Fixed defects

List of Defects

Error: GCC_ANALYZER_WARNING (CWE-476): [#def1]
bluez-5.73-build/bluez-5.73/emulator/bthost.c: scope_hint: In function ‘l2cap_conn_req’
bluez-5.73-build/bluez-5.73/emulator/bthost.c:1763:38: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘bthost_add_l2cap_conn(bthost,  conn, (int)rsp.dcid, (int)rsp.scid, (int)psm)’
bluez-5.73-build/bluez-5.73/emulator/bthost.c:38:34: note: in definition of macro ‘acl_handle’
bluez-5.73-build/bluez-5.73/emulator/bthost.c: scope_hint: In function ‘l2cap_conn_req’
bluez-5.73-build/bluez-5.73/emulator/bthost.c: scope_hint: In function ‘l2cap_conn_req’
# 1761|   						&conf_req, sizeof(conf_req));
# 1762|   
# 1763|-> 		if (cb_data && l2conn->psm == cb_data->psm && cb_data->func)
# 1764|   			cb_data->func(conn->handle, l2conn->dcid,
# 1765|   							cb_data->user_data);

Error: COMPILER_WARNING: [#def2]
bluez-5.73-build/bluez-5.73/mesh/rpl.c: scope_hint: In function ‘rpl_put_entry’
bluez-5.73-build/bluez-5.73/mesh/rpl.c:54:41: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 4080 bytes into a region of size between 16 and 4096
#   54 |         snprintf(src_file, PATH_MAX, "%s%s/%8.8x", node_path, rpl_dir,
#      |                                         ^~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 10 and 8170 bytes into a destination of size 4096
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#   52|   		return false;
#   53|   
#   54|-> 	snprintf(src_file, PATH_MAX, "%s%s/%8.8x", node_path, rpl_dir,
#   55|   								iv_index);
#   56|   	dir = opendir(src_file);

Error: COMPILER_WARNING: [#def3]
bluez-5.73-build/bluez-5.73/mesh/rpl.c: scope_hint: In function ‘rpl_del_entry’
bluez-5.73-build/bluez-5.73/mesh/rpl.c:104:41: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 4080 bytes into a region of size between 16 and 4096
#  104 |         snprintf(rpl_path, PATH_MAX, "%s%s", node_path, rpl_dir);
#      |                                         ^~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 1 and 8161 bytes into a destination of size 4096
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  102|   		return;
#  103|   
#  104|-> 	snprintf(rpl_path, PATH_MAX, "%s%s", node_path, rpl_dir);
#  105|   	dir = opendir(rpl_path);
#  106|   

Error: COMPILER_WARNING: [#def4]
bluez-5.73-build/bluez-5.73/mesh/rpl.c: scope_hint: In function ‘rpl_update’
bluez-5.73-build/bluez-5.73/mesh/rpl.c:257:37: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 4080 bytes into a region of size between 16 and 4096
#  257 |         snprintf(path, PATH_MAX, "%s%s", node_path, rpl_dir);
#      |                                     ^~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 1 and 8161 bytes into a destination of size 4096
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  255|   
#  256|   	/* Make sure path exists */
#  257|-> 	snprintf(path, PATH_MAX, "%s%s", node_path, rpl_dir);
#  258|   	if (mkdir(path, 0755) != 0 && errno != EEXIST)
#  259|   		l_error("Failed to create dir(%d): %s", errno, path);

Error: COMPILER_WARNING: [#def5]
bluez-5.73-build/bluez-5.73/mesh/rpl.c: scope_hint: In function ‘rpl_init’
bluez-5.73-build/bluez-5.73/mesh/rpl.c:295:37: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 4080 bytes into a region of size between 16 and 4096
#  295 |         snprintf(path, PATH_MAX, "%s%s", node_path, rpl_dir);
#      |                                     ^~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 1 and 8161 bytes into a destination of size 4096
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  293|   		return false;
#  294|   
#  295|-> 	snprintf(path, PATH_MAX, "%s%s", node_path, rpl_dir);
#  296|   	if (mkdir(path, 0755) != 0 && errno != EEXIST)
#  297|   		l_error("Failed to create dir(%d): %s", errno, path);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def6]
bluez-5.73-build/bluez-5.73/profiles/audio/bap.c: scope_hint: In function ‘setup_create_bcast_io’
bluez-5.73-build/bluez-5.73/profiles/audio/bap.c:2076:38: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘setup’
# 2074|   				sizeof(struct bt_iso_io_qos));
# 2075|   
# 2076|-> 	if (bt_bap_pac_get_type(setup->ep->lpac) == BT_BAP_BCAST_SOURCE)
# 2077|   		setup_connect_io_broadcast(data, setup, stream, &iso_qos,
# 2078|   			defer);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def7]
bluez-5.73-build/bluez-5.73/src/adv_monitor.c:976:48: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘calloc(56, 1)’
/usr/include/glib-2.0/glib/gstring.h:37: included_from: Included from here.
/usr/include/glib-2.0/glib/giochannel.h:36: included_from: Included from here.
/usr/include/glib-2.0/glib.h:56: included_from: Included from here.
bluez-5.73-build/bluez-5.73/src/adv_monitor.c:20: included_from: Included from here.
/usr/include/glib-2.0/glib/gstrfuncs.h:180:30: note: in definition of macro ‘g_str_has_prefix’
bluez-5.73-build/bluez-5.73/src/adv_monitor.c:695:19: note: in expansion of macro ‘new0’
bluez-5.73-build/bluez-5.73/src/adv_monitor.c:975:35: note: in expansion of macro ‘malloc0’
#  974|   
#  975|   	monitor->merged_pattern = malloc0(sizeof(*monitor->merged_pattern));
#  976|-> 	monitor->merged_pattern->current_state = MERGED_PATTERN_STATE_STABLE;
#  977|   	monitor->merged_pattern->next_state = MERGED_PATTERN_STATE_STABLE;
#  978|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
bluez-5.73-build/bluez-5.73/src/shared/bap.c: scope_hint: In function 'iov_append'
bluez-5.73-build/bluez-5.73/src/shared/bap.c:332:16: warning[-Wanalyzer-malloc-leak]: leak of '*iov.iov_base'
#  330|   {
#  331|   	iov->iov_base = realloc(iov->iov_base, iov->iov_len + len);
#  332|-> 	return util_iov_push_mem(iov, len, d);
#  333|   }
#  334|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def9]
bluez-5.73-build/bluez-5.73/src/shared/gatt-client.c: scope_hint: In function 'bt_gatt_client_write_value'
bluez-5.73-build/bluez-5.73/src/shared/gatt-client.c:3151:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'value'
bluez-5.73-build/bluez-5.73/src/shared/gatt-client.c:19: included_from: Included from here.
bluez-5.73-build/bluez-5.73/src/shared/gatt-client.c:3755:57: note: in expansion of macro 'UINT_TO_PTR'
bluez-5.73-build/bluez-5.73/src/shared/gatt-client.c:24: included_from: Included from here.
bluez-5.73-build/bluez-5.73/src/shared/gatt-client.c: scope_hint: In function 'bt_gatt_client_write_value'
bluez-5.73-build/bluez-5.73/src/shared/gatt-client.c:3135:14: note: in expansion of macro 'new0'
bluez-5.73-build/bluez-5.73/src/shared/gatt-client.c:145:15: note: in expansion of macro 'new0'
# 3149|   
# 3150|   	put_le16(value_handle, pdu);
# 3151|-> 	memcpy(pdu + 2, value, length);
# 3152|   
# 3153|   	req->att_id = bt_att_send(client->att, BT_ATT_OP_WRITE_REQ,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def10]
bluez-5.73-build/bluez-5.73/tools/iso-tester.c: scope_hint: In function ‘create_iso_sock’
bluez-5.73-build/bluez-5.73/tools/iso-tester.c:1665:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sk’
# 1663|   		tester_warn("Can't create socket: %s (%d)", strerror(errno),
# 1664|   									errno);
# 1665|-> 		return err;
# 1666|   	}
# 1667|   

Error: CPPCHECK_WARNING (CWE-909): [#def11]
bluez-5.73-build/bluez-5.73/tools/mesh-cfgclient.c:2041: error[uninitStructMember]: Uninitialized struct member: result.last_seen
# 2039|   						l_queue_length(devices) + 1);
# 2040|   		dev = l_malloc(sizeof(struct unprov_device));
# 2041|-> 		*dev = result;
# 2042|   
# 2043|   	} else if (dev->rssi < result.rssi)

Error: CPPCHECK_WARNING (CWE-909): [#def12]
bluez-5.73-build/bluez-5.73/tools/mesh-cfgclient.c:2044: error[uninitStructMember]: Uninitialized struct member: result.last_seen
# 2042|   
# 2043|   	} else if (dev->rssi < result.rssi)
# 2044|-> 		*dev = result;
# 2045|   
# 2046|   	dev->last_seen = time(NULL);

Error: CLANG_WARNING: [#def13]
bluez-5.73-build/bluez-5.73/tools/test-runner.c:945:2: warning[core.CallAndMessage]: 2nd function call argument is an uninitialized value
#  943|   	envp[pos] = NULL;
#  944|   
#  945|-> 	printf("Running command %s\n", cmdname ? cmdname : argv[0]);
#  946|   
#  947|   	pid = fork();

Scan Properties

analyzer-version-clang18.1.7
analyzer-version-cppcheck2.14.2
analyzer-version-gcc14.1.1
analyzer-version-gcc-analyzer14.1.1
analyzer-version-shellcheck0.10.0
diffbase-analyzer-version-clang18.1.7
diffbase-analyzer-version-cppcheck2.14.2
diffbase-analyzer-version-gcc14.1.1
diffbase-analyzer-version-gcc-analyzer14.1.1
diffbase-analyzer-version-shellcheck0.10.0
diffbase-enabled-pluginsclang, cppcheck, gcc, shellcheck
diffbase-exit-code0
diffbase-hostip-172-16-1-127.us-west-2.compute.internal
diffbase-mock-configfedora-41-x86_64
diffbase-project-namebluez-5.76-1.fc41
diffbase-store-results-to/tmp/tmpvlkjexjs/bluez-5.76-1.fc41.tar.xz
diffbase-time-created2024-07-03 12:11:05
diffbase-time-finished2024-07-03 12:16:46
diffbase-toolcsmock
diffbase-tool-args'/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmpvlkjexjs/bluez-5.76-1.fc41.tar.xz' '--gcc-analyze' '/tmp/tmpvlkjexjs/bluez-5.76-1.fc41.src.rpm'
diffbase-tool-versioncsmock-3.5.3-1.el9
enabled-pluginsclang, cppcheck, gcc, shellcheck
exit-code0
hostip-172-16-1-127.us-west-2.compute.internal
mock-configfedora-41-x86_64
project-namebluez-5.73-3.fc40
store-results-to/tmp/tmpfn2no8qn/bluez-5.73-3.fc40.tar.xz
time-created2024-07-03 12:04:33
time-finished2024-07-03 12:10:40
titleFixed defects
toolcsmock
tool-args'/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmpfn2no8qn/bluez-5.73-3.fc40.tar.xz' '--gcc-analyze' '/tmp/tmpfn2no8qn/bluez-5.73-3.fc40.src.rpm'
tool-versioncsmock-3.5.3-1.el9