The following issues were found

Kernel/Bus/VirtIO/VirtIORNG.h
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 24 Column: 31 CWE codes: 120 20 

                  virtual StringView class_name() const override { return m_class_name; }

    virtual bool can_read(const FileDescription&, size_t) const override { return false; }
    virtual KResultOr<size_t> read(FileDescription&, u64, UserOrKernelBuffer&, size_t) override { return 0; }
    virtual bool can_write(const FileDescription&, size_t) const override { return false; }
    virtual KResultOr<size_t> write(FileDescription&, u64, const UserOrKernelBuffer&, size_t) override { return 0; }

    virtual mode_t required_mode() const override { return 0666; }
    virtual String device_name() const override { return "hwrng"; }

Reported by FlawFinder.

Userland/Utilities/modload.cpp
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 19 Column: 32 CWE codes: 126 

                  args_parser.add_positional_argument(path, "Path to the module to load", "path");
    args_parser.parse(argc, argv);

    int rc = module_load(path, strlen(path));
    if (rc < 0) {
        perror("module_load");
        return 1;
    }
    return 0;

Reported by FlawFinder.

Userland/Utilities/modunload.cpp
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 19 Column: 34 CWE codes: 126 

                  args_parser.add_positional_argument(name, "Name of the module to unload", "name");
    args_parser.parse(argc, argv);

    int rc = module_unload(name, strlen(name));
    if (rc < 0) {
        perror("module_unload");
        return 1;
    }
    return 0;

Reported by FlawFinder.

Userland/Libraries/LibGUI/AboutDialog.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 95 Column: 45 CWE codes: 362 

              
String AboutDialog::version_string() const
{
    auto version_config = Core::ConfigFile::open("/res/version.ini");
    auto major_version = version_config->read_entry("Version", "Major", "0");
    auto minor_version = version_config->read_entry("Version", "Minor", "0");

    StringBuilder builder;
    builder.appendff("Version {}.{}", major_version, minor_version);

Reported by FlawFinder.

Kernel/TTY/PTYMultiplexer.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 38 Column: 59 CWE codes: 362 

              {
}

KResultOr<NonnullRefPtr<FileDescription>> PTYMultiplexer::open(int options)
{
    return m_freelist.with_exclusive([&](auto& freelist) -> KResultOr<NonnullRefPtr<FileDescription>> {
        if (freelist.is_empty())
            return EBUSY;

Reported by FlawFinder.

Userland/Libraries/LibGUI/Clipboard.cpp
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 112 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      return;
    }
    if (!data.is_empty())
        memcpy(buffer.data<void>(), data.data(), data.size());

    connection().async_set_clipboard_data(move(buffer), type, metadata);
}

void Clipboard::set_bitmap(Gfx::Bitmap const& bitmap)

Reported by FlawFinder.

Kernel/Bus/VirtIO/VirtIOConsole.h
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 67 Column: 63 CWE codes: 362 

                  void setup_multiport();
    void process_control_message(ControlMessage message);
    void write_control_message(ControlMessage message);
    void send_open_control_message(unsigned port_number, bool open);

    unsigned m_device_id;

    OwnPtr<Memory::RingBuffer> m_control_transmit_buffer;
    OwnPtr<Memory::RingBuffer> m_control_receive_buffer;

Reported by FlawFinder.

Userland/Libraries/LibGUI/ComboBox.h
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 26 Column: 10 CWE codes: 362 

                  String text() const;
    void set_text(const String&);

    void open();
    void close();
    void select_all();

    Model* model();
    const Model* model() const;

Reported by FlawFinder.

Userland/Libraries/LibGUI/CommonLocationsProvider.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 42 Column: 16 CWE codes: 362 

              void CommonLocationsProvider::load_from_json(const String& json_path)
{
    auto file = Core::File::construct(json_path);
    if (!file->open(Core::OpenMode::ReadOnly)) {
        dbgln("Unable to open {}", file->filename());
        return;
    }

    auto json = JsonValue::from_string(file->read_all());

Reported by FlawFinder.

AK/String.cpp
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 90 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      return empty();
    char* buffer;
    auto impl = StringImpl::create_uninitialized(length(), buffer);
    memcpy(buffer, m_impl->characters(), m_impl->length());
    return String(move(*impl));
}

String String::substring(size_t start, size_t length) const
{

Reported by FlawFinder.