The following issues were found
Userland/Libraries/LibC/syslog.cpp
2 issues
Line: 103
Column: 6
CWE codes:
134
Suggestion:
Use a constant format string for syslog
va_end(ap);
}
void syslog(int priority, const char* message, ...)
{
va_list ap;
va_start(ap, message);
vsyslog_r(priority, &global_log_data, message, ap);
va_end(ap);
Reported by FlawFinder.
Line: 34
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// Used when ident is null, since syslog traditionally prints the program's
// own name; the process name will always be the same unless we exec.
static char program_name_buffer[256];
static bool program_name_set = false;
// Convenience function for initialization and checking what string to use
// for the program name.
static const char* get_syslog_ident(struct syslog_data* data)
Reported by FlawFinder.
Userland/Libraries/LibC/sys/mman.cpp
2 issues
Line: 18
Column: 112
CWE codes:
126
void* serenity_mmap(void* addr, size_t size, int prot, int flags, int fd, off_t offset, size_t alignment, const char* name)
{
Syscall::SC_mmap_params params { (uintptr_t)addr, size, alignment, prot, flags, fd, offset, { name, name ? strlen(name) : 0 } };
ptrdiff_t rc = syscall(SC_mmap, ¶ms);
if (rc < 0 && rc > -EMAXERRNO) {
errno = -rc;
return MAP_FAILED;
}
Reported by FlawFinder.
Line: 66
Column: 67
CWE codes:
126
errno = EFAULT;
return -1;
}
Syscall::SC_set_mmap_name_params params { addr, size, { name, strlen(name) } };
int rc = syscall(SC_set_mmap_name, ¶ms);
__RETURN_WITH_ERRNO(rc, rc, -1);
}
int madvise(void* address, size_t size, int advice)
Reported by FlawFinder.
Userland/Libraries/LibC/sys/stat.h
2 issues
Line: 17
Column: 5
CWE codes:
362
Suggestion:
Use fchmod( ) instead
__BEGIN_DECLS
mode_t umask(mode_t);
int chmod(const char* pathname, mode_t);
int fchmod(int fd, mode_t);
int mkdir(const char* pathname, mode_t);
int mkfifo(const char* pathname, mode_t);
int fstat(int fd, struct stat* statbuf);
int lstat(const char* path, struct stat* statbuf);
Reported by FlawFinder.
Line: 16
Column: 8
CWE codes:
732
__BEGIN_DECLS
mode_t umask(mode_t);
int chmod(const char* pathname, mode_t);
int fchmod(int fd, mode_t);
int mkdir(const char* pathname, mode_t);
int mkfifo(const char* pathname, mode_t);
int fstat(int fd, struct stat* statbuf);
Reported by FlawFinder.
Kernel/Storage/Partition/DiskPartition.cpp
2 issues
Line: 40
Column: 34
CWE codes:
120
20
request.block_index() + m_metadata.start_block(), request.block_count(), request.buffer(), request.buffer_size()));
}
KResultOr<size_t> DiskPartition::read(FileDescription& fd, u64 offset, UserOrKernelBuffer& outbuf, size_t len)
{
unsigned adjust = m_metadata.start_block() * block_size();
dbgln_if(OFFD_DEBUG, "DiskPartition::read offset={}, adjust={}, len={}", fd.offset(), adjust, len);
return m_device->read(fd, offset + adjust, outbuf, len);
}
Reported by FlawFinder.
Line: 44
Column: 22
CWE codes:
120
20
{
unsigned adjust = m_metadata.start_block() * block_size();
dbgln_if(OFFD_DEBUG, "DiskPartition::read offset={}, adjust={}, len={}", fd.offset(), adjust, len);
return m_device->read(fd, offset + adjust, outbuf, len);
}
bool DiskPartition::can_read(const FileDescription& fd, size_t offset) const
{
unsigned adjust = m_metadata.start_block() * block_size();
Reported by FlawFinder.
Userland/Applications/Piano/KeysWidget.h
2 issues
Line: 16
class TrackManager;
class KeysWidget final : public GUI::Frame {
C_OBJECT(KeysWidget)
public:
virtual ~KeysWidget() override;
int key_code_to_key(int key_code) const;
int mouse_note() const;
Reported by Cppcheck.
Line: 16
class TrackManager;
class KeysWidget final : public GUI::Frame {
C_OBJECT(KeysWidget)
public:
virtual ~KeysWidget() override;
int key_code_to_key(int key_code) const;
int mouse_note() const;
Reported by Cppcheck.
Userland/Applications/Piano/AudioPlayerLoop.h
2 issues
Line: 20
// Wrapper class accepting custom events to advance the track playing and forward audio data to the system.
// This does not run on a separate thread, preventing IPC multithreading madness.
class AudioPlayerLoop : public Core::Object {
C_OBJECT(AudioPlayerLoop)
public:
AudioPlayerLoop(TrackManager& track_manager, bool& need_to_write_wav, Audio::WavWriter& wav_writer);
void enqueue_audio();
Reported by Cppcheck.
Line: 20
// Wrapper class accepting custom events to advance the track playing and forward audio data to the system.
// This does not run on a separate thread, preventing IPC multithreading madness.
class AudioPlayerLoop : public Core::Object {
C_OBJECT(AudioPlayerLoop)
public:
AudioPlayerLoop(TrackManager& track_manager, bool& need_to_write_wav, Audio::WavWriter& wav_writer);
void enqueue_audio();
Reported by Cppcheck.
Userland/Libraries/LibCpp/Tests/parser/strace.cpp
2 issues
Line: 67
Column: 22
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
perror("traceme");
return 1;
}
int rc = execvp(child_argv.first(), const_cast<char**>(child_argv.data()));
if (rc < 0) {
perror("execvp");
exit(1);
}
VERIFY_NOT_REACHED();
Reported by FlawFinder.
Line: 35
Column: 40
CWE codes:
362
parser.parse(argc, argv);
if (output_filename != nullptr) {
auto open_result = Core::File::open(output_filename, Core::OpenMode::WriteOnly);
if (open_result.is_error()) {
outln(stderr, "Failed to open output file: {}", open_result.error());
return 1;
}
trace_file = open_result.value();
Reported by FlawFinder.
Userland/Libraries/LibC/shadow.cpp
2 issues
Line: 33
Column: 20
CWE codes:
362
if (s_stream) {
rewind(s_stream);
} else {
s_stream = fopen("/etc/shadow", "r");
if (!s_stream) {
dbgln("open /etc/shadow failed: {}", strerror(errno));
}
}
}
Reported by FlawFinder.
Line: 164
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return nullptr;
}
char buffer[1024];
++s_line_number;
char* s = fgets(buffer, sizeof(buffer), s_stream);
// Silently tolerate an empty line at the end.
if ((!s || !s[0]) && feof(s_stream))
Reported by FlawFinder.
Kernel/StdLib.h
2 issues
Line: 43
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
[[nodiscard]] bool copy_from_user(void*, const void*, size_t);
[[nodiscard]] bool memset_user(void*, int, size_t);
void* memcpy(void*, const void*, size_t);
[[nodiscard]] int strncmp(const char* s1, const char* s2, size_t n);
[[nodiscard]] char* strstr(const char* haystack, const char* needle);
[[nodiscard]] int strcmp(char const*, const char*);
[[nodiscard]] size_t strlen(const char*);
[[nodiscard]] size_t strnlen(const char*, size_t);
Reported by FlawFinder.
Line: 47
Column: 22
CWE codes:
126
[[nodiscard]] int strncmp(const char* s1, const char* s2, size_t n);
[[nodiscard]] char* strstr(const char* haystack, const char* needle);
[[nodiscard]] int strcmp(char const*, const char*);
[[nodiscard]] size_t strlen(const char*);
[[nodiscard]] size_t strnlen(const char*, size_t);
void* memset(void*, int, size_t);
[[nodiscard]] int memcmp(const void*, const void*, size_t);
void* memmove(void* dest, const void* src, size_t n);
const void* memmem(const void* haystack, size_t, const void* needle, size_t);
Reported by FlawFinder.
Userland/Applications/MouseSettings/MouseSettingsWindow.h
2 issues
Line: 17
#include <LibGUI/Window.h>
class MouseSettingsWindow final : public GUI::Window {
C_OBJECT(MouseSettingsWindow)
public:
virtual ~MouseSettingsWindow() override;
private:
MouseSettingsWindow();
Reported by Cppcheck.
Line: 17
#include <LibGUI/Window.h>
class MouseSettingsWindow final : public GUI::Window {
C_OBJECT(MouseSettingsWindow)
public:
virtual ~MouseSettingsWindow() override;
private:
MouseSettingsWindow();
Reported by Cppcheck.