The following issues were found
Userland/Utilities/tac.cpp
1 issues
Line: 41
Column: 50
CWE codes:
362
if (path == "-") {
file = Core::File::standard_input();
} else {
auto file_or_error = Core::File::open(path, Core::OpenMode::ReadOnly);
if (file_or_error.is_error()) {
warnln("Failed to open {}: {}", path, strerror(errno));
continue;
}
file = file_or_error.release_value();
Reported by FlawFinder.
Kernel/Graphics/VirtIOGPU/FrameBufferDevice.h
1 issues
Line: 66
Column: 31
CWE codes:
120
20
virtual KResult ioctl(FileDescription&, unsigned request, Userspace<void*> arg) override;
virtual KResultOr<Memory::Region*> mmap(Process&, FileDescription&, Memory::VirtualRange const&, u64 offset, int prot, bool shared) override;
virtual bool can_read(const FileDescription&, size_t) const override { return true; }
virtual KResultOr<size_t> read(FileDescription&, u64, UserOrKernelBuffer&, size_t) override { return EINVAL; }
virtual bool can_write(const FileDescription&, size_t) const override { return true; }
virtual KResultOr<size_t> write(FileDescription&, u64, const UserOrKernelBuffer&, size_t) override { return EINVAL; };
virtual void start_request(AsyncBlockDeviceRequest& request) override { request.complete(AsyncDeviceRequest::Failure); }
virtual mode_t required_mode() const override { return 0666; }
Reported by FlawFinder.
Kernel/Graphics/FramebufferDevice.h
1 issues
Line: 46
Column: 31
CWE codes:
120
20
virtual bool can_read(const FileDescription&, size_t) const override final { return true; }
virtual bool can_write(const FileDescription&, size_t) const override final { return true; }
virtual void start_request(AsyncBlockDeviceRequest& request) override final { request.complete(AsyncDeviceRequest::Failure); }
virtual KResultOr<size_t> read(FileDescription&, u64, UserOrKernelBuffer&, size_t) override { return EINVAL; }
virtual KResultOr<size_t> write(FileDescription&, u64, const UserOrKernelBuffer&, size_t) override { return EINVAL; }
FramebufferDevice(const GraphicsDevice&, size_t, PhysicalAddress, size_t, size_t, size_t);
PhysicalAddress m_framebuffer_address;
Reported by FlawFinder.
Kernel/Graphics/Console/GenericFramebufferConsole.cpp
1 issues
Line: 12
Column: 20
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
namespace Kernel::Graphics {
constexpr unsigned char const font8x8_basic[128][8] = {
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // U+0000 (nul)
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // U+0001
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // U+0002
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // U+0003
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, // U+0004
Reported by FlawFinder.
Kernel/Arch/x86/PageFault.h
1 issues
Line: 49
Column: 12
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
u16 code() const { return m_code; }
Type type() const { return (Type)(m_code & 1); }
Access access() const { return (Access)(m_code & 2); }
bool is_not_present() const { return (m_code & 1) == PageFaultFlags::NotPresent; }
bool is_protection_violation() const { return (m_code & 1) == PageFaultFlags::ProtectionViolation; }
bool is_read() const { return (m_code & 2) == PageFaultFlags::Read; }
bool is_write() const { return (m_code & 2) == PageFaultFlags::Write; }
Reported by FlawFinder.
Userland/Services/LookupServer/MulticastDNS.h
1 issues
Line: 19
namespace LookupServer {
class MulticastDNS : public Core::UDPServer {
C_OBJECT(MulticastDNS)
public:
Vector<DNSAnswer> lookup(const DNSName&, DNSRecordType record_type);
private:
explicit MulticastDNS(Object* parent = nullptr);
Reported by Cppcheck.
Userland/Services/SpiceAgent/ClipboardServerConnection.cpp
1 issues
Line: 66
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
metadata.set("pitch", String::number(bitmap.pitch()));
ReadonlyBytes data { bitmap.scanline(0), bitmap.size_in_bytes() };
auto buffer = Core::AnonymousBuffer::create_with_size(bitmap.size_in_bytes());
memcpy(buffer.data<u8>(), data.data(), data.size());
this->async_set_clipboard_data(buffer, "image/x-serenityos", metadata);
}
Reported by FlawFinder.
Kernel/FileSystem/InodeWatcher.h
1 issues
Line: 50
Column: 31
CWE codes:
120
20
virtual ~InodeWatcher() override;
virtual bool can_read(const FileDescription&, size_t) const override;
virtual KResultOr<size_t> read(FileDescription&, u64, UserOrKernelBuffer&, size_t) override;
// Can't write to an inode watcher.
virtual bool can_write(const FileDescription&, size_t) const override { return true; }
virtual KResultOr<size_t> write(FileDescription&, u64, const UserOrKernelBuffer&, size_t) override { return EIO; }
virtual KResult close() override;
Reported by FlawFinder.
Userland/Services/SpiceAgent/main.cpp
1 issues
Line: 37
Column: 26
CWE codes:
362
return 1;
}
int serial_port_fd = open(SPICE_DEVICE, O_RDWR);
if (serial_port_fd < 0) {
dbgln("Couldn't open spice serial port!");
return 1;
}
Reported by FlawFinder.
Kernel/FileSystem/Inode.cpp
1 issues
Line: 261
Column: 16
CWE codes:
362
Suggestion:
Use fchmod( ) instead
auto metadata = this->metadata();
if (metadata.is_setuid() || metadata.is_setgid()) {
dbgln("Inode::prepare_to_write_data(): Stripping SUID/SGID bits from {}", identifier());
return chmod(metadata.mode & ~(04000 | 02000));
}
return KSuccess;
}
RefPtr<Memory::SharedInodeVMObject> Inode::shared_vmobject() const
Reported by FlawFinder.