The following issues were found

Kernel/Storage/Partition/GUIDPartitionTable.cpp
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 26 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  u64 last_lba;

    u64 attributes;
    char partition_name[72];
};

struct [[gnu::packed]] GUIDPartitionHeader {
    u32 sig[2];
    u32 revision;

Reported by FlawFinder.

Userland/Libraries/LibPDF/Reader.h
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 52 Column: 7 CWE codes: 120 20 

                  }

    template<typename T = char>
    T read()
    {
        T value = reinterpret_cast<const T*>(m_bytes.offset(m_offset))[0];
        move_by(sizeof(T));
        return value;
    }

Reported by FlawFinder.

Kernel/Bus/USB/USBPipe.cpp
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 81 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
    // TODO: Check transfer for completion and copy data from transfer buffer into data
    if (length > 0)
        memcpy(reinterpret_cast<u8*>(data), transfer->buffer().as_ptr() + sizeof(USBRequestData), length);

    dbgln_if(USB_DEBUG, "Pipe: Control Transfer complete!");
    return transfer_length;
}

Reported by FlawFinder.

Userland/Utilities/printf.cpp
1 issues
atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 129 Column: 16 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

              
        auto result = *arg.argv++;
        --arg.argc;
        return atoi(result);
    }
};

template<typename V>
struct ArgvNextArgument<unsigned, V> {

Reported by FlawFinder.

Kernel/Storage/Partition/DiskPartition.h
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 23 Column: 31 CWE codes: 120 20 

                  virtual void start_request(AsyncBlockDeviceRequest&) override;

    // ^BlockDevice
    virtual KResultOr<size_t> read(FileDescription&, u64, UserOrKernelBuffer&, size_t) override;
    virtual bool can_read(const FileDescription&, size_t) const override;
    virtual KResultOr<size_t> write(FileDescription&, u64, const UserOrKernelBuffer&, size_t) override;
    virtual bool can_write(const FileDescription&, size_t) const override;

    // ^Device

Reported by FlawFinder.

Kernel/Bus/USB/USBHub.cpp
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 103 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  // Wait for the ports to power up. power_on_to_power_good_time is in units of 2 ms and we want in us, so multiply by 2000.
    IO::delay(descriptor.power_on_to_power_good_time * 2000);

    memcpy(&m_hub_descriptor, &descriptor, sizeof(USBHubDescriptor));

    return KSuccess;
}

// USB 2.0 Specification Section 11.24.2.7

Reported by FlawFinder.

Userland/Utilities/readelf.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 470 Column: 18 CWE codes: 362 

                          return -1;
        }

        int fd = open(path, O_RDONLY);
        if (fd < 0) {
            outln("Unable to open file {}", path);
            return 1;
        }

Reported by FlawFinder.

Userland/Libraries/LibRegex/RegexParser.cpp
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 488 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  }

    for (size_t i = 1; i < 10; ++i) {
        char backref_name[2] { '\\', '0' };
        backref_name[1] += i;
        if (try_skip({ backref_name, 2 })) {
            if (!m_capture_group_seen[i - 1])
                return set_error(Error::InvalidNumber);
            match_length_minimum += m_capture_group_minimum_lengths[i - 1];

Reported by FlawFinder.

Kernel/StdLib.cpp
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 271 Column: 22 CWE codes: 126 

                  char hch;

    if ((nch = *needle++) != 0) {
        size_t len = strlen(needle);
        do {
            do {
                if ((hch = *haystack++) == 0)
                    return nullptr;
            } while (hch != nch);

Reported by FlawFinder.

Userland/Libraries/LibSQL/Serialize.h
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 18 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              void deserialize_from(ByteBuffer& buffer, size_t& at_offset, T& t)
{
    auto ptr = buffer.offset_pointer((int)at_offset);
    memcpy(&t, ptr, sizeof(T));
    at_offset += sizeof(T);
}

template<typename T>
void serialize_to(ByteBuffer& buffer, T const& t)

Reported by FlawFinder.