The following issues were found
Userland/Libraries/LibCrypto/ASN1/DER.cpp
9 issues
Line: 294
Column: 38
CWE codes:
120
20
builder.appendff("[{}] {}", type_name(tag.value().type), kind_name(tag.value().kind));
switch (tag.value().kind) {
case Kind::Eol: {
auto value = decoder.read<ReadonlyBytes>();
if (value.is_error()) {
dbgln("EOL PrettyPrint error: {}", value.error());
return;
}
break;
Reported by FlawFinder.
Line: 302
Column: 38
CWE codes:
120
20
break;
}
case Kind::Boolean: {
auto value = decoder.read<bool>();
if (value.is_error()) {
dbgln("Bool PrettyPrint error: {}", value.error());
return;
}
builder.appendff(" {}", value.value());
Reported by FlawFinder.
Line: 311
Column: 38
CWE codes:
120
20
break;
}
case Kind::Integer: {
auto value = decoder.read<ReadonlyBytes>();
if (value.is_error()) {
dbgln("Integer PrettyPrint error: {}", value.error());
return;
}
builder.append(" 0x");
Reported by FlawFinder.
Line: 322
Column: 38
CWE codes:
120
20
break;
}
case Kind::BitString: {
auto value = decoder.read<const BitmapView>();
if (value.is_error()) {
dbgln("BitString PrettyPrint error: {}", value.error());
return;
}
builder.append(" 0b");
Reported by FlawFinder.
Line: 333
Column: 38
CWE codes:
120
20
break;
}
case Kind::OctetString: {
auto value = decoder.read<StringView>();
if (value.is_error()) {
dbgln("OctetString PrettyPrint error: {}", value.error());
return;
}
builder.append(" 0x");
Reported by FlawFinder.
Line: 344
Column: 38
CWE codes:
120
20
break;
}
case Kind::Null: {
auto value = decoder.read<decltype(nullptr)>();
if (value.is_error()) {
dbgln("Bool PrettyPrint error: {}", value.error());
return;
}
break;
Reported by FlawFinder.
Line: 352
Column: 38
CWE codes:
120
20
break;
}
case Kind::ObjectIdentifier: {
auto value = decoder.read<Vector<int>>();
if (value.is_error()) {
dbgln("Identifier PrettyPrint error: {}", value.error());
return;
}
for (auto& id : value.value())
Reported by FlawFinder.
Line: 365
Column: 38
CWE codes:
120
20
case Kind::GeneralizedTime:
case Kind::IA5String:
case Kind::PrintableString: {
auto value = decoder.read<StringView>();
if (value.is_error()) {
dbgln("String PrettyPrint error: {}", value.error());
return;
}
builder.append(' ');
Reported by FlawFinder.
Line: 375
Column: 38
CWE codes:
120
20
break;
}
case Kind::Utf8String: {
auto value = decoder.read<Utf8View>();
if (value.is_error()) {
dbgln("UTF8 PrettyPrint error: {}", value.error());
return;
}
builder.append(' ');
Reported by FlawFinder.
Userland/Libraries/LibCore/FileStream.h
9 issues
Line: 23
Column: 45
CWE codes:
362
{
}
static Result<InputFileStream, OSError> open(StringView filename, OpenMode mode = OpenMode::ReadOnly, mode_t permissions = 0644)
{
VERIFY(has_flag(mode, OpenMode::ReadOnly));
auto file_result = File::open(filename, mode, permissions);
Reported by FlawFinder.
Line: 27
Column: 34
CWE codes:
362
{
VERIFY(has_flag(mode, OpenMode::ReadOnly));
auto file_result = File::open(filename, mode, permissions);
if (file_result.is_error())
return file_result.error();
return InputFileStream { file_result.value() };
Reported by FlawFinder.
Line: 39
Column: 34
CWE codes:
362
{
VERIFY(has_flag(mode, OpenMode::ReadOnly));
auto file_result = File::open(filename, mode, permissions);
if (file_result.is_error())
return file_result.error();
return Buffered<InputFileStream> { file_result.value() };
Reported by FlawFinder.
Line: 92
Column: 46
CWE codes:
362
{
}
static Result<OutputFileStream, OSError> open(StringView filename, OpenMode mode = OpenMode::WriteOnly, mode_t permissions = 0644)
{
VERIFY(has_flag(mode, OpenMode::WriteOnly));
auto file_result = File::open(filename, mode, permissions);
Reported by FlawFinder.
Line: 96
Column: 34
CWE codes:
362
{
VERIFY(has_flag(mode, OpenMode::WriteOnly));
auto file_result = File::open(filename, mode, permissions);
if (file_result.is_error())
return file_result.error();
return OutputFileStream { file_result.value() };
Reported by FlawFinder.
Line: 108
Column: 34
CWE codes:
362
{
VERIFY(has_flag(mode, OpenMode::WriteOnly));
auto file_result = File::open(filename, mode, permissions);
if (file_result.is_error())
return file_result.error();
return Buffered<OutputFileStream> { file_result.value() };
Reported by FlawFinder.
Line: 47
Column: 12
CWE codes:
120
20
return Buffered<InputFileStream> { file_result.value() };
}
size_t read(Bytes bytes) override
{
if (has_any_error())
return 0;
const auto buffer = m_file->read(bytes.size());
Reported by FlawFinder.
Line: 52
Column: 37
CWE codes:
120
20
if (has_any_error())
return 0;
const auto buffer = m_file->read(bytes.size());
return buffer.bytes().copy_to(bytes);
}
bool read_or_error(Bytes bytes) override
{
Reported by FlawFinder.
Userland/Utilities/disk_benchmark.cpp
8 issues
Line: 57
Column: 19
CWE codes:
120
20
Suggestion:
Check implementation on installation, or limit the size of all string inputs
bool allow_cache = false;
int opt;
while ((opt = getopt(argc, argv, "chd:t:f:b:")) != -1) {
switch (opt) {
case 'h':
exit_with_usage(0);
break;
case 'c':
Reported by FlawFinder.
Line: 69
Column: 34
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
directory = optarg;
break;
case 't':
time_per_benchmark = atoi(optarg);
break;
case 'f':
for (const auto& size : String(optarg).split(','))
file_sizes.append(atoi(size.characters()));
break;
Reported by FlawFinder.
Line: 73
Column: 35
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
break;
case 'f':
for (const auto& size : String(optarg).split(','))
file_sizes.append(atoi(size.characters()));
break;
case 'b':
for (const auto& size : String(optarg).split(','))
block_sizes.append(atoi(size.characters()));
break;
Reported by FlawFinder.
Line: 77
Column: 36
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
break;
case 'b':
for (const auto& size : String(optarg).split(','))
block_sizes.append(atoi(size.characters()));
break;
}
}
if (file_sizes.size() == 0) {
Reported by FlawFinder.
Line: 129
Column: 14
CWE codes:
362
if (!allow_cache)
flags |= O_DIRECT;
int fd = open(filename.characters(), flags, 0644);
if (fd == -1) {
perror("open");
exit(1);
}
Reported by FlawFinder.
Line: 89
Column: 5
CWE codes:
732
block_sizes = { 8192, 32768, 65536 };
}
umask(0644);
auto filename = String::formatted("{}/disk_benchmark.tmp", directory);
for (auto file_size : file_sizes) {
for (auto block_size : block_sizes) {
Reported by FlawFinder.
Line: 111
Column: 17
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
if (!result.has_value())
return 1;
results.append(result.release_value());
usleep(100);
}
auto average = average_result(results);
outln("Finished: runs={} time={}ms write_bps={} read_bps={}", results.size(), timer.elapsed(), average.write_bps, average.read_bps);
sleep(1);
Reported by FlawFinder.
Line: 167
Column: 22
CWE codes:
120
20
timer.start();
ssize_t total_read = 0;
while (total_read < file_size) {
auto nread = read(fd, buffer.data(), block_size);
if (nread < 0) {
perror("read");
return {};
}
total_read += nread;
Reported by FlawFinder.
Userland/Utilities/nc.cpp
8 issues
Line: 64
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
socket->connect(target, port);
for (;;) {
char buf[1024];
int nread = read(STDIN_FILENO, buf, sizeof(buf));
if (nread < 0) {
perror("read");
return 1;
}
Reported by FlawFinder.
Line: 106
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return 1;
}
char addr_str[INET_ADDRSTRLEN];
sockaddr_in sin;
socklen_t len;
len = sizeof(sin);
Reported by FlawFinder.
Line: 164
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
dst_addr.sin_addr.s_addr = *(const in_addr_t*)hostent->h_addr_list[0];
if (verbose) {
char addr_str[INET_ADDRSTRLEN];
warnln("connecting to {}:{}", inet_ntop(dst_addr.sin_family, &dst_addr.sin_addr, addr_str, sizeof(addr_str) - 1), ntohs(dst_addr.sin_port));
}
if (connect(fd, (struct sockaddr*)&dst_addr, sizeof(dst_addr)) < 0) {
perror("connect");
return 1;
Reported by FlawFinder.
Line: 208
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (!stdin_closed && FD_ISSET(STDIN_FILENO, &readfds)) {
char buf[1024];
int nread = read(STDIN_FILENO, buf, sizeof(buf));
if (nread < 0) {
perror("read(STDIN_FILENO)");
return 1;
}
Reported by FlawFinder.
Line: 231
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (!fd_closed && FD_ISSET(fd, &readfds)) {
char buf[1024];
int nread = read(fd, buf, sizeof(buf));
if (nread < 0) {
perror("read(fd)");
return 1;
}
Reported by FlawFinder.
Line: 209
Column: 25
CWE codes:
120
20
if (!stdin_closed && FD_ISSET(STDIN_FILENO, &readfds)) {
char buf[1024];
int nread = read(STDIN_FILENO, buf, sizeof(buf));
if (nread < 0) {
perror("read(STDIN_FILENO)");
return 1;
}
Reported by FlawFinder.
Kernel/API/Syscall.h
8 issues
Line: 56
Column: 7
CWE codes:
362
Suggestion:
Use fchmod( ) instead
S(beep, NeedsBigProcessLock::No) \
S(bind, NeedsBigProcessLock::Yes) \
S(chdir, NeedsBigProcessLock::Yes) \
S(chmod, NeedsBigProcessLock::Yes) \
S(chown, NeedsBigProcessLock::Yes) \
S(clock_gettime, NeedsBigProcessLock::No) \
S(clock_nanosleep, NeedsBigProcessLock::No) \
S(clock_settime, NeedsBigProcessLock::Yes) \
S(close, NeedsBigProcessLock::Yes) \
Reported by FlawFinder.
Line: 57
Column: 7
CWE codes:
362
Suggestion:
Use fchown( ) instead
S(bind, NeedsBigProcessLock::Yes) \
S(chdir, NeedsBigProcessLock::Yes) \
S(chmod, NeedsBigProcessLock::Yes) \
S(chown, NeedsBigProcessLock::Yes) \
S(clock_gettime, NeedsBigProcessLock::No) \
S(clock_nanosleep, NeedsBigProcessLock::No) \
S(clock_settime, NeedsBigProcessLock::Yes) \
S(close, NeedsBigProcessLock::Yes) \
S(connect, NeedsBigProcessLock::Yes) \
Reported by FlawFinder.
Line: 145
Column: 7
CWE codes:
362
20
Suggestion:
Reconsider approach
S(ptsname, NeedsBigProcessLock::Yes) \
S(purge, NeedsBigProcessLock::Yes) \
S(read, NeedsBigProcessLock::Yes) \
S(readlink, NeedsBigProcessLock::Yes) \
S(readv, NeedsBigProcessLock::Yes) \
S(realpath, NeedsBigProcessLock::Yes) \
S(reboot, NeedsBigProcessLock::Yes) \
S(recvfd, NeedsBigProcessLock::Yes) \
S(recvmsg, NeedsBigProcessLock::Yes) \
Reported by FlawFinder.
Line: 48
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
//
#define ENUMERATE_SYSCALLS(S) \
S(accept4, NeedsBigProcessLock::Yes) \
S(access, NeedsBigProcessLock::Yes) \
S(adjtime, NeedsBigProcessLock::Yes) \
S(alarm, NeedsBigProcessLock::Yes) \
S(allocate_tls, NeedsBigProcessLock::Yes) \
S(anon_create, NeedsBigProcessLock::Yes) \
S(beep, NeedsBigProcessLock::No) \
Reported by FlawFinder.
Line: 147
Column: 7
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
S(read, NeedsBigProcessLock::Yes) \
S(readlink, NeedsBigProcessLock::Yes) \
S(readv, NeedsBigProcessLock::Yes) \
S(realpath, NeedsBigProcessLock::Yes) \
S(reboot, NeedsBigProcessLock::Yes) \
S(recvfd, NeedsBigProcessLock::Yes) \
S(recvmsg, NeedsBigProcessLock::Yes) \
S(rename, NeedsBigProcessLock::Yes) \
S(rmdir, NeedsBigProcessLock::Yes) \
Reported by FlawFinder.
Line: 131
Column: 7
CWE codes:
362
S(mremap, NeedsBigProcessLock::Yes) \
S(msyscall, NeedsBigProcessLock::Yes) \
S(munmap, NeedsBigProcessLock::Yes) \
S(open, NeedsBigProcessLock::Yes) \
S(perf_event, NeedsBigProcessLock::Yes) \
S(perf_register_string, NeedsBigProcessLock::Yes) \
S(pipe, NeedsBigProcessLock::Yes) \
S(pledge, NeedsBigProcessLock::Yes) \
S(poll, NeedsBigProcessLock::Yes) \
Reported by FlawFinder.
Line: 144
Column: 7
CWE codes:
120
20
S(ptrace, NeedsBigProcessLock::Yes) \
S(ptsname, NeedsBigProcessLock::Yes) \
S(purge, NeedsBigProcessLock::Yes) \
S(read, NeedsBigProcessLock::Yes) \
S(readlink, NeedsBigProcessLock::Yes) \
S(readv, NeedsBigProcessLock::Yes) \
S(realpath, NeedsBigProcessLock::Yes) \
S(reboot, NeedsBigProcessLock::Yes) \
S(recvfd, NeedsBigProcessLock::Yes) \
Reported by FlawFinder.
Line: 189
Column: 7
CWE codes:
732
S(sysconf, NeedsBigProcessLock::No) \
S(times, NeedsBigProcessLock::Yes) \
S(ttyname, NeedsBigProcessLock::Yes) \
S(umask, NeedsBigProcessLock::Yes) \
S(umount, NeedsBigProcessLock::Yes) \
S(uname, NeedsBigProcessLock::No) \
S(unlink, NeedsBigProcessLock::Yes) \
S(unveil, NeedsBigProcessLock::Yes) \
S(utime, NeedsBigProcessLock::Yes) \
Reported by FlawFinder.
Kernel/RTC.cpp
8 issues
Line: 62
Column: 20
CWE codes:
120
20
u8 status_b = CMOS::read(0x0b);
second = CMOS::read(0x00);
minute = CMOS::read(0x02);
hour = CMOS::read(0x04);
day = CMOS::read(0x07);
month = CMOS::read(0x08);
year = CMOS::read(0x09);
Reported by FlawFinder.
Line: 63
Column: 20
CWE codes:
120
20
u8 status_b = CMOS::read(0x0b);
second = CMOS::read(0x00);
minute = CMOS::read(0x02);
hour = CMOS::read(0x04);
day = CMOS::read(0x07);
month = CMOS::read(0x08);
year = CMOS::read(0x09);
Reported by FlawFinder.
Line: 64
Column: 18
CWE codes:
120
20
second = CMOS::read(0x00);
minute = CMOS::read(0x02);
hour = CMOS::read(0x04);
day = CMOS::read(0x07);
month = CMOS::read(0x08);
year = CMOS::read(0x09);
bool is_pm = hour & 0x80;
Reported by FlawFinder.
Line: 65
Column: 17
CWE codes:
120
20
second = CMOS::read(0x00);
minute = CMOS::read(0x02);
hour = CMOS::read(0x04);
day = CMOS::read(0x07);
month = CMOS::read(0x08);
year = CMOS::read(0x09);
bool is_pm = hour & 0x80;
Reported by FlawFinder.
Line: 66
Column: 19
CWE codes:
120
20
minute = CMOS::read(0x02);
hour = CMOS::read(0x04);
day = CMOS::read(0x07);
month = CMOS::read(0x08);
year = CMOS::read(0x09);
bool is_pm = hour & 0x80;
if (!(status_b & 0x04)) {
Reported by FlawFinder.
Line: 67
Column: 18
CWE codes:
120
20
hour = CMOS::read(0x04);
day = CMOS::read(0x07);
month = CMOS::read(0x08);
year = CMOS::read(0x09);
bool is_pm = hour & 0x80;
if (!(status_b & 0x04)) {
second = bcd_to_binary(second);
Reported by FlawFinder.
Userland/Utilities/test-bindtodevice.cpp
8 issues
Line: 46
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void test_invalid(int fd)
{
// bind to an interface that does not exist
char buf[IFNAMSIZ];
socklen_t buflen = IFNAMSIZ;
memcpy(buf, "foodev", 7);
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, buf, buflen) < 0) {
perror("setsockopt(SO_BINDTODEVICE) :: invalid (Should fail with ENODEV)");
Reported by FlawFinder.
Line: 48
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// bind to an interface that does not exist
char buf[IFNAMSIZ];
socklen_t buflen = IFNAMSIZ;
memcpy(buf, "foodev", 7);
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, buf, buflen) < 0) {
perror("setsockopt(SO_BINDTODEVICE) :: invalid (Should fail with ENODEV)");
puts("PASS invalid");
} else {
Reported by FlawFinder.
Line: 61
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void test_valid(int fd)
{
// bind to an interface that exists
char buf[IFNAMSIZ];
socklen_t buflen = IFNAMSIZ;
memcpy(buf, "loop", 5);
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, buf, buflen) < 0) {
perror("setsockopt(SO_BINDTODEVICE) :: valid");
Reported by FlawFinder.
Line: 63
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// bind to an interface that exists
char buf[IFNAMSIZ];
socklen_t buflen = IFNAMSIZ;
memcpy(buf, "loop", 5);
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, buf, buflen) < 0) {
perror("setsockopt(SO_BINDTODEVICE) :: valid");
puts("FAIL valid");
} else {
Reported by FlawFinder.
Line: 76
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void test_no_route(int fd)
{
// bind to an interface that cannot deliver
char buf[IFNAMSIZ];
socklen_t buflen = IFNAMSIZ;
memcpy(buf, "loop", 5);
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, buf, buflen) < 0) {
perror("setsockopt(SO_BINDTODEVICE) :: no_route");
Reported by FlawFinder.
Line: 78
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// bind to an interface that cannot deliver
char buf[IFNAMSIZ];
socklen_t buflen = IFNAMSIZ;
memcpy(buf, "loop", 5);
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, buf, buflen) < 0) {
perror("setsockopt(SO_BINDTODEVICE) :: no_route");
puts("FAIL no_route");
return;
Reported by FlawFinder.
Line: 108
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void test_send(int fd)
{
// bind to an interface that cannot deliver
char buf[IFNAMSIZ];
socklen_t buflen = IFNAMSIZ;
// FIXME: Look up the proper device name instead of hard-coding it
memcpy(buf, "ep0s7", 6);
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, buf, buflen) < 0) {
Reported by FlawFinder.
Line: 111
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
char buf[IFNAMSIZ];
socklen_t buflen = IFNAMSIZ;
// FIXME: Look up the proper device name instead of hard-coding it
memcpy(buf, "ep0s7", 6);
if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, buf, buflen) < 0) {
perror("setsockopt(SO_BINDTODEVICE) :: send");
puts("FAIL send");
return;
Reported by FlawFinder.
Kernel/FileSystem/FileDescription.cpp
8 issues
Line: 434
Column: 26
CWE codes:
362
Suggestion:
Use fchmod( ) instead
m_file_flags = flags;
}
KResult FileDescription::chmod(mode_t mode)
{
MutexLocker locker(m_lock);
return m_file->chmod(*this, mode);
}
Reported by FlawFinder.
Line: 437
Column: 20
CWE codes:
362
Suggestion:
Use fchmod( ) instead
KResult FileDescription::chmod(mode_t mode)
{
MutexLocker locker(m_lock);
return m_file->chmod(*this, mode);
}
KResult FileDescription::chown(uid_t uid, gid_t gid)
{
MutexLocker locker(m_lock);
Reported by FlawFinder.
Line: 440
Column: 26
CWE codes:
362
Suggestion:
Use fchown( ) instead
return m_file->chmod(*this, mode);
}
KResult FileDescription::chown(uid_t uid, gid_t gid)
{
MutexLocker locker(m_lock);
return m_file->chown(*this, uid, gid);
}
Reported by FlawFinder.
Line: 443
Column: 20
CWE codes:
362
Suggestion:
Use fchown( ) instead
KResult FileDescription::chown(uid_t uid, gid_t gid)
{
MutexLocker locker(m_lock);
return m_file->chown(*this, uid, gid);
}
FileBlockCondition& FileDescription::block_condition()
{
return m_file->block_condition();
Reported by FlawFinder.
Line: 163
Column: 36
CWE codes:
120
20
return m_current_offset;
}
KResultOr<size_t> FileDescription::read(UserOrKernelBuffer& buffer, u64 offset, size_t count)
{
if (Checked<u64>::addition_would_overflow(offset, count))
return EOVERFLOW;
return m_file->read(*this, offset, buffer, count);
}
Reported by FlawFinder.
Line: 167
Column: 20
CWE codes:
120
20
{
if (Checked<u64>::addition_would_overflow(offset, count))
return EOVERFLOW;
return m_file->read(*this, offset, buffer, count);
}
KResultOr<size_t> FileDescription::write(u64 offset, UserOrKernelBuffer const& data, size_t data_size)
{
if (Checked<u64>::addition_would_overflow(offset, data_size))
Reported by FlawFinder.
Line: 177
Column: 36
CWE codes:
120
20
return m_file->write(*this, offset, data, data_size);
}
KResultOr<size_t> FileDescription::read(UserOrKernelBuffer& buffer, size_t count)
{
MutexLocker locker(m_lock);
if (Checked<off_t>::addition_would_overflow(m_current_offset, count))
return EOVERFLOW;
auto nread_or_error = m_file->read(*this, offset(), buffer, count);
Reported by FlawFinder.
Line: 182
Column: 35
CWE codes:
120
20
MutexLocker locker(m_lock);
if (Checked<off_t>::addition_would_overflow(m_current_offset, count))
return EOVERFLOW;
auto nread_or_error = m_file->read(*this, offset(), buffer, count);
if (!nread_or_error.is_error()) {
if (m_file->is_seekable())
m_current_offset += nread_or_error.value();
evaluate_block_conditions();
}
Reported by FlawFinder.
Userland/Libraries/LibC/scanf.cpp
8 issues
Line: 379
Column: 16
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
size_t count { 0 };
};
extern "C" int vsscanf(const char* input, const char* format, va_list ap)
{
GenericLexer format_lexer { format };
GenericLexer input_lexer { input };
int elements_matched = 0;
Reported by FlawFinder.
Line: 316
CWE codes:
476
if (str.is_empty())
return false;
memcpy(ptr, str.characters_without_null_termination(), str.length());
ptr[str.length()] = 0;
return true;
}
Reported by Cppcheck.
Line: 317
CWE codes:
476
return false;
memcpy(ptr, str.characters_without_null_termination(), str.length());
ptr[str.length()] = 0;
return true;
}
private:
Reported by Cppcheck.
Line: 361
CWE codes:
476
if (endptr != &buf[8])
goto fail;
memcpy(ptr, &value, sizeof(value));
return true;
}
private:
bool should_consume(char c)
Reported by Cppcheck.
Line: 316
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (str.is_empty())
return false;
memcpy(ptr, str.characters_without_null_termination(), str.length());
ptr[str.length()] = 0;
return true;
}
Reported by FlawFinder.
Line: 352
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return false;
}
char buf[9] { 0 };
memcpy(buf, str.characters_without_null_termination(), 8);
buf[8] = 0;
char* endptr = nullptr;
auto value = strtoull(buf, &endptr, 16);
Reported by FlawFinder.
Line: 353
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
char buf[9] { 0 };
memcpy(buf, str.characters_without_null_termination(), 8);
buf[8] = 0;
char* endptr = nullptr;
auto value = strtoull(buf, &endptr, 16);
if (endptr != &buf[8])
Reported by FlawFinder.
Line: 361
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (endptr != &buf[8])
goto fail;
memcpy(ptr, &value, sizeof(value));
return true;
}
private:
bool should_consume(char c)
Reported by FlawFinder.
Tests/LibC/overlong_realpath.cpp
8 issues
Line: 56
Column: 53
CWE codes:
120
20
Suggestion:
Use getcwd instead
// But first, demonstrate the functionality at a reasonable depth:
bool all_good = true;
auto expected_str = expected.build();
all_good &= check_result("getwd", expected_str, getwd(static_cast<char*>(calloc(1, PATH_MAX))));
all_good &= check_result("getcwd", expected_str, getcwd(nullptr, 0));
all_good &= check_result("realpath", expected_str, realpath(".", nullptr));
for (size_t i = 0; i < ITERATION_DEPTH; ++i) {
if (mkdir(PATH_LOREM_250, 0700) < 0) {
Reported by FlawFinder.
Line: 58
Column: 56
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
auto expected_str = expected.build();
all_good &= check_result("getwd", expected_str, getwd(static_cast<char*>(calloc(1, PATH_MAX))));
all_good &= check_result("getcwd", expected_str, getcwd(nullptr, 0));
all_good &= check_result("realpath", expected_str, realpath(".", nullptr));
for (size_t i = 0; i < ITERATION_DEPTH; ++i) {
if (mkdir(PATH_LOREM_250, 0700) < 0) {
perror("mkdir iter");
printf("%sFAILED%s in iteration %zu.\n", TEXT_FAIL, TEXT_RESET, i);
Reported by FlawFinder.
Line: 79
Column: 43
CWE codes:
120
20
Suggestion:
Use getcwd instead
// Evaluate
expected_str = expected.build();
all_good &= check_result("getwd", {}, getwd(static_cast<char*>(calloc(1, PATH_MAX))));
all_good &= check_result("getcwd", expected_str, getcwd(nullptr, 0));
all_good &= check_result("realpath", expected_str, realpath(".", nullptr));
VERIFY(strlen(PATH_LOREM_250) == 250);
VERIFY(strlen(TMPDIR_PATTERN) + ITERATION_DEPTH * (1 + strlen(PATH_LOREM_250)) == expected_str.length());
Reported by FlawFinder.
Line: 81
Column: 56
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
all_good &= check_result("getwd", {}, getwd(static_cast<char*>(calloc(1, PATH_MAX))));
all_good &= check_result("getcwd", expected_str, getcwd(nullptr, 0));
all_good &= check_result("realpath", expected_str, realpath(".", nullptr));
VERIFY(strlen(PATH_LOREM_250) == 250);
VERIFY(strlen(TMPDIR_PATTERN) + ITERATION_DEPTH * (1 + strlen(PATH_LOREM_250)) == expected_str.length());
VERIFY(expected_str.length() > PATH_MAX);
Reported by FlawFinder.
Line: 29
Column: 143
CWE codes:
126
static bool check_result(const char* what, const String& expected, const char* actual)
{
bool good = expected == actual;
printf("%s%s%s: %s = \"%s\" (%zu characters)\n", good ? TEXT_PASS : TEXT_FAIL, good ? "GOOD" : "FAIL", TEXT_RESET, what, actual, actual ? strlen(actual) : 0);
return good;
}
int main()
{
Reported by FlawFinder.
Line: 83
Column: 12
CWE codes:
126
all_good &= check_result("getcwd", expected_str, getcwd(nullptr, 0));
all_good &= check_result("realpath", expected_str, realpath(".", nullptr));
VERIFY(strlen(PATH_LOREM_250) == 250);
VERIFY(strlen(TMPDIR_PATTERN) + ITERATION_DEPTH * (1 + strlen(PATH_LOREM_250)) == expected_str.length());
VERIFY(expected_str.length() > PATH_MAX);
if (all_good) {
printf("Overall: %sPASS%s\n", TEXT_PASS, TEXT_RESET);
Reported by FlawFinder.
Line: 84
Column: 12
CWE codes:
126
all_good &= check_result("realpath", expected_str, realpath(".", nullptr));
VERIFY(strlen(PATH_LOREM_250) == 250);
VERIFY(strlen(TMPDIR_PATTERN) + ITERATION_DEPTH * (1 + strlen(PATH_LOREM_250)) == expected_str.length());
VERIFY(expected_str.length() > PATH_MAX);
if (all_good) {
printf("Overall: %sPASS%s\n", TEXT_PASS, TEXT_RESET);
return 0;
Reported by FlawFinder.
Line: 84
Column: 60
CWE codes:
126
all_good &= check_result("realpath", expected_str, realpath(".", nullptr));
VERIFY(strlen(PATH_LOREM_250) == 250);
VERIFY(strlen(TMPDIR_PATTERN) + ITERATION_DEPTH * (1 + strlen(PATH_LOREM_250)) == expected_str.length());
VERIFY(expected_str.length() > PATH_MAX);
if (all_good) {
printf("Overall: %sPASS%s\n", TEXT_PASS, TEXT_RESET);
return 0;
Reported by FlawFinder.