Error: GCC_ANALYZER_WARNING (CWE-126): [#def1] bluez-5.76-build/bluez-5.76/emulator/bthost.c: scope_hint: In function ‘queue_command’ bluez-5.76-build/bluez-5.76/emulator/bthost.c:571:52: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read bluez-5.76-build/bluez-5.76/emulator/bthost.c:571:52: note: read of 8 bytes from after the end of ‘iov’ bluez-5.76-build/bluez-5.76/emulator/bthost.c:571:52: note: valid subscripts for ‘iov’ are ‘[0]’ to ‘[2]’ # └──────────────────────────┘ # ^ # 569| # 570| for (i = 0; i < iovlen; i++) { # 571|-> memcpy(cmd->data + cmd->len, iov[i].iov_base, iov[i].iov_len); # 572| cmd->len += iov[i].iov_len; # 573| } Error: GCC_ANALYZER_WARNING (CWE-126): [#def2] bluez-5.76-build/bluez-5.76/emulator/bthost.c:571:69: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read bluez-5.76-build/bluez-5.76/emulator/bthost.c:571:69: note: read of 8 bytes from after the end of ‘iov’ bluez-5.76-build/bluez-5.76/emulator/bthost.c:571:69: note: valid subscripts for ‘iov’ are ‘[0]’ to ‘[2]’ # └──────────────────────────┘ # ^ # 569| # 570| for (i = 0; i < iovlen; i++) { # 571|-> memcpy(cmd->data + cmd->len, iov[i].iov_base, iov[i].iov_len); # 572| cmd->len += iov[i].iov_len; # 573| } Error: CLANG_WARNING: [#def3] bluez-5.76-build/bluez-5.76/profiles/audio/media.c:1046:7: warning[unix.Malloc]: Use of memory after it is freed # 1044| struct pac_select_data *data; # 1045| # 1046|-> if (req->cb != pac_select_cb) { # 1047| l = g_slist_next(l); # 1048| continue; Error: CPPCHECK_WARNING: [#def4] bluez-5.76-build/bluez-5.76/profiles/gap/gas.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches. Error: GCC_ANALYZER_WARNING (CWE-476): [#def5] bluez-5.76-build/bluez-5.76/src/adv_monitor.c:976:48: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘calloc(1, 56)’ /usr/include/glib-2.0/glib/gstring.h:37: included_from: Included from here. /usr/include/glib-2.0/glib/giochannel.h:36: included_from: Included from here. /usr/include/glib-2.0/glib.h:56: included_from: Included from here. bluez-5.76-build/bluez-5.76/src/adv_monitor.c:20: included_from: Included from here. /usr/include/glib-2.0/glib/gstrfuncs.h:180:30: note: in definition of macro ‘g_str_has_prefix’ bluez-5.76-build/bluez-5.76/src/adv_monitor.c:695:19: note: in expansion of macro ‘new0’ bluez-5.76-build/bluez-5.76/src/adv_monitor.c:975:35: note: in expansion of macro ‘malloc0’ # 974| # 975| monitor->merged_pattern = malloc0(sizeof(*monitor->merged_pattern)); # 976|-> monitor->merged_pattern->current_state = MERGED_PATTERN_STATE_STABLE; # 977| monitor->merged_pattern->next_state = MERGED_PATTERN_STATE_STABLE; # 978| Error: GCC_ANALYZER_WARNING (CWE-476): [#def6] bluez-5.76-build/bluez-5.76/src/shared/bap.c: scope_hint: In function 'foreach_ascs_service' bluez-5.76-build/bluez-5.76/src/shared/bap.c:4742:23: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' # 4740| struct bt_ascs *ascs = bap_get_ascs(bap); # 4741| # 4742|-> ascs->service = attr; # 4743| # 4744| gatt_db_service_set_claimed(attr, true); Error: GCC_ANALYZER_WARNING (CWE-465): [#def7] bluez-5.76-build/bluez-5.76/src/shared/bap.c: scope_hint: In function 'bap_bcast_stream_new' bluez-5.76-build/bluez-5.76/src/shared/bap.c:5403:20: warning[-Wanalyzer-deref-before-check]: check of 'lpac' for NULL after already dereferencing it # 5401| # 5402| bt_bap_foreach_pac(bap, BT_BAP_BCAST_SINK, match_pac, &match); # 5403|-> if ((!match.lpac) || (!lpac)) # 5404| return NULL; # 5405| Error: CPPCHECK_WARNING: [#def8] bluez-5.76-build/bluez-5.76/src/shared/uhid.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
| analyzer-version-clang | 18.1.7 |
| analyzer-version-cppcheck | 2.14.2 |
| analyzer-version-gcc | 14.1.1 |
| analyzer-version-gcc-analyzer | 14.1.1 |
| analyzer-version-shellcheck | 0.10.0 |
| diffbase-analyzer-version-clang | 18.1.7 |
| diffbase-analyzer-version-cppcheck | 2.14.2 |
| diffbase-analyzer-version-gcc | 14.1.1 |
| diffbase-analyzer-version-gcc-analyzer | 14.1.1 |
| diffbase-analyzer-version-shellcheck | 0.10.0 |
| diffbase-enabled-plugins | clang, cppcheck, gcc, shellcheck |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-127.us-west-2.compute.internal |
| diffbase-mock-config | fedora-41-x86_64 |
| diffbase-project-name | bluez-5.73-3.fc40 |
| diffbase-store-results-to | /tmp/tmpfn2no8qn/bluez-5.73-3.fc40.tar.xz |
| diffbase-time-created | 2024-07-03 12:04:33 |
| diffbase-time-finished | 2024-07-03 12:10:40 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmpfn2no8qn/bluez-5.73-3.fc40.tar.xz' '--gcc-analyze' '/tmp/tmpfn2no8qn/bluez-5.73-3.fc40.src.rpm' |
| diffbase-tool-version | csmock-3.5.3-1.el9 |
| enabled-plugins | clang, cppcheck, gcc, shellcheck |
| exit-code | 0 |
| host | ip-172-16-1-127.us-west-2.compute.internal |
| mock-config | fedora-41-x86_64 |
| project-name | bluez-5.76-1.fc41 |
| store-results-to | /tmp/tmpvlkjexjs/bluez-5.76-1.fc41.tar.xz |
| time-created | 2024-07-03 12:11:05 |
| time-finished | 2024-07-03 12:16:46 |
| title | Newly introduced defects |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmpvlkjexjs/bluez-5.76-1.fc41.tar.xz' '--gcc-analyze' '/tmp/tmpvlkjexjs/bluez-5.76-1.fc41.src.rpm' |
| tool-version | csmock-3.5.3-1.el9 |