Fixed defects
List of Defects
Error: GCC_ANALYZER_WARNING (CWE-688): [#def1]
dotconf-1.3-build/dotconf-1.3/src/dotconf.c: scope_hint: In function ‘dotconf_get_here_document’
dotconf-1.3-build/dotconf-1.3/src/dotconf.c:343:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘here_doc’ where non-null expected
dotconf-1.3-build/dotconf-1.3/src/dotconf.c:67: included_from: Included from here.
dotconf-1.3-build/dotconf-1.3/src/dotconf.h:45:44: note: in definition of macro ‘DOTCONF_CB’
<built-in>: note: argument 1 of ‘__builtin_memset’ must be non-null
# 341| */
# 342| here_doc = malloc(configfile->size); /* allocate buffer memory */
# 343|-> memset(here_doc, 0, configfile->size);
# 344|
# 345| here_string = 1;
Error: COMPILER_WARNING (CWE-681): [#def2]
dotconf-1.3-build/dotconf-1.3/src/dotconf.c: scope_hint: In function ‘dotconf_set_command’
dotconf-1.3-build/dotconf-1.3/src/dotconf.c:499:42: warning[-Wpointer-sign]: pointer targets in passing argument 1 of ‘strlen’ differ in signedness
# 499 | signed char *eob = args + strlen(args);
# | ^~~~
# | |
# | signed char *
dotconf-1.3-build/dotconf-1.3/src/dotconf.c:26: included_from: Included from here.
/usr/include/string.h:407:35: note: expected ‘const char *’ but argument is of type ‘signed char *’
# 407 | extern size_t strlen (const char *__s)
# | ~~~~~~~~~~~~^~~
# 497| command_t * cmd)
# 498| {
# 499|-> signed char *eob = args + strlen(args);
# 500|
# 501| /* fill in the command_t structure with values we already know */
Error: COMPILER_WARNING (CWE-681): [#def3]
dotconf-1.3-build/dotconf-1.3/src/dotconf.c:512:40: warning[-Wpointer-sign]: pointer targets in passing argument 1 of ‘strdup’ differ in signedness
# 512 | cmd->data.str = strdup(args);
# | ^~~~
# | |
# | signed char *
/usr/include/string.h:187:34: note: expected ‘const char *’ but argument is of type ‘signed char *’
# 187 | extern char *strdup (const char *__s)
# | ~~~~~~~~~~~~^~~
# 510| /* if it is an ARG_RAW type, save some time and call the
# 511| callback now */
# 512|-> cmd->data.str = strdup(args);
# 513| } else if (option->type == ARG_STR) {
# 514| signed char *cp = args;
Error: COMPILER_WARNING (CWE-681): [#def4]
dotconf-1.3-build/dotconf-1.3/src/dotconf.c:519:36: warning[-Wpointer-sign]: pointer targets in passing argument 2 of ‘strncmp’ differ in signedness
# 519 | if (!strncmp("<<", cp, 2)) {
# | ^~
# | |
# | signed char *
/usr/include/string.h:159:51: note: expected ‘const char *’ but argument is of type ‘signed char *’
# 159 | extern int strncmp (const char *__s1, const char *__s2, size_t __n)
# | ~~~~~~~~~~~~^~~~
# 517| skip_whitespace(&cp, eob - cp, 0);
# 518|
# 519|-> if (!strncmp("<<", cp, 2)) {
# 520| cmd->data.str =
# 521| dotconf_get_here_document(configfile, cp + 2);
Error: COMPILER_WARNING (CWE-681): [#def5]
dotconf-1.3-build/dotconf-1.3/src/dotconf.c:521:70: warning[-Wpointer-sign]: pointer targets in passing argument 2 of ‘dotconf_get_here_document’ differ in signedness
# 521 | dotconf_get_here_document(configfile, cp + 2);
# | ~~~^~~
# | |
# | signed char *
dotconf-1.3-build/dotconf-1.3/src/dotconf.c:317:72: note: expected ‘const char *’ but argument is of type ‘signed char *’
# 317 | char *dotconf_get_here_document(configfile_t * configfile, const char *delimit)
# | ~~~~~~~~~~~~^~~~~~~
# 519| if (!strncmp("<<", cp, 2)) {
# 520| cmd->data.str =
# 521|-> dotconf_get_here_document(configfile, cp + 2);
# 522| cmd->arg_count = 1;
# 523| }
Error: COMPILER_WARNING (CWE-681): [#def6]
dotconf-1.3-build/dotconf-1.3/src/dotconf.c:542:67: warning[-Wpointer-sign]: pointer targets in passing argument 1 of ‘strdup’ differ in signedness
# 542 | cmd->data.list[cmd->arg_count++] = strdup(args);
# | ^~~~
# | |
# | signed char *
/usr/include/string.h:187:34: note: expected ‘const char *’ but argument is of type ‘signed char *’
# 187 | extern char *strdup (const char *__s)
# | ~~~~~~~~~~~~^~~
# 540| if (cmd->arg_count && cmd->data.list[cmd->arg_count - 1]
# 541| && *args)
# 542|-> cmd->data.list[cmd->arg_count++] = strdup(args);
# 543|
# 544| /* has an option entry been found before or do we have to use a fallback? */
Error: COMPILER_WARNING (CWE-681): [#def7]
dotconf-1.3-build/dotconf-1.3/src/dotconf.c: scope_hint: In function ‘dotconf_handle_command’
dotconf-1.3-build/dotconf-1.3/src/dotconf.c:642:13: warning[-Wpointer-sign]: pointer targets in assignment from ‘char *’ to ‘signed char *’ differ in signedness
# 642 | cp1 = buffer;
# | ^
# 640| context_error = 0;
# 641|
# 642|-> cp1 = buffer;
# 643| eob = cp1 + strlen(cp1);
# 644|
Error: COMPILER_WARNING (CWE-681): [#def8]
dotconf-1.3-build/dotconf-1.3/src/dotconf.c:643:28: warning[-Wpointer-sign]: pointer targets in passing argument 1 of ‘strlen’ differ in signedness
# 643 | eob = cp1 + strlen(cp1);
# | ^~~
# | |
# | signed char *
/usr/include/string.h:407:35: note: expected ‘const char *’ but argument is of type ‘signed char *’
# 407 | extern size_t strlen (const char *__s)
# | ~~~~~~~~~~~~^~~
# 641|
# 642| cp1 = buffer;
# 643|-> eob = cp1 + strlen(cp1);
# 644|
# 645| skip_whitespace(&cp1, eob - cp1, 0);
Error: COMPILER_WARNING (CWE-681): [#def9]
dotconf-1.3-build/dotconf-1.3/src/dotconf.c:656:13: warning[-Wpointer-sign]: pointer targets in assignment from ‘char *’ to ‘signed char *’ differ in signedness
# 656 | cp2 = name;
# | ^
# 654|
# 655| /* get first token: read the name of a possible option */
# 656|-> cp2 = name;
# 657| copy_word(&cp2, &cp1, MIN(eob - cp1, CFG_MAX_OPTION), 0);
# 658|
Error: GCC_ANALYZER_WARNING (CWE-688): [#def10]
dotconf-1.3-build/dotconf-1.3/src/dotconf.c: scope_hint: In function ‘dotconf_find_wild_card’
dotconf-1.3-build/dotconf-1.3/src/dotconf.c:927:19: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘filename’ where non-null expected
dotconf-1.3-build/dotconf-1.3/src/dotconf.h:45:44: note: in definition of macro ‘DOTCONF_CB’
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 925| int found_path = 0;
# 926|
# 927|-> int len = strlen(filename);
# 928|
# 929| if (wildcard != NULL && len > 0 && path != NULL && pre != NULL
Error: COMPILER_WARNING (CWE-252): [#def11]
dotconf-1.3-build/dotconf-1.3/src/dotconf.c: scope_hint: In function ‘get_cwd’
dotconf-1.3-build/dotconf-1.3/src/dotconf.c:1422:9: warning[-Wunused-result]: ignoring return value of ‘getcwd’ declared with attribute ‘warn_unused_result’
# 1422 | getcwd(buf, CFG_MAX_FILENAME);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1420| if (buf == NULL)
# 1421| return NULL;
# 1422|-> getcwd(buf, CFG_MAX_FILENAME);
# 1423| return buf;
# 1424| }
Scan Properties
| analyzer-version-clang | 18.1.7 |
| analyzer-version-cppcheck | 2.14.2 |
| analyzer-version-gcc | 14.1.1 |
| analyzer-version-gcc-analyzer | 14.1.1 |
| analyzer-version-shellcheck | 0.10.0 |
| diffbase-analyzer-version-clang | 18.1.7 |
| diffbase-analyzer-version-cppcheck | 2.14.2 |
| diffbase-analyzer-version-gcc | 14.1.1 |
| diffbase-analyzer-version-gcc-analyzer | 14.1.1 |
| diffbase-analyzer-version-shellcheck | 0.10.0 |
| diffbase-enabled-plugins | clang, cppcheck, gcc, shellcheck |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-249.us-west-2.compute.internal |
| diffbase-mock-config | fedora-41-x86_64 |
| diffbase-project-name | dotconf-1.4.1-2.fc41 |
| diffbase-store-results-to | /tmp/tmp6d2qohyh/dotconf-1.4.1-2.fc41.tar.xz |
| diffbase-time-created | 2024-07-03 12:23:27 |
| diffbase-time-finished | 2024-07-03 12:24:21 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmp6d2qohyh/dotconf-1.4.1-2.fc41.tar.xz' '--gcc-analyze' '/tmp/tmp6d2qohyh/dotconf-1.4.1-2.fc41.src.rpm' |
| diffbase-tool-version | csmock-3.5.3-1.el9 |
| enabled-plugins | clang, cppcheck, gcc, shellcheck |
| exit-code | 0 |
| host | ip-172-16-1-249.us-west-2.compute.internal |
| mock-config | fedora-41-x86_64 |
| project-name | dotconf-1.3-35.fc40 |
| store-results-to | /tmp/tmpx5eb89nj/dotconf-1.3-35.fc40.tar.xz |
| time-created | 2024-07-03 12:22:06 |
| time-finished | 2024-07-03 12:23:20 |
| title | Fixed defects |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmpx5eb89nj/dotconf-1.3-35.fc40.tar.xz' '--gcc-analyze' '/tmp/tmpx5eb89nj/dotconf-1.3-35.fc40.src.rpm' |
| tool-version | csmock-3.5.3-1.el9 |