Newly introduced defects

List of Defects

Error: GCC_ANALYZER_WARNING (CWE-688): [#def1]
dotconf-1.4.1-build/dotconf-1.4.1/src/dotconf.c: scope_hint: In function 'dotconf_get_here_document'
dotconf-1.4.1-build/dotconf-1.4.1/src/dotconf.c:357:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'here_doc' where non-null expected
dotconf-1.4.1-build/dotconf-1.4.1/src/dotconf.c:67: included_from: Included from here.
dotconf-1.4.1-build/dotconf-1.4.1/src/dotconf.h:45:44: note: in definition of macro 'DOTCONF_CB'
<built-in>: note: argument 1 of '__builtin_memset' must be non-null
#  355|   	 */
#  356|   	here_doc = malloc(configfile->size);	/* allocate buffer memory */
#  357|-> 	memset(here_doc, 0, configfile->size);
#  358|   
#  359|   	here_string = 1;

Error: COMPILER_WARNING (CWE-681): [#def2]
dotconf-1.4.1-build/dotconf-1.4.1/src/dotconf.c: scope_hint: In function 'dotconf_set_command'
dotconf-1.4.1-build/dotconf-1.4.1/src/dotconf.c:513:42: warning[-Wpointer-sign]: pointer targets in passing argument 1 of 'strlen' differ in signedness
#  513 |         signed char *eob = args + strlen(args);
#      |                                          ^~~~
#      |                                          |
#      |                                          signed char *
dotconf-1.4.1-build/dotconf-1.4.1/src/dotconf.c:26: included_from: Included from here.
/usr/include/string.h:407:35: note: expected 'const char *' but argument is of type 'signed char *'
#  407 | extern size_t strlen (const char *__s)
#      |                       ~~~~~~~~~~~~^~~
#  511|   			 command_t * cmd)
#  512|   {
#  513|-> 	signed char *eob = args + strlen(args);
#  514|   
#  515|   	/* fill in the command_t structure with values we already know */

Error: COMPILER_WARNING (CWE-681): [#def3]
dotconf-1.4.1-build/dotconf-1.4.1/src/dotconf.c:526:40: warning[-Wpointer-sign]: pointer targets in passing argument 1 of 'strdup' differ in signedness
#  526 |                 cmd->data.str = strdup(args);
#      |                                        ^~~~
#      |                                        |
#      |                                        signed char *
/usr/include/string.h:187:34: note: expected 'const char *' but argument is of type 'signed char *'
#  187 | extern char *strdup (const char *__s)
#      |                      ~~~~~~~~~~~~^~~
#  524|   		/* if it is an ARG_RAW type, save some time and call the
#  525|   		   callback now */
#  526|-> 		cmd->data.str = strdup(args);
#  527|   	} else if (option->type == ARG_STR) {
#  528|   		signed char *cp = args;

Error: COMPILER_WARNING (CWE-681): [#def4]
dotconf-1.4.1-build/dotconf-1.4.1/src/dotconf.c:533:36: warning[-Wpointer-sign]: pointer targets in passing argument 2 of 'strncmp' differ in signedness
#  533 |                 if (!strncmp("<<", cp, 2)) {
#      |                                    ^~
#      |                                    |
#      |                                    signed char *
/usr/include/string.h:159:51: note: expected 'const char *' but argument is of type 'signed char *'
#  159 | extern int strncmp (const char *__s1, const char *__s2, size_t __n)
#      |                                       ~~~~~~~~~~~~^~~~
#  531|   		skip_whitespace(&cp, eob - cp, 0);
#  532|   
#  533|-> 		if (!strncmp("<<", cp, 2)) {
#  534|   			cmd->data.str =
#  535|   			    dotconf_get_here_document(configfile, cp + 2);

Error: COMPILER_WARNING (CWE-681): [#def5]
dotconf-1.4.1-build/dotconf-1.4.1/src/dotconf.c:535:70: warning[-Wpointer-sign]: pointer targets in passing argument 2 of 'dotconf_get_here_document' differ in signedness
#  535 |                             dotconf_get_here_document(configfile, cp + 2);
#      |                                                                   ~~~^~~
#      |                                                                      |
#      |                                                                      signed char *
dotconf-1.4.1-build/dotconf-1.4.1/src/dotconf.c:331:72: note: expected 'const char *' but argument is of type 'signed char *'
#  331 | char *dotconf_get_here_document(configfile_t * configfile, const char *delimit)
#      |                                                            ~~~~~~~~~~~~^~~~~~~
#  533|   		if (!strncmp("<<", cp, 2)) {
#  534|   			cmd->data.str =
#  535|-> 			    dotconf_get_here_document(configfile, cp + 2);
#  536|   			cmd->arg_count = 1;
#  537|   		}

Error: COMPILER_WARNING (CWE-681): [#def6]
dotconf-1.4.1-build/dotconf-1.4.1/src/dotconf.c:556:67: warning[-Wpointer-sign]: pointer targets in passing argument 1 of 'strdup' differ in signedness
#  556 |                         cmd->data.list[cmd->arg_count++] = strdup(args);
#      |                                                                   ^~~~
#      |                                                                   |
#      |                                                                   signed char *
/usr/include/string.h:187:34: note: expected 'const char *' but argument is of type 'signed char *'
#  187 | extern char *strdup (const char *__s)
#      |                      ~~~~~~~~~~~~^~~
#  554|   		if (cmd->arg_count && cmd->data.list[cmd->arg_count - 1]
#  555|   		    && *args)
#  556|-> 			cmd->data.list[cmd->arg_count++] = strdup(args);
#  557|   
#  558|   		/* has an option entry been found before or do we have to use a fallback? */

Error: COMPILER_WARNING (CWE-681): [#def7]
dotconf-1.4.1-build/dotconf-1.4.1/src/dotconf.c: scope_hint: In function 'dotconf_handle_command'
dotconf-1.4.1-build/dotconf-1.4.1/src/dotconf.c:656:13: warning[-Wpointer-sign]: pointer targets in assignment from 'char *' to 'signed char *' differ in signedness
#  656 |         cp1 = buffer;
#      |             ^
#  654|   	context_error = 0;
#  655|   
#  656|-> 	cp1 = buffer;
#  657|   	eob = cp1 + strlen(cp1);
#  658|   

Error: COMPILER_WARNING (CWE-681): [#def8]
dotconf-1.4.1-build/dotconf-1.4.1/src/dotconf.c:657:28: warning[-Wpointer-sign]: pointer targets in passing argument 1 of 'strlen' differ in signedness
#  657 |         eob = cp1 + strlen(cp1);
#      |                            ^~~
#      |                            |
#      |                            signed char *
/usr/include/string.h:407:35: note: expected 'const char *' but argument is of type 'signed char *'
#  407 | extern size_t strlen (const char *__s)
#      |                       ~~~~~~~~~~~~^~~
#  655|   
#  656|   	cp1 = buffer;
#  657|-> 	eob = cp1 + strlen(cp1);
#  658|   
#  659|   	skip_whitespace(&cp1, eob - cp1, 0);

Error: COMPILER_WARNING (CWE-681): [#def9]
dotconf-1.4.1-build/dotconf-1.4.1/src/dotconf.c:670:13: warning[-Wpointer-sign]: pointer targets in assignment from 'char *' to 'signed char *' differ in signedness
#  670 |         cp2 = name;
#      |             ^
#  668|   
#  669|   	/* get first token: read the name of a possible option */
#  670|-> 	cp2 = name;
#  671|   	copy_word(&cp2, &cp1, MIN(eob - cp1, CFG_MAX_OPTION), 0);
#  672|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def10]
dotconf-1.4.1-build/dotconf-1.4.1/src/dotconf.c: scope_hint: In function 'dotconf_find_wild_card'
dotconf-1.4.1-build/dotconf-1.4.1/src/dotconf.c:941:19: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'filename' where non-null expected
dotconf-1.4.1-build/dotconf-1.4.1/src/dotconf.h:45:44: note: in definition of macro 'DOTCONF_CB'
<built-in>: note: argument 1 of '__builtin_strlen' must be non-null
#  939|   	int found_path = 0;
#  940|   
#  941|-> 	int len = strlen(filename);
#  942|   
#  943|   	if (wildcard != NULL && len > 0 && path != NULL && pre != NULL

Error: COMPILER_WARNING (CWE-252): [#def11]
dotconf-1.4.1-build/dotconf-1.4.1/src/dotconf.c: scope_hint: In function 'get_cwd'
dotconf-1.4.1-build/dotconf-1.4.1/src/dotconf.c:1436:9: warning[-Wunused-result]: ignoring return value of 'getcwd' declared with attribute 'warn_unused_result'
# 1436 |         getcwd(buf, CFG_MAX_FILENAME);
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1434|   	if (buf == NULL)
# 1435|   		return NULL;
# 1436|-> 	getcwd(buf, CFG_MAX_FILENAME);
# 1437|   	return buf;
# 1438|   }

Scan Properties

analyzer-version-clang	18.1.7
analyzer-version-cppcheck	2.14.2
analyzer-version-gcc	14.1.1
analyzer-version-gcc-analyzer	14.1.1
analyzer-version-shellcheck	0.10.0
diffbase-analyzer-version-clang	18.1.7
diffbase-analyzer-version-cppcheck	2.14.2
diffbase-analyzer-version-gcc	14.1.1
diffbase-analyzer-version-gcc-analyzer	14.1.1
diffbase-analyzer-version-shellcheck	0.10.0
diffbase-enabled-plugins	clang, cppcheck, gcc, shellcheck
diffbase-exit-code	0
diffbase-host	ip-172-16-1-249.us-west-2.compute.internal
diffbase-mock-config	fedora-41-x86_64
diffbase-project-name	dotconf-1.3-35.fc40
diffbase-store-results-to	/tmp/tmpx5eb89nj/dotconf-1.3-35.fc40.tar.xz
diffbase-time-created	2024-07-03 12:22:06
diffbase-time-finished	2024-07-03 12:23:20
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmpx5eb89nj/dotconf-1.3-35.fc40.tar.xz' '--gcc-analyze' '/tmp/tmpx5eb89nj/dotconf-1.3-35.fc40.src.rpm'
diffbase-tool-version	csmock-3.5.3-1.el9
enabled-plugins	clang, cppcheck, gcc, shellcheck
exit-code	0
host	ip-172-16-1-249.us-west-2.compute.internal
mock-config	fedora-41-x86_64
project-name	dotconf-1.4.1-2.fc41
store-results-to	/tmp/tmp6d2qohyh/dotconf-1.4.1-2.fc41.tar.xz
time-created	2024-07-03 12:23:27
time-finished	2024-07-03 12:24:21
title	Newly introduced defects
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmp6d2qohyh/dotconf-1.4.1-2.fc41.tar.xz' '--gcc-analyze' '/tmp/tmp6d2qohyh/dotconf-1.4.1-2.fc41.src.rpm'
tool-version	csmock-3.5.3-1.el9