gnupg2-2.4.5-1.fc41

List of Defects

Error: CLANG_WARNING: [#def1]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/call-pinentry.c:859:19: warning[deadcode.DeadStores]: Although the value stored to 'nbytes' is used in the enclosing expression, the value is never actually read from 'nbytes'
#  857|   {
#  858|     unsigned int nbits = DEFAULT_GENPIN_BITS;
#  859|->   size_t nbytes = nbytes = (nbits + 7) / 8;
#  860|     void *rand;
#  861|     char *generated;

Error: CLANG_WARNING: [#def2]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/call-pinentry.c:975:13: warning[deadcode.DeadStores]: Although the value stored to 's' is used in the enclosing expression, the value is never actually read from 's'
#  973|           }
#  974|       }
#  975|->   else if ((s = has_leading_keyword (line, "GENPIN")))
#  976|       {
#  977|         int wasconf;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def3]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/call-pinentry.c: scope_hint: In function ‘watch_sock_end’
gnupg2-2.4.5-build/gnupg-2.4.5/agent/call-pinentry.c:1367:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*thread_p’
gnupg2-2.4.5-build/gnupg-2.4.5/agent/agent.h:28: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/agent/call-pinentry.c:37: included_from: Included from here.
# 1365|   
# 1366|     *sock_p = GNUPG_INVALID_FD;
# 1367|->   err = npth_join (*thread_p, NULL);
# 1368|     if (err)
# 1369|       log_error ("watch_sock_end: error joining thread: %s\n", strerror (err));

Error: CLANG_WARNING: [#def4]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/call-pinentry.c:1367:9: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 1365|   
# 1366|     *sock_p = GNUPG_INVALID_FD;
# 1367|->   err = npth_join (*thread_p, NULL);
# 1368|     if (err)
# 1369|       log_error ("watch_sock_end: error joining thread: %s\n", strerror (err));

Error: CLANG_WARNING: [#def5]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/call-pinentry.c:1555:13: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 1553|                                   NULL, NULL, NULL, NULL, NULL, NULL);
# 1554|             if (rc)
# 1555|->             rc = 0; /* Pinentry does not support it. */
# 1556|           }
# 1557|   

Error: CLANG_WARNING: [#def6]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/call-pinentry.c:1825:13: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 1823|                                   NULL, NULL, NULL, NULL, NULL, NULL);
# 1824|             if (rc)
# 1825|->             rc = 0; /* Pinentry does not support it. */
# 1826|           }
# 1827|   

Error: CLANG_WARNING: [#def7]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/call-scd.c:400:13: warning[deadcode.DeadStores]: Although the value stored to 's' is used in the enclosing expression, the value is never actually read from 's'
#  398|                               s, NULL, 1);
#  399|       }
#  400|->   else if ((s = has_leading_keyword (line, "DISMISSPINPADPROMPT")))
#  401|       {
#  402|         rc = parm->getpin_cb (parm->getpin_cb_arg, parm->getpin_cb_desc,

Error: GCC_ANALYZER_WARNING (CWE-121): [#def8]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/call-scd.c: scope_hint: In function ‘agent_card_pkdecrypt’
gnupg2-2.4.5-build/gnupg-2.4.5/agent/call-scd.c:596:11: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
gnupg2-2.4.5-build/gnupg-2.4.5/agent/call-scd.c:596:11: note: write of 8 bytes to beyond the end of ‘line’
gnupg2-2.4.5-build/gnupg-2.4.5/agent/call-scd.c:596:11: note: valid subscripts for ‘line’ are ‘[0]’ to ‘[1001]’
#  594|         for (i=0; len < indatalen && (i*2 < DIM(line)-50); i++, len++)
#  595|           {
#  596|->           sprintf (p, "%02X", indata[len]);
#  597|             p += 2;
#  598|           }

Error: CLANG_WARNING: [#def9]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/call-scd.c:681:8: warning[deadcode.DeadStores]: Although the value stored to 's' is used in the enclosing expression, the value is never actually read from 's'
#  679|     const char *s;
#  680|   
#  681|->   if ((s = has_leading_keyword (line, "KEYPAIRINFO"))
#  682|         && !parm->keyref)
#  683|       {

Error: CLANG_WARNING: [#def10]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/call-scd.c:700:12: warning[deadcode.DeadStores]: Although the value stored to 'nfields' is used in the enclosing expression, the value is never actually read from 'nfields'
#  698|           }
#  699|   
#  700|->       if ((nfields = split_fields (line_buffer, fields, DIM (fields))) < 2)
#  701|           goto leave;  /* Not enough args; invalid status line - skip.  */
#  702|   

Error: CLANG_WARNING: [#def11]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/command-ssh.c:2743:3: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 2741|   
# 2742|     /* Sort the array.  */
# 2743|->   qsort (keyarray.items, keyarray.nitems, sizeof *keyarray.items,
# 2744|            compare_key_collection_items);
# 2745|     if (opt.debug)

Error: GCC_ANALYZER_WARNING (CWE-688): [#def12]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/command-ssh.c: scope_hint: In function ‘ssh_handler_extension’
gnupg2-2.4.5-build/gnupg-2.4.5/agent/command-ssh.c:3576:8: warning[-Wanalyzer-null-argument]: use of NULL ‘exttype’ where non-null expected
gnupg2-2.4.5-build/gnupg-2.4.5/agent/command-ssh.c: scope_hint: In function ‘ssh_handler_extension’
gnupg2-2.4.5-build/gnupg-2.4.5/agent/agent.h:35: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/agent/command-ssh.c:55: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/common/util.h:102:40: note: in definition of macro ‘xtrymalloc’
gnupg2-2.4.5-build/gnupg-2.4.5/agent/command-ssh.c: scope_hint: In function ‘ssh_handler_extension’
gnupg2-2.4.5-build/gnupg-2.4.5/agent/command-ssh.c:40: included_from: Included from here.
/usr/include/string.h:156:12: note: argument 1 of ‘strcmp’ must be non-null
# 3574|     if (opt.verbose)
# 3575|       log_info ("ssh-agent extension '%s' received\n", exttype);
# 3576|->   if (!strcmp (exttype, "ssh-env@gnupg.org"))
# 3577|       {
# 3578|         for (;;)

Error: GCC_ANALYZER_WARNING (CWE-457): [#def13]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/command.c: scope_hint: In function ‘cmd_readkey’
gnupg2-2.4.5-build/gnupg-2.4.5/agent/command.c:1461:25: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘pkbuflen’
gnupg2-2.4.5-build/gnupg-2.4.5/agent/command.c:307:12: note: in expansion of macro ‘set_error’
# 1459|       }
# 1460|   
# 1461|->   rc = opt_no_data? 0 : assuan_send_data (ctx, pkbuf, pkbuflen);
# 1462|   
# 1463|    leave:

Error: CLANG_WARNING: [#def14]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/command.c:1461:25: warning[core.CallAndMessage]: 3rd function call argument is an uninitialized value
# 1459|       }
# 1460|   
# 1461|->   rc = opt_no_data? 0 : assuan_send_data (ctx, pkbuf, pkbuflen);
# 1462|   
# 1463|    leave:

Error: CLANG_WARNING: [#def15]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/command.c:1567:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1565|           goto leave; /* No attribute available.  */
# 1566|   
# 1567|->       err = agent_raw_key_from_file (ctrl, grip, &s_key, &keymeta);
# 1568|         if (!keymeta)
# 1569|           istrue = 0;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def16]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/command.c: scope_hint: In function ‘cmd_keytocard’
gnupg2-2.4.5-build/gnupg-2.4.5/agent/command.c:3303:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘n’
# 3301|             if (err)
# 3302|               goto leave;  /* Badly formatted ecdh params. */
# 3303|->           n /= 2;
# 3304|             if (n < 4)
# 3305|               {

Error: CLANG_WARNING: [#def17]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/command.c:3504:32: warning[deadcode.DeadStores]: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
# 3502|         goto leave;
# 3503|       }
# 3504|->   if (!ttlstr || !*ttlstr || !(n = parse_ttl (ttlstr, &ttl)))
# 3505|       {
# 3506|         err = set_error (GPG_ERR_ASS_PARAMETER, "no or invalid TTL given");

Error: CLANG_WARNING: [#def18]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/cvt-openpgp.c:1238:23: warning[core.UndefinedBinaryOperatorResult]: The left operand of '>>' is a garbage value
# 1236|     for (i = 0; i < (nskey-npkey); i++ )
# 1237|       {
# 1238|->       *p++ = nbits[i] >> 8 ;
# 1239|         *p++ = nbits[i];
# 1240|         memcpy (p, bufarr[i], narr[i]);

Error: CLANG_WARNING: [#def19]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/cvt-openpgp.c:1240:7: warning[core.CallAndMessage]: 2nd function call argument is an uninitialized value
# 1238|         *p++ = nbits[i] >> 8 ;
# 1239|         *p++ = nbits[i];
# 1240|->       memcpy (p, bufarr[i], narr[i]);
# 1241|         p += narr[i];
# 1242|         xfree (bufarr[i]);

Error: COMPILER_WARNING (CWE-704): [#def20]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/cvt-openpgp.h:27:13: warning[-Wlto-type-mismatch]: type of ‘convert_from_openpgp_native’ does not match original declaration
#   27 | gpg_error_t convert_from_openpgp_native (ctrl_t ctrl,
#      |             ^
gnupg2-2.4.5-build/gnupg-2.4.5/agent/t-protect.c:344:1: note: type mismatch in parameter 4
#  344 | convert_from_openpgp_native (gcry_sexp_t s_pgp, const char *passphrase,
#      | ^
gnupg2-2.4.5-build/gnupg-2.4.5/agent/t-protect.c:344:1: note: ‘convert_from_openpgp_native’ was previously declared here
#   25|                                     const char *cache_nonce,
#   26|                                     unsigned char **r_key, char **r_passphrase);
#   27|-> gpg_error_t convert_from_openpgp_native (ctrl_t ctrl,
#   28|                                            gcry_sexp_t s_pgp,
#   29|                                            const char *passphrase,

Error: CLANG_WARNING: [#def21]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/divert-tpm2.c:38:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#   36|     gcry_sexp_t s_pkey;
#   37|   
#   38|->   err = agent_public_key_from_file (ctrl, grip, &s_pkey);
#   39|     len = gcry_sexp_sprint(s_pkey, GCRYSEXP_FMT_CANON, NULL, 0);
#   40|     pkbuf = xtrymalloc (len);

Error: CLANG_WARNING: [#def22]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/findkey.c:287:19: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
#  285|                 && tokenfields[0] && tokenfields[1] && tokenfields[2]
#  286|                 && tokenfields[3]
#  287|->               && !strcmp (tokenfields[3], dispserialno))
#  288|               ; /* No need to update Token entry.  */
#  289|             else

Error: CLANG_WARNING: [#def23]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/genkey.c:124:7: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
#  122|                                      NULL, NULL, NULL, timestamp);
#  123|   
#  124|->   if (!err)
#  125|       {
#  126|         char hexgrip[2*KEYGRIP_LEN+1];

Error: CLANG_WARNING: [#def24]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/genkey.c:217:11: warning[deadcode.DeadStores]: Value stored to 'result' is never read
#  215|             err = gpg_error_from_syserror ();
#  216|             log_error (_("error writing to pipe: %s\n"), gpg_strerror (err));
#  217|->           result = 1; /* Error - assume password should not be used.  */
#  218|           }
#  219|         else

Error: CLANG_WARNING: [#def25]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/protect.c:986:3: warning[deadcode.DeadStores]: Value stored to 'p' is never read
#  984|       *cutoff = p - newlist;
#  985|     memcpy (p, startpos, endpos - startpos);
#  986|->   p += endpos - startpos;
#  987|   
#  988|   

Error: CLANG_WARNING: [#def26]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/protect.c:1085:11: warning[deadcode.DeadStores]: Value stored to 'prot_begin' is never read
# 1083|         while (*s == '(')
# 1084|           {
# 1085|->           prot_begin = s;
# 1086|             s++;
# 1087|             n = snext (&s);

Error: CLANG_WARNING: [#def27]
gnupg2-2.4.5-build/gnupg-2.4.5/agent/protect.c:1543:3: warning[deadcode.DeadStores]: Value stored to 'p' is never read
# 1541|     *p++ = ')';
# 1542|     memcpy (p, point, pubkey_len - (point - pubkey));
# 1543|->   p += pubkey_len - (point - pubkey);
# 1544|   
# 1545|     return 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def28]
gnupg2-2.4.5-build/gnupg-2.4.5/common/asshelp.c: scope_hint: In function ‘start_new_service’
gnupg2-2.4.5-build/gnupg-2.4.5/common/asshelp.c:474:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘p’
gnupg2-2.4.5-build/gnupg-2.4.5/common/asshelp.c:41: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/common/asshelp.c:464:21: note: in expansion of macro ‘xtrystrdup’
#  472|               }
#  473|             p = strchr (program, '|');
#  474|->           *p++ = 0;
#  475|             program_arg = p;
#  476|           }

Error: CLANG_WARNING: [#def29]
gnupg2-2.4.5-build/gnupg-2.4.5/common/audit.c:1182:8: warning[deadcode.DeadStores]: Although the value stored to 's' is used in the enclosing expression, the value is never actually read from 's'
# 1180|     /* We use an environment variable to include some debug info in the
# 1181|        log.  */
# 1182|->   if ((s = getenv ("gnupg_debug_audit")))
# 1183|       show_raw = 1;
# 1184|   

Error: COMPILER_WARNING (CWE-252): [#def30]
gnupg2-2.4.5-build/gnupg-2.4.5/common/dotlock.c: scope_hint: In function ‘use_hardlinks_p’
gnupg2-2.4.5-build/gnupg-2.4.5/common/dotlock.c:667:10: warning[-Wunused-result]: ignoring return value of ‘link’ declared with attribute ‘warn_unused_result’
#  667 |   (void) link (tname, lname);
#      |          ^~~~~~~~~~~~~~~~~~~
#  665|   
#  666|     /* We ignore the return value of link() because it is unreliable.  */
#  667|->   (void) link (tname, lname);
#  668|   
#  669|     if (stat (tname, &sb))

Error: GCC_ANALYZER_WARNING (CWE-775): [#def31]
gnupg2-2.4.5-build/gnupg-2.4.5/common/dotlock.c: scope_hint: In function ‘dotlock_take_unix’
gnupg2-2.4.5-build/gnupg-2.4.5/common/dotlock.c:1296:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
gnupg2-2.4.5-build/gnupg-2.4.5/common/dotlock.c:283: included_from: Included from here.
/usr/include/gcrypt.h:31: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/common/util.h:34: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/common/dotlock.c:312: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/common/dotlock.c:1387:7: note: in expansion of macro ‘my_info_0’
# 1294|           {
# 1295|             my_set_errno (0);
# 1296|->           fd = open (h->lockname, O_WRONLY|O_CREAT|O_EXCL,
# 1297|                        S_IRUSR|S_IRGRP|S_IROTH|S_IWUSR );
# 1298|           }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def32]
gnupg2-2.4.5-build/gnupg-2.4.5/common/dotlock.c:1313:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
# 1311|                           h->lockname, strerror (saveerrno));
# 1312|             my_set_errno (saveerrno);
# 1313|->           return -1;
# 1314|           }
# 1315|         else

Error: COMPILER_WARNING (CWE-252): [#def33]
gnupg2-2.4.5-build/gnupg-2.4.5/common/dotlock.c: scope_hint: In function ‘dotlock_take_unix’
gnupg2-2.4.5-build/gnupg-2.4.5/common/dotlock.c:1349:14: warning[-Wunused-result]: ignoring return value of ‘link’ declared with attribute ‘warn_unused_result’
# 1349 |       (void) link (h->tname, h->lockname);
#      |              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1347|   
# 1348|         /* We ignore the return value of link() because it is unreliable.  */
# 1349|->       (void) link (h->tname, h->lockname);
# 1350|   
# 1351|         if (stat (h->tname, &sb))

Error: GCC_ANALYZER_WARNING (CWE-775): [#def34]
gnupg2-2.4.5-build/gnupg-2.4.5/common/exechelp-posix.c: scope_hint: In function ‘do_exec’
gnupg2-2.4.5-build/gnupg-2.4.5/common/exechelp-posix.c:329:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(fds[i], i)’
#  327|         if (nodevnull[i])
#  328|           continue;
#  329|->       if (fds[i] != i && dup2 (fds[i], i) == -1)
#  330|           log_fatal ("dup2 std%s failed: %s\n",
#  331|                      i==0?"in":i==1?"out":"err", strerror (errno));

Error: GCC_ANALYZER_WARNING: [#def35]
gnupg2-2.4.5-build/gnupg-2.4.5/common/exechelp-posix.c:329:26: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘-1’
#  327|         if (nodevnull[i])
#  328|           continue;
#  329|->       if (fds[i] != i && dup2 (fds[i], i) == -1)
#  330|           log_fatal ("dup2 std%s failed: %s\n",
#  331|                      i==0?"in":i==1?"out":"err", strerror (errno));

Error: CLANG_WARNING: [#def36]
gnupg2-2.4.5-build/gnupg-2.4.5/common/iobuf.c:2462:4: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
# 2460|   	  if (size > buflen)
# 2461|   	    size = buflen;
# 2462|-> 	  memcpy (a->d.buf + a->d.len, buf, size);
# 2463|   	  buflen -= size;
# 2464|   	  buf += size;

Error: COMPILER_WARNING (CWE-477): [#def37]
gnupg2-2.4.5-build/gnupg-2.4.5/common/miscellaneous.c: scope_hint: In function ‘setup_libgcrypt_logging’
gnupg2-2.4.5-build/gnupg-2.4.5/common/miscellaneous.c:103:3: warning[-Wdeprecated-declarations]: ‘gcry_set_log_handler’ is deprecated
gnupg2-2.4.5-build/gnupg-2.4.5/common/util.h:34: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/common/miscellaneous.c:35: included_from: Included from here.
/usr/include/gcrypt.h:2025:6: note: declared here
#  101|   setup_libgcrypt_logging (void)
#  102|   {
#  103|->   gcry_set_log_handler (my_gcry_logger, NULL);
#  104|     gcry_set_fatalerror_handler (my_gcry_fatalerror_handler, NULL);
#  105|     gcry_set_outofcore_handler (my_gcry_outofcore_handler, NULL);

Error: CLANG_WARNING: [#def38]
gnupg2-2.4.5-build/gnupg-2.4.5/common/name-value.c:210:39: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  208|   
#  209|         /* On the first line we need to subtract space for the name.  */
#  210|->       if (entry->raw_value == NULL && strlen (entry->name) < linelen)
#  211|   	linelen -= strlen (entry->name);
#  212|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def39]
gnupg2-2.4.5-build/gnupg-2.4.5/common/name-value.c: scope_hint: In function ‘_nvc_add’
gnupg2-2.4.5-build/gnupg-2.4.5/common/name-value.c:408:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘pk’
gnupg2-2.4.5-build/gnupg-2.4.5/common/name-value.c:43: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/common/name-value.c:480:7: note: in expansion of macro ‘xtrystrdup’
gnupg2-2.4.5-build/gnupg-2.4.5/common/name-value.c:36: included_from: Included from here.
#  406|     e->raw_value = raw_value;
#  407|   
#  408|->   if (pk->first)
#  409|       {
#  410|         nve_t last;

Error: COMPILER_WARNING (CWE-252): [#def40]
gnupg2-2.4.5-build/gnupg-2.4.5/common/signal.c: scope_hint: In function ‘got_fatal_signal’
gnupg2-2.4.5-build/gnupg-2.4.5/common/signal.c:113:9: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  113 |   (void)write (2, "\n", 1 );
#      |         ^~~~~~~~~~~~~~~~~~~
#  111|       cleanup_fnc ();
#  112|     /* Better don't translate these messages. */
#  113|->   (void)write (2, "\n", 1 );
#  114|     s = log_get_prefix (NULL);
#  115|     if (s)

Error: COMPILER_WARNING (CWE-252): [#def41]
gnupg2-2.4.5-build/gnupg-2.4.5/common/signal.c:116:11: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  116 |     (void)write(2, s, strlen (s));
#      |           ^~~~~~~~~~~~~~~~~~~~~~~
#  114|     s = log_get_prefix (NULL);
#  115|     if (s)
#  116|->     (void)write(2, s, strlen (s));
#  117|     (void)write (2, ": signal ", 9 );
#  118|     s = get_signal_name(sig);

Error: COMPILER_WARNING (CWE-252): [#def42]
gnupg2-2.4.5-build/gnupg-2.4.5/common/signal.c:117:9: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  117 |   (void)write (2, ": signal ", 9 );
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~
#  115|     if (s)
#  116|       (void)write(2, s, strlen (s));
#  117|->   (void)write (2, ": signal ", 9 );
#  118|     s = get_signal_name(sig);
#  119|     if (s)

Error: COMPILER_WARNING (CWE-252): [#def43]
gnupg2-2.4.5-build/gnupg-2.4.5/common/signal.c:120:12: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  120 |     (void) write (2, s, strlen(s) );
#      |            ^~~~~~~~~~~~~~~~~~~~~~~~
#  118|     s = get_signal_name(sig);
#  119|     if (s)
#  120|->     (void) write (2, s, strlen(s) );
#  121|     else
#  122|       {

Error: COMPILER_WARNING (CWE-252): [#def44]
gnupg2-2.4.5-build/gnupg-2.4.5/common/signal.c:130:15: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  130 |         (void)write (2, "?", 1);
#      |               ^~~~~~~~~~~~~~~~~
#  128|            this is a bug in that system, we will protect against it.  */
#  129|         if (sig < 0 || sig >= 100000)
#  130|->         (void)write (2, "?", 1);
#  131|         else
#  132|           {

Error: COMPILER_WARNING (CWE-252): [#def45]
gnupg2-2.4.5-build/gnupg-2.4.5/common/signal.c:139:25: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  139 |                   (void)write (2, &"0123456789"[value/i], 1);
#      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  137|                 if (value >= i || ((any || i==1) && !(value/i)))
#  138|                   {
#  139|->                   (void)write (2, &"0123456789"[value/i], 1);
#  140|                     if ((value/i))
#  141|                       any = 1;

Error: COMPILER_WARNING (CWE-252): [#def46]
gnupg2-2.4.5-build/gnupg-2.4.5/common/signal.c:147:9: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  147 |   (void)write (2, " caught ... exiting\n", 20);
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  145|           }
#  146|       }
#  147|->   (void)write (2, " caught ... exiting\n", 20);
#  148|   
#  149|     /* Reset action to default action and raise signal again */

Error: CPPCHECK_WARNING: [#def47]
gnupg2-2.4.5-build/gnupg-2.4.5/common/simple-pwquery.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: GCC_ANALYZER_WARNING (CWE-121): [#def48]
gnupg2-2.4.5-build/gnupg-2.4.5/common/simple-pwquery.c: scope_hint: In function ‘copy_and_escape’
gnupg2-2.4.5-build/gnupg-2.4.5/common/simple-pwquery.c:301:11: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
gnupg2-2.4.5-build/gnupg-2.4.5/common/simple-pwquery.c:301:11: note: write of 17 bytes to beyond the end of ‘line’
gnupg2-2.4.5-build/gnupg-2.4.5/common/simple-pwquery.c:301:11: note: valid subscripts for ‘line’ are ‘[0]’ to ‘[499]’
#  299|         if (s[i] < ' ' || s[i] == '+')
#  300|           {
#  301|->           sprintf (p, "%%%02X", s[i]);
#  302|             p += 3;
#  303|           }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def49]
gnupg2-2.4.5-build/gnupg-2.4.5/common/sysutils.c: scope_hint: In function ‘gnupg_reopen_std’
gnupg2-2.4.5-build/gnupg-2.4.5/common/sysutils.c:705:10: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 0)’
#  703|     if (fcntl (STDIN_FILENO, F_GETFD) == -1 && errno ==EBADF)
#  704|       {
#  705|->       if (open ("/dev/null",O_RDONLY) == STDIN_FILENO)
#  706|   	did_stdin = 1;
#  707|         else

Error: GCC_ANALYZER_WARNING (CWE-775): [#def50]
gnupg2-2.4.5-build/gnupg-2.4.5/common/sysutils.c:713:10: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 1)’
#  711|     if (fcntl (STDOUT_FILENO, F_GETFD) == -1 && errno == EBADF)
#  712|       {
#  713|->       if (open ("/dev/null",O_WRONLY) == STDOUT_FILENO)
#  714|   	did_stdout = 1;
#  715|         else

Error: GCC_ANALYZER_WARNING (CWE-775): [#def51]
gnupg2-2.4.5-build/gnupg-2.4.5/common/sysutils.c:721:10: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 1)’
#  719|     if (fcntl (STDERR_FILENO, F_GETFD)==-1 && errno==EBADF)
#  720|       {
#  721|->       if (open ("/dev/null", O_WRONLY) == STDERR_FILENO)
#  722|   	did_stderr = 1;
#  723|         else

Error: CLANG_WARNING: [#def52]
gnupg2-2.4.5-build/gnupg-2.4.5/common/sysutils.c:1794:26: warning[core.UndefinedBinaryOperatorResult]: The left operand of '!=' is a garbage value
# 1792|       log_error ("could not getsockname(%d): %s\n", fd,
# 1793|                  gpg_strerror (my_error_from_syserror ()));
# 1794|->   else if (un.sun_family != AF_UNIX)
# 1795|       log_error ("file descriptor %d is not a unix-domain socket\n", fd);
# 1796|     else if (len <= offsetof (struct sockaddr_un, sun_path))

Error: GCC_ANALYZER_WARNING (CWE-688): [#def53]
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-b64.c: scope_hint: In function ‘test_b64enc_file’
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-b64.c:185:20: warning[-Wanalyzer-null-argument]: use of NULL ‘<unknown>’ where non-null expected
gnupg2-2.4.5-build/gnupg-2.4.5/common/util.h:35: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-b64.c:26: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-b64.c:23: included_from: Included from here.
/usr/include/stdio.h:728:15: note: argument 4 of ‘fread’ must be non-null
#  183|       fail (1);
#  184|   
#  185|->   while ( (nread = fread (buffer, 1, sizeof buffer, fp)) )
#  186|       {
#  187|         err = b64enc_write (&state, buffer, nread);

Error: CLANG_WARNING: [#def54]
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-b64.c:185:20: warning[core.NonNullParamChecker]: Null pointer passed to 4th parameter expecting 'nonnull'
#  183|       fail (1);
#  184|   
#  185|->   while ( (nread = fread (buffer, 1, sizeof buffer, fp)) )
#  186|       {
#  187|         err = b64enc_write (&state, buffer, nread);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def55]
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-b64.c: scope_hint: In function ‘test_b64dec_file’
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-b64.c:222:20: warning[-Wanalyzer-null-argument]: use of NULL ‘<unknown>’ where non-null expected
/usr/include/stdio.h:728:15: note: argument 4 of ‘fread’ must be non-null
#  220|       fail (1);
#  221|   
#  222|->   while ( (nread = fread (buffer, 1, sizeof buffer, fp)) )
#  223|       {
#  224|         err = b64dec_proc (&state, buffer, nread, &nbytes);

Error: CLANG_WARNING: [#def56]
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-b64.c:222:20: warning[core.NonNullParamChecker]: Null pointer passed to 4th parameter expecting 'nonnull'
#  220|       fail (1);
#  221|   
#  222|->   while ( (nread = fread (buffer, 1, sizeof buffer, fp)) )
#  223|       {
#  224|         err = b64dec_proc (&state, buffer, nread, &nbytes);

Error: COMPILER_WARNING (CWE-252): [#def57]
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-exechelp.c: scope_hint: In function ‘test_close_all_fds’
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-exechelp.c:96:3: warning[-Wunused-result]: ignoring return value of ‘dup’ declared with attribute ‘warn_unused_result’
#   96 |   dup (1);
#      |   ^~~~~~~
#   94|   
#   95|     /* Some dups to get more file descriptors and close one. */
#   96|->   dup (1);
#   97|     dup (1);
#   98|     fd = dup (1);

Error: COMPILER_WARNING (CWE-252): [#def58]
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-exechelp.c:97:3: warning[-Wunused-result]: ignoring return value of ‘dup’ declared with attribute ‘warn_unused_result’
#   97 |   dup (1);
#      |   ^~~~~~~
#   95|     /* Some dups to get more file descriptors and close one. */
#   96|     dup (1);
#   97|->   dup (1);
#   98|     fd = dup (1);
#   99|     dup (1);

Error: COMPILER_WARNING (CWE-252): [#def59]
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-exechelp.c:99:3: warning[-Wunused-result]: ignoring return value of ‘dup’ declared with attribute ‘warn_unused_result’
#   99 |   dup (1);
#      |   ^~~~~~~
#   97|     dup (1);
#   98|     fd = dup (1);
#   99|->   dup (1);
#  100|     close (fd);
#  101|   

Error: COMPILER_WARNING (CWE-252): [#def60]
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-exechelp.c:140:9: warning[-Wunused-result]: ignoring return value of ‘dup’ declared with attribute ‘warn_unused_result’
#  140 |         dup (1);
#      |         ^~~~~~~
#  138|   
#  139|         for (n=initial_count; n < 31; n++)
#  140|->         dup (1);
#  141|         array = xget_all_open_fds ();
#  142|         if (verbose)

Error: COMPILER_WARNING (CWE-252): [#def61]
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-exechelp.c:147:11: warning[-Wunused-result]: ignoring return value of ‘dup’ declared with attribute ‘warn_unused_result’
#  147 |           dup (1);
#      |           ^~~~~~~
#  145|         for (n=0; n < 5; n++)
#  146|           {
#  147|->           dup (1);
#  148|             array = xget_all_open_fds ();
#  149|             if (verbose)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def62]
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-iobuf.c: scope_hint: In function ‘content_filter_new’
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-iobuf.c:91:14: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘state’
#   89|       = malloc (sizeof (struct content_filter_state));
#   90|   
#   91|->   state->pos = 0;
#   92|     state->len = strlen (buffer);
#   93|     state->buffer = buffer;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def63]
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-ssh-utils.c: scope_hint: In function ‘read_file’
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-ssh-utils.c:224:6: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname, "rb")’
#  222|       }
#  223|   
#  224|->   if (fstat (fileno(fp), &st))
#  225|       {
#  226|         fprintf (stderr, "%s:%d: can't stat '%s': %s\n",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def64]
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-ssh-utils.c:224:6: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname, "rb")’
#  222|       }
#  223|   
#  224|->   if (fstat (fileno(fp), &st))
#  225|       {
#  226|         fprintf (stderr, "%s:%d: can't stat '%s': %s\n",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def65]
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-ssh-utils.c:231:14: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname, "rb")’
#  229|       }
#  230|   
#  231|->   buflen = st.st_size;
#  232|     buf = xmalloc (buflen+1);
#  233|     if (fread (buf, buflen, 1, fp) != 1)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def66]
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-ssh-utils.c:231:14: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname, "rb")’
#  229|       }
#  230|   
#  231|->   buflen = st.st_size;
#  232|     buf = xmalloc (buflen+1);
#  233|     if (fread (buf, buflen, 1, fp) != 1)

Error: CPPCHECK_WARNING: [#def67]
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-timestuff.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CPPCHECK_WARNING: [#def68]
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-w32-cmdline.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CPPCHECK_WARNING: [#def69]
gnupg2-2.4.5-build/gnupg-2.4.5/common/t-zb32.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CLANG_WARNING: [#def70]
gnupg2-2.4.5-build/gnupg-2.4.5/common/tlv-builder.c:260:3: warning[deadcode.DeadStores]: Value stored to 'mb_initialized' is never read
#  258|     else
#  259|       init_membuf (&mb, 512);
#  260|->   mb_initialized = 1;
#  261|   
#  262|     for (idx=0; idx < tb->nitems; idx++)

Error: CLANG_WARNING: [#def71]
gnupg2-2.4.5-build/gnupg-2.4.5/common/tlv-parser.c:682:9: warning[deadcode.DeadStores]: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
#  680|       return (tlv->lasterr = gpg_error (GPG_ERR_INV_OBJ));
#  681|     p = tlv->buffer;
#  682|->   if (!(n=tlv->ti.length))
#  683|       return (tlv->lasterr = gpg_error (GPG_ERR_TOO_SHORT));
#  684|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def72]
gnupg2-2.4.5-build/gnupg-2.4.5/common/utf8conv.c: scope_hint: In function ‘do_utf8_to_native’
gnupg2-2.4.5-build/gnupg-2.4.5/common/utf8conv.c:631:14: warning[-Wanalyzer-malloc-leak]: leak of ‘iconv_open(active_charset_name, "utf-8")’
gnupg2-2.4.5-build/gnupg-2.4.5/common/utf8conv.c:52: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/common/utf8conv.c:618:24: note: in expansion of macro ‘xmalloc’
#  629|   
#  630|             cd = iconv_open (active_charset_name, "utf-8");
#  631|->           if (cd == (iconv_t)-1)
#  632|               {
#  633|                 handle_iconv_error (active_charset_name, "utf-8", 1);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def73]
gnupg2-2.4.5-build/gnupg-2.4.5/common/utf8conv.c:640:17: warning[-Wanalyzer-malloc-leak]: leak of ‘iconv_open(active_charset_name, "utf-8")’
gnupg2-2.4.5-build/gnupg-2.4.5/common/utf8conv.c:618:24: note: in expansion of macro ‘xmalloc’
#  638|             /* Allocate a new buffer large enough to hold all possible
#  639|                encodings. */
#  640|->           n = p - buffer + 1;
#  641|             inbytes = n - 1;;
#  642|             inptr = buffer;

Error: GCC_ANALYZER_WARNING (CWE-465): [#def74]
gnupg2-2.4.5-build/gnupg-2.4.5/common/w32-cmdline.c: scope_hint: In function ‘parse_cmdstring’
gnupg2-2.4.5-build/gnupg-2.4.5/common/w32-cmdline.c:281:14: warning[-Wanalyzer-deref-before-check]: check of ‘p0’ for NULL after already dereferencing it
gnupg2-2.4.5-build/gnupg-2.4.5/common/w32-cmdline.c: scope_hint: In function ‘parse_cmdstring’
#  279|         else if (*p == '\\' && (n=count_backslashes (p)))
#  280|           {
#  281|->           if (!p0) /* First non-WS; set start.  */
#  282|               p0 = p;
#  283|             if (p[n] == '"')

Error: GCC_ANALYZER_WARNING (CWE-465): [#def75]
gnupg2-2.4.5-build/gnupg-2.4.5/common/w32-cmdline.c:299:14: warning[-Wanalyzer-deref-before-check]: check of ‘p0’ for NULL after already dereferencing it
#  297|         else if (*p == ' ' || *p == '\t')
#  298|           {
#  299|->           if (p0) /* We are in an argument and reached WS.  */
#  300|               {
#  301|                 if (argv)

Error: GCC_ANALYZER_WARNING (CWE-465): [#def76]
gnupg2-2.4.5-build/gnupg-2.4.5/common/w32-cmdline.c:313:15: warning[-Wanalyzer-deref-before-check]: check of ‘p0’ for NULL after already dereferencing it
#  311|               }
#  312|           }
#  313|->       else if (!p0) /* First non-WS; set start.  */
#  314|           p0 = p;
#  315|       }

Error: CLANG_WARNING: [#def77]
gnupg2-2.4.5-build/gnupg-2.4.5/common/w32-cmdline.c:420:11: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
#  418|                 return NULL;  /* Ooops.  */
#  419|               }
#  420|->           rc = 0;
#  421|             for (i=0; i < argc; i++)
#  422|               {

Error: CPPCHECK_WARNING: [#def78]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/cdblib.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CLANG_WARNING: [#def79]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/cdblib.c:614:4: warning[deadcode.DeadStores]: Value stored to 'r' is never read
#  612|   	}
#  613|   	else
#  614|-> 	  r = 1;
#  615|         }
#  616|         /* fall through */

Error: CLANG_WARNING: [#def80]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/crlcache.c:2071:13: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 2069|               else
# 2070|                 crlissuer_cert = find_cert_bysubject (ctrl, crlissuer, NULL);
# 2071|->             err = 0;
# 2072|               if (!crlissuer_cert)
# 2073|                 {

Error: CLANG_WARNING: [#def81]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/crlcache.c:2385:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 2383|       {
# 2384|         log_error (_("error reading CRL extensions: %s\n"), gpg_strerror (err));
# 2385|->       err = gpg_error (GPG_ERR_INV_CRL);
# 2386|       }
# 2387|   

Error: CLANG_WARNING: [#def82]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/crlfetch.c:117:27: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'nread')
#  115|       return gpg_error (GPG_ERR_EIO);
#  116|   
#  117|->   if (!cb_ctx->checked && *nread)
#  118|       {
#  119|         int c = *(unsigned char *)buffer;

Error: CLANG_WARNING: [#def83]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/crlfetch.c:132:25: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'nread')
#  130|           }
#  131|       }
#  132|->   if (cb_ctx->is_pem && *nread)
#  133|       {
#  134|         size_t nread2;

Error: CLANG_WARNING: [#def84]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dirmngr-client.c:264:5: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  262|   
#  263|     if (cmd_ping)
#  264|->     err = 0;
#  265|     else if (cmd_lookup || cmd_loadcrl)
#  266|       {

Error: CLANG_WARNING: [#def85]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dirmngr-client.c:269:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  267|         if (!argc)
#  268|           gpgrt_usage (1);
#  269|->       err = 0;
#  270|       }
#  271|     else if (cmd_squid_mode)

Error: CLANG_WARNING: [#def86]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dirmngr-client.c:273:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  271|     else if (cmd_squid_mode)
#  272|       {
#  273|->       err = 0;
#  274|         if (argc)
#  275|           gpgrt_usage (1);

Error: CLANG_WARNING: [#def87]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dirmngr-client.c:293:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  291|     else
#  292|       {
#  293|->       err = 0;
#  294|         gpgrt_usage (1);
#  295|       }

Error: CLANG_WARNING: [#def88]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dirmngr-client.c:373:13: warning[core.CallAndMessage]: 2nd function call argument is an uninitialized value
#  371|     else
#  372|       {
#  373|->       err = do_check (ctx, certbuf, certbuflen);
#  374|         xfree (certbuf);
#  375|       }

Error: CLANG_WARNING: [#def89]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns-stuff.c:939:21: warning[core.NullDereference]: Access to field 'ai_family' results in a dereference of a null pointer (loaded from variable 'ent')
#  937|           }
#  938|   
#  939|->       dai->family = ent->ai_family;
#  940|         dai->socktype = ent->ai_socktype;
#  941|         dai->protocol = ent->ai_protocol;

Error: CLANG_WARNING: [#def90]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns-stuff.c:2149:3: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 2147|   
# 2148|     /* Order by priority */
# 2149|->   qsort(*list,srvcount,sizeof(struct srventry),priosort);
# 2150|   
# 2151|     /* For each priority, move the zero-weighted items first. */

Error: CPPCHECK_WARNING: [#def91]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CLANG_WARNING: [#def92]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:2974:7: warning[deadcode.DeadStores]: Although the value stored to 'error' is used in the enclosing expression, the value is never actually read from 'error'
# 2972|   	int error;
# 2973|   
# 2974|-> 	if ((error = dns_rr_parse(&rr, src, P)))
# 2975|   		return 0;
# 2976|   

Error: CLANG_WARNING: [#def93]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:3069:8: warning[deadcode.DeadStores]: Although the value stored to 'error' is used in the enclosing expression, the value is never actually read from 'error'
# 3067|   		int error;
# 3068|   
# 3069|-> 		if ((error = dns_any_parse(&rd, rr, P)))
# 3070|   			return 0;
# 3071|   

Error: CLANG_WARNING: [#def94]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:3097:8: warning[deadcode.DeadStores]: Although the value stored to 'error' is used in the enclosing expression, the value is never actually read from 'error'
# 3095|   
# 3096|   	for (; rp < P->end; rp = dns_rr_skip(rp, P)) {
# 3097|-> 		if ((error = dns_rr_parse(&rr, rp, P)))
# 3098|   			continue;
# 3099|   

Error: CLANG_WARNING: [#def95]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:3116:8: warning[deadcode.DeadStores]: Although the value stored to 'error' is used in the enclosing expression, the value is never actually read from 'error'
# 3114|   
# 3115|   	while ((rp = dns_rr_skip(rp, P)) < P->end) {
# 3116|-> 		if ((error = dns_rr_parse(&rr, rp, P)))
# 3117|   			continue;
# 3118|   

Error: CLANG_WARNING: [#def96]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:3136:7: warning[deadcode.DeadStores]: Although the value stored to 'error' is used in the enclosing expression, the value is never actually read from 'error'
# 3134|   	int error;
# 3135|   
# 3136|-> 	if ((error = dns_rr_parse(&r0, rp, P)))
# 3137|   		return P->end;
# 3138|   

Error: CLANG_WARNING: [#def97]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:3144:8: warning[deadcode.DeadStores]: Although the value stored to 'error' is used in the enclosing expression, the value is never actually read from 'error'
# 3142|   
# 3143|   	for (; rp < P->end; rp = dns_rr_skip(rp, P)) {
# 3144|-> 		if ((error = dns_rr_parse(&rr, rp, P)))
# 3145|   			continue;
# 3146|   

Error: CLANG_WARNING: [#def98]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:3166:8: warning[deadcode.DeadStores]: Although the value stored to 'error' is used in the enclosing expression, the value is never actually read from 'error'
# 3164|   
# 3165|   	while ((rp = dns_rr_skip(rp, P)) < P->end) {
# 3166|-> 		if ((error = dns_rr_parse(&rr, rp, P)))
# 3167|   			continue;
# 3168|   

Error: CLANG_WARNING: [#def99]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:4442:40: warning[core.UndefinedBinaryOperatorResult]: The right operand of '+' is a garbage value
# 4440|   static size_t dns_any_sizeof(union dns_any *any) {
# 4441|   	dns_static_assert(dns_same_type(any->txt, any->rdata, 1), "unexpected rdata type");
# 4442|-> 	return offsetof(struct dns_txt, data) + any->rdata.size;
# 4443|   } /* dns_any_sizeof() */
# 4444|   

Error: CLANG_WARNING: [#def100]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:4455:17: warning[core.UndefinedBinaryOperatorResult]: The right operand of '>' is a garbage value
# 4453|   		return t->parse(dns_any_reinit(any, t), rr, P);
# 4454|   
# 4455|-> 	if (rr->rd.len > any->rdata.size)
# 4456|   		return DNS_EILLEGAL;
# 4457|   

Error: CLANG_WARNING: [#def101]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:4471:40: warning[core.UndefinedBinaryOperatorResult]: The left operand of '+' is a garbage value
# 4469|   		return t->push(P, any);
# 4470|   
# 4471|-> 	if (P->size - P->end < any->rdata.len + 2)
# 4472|   		return DNS_ENOBUFS;
# 4473|   

Error: CPPCHECK_WARNING (CWE-457): [#def102]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:4505: error[uninitvar]: Uninitialized variable: &src
# 4503|   		return t->print(_dst, lim, any);
# 4504|   
# 4505|-> 	dns_b_from(&src, any->rdata.data, any->rdata.len);
# 4506|   	dns_b_into(&dst, _dst, lim);
# 4507|   

Error: CPPCHECK_WARNING (CWE-909): [#def103]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:4510: error[uninitStructMember]: Uninitialized struct member: src.p
# 4508|   	dns_b_putc(&dst, '"');
# 4509|   
# 4510|-> 	while (src.p < src.pe) {
# 4511|   		dns_b_putc(&dst, '\\');
# 4512|   		dns_b_fmtju(&dst, *src.p++, 3);

Error: CPPCHECK_WARNING (CWE-909): [#def104]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:4510: error[uninitStructMember]: Uninitialized struct member: src.pe
# 4508|   	dns_b_putc(&dst, '"');
# 4509|   
# 4510|-> 	while (src.p < src.pe) {
# 4511|   		dns_b_putc(&dst, '\\');
# 4512|   		dns_b_fmtju(&dst, *src.p++, 3);

Error: CPPCHECK_WARNING (CWE-909): [#def105]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:4512: error[uninitStructMember]: Uninitialized struct member: src.p
# 4510|   	while (src.p < src.pe) {
# 4511|   		dns_b_putc(&dst, '\\');
# 4512|-> 		dns_b_fmtju(&dst, *src.p++, 3);
# 4513|   	}
# 4514|   

Error: CLANG_WARNING: [#def106]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:4702:13: warning[unix.StdCLibraryFunctions]: The 1st argument to 'fread' is a buffer with size 0 but should be a buffer with size equal to or greater than the value of the 2nd argument (which is 1) times the 3rd argument
# 4700|   	if (dns_te_datasize(te)) {
# 4701|   		errno = 0;
# 4702|-> 		if (!(n = fread(te->data, 1, dns_te_datasize(te), fp)))
# 4703|   			goto none;
# 4704|   		if (n < dns_te_datasize(te))

Error: CLANG_WARNING: [#def107]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:5754:9: warning[deadcode.DeadStores]: Although the value stored to 'error' is used in the enclosing expression, the value is never actually read from 'error'
# 5752|   				continue;
# 5753|   
# 5754|-> 			if ((error = dns_resconf_pton(&resconf->nameserver[sa_count], words[1])))
# 5755|   				continue;
# 5756|   

Error: CPPCHECK_WARNING (CWE-786): [#def108]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:7658: error[negativeIndex]: Array 'so->query->data[1]' accessed at index -2, which is out of bounds.
# 7656|   	size_t n;
# 7657|   
# 7658|-> 	so->query->data[-2] = 0xff & (so->query->end >> 8);
# 7659|   	so->query->data[-1] = 0xff & (so->query->end >> 0);
# 7660|   

Error: CPPCHECK_WARNING (CWE-786): [#def109]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:7659: error[negativeIndex]: Array 'so->query->data[1]' accessed at index -1, which is out of bounds.
# 7657|   
# 7658|   	so->query->data[-2] = 0xff & (so->query->end >> 8);
# 7659|-> 	so->query->data[-1] = 0xff & (so->query->end >> 0);
# 7660|   
# 7661|   	qend = so->query->end + 2;

Error: CPPCHECK_WARNING (CWE-786): [#def110]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:7664: error[negativeIndex]: Array 'so->query->data[1]' accessed at index -2, which is out of bounds.
# 7662|   
# 7663|   	while (so->qout < qend) {
# 7664|-> 		qsrc = &so->query->data[-2] + so->qout;
# 7665|   		n = dns_send_nopipe(so->tcp, (void *)qsrc, qend - so->qout, 0, &error);
# 7666|   		dns_trace_sys_send(so->trace, so->tcp, SOCK_STREAM, qsrc, n, error);

Error: CPPCHECK_WARNING (CWE-786): [#def111]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:7687: error[negativeIndex]: Array 'so->answer->data[1]' accessed at index -2, which is out of bounds.
# 7685|   
# 7686|   	while (so->apos < aend) {
# 7687|-> 		asrc = &so->answer->data[-2];
# 7688|   
# 7689|   		n = dns_recv(so->tcp, (void *)&asrc[so->apos], aend - so->apos, 0, &error);

Error: CPPCHECK_WARNING (CWE-786): [#def112]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:7698: error[negativeIndex]: Array 'so->answer->data[1]' accessed at index -2, which is out of bounds.
# 7696|   
# 7697|   		if (so->alen == 0 && so->apos >= 2) {
# 7698|-> 			alen = ((0xff & so->answer->data[-2]) << 8)
# 7699|   			     | ((0xff & so->answer->data[-1]) << 0);
# 7700|   

Error: CPPCHECK_WARNING (CWE-786): [#def113]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:7699: error[negativeIndex]: Array 'so->answer->data[1]' accessed at index -1, which is out of bounds.
# 7697|   		if (so->alen == 0 && so->apos >= 2) {
# 7698|   			alen = ((0xff & so->answer->data[-2]) << 8)
# 7699|-> 			     | ((0xff & so->answer->data[-1]) << 0);
# 7700|   
# 7701|   			if ((error = dns_so_newanswer(so, alen)))

Error: CLANG_WARNING: [#def114]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:8424:2: warning[unix.Malloc]: Use of memory after it is freed
# 8422|   
# 8423|   epilog:
# 8424|-> 	dns_resconf_close(resconf);
# 8425|   	dns_hosts_close(hosts);
# 8426|   	dns_hints_close(hints);

Error: CLANG_WARNING: [#def115]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dns.c:9966:4: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 9964|   			return DNS_EILLEGAL;
# 9965|   		if (!dns_d_cname(ai->cname, sizeof ai->cname, qname, qlen, ai->answer, &error))
# 9966|-> 			return error;
# 9967|   
# 9968|   		dns_strlcpy(ai->i_cname, ai->cname, sizeof ai->i_cname);

Error: CLANG_WARNING: [#def116]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/http.c:3680:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 3678|                     srvtag, server, gpg_strerror (err));
# 3679|         /* Note that on error SRVCOUNT is zero.  */
# 3680|->       err = 0;
# 3681|       }
# 3682|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def117]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-action.c: scope_hint: In function ‘ks_action_query’
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-action.c:571:11: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘puri’
#  569|       {
#  570|         /* Reset authentication for a serverless connection.  */
#  571|->       puri->parsed_uri->ad_current = 0;
#  572|         puri->parsed_uri->auth = NULL;
#  573|       }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def118]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-action.c:575:20: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘puri’
#  573|       }
#  574|   
#  575|->   if (!strcmp (puri->parsed_uri->scheme, "ldap")
#  576|         || !strcmp (puri->parsed_uri->scheme, "ldaps")
#  577|         || !strcmp (puri->parsed_uri->scheme, "ldapi")

Error: CLANG_WARNING: [#def119]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-engine-hkp.c:260:34: warning[core.DivideZero]: Division by zero
#  258|       pidx = tbl[0];
#  259|     else
#  260|->     pidx = tbl[get_uint_nonce () % tblsize];
#  261|   
#  262|     xfree (tbl);

Error: CLANG_WARNING: [#def120]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-engine-hkp.c:444:3: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  442|   hostinfo_sort_pool (hostinfo_t hi)
#  443|   {
#  444|->   qsort (hi->pool, hi->pool_len, sizeof *hi->pool, sort_hostpool);
#  445|   }
#  446|   

Error: CLANG_WARNING: [#def121]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-engine-hkp.c:565:11: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  563|           {
#  564|             log_error ("resolving '%s' failed: %s\n", name, gpg_strerror (err));
#  565|->           err = 0;
#  566|           }
#  567|         else

Error: GCC_ANALYZER_WARNING (CWE-476): [#def122]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-engine-hkp.c: scope_hint: In function ‘make_host_part’
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-engine-hkp.c:1104:7: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘hostname’
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/dirmngr.h:34: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-engine-hkp.c:39: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-engine-hkp.c:1846:3: note: in expansion of macro ‘xfree’
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-engine-hkp.c:1852:3: note: in expansion of macro ‘xfree’
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-engine-hkp.c:1853:3: note: in expansion of macro ‘xfree’
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-engine-hkp.c:489:25: note: in expansion of macro ‘xtrystrdup’
# 1102|       strcpy (portstr, "11371");
# 1103|   
# 1104|->   if (*hostname != '[' && is_ip_address (hostname) == 6)
# 1105|       *r_hostport = strconcat (scheme, "://[", hostname, "]:", portstr, NULL);
# 1106|     else

Error: GCC_ANALYZER_WARNING (CWE-457): [#def123]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-engine-hkp.c: scope_hint: In function ‘ks_hkp_put’
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-engine-hkp.c:1871:7: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘http_status’
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-engine-hkp.c:1846:3: note: in expansion of macro ‘xfree’
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-engine-hkp.c:1860:3: note: in expansion of macro ‘xfree’
# 1869|     err = send_request (ctrl, request, hostport, httphost, 0,
# 1870|                         put_post_cb, &parm, &fp, &http_status);
# 1871|->   if (handle_send_request_error (ctrl, err, request, http_status,
# 1872|                                    &tries, &extra_tries))
# 1873|       {

Error: CLANG_WARNING: [#def124]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-engine-hkp.c:1871:7: warning[core.CallAndMessage]: 4th function call argument is an uninitialized value
# 1869|     err = send_request (ctrl, request, hostport, httphost, 0,
# 1870|                         put_post_cb, &parm, &fp, &http_status);
# 1871|->   if (handle_send_request_error (ctrl, err, request, http_status,
# 1872|                                    &tries, &extra_tries))
# 1873|       {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def125]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-engine-ldap.c: scope_hint: In function ‘ks_ldap_query’
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-engine-ldap.c:3076:30: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-engine-ldap.c: scope_hint: In function ‘ks_ldap_query’
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ks-engine-ldap.c: scope_hint: In function ‘ks_ldap_query’
# 3074|       {
# 3075|       next_again:
# 3076|->       if (!ctrl->ks_get_state->msg_iter && ctrl->ks_get_state->more_pages)
# 3077|           {
# 3078|             /* Get the next page of results.  */

Error: CLANG_WARNING: [#def126]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ldap-wrapper.c:238:7: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  236|             ctx->linesize = newsize;
#  237|           }
#  238|->       memcpy (ctx->line + ctx->linelen, line, n);
#  239|         ctx->linelen += n;
#  240|         ctx->line[ctx->linelen] = 0;

Error: CLANG_WARNING: [#def127]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/ocsp.c:810:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  808|         ksba_free (resp_name);
#  809|         ksba_free (resp_keyid);
#  810|->       err = 0;
#  811|       }
#  812|   

Error: CLANG_WARNING: [#def128]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/server.c:912:11: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  910|         if (err)
#  911|           {
#  912|->           err = 0;
#  913|             xfree (domainbuf);
#  914|             domainbuf = NULL;

Error: CLANG_WARNING: [#def129]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/server.c:938:13: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  936|              * which do not work as expected.  */
#  937|             if (gpg_err_code (err) == GPG_ERR_SERVER_FAILED)
#  938|->             err = 0; /*(srvcount is guaranteed to be 0)*/
#  939|             else
#  940|               goto leave;

Error: CLANG_WARNING: [#def130]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/server.c:2061:3: warning[deadcode.DeadStores]: Value stored to 'line' is never read
# 2059|     tls_mode = has_option (line, "--tls");
# 2060|     no_crl = has_option (line, "--no-crl");
# 2061|->   line = skip_options (line);
# 2062|   
# 2063|     if (tls_mode)

Error: CLANG_WARNING: [#def131]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/server.c:2687:3: warning[deadcode.DeadStores]: Value stored to 'line' is never read
# 2685|   
# 2686|     /* No options for now.  */
# 2687|->   line = skip_options (line);
# 2688|   
# 2689|     err = ensure_keyserver (ctrl);

Error: CLANG_WARNING: [#def132]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/server.c:3078:10: warning[deadcode.DeadStores]: Although the value stored to 'j' is used in the enclosing expression, the value is never actually read from 'j'
# 3076|     int i, j, rc;
# 3077|   
# 3078|->   for (i=j=0; table[i].name; i++)
# 3079|       {
# 3080|         rc = assuan_register_command (ctx, table[i].name, table[i].handler,

Error: CLANG_WARNING: [#def133]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/validate.c:460:9: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  458|                                        &buflen);
#  459|         if (err || buflen != sizeof (validated_at) || !validated_at)
#  460|->         err = 0; /* Not available or other error. */
#  461|         else
#  462|           {

Error: CLANG_WARNING: [#def134]
gnupg2-2.4.5-build/gnupg-2.4.5/dirmngr/validate.c:556:11: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  554|           {
#  555|             any_no_policy_match = 1;
#  556|->           err = 0;
#  557|           }
#  558|         else if (err)

Error: CPPCHECK_WARNING: [#def135]
gnupg2-2.4.5-build/gnupg-2.4.5/doc/mkdefsinc.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CLANG_WARNING: [#def136]
gnupg2-2.4.5-build/gnupg-2.4.5/doc/mkdefsinc.c:223:15: warning[unix.Malloc]: Potential leak of memory pointed to by 'opt_date'
#  221|               {
#  222|                 opt_date = xstrdup (*argv);
#  223|->               argc--; argv++;
#  224|               }
#  225|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def137]
gnupg2-2.4.5-build/gnupg-2.4.5/doc/mkdefsinc.c: scope_hint: In function ‘main’
gnupg2-2.4.5-build/gnupg-2.4.5/doc/mkdefsinc.c:223:27: warning[-Wanalyzer-malloc-leak]: leak of ‘opt_date’
#  221|               {
#  222|                 opt_date = xstrdup (*argv);
#  223|->               argc--; argv++;
#  224|               }
#  225|           }

Error: CPPCHECK_WARNING (CWE-457): [#def138]
gnupg2-2.4.5-build/gnupg-2.4.5/doc/mkdefsinc.c:337: warning[uninitvar]: Uninitialized variable: monthoff
#  335|   
#  336|     printf ("@set UPDATED %s\n", opt_date);
#  337|->   printf ("@set UPDATED-MONTH %s\n", opt_date + monthoff);
#  338|     printf ("@set EDITION %s\n", PACKAGE_VERSION);
#  339|     printf ("@set VERSION %s\n", PACKAGE_VERSION);

Error: CLANG_WARNING: [#def139]
gnupg2-2.4.5-build/gnupg-2.4.5/doc/mkdefsinc.c:338:3: warning[unix.Malloc]: Potential leak of memory pointed to by 'opt_date'
#  336|     printf ("@set UPDATED %s\n", opt_date);
#  337|     printf ("@set UPDATED-MONTH %s\n", opt_date + monthoff);
#  338|->   printf ("@set EDITION %s\n", PACKAGE_VERSION);
#  339|     printf ("@set VERSION %s\n", PACKAGE_VERSION);
#  340|   

Error: CLANG_WARNING: [#def140]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/build-packet.c:794:27: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
#  792|                           goto leave;
#  793|                       }
#  794|->                   skbytes += n;
#  795|                   }
#  796|   

Error: CLANG_WARNING: [#def141]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/call-agent.c:618:13: warning[deadcode.DeadStores]: Although the value stored to 'p' is used in the enclosing expression, the value is never actually read from 'p'
#  616|         int abool;
#  617|   
#  618|->       buf = p = unescape_status_string (line);
#  619|         if (buf)
#  620|           {

Error: CLANG_WARNING: [#def142]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/call-agent.c:1538:8: warning[deadcode.DeadStores]: Although the value stored to 'args' is used in the enclosing expression, the value is never actually read from 'args'
# 1536|   
# 1537|     /* FIXME: Get that info from the KEYPAIRINFO line.  */
# 1538|->   if ((args = has_leading_keyword (line, "KEYPAIRINFO"))
# 1539|         && !*keytimep)
# 1540|       {

Error: CLANG_WARNING: [#def143]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/call-agent.c:2324:11: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 2322|             log_info ("problem with fast path key listing: %s - ignored\n",
# 2323|                       gpg_strerror (err));
# 2324|->           err = 0;
# 2325|           }
# 2326|         /* We want to do this only once.  */

Error: CLANG_WARNING: [#def144]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/call-dirmngr.c:393:28: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  391|                      * "foo:389:user:pass:base:flags"
#  392|                      * we strip off everything beyound the port.  */
#  393|->                   if ((p = strchr (p+1, ':')))
#  394|                       {
#  395|                         if (p[-1] == ':')

Error: CLANG_WARNING: [#def145]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/card-util.c:465:12: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  463|     if (!serialno)
#  464|       ;
#  465|->   else if (strlen (info.serialno)+1 > serialnobuflen)
#  466|       log_error ("serial number longer than expected\n");
#  467|     else

Error: CLANG_WARNING: [#def146]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/card-util.c:484:14: warning[core.NullDereference]: Dereference of null pointer
#  482|         else
#  483|           es_fprintf (fp, "version:%.4s:\n", info.serialno+12);
#  484|->       uval = xtoi_2(info.serialno+16)*256 + xtoi_2 (info.serialno+18);
#  485|         pesc = (info.manufacturer_name
#  486|                 ? percent_escape (info.manufacturer_name, NULL) : NULL);

Error: CLANG_WARNING: [#def147]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/card-util.c:587:20: warning[core.NullDereference]: Array access (via field 'serialno') results in a null pointer dereference
#  585|         else
#  586|           tty_fprintf (fp, "Version ..........: %.1s%c.%.1s%c\n",
#  587|->                    info.serialno[12] == '0'?"":info.serialno+12,
#  588|                      info.serialno[13],
#  589|                      info.serialno[14] == '0'?"":info.serialno+14,

Error: CLANG_WARNING: [#def148]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/card-util.c:762:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  760|       }
#  761|   
#  762|->   err = agent_scd_cardlist (&card_list);
#  763|   
#  764|     for (sl = card_list; sl; sl = sl->next)

Error: CLANG_WARNING: [#def149]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/card-util.c:789:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  787|   
#  788|     /* Select the original card again.  */
#  789|->   err = agent_scd_serialno (NULL, serialno0);
#  790|   
#  791|    leave:

Error: CLANG_WARNING: [#def150]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/card-util.c:1897:11: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1895|         if (!ecdh_param_str)
# 1896|           {
# 1897|->           err = gpg_error_from_syserror ();
# 1898|             goto leave;
# 1899|           }

Error: CLANG_WARNING: [#def151]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/card-util.c:2083:5: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 2081|     /* Then, connect the card again.  */
# 2082|     if (!err)
# 2083|->     err = agent_scd_serialno (NULL, NULL);
# 2084|   
# 2085|    leave:

Error: CLANG_WARNING: [#def152]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/decrypt-data.c:848:26: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
#  846|     if (DBG_FILTER)
#  847|       log_debug ("aead_underflow: returning %zu (%s)\n",
#  848|->                totallen, gpg_strerror (err));
#  849|   
#  850|     /* In case of an auth error we map the error code to the same as

Error: CLANG_WARNING: [#def153]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/decrypt-data.c:852:7: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
#  850|     /* In case of an auth error we map the error code to the same as
#  851|      * used by the MDC decryption.  */
#  852|->   if (gpg_err_code (err) == GPG_ERR_CHECKSUM)
#  853|       err = gpg_error (GPG_ERR_BAD_SIGNATURE);
#  854|   

Error: CLANG_WARNING: [#def154]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/encrypt.c:601:21: warning[core.NullDereference]: Access to field 'timestamp' results in a dereference of a null pointer (loaded from variable 'pt')
#  599|       {
#  600|         /* Note that PT has been initialized above in !no_literal mode.  */
#  601|->       pt->timestamp = make_timestamp();
#  602|         pt->mode = opt.mimemode? 'm' : opt.textmode? 't' : 'b';
#  603|         pt->len = filesize;

Error: CLANG_WARNING: [#def155]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/encrypt.c:945:21: warning[core.NullDereference]: Access to field 'timestamp' results in a dereference of a null pointer (loaded from variable 'pt')
#  943|     if (!opt.no_literal)
#  944|       {
#  945|->       pt->timestamp = make_timestamp();
#  946|         pt->mode = opt.mimemode? 'm' : opt.textmode ? 't' : 'b';
#  947|         pt->len = filesize;

Error: CLANG_WARNING: [#def156]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/export.c:739:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  737|   
#  738|       case GCRY_PK_ECC:
#  739|->       err = 0;
#  740|         if (!(pk->pubkey_algo == PUBKEY_ALGO_ECDSA
#  741|               || pk->pubkey_algo == PUBKEY_ALGO_ECDH

Error: CLANG_WARNING: [#def157]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/export.c:1356:31: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 1354|     if (!gcry_mpi_get_flag (skey[npkey], GCRYMPI_FLAG_USER1))
# 1355|       goto bad_seckey;
# 1356|->   if (npkey+1 < DIM (skey) && skey[npkey+1])
# 1357|       goto bad_seckey;
# 1358|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def158]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/export.c: scope_hint: In function ‘print_dane_records’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/export.c:1754:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘domain’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/main.h:25: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/g10/options.h:27: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/g10/export.c:30: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/g10/export.c:2273:14: note: in expansion of macro ‘xcalloc’
# 1752|   
# 1753|         domain = strchr (mbox, '@');
# 1754|->       *domain++ = 0;
# 1755|   
# 1756|         if (1)

Error: CLANG_WARNING: [#def159]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/export.c:2332:7: warning[core.uninitialized.Assign]: The expression is an uninitialized value. The computed value will also be garbage
# 2330|             continue;
# 2331|           }
# 2332|->       stats->count++;
# 2333|         setup_main_keyids (keyblock);  /* gpg_format_keydesc needs it.  */
# 2334|         pk = node->pkt->pkt.public_key;

Error: CLANG_WARNING: [#def160]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/export.c:2887:15: warning[deadcode.DeadStores]: Value stored to 'latest_date' is never read
# 2885|                 if (DBG_LOOKUP)
# 2886|                   log_debug ("\tprimary key is fine\n");
# 2887|->               latest_date = pk->timestamp;
# 2888|                 latest_key = node;
# 2889|               }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def161]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/getkey.c:30: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/g10/getkey.c: scope_hint: In function ‘cache_public_key’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/getkey.c:190:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘pk’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/packet.h:72:25: note: in definition of macro ‘is_ELGAMAL’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/getkey.c:29: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/g10/getkey.c:387:12: note: in expansion of macro ‘xtrycalloc’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/packet.h:72:25: note: in definition of macro ‘is_ELGAMAL’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/packet.h:72:25: note: in definition of macro ‘is_ELGAMAL’
#  188|       return;
#  189|   
#  190|->   if (is_ELGAMAL (pk->pubkey_algo)
#  191|         || pk->pubkey_algo == PUBKEY_ALGO_DSA
#  192|         || pk->pubkey_algo == PUBKEY_ALGO_ECDSA

Error: GCC_ANALYZER_WARNING (CWE-476): [#def162]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/gpg.h:37: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keyedit.c:33: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keyedit.c: scope_hint: In function ‘keyedit_quick_revsig’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keyedit.c:3006:23: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘keyblock’
# 3004|     if (err)
# 3005|       goto leave;
# 3006|->   log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
# 3007|                 || keyblock->pkt->pkttype == PKT_SECRET_KEY);
# 3008|     primarypk = keyblock->pkt->pkt.public_key;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def163]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keyedit.c: scope_hint: In function ‘menu_expire’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keyedit.c:5088:46: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sub_pk’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keyedit.c: scope_hint: In function ‘menu_expire’
# 5086|   
# 5087|   	      if ((only_mainkey && main_pk->version < 4)
# 5088|-> 		  || (!only_mainkey && sub_pk->version < 4))
# 5089|   		{
# 5090|   		  log_info

Error: GCC_ANALYZER_WARNING (CWE-476): [#def164]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keyedit.c: scope_hint: In function ‘menu_changeusage’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keyedit.c:5192:41: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sub_pk’
# 5190|   
# 5191|   	      if ((mainkey && main_pk->version < 4)
# 5192|-> 		  || (!mainkey && sub_pk->version < 4))
# 5193|   		{
# 5194|                     /* Note: This won't happen because we don't support

Error: GCC_ANALYZER_WARNING (CWE-476): [#def165]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keyid.c: scope_hint: In function ‘do_hash_public_key’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keyid.c:322:23: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘gcry_mpi_get_opaque(*pk.pkey[i], &nbits)’
#  320|                 if (is_sos)
#  321|                   {
#  322|->                   if (*p)
#  323|                       {
#  324|                         nbits = ((nbits + 7) / 8) * 8;

Error: CLANG_WARNING: [#def166]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keyid.c:322:23: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'p')
#  320|                 if (is_sos)
#  321|                   {
#  322|->                   if (*p)
#  323|                       {
#  324|                         nbits = ((nbits + 7) / 8) * 8;

Error: CLANG_WARNING: [#def167]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keyring.c:150:24: warning[core.UndefinedBinaryOperatorResult]: The left operand of '%' is a garbage value
#  148|     struct key_present *k;
#  149|   
#  150|->   for (k = tbl[(kid[1] % (KEY_PRESENT_HASH_BUCKETS - 1))]; k; k = k->next)
#  151|       {
#  152|         if (k->kid[0] == kid[0] && k->kid[1] == kid[1])

Error: COMPILER_WARNING (CWE-704): [#def168]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keyserver-internal.h:34:24: warning[-Wlto-type-mismatch]: type of ‘parse_keyserver_uri’ does not match original declaration
#   34 | struct keyserver_spec *parse_keyserver_uri (const char *string,
#      |                        ^
gnupg2-2.4.5-build/gnupg-2.4.5/g10/gpgv.c:636:1: note: type mismatch in parameter 3
#  636 | parse_keyserver_uri (const char *uri, int require_scheme,
#      | ^
gnupg2-2.4.5-build/gnupg-2.4.5/g10/gpgv.c:636:1: note: ‘parse_keyserver_uri’ was previously declared here
#   32|   void free_keyserver_spec(struct keyserver_spec *keyserver);
#   33|   struct keyserver_spec *keyserver_match(struct keyserver_spec *spec);
#   34|-> struct keyserver_spec *parse_keyserver_uri (const char *string,
#   35|                                               int require_scheme);
#   36|   struct keyserver_spec *parse_preferred_keyserver(PKT_signature *sig);

Error: COMPILER_WARNING (CWE-704): [#def169]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keyserver-internal.h:45:5: warning[-Wlto-type-mismatch]: type of ‘keyserver_import_keyid’ does not match original declaration
#   45 | int keyserver_import_keyid (ctrl_t ctrl, u32 *keyid,
#      |     ^
gnupg2-2.4.5-build/gnupg-2.4.5/g10/gpgv.c:450:1: note: type mismatch in parameter 3
#  450 | keyserver_import_keyid (u32 *keyid, void *dummy, unsigned int flags)
#      | ^
gnupg2-2.4.5-build/gnupg-2.4.5/g10/gpgv.c:450:1: note: ‘keyserver_import_keyid’ was previously declared here
#   43|   int keyserver_import_fprint_ntds (ctrl_t ctrl,
#   44|                                     const byte *fprint, size_t fprint_len);
#   45|-> int keyserver_import_keyid (ctrl_t ctrl, u32 *keyid,
#   46|                               struct keyserver_spec *keyserver,
#   47|                               unsigned int flags);

Error: COMPILER_WARNING (CWE-704): [#def170]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keyserver-internal.h:51:5: warning[-Wlto-type-mismatch]: type of ‘keyserver_import_cert’ does not match original declaration
#   51 | int keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
#      |     ^
gnupg2-2.4.5-build/gnupg-2.4.5/g10/gpgv.c:481:1: note: type mismatch in parameter 2
#  481 | keyserver_import_cert (const char *name)
#      | ^
gnupg2-2.4.5-build/gnupg-2.4.5/g10/gpgv.c:481:1: note: ‘keyserver_import_cert’ was previously declared here
#   49|   gpg_error_t keyserver_search (ctrl_t ctrl, strlist_t tokens);
#   50|   int keyserver_fetch (ctrl_t ctrl, strlist_t urilist, int origin);
#   51|-> int keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
#   52|                              unsigned char **fpr,size_t *fpr_len);
#   53|   gpg_error_t keyserver_import_wkd (ctrl_t ctrl, const char *name,

Error: COMPILER_WARNING (CWE-704): [#def171]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keyserver-internal.h:58:5: warning[-Wlto-type-mismatch]: type of ‘keyserver_import_mbox’ does not match original declaration
#   58 | int keyserver_import_mbox (ctrl_t ctrl, const char *mbox,
#      |     ^
gnupg2-2.4.5-build/gnupg-2.4.5/g10/gpgv.c:500:1: note: type mismatch in parameter 3
#  500 | keyserver_import_mbox (const char *name,struct keyserver_spec *spec)
#      | ^
gnupg2-2.4.5-build/gnupg-2.4.5/g10/gpgv.c:500:1: note: ‘keyserver_import_mbox’ was previously declared here
#   56|   int keyserver_import_ntds (ctrl_t ctrl, const char *name,
#   57|                              unsigned char **fpr,size_t *fpr_len);
#   58|-> int keyserver_import_mbox (ctrl_t ctrl, const char *mbox,
#   59|                              unsigned char **fpr,size_t *fpr_len,
#   60|                              struct keyserver_spec *keyserver);

Error: COMPILER_WARNING (CWE-704): [#def172]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keyserver-internal.h:61:5: warning[-Wlto-type-mismatch]: type of ‘keyserver_import_ldap’ does not match original declaration
#   61 | int keyserver_import_ldap (ctrl_t ctrl, const char *name,
#      |     ^
gnupg2-2.4.5-build/gnupg-2.4.5/g10/gpgv.c:519:1: note: type mismatch in parameter 2
#  519 | keyserver_import_ldap (const char *name)
#      | ^
gnupg2-2.4.5-build/gnupg-2.4.5/g10/gpgv.c:519:1: note: ‘keyserver_import_ldap’ was previously declared here
#   59|                              unsigned char **fpr,size_t *fpr_len,
#   60|                              struct keyserver_spec *keyserver);
#   61|-> int keyserver_import_ldap (ctrl_t ctrl, const char *name,
#   62|                              unsigned char **fpr,size_t *fpr_len);
#   63|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def173]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keyserver.c: scope_hint: In function ‘keyserver_refresh’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keyserver.c:1212:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘desc’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keydb.h:26: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keyserver.c:32: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keyserver.c:1168:7: note: in expansion of macro ‘xfree’
# 1210|         for(i=0;i<numdesc;i++)
# 1211|   	{
# 1212|-> 	  if(desc[i].skipfncvalue)
# 1213|   	    {
# 1214|   	      struct keyserver_spec *keyserver=desc[i].skipfncvalue;

Error: CLANG_WARNING: [#def174]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/mainproc.c:176:15: warning[deadcode.DeadStores]: Although the value stored to 'node' is used in the enclosing expression, the value is never actually read from 'node'
#  174|       add_kbnode (c->list, new_kbnode (pkt));
#  175|     else /* Insert the first one.  */
#  176|->     c->list = node = new_kbnode (pkt);
#  177|   
#  178|     return 1;

Error: CLANG_WARNING: [#def175]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/misc.c:1408:9: warning[deadcode.DeadStores]: Value stored to 'ver' during its initialization is never read
# 1406|   compliance_failure(void)
# 1407|   {
# 1408|->   char *ver="???";
# 1409|   
# 1410|     switch(opt.compliance)

Error: CLANG_WARNING: [#def176]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/parse-packet.c:216:12: warning[deadcode.DeadStores]: Although the value stored to 'c1' is used in the enclosing expression, the value is never actually read from 'c1'
#  214|       goto overflow;
#  215|   
#  216|->   if ((c = c1 = iobuf_get (inp)) == -1)
#  217|       goto leave;
#  218|     if (++nread == nmax)

Error: CLANG_WARNING: [#def177]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/parse-packet.c:221:12: warning[deadcode.DeadStores]: Although the value stored to 'c2' is used in the enclosing expression, the value is never actually read from 'c2'
#  219|       goto overflow;
#  220|     nbits = c << 8;
#  221|->   if ((c = c2 = iobuf_get (inp)) == -1)
#  222|       goto leave;
#  223|     ++nread;

Error: CLANG_WARNING: [#def178]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/parse-packet.c:3008:5: warning[core.CallAndMessage]: 3rd function call argument is an uninitialized value
# 3006|     /* Note that KEYID below has been initialized above in list_mode.  */
# 3007|     if (list_mode)
# 3008|->     es_fprintf (listfp, "\tkeyid: %08lX%08lX\n",
# 3009|                   (ulong) keyid[0], (ulong) keyid[1]);
# 3010|   

Error: CLANG_WARNING: [#def179]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/passphrase.c:396:34: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  394|         if (!(dek->keylen > 0 && dek->keylen <= DIM(dek->key)))
#  395|           BUG ();
#  396|->       err = gcry_kdf_derive (pw, strlen (pw),
#  397|                                s2k->mode == 3? GCRY_KDF_ITERSALTED_S2K :
#  398|                                s2k->mode == 1? GCRY_KDF_SALTED_S2K :

Error: COMPILER_WARNING (CWE-252): [#def180]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/photoid.c: scope_hint: In function ‘run_with_pipe’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/photoid.c:625:7: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  625 |       write (to[1], image, len);
#      |       ^~~~~~~~~~~~~~~~~~~~~~~~~
#  623|     else
#  624|       {
#  625|->       write (to[1], image, len);
#  626|         close (to[1]);
#  627|   

Error: COMPILER_WARNING (CWE-704): [#def181]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/photoid.h:31:6: warning[-Wlto-type-mismatch]: type of ‘show_photos’ does not match original declaration
#   31 | void show_photos (ctrl_t ctrl, const struct user_attribute *attrs, int count,
#      |      ^
gnupg2-2.4.5-build/gnupg-2.4.5/g10/gpgv.c:654:1: note: type mismatch in parameter 2
#  654 | show_photos (const struct user_attribute *attrs, int count, PKT_public_key *pk)
#      | ^
gnupg2-2.4.5-build/gnupg-2.4.5/g10/gpgv.c:654:1: note: ‘show_photos’ was previously declared here
#   29|   int parse_image_header(const struct user_attribute *attr,byte *type,u32 *len);
#   30|   const char *image_type_to_string(byte type,int style);
#   31|-> void show_photos (ctrl_t ctrl, const struct user_attribute *attrs, int count,
#   32|                     PKT_public_key *pk, PKT_user_id *uid);
#   33|   

Error: CLANG_WARNING: [#def182]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/pkclist.c:1231:23: warning[deadcode.DeadStores]: Although the value stored to 'rc' is used in the enclosing expression, the value is never actually read from 'rc'
# 1229|             if (rc)
# 1230|               tty_printf(_("No such user ID.\n"));
# 1231|->           else if ( !(rc=openpgp_pk_test_algo2 (pk->pubkey_algo,
# 1232|                                                   PUBKEY_USAGE_ENC)) )
# 1233|               {

Error: CPPCHECK_WARNING: [#def183]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/rmd160.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CLANG_WARNING: [#def184]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/sig-check.c:1052:51: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 1050|       {
# 1051|         log_assert (packet->pkttype == PKT_USER_ID);
# 1052|->       if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig
# 1053|             && !opt.flags.allow_weak_key_signatures)
# 1054|           {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def185]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/sign.c: scope_hint: In function ‘write_plaintext_packet’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/sign.c:859:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘pt’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/sign.c:28: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/g10/sign.c:1718:8: note: in expansion of macro ‘DBG_HASHING’
#  857|   
#  858|         /* Note that PT has been initialized above in no_literal mode.  */
#  859|->       pt->timestamp = make_timestamp ();
#  860|         pt->mode = ptmode;
#  861|         pt->len = filesize;

Error: CLANG_WARNING: [#def186]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/sign.c:859:21: warning[core.NullDereference]: Access to field 'timestamp' results in a dereference of a null pointer (loaded from variable 'pt')
#  857|   
#  858|         /* Note that PT has been initialized above in no_literal mode.  */
#  859|->       pt->timestamp = make_timestamp ();
#  860|         pt->mode = ptmode;
#  861|         pt->len = filesize;

Error: CLANG_WARNING: [#def187]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/sign.c:986:11: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
#  984|           }
#  985|   
#  986|->       if (!err)
#  987|           err = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0);
#  988|         gcry_md_close (md);

Error: CLANG_WARNING: [#def188]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/sign.c:1381:15: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 1379|             mdb = gcry_md_read(mfx.md, opt.def_digest_algo);
# 1380|             mdlen = gcry_md_get_algo_dlen(opt.def_digest_algo);
# 1381|->           if (strlen(fname) != mdlen * 2 + 11)
# 1382|               log_bug("digests must be %zu + '@' + 5 bytes\n", mdlen);
# 1383|             d = -1;

Error: CLANG_WARNING: [#def189]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/skclist.c:416:23: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  414|                     if (!err)
#  415|                       {
#  416|->                       err = agent_scd_keyinfo (NULL, GCRY_PK_USAGE_ENCR,
#  417|                                                  &c->card_keyinfo_list);
#  418|                       }

Error: CLANG_WARNING: [#def190]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/t-stutter.c:171:7: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  169|     p = tail + 1;
#  170|   
#  171|->   if (strlen (p) % 2 != 0)
#  172|       log_fatal ("Session key must consist of an even number of hexadecimal characters.\n");
#  173|   

Error: CLANG_WARNING: [#def191]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/tdbio.c:1675:48: warning[deadcode.DeadStores]: Value stored to 'p' is never read
# 1673|         ulongtobuf(p, rec->r.ver.firstfree ); p += 4;
# 1674|         p += 4;
# 1675|->       ulongtobuf(p, rec->r.ver.trusthashtbl ); p += 4;
# 1676|         break;
# 1677|   

Error: CLANG_WARNING: [#def192]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/tdbio.c:1679:40: warning[deadcode.DeadStores]: Value stored to 'p' is never read
# 1677|   
# 1678|       case RECTYPE_FREE:
# 1679|->       ulongtobuf(p, rec->r.free.next); p += 4;
# 1680|         break;
# 1681|   

Error: CLANG_WARNING: [#def193]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/tdbio.c:1703:47: warning[deadcode.DeadStores]: Value stored to 'p' is never read
# 1701|         *p++ = rec->r.trust.min_ownertrust;
# 1702|         *p++ = rec->r.trust.flags;
# 1703|->       ulongtobuf( p, rec->r.trust.validlist); p += 4;
# 1704|         break;
# 1705|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def194]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/t-keydb.c:20: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/g10/test.c: scope_hint: In function ‘prepend_srcdir’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/test.c:163:3: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘result’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strcpy’ must be non-null
#  161|   
#  162|     result = malloc (strlen (srcdir) + strlen ("/g10/") + strlen (fname) + 1);
#  163|->   strcpy (result, srcdir);
#  164|     strcat (result, "/g10/");
#  165|     strcat (result, fname);

Error: CLANG_WARNING: [#def195]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/tofu.c:1521:30: warning[core.NullDereference]: Access to field 'pkt' results in a dereference of a null pointer (loaded from variable 'a')
# 1519|     if (DBG_TRUST)
# 1520|       log_debug ("TOFU: %s is NOT signed by an ultimately trusted key.\n",
# 1521|->                pk_keyid_str (a->pkt->pkt.public_key));
# 1522|   
# 1523|     return 0;

Error: CLANG_WARNING: [#def196]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/tofu.c:2082:7: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 2080|         print_further_info ("listing fingerprints");
# 2081|         sqlite3_free (sqerr);
# 2082|->       rc = gpg_error (GPG_ERR_GENERAL);
# 2083|         return NULL;
# 2084|       }

Error: CLANG_WARNING: [#def197]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/tofu.c:2363:7: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 2361|         print_further_info ("reading the policy");
# 2362|         sqlite3_free (err);
# 2363|->       rc = gpg_error (GPG_ERR_GENERAL);
# 2364|         goto out;
# 2365|       }

Error: CLANG_WARNING: [#def198]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/tofu.c:2463:3: warning[deadcode.DeadStores]: Value stored to 'effective_policy' is never read
# 2461|   
# 2462|     /* Unless proven wrong, assume the effective policy is 'auto'.  */
# 2463|->   effective_policy = TOFU_POLICY_AUTO;
# 2464|   
# 2465|     /* See if the key is ultimately trusted.  */

Error: GCC_ANALYZER_WARNING (CWE-476): [#def199]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/tofu.c: scope_hint: In function ‘get_policy’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/tofu.c:2535:23: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/gpg.h:37: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/g10/tofu.c:33: included_from: Included from here.
# 2533|   
# 2534|     if (conflict_set_count == 1
# 2535|->       && (conflict_set->flags & BINDING_NEW))
# 2536|       {
# 2537|         /* We've never observed a binding with this email address and we

Error: GCC_ANALYZER_WARNING (CWE-476): [#def200]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/main.h:25: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/g10/options.h:27: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/g10/tofu.c:37: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/g10/tofu.c:2586:35: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
gnupg2-2.4.5-build/gnupg-2.4.5/common/util.h:117:41: note: in definition of macro ‘xstrdup’
gnupg2-2.4.5-build/gnupg-2.4.5/common/util.h:117:41: note: in definition of macro ‘xstrdup’
gnupg2-2.4.5-build/gnupg-2.4.5/common/util.h:117:41: note: in definition of macro ‘xstrdup’
# 2584|     log_assert (conflict_set_count > 1);
# 2585|     effective_policy = TOFU_POLICY_ASK;
# 2586|->   conflict = xstrdup (conflict_set->next->d);
# 2587|   
# 2588|    out:

Error: CLANG_WARNING: [#def201]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/tofu.c:2840:11: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 2838|             sqlite3_free (sqerr);
# 2839|             sqerr = NULL;
# 2840|->           rc = gpg_error (GPG_ERR_GENERAL);
# 2841|           }
# 2842|         else if (DBG_TRUST)

Error: CLANG_WARNING: [#def202]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/tofu.c:3030:7: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 3028|         print_further_info ("getting signature statistics");
# 3029|         sqlite3_free (err);
# 3030|->       rc = gpg_error (GPG_ERR_GENERAL);
# 3031|         goto out;
# 3032|       }

Error: CLANG_WARNING: [#def203]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/tofu.c:3047:7: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 3045|         print_further_info ("getting signature statistics (by day)");
# 3046|         sqlite3_free (err);
# 3047|->       rc = gpg_error (GPG_ERR_GENERAL);
# 3048|         goto out;
# 3049|       }

Error: CLANG_WARNING: [#def204]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/tofu.c:3084:7: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 3082|         print_further_info ("getting encryption statistics");
# 3083|         sqlite3_free (err);
# 3084|->       rc = gpg_error (GPG_ERR_GENERAL);
# 3085|         goto out;
# 3086|       }

Error: CLANG_WARNING: [#def205]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/tofu.c:3101:7: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 3099|         print_further_info ("getting encryption statistics (by day)");
# 3100|         sqlite3_free (err);
# 3101|->       rc = gpg_error (GPG_ERR_GENERAL);
# 3102|         goto out;
# 3103|       }

Error: CLANG_WARNING: [#def206]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/tofu.c:3521:10: warning[core.NullDereference]: Access to field 'pkt' results in a dereference of a null pointer (loaded from variable 'kb')
# 3519|     /* Make sure PK is a primary key.  */
# 3520|     if (! pk_is_primary (pk))
# 3521|->     pk = kb->pkt->pkt.public_key;
# 3522|   
# 3523|     if (! user_id_list)

Error: GCC_ANALYZER_WARNING (CWE-465): [#def207]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/tofu.c: scope_hint: In function ‘tofu_set_policy’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/tofu.c:3925:10: warning[-Wanalyzer-deref-before-check]: check of ‘kb’ for NULL after already dereferencing it
gnupg2-2.4.5-build/gnupg-2.4.5/g10/tofu.c:3913:7: note: in expansion of macro ‘DBG_TRUST’
# 3923|     begin_transaction (ctrl, 0);
# 3924|   
# 3925|->   for (; kb; kb = kb->next)
# 3926|       {
# 3927|         PKT_user_id *user_id;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def208]
gnupg2-2.4.5-build/gnupg-2.4.5/g10/trust.c: scope_hint: In function ‘register_trusted_key’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/trust.c:71:30: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
gnupg2-2.4.5-build/gnupg-2.4.5/g10/keydb.h:26: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/g10/trust.c:28: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/g10/trust.c:68:13: note: in expansion of macro ‘xtrystrdup’
#   69|         if (buf)
#   70|           {
#   71|->           *strchr (buf, '#') = 0;
#   72|             tdb_register_trusted_key (buf);
#   73|             xfree (buf);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def209]
gnupg2-2.4.5-build/gnupg-2.4.5/g13/g13tuple.c: scope_hint: In function ‘find_tuple_uint’
gnupg2-2.4.5-build/gnupg-2.4.5/g13/g13tuple.c:240:10: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘n’
#  238|   
#  239|     s = find_tuple (tupledesc, tag, &n);
#  240|->   return convert_uint (s, n, r_value);
#  241|   }
#  242|   

Error: CLANG_WARNING: [#def210]
gnupg2-2.4.5-build/gnupg-2.4.5/g13/mount.c:99:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#   97|       }
#   98|   
#   99|->   err = 0;
#  100|     if (needs_syshelp)
#  101|       lock = NULL;

Error: CLANG_WARNING: [#def211]
gnupg2-2.4.5-build/gnupg-2.4.5/g13/runner.c:208:18: warning[deadcode.DeadStores]: Although the value stored to 'namebuffer' is used in the enclosing expression, the value is never actually read from 'namebuffer'
#  206|   
#  207|     runner->identifier = namecounter;
#  208|->   runner->name = namebuffer = xtryasprintf ("%s-%d", name, namecounter);
#  209|     if (!runner->name)
#  210|       {

Error: CLANG_WARNING: [#def212]
gnupg2-2.4.5-build/gnupg-2.4.5/g13/sh-cmd.c:399:3: warning[deadcode.DeadStores]: Value stored to 'line' is never read
#  397|     size_t enckeybloblen;
#  398|   
#  399|->   line = skip_options (line);
#  400|   
#  401|     if (!ctrl->server_local->devicename

Error: CLANG_WARNING: [#def213]
gnupg2-2.4.5-build/gnupg-2.4.5/g13/sh-cmd.c:416:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  414|         goto leave;
#  415|       }
#  416|->   err = 0;
#  417|   
#  418|     err = g13_keyblob_read (ctrl->server_local->devicename,

Error: CLANG_WARNING: [#def214]
gnupg2-2.4.5-build/gnupg-2.4.5/g13/sh-cmd.c:474:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  472|         goto leave;
#  473|       }
#  474|->   err = 0;
#  475|   
#  476|     /* We expect that the client already decrypted the keyblob.

Error: CLANG_WARNING: [#def215]
gnupg2-2.4.5-build/gnupg-2.4.5/g13/sh-cmd.c:576:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  574|         goto leave;
#  575|       }
#  576|->   err = 0;
#  577|   
#  578|     err = sh_dmcrypt_suspend_container (ctrl, ctrl->server_local->devicename);

Error: CLANG_WARNING: [#def216]
gnupg2-2.4.5-build/gnupg-2.4.5/g13/sh-cmd.c:622:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  620|         goto leave;
#  621|       }
#  622|->   err = 0;
#  623|   
#  624|     /* We expect that the client already decrypted the keyblob.

Error: CLANG_WARNING: [#def217]
gnupg2-2.4.5-build/gnupg-2.4.5/kbx/backend-sqlite.c:649:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  647|                 log_error ("error reading database version: %s\n",
#  648|                            gpg_strerror (err));
#  649|->               err = 0;
#  650|                 dbversion = 0;
#  651|               }

Error: CLANG_WARNING: [#def218]
gnupg2-2.4.5-build/gnupg-2.4.5/kbx/backend-sqlite.c:681:9: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  679|         err = set_config_value ("dbversion", STR2(DATABASE_VERSION));
#  680|         if (!err)
#  681|->         err = set_config_value ("created", isotimestamp (gnupg_get_time ()));
#  682|       }
#  683|   

Error: CLANG_WARNING: [#def219]
gnupg2-2.4.5-build/gnupg-2.4.5/kbx/backend-sqlite.c:1724:13: warning[core.CallAndMessage]: 6th function call argument is an uninitialized value
# 1722|   
# 1723|         kinfo = &info.primary;
# 1724|->       err = store_into_fingerprint (ubid, 0, kinfo->grip,
# 1725|                                       kinfo->keyid,
# 1726|                                       kinfo->fpr, kinfo->fprlen);

Error: CLANG_WARNING: [#def220]
gnupg2-2.4.5-build/gnupg-2.4.5/kbx/kbx-client-util.c:198:11: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  196|         if (nread != 4)
#  197|           {
#  198|->           err = gpg_error (GPG_ERR_EIO);
#  199|             log_error ("error reading data length from keyboxd: %s\n",
#  200|                        "short read");

Error: CLANG_WARNING: [#def221]
gnupg2-2.4.5-build/gnupg-2.4.5/kbx/kbxserver.c:863:10: warning[deadcode.DeadStores]: Although the value stored to 'j' is used in the enclosing expression, the value is never actually read from 'j'
#  861|     int i, j, rc;
#  862|   
#  863|->   for (i=j=0; table[i].name; i++)
#  864|       {
#  865|         rc = assuan_register_command (ctx, table[i].name, table[i].handler,

Error: COMPILER_WARNING (CWE-477): [#def222]
gnupg2-2.4.5-build/gnupg-2.4.5/kbx/kbxutil.c: scope_hint: In function ‘main’
gnupg2-2.4.5-build/gnupg-2.4.5/kbx/kbxutil.c:484:3: warning[-Wdeprecated-declarations]: ‘gcry_set_log_handler’ is deprecated
gnupg2-2.4.5-build/gnupg-2.4.5/common/util.h:34: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/kbx/keybox-defs.h:32: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/kbx/kbxutil.c:33: included_from: Included from here.
/usr/include/gcrypt.h:2025:6: note: declared here
#  482|     init_common_subsystems (&argc, &argv);
#  483|   
#  484|->   gcry_set_log_handler (my_gcry_logger, NULL);
#  485|   
#  486|     /*create_dotlock(NULL); register locking cleanup */

Error: CLANG_WARNING: [#def223]
gnupg2-2.4.5-build/gnupg-2.4.5/kbx/keybox-openpgp.c:582:22: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'utail')
#  580|                 u->off = data - image_start;
#  581|                 u->len = datalen;
#  582|->               *utail = u;
#  583|                 utail = &u->next;
#  584|               }

Error: CLANG_WARNING: [#def224]
gnupg2-2.4.5-build/gnupg-2.4.5/kbx/keybox-openpgp.c:639:26: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'ktail')
#  637|                 else
#  638|                   {
#  639|->                   *ktail = k;
#  640|                     ktail = &k->next;
#  641|                   }

Error: CPPCHECK_WARNING: [#def225]
gnupg2-2.4.5-build/gnupg-2.4.5/regexp/jimregexp.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CPPCHECK_WARNING: [#def226]
gnupg2-2.4.5-build/gnupg-2.4.5/regexp/utf8.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CLANG_WARNING: [#def227]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/app-openpgp.c:3154:13: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 3152|   
# 3153|             if (!rc)
# 3154|->             rc = iso7816_put_data (app_get_slot (app), 0, 0xD3, NULL, 0);
# 3155|   
# 3156|             wipe_and_free (buffer1, bufferlen1);

Error: CLANG_WARNING: [#def228]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/app-openpgp.c:3606:57: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 3604|             rc = iso7816_change_reference_data (app_get_slot (app),
# 3605|                                                 0x81, NULL, 0,
# 3606|->                                               pinvalue, strlen (pinvalue));
# 3607|             if (!rc)
# 3608|               rc = iso7816_change_reference_data (app_get_slot (app),

Error: CLANG_WARNING: [#def229]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/app-openpgp.c:3616:57: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 3614|             rc = iso7816_change_reference_data (app_get_slot (app),
# 3615|                                                 0x80 + chvno, NULL, 0,
# 3616|->                                               pinvalue, strlen (pinvalue));
# 3617|           }
# 3618|       }

Error: CLANG_WARNING: [#def230]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/app-openpgp.c:4305:12: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
# 4303|   
# 4304|     last_depth1 = depth;
# 4305|->   while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
# 4306|            && depth && depth >= last_depth1)
# 4307|       {

Error: CLANG_WARNING: [#def231]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/app-openpgp.c:4354:12: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
# 4352|     /* Parse other attributes. */
# 4353|     last_depth1 = depth;
# 4354|->   while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
# 4355|            && depth && depth >= last_depth1)
# 4356|       {

Error: CLANG_WARNING: [#def232]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/app-openpgp.c:4623:12: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
# 4621|         curve = "Ed448" */
# 4622|     last_depth1 = depth;
# 4623|->   while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
# 4624|            && depth && depth >= last_depth1)
# 4625|       {

Error: CLANG_WARNING: [#def233]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/app-openpgp.c:4699:12: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
# 4697|     /* Parse other attributes. */
# 4698|     last_depth1 = depth;
# 4699|->   while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
# 4700|            && depth && depth >= last_depth1)
# 4701|       {

Error: CLANG_WARNING: [#def234]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/app-p15.c:1358:42: warning[deadcode.DeadStores]: Although the value stored to 's' is used in the enclosing expression, the value is never actually read from 's'
# 1356|       log_printf ("%sderive", s), s = ",";
# 1357|     if (usageflags.non_repudiation)
# 1358|->     log_printf ("%snon_repudiation", s), s = ",";
# 1359|   }
# 1360|   

Error: CLANG_WARNING: [#def235]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/app-p15.c:1377:32: warning[deadcode.DeadStores]: Although the value stored to 's' is used in the enclosing expression, the value is never actually read from 's'
# 1375|       log_printf ("%snever_extractable", s), s = ",";
# 1376|     if (accessflags.local)
# 1377|->     log_printf ("%slocal", s), s = ",";
# 1378|   }
# 1379|   

Error: CLANG_WARNING: [#def236]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/app-p15.c:1394:31: warning[deadcode.DeadStores]: Although the value stored to 's' is used in the enclosing expression, the value is never actually read from 's'
# 1392|       log_printf ("%sencr", s), s = ",";
# 1393|     if (gpgusage.auth)
# 1394|->     log_printf ("%sauth", s), s = ",";
# 1395|   }
# 1396|   

Error: CLANG_WARNING: [#def237]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/app-p15.c:1429:11: warning[deadcode.DeadStores]: Value stored to 'mask' is never read
# 1427|           {
# 1428|             bits &= ~mask;
# 1429|->           mask = 0;
# 1430|           }
# 1431|       }

Error: CLANG_WARNING: [#def238]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/app-p15.c:3359:50: warning[deadcode.DeadStores]: Value stored to 's' is never read
# 3357|                       s2 = numbuf;
# 3358|                     }
# 3359|->                 log_printf ("%stype=%s", s, s2); s = ",";
# 3360|                 }
# 3361|               }

Error: CLANG_WARNING: [#def239]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/app-p15.c:3451:11: warning[deadcode.DeadStores]: Value stored to 'mask' is never read
# 3449|           {
# 3450|             bits &= ~mask;
# 3451|->           mask = 0;
# 3452|           }
# 3453|       }

Error: CLANG_WARNING: [#def240]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/app-piv.c:1466:8: warning[deadcode.DeadStores]: Although the value stored to 'keyref' is used in the enclosing expression, the value is never actually read from 'keyref'
# 1464|   
# 1465|     dobj = find_dobj_by_keyref (app, keyrefstr);
# 1466|->   if ((keyref = keyref_from_dobj (dobj)) == -1)
# 1467|       {
# 1468|         err = gpg_error (GPG_ERR_INV_ID);

Error: CLANG_WARNING: [#def241]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/app-piv.c:2695:12: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
# 2693|   
# 2694|     last_depth1 = depth;
# 2695|->   while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
# 2696|            && depth && depth >= last_depth1)
# 2697|       {

Error: CLANG_WARNING: [#def242]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/app-piv.c:2854:12: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
# 2852|   
# 2853|     last_depth1 = depth;
# 2854|->   while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
# 2855|            && depth && depth >= last_depth1)
# 2856|       {

Error: CLANG_WARNING: [#def243]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/app.c:1300:11: warning[core.NullDereference]: Access to field 'next' results in a dereference of a null pointer (loaded from field 'app')
# 1298|   
# 1299|         /* Select the first app again.  */
# 1300|->       if (c->app->next)
# 1301|           run_reselect (ctrl, c, c->app, a_prev);
# 1302|   

Error: CLANG_WARNING: [#def244]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/app.c:1316:7: warning[deadcode.DeadStores]: Value stored to 'locked' is never read
# 1314|       {
# 1315|         unlock_card (c);
# 1316|->       locked = 0;
# 1317|       }
# 1318|     return c;

Error: CLANG_WARNING: [#def245]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/app.c:1436:11: warning[deadcode.DeadStores]: Value stored to 'sn' is never read
# 1434|             sn /= 10;
# 1435|             buf[10] |= (sn % 10) << 4;
# 1436|->           sn /= 10;
# 1437|             buf[14] = 0; /* Last two bytes are RFU.  */
# 1438|             buf[15] = 0;

Error: CLANG_WARNING: [#def246]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/app.c:1666:32: warning[core.NullDereference]: Access to field 'cardtype' results in a dereference of a null pointer (loaded from field 'card')
# 1664|     if (app && app->card && app->card->maybe_check_aid)
# 1665|       app->card->maybe_check_aid = 0;
# 1666|->   else if (!opt.pcsc_shared || app->card->cardtype != CARDTYPE_YUBIKEY)
# 1667|       return 0;
# 1668|   

Error: CLANG_WARNING: [#def247]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/app.c:1715:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1713|           log_error ("slot %d, app %s: forced re-select failed: %s - ignored\n",
# 1714|                      card->slot, xstrapptype (card->app), gpg_strerror (err));
# 1715|->       err = 0;
# 1716|       }
# 1717|   

Error: CLANG_WARNING: [#def248]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/command.c:1802:7: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 1800|     if (rc && has_option (line, "--wait"))
# 1801|       {
# 1802|->       rc = 0;
# 1803|         gnupg_sleep (1); /* Better implement an event mechanism. However,
# 1804|                             for card operations this should be

Error: CLANG_WARNING: [#def249]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/command.c:2385:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 2383|       return err;
# 2384|   
# 2385|->   err = 0;
# 2386|   
# 2387|     card = card_get (ctrl, NULL);

Error: CLANG_WARNING: [#def250]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/command.c:2727:41: warning[deadcode.DeadStores]: Although the value stored to 'ctx' is used in the enclosing expression, the value is never actually read from 'ctx'
# 2725|       }
# 2726|   
# 2727|->   if (!ctrl || !ctrl->server_local || !(ctx=ctrl->server_local->assuan_ctx))
# 2728|       return;
# 2729|     if (pin && !pinlen)

Error: COMPILER_WARNING (CWE-252): [#def251]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/scdaemon.c: scope_hint: In function ‘scd_kick_the_loop’
gnupg2-2.4.5-build/gnupg-2.4.5/scd/scdaemon.c:1255:3: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 1255 |   write (notify_fd, "", 1);
#      |   ^~~~~~~~~~~~~~~~~~~~~~~~
# 1253|                  w32_strerror (-1));
# 1254|   #elif defined(HAVE_PSELECT_NO_EINTR)
# 1255|->   write (notify_fd, "", 1);
# 1256|   #else
# 1257|     int ret = kill (main_thread_pid, SIGCONT);

Error: COMPILER_WARNING (CWE-252): [#def252]
gnupg2-2.4.5-build/gnupg-2.4.5/scd/scdaemon.c: scope_hint: In function ‘handle_connections’
gnupg2-2.4.5-build/gnupg-2.4.5/scd/scdaemon.c:1415:11: warning[-Wunused-result]: ignoring return value of ‘read’ declared with attribute ‘warn_unused_result’
# 1415 |           read (pipe_fd[0], buf, sizeof buf);
#      |           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1413|             char buf[256];
# 1414|   
# 1415|->           read (pipe_fd[0], buf, sizeof buf);
# 1416|           }
# 1417|   #endif

Error: GCC_ANALYZER_WARNING (CWE-121): [#def253]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/call-agent.c: scope_hint: In function ‘gpgsm_scd_pksign’
gnupg2-2.4.5-build/gnupg-2.4.5/sm/call-agent.c:403:5: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
gnupg2-2.4.5-build/gnupg-2.4.5/sm/gpgsm.h:32: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/sm/call-agent.c:32: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/sm/call-agent.c:385:3: note: in expansion of macro ‘snprintf’
gnupg2-2.4.5-build/gnupg-2.4.5/sm/call-agent.c:403:5: note: write of 12 bytes to beyond the end of ‘line’
gnupg2-2.4.5-build/gnupg-2.4.5/sm/call-agent.c:403:5: note: valid subscripts for ‘line’ are ‘[0]’ to ‘[1001]’
#  401|     p = stpcpy (line, "SCD SETDATA " );
#  402|     for (i=0; i < digestlen ; i++, p += 2 )
#  403|->     sprintf (p, "%02X", digest[i]);
#  404|     rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
#  405|     if (rc)

Error: CLANG_WARNING: [#def254]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certchain.c:1712:15: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 1710|               {
# 1711|                 any_no_policy_match = 1;
# 1712|->               rc = 1;  /* Be on the safe side and set RC.  */
# 1713|               }
# 1714|             else if (rc)

Error: CLANG_WARNING: [#def255]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certchain.c:2225:32: warning[deadcode.DeadStores]: Although the value stored to 'flags' is used in the enclosing expression, the value is never actually read from 'flags'
# 2223|         rc = do_validate_chain (ctrl, cert, checktime,
# 2224|                                 r_exptime, listmode, listfp,
# 2225|->                               (flags |= VALIDATE_FLAG_CHAIN_MODEL),
# 2226|                                 &rootca_flags);
# 2227|         *retflags |= VALIDATE_FLAG_CHAIN_MODEL;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def256]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certcheck.c: scope_hint: In function ‘gpgsm_check_cms_signature’
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certcheck.c:693:12: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘frame’
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certcheck.c:31: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certcheck.c:652:7: note: in expansion of macro ‘DBG_CRYPTO’
gnupg2-2.4.5-build/gnupg-2.4.5/sm/gpgsm.h:32: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certcheck.c:164:15: note: in expansion of macro ‘xtrymalloc’
gnupg2-2.4.5-build/gnupg-2.4.5/sm/gpgsm.h:28: included_from: Included from here.
/usr/include/gpg-error.h: scope_hint: In function ‘gpgsm_check_cms_signature’
/usr/include/gpg-error.h: scope_hint: In function ‘gpgsm_check_cms_signature’
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certcheck.c: scope_hint: In function ‘gpgsm_check_cms_signature’
#  691|           }
#  692|         /* put hash into the S-Exp s_hash */
#  693|->       if ( gcry_sexp_build (&s_hash, NULL, "%m", frame) )
#  694|           BUG ();
#  695|         gcry_mpi_release (frame);

Error: CLANG_WARNING: [#def257]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certreqgen.c:1059:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1057|             if (!hexbuf)
# 1058|               {
# 1059|->               err = gpg_error_from_syserror ();
# 1060|                 goto leave;
# 1061|               }

Error: CLANG_WARNING: [#def258]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certreqgen.c:1071:17: warning[deadcode.DeadStores]: Although the value stored to 'p' is used in the enclosing expression, the value is never actually read from 'p'
# 1069|             /* Now build the S-expression.  */
# 1070|             snprintf (numbuf, DIM(numbuf), "%u:", (unsigned int)len);
# 1071|->           buf = p = xtrymalloc (1 + strlen (numbuf) + len + 1 + 1);
# 1072|             if (!buf)
# 1073|               {

Error: CLANG_WARNING: [#def259]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certreqgen.c:1074:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1072|             if (!buf)
# 1073|               {
# 1074|->               err = gpg_error_from_syserror ();
# 1075|                 xfree (hexbuf);
# 1076|                 goto leave;

Error: CLANG_WARNING: [#def260]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certreqgen.c:1206:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1204|             if (!hexbuf)
# 1205|               {
# 1206|->               err = gpg_error_from_syserror ();
# 1207|                 goto leave;
# 1208|               }

Error: CLANG_WARNING: [#def261]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certreqgen.c:1214:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1212|             if (len > 125)
# 1213|               {
# 1214|->               err = gpg_error (GPG_ERR_TOO_LARGE);
# 1215|                 xfree (hexbuf);
# 1216|                 goto leave;

Error: CLANG_WARNING: [#def262]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certreqgen.c:1256:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1254|             if (qlen > 125)
# 1255|               {
# 1256|->               err = gpg_error (GPG_ERR_TOO_LARGE);
# 1257|                 goto leave;
# 1258|               }

Error: CLANG_WARNING: [#def263]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certreqgen.c:1263:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1261|             if (!der)
# 1262|               {
# 1263|->               err = gpg_error_from_syserror ();
# 1264|                 goto leave;
# 1265|               }

Error: CLANG_WARNING: [#def264]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certreqgen.c:1294:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1292|             if (!hexbuf)
# 1293|               {
# 1294|->               err = gpg_error_from_syserror ();
# 1295|                 goto leave;
# 1296|               }

Error: CLANG_WARNING: [#def265]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certreqgen.c:1302:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1300|             if (len > 127)
# 1301|               {
# 1302|->               err = gpg_error (GPG_ERR_TOO_LARGE);
# 1303|                 xfree (hexbuf);
# 1304|                 goto leave;

Error: CLANG_WARNING: [#def266]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certreqgen.c:1343:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1341|             if (qlen > 127)
# 1342|               {
# 1343|->               err = gpg_error (GPG_ERR_TOO_LARGE);
# 1344|                 goto leave;
# 1345|               }

Error: CLANG_WARNING: [#def267]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certreqgen.c:1350:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1348|             if (!der)
# 1349|               {
# 1350|->               err = gpg_error_from_syserror ();
# 1351|                 goto leave;
# 1352|               }

Error: CLANG_WARNING: [#def268]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certreqgen.c:1376:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1374|             if (!s)
# 1375|               {
# 1376|->               err = gpg_error (GPG_ERR_INTERNAL);
# 1377|                 goto leave;
# 1378|               }

Error: CLANG_WARNING: [#def269]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certreqgen.c:1383:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1381|             if (!oidstr)
# 1382|               {
# 1383|->               err = gpg_error_from_syserror ();
# 1384|                 goto leave;
# 1385|               }

Error: CLANG_WARNING: [#def270]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certreqgen.c:1394:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1392|             if (!*s)
# 1393|               {
# 1394|->               err = gpg_error (GPG_ERR_INTERNAL);
# 1395|                 xfree (oidstr);
# 1396|                 goto leave;

Error: CLANG_WARNING: [#def271]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certreqgen.c:1412:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1410|             if (!hexbuf)
# 1411|               {
# 1412|->               err = gpg_error_from_syserror ();
# 1413|                 xfree (oidstr);
# 1414|                 goto leave;

Error: CLANG_WARNING: [#def272]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certreqgen.c:1418:11: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1416|             for (p=hexbuf, len=0; p[0] && p[1]; p += 2)
# 1417|               ((unsigned char*)hexbuf)[len++] = xtoi_2 (p);
# 1418|->           err = ksba_certreq_add_extension (cr, oidstr, crit,
# 1419|                                               hexbuf, len);
# 1420|             xfree (oidstr);

Error: CLANG_WARNING: [#def273]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/certreqgen.c:1428:7: warning[deadcode.DeadStores]: Value stored to 'sigkeypkalgo' is never read
# 1426|         sigkey = public;
# 1427|         sigkeylen = publiclen;
# 1428|->       sigkeypkalgo = publicpkalgo;
# 1429|       }
# 1430|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def274]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/decrypt.c: scope_hint: In function ‘gpgsm_decrypt’
gnupg2-2.4.5-build/gnupg-2.4.5/sm/decrypt.c:1368:24: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘nbits’
gnupg2-2.4.5-build/gnupg-2.4.5/sm/gpgsm.h:28: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/sm/decrypt.c:31: included_from: Included from here.
# 1366|                       log_info ("recp %d - KEKRI or PWRI\n", recp);
# 1367|   
# 1368|->                   rc = prepare_decryption (ctrl, hexkeygrip, pk_algo, nbits,
# 1369|                                              desc, enc_val, &dfparm);
# 1370|                     xfree (enc_val);

Error: CLANG_WARNING: [#def275]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/decrypt.c:1368:24: warning[core.CallAndMessage]: 4th function call argument is an uninitialized value
# 1366|                       log_info ("recp %d - KEKRI or PWRI\n", recp);
# 1367|   
# 1368|->                   rc = prepare_decryption (ctrl, hexkeygrip, pk_algo, nbits,
# 1369|                                              desc, enc_val, &dfparm);
# 1370|                     xfree (enc_val);

Error: CLANG_WARNING: [#def276]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/encrypt.c:822:3: warning[deadcode.DeadStores]: Value stored to 'recpno' is never read
#  820|   
#  821|     /* Main control loop for encryption. */
#  822|->   recpno = 0;
#  823|     do
#  824|       {

Error: CLANG_WARNING: [#def277]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/export.c:186:15: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
#  184|                 log_error ("key '%s' not found: %s\n",
#  185|                            sl->d, gpg_strerror (rc));
#  186|->               rc = 0;
#  187|               }
#  188|             else

Error: GCC_ANALYZER_WARNING (CWE-457): [#def278]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/export.c: scope_hint: In function ‘export_p12’
gnupg2-2.4.5-build/gnupg-2.4.5/sm/export.c:770:20: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘resultlen’
#  768|       {
#  769|         *r_result = result;
#  770|->       *r_resultlen = resultlen;
#  771|       }
#  772|     return err;

Error: CLANG_WARNING: [#def279]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/keydb.c:1015:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1013|       }
# 1014|   
# 1015|->   err = GPG_ERR_BUG;
# 1016|     switch (hd->active[hd->found].type)
# 1017|       {

Error: CLANG_WARNING: [#def280]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/keydb.c:1062:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1060|       }
# 1061|   
# 1062|->   err = gpg_error (GPG_ERR_BUG);
# 1063|     switch (hd->active[hd->found].type)
# 1064|       {

Error: CLANG_WARNING: [#def281]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/keydb.c:1234:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1232|     gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); /* kludge*/
# 1233|   
# 1234|->   err = gpg_error (GPG_ERR_BUG);
# 1235|     switch (hd->active[idx].type)
# 1236|       {

Error: CLANG_WARNING: [#def282]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/keydb.c:1357:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1355|       }
# 1356|   
# 1357|->   err = gpg_error (GPG_ERR_BUG);
# 1358|     switch (hd->active[hd->found].type)
# 1359|       {

Error: CLANG_WARNING: [#def283]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/keylist.c:1171:17: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
# 1169|   
# 1170|   
# 1171|->   for (idx=0; !(err=ksba_cert_get_extension (cert, idx,
# 1172|                                                &oid, &i, &off, &len));idx++)
# 1173|       {

Error: CLANG_WARNING: [#def284]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/keylist.c:1372:17: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
# 1370|   
# 1371|     /* Print restrictions.  */
# 1372|->   for (idx=0; !(err=ksba_cert_get_extension (cert, idx,
# 1373|                                                &oid, NULL, &off, &len));idx++)
# 1374|       {

Error: CLANG_WARNING: [#def285]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/keylist.c:1589:15: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 1587|                 log_error ("key '%s' not found: %s\n",
# 1588|                            sl->d, gpg_strerror (rc));
# 1589|->               rc = 0;
# 1590|               }
# 1591|             else

Error: CLANG_WARNING: [#def286]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/keylist.c:1680:15: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 1678|                 else if ( gpg_err_code (rc) != GPG_ERR_NO_SECKEY)
# 1679|                   goto leave;
# 1680|->               rc = 0;
# 1681|                 xfree (p);
# 1682|               }

Error: CLANG_WARNING: [#def287]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/minip12.c:323:11: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  321|   
#  322|     cur_keylen = 0;
#  323|->   pwlen = strlen (pw);
#  324|     if (pwlen > 63/2)
#  325|       {

Error: CLANG_WARNING: [#def288]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/minip12.c:2047:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 2045|     else if (err && gpg_err_code (err) != GPG_ERR_EOF)
# 2046|       goto bailout;
# 2047|->   err = 0;
# 2048|   
# 2049|     tlv_parser_release (tlv);

Error: CLANG_WARNING: [#def289]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/misc.c:218:32: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  216|               }
#  217|           }
#  218|->       else if (toklen == 5 && !memcmp (tok, "curve", 5))
#  219|           {
#  220|             if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))

Error: GCC_ANALYZER_WARNING (CWE-775): [#def290]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/t-minip12.c: scope_hint: In function ‘one_file’
gnupg2-2.4.5-build/gnupg-2.4.5/sm/t-minip12.c:399:6: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(name, "rb")’
#  397|       }
#  398|   
#  399|->   if (fstat (fileno(fp), &st))
#  400|       {
#  401|         fprintf (stderr, PGM": can't stat '%s': %s\n", name, strerror (errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def291]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/t-minip12.c:399:6: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(name, "rb")’
#  397|       }
#  398|   
#  399|->   if (fstat (fileno(fp), &st))
#  400|       {
#  401|         fprintf (stderr, PGM": can't stat '%s': %s\n", name, strerror (errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def292]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/t-minip12.c:405:14: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(name, "rb")’
#  403|       }
#  404|   
#  405|->   buflen = st.st_size;
#  406|     buf = xmalloc (buflen+1);
#  407|     if (fread (buf, buflen, 1, fp) != 1)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def293]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/t-minip12.c:405:14: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(name, "rb")’
#  403|       }
#  404|   
#  405|->   buflen = st.st_size;
#  406|     buf = xmalloc (buflen+1);
#  407|     if (fread (buf, buflen, 1, fp) != 1)

Error: CLANG_WARNING: [#def294]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/t-minip12.c:623:12: warning[deadcode.DeadStores]: Although the value stored to 'ntests' is used in the enclosing expression, the value is never actually read from 'ntests'
#  621|       die ("error opening '%s': %s\n", descfname, strerror (errno));
#  622|   
#  623|->   lineno = ntests = 0;
#  624|     while ((line = read_textline (fp, &lineno)))
#  625|       {

Error: CLANG_WARNING: [#def295]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/verify.c:321:11: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
#  319|           {
#  320|             log_info ("certs-only message accepted\n");
#  321|->           rc = 0;
#  322|             break;
#  323|           }

Error: CLANG_WARNING: [#def296]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/verify.c:327:13: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
#  325|           {
#  326|             if (signer && rc == -1)
#  327|->             rc = 0;
#  328|             break;
#  329|           }

Error: CLANG_WARNING: [#def297]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/verify.c:377:11: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
#  375|           {
#  376|             log_assert (!msgdigest);
#  377|->           rc = 0;
#  378|             algoid = NULL;
#  379|             algo = 0;

Error: CLANG_WARNING: [#def298]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/verify.c:417:7: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
#  415|             goto next_signer;
#  416|           }
#  417|->       rc = 0;
#  418|   
#  419|   

Error: CLANG_WARNING: [#def299]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/verify.c:632:11: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
#  630|             gpgsm_status_with_err_code (ctrl, STATUS_ERROR, "verify.keyusage",
#  631|                                         gpg_err_code (rc));
#  632|->           rc = 0;
#  633|           }
#  634|   

Error: CLANG_WARNING: [#def300]
gnupg2-2.4.5-build/gnupg-2.4.5/sm/verify.c:733:7: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
#  731|   
#  732|       next_signer:
#  733|->       rc = 0;
#  734|         xfree (issuer);
#  735|         xfree (serial);

Error: CPPCHECK_WARNING: [#def301]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/asschk.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CLANG_WARNING: [#def302]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/asschk.c:512:7: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  510|       {
#  511|         var = xcalloc (1, sizeof *var + strlen (name));
#  512|->       strcpy (var->name, name);
#  513|         var->next = variable_list;
#  514|         variable_list = var;

Error: CLANG_WARNING: [#def303]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/asschk.c:1088:10: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'p')
# 1086|         if (!p)
# 1087|           die_0 ("incomplete script line");
# 1088|->       *p = 0;
# 1089|         if (interpreter (buffer))
# 1090|           break;

Error: COMPILER_WARNING (CWE-252): [#def304]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/gpgscm/ffi.c: scope_hint: In function ‘do_file_equal’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/gpgscm/ffi.c:1052:3: warning[-Wunused-result]: ignoring return value of ‘fread’ declared with attribute ‘warn_unused_result’
# 1052 |   fread (b_buf, 1, 1, b_stream);
#      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1050|       }
# 1051|   
# 1052|->   fread (b_buf, 1, 1, b_stream);
# 1053|     if (! feof (b_stream))
# 1054|       goto out;	/* b is longer */

Error: CLANG_WARNING: [#def305]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/gpgscm/main.c:272:17: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  270|       scmpath = getenv ("GPGSCM_PATH");
#  271|   
#  272|->   p = scmpath = strdup (scmpath);
#  273|     if (p == NULL)
#  274|       return 2;

Error: CPPCHECK_WARNING: [#def306]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/gpgscm/scheme.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CLANG_WARNING: [#def307]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/gpgscm/scheme.c:2846:3: warning[core.CallAndMessage]: 4th function call argument is an uninitialized value
# 2844|     slot = find_slot_spec_in_env(sc, sc->envir, variable, 0, &sslot);
# 2845|     assert(slot == sc->NIL);
# 2846|->   new_slot_spec_in_env(sc, variable, value, sslot);
# 2847|   }
# 2848|   

Error: CLANG_WARNING: [#def308]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/gpgscm/scheme.c:5838:11: warning[core.CallAndMessage]: 4th function call argument is an uninitialized value
# 5836|             set_slot_in_env(sc, x, value);
# 5837|        } else {
# 5838|->           new_slot_spec_in_env(sc, symbol, value, sslot);
# 5839|        }
# 5840|   }

Error: CLANG_WARNING: [#def309]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/gpgscm/scheme.c:5958:5: warning[unix.Malloc]: Potential leak of memory pointed to by 'sc.strbuff'
# 5956|     }
# 5957|     if(!scheme_init(&sc)) {
# 5958|->     fprintf(stderr,"Could not initialize!\n");
# 5959|       return 2;
# 5960|     }

Error: CPPCHECK_WARNING: [#def310]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/gpgscm/t-child.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CPPCHECK_WARNING: [#def311]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: GCC_ANALYZER_WARNING (CWE-775): [#def312]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:80:6: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname, "r")’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
#   78|   
#   79|     sink = fopen (fname_new, "w");
#   80|->   if (! sink)
#   81|       {
#   82|         perror (fname_new);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def313]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:80:6: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname, "r")’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
#   78|   
#   79|     sink = fopen (fname_new, "w");
#   80|->   if (! sink)
#   81|       {
#   82|         perror (fname_new);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def314]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:92:14: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname, "r")’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
#   90|           {
#   91|             passphrase = strdup (linebuf);
#   92|->           if (passphrase == NULL)
#   93|               {
#   94|                 perror ("strdup");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def315]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:92:14: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname_new, "w")’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
#   90|           {
#   91|             passphrase = strdup (linebuf);
#   92|->           if (passphrase == NULL)
#   93|               {
#   94|                 perror ("strdup");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def316]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:92:14: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname, "r")’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
#   90|           {
#   91|             passphrase = strdup (linebuf);
#   92|->           if (passphrase == NULL)
#   93|               {
#   94|                 perror ("strdup");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def317]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:92:14: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname_new, "w")’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
#   90|           {
#   91|             passphrase = strdup (linebuf);
#   92|->           if (passphrase == NULL)
#   93|               {
#   94|                 perror ("strdup");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def318]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:102:6: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname, "r")’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
#  100|       }
#  101|   
#  102|->   if (ferror (source))
#  103|       {
#  104|         perror (fname);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def319]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:102:6: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname_new, "w")’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
#  100|       }
#  101|   
#  102|->   if (ferror (source))
#  103|       {
#  104|         perror (fname);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def320]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:102:6: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname, "r")’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
#  100|       }
#  101|   
#  102|->   if (ferror (source))
#  103|       {
#  104|         perror (fname);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def321]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:102:6: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname_new, "w")’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
#  100|       }
#  101|   
#  102|->   if (ferror (source))
#  103|       {
#  104|         perror (fname);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def322]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:108:6: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname, "r")’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
#  106|       }
#  107|   
#  108|->   if (ferror (sink))
#  109|       {
#  110|         perror (fname_new);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def323]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:108:6: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname_new, "w")’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
#  106|       }
#  107|   
#  108|->   if (ferror (sink))
#  109|       {
#  110|         perror (fname_new);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def324]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:108:6: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname, "r")’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
#  106|       }
#  107|   
#  108|->   if (ferror (sink))
#  109|       {
#  110|         perror (fname_new);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def325]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:108:6: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname_new, "w")’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
#  106|       }
#  107|   
#  108|->   if (ferror (sink))
#  109|       {
#  110|         perror (fname_new);

Error: CLANG_WARNING: [#def326]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:211:16: warning[unix.Malloc]: Potential memory leak
#  209|     if (log_stream)
#  210|       fclose (log_stream);
#  211|->   log_stream = NULL;
#  212|   
#  213|     logfile = option_value (args, "--logfile");

Error: CLANG_WARNING: [#def327]
gnupg2-2.4.5-build/gnupg-2.4.5/tests/openpgp/fake-pinentry.c:239:7: warning[deadcode.DeadStores]: Value stored to 'args' is never read
#  237|         more = !! *p;
#  238|         *p = 0;
#  239|->       args = more ? p+1 : p;
#  240|   
#  241|         passphrase = get_passphrase (passphrasefile);

Error: CLANG_WARNING: [#def328]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/card-call-scd.c:207:15: warning[deadcode.DeadStores]: Value stored to 'result' during its initialization is never read
#  205|   app_type_string (app_type_t app_type)
#  206|   {
#  207|->   const char *result = "?";
#  208|     switch (app_type)
#  209|       {

Error: CLANG_WARNING: [#def329]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/card-call-scd.c:715:17: warning[deadcode.DeadStores]: Although the value stored to 'p' is used in the enclosing expression, the value is never actually read from 'p'
#  713|             unsigned long number;
#  714|   
#  715|->           buf = p = unescape_status_string (line);
#  716|             if (buf)
#  717|               {

Error: CLANG_WARNING: [#def330]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/card-call-scd.c:934:25: warning[deadcode.DeadStores]: Although the value stored to 'pline' is used in the enclosing expression, the value is never actually read from 'pline'
#  932|             char *label;
#  933|   
#  934|->           line_buffer = pline = xstrdup (line);
#  935|   
#  936|             if ((nfields = split_fields (line_buffer, fields, DIM (fields))) < 2)

Error: CLANG_WARNING: [#def331]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/card-call-scd.c:936:16: warning[deadcode.DeadStores]: Although the value stored to 'nfields' is used in the enclosing expression, the value is never actually read from 'nfields'
#  934|             line_buffer = pline = xstrdup (line);
#  935|   
#  936|->           if ((nfields = split_fields (line_buffer, fields, DIM (fields))) < 2)
#  937|               goto leave;  /* not enough args - ignore.  */
#  938|   

Error: CLANG_WARNING: [#def332]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/card-call-scd.c:1045:25: warning[deadcode.DeadStores]: Although the value stored to 'pline' is used in the enclosing expression, the value is never actually read from 'pline'
# 1043|             time_t keytime;
# 1044|   
# 1045|->           line_buffer = pline = xstrdup (line);
# 1046|   
# 1047|             if ((nfields = split_fields (line_buffer, fields, DIM (fields))) < 2)

Error: CLANG_WARNING: [#def333]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/card-call-scd.c:1191:9: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1189|         if (gpg_err_code (err) == GPG_ERR_INV_NAME
# 1190|             || gpg_err_code (err) == GPG_ERR_UNSUPPORTED_OPERATION)
# 1191|->         err = 0; /* Not implemented or GETATTR not supported.  */
# 1192|         err = scd_getattr ("$DISPSERIALNO", info);
# 1193|         if (gpg_err_code (err) == GPG_ERR_INV_NAME

Error: CLANG_WARNING: [#def334]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/card-call-scd.c:1195:9: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1193|         if (gpg_err_code (err) == GPG_ERR_INV_NAME
# 1194|             || gpg_err_code (err) == GPG_ERR_UNSUPPORTED_OPERATION)
# 1195|->         err = 0; /* Not implemented or GETATTR not supported.  */
# 1196|         err = scd_getattr ("KEY-LABEL", info);
# 1197|         if (gpg_err_code (err) == GPG_ERR_INV_NAME

Error: CLANG_WARNING: [#def335]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/card-keys.c:234:15: warning[deadcode.DeadStores]: Value stored to 'keyblock_tail' is never read
#  232|               {
#  233|                 *keyblock_tail = kb;
#  234|->               keyblock_tail = &kb->next;
#  235|                 kb = NULL;
#  236|               }

Error: CLANG_WARNING: [#def336]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/card-keys.c:422:11: warning[deadcode.DeadStores]: Value stored to 'n' is never read
#  420|                 goto leave;
#  421|               }
#  422|->           n /= 2;
#  423|   
#  424|             for (pk = kb->keys; pk->next; pk = pk->next)

Error: CLANG_WARNING: [#def337]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/card-keys.c:479:7: warning[deadcode.DeadStores]: Value stored to 'keyblock_tail' is never read
#  477|       {
#  478|         *keyblock_tail = kb;
#  479|->       keyblock_tail = &kb->next;
#  480|         kb = NULL;
#  481|       }

Error: CLANG_WARNING: [#def338]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpg-auth.c:548:13: warning[deadcode.DeadStores]: Although the value stored to 's' is used in the enclosing expression, the value is never actually read from 's'
#  546|         xfree (pin);
#  547|       }
#  548|->   else if ((s = has_leading_keyword (line, "POPUPPINPADPROMPT")))
#  549|       {
#  550|   

Error: CLANG_WARNING: [#def339]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpg-auth.c:565:13: warning[deadcode.DeadStores]: Although the value stored to 's' is used in the enclosing expression, the value is never actually read from 's'
#  563|           }
#  564|       }
#  565|->   else if ((s = has_leading_keyword (line, "DISMISSPINPADPROMPT")))
#  566|       {
#  567|         ;

Error: COMPILER_WARNING (CWE-252): [#def340]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpg-auth.c: scope_hint: In function ‘getpin’
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpg-auth.c:962:3: warning[-Wunused-result]: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’
#  962 |   fgets (line, ASSUAN_LINELENGTH, stdin);
#      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  960|       }
#  961|   
#  962|->   fgets (line, ASSUAN_LINELENGTH, stdin);
#  963|     if (split_fields (line, fields, DIM (fields)) < DIM (fields))
#  964|       rc = GPG_ERR_PROTOCOL_VIOLATION;

Error: COMPILER_WARNING (CWE-704): [#def341]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpg-card.c: scope_hint: In function ‘main’
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpg-card.c:318:21: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  316|     /* Set defaults for non given options.  */
#  317|     if (!opt.gpg_program)
#  318|->     opt.gpg_program = gnupg_module_name (GNUPG_MODULE_NAME_GPG);
#  319|     if (!opt.gpgsm_program)
#  320|       opt.gpgsm_program = gnupg_module_name (GNUPG_MODULE_NAME_GPGSM);

Error: COMPILER_WARNING (CWE-704): [#def342]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpg-card.c:320:23: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  318|       opt.gpg_program = gnupg_module_name (GNUPG_MODULE_NAME_GPG);
#  319|     if (!opt.gpgsm_program)
#  320|->     opt.gpgsm_program = gnupg_module_name (GNUPG_MODULE_NAME_GPGSM);
#  321|   
#  322|     /* Now build the list of commands.  We guess the size of the array

Error: CLANG_WARNING: [#def343]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpg-card.c:723:55: warning[deadcode.DeadStores]: Value stored to 'any' is never read
#  721|               { tty_fprintf (fp, "%sauth", any?",":""); any=1; }
#  722|             if ((kinfo->usage & GCRY_PK_USAGE_ENCR))
#  723|->             { tty_fprintf (fp, "%sencr", any?",":""); any=1; }
#  724|             tty_fprintf (fp, ")");
#  725|           }

Error: CLANG_WARNING: [#def344]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpg-card.c:1312:11: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1310|                   }
# 1311|               }
# 1312|->           err = scd_switchcard (sl->d);
# 1313|             need_learn = 1;
# 1314|           }

Error: CLANG_WARNING: [#def345]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpg-card.c:4078:31: warning[core.NullDereference]: Access to field 'need_sn_cmd' results in a dereference of a null pointer (loaded from variable 'info')
# 4076|             log_error ("Command '%s' failed: %s\n", command, gpg_strerror (err));
# 4077|             if (gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT)
# 4078|->             info->need_sn_cmd = 1;
# 4079|           }
# 4080|       }

Error: CLANG_WARNING: [#def346]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpg-check-pattern.c:470:3: warning[deadcode.DeadStores]: Value stored to 'accept_match' is never read
#  468|       }
#  469|   
#  470|->   accept_match = 0;
#  471|     accept_skip = 0;
#  472|     for (pat = patarray; pat->type != PAT_NULL; pat++)

Error: CLANG_WARNING: [#def347]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpg-check-pattern.c:476:9: warning[deadcode.DeadStores]: Value stored to 'accept_match' is never read
#  474|         match = 0;
#  475|         if (pat->newblock)
#  476|->         accept_match = accept_skip = 0;
#  477|   
#  478|         if (pat->type == PAT_STRING)

Error: CLANG_WARNING: [#def348]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpg-check-pattern.c:540:15: warning[deadcode.DeadStores]: Value stored to 'accept_match' is never read
#  538|                   return pat;
#  539|                 /* The next is not really but we do it for clarity.  */
#  540|->               accept_match = accept_skip = 0;
#  541|               }
#  542|           }

Error: CLANG_WARNING: [#def349]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpg-connect-agent.c:1543:15: warning[deadcode.DeadStores]: Value stored to 'n' is never read
# 1541|                   *p++ = *s++;
# 1542|                 *p = 0;
# 1543|->               n = p - line;
# 1544|               }
# 1545|           }

Error: GCC_ANALYZER_WARNING (CWE-686): [#def350]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpg-pair-tool.c: scope_hint: In function ‘hmac_data’
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpg-pair-tool.c:1125:15: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘size_t’ {aka ‘long unsigned int’} but received ‘int’ for variadic argument 4 of ‘arg_ptr’
/usr/include/gcrypt.h:31: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/common/util.h:34: included_from: Included from here.
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpg-pair-tool.c:134: included_from: Included from here.
# 1123|     while ((data = va_arg (arg_ptr, const void *)))
# 1124|       {
# 1125|->       datalen = va_arg (arg_ptr, size_t);
# 1126|         /* log_printhex (data, datalen, "    data:"); */
# 1127|         err = gcry_mac_write (hd, data, datalen);

Error: CLANG_WARNING: [#def351]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpg-wks-client.c:1223:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1221|         policy = xcalloc (1, sizeof *policy);
# 1222|         submission_to = xstrdup (fake_submission_addr);
# 1223|->       err = 0;
# 1224|       }
# 1225|     else

Error: CLANG_WARNING: [#def352]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpg-wks-client.c:2097:7: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 2095|       log_info ("a total of %u user ids from %d keys published\n",
# 2096|                 mirror_one_key_parm.nuids, mirror_one_key_parm.nkeys);
# 2097|->   if (err)
# 2098|       log_error ("error mirroring LDAP directory: %s <%s>\n",
# 2099|                  gpg_strerror (err), gpg_strsource (err));

Error: CLANG_WARNING: [#def353]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpg-wks-server.c:1973:11: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1971|           {
# 1972|             struct policy_flags_s policy;
# 1973|->           err = wks_parse_policy (&policy, fp, 0);
# 1974|             es_fclose (fp);
# 1975|             wks_free_policy (&policy);

Error: CLANG_WARNING: [#def354]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgconf-comp.c:1135:13: warning[core.NullDereference]: Dereference of null pointer
# 1133|         if (*src == '%')
# 1134|   	{
# 1135|-> 	  *(dst++) = '%';
# 1136|   	  *(dst++) = '2';
# 1137|   	  *(dst++) = '5';

Error: CLANG_WARNING: [#def355]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgconf-comp.c:1142:13: warning[core.NullDereference]: Dereference of null pointer
# 1140|   	{
# 1141|   	  /* The colon is used as field separator.  */
# 1142|-> 	  *(dst++) = '%';
# 1143|   	  *(dst++) = '3';
# 1144|   	  *(dst++) = 'a';

Error: CLANG_WARNING: [#def356]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgconf-comp.c:1149:13: warning[core.NullDereference]: Dereference of null pointer
# 1147|   	{
# 1148|   	  /* The comma is used as list separator.  */
# 1149|-> 	  *(dst++) = '%';
# 1150|   	  *(dst++) = '2';
# 1151|   	  *(dst++) = 'c';

Error: CLANG_WARNING: [#def357]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgconf-comp.c:1156:13: warning[core.NullDereference]: Dereference of null pointer
# 1154|   	{
# 1155|   	  /* The newline is problematic in a line-based format.  */
# 1156|-> 	  *(dst++) = '%';
# 1157|   	  *(dst++) = '0';
# 1158|   	  *(dst++) = 'a';

Error: CLANG_WARNING: [#def358]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgconf-comp.c:1161:11: warning[core.NullDereference]: Dereference of null pointer
# 1159|   	}
# 1160|         else
# 1161|-> 	*(dst++) = *(src);
# 1162|         src++;
# 1163|       }

Error: CLANG_WARNING: [#def359]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgconf-comp.c:1197:13: warning[core.NullDereference]: Dereference of null pointer
# 1195|   	    gc_error (1, 0, "malformed end of string %s", src);
# 1196|   
# 1197|-> 	  *(dst++) = (char) val;
# 1198|   	  src += 3;
# 1199|   	}

Error: CLANG_WARNING: [#def360]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgconf-comp.c:1201:11: warning[core.NullDereference]: Dereference of null pointer
# 1199|   	}
# 1200|         else
# 1201|-> 	*(dst++) = *(src++);
# 1202|       }
# 1203|     *dst = '\0';

Error: CLANG_WARNING: [#def361]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgconf-comp.c:1203:8: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'dst')
# 1201|   	*(dst++) = *(src++);
# 1202|       }
# 1203|->   *dst = '\0';
# 1204|     return str;
# 1205|   }

Error: CLANG_WARNING: [#def362]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgconf-comp.c:2001:4: warning[deadcode.DeadStores]: Value stored to 'linep' is never read
# 1999|   	    default_value = linep;
# 2000|   
# 2001|-> 	  linep = end;
# 2002|   	}
# 2003|   

Error: CLANG_WARNING: [#def363]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgconf-comp.c:2081:17: warning[core.NullDereference]: Dereference of null pointer
# 2079|         /* We only have the short option.  Search in the option table
# 2080|          * for the long option name.  */
# 2081|->       for (i=0; opt_table[i].short_opt; i++)
# 2082|           if (opt_table[i].short_opt == pargs.r_opt)
# 2083|             break;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def364]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgconf-comp.c: scope_hint: In function ‘change_options_program’
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgconf-comp.c:2545:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘option’
# 2543|   
# 2544|     option = gc_component[component].options;
# 2545|->   for ( ; option->name; option++)
# 2546|       {
# 2547|         if (!option->is_header && option->new_value)

Error: CLANG_WARNING: [#def365]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgconf-comp.c:2799:15: warning[deadcode.DeadStores]: Value stored to 'linep' is never read
# 2797|                   *(end++) = '\0';
# 2798|                 new_value = linep;
# 2799|->               linep = end;
# 2800|               }
# 2801|   

Error: CLANG_WARNING: [#def366]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgconf-comp.c:2921:13: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 2919|               gnupg_rename_file (orig_filename, dest_filename, NULL);
# 2920|             else
# 2921|->             unlink (dest_filename);
# 2922|           }
# 2923|         if (err)

Error: CLANG_WARNING: [#def367]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgconf-comp.c:3010:21: warning[core.NullDereference]: Access to field 'pw_name' results in a dereference of a null pointer (loaded from variable 'pw')
# 3008|             if (!pw)
# 3009|               gc_error (1, errno, "getpwuid failed for current user");
# 3010|->           my_name = xstrdup (pw->pw_name);
# 3011|           }
# 3012|         if (!strcmp (user, my_name))

Error: CLANG_WARNING: [#def368]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgconf-comp.c:3028:22: warning[core.NullDereference]: Access to field 'gr_name' results in a dereference of a null pointer (loaded from variable 'gr')
# 3026|             if (!gr)
# 3027|               gc_error (1, errno, "getgrgid failed for current user");
# 3028|->           my_group = xstrdup (gr->gr_name);
# 3029|           }
# 3030|         if (!strcmp (group, my_group))

Error: CLANG_WARNING: [#def369]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgconf-comp.c:3049:33: warning[core.NullDereference]: Access to field 'gr_name' results in a dereference of a null pointer (loaded from variable 'gr')
# 3047|                 if (!gr)
# 3048|                   gc_error (1, errno, "getgrgid failed for supplementary group");
# 3049|->               my_supgroups[n] = xstrdup (gr->gr_name);
# 3050|               }
# 3051|             xfree (gids);

Error: CLANG_WARNING: [#def370]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgconf.c:1388:25: warning[deadcode.DeadStores]: Value stored to 'sl' during its initialization is never read
# 1386|               {
# 1387|                 int isreg = (tokens[0][3] == 'r');
# 1388|->               strlist_t sl = *listp;
# 1389|   
# 1390|                 for (sl = *listp; sl; sl = sl->next)

Error: CPPCHECK_WARNING: [#def371]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgparsemail.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: GCC_ANALYZER_WARNING (CWE-775): [#def372]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgparsemail.c: scope_hint: In function ‘run_gnupg’
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgparsemail.c:191:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(sig_fd, 0)’
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgparsemail.c:36: included_from: Included from here.
#  189|         if (sig_fd != 0)
#  190|           {
#  191|->           if (dup2 (sig_fd, 0) == -1)
#  192|               die ("dup2 stdin failed: %s", strerror (errno));
#  193|           }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def373]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgparsemail.c:205:10: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 1)’
#  203|         if (fd == -1)
#  204|           die ("can't open '/dev/null': %s", strerror (errno));
#  205|->       if (fd != 1)
#  206|   	{
#  207|             if (dup2 (fd, 1) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def374]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgparsemail.c:207:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 1), 1)’
#  205|         if (fd != 1)
#  206|   	{
#  207|->           if (dup2 (fd, 1) == -1)
#  208|               die ("dup2 stderr failed: %s", strerror (errno));
#  209|           }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def375]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgparsemail.c:207:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 1)’
#  205|         if (fd != 1)
#  206|   	{
#  207|->           if (dup2 (fd, 1) == -1)
#  208|               die ("dup2 stderr failed: %s", strerror (errno));
#  209|           }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def376]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgparsemail.c:214:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(rp[1], 2)’
#  212|         if (rp[1] != 2)
#  213|   	{
#  214|-> 	  if (dup2 (rp[1], 2) == -1)
#  215|   	    die ("dup2 stderr failed: %s", strerror (errno));
#  216|   	}

Error: CLANG_WARNING: [#def377]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgparsemail.c:254:3: warning[deadcode.DeadStores]: Value stored to 'is_status' is never read
#  252|   
#  253|     pos = 0;
#  254|->   is_status = 0;
#  255|     assert (sizeof status_buf > 9);
#  256|     while ((c=getc (fp)) != EOF)

Error: CLANG_WARNING: [#def378]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgparsemail.c:256:13: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  254|     is_status = 0;
#  255|     assert (sizeof status_buf > 9);
#  256|->   while ((c=getc (fp)) != EOF)
#  257|       {
#  258|         if (pos < 9)

Error: CLANG_WARNING: [#def379]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgparsemail.c:636:10: warning[core.NonNullParamChecker]: Null pointer passed to 3rd parameter expecting 'nonnull'
#  634|     /* Fixme: We should not use fgets because it can't cope with
#  635|        embedded nul characters. */
#  636|->   while (fgets (line, sizeof (line), fp))
#  637|       {
#  638|         lineno++;

Error: CLANG_WARNING: [#def380]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgparsemail.c:803:7: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  801|           die ("can't open '%s': %s", *argv, strerror (errno));
#  802|         parse_message (fp);
#  803|->       fclose (fp);
#  804|       }
#  805|     else

Error: CLANG_WARNING: [#def381]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgtar-create.c:573:7: warning[deadcode.DeadStores]: Although the value stored to 'pend' is used in the enclosing expression, the value is never actually read from 'pend'
#  571|     v = value;
#  572|     n = length;
#  573|->   p = pend = buffer + length;
#  574|     *--p = 0; /* Nul byte.  */
#  575|     n--;

Error: CLANG_WARNING: [#def382]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/gpgtar-create.c:593:11: warning[deadcode.DeadStores]: Although the value stored to 'pend' is used in the enclosing expression, the value is never actually read from 'pend'
#  591|         v = value;
#  592|         n = length;
#  593|->       p = pend = buffer + length;
#  594|         do
#  595|           {

Error: CPPCHECK_WARNING: [#def383]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/make-dns-cert.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CPPCHECK_WARNING: [#def384]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/rfc822parse.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: GCC_ANALYZER_WARNING (CWE-688): [#def385]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/rfc822parse.c: scope_hint: In function ‘rfc822parse_get_field’
gnupg2-2.4.5-build/gnupg-2.4.5/tools/rfc822parse.c:646:11: warning[-Wanalyzer-null-argument]: use of NULL ‘p’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strchr’ must be non-null
#  644|     if (valueoff)
#  645|       {
#  646|->       p = strchr (buf, ':');
#  647|         if (!p)
#  648|           *valueoff = 0; /* Oops: should never happen. */

Error: GCC_ANALYZER_WARNING (CWE-457): [#def386]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/rfc822parse.c:646:11: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*p’
gnupg2-2.4.5-build/gnupg-2.4.5/tools/rfc822parse.c:37: included_from: Included from here.
/usr/include/string.h:246:14: note: argument 1 of ‘strchr’ must be a pointer to a null-terminated string
#  644|     if (valueoff)
#  645|       {
#  646|->       p = strchr (buf, ':');
#  647|         if (!p)
#  648|           *valueoff = 0; /* Oops: should never happen. */

Error: CLANG_WARNING: [#def387]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/rfc822parse.c:646:11: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  644|     if (valueoff)
#  645|       {
#  646|->       p = strchr (buf, ':');
#  647|         if (!p)
#  648|           *valueoff = 0; /* Oops: should never happen. */

Error: CLANG_WARNING: [#def388]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/rfc822parse.c:981:17: warning[deadcode.DeadStores]: Although the value stored to 's2' is used in the enclosing expression, the value is never actually read from 's2'
#  979|   	    s++; /* skip the delimiter */
#  980|   	}
#  981|->       else if ((s2 = strchr (delimiters2, *s)))
#  982|   	{ /* Special characters which are not handled above. */
#  983|   	  invalid = 0;

Error: CLANG_WARNING: [#def389]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/rfc822parse.c:1027:16: warning[unix.Malloc]: Potential leak of memory pointed to by 't'
# 1025|    failure:
# 1026|     {
# 1027|->     int save = errno;
# 1028|       release_token_list (tok);
# 1029|       errno = save;

Error: CPPCHECK_WARNING: [#def390]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/watchgnupg.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CLANG_WARNING: [#def391]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/watchgnupg.c:223:7: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  221|                          : xmalloc (c->size));
#  222|           }
#  223|->       memcpy (c->buffer + c->len, line, n);
#  224|         c->len += n;
#  225|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def392]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/watchgnupg.c: scope_hint: In function ‘get_logname’
gnupg2-2.4.5-build/gnupg-2.4.5/tools/watchgnupg.c:305:10: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 1)’
#  303|         if (fd == -1)
#  304|           die ("can't open '/dev/null': %s", strerror (errno));
#  305|->       if (fd != 0 && dup2 (fd, 0) == -1)
#  306|           die ("dup2 stderr failed: %s", strerror (errno));
#  307|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def393]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/watchgnupg.c:305:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 1), 0)’
#  303|         if (fd == -1)
#  304|           die ("can't open '/dev/null': %s", strerror (errno));
#  305|->       if (fd != 0 && dup2 (fd, 0) == -1)
#  306|           die ("dup2 stderr failed: %s", strerror (errno));
#  307|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def394]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/watchgnupg.c:305:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 1)’
#  303|         if (fd == -1)
#  304|           die ("can't open '/dev/null': %s", strerror (errno));
#  305|->       if (fd != 0 && dup2 (fd, 0) == -1)
#  306|           die ("dup2 stderr failed: %s", strerror (errno));
#  307|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def395]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/watchgnupg.c:309:22: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(rp[1], 1)’
#  307|   
#  308|         /* Connect stdout to our pipe. */
#  309|->       if (rp[1] != 1 && dup2 (rp[1], 1) == -1)
#  310|           die ("dup2 stdout failed: %s", strerror (errno));
#  311|   

Error: CLANG_WARNING: [#def396]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/watchgnupg.c:335:13: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  333|   
#  334|     pos = 0;
#  335|->   while ((c=getc (fp)) != EOF)
#  336|       {
#  337|         if (pos+1 >= sizeof filename)

Error: CPPCHECK_WARNING (CWE-476): [#def397]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/watchgnupg.c:557: error[nullPointer]: Null pointer dereference: (struct sockaddr_un*)0
#  555|         srvr_addr_un.sun_path[sizeof (srvr_addr_un.sun_path) - 1] = 0;
#  556|         addr_un = (struct sockaddr *)&srvr_addr_un;
#  557|->       addrlen_un = SUN_LEN (&srvr_addr_un);
#  558|       }
#  559|     else

Error: CLANG_WARNING: [#def398]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/wks-receive.c:111:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  109|     if (!argv)
#  110|       {
#  111|->       err = gpg_error_from_syserror ();
#  112|         goto leave;
#  113|       }

Error: CLANG_WARNING: [#def399]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/wks-receive.c:178:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  176|     if (!argv)
#  177|       {
#  178|->       err = gpg_error_from_syserror ();
#  179|         goto leave;
#  180|       }

Error: CLANG_WARNING: [#def400]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/wks-util.c:1218:3: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 1216|       es_fclose (fp);
# 1217|     es_free (line);
# 1218|->   return err;
# 1219|   }
# 1220|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def401]
gnupg2-2.4.5-build/gnupg-2.4.5/tools/wks-util.c: scope_hint: In function ‘install_key_from_spec_file’
gnupg2-2.4.5-build/gnupg-2.4.5/tools/wks-util.c:1218:10: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘err’
# 1216|       es_fclose (fp);
# 1217|     es_free (line);
# 1218|->   return err;
# 1219|   }
# 1220|   

Error: CLANG_WARNING: [#def402]
gnupg2-2.4.5-build/gnupg-2.4.5/tpm2d/command.c:341:8: warning[core.CallAndMessage]: 2nd function call argument is an uninitialized value
#  339|       goto out;
#  340|   
#  341|->   rc = assuan_send_data (ctx, buf, buflen);
#  342|     xfree (buf);
#  343|   

Error: CLANG_WARNING: [#def403]
gnupg2-2.4.5-build/gnupg-2.4.5/tpm2d/tpm2.c:736:7: warning[core.CallAndMessage]: 4th function call argument is an uninitialized value
#  734|          * write to the digest buffer */
#  735|         hash.hashAlg = nalg;
#  736|->       TSS_Hash_Generate (&hash, bsize, s2b,
#  737|   			 name->size, name->name,
#  738|   			 0, NULL);

Error: CLANG_WARNING: [#def404]
gnupg2-2.4.5-build/gnupg-2.4.5/tpm2d/tpm2.c:825:13: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
#  823|       return ret;
#  824|     len = strlen(passphrase);
#  825|->   if (len > TSS_GetDigestSize(objectPublic.publicArea.nameAlg))
#  826|       {
#  827|         len = TSS_GetDigestSize(objectPublic.publicArea.nameAlg);

Error: COMPILER_WARNING (CWE-252): [#def405]
gnupg2-2.4.5-build/gnupg-2.4.5/tpm2d/tpm2daemon.c: scope_hint: In function ‘tpm2d_kick_the_loop’
gnupg2-2.4.5-build/gnupg-2.4.5/tpm2d/tpm2daemon.c:1062:3: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 1062 |   write (notify_fd, "", 1);
#      |   ^~~~~~~~~~~~~~~~~~~~~~~~
# 1060|                  w32_strerror (-1));
# 1061|   #elif defined(HAVE_PSELECT_NO_EINTR)
# 1062|->   write (notify_fd, "", 1);
# 1063|   #else
# 1064|     int ret;

Error: COMPILER_WARNING (CWE-252): [#def406]
gnupg2-2.4.5-build/gnupg-2.4.5/tpm2d/tpm2daemon.c: scope_hint: In function ‘handle_connections’
gnupg2-2.4.5-build/gnupg-2.4.5/tpm2d/tpm2daemon.c:1230:11: warning[-Wunused-result]: ignoring return value of ‘read’ declared with attribute ‘warn_unused_result’
# 1230 |           read (pipe_fd[0], buf, sizeof buf);
#      |           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1228|             char buf[256];
# 1229|   
# 1230|->           read (pipe_fd[0], buf, sizeof buf);
# 1231|           }
# 1232|   #endif

Scan Properties

analyzer-version-clang18.1.7
analyzer-version-cppcheck2.14.2
analyzer-version-gcc14.1.1
analyzer-version-gcc-analyzer14.1.1
analyzer-version-shellcheck0.10.0
enabled-pluginsclang, cppcheck, gcc, shellcheck
exit-code0
hostip-172-16-1-74.us-west-2.compute.internal
mock-configfedora-41-x86_64
project-namegnupg2-2.4.5-1.fc41
store-results-to/tmp/tmpssrbg1jv/gnupg2-2.4.5-1.fc41.tar.xz
time-created2024-07-03 13:04:23
time-finished2024-07-03 13:11:36
toolcsmock
tool-args'/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmpssrbg1jv/gnupg2-2.4.5-1.fc41.tar.xz' '--gcc-analyze' '/tmp/tmpssrbg1jv/gnupg2-2.4.5-1.fc41.src.rpm'
tool-versioncsmock-3.5.3-1.el9