The following issues were found

Userland/Libraries/LibGfx/SystemTheme.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 143 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              struct SystemTheme {
    RGBA32 color[(int)ColorRole::__Count];
    int metric[(int)MetricRole::__Count];
    char path[(int)PathRole::__Count][256]; // TODO: PATH_MAX?
};

Core::AnonymousBuffer& current_system_theme_buffer();
void set_system_theme(Core::AnonymousBuffer);
Core::AnonymousBuffer load_system_theme(const String& path);

Reported by FlawFinder.

Kernel/Syscalls/debug.cpp
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 35 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                      return 0;

    if (size <= 1024) {
        char buffer[1024];
        if (!copy_from_user(buffer, characters, size))
            return EFAULT;
        dbgputstr(buffer, size);
        return size;
    }

Reported by FlawFinder.

Userland/Libraries/LibHTTP/Job.cpp
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 369 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      auto flattened_buffer = ByteBuffer::create_uninitialized(m_received_size);
        u8* flat_ptr = flattened_buffer.data();
        for (auto& received_buffer : m_received_buffers) {
            memcpy(flat_ptr, received_buffer.data(), received_buffer.size());
            flat_ptr += received_buffer.size();
        }
        m_received_buffers.clear();

        // For the time being, we cannot stream stuff with content-encoding set to _anything_.

Reported by FlawFinder.

Userland/Utilities/pls.cpp
1 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 90 Column: 22 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

                  arguments.append(nullptr);

    Vector<String> environment_strings;
    if (auto* term = getenv("TERM"))
        environment_strings.append(String::formatted("TERM={}", term));

    Vector<char const*> environment;
    for (auto& item : environment_strings)
        environment.append(item.characters());

Reported by FlawFinder.

Userland/Libraries/LibIMAP/Client.cpp
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 68 Column: 31 CWE codes: 120 20 

              {
    if (!m_tls_socket->can_read())
        return;
    auto data = m_tls_socket->read();
    if (!data.has_value())
        return;

    // Once we get server hello we can start sending
    if (m_connect_pending) {

Reported by FlawFinder.

Userland/Libraries/LibImageDecoderClient/Client.cpp
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 34 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      return {};
    }

    memcpy(encoded_buffer.data<void>(), encoded_data.data(), encoded_data.size());
    auto response_or_error = try_decode_image(move(encoded_buffer));

    if (response_or_error.is_error()) {
        dbgln("ImageDecoder died heroically");
        return {};

Reported by FlawFinder.

Userland/Libraries/LibJS/Heap/HeapBlock.cpp
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 24 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              NonnullOwnPtr<HeapBlock> HeapBlock::create_with_cell_size(Heap& heap, size_t cell_size)
{
#ifdef __serenity__
    char name[64];
    snprintf(name, sizeof(name), "LibJS: HeapBlock(%zu)", cell_size);
#else
    char const* name = nullptr;
#endif
    auto* block = static_cast<HeapBlock*>(heap.block_allocator().allocate_block(name));

Reported by FlawFinder.

Userland/Libraries/LibJS/Runtime/ArrayBufferConstructor.cpp
1 issues
syntax error
Error

Line: 67 

              }

// 25.1.4.1 ArrayBuffer.isView ( arg ), https://tc39.es/ecma262/#sec-arraybuffer.isview
JS_DEFINE_NATIVE_FUNCTION(ArrayBufferConstructor::is_view)
{
    auto arg = vm.argument(0);
    if (!arg.is_object())
        return Value(false);
    if (arg.as_object().is_typed_array())

Reported by Cppcheck.

Userland/Libraries/LibJS/Runtime/ArrayBufferPrototype.cpp
1 issues
syntax error
Error

Line: 50 

              }

// 25.1.5.3 ArrayBuffer.prototype.slice ( start, end ), https://tc39.es/ecma262/#sec-arraybuffer.prototype.slice
JS_DEFINE_NATIVE_FUNCTION(ArrayBufferPrototype::slice)
{
    auto array_buffer_object = array_buffer_object_from(vm, global_object);
    if (!array_buffer_object)
        return {};

Reported by Cppcheck.

Userland/Libraries/LibJS/Runtime/ArrayConstructor.cpp
1 issues
syntax error
Error

Line: 96 

              }

// 23.1.2.1 Array.from ( items [ , mapfn [ , thisArg ] ] ), https://tc39.es/ecma262/#sec-array.from
JS_DEFINE_NATIVE_FUNCTION(ArrayConstructor::from)
{
    auto constructor = vm.this_value(global_object);

    FunctionObject* map_fn = nullptr;
    if (!vm.argument(1).is_undefined()) {

Reported by Cppcheck.