dhcpcd-10.0.6-4.fc41
List of Defects
Error: CPPCHECK_WARNING: [#def1]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/compat/crypt/hmac.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def2]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/compat/rb.c:398:19: warning[deadcode.DeadStores]: Value stored to 'grandpa' during its initialization is never read
# 396| {
# 397| struct rb_node * father = RB_FATHER(self);
# 398|-> struct rb_node * grandpa = RB_FATHER(father);
# 399| struct rb_node * uncle;
# 400| unsigned int which;
Error: CLANG_WARNING: [#def3]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/compat/rb.c:477:3: warning[deadcode.DeadStores]: Value stored to 'father' is never read
# 475| KASSERT(RB_FATHER(self) == grandpa);
# 476| self = father;
# 477|-> father = RB_FATHER(self);
# 478| }
# 479| KASSERT(RB_RED_P(self) && RB_RED_P(father));
Error: CLANG_WARNING: [#def4]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/compat/rb.c:886:10: warning[core.NullDereference]: Array access (via field 'rb_nodes') results in a null pointer dereference
# 884| if (RB_RED_P(parent)
# 885| && RB_BLACK_P(brother)
# 886|-> && RB_BLACK_P(brother->rb_left)
# 887| && RB_BLACK_P(brother->rb_right)) {
# 888| KASSERT(RB_RED_P(parent));
Error: CLANG_WARNING: [#def5]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/compat/rb.c:914:8: warning[core.NullDereference]: Array access (via field 'rb_nodes') results in a null pointer dereference
# 912| KASSERT(RB_RED_P(brother->rb_nodes[which]) ||
# 913| RB_RED_P(brother->rb_nodes[other]));
# 914|-> if (RB_BLACK_P(brother->rb_nodes[other])) {
# 915| /*
# 916| * Case 3: our brother is black, our near
Error: CPPCHECK_WARNING: [#def6]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/compat/setproctitle.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def7]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/compat/strtoi.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def8]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/compat/strtou.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def9]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/arp.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def10]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/arp.c:295:24: warning[core.UndefinedBinaryOperatorResult]: The left operand of '>' is a garbage value
# 293| is_probe = ar.ar_op == htons(ARPOP_REQUEST) && IN_IS_ADDR_UNSPECIFIED(&arm.sip) &&
# 294| bpf_flags & BPF_BCAST;
# 295|-> if (is_probe && falen > 0 && (falen != ar.ar_hln ||
# 296| memcmp(&arm.sha, &arm.fsha, ar.ar_hln))) {
# 297| char abuf[HWADDR_LEN * 3];
Error: CLANG_WARNING: [#def11]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/arp.c:557:7: warning[deadcode.DeadStores]: Although the value stored to 'state' is used in the enclosing expression, the value is never actually read from 'state'
# 555| struct arp_state *astate;
# 556|
# 557|-> if ((state = ARP_STATE(ifp)) == NULL) {
# 558| ifp->if_data[IF_DATA_ARP] = malloc(sizeof(*state));
# 559| state = ARP_STATE(ifp);
Error: CLANG_WARNING: [#def12]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/arp.c:657:3: warning[unix.Malloc]: Use of memory after it is freed
# 655| while ((state = ARP_STATE(ifp)) != NULL &&
# 656| (astate = TAILQ_FIRST(&state->arp_states)) != NULL)
# 657|-> arp_free(astate);
# 658| }
Error: CPPCHECK_WARNING: [#def13]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/auth.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def14]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/bpf.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: COMPILER_WARNING: [#def15]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/bpf.c: scope_hint: In function ‘bpf_bootp’
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/bpf.c:709:2: warning[-Wcpp]: #warning A compromised PF_PACKET socket can be used as a raw socket
# 709 | #warning A compromised PF_PACKET socket can be used as a raw socket
# | ^~~~~~~
# 707| #warning No BIOCSETWF support - a compromised BPF can be used as a raw socket
# 708| #else
# 709|-> #warning A compromised PF_PACKET socket can be used as a raw socket
# 710| #endif
# 711| #endif
Error: CPPCHECK_WARNING: [#def16]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/control.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def17]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/control.c:221:3: warning[unix.Malloc]: Use of memory after it is freed
# 219| }
# 220| if (events & ELE_HANGUP)
# 221|-> control_hangup(fd);
# 222| }
# 223|
Error: CLANG_WARNING: [#def18]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/control.c:503:3: warning[unix.Malloc]: Use of memory after it is freed
# 501|
# 502| while ((l = TAILQ_FIRST(&ctx->control_fds)) != NULL) {
# 503|-> control_free(l);
# 504| }
# 505|
Error: CPPCHECK_WARNING (CWE-457): [#def19]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/control.c:577: warning[uninitvar]: Uninitialized variable: buffer
# 575| len += l;
# 576| }
# 577|-> return write(ctx->control_fd, buffer, len);
# 578| }
# 579|
Error: GCC_ANALYZER_WARNING (CWE-688): [#def20]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/control.c: scope_hint: In function ‘control_queue’
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/control.c:624:9: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
dhcpcd-10.0.6-build/dhcpcd-10.0.6/config.h:28: included_from: Included from here.
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/control.c:42: included_from: Included from here.
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 622| d->data_size = data_len;
# 623| }
# 624|-> memcpy(d->data, data, data_len);
# 625| d->data_len = data_len;
# 626| d->data_flags = fd->flags & FD_SENDLEN;
Error: CPPCHECK_WARNING: [#def21]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/dev.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def22]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/dhcp-common.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def23]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/dhcp.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def24]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/dhcp.c:188:7: warning[deadcode.DeadStores]: Although the value stored to 'o' is used in the enclosing expression, the value is never actually read from 'o'
# 186| p = bootp->vend + 4; /* options after the 4 byte cookie */
# 187| e = (const uint8_t *)bootp + bootp_len;
# 188|-> ol = o = overl = 0;
# 189| bp = NULL;
# 190| op = NULL;
Error: CPPCHECK_WARNING: [#def25]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/dhcp6.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def26]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/dhcpcd.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-775): [#def27]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/dhcpcd.c: scope_hint: In function ‘dup_null’
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/dhcpcd.c:1881:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘err’
# 1879| if ((err = dup2(fd_null, fd)) == -1)
# 1880| logwarn("dup2 %d", fd);
# 1881|-> close(fd_null);
# 1882| return err;
# 1883| }
Error: CLANG_WARNING: [#def28]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/dhcpcd.c:2373:10: warning[deadcode.DeadStores]: Although the value stored to 'pid' is used in the enclosing expression, the value is never actually read from 'pid'
# 2371| goto exit_failure;
# 2372| }
# 2373|-> switch (pid = fork()) {
# 2374| case -1:
# 2375| logerr("fork");
Error: CLANG_WARNING: [#def29]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/dhcpcd.c:2395:11: warning[deadcode.DeadStores]: Although the value stored to 'pid' is used in the enclosing expression, the value is never actually read from 'pid'
# 2393| }
# 2394| /* Ensure we can never get a controlling terminal */
# 2395|-> switch (pid = fork()) {
# 2396| case -1:
# 2397| logerr("fork");
Error: CPPCHECK_WARNING: [#def30]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/duid.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def31]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/eloop.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def32]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/if-linux.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: COMPILER_WARNING: [#def33]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/if-linux.c:1186:17: warning[-Wstringop-overflow=]: writing 16 bytes into a region of size 0
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/if-linux.c: scope_hint: In function ‘if_address’
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/if-linux.c:1489:25: note: at offset 20 into destination object ‘hdr’ of size 16
# 1184| rta->rta_len = len;
# 1185| if (alen)
# 1186|-> memcpy(RTA_DATA(rta), data, alen);
# 1187| n->nlmsg_len = NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(len);
# 1188|
Error: CPPCHECK_WARNING: [#def34]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/if-options.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-476): [#def35]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/if-options.c: scope_hint: In function ‘parse_option’
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/if-options.c:1713:29: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘edop’
# 1711| case O_EMBED:
# 1712| if (dop == NULL) {
# 1713|-> if (*edop) {
# 1714| dop = &(*edop)->embopts;
# 1715| dop_len = &(*edop)->embopts_len;
Error: CPPCHECK_WARNING: [#def36]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/if.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def37]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/ipv4.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-415): [#def38]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/ipv4.c: scope_hint: In function ‘ipv4_free’
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/ipv4.c:999:17: warning[-Wanalyzer-double-free]: double-‘free’ of ‘ia’
dhcpcd-10.0.6-build/dhcpcd-10.0.6/config.h:28: included_from: Included from here.
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/ipv4.c:47: included_from: Included from here.
# 997| while ((ia = TAILQ_FIRST(&state->addrs))) {
# 998| TAILQ_REMOVE(&state->addrs, ia, next);
# 999|-> free(ia);
# 1000| }
# 1001| free(state);
Error: CPPCHECK_WARNING: [#def39]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/ipv4ll.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def40]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/ipv6.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def41]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/ipv6.c:555:28: warning[core.BitwiseShift]: Right shift overflows the capacity of 'uint64_t'
# 553| user_high = 0;
# 554| else
# 555|-> user_high = user_number >> (result_len - prefix_len);
# 556| user_low = user_number << (128 - result_len);
# 557| } else if (result_len == 64) {
Error: CPPCHECK_WARNING: [#def42]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/ipv6nd.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def43]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/ipv6nd.c:681:7: warning[unix.Malloc]: Use of memory after it is freed
# 679|
# 680| TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) {
# 681|-> if (rap->iface == ifp)
# 682| break;
# 683| }
Error: CLANG_WARNING: [#def44]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/ipv6nd.c:1686:6: warning[deadcode.DeadStores]: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
# 1684|
# 1685| clock_gettime(CLOCK_MONOTONIC, &now);
# 1686|-> i = n = 0;
# 1687| TAILQ_FOREACH(rap, ifp->ctx->ra_routers, next) {
# 1688| if (rap->iface != ifp || rap->expired)
Error: CPPCHECK_WARNING: [#def45]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/logerr.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def46]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/privsep-bpf.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def47]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/privsep-control.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def48]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/privsep-inet.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def49]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/privsep-root.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING (CWE-590): [#def50]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/privsep-root.c:634: error[autovarInvalidDeallocation]: Deallocation of an auto-variable (mtime) results in undefined behaviour.
# 632| err = ps_root_writeerror(ctx, err, rlen != 0 ? rdata : 0, rlen);
# 633| if (free_rdata)
# 634|-> free(rdata);
# 635| return err;
# 636| }
Error: CPPCHECK_WARNING: [#def51]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/privsep.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def52]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/privsep.c:829:4: warning[unix.Malloc]: Use of memory after it is freed
# 827| while ((psp = TAILQ_FIRST(&ctx->ps_processes)) != NULL) {
# 828| if (stop && psp != ppsp)
# 829|-> ps_stopprocess(psp);
# 830| ps_freeprocess(psp);
# 831| }
Error: CLANG_WARNING: [#def53]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/privsep.c:830:3: warning[unix.Malloc]: Use of memory after it is freed
# 828| if (stop && psp != ppsp)
# 829| ps_stopprocess(psp);
# 830|-> ps_freeprocess(psp);
# 831| }
# 832| }
Error: GCC_ANALYZER_WARNING (CWE-121): [#def54]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/privsep.c: scope_hint: In function ‘ps_sendpsmmsg’
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/privsep.c:926:40: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/privsep.c:926:40: note: write of 8 bytes to beyond the end of ‘iov’
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/privsep.c:926:40: note: valid subscripts for ‘iov’ are ‘[0]’ to ‘[6]’
# 924| }
# 925| iovp++;
# 926|-> iovp->iov_base = msg->msg_iov[i].iov_base;
# 927| iovp->iov_len = msg->msg_iov[i].iov_len;
# 928| }
Error: GCC_ANALYZER_WARNING (CWE-121): [#def55]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/privsep.c:927:39: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/privsep.c:927:39: note: write of 8 bytes to beyond the end of ‘iov’
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/privsep.c:927:39: note: valid subscripts for ‘iov’ are ‘[0]’ to ‘[6]’
# 925| iovp++;
# 926| iovp->iov_base = msg->msg_iov[i].iov_base;
# 927|-> iovp->iov_len = msg->msg_iov[i].iov_len;
# 928| }
# 929| iovlen += i;
Error: CPPCHECK_WARNING: [#def56]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/sa.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def57]
dhcpcd-10.0.6-build/dhcpcd-10.0.6/src/script.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Scan Properties
| analyzer-version-clang | 18.1.7 |
| analyzer-version-cppcheck | 2.14.2 |
| analyzer-version-gcc | 14.1.1 |
| analyzer-version-gcc-analyzer | 14.1.1 |
| analyzer-version-shellcheck | 0.10.0 |
| enabled-plugins | clang, cppcheck, gcc, shellcheck |
| exit-code | 0 |
| host | ip-172-16-1-180.us-west-2.compute.internal |
| mock-config | fedora-41-x86_64 |
| project-name | dhcpcd-10.0.6-4.fc41 |
| store-results-to | /tmp/tmp6o3hek73/dhcpcd-10.0.6-4.fc41.tar.xz |
| time-created | 2024-07-03 12:21:47 |
| time-finished | 2024-07-03 12:23:20 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmp6o3hek73/dhcpcd-10.0.6-4.fc41.tar.xz' '--gcc-analyze' '/tmp/tmp6o3hek73/dhcpcd-10.0.6-4.fc41.src.rpm' |
| tool-version | csmock-3.5.3-1.el9 |