The following issues were found

Userland/Applications/ImageViewer/ViewWidget.h
2 issues
There is an unknown macro here somewhere. Configuration is required. If C_OBJECT is a macro then please configure it.
Error

Line: 18 

              namespace ImageViewer {

class ViewWidget final : public GUI::Frame {
    C_OBJECT(ViewWidget)
public:
    enum Directions {
        First,
        Back,
        Forward,

Reported by Cppcheck.

There is an unknown macro here somewhere. Configuration is required. If C_OBJECT is a macro then please configure it.
Error

Line: 18 

              namespace ImageViewer {

class ViewWidget final : public GUI::Frame {
    C_OBJECT(ViewWidget)
public:
    enum Directions {
        First,
        Back,
        Forward,

Reported by Cppcheck.

Kernel/DoubleBuffer.cpp
2 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 60 Column: 15 CWE codes: 120 20 

                  MutexLocker locker(m_lock);
    size_t bytes_to_write = min(size, m_space_for_writing);
    u8* write_ptr = m_write_buffer->data + m_write_buffer->size;
    if (!data.read(write_ptr, bytes_to_write))
        return EFAULT;
    m_write_buffer->size += bytes_to_write;
    compute_lockfree_metadata();
    if (m_unblock_callback && !m_empty)
        m_unblock_callback();

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 69 Column: 33 CWE codes: 120 20 

                  return bytes_to_write;
}

KResultOr<size_t> DoubleBuffer::read(UserOrKernelBuffer& data, size_t size)
{
    if (!size || m_storage->is_null())
        return 0;
    MutexLocker locker(m_lock);
    if (m_read_buffer_index >= m_read_buffer->size && m_write_buffer->size != 0)

Reported by FlawFinder.

Userland/Libraries/LibC/sys/stat.h
2 issues
chmod - This accepts filename arguments; if an attacker can move those files, a race condition results.
Security

Line: 17 Column: 5 CWE codes: 362
Suggestion: Use fchmod( ) instead 

              __BEGIN_DECLS

mode_t umask(mode_t);
int chmod(const char* pathname, mode_t);
int fchmod(int fd, mode_t);
int mkdir(const char* pathname, mode_t);
int mkfifo(const char* pathname, mode_t);
int fstat(int fd, struct stat* statbuf);
int lstat(const char* path, struct stat* statbuf);

Reported by FlawFinder.

umask - Ensure that umask is given most restrictive possible setting (e.g., 066 or 077)
Security

Line: 16 Column: 8 CWE codes: 732 

              
__BEGIN_DECLS

mode_t umask(mode_t);
int chmod(const char* pathname, mode_t);
int fchmod(int fd, mode_t);
int mkdir(const char* pathname, mode_t);
int mkfifo(const char* pathname, mode_t);
int fstat(int fd, struct stat* statbuf);

Reported by FlawFinder.

Userland/Libraries/LibC/sys/mman.cpp
2 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 18 Column: 112 CWE codes: 126 

              
void* serenity_mmap(void* addr, size_t size, int prot, int flags, int fd, off_t offset, size_t alignment, const char* name)
{
    Syscall::SC_mmap_params params { (uintptr_t)addr, size, alignment, prot, flags, fd, offset, { name, name ? strlen(name) : 0 } };
    ptrdiff_t rc = syscall(SC_mmap, &params);
    if (rc < 0 && rc > -EMAXERRNO) {
        errno = -rc;
        return MAP_FAILED;
    }

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 66 Column: 67 CWE codes: 126 

                      errno = EFAULT;
        return -1;
    }
    Syscall::SC_set_mmap_name_params params { addr, size, { name, strlen(name) } };
    int rc = syscall(SC_set_mmap_name, &params);
    __RETURN_WITH_ERRNO(rc, rc, -1);
}

int madvise(void* address, size_t size, int advice)

Reported by FlawFinder.

Userland/Libraries/LibC/syslog.cpp
2 issues
syslog - If syslog's format strings can be influenced by an attacker, they can be exploited
Security

Line: 103 Column: 6 CWE codes: 134
Suggestion: Use a constant format string for syslog 

                  va_end(ap);
}

void syslog(int priority, const char* message, ...)
{
    va_list ap;
    va_start(ap, message);
    vsyslog_r(priority, &global_log_data, message, ap);
    va_end(ap);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 34 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
// Used when ident is null, since syslog traditionally prints the program's
// own name; the process name will always be the same unless we exec.
static char program_name_buffer[256];
static bool program_name_set = false;

// Convenience function for initialization and checking what string to use
// for the program name.
static const char* get_syslog_ident(struct syslog_data* data)

Reported by FlawFinder.

Userland/Applications/HexEditor/GoToOffsetDialog.cpp
2 issues
Uninitialized variable: offset
Error

Line: 59 CWE codes: 908 

                  } else {
        VERIFY_NOT_REACHED();
    }
    return offset;
}

int GoToOffsetDialog::calculate_new_offset(int input_offset)
{
    int new_offset;

Reported by Cppcheck.

Uninitialized variable: new_offset
Error

Line: 76 CWE codes: 908 

                      VERIFY_NOT_REACHED();
    }

    if (new_offset > m_buffer_size)
        new_offset = m_buffer_size;
    if (new_offset < 0)
        new_offset = 0;

    return new_offset;

Reported by Cppcheck.

Kernel/Net/TCPSocket.cpp
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 248 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      u16 mss = routing_decision.adapter->mtu() - sizeof(IPv4Packet) - sizeof(TCPPacket);
        TCPOptionMSS mss_option { mss };
        VERIFY(packet->buffer->size() >= ipv4_payload_offset + sizeof(TCPPacket) + sizeof(mss_option));
        memcpy(packet->buffer->data() + ipv4_payload_offset + sizeof(TCPPacket), &mss_option, sizeof(mss_option));
    }

    tcp_packet.set_checksum(compute_tcp_checksum(local_address(), peer_address(), tcp_packet, payload_size));

    routing_decision.adapter->send_packet(packet->bytes());

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 233 Column: 30 CWE codes: 120 20 

                      tcp_packet.set_ack_number(m_ack_number);
    }

    if (payload && !payload->read(tcp_packet.payload(), payload_size)) {
        routing_decision.adapter->release_packet_buffer(*packet);
        return set_so_error(EFAULT);
    }

    if (flags & TCPFlags::SYN) {

Reported by FlawFinder.

Userland/Applications/Help/ManualModel.cpp
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 161 Column: 90 CWE codes: 362 

                  }
}

void ManualModel::update_section_node_on_toggle(const GUI::ModelIndex& index, const bool open)
{
    auto* node = static_cast<ManualSectionNode*>(index.internal_data());
    node->set_open(open);
}

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 164 Column: 20 CWE codes: 362 

              void ManualModel::update_section_node_on_toggle(const GUI::ModelIndex& index, const bool open)
{
    auto* node = static_cast<ManualSectionNode*>(index.internal_data());
    node->set_open(open);
}

TriState ManualModel::data_matches(const GUI::ModelIndex& index, const GUI::Variant& term) const
{
    auto view_result = page_view(page_path(index));

Reported by FlawFinder.

Userland/Libraries/LibC/shadow.cpp
2 issues
fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 33 Column: 20 CWE codes: 362 

                  if (s_stream) {
        rewind(s_stream);
    } else {
        s_stream = fopen("/etc/shadow", "r");
        if (!s_stream) {
            dbgln("open /etc/shadow failed: {}", strerror(errno));
        }
    }
}

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 164 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                          return nullptr;
        }

        char buffer[1024];
        ++s_line_number;
        char* s = fgets(buffer, sizeof(buffer), s_stream);

        // Silently tolerate an empty line at the end.
        if ((!s || !s[0]) && feof(s_stream))

Reported by FlawFinder.

Userland/Libraries/LibC/pwd.cpp
2 issues
fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 35 Column: 20 CWE codes: 362 

                  if (s_stream) {
        rewind(s_stream);
    } else {
        s_stream = fopen("/etc/passwd", "r");
        if (!s_stream) {
            perror("open /etc/passwd");
        }
    }
}

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 131 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                          return nullptr;
        }

        char buffer[1024];
        ++s_line_number;
        char* s = fgets(buffer, sizeof(buffer), s_stream);

        // Silently tolerate an empty line at the end.
        if ((!s || !s[0]) && feof(s_stream))

Reported by FlawFinder.