid && !current_process.is_superuser())
Reported by FlawFinder.
Line: 475
Column: 18
CWE codes:
362
Suggestion:
Use fchmod( ) instead
// Only change the permission bits.
mode = (inode.mode() & ~07777u) | (mode & 07777u);
return inode.chmod(mode);
}
KResult VirtualFileSystem::chmod(StringView path, mode_t mode, Custody& base)
{
auto custody_or_error = resolve_path(path, base);
Reported by FlawFinder.
Line: 478
Column: 28
CWE codes:
362
Suggestion:
Use fchmod( ) instead
return inode.chmod(mode);
}
KResult VirtualFileSystem::chmod(StringView path, mode_t mode, Custody& base)
{
auto custody_or_error = resolve_path(path, base);
if (custody_or_error.is_error())
return custody_or_error.error();
auto& custody = *custody_or_error.value();
Reported by FlawFinder.
Line: 484
Column: 12
CWE codes:
362
Suggestion:
Use fchmod( ) instead
if (custody_or_error.is_error())
return custody_or_error.error();
auto& custody = *custody_or_error.value();
return chmod(custody, mode);
}
KResult VirtualFileSystem::rename(StringView old_path, StringView new_path, Custody& base)
{
RefPtr<Custody> old_parent_custody;
Reported by FlawFinder.
Line: 585
Column: 28
CWE codes:
362
Suggestion:
Use fchown( ) instead
return KSuccess;
}
KResult VirtualFileSystem::chown(Custody& custody, uid_t a_uid, gid_t a_gid)
{
auto& inode = custody.inode();
auto metadata = inode.metadata();
auto& current_process = Process::current();
Reported by FlawFinder.
Line: 615
Column: 33
CWE codes:
362
Suggestion:
Use fchmod( ) instead
if (metadata.is_setuid() || metadata.is_setgid()) {
dbgln_if(VFS_DEBUG, "VirtualFileSystem::chown(): Stripping SUID/SGID bits from {}", inode.identifier());
if (auto result = inode.chmod(metadata.mode & ~(04000 | 02000)); result.is_error())
return result;
}
return inode.chown(new_uid, new_gid);
}
Reported by FlawFinder.
Line: 619
Column: 18
CWE codes:
362
Suggestion:
Use fchown( ) instead
return result;
}
return inode.chown(new_uid, new_gid);
}
KResult VirtualFileSystem::chown(StringView path, uid_t a_uid, gid_t a_gid, Custody& base)
{
auto custody_or_error = resolve_path(path, base);
Reported by FlawFinder.
Line: 622
Column: 28
CWE codes:
362
Suggestion:
Use fchown( ) instead
return inode.chown(new_uid, new_gid);
}
KResult VirtualFileSystem::chown(StringView path, uid_t a_uid, gid_t a_gid, Custody& base)
{
auto custody_or_error = resolve_path(path, base);
if (custody_or_error.is_error())
return custody_or_error.error();
auto& custody = *custody_or_error.value();
Reported by FlawFinder.
Line: 628
Column: 12
CWE codes:
362
Suggestion:
Use fchown( ) instead
if (custody_or_error.is_error())
return custody_or_error.error();
auto& custody = *custody_or_error.value();
return chown(custody, a_uid, a_gid);
}
static bool hard_link_allowed(const Inode& inode)
{
auto metadata = inode.metadata();
Reported by FlawFinder.
Line: 423
Column: 28
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return parent_inode.create_child(basename, S_IFDIR | mode, 0, current_process.euid(), current_process.egid()).result();
}
KResult VirtualFileSystem::access(StringView path, int mode, Custody& base)
{
auto custody_or_error = resolve_path(path, base);
if (custody_or_error.is_error())
return custody_or_error.error();
auto& custody = *custody_or_error.value();
Reported by FlawFinder.
Kernel/Memory/MemoryManager.cpp
12 issues
Line: 93
CWE codes:
570
{
ScopedSpinLock page_lock(kernel_page_directory().get_lock());
// Disable writing to the kernel text and rodata segments.
for (auto i = start_of_kernel_text; i < start_of_kernel_data; i += PAGE_SIZE) {
auto& pte = *ensure_pte(kernel_page_directory(), VirtualAddress(i));
pte.set_writable(false);
}
if (Processor::current().has_feature(CPUFeature::NX)) {
// Disable execution of the kernel data, bss and heap segments.
Reported by Cppcheck.
Line: 99
CWE codes:
570
}
if (Processor::current().has_feature(CPUFeature::NX)) {
// Disable execution of the kernel data, bss and heap segments.
for (auto i = start_of_kernel_data; i < end_of_kernel_image; i += PAGE_SIZE) {
auto& pte = *ensure_pte(kernel_page_directory(), VirtualAddress(i));
pte.set_execute_disabled(true);
}
}
}
Reported by Cppcheck.
Line: 702
Column: 110
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return region->handle_fault(fault);
}
OwnPtr<Region> MemoryManager::allocate_contiguous_kernel_region(size_t size, StringView name, Region::Access access, Region::Cacheable cacheable)
{
VERIFY(!(size % PAGE_SIZE));
ScopedSpinLock lock(kernel_page_directory().get_lock());
auto range = kernel_page_directory().range_allocator().allocate_anywhere(size);
if (!range.has_value())
Reported by FlawFinder.
Line: 715
Column: 102
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
// FIXME: Would be nice to be able to return a KResultOr from here.
return {};
}
return allocate_kernel_region_with_vmobject(range.value(), maybe_vmobject.release_value(), name, access, cacheable);
}
OwnPtr<Region> MemoryManager::allocate_kernel_region(size_t size, StringView name, Region::Access access, AllocationStrategy strategy, Region::Cacheable cacheable)
{
VERIFY(!(size % PAGE_SIZE));
Reported by FlawFinder.
Line: 718
Column: 99
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return allocate_kernel_region_with_vmobject(range.value(), maybe_vmobject.release_value(), name, access, cacheable);
}
OwnPtr<Region> MemoryManager::allocate_kernel_region(size_t size, StringView name, Region::Access access, AllocationStrategy strategy, Region::Cacheable cacheable)
{
VERIFY(!(size % PAGE_SIZE));
auto maybe_vm_object = AnonymousVMObject::try_create_with_size(size, strategy);
if (maybe_vm_object.is_error())
return {};
Reported by FlawFinder.
Line: 728
Column: 103
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
auto range = kernel_page_directory().range_allocator().allocate_anywhere(size);
if (!range.has_value())
return {};
return allocate_kernel_region_with_vmobject(range.value(), maybe_vm_object.release_value(), name, access, cacheable);
}
OwnPtr<Region> MemoryManager::allocate_kernel_region(PhysicalAddress paddr, size_t size, StringView name, Region::Access access, Region::Cacheable cacheable)
{
auto maybe_vm_object = AnonymousVMObject::try_create_for_physical_range(paddr, size);
Reported by FlawFinder.
Line: 731
Column: 122
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return allocate_kernel_region_with_vmobject(range.value(), maybe_vm_object.release_value(), name, access, cacheable);
}
OwnPtr<Region> MemoryManager::allocate_kernel_region(PhysicalAddress paddr, size_t size, StringView name, Region::Access access, Region::Cacheable cacheable)
{
auto maybe_vm_object = AnonymousVMObject::try_create_for_physical_range(paddr, size);
if (maybe_vm_object.is_error())
return {};
VERIFY(!(size % PAGE_SIZE));
Reported by FlawFinder.
Line: 741
Column: 103
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
auto range = kernel_page_directory().range_allocator().allocate_anywhere(size);
if (!range.has_value())
return {};
return allocate_kernel_region_with_vmobject(range.value(), maybe_vm_object.release_value(), name, access, cacheable);
}
OwnPtr<Region> MemoryManager::allocate_kernel_region_with_vmobject(VirtualRange const& range, VMObject& vmobject, StringView name, Region::Access access, Region::Cacheable cacheable)
{
auto maybe_region = Region::try_create_kernel_only(range, vmobject, 0, KString::try_create(name), access, cacheable);
Reported by FlawFinder.
Line: 744
Column: 147
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return allocate_kernel_region_with_vmobject(range.value(), maybe_vm_object.release_value(), name, access, cacheable);
}
OwnPtr<Region> MemoryManager::allocate_kernel_region_with_vmobject(VirtualRange const& range, VMObject& vmobject, StringView name, Region::Access access, Region::Cacheable cacheable)
{
auto maybe_region = Region::try_create_kernel_only(range, vmobject, 0, KString::try_create(name), access, cacheable);
if (maybe_region.is_error())
return {};
Reported by FlawFinder.
Line: 746
Column: 103
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
OwnPtr<Region> MemoryManager::allocate_kernel_region_with_vmobject(VirtualRange const& range, VMObject& vmobject, StringView name, Region::Access access, Region::Cacheable cacheable)
{
auto maybe_region = Region::try_create_kernel_only(range, vmobject, 0, KString::try_create(name), access, cacheable);
if (maybe_region.is_error())
return {};
auto region = maybe_region.release_value();
region->map(kernel_page_directory());
Reported by FlawFinder.
Kernel/Memory/Region.cpp
11 issues
Line: 22
Column: 141
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
namespace Kernel::Memory {
Region::Region(VirtualRange const& range, NonnullRefPtr<VMObject> vmobject, size_t offset_in_vmobject, OwnPtr<KString> name, Region::Access access, Cacheable cacheable, bool shared)
: m_range(range)
, m_offset_in_vmobject(offset_in_vmobject)
, m_vmobject(move(vmobject))
, m_name(move(name))
, m_access(access | ((access & 0x7) << 4))
Reported by FlawFinder.
Line: 27
Column: 16
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
, m_offset_in_vmobject(offset_in_vmobject)
, m_vmobject(move(vmobject))
, m_name(move(name))
, m_access(access | ((access & 0x7) << 4))
, m_shared(shared)
, m_cacheable(cacheable == Cacheable::Yes)
{
VERIFY(m_range.base().is_page_aligned());
VERIFY(m_range.size());
Reported by FlawFinder.
Line: 27
Column: 27
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
, m_offset_in_vmobject(offset_in_vmobject)
, m_vmobject(move(vmobject))
, m_name(move(name))
, m_access(access | ((access & 0x7) << 4))
, m_shared(shared)
, m_cacheable(cacheable == Cacheable::Yes)
{
VERIFY(m_range.base().is_page_aligned());
VERIFY(m_range.size());
Reported by FlawFinder.
Line: 64
Column: 107
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
// Create a new region backed by the same VMObject.
auto maybe_region = Region::try_create_user_accessible(
m_range, m_vmobject, m_offset_in_vmobject, m_name ? m_name->try_clone() : OwnPtr<KString> {}, access(), m_cacheable ? Cacheable::Yes : Cacheable::No, m_shared);
if (maybe_region.is_error()) {
dbgln("Region::clone: Unable to allocate new Region");
return maybe_region.error();
}
Reported by FlawFinder.
Line: 88
Column: 107
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
// Set up a COW region. The parent (this) region becomes COW as well!
remap();
auto maybe_clone_region = Region::try_create_user_accessible(
m_range, vmobject_clone, m_offset_in_vmobject, m_name ? m_name->try_clone() : OwnPtr<KString> {}, access(), m_cacheable ? Cacheable::Yes : Cacheable::No, m_shared);
if (maybe_clone_region.is_error()) {
dbgln("Region::clone: Unable to allocate new Region for COW");
return maybe_clone_region.error();
}
auto clone_region = maybe_clone_region.release_value();
Reported by FlawFinder.
Line: 151
Column: 194
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return bytes;
}
KResultOr<NonnullOwnPtr<Region>> Region::try_create_user_accessible(VirtualRange const& range, NonnullRefPtr<VMObject> vmobject, size_t offset_in_vmobject, OwnPtr<KString> name, Region::Access access, Cacheable cacheable, bool shared)
{
return adopt_nonnull_own_or_enomem(new (nothrow) Region(range, move(vmobject), offset_in_vmobject, move(name), access, cacheable, shared));
}
KResultOr<NonnullOwnPtr<Region>> Region::try_create_kernel_only(VirtualRange const& range, NonnullRefPtr<VMObject> vmobject, size_t offset_in_vmobject, OwnPtr<KString> name, Region::Access access, Cacheable cacheable)
Reported by FlawFinder.
Line: 153
Column: 116
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
KResultOr<NonnullOwnPtr<Region>> Region::try_create_user_accessible(VirtualRange const& range, NonnullRefPtr<VMObject> vmobject, size_t offset_in_vmobject, OwnPtr<KString> name, Region::Access access, Cacheable cacheable, bool shared)
{
return adopt_nonnull_own_or_enomem(new (nothrow) Region(range, move(vmobject), offset_in_vmobject, move(name), access, cacheable, shared));
}
KResultOr<NonnullOwnPtr<Region>> Region::try_create_kernel_only(VirtualRange const& range, NonnullRefPtr<VMObject> vmobject, size_t offset_in_vmobject, OwnPtr<KString> name, Region::Access access, Cacheable cacheable)
{
return adopt_nonnull_own_or_enomem(new (nothrow) Region(range, move(vmobject), offset_in_vmobject, move(name), access, cacheable, false));
Reported by FlawFinder.
Line: 156
Column: 190
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return adopt_nonnull_own_or_enomem(new (nothrow) Region(range, move(vmobject), offset_in_vmobject, move(name), access, cacheable, shared));
}
KResultOr<NonnullOwnPtr<Region>> Region::try_create_kernel_only(VirtualRange const& range, NonnullRefPtr<VMObject> vmobject, size_t offset_in_vmobject, OwnPtr<KString> name, Region::Access access, Cacheable cacheable)
{
return adopt_nonnull_own_or_enomem(new (nothrow) Region(range, move(vmobject), offset_in_vmobject, move(name), access, cacheable, false));
}
bool Region::should_cow(size_t page_index) const
Reported by FlawFinder.
Line: 158
Column: 116
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
KResultOr<NonnullOwnPtr<Region>> Region::try_create_kernel_only(VirtualRange const& range, NonnullRefPtr<VMObject> vmobject, size_t offset_in_vmobject, OwnPtr<KString> name, Region::Access access, Cacheable cacheable)
{
return adopt_nonnull_own_or_enomem(new (nothrow) Region(range, move(vmobject), offset_in_vmobject, move(name), access, cacheable, false));
}
bool Region::should_cow(size_t page_index) const
{
if (!vmobject().is_anonymous())
Reported by FlawFinder.
Line: 320
Column: 15
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return PageFaultResponse::ShouldCrash;
}
VERIFY(fault.type() == PageFault::Type::ProtectionViolation);
if (fault.access() == PageFault::Access::Write && is_writable() && should_cow(page_index_in_region)) {
dbgln_if(PAGE_FAULT_DEBUG, "PV(cow) fault in Region({})[{}] at {}", this, page_index_in_region, fault.vaddr());
auto* phys_page = physical_page(page_index_in_region);
if (phys_page->is_shared_zero_page() || phys_page->is_lazy_committed_page()) {
dbgln_if(PAGE_FAULT_DEBUG, "NP(zero) fault in Region({})[{}] at {}", this, page_index_in_region, fault.vaddr());
return handle_zero_fault(page_index_in_region);
Reported by FlawFinder.
Userland/Libraries/LibGfx/BitmapFont.cpp
11 issues
Line: 127
CWE codes:
908
else
VERIFY_NOT_REACHED();
size_t count = glyph_count_by_type(type);
size_t bytes_per_glyph = sizeof(unsigned) * header.glyph_height;
auto* rows = const_cast<unsigned*>((const unsigned*)(data + sizeof(FontFileHeader)));
u8* widths = (u8*)(rows) + count * bytes_per_glyph;
return adopt_ref(*new BitmapFont(String(header.name), String(header.family), rows, widths, !header.is_variable_width, header.glyph_width, header.glyph_height, header.glyph_spacing, type, header.baseline, header.mean_line, header.presentation_size, header.weight));
Reported by Cppcheck.
Line: 132
CWE codes:
908
auto* rows = const_cast<unsigned*>((const unsigned*)(data + sizeof(FontFileHeader)));
u8* widths = (u8*)(rows) + count * bytes_per_glyph;
return adopt_ref(*new BitmapFont(String(header.name), String(header.family), rows, widths, !header.is_variable_width, header.glyph_width, header.glyph_height, header.glyph_spacing, type, header.baseline, header.mean_line, header.presentation_size, header.weight));
}
size_t BitmapFont::glyph_count_by_type(FontTypes type)
{
if (type == FontTypes::Default)
Reported by Cppcheck.
Line: 137
CWE codes:
908
size_t BitmapFont::glyph_count_by_type(FontTypes type)
{
if (type == FontTypes::Default)
return 256;
if (type == FontTypes::LatinExtendedA)
return 384;
Reported by Cppcheck.
Line: 17
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
namespace Gfx {
struct [[gnu::packed]] FontFileHeader {
char magic[4];
u8 glyph_width;
u8 glyph_height;
u8 type;
u8 is_variable_width;
u8 glyph_spacing;
Reported by FlawFinder.
Line: 27
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 mean_line;
u8 presentation_size;
u16 weight;
char name[32];
char family[32];
u16 unused;
};
static_assert(sizeof(FontFileHeader) == 80);
Reported by FlawFinder.
Line: 28
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 presentation_size;
u16 weight;
char name[32];
char family[32];
u16 unused;
};
static_assert(sizeof(FontFileHeader) == 80);
Reported by FlawFinder.
Line: 38
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
size_t bytes_per_glyph = sizeof(u32) * glyph_height();
auto* new_rows = static_cast<unsigned*>(kmalloc_array(m_glyph_count, bytes_per_glyph));
memcpy(new_rows, m_rows, bytes_per_glyph * m_glyph_count);
auto* new_widths = static_cast<u8*>(malloc(m_glyph_count));
memcpy(new_widths, m_glyph_widths, m_glyph_count);
return adopt_ref(*new BitmapFont(m_name, m_family, new_rows, new_widths, m_fixed_width, m_glyph_width, m_glyph_height, m_glyph_spacing, m_type, m_baseline, m_mean_line, m_presentation_size, m_weight, true));
}
Reported by FlawFinder.
Line: 40
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
auto* new_rows = static_cast<unsigned*>(kmalloc_array(m_glyph_count, bytes_per_glyph));
memcpy(new_rows, m_rows, bytes_per_glyph * m_glyph_count);
auto* new_widths = static_cast<u8*>(malloc(m_glyph_count));
memcpy(new_widths, m_glyph_widths, m_glyph_count);
return adopt_ref(*new BitmapFont(m_name, m_family, new_rows, new_widths, m_fixed_width, m_glyph_width, m_glyph_height, m_glyph_spacing, m_type, m_baseline, m_mean_line, m_presentation_size, m_weight, true));
}
NonnullRefPtr<BitmapFont> BitmapFont::create(u8 glyph_height, u8 glyph_width, bool fixed, FontTypes type)
{
Reported by FlawFinder.
Line: 192
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
FontFileHeader header;
memset(&header, 0, sizeof(FontFileHeader));
memcpy(header.magic, "!Fnt", 4);
header.glyph_width = m_glyph_width;
header.glyph_height = m_glyph_height;
header.type = m_type;
header.baseline = m_baseline;
header.mean_line = m_mean_line;
Reported by FlawFinder.
Line: 297
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t bytes_per_glyph = sizeof(u32) * glyph_height();
auto* new_rows = static_cast<unsigned*>(calloc(new_glyph_count, bytes_per_glyph));
memcpy(new_rows, m_rows, bytes_per_glyph * item_count_to_copy);
auto* new_widths = static_cast<u8*>(calloc(new_glyph_count, 1));
memcpy(new_widths, m_glyph_widths, item_count_to_copy);
kfree(m_rows);
Reported by FlawFinder.
Userland/Libraries/LibLine/Editor.cpp
11 issues
Line: 1269
ScopeGuard flush_stream {
[&] {
auto buffer = output_stream.copy_into_contiguous_buffer();
if (buffer.is_empty())
return;
fwrite(buffer.data(), sizeof(char), buffer.size(), stderr);
}
};
Reported by Cppcheck.
Line: 234
Column: 26
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
{
if (line.is_empty())
return;
String histcontrol = getenv("HISTCONTROL");
auto ignoredups = histcontrol == "ignoredups" || histcontrol == "ignoreboth";
auto ignorespace = histcontrol == "ignorespace" || histcontrol == "ignoreboth";
if (ignoredups && !m_history.is_empty() && line == m_history.last().entry)
return;
if (ignorespace && line.starts_with(' '))
Reported by FlawFinder.
Line: 525
Column: 26
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (!istty) {
m_configuration.set(Configuration::NonInteractive);
} else {
auto* term = getenv("TERM");
if (StringView { term }.starts_with("xterm"))
m_configuration.set(Configuration::Full);
else
m_configuration.set(Configuration::NoEscapeSequences);
}
Reported by FlawFinder.
Line: 252
Column: 24
CWE codes:
362
bool Editor::load_history(const String& path)
{
auto history_file = Core::File::construct(path);
if (!history_file->open(Core::OpenMode::ReadOnly))
return false;
auto data = history_file->read_all();
auto hist = StringView { data.data(), data.size() };
for (auto& str : hist.split_view("\n\n")) {
auto it = str.find("::").value_or(0);
Reported by FlawFinder.
Line: 311
Column: 42
CWE codes:
362
{
Vector<HistoryEntry> final_history { { "", 0 } };
{
auto file_or_error = Core::File::open(path, Core::OpenMode::ReadWrite, 0600);
if (file_or_error.is_error())
return false;
auto file = file_or_error.release_value();
merge(
file->line_begin(), file->line_end(), m_history.begin(), m_history.end(), final_history,
Reported by FlawFinder.
Line: 326
Column: 38
CWE codes:
362
[](const HistoryEntry& left, const HistoryEntry& right) { return left.timestamp < right.timestamp; });
}
auto file_or_error = Core::File::open(path, Core::OpenMode::WriteOnly, 0600);
if (file_or_error.is_error())
return false;
auto file = file_or_error.release_value();
final_history.take_first();
for (const auto& entry : final_history)
Reported by FlawFinder.
Line: 794
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void Editor::handle_read_event()
{
char keybuf[16];
ssize_t nread = 0;
if (!m_incomplete_data.size())
nread = read(0, keybuf, sizeof(keybuf));
Reported by FlawFinder.
Line: 1795
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
Result<Vector<size_t, 2>, Editor::Error> Editor::vt_dsr()
{
char buf[16];
// Read whatever junk there is before talking to the terminal
// and insert them later when we're reading user input.
bool more_junk_to_read { false };
timeval timeout { 0, 0 };
Reported by FlawFinder.
Line: 798
Column: 17
CWE codes:
120
20
ssize_t nread = 0;
if (!m_incomplete_data.size())
nread = read(0, keybuf, sizeof(keybuf));
if (nread < 0) {
if (errno == EINTR) {
if (!m_was_interrupted) {
if (m_was_resized)
Reported by FlawFinder.
Line: 1809
Column: 26
CWE codes:
120
20
more_junk_to_read = false;
[[maybe_unused]] auto rc = select(1, &readfds, nullptr, nullptr, &timeout);
if (FD_ISSET(0, &readfds)) {
auto nread = read(0, buf, 16);
if (nread < 0) {
m_input_error = Error::ReadFailure;
finish();
break;
}
Reported by FlawFinder.
Userland/DevTools/Profiler/Profile.h
10 issues
Line: 83
CWE codes:
562
}
auto new_child = ProfileNode::create(m_process, move(object_name), move(symbol), address, offset, timestamp, pid);
add_child(new_child);
return new_child;
};
ProfileNode* parent() { return m_parent; }
const ProfileNode* parent() const { return m_parent; }
Reported by Cppcheck.
Line: 83
CWE codes:
562
}
auto new_child = ProfileNode::create(m_process, move(object_name), move(symbol), address, offset, timestamp, pid);
add_child(new_child);
return new_child;
};
ProfileNode* parent() { return m_parent; }
const ProfileNode* parent() const { return m_parent; }
Reported by Cppcheck.
Line: 83
CWE codes:
562
}
auto new_child = ProfileNode::create(m_process, move(object_name), move(symbol), address, offset, timestamp, pid);
add_child(new_child);
return new_child;
};
ProfileNode* parent() { return m_parent; }
const ProfileNode* parent() const { return m_parent; }
Reported by Cppcheck.
Line: 83
CWE codes:
562
}
auto new_child = ProfileNode::create(m_process, move(object_name), move(symbol), address, offset, timestamp, pid);
add_child(new_child);
return new_child;
};
ProfileNode* parent() { return m_parent; }
const ProfileNode* parent() const { return m_parent; }
Reported by Cppcheck.
Line: 83
CWE codes:
562
}
auto new_child = ProfileNode::create(m_process, move(object_name), move(symbol), address, offset, timestamp, pid);
add_child(new_child);
return new_child;
};
ProfileNode* parent() { return m_parent; }
const ProfileNode* parent() const { return m_parent; }
Reported by Cppcheck.
Line: 83
CWE codes:
562
}
auto new_child = ProfileNode::create(m_process, move(object_name), move(symbol), address, offset, timestamp, pid);
add_child(new_child);
return new_child;
};
ProfileNode* parent() { return m_parent; }
const ProfileNode* parent() const { return m_parent; }
Reported by Cppcheck.
Line: 83
CWE codes:
562
}
auto new_child = ProfileNode::create(m_process, move(object_name), move(symbol), address, offset, timestamp, pid);
add_child(new_child);
return new_child;
};
ProfileNode* parent() { return m_parent; }
const ProfileNode* parent() const { return m_parent; }
Reported by Cppcheck.
Line: 83
CWE codes:
562
}
auto new_child = ProfileNode::create(m_process, move(object_name), move(symbol), address, offset, timestamp, pid);
add_child(new_child);
return new_child;
};
ProfileNode* parent() { return m_parent; }
const ProfileNode* parent() const { return m_parent; }
Reported by Cppcheck.
Line: 83
CWE codes:
562
}
auto new_child = ProfileNode::create(m_process, move(object_name), move(symbol), address, offset, timestamp, pid);
add_child(new_child);
return new_child;
};
ProfileNode* parent() { return m_parent; }
const ProfileNode* parent() const { return m_parent; }
Reported by Cppcheck.
Line: 83
CWE codes:
562
}
auto new_child = ProfileNode::create(m_process, move(object_name), move(symbol), address, offset, timestamp, pid);
add_child(new_child);
return new_child;
};
ProfileNode* parent() { return m_parent; }
const ProfileNode* parent() const { return m_parent; }
Reported by Cppcheck.
Kernel/Net/LocalSocket.cpp
10 issues
Line: 434
Column: 22
CWE codes:
362
Suggestion:
Use fchmod( ) instead
}
}
KResult LocalSocket::chmod(FileDescription&, mode_t mode)
{
if (m_file)
return m_file->chmod(mode);
m_prebind_mode = mode & 0777;
Reported by FlawFinder.
Line: 437
Column: 24
CWE codes:
362
Suggestion:
Use fchmod( ) instead
KResult LocalSocket::chmod(FileDescription&, mode_t mode)
{
if (m_file)
return m_file->chmod(mode);
m_prebind_mode = mode & 0777;
return KSuccess;
}
Reported by FlawFinder.
Line: 443
Column: 22
CWE codes:
362
Suggestion:
Use fchown( ) instead
return KSuccess;
}
KResult LocalSocket::chown(FileDescription&, uid_t uid, gid_t gid)
{
if (m_file)
return m_file->chown(uid, gid);
auto& current_process = Process::current();
Reported by FlawFinder.
Line: 446
Column: 24
CWE codes:
362
Suggestion:
Use fchown( ) instead
KResult LocalSocket::chown(FileDescription&, uid_t uid, gid_t gid)
{
if (m_file)
return m_file->chown(uid, gid);
auto& current_process = Process::current();
if (!current_process.is_superuser() && (current_process.euid() != uid || !current_process.in_group(gid)))
return set_so_error(EPERM);
Reported by FlawFinder.
Line: 62
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return description1_result.error();
socket->m_address.sun_family = AF_LOCAL;
memcpy(socket->m_address.sun_path, "[socketpair]", 13);
auto& process = Process::current();
socket->m_acceptor = { process.pid().value(), process.uid(), process.gid() };
socket->set_connected(true);
Reported by FlawFinder.
Line: 112
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void LocalSocket::get_local_address(sockaddr* address, socklen_t* address_size)
{
size_t bytes_to_copy = min(static_cast<size_t>(*address_size), sizeof(sockaddr_un));
memcpy(address, &m_address, bytes_to_copy);
*address_size = sizeof(sockaddr_un);
}
void LocalSocket::get_peer_address(sockaddr* address, socklen_t* address_size)
{
Reported by FlawFinder.
Line: 140
Column: 44
CWE codes:
362
mode_t mode = S_IFSOCK | (m_prebind_mode & 0777);
UidAndGid owner { m_prebind_uid, m_prebind_gid };
auto result = VirtualFileSystem::the().open(path, O_CREAT | O_EXCL | O_NOFOLLOW_NOERROR, mode, Process::current().current_directory(), owner);
if (result.is_error()) {
if (result.error() == EEXIST)
return set_so_error(EADDRINUSE);
return result.error();
}
Reported by FlawFinder.
Line: 175
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return set_so_error(EISCONN);
const auto& local_address = *reinterpret_cast<const sockaddr_un*>(user_address);
char safe_address[sizeof(local_address.sun_path) + 1] = { 0 };
if (!copy_from_user(&safe_address[0], &local_address.sun_path[0], sizeof(safe_address) - 1))
return set_so_error(EFAULT);
safe_address[sizeof(safe_address) - 1] = '\0';
dbgln_if(LOCAL_SOCKET_DEBUG, "LocalSocket({}) connect({})", this, safe_address);
Reported by FlawFinder.
Line: 182
Column: 58
CWE codes:
362
dbgln_if(LOCAL_SOCKET_DEBUG, "LocalSocket({}) connect({})", this, safe_address);
auto description_or_error = VirtualFileSystem::the().open(safe_address, O_RDWR, 0, Process::current().current_directory());
if (description_or_error.is_error())
return set_so_error(ECONNREFUSED);
m_file = move(description_or_error.value());
Reported by FlawFinder.
Line: 352
Column: 42
CWE codes:
120
20
if (!has_attached_peer(description) && socket_buffer->is_empty())
return 0;
VERIFY(!socket_buffer->is_empty());
auto nread_or_error = socket_buffer->read(buffer, buffer_size);
if (!nread_or_error.is_error() && nread_or_error.value() > 0)
Thread::current()->did_unix_socket_read(nread_or_error.value());
return nread_or_error;
}
Reported by FlawFinder.