The following issues were found

Userland/Demos/Mandelbrot/Mandelbrot.cpp
1 issues
fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 362 Column: 17 CWE codes: 362 

                  m_set.resize(Gfx::IntSize { 1920, 1080 });
    auto png = Gfx::PNGWriter::encode(m_set.bitmap());
    m_set.resize(size());
    auto file = fopen(export_path.characters(), "wb");
    if (!file) {
        GUI::MessageBox::show(window(), String::formatted("Could not open '{}' for writing.", export_path), "Mandelbrot", GUI::MessageBox::Type::Error);
        return;
    }
    fwrite(png.data(), 1, png.size(), file);

Reported by FlawFinder.

Userland/Utilities/dmesg.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 26 Column: 16 CWE codes: 362 

                  unveil(nullptr, nullptr);

    auto file = Core::File::construct("/proc/dmesg");
    if (!file->open(Core::OpenMode::ReadOnly)) {
        warnln("Failed to open {}: {}", file->name(), file->error_string());
        return 1;
    }
    auto buffer = file->read_all();
    out("{}", String::copy(buffer));

Reported by FlawFinder.

Userland/Utilities/du.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 107 Column: 30 CWE codes: 362 

                      du_option.excluded_patterns.append(pattern);
    if (exclude_from) {
        auto file = Core::File::construct(exclude_from);
        bool success = file->open(Core::OpenMode::ReadOnly);
        VERIFY(success);
        const auto buff = file->read_all();
        if (!buff.is_empty()) {
            String patterns = String::copy(buff, Chomp);
            du_option.excluded_patterns.extend(patterns.split('\n'));

Reported by FlawFinder.

Userland/Utilities/env.cpp
1 issues
execvp - This causes a new program to execute and is difficult to use safely
Security

Line: 72 Column: 5 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

                  const char* executable = new_argv[0];
    char* const* new_argv_ptr = const_cast<char* const*>(&new_argv[0]);

    execvp(executable, new_argv_ptr);
    perror("execvp");
    return 1;
}

Reported by FlawFinder.

AK/Format.cpp
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 798 Column: 12 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  }
#    else
    static TriState got_process_name = TriState::Unknown;
    static char process_name_buffer[256];

    if (got_process_name == TriState::Unknown) {
        if (get_process_name(process_name_buffer, sizeof(process_name_buffer)) == 0)
            got_process_name = TriState::True;
        else

Reported by FlawFinder.

Userland/DevTools/HackStudio/Debugger/DebugInfoWidget.h
1 issues
There is an unknown macro here somewhere. Configuration is required. If C_OBJECT is a macro then please configure it.
Error

Line: 25 

              namespace HackStudio {

class DebugInfoWidget final : public GUI::Widget {
    C_OBJECT(DebugInfoWidget)
public:
    virtual ~DebugInfoWidget() override { }

    void update_state(const Debug::DebugSession&, const PtraceRegisters&);
    void program_stopped();

Reported by Cppcheck.

Userland/DevTools/HackStudio/Debugger/DisassemblyWidget.h
1 issues
There is an unknown macro here somewhere. Configuration is required. If C_OBJECT is a macro then please configure it.
Error

Line: 20 

              namespace HackStudio {

class UnavailableDisassemblyWidget final : public GUI::Frame {
    C_OBJECT(UnavailableDisassemblyWidget)
public:
    virtual ~UnavailableDisassemblyWidget() override { }

    const String& reason() const { return m_reason; }
    void set_reason(const String& text) { m_reason = text; }

Reported by Cppcheck.

AK/Vector.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 781 Column: 35 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  size_t m_size { 0 };
    size_t m_capacity { 0 };

    alignas(StorageType) unsigned char m_inline_buffer_storage[sizeof(StorageType) * inline_capacity];
    StorageType* m_outline_buffer { nullptr };
};

template<class... Args>
Vector(Args... args) -> Vector<CommonType<Args...>>;

Reported by FlawFinder.

Kernel/Devices/FullDevice.cpp
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 33 Column: 31 CWE codes: 120 20 

                  return true;
}

KResultOr<size_t> FullDevice::read(FileDescription&, u64, UserOrKernelBuffer& buffer, size_t size)
{
    if (!buffer.memset(0, size))
        return EFAULT;
    return size;
}

Reported by FlawFinder.

Userland/Applications/Spreadsheet/Readers/Test/TestXSV.cpp
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 92 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  buf[buf.size() - 1] = '\0';

    for (size_t row = 0; row <= num_rows; ++row) {
        memcpy(buf.offset_pointer(row * line.length()), line.characters_without_null_termination(), line.length());
    }

    auto csv = Reader::CSV { (char const*)buf.data(), Reader::default_behaviours() | Reader::ParserBehaviour::ReadHeaders };
    csv.parse();

Reported by FlawFinder.