The following issues were found

Userland/Libraries/LibCore/LockFile.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 22 Column: 12 CWE codes: 362 

                  if (!Core::File::ensure_parent_directories(m_filename))
        return;

    m_fd = open(filename, O_RDONLY | O_CREAT | O_CLOEXEC, 0666);
    if (m_fd == -1) {
        m_errno = errno;
        return;
    }

Reported by FlawFinder.

Userland/Libraries/LibCore/ProcessStatisticsReader.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 28 Column: 29 CWE codes: 362 

                      }
    } else {
        proc_all_file = Core::File::construct("/proc/all");
        if (!proc_all_file->open(Core::OpenMode::ReadOnly)) {
            warnln("ProcessStatisticsReader: Failed to open /proc/all: {}", proc_all_file->error_string());
            return {};
        }
    }

Reported by FlawFinder.

Userland/Utilities/uniq.cpp
1 issues
fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 30 Column: 11 CWE codes: 362 

                      return stdout;
    }

    ret = fopen(filepath, perms);
    if (ret == nullptr) {
        perror("fopen");
        exit(1);
    }

Reported by FlawFinder.

Userland/Libraries/LibCore/Socket.h
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 62 Column: 18 CWE codes: 362 

                  virtual bool common_connect(const struct sockaddr*, socklen_t);

private:
    virtual bool open(OpenMode) override { VERIFY_NOT_REACHED(); }
    void ensure_read_notifier();

    Type m_type { Type::Invalid };
    RefPtr<Notifier> m_notifier;
    RefPtr<Notifier> m_read_notifier;

Reported by FlawFinder.

Userland/Libraries/LibCore/StandardPaths.cpp
1 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 19 Column: 26 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

              
String StandardPaths::home_directory()
{
    if (auto* home_env = getenv("HOME"))
        return LexicalPath::canonicalized_path(home_env);

    auto* pwd = getpwuid(getuid());
    String path = pwd ? pwd->pw_dir : "/";
    endpwent();

Reported by FlawFinder.

Tests/Kernel/fuzz-syscalls.cpp
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 130 Column: 9 CWE codes: 126 

                      0,
        1,
        reinterpret_cast<size_t>(some_string),
        strlen(some_string),
        reinterpret_cast<size_t>(fake_sc_params),
        0xc0000000,
        0xc0000000 - PAGE_SIZE,
        0xffffffff,
    };

Reported by FlawFinder.

Userland/Libraries/LibCpp/Tests/parser/local-vars.cpp
1 issues
Uninitialized variable: x
Error

Line: 6 CWE codes: 908 

              {
    int x;
    double y = 2;
    double z = x + y;
    return z;
}

Reported by Cppcheck.

Userland/Utilities/unzip.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 29 Column: 20 CWE codes: 362 

                      return true;
    }
    auto new_file = Core::File::construct(zip_member.name);
    if (!new_file->open(Core::OpenMode::WriteOnly)) {
        warnln("Can't write file {}: {}", zip_member.name, new_file->error_string());
        return false;
    }

    if (!quiet)

Reported by FlawFinder.

AK/UBSanitizer.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 47 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              private:
    u16 m_kind;
    u16 m_info;
    char m_name[1];
};

struct InvalidValueData {
    SourceLocation location;
    const TypeDescriptor& type;

Reported by FlawFinder.

Userland/Libraries/LibCpp/Tests/preprocessor/macro2.cpp
1 issues
AST broken: endless recursion from '{'
Error

Line: 3 

              #define M(x) String {x + "lo"}

M("he" + "l")

Reported by Cppcheck.