iptables-1.8.10-8.fc41
List of Defects
Error: CPPCHECK_WARNING: [#def1]
iptables-1.8.10-build/iptables-1.8.10/extensions/libarpt_mangle.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def2]
iptables-1.8.10-build/iptables-1.8.10/extensions/libebt_among.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def3]
iptables-1.8.10-build/iptables-1.8.10/extensions/libebt_ip.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def4]
iptables-1.8.10-build/iptables-1.8.10/extensions/libebt_ip6.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def5]
iptables-1.8.10-build/iptables-1.8.10/extensions/libebt_stp.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def6]
iptables-1.8.10-build/iptables-1.8.10/extensions/libip6t_icmp6.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def7]
iptables-1.8.10-build/iptables-1.8.10/extensions/libip6t_rt.c:60:7: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
# 58| int err;
# 59|
# 60|-> if ((err=inet_pton(AF_INET6, num, &ap)) == 1)
# 61| return ≈
# 62| #ifdef DEBUG
Error: CPPCHECK_WARNING: [#def8]
iptables-1.8.10-build/iptables-1.8.10/extensions/libipt_icmp.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def9]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_HMARK.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def10]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_LOG.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def11]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_NAT.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def12]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_NAT.c:440:3: warning[deadcode.DeadStores]: Value stored to 'sep' is never read
# 438| if (r->flags & NF_NAT_RANGE_PERSISTENT) {
# 439| xt_xlate_add(xl, "%spersistent", sep);
# 440|-> sep = ",";
# 441| }
# 442| return 1;
Error: CPPCHECK_WARNING: [#def13]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_SET.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def14]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_TCPOPTSTRIP.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def15]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_addrtype.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def16]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_bpf.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def17]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_cluster.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def18]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_conntrack.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def19]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_conntrack.c:607:3: warning[deadcode.DeadStores]: Value stored to 'sep' is never read
# 605| if (statemask & XT_CONNTRACK_STATE_DNAT) {
# 606| printf("%sDNAT", sep);
# 607|-> sep = ",";
# 608| }
# 609| }
Error: CLANG_WARNING: [#def20]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_conntrack.c:1127:3: warning[deadcode.DeadStores]: Value stored to 'sep' is never read
# 1125| if (statemask & XT_CONNTRACK_STATE_UNTRACKED) {
# 1126| printf("%sUNTRACKED", sep);
# 1127|-> sep = ",";
# 1128| }
# 1129| }
Error: CLANG_WARNING: [#def21]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_conntrack.c:1175:3: warning[deadcode.DeadStores]: Value stored to 'sep' is never read
# 1173| if (statemask & XT_CONNTRACK_STATE_UNTRACKED) {
# 1174| xt_xlate_add(xl, "%s%s", sep, "untracked");
# 1175|-> sep = ",";
# 1176| }
# 1177| }
Error: CLANG_WARNING: [#def22]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_conntrack.c:1212:3: warning[deadcode.DeadStores]: Value stored to 'sep' is never read
# 1210| if (statusmask & IPS_CONFIRMED) {
# 1211| xt_xlate_add(xl, "%s%s", sep, "confirmed");
# 1212|-> sep = ",";
# 1213| }
# 1214| }
Error: CPPCHECK_WARNING: [#def23]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_dccp.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def24]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_iprange.c:60:19: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'ia6')
# 58| xtables_param_act(XTF_BAD_VALUE, "iprange",
# 59| optname, spec[i]);
# 60|-> range[i].in6 = *ia6;
# 61| }
# 62| } else {
Error: CLANG_WARNING: [#def25]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_iprange.c:68:18: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'ia4')
# 66| xtables_param_act(XTF_BAD_VALUE, "iprange",
# 67| optname, spec[i]);
# 68|-> range[i].in = *ia4;
# 69| }
# 70| }
Error: CPPCHECK_WARNING: [#def26]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_ipvs.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def27]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_policy.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def28]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_recent.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def29]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_sctp.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def30]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_set.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def31]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_string.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def32]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_time.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def33]
iptables-1.8.10-build/iptables-1.8.10/extensions/libxt_u32.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-476): [#def34]
iptables-1.8.10-build/iptables-1.8.10/include/linux/netfilter_ipv4/ip_tables.h:221:29: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘fw’
iptables-1.8.10-build/iptables-1.8.10/iptables/iptables.c: scope_hint: In function ‘print_firewall_line’
# 219| ipt_get_target(struct ipt_entry *e)
# 220| {
# 221|-> return (void *)e + e->target_offset;
# 222| }
# 223|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def35]
iptables-1.8.10-build/iptables-1.8.10/include/linux/netfilter_ipv6/ip6_tables.h:261:29: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘fw’
iptables-1.8.10-build/iptables-1.8.10/iptables/ip6tables.c: scope_hint: In function ‘print_firewall_line’
# 259| ip6t_get_target(struct ip6t_entry *e)
# 260| {
# 261|-> return (void *)e + e->target_offset;
# 262| }
# 263|
Error: CPPCHECK_WARNING: [#def36]
iptables-1.8.10-build/iptables-1.8.10/iptables/ip6tables.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def37]
iptables-1.8.10-build/iptables-1.8.10/iptables/ip6tables.c:222:16: warning[core.NullDereference]: Dereference of null pointer
# 220|
# 221| for (i = 0; i < nsaddrs; i++) {
# 222|-> fw->ipv6.src = saddrs[i];
# 223| fw->ipv6.smsk = smasks[i];
# 224| for (j = 0; j < ndaddrs; j++) {
Error: CLANG_WARNING: [#def38]
iptables-1.8.10-build/iptables-1.8.10/iptables/ip6tables.c:245:15: warning[core.NullDereference]: Dereference of null pointer
# 243| struct xtc_handle *handle)
# 244| {
# 245|-> fw->ipv6.src = *saddr;
# 246| fw->ipv6.dst = *daddr;
# 247| fw->ipv6.smsk = *smask;
Error: CLANG_WARNING: [#def39]
iptables-1.8.10-build/iptables-1.8.10/iptables/ip6tables.c:272:16: warning[core.NullDereference]: Dereference of null pointer
# 270|
# 271| for (i = 0; i < nsaddrs; i++) {
# 272|-> fw->ipv6.src = saddrs[i];
# 273| fw->ipv6.smsk = smasks[i];
# 274| for (j = 0; j < ndaddrs; j++) {
Error: CLANG_WARNING: [#def40]
iptables-1.8.10-build/iptables-1.8.10/iptables/ip6tables.c:306:16: warning[core.NullDereference]: Dereference of null pointer
# 304| mask = make_delete_mask(matches, target, sizeof(*fw));
# 305| for (i = 0; i < nsaddrs; i++) {
# 306|-> fw->ipv6.src = saddrs[i];
# 307| fw->ipv6.smsk = smasks[i];
# 308| for (j = 0; j < ndaddrs; j++) {
Error: CLANG_WARNING: [#def41]
iptables-1.8.10-build/iptables-1.8.10/iptables/ip6tables.c:336:16: warning[core.NullDereference]: Dereference of null pointer
# 334| mask = make_delete_mask(matches, target, sizeof(*fw));
# 335| for (i = 0; i < nsaddrs; i++) {
# 336|-> fw->ipv6.src = saddrs[i];
# 337| fw->ipv6.smsk = smasks[i];
# 338| for (j = 0; j < ndaddrs; j++) {
Error: CPPCHECK_WARNING: [#def42]
iptables-1.8.10-build/iptables-1.8.10/iptables/iptables-restore.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def43]
iptables-1.8.10-build/iptables-1.8.10/iptables/iptables-save.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-775): [#def44]
iptables-1.8.10-build/iptables-1.8.10/iptables/iptables-save.c: scope_hint: In function ‘for_each_table’
iptables-1.8.10-build/iptables-1.8.10/iptables/iptables-save.c:62:20: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(*afinfo.proc_exists, "re")’
# 60|
# 61| while (fgets(tablename, sizeof(tablename), procfile)) {
# 62|-> if (tablename[strlen(tablename) - 1] != '\n')
# 63| xtables_error(OTHER_PROBLEM,
# 64| "Badly formed tablename `%s'", tablename);
Error: GCC_ANALYZER_WARNING (CWE-401): [#def45]
iptables-1.8.10-build/iptables-1.8.10/iptables/iptables-save.c:62:20: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(*afinfo.proc_exists, "re")’
# 60|
# 61| while (fgets(tablename, sizeof(tablename), procfile)) {
# 62|-> if (tablename[strlen(tablename) - 1] != '\n')
# 63| xtables_error(OTHER_PROBLEM,
# 64| "Badly formed tablename `%s'", tablename);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def46]
iptables-1.8.10-build/iptables-1.8.10/iptables/iptables-save.c: scope_hint: In function ‘do_iptables_save’
iptables-1.8.10-build/iptables-1.8.10/iptables/iptables-save.c:164:28: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(optarg, "w")’
# 162| }
# 163| ret = dup2(fileno(file), STDOUT_FILENO);
# 164|-> if (ret == -1) {
# 165| fprintf(stderr, "Failed to redirect stdout, error: %s\n",
# 166| strerror(errno));
Error: GCC_ANALYZER_WARNING (CWE-401): [#def47]
iptables-1.8.10-build/iptables-1.8.10/iptables/iptables-save.c:164:28: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(optarg, "w")’
# 162| }
# 163| ret = dup2(fileno(file), STDOUT_FILENO);
# 164|-> if (ret == -1) {
# 165| fprintf(stderr, "Failed to redirect stdout, error: %s\n",
# 166| strerror(errno));
Error: CPPCHECK_WARNING: [#def48]
iptables-1.8.10-build/iptables-1.8.10/iptables/iptables-xml.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def49]
iptables-1.8.10-build/iptables-1.8.10/iptables/iptables.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def50]
iptables-1.8.10-build/iptables-1.8.10/iptables/iptables.c:221:21: warning[core.NullDereference]: Dereference of null pointer
# 219|
# 220| for (i = 0; i < nsaddrs; i++) {
# 221|-> fw->ip.src.s_addr = saddrs[i].s_addr;
# 222| fw->ip.smsk.s_addr = smasks[i].s_addr;
# 223| for (j = 0; j < ndaddrs; j++) {
Error: CLANG_WARNING: [#def51]
iptables-1.8.10-build/iptables-1.8.10/iptables/iptables.c:244:20: warning[core.NullDereference]: Dereference of null pointer
# 242| struct xtc_handle *handle)
# 243| {
# 244|-> fw->ip.src.s_addr = saddr->s_addr;
# 245| fw->ip.dst.s_addr = daddr->s_addr;
# 246| fw->ip.smsk.s_addr = smask->s_addr;
Error: CLANG_WARNING: [#def52]
iptables-1.8.10-build/iptables-1.8.10/iptables/iptables.c:271:21: warning[core.NullDereference]: Dereference of null pointer
# 269|
# 270| for (i = 0; i < nsaddrs; i++) {
# 271|-> fw->ip.src.s_addr = saddrs[i].s_addr;
# 272| fw->ip.smsk.s_addr = smasks[i].s_addr;
# 273| for (j = 0; j < ndaddrs; j++) {
Error: CLANG_WARNING: [#def53]
iptables-1.8.10-build/iptables-1.8.10/iptables/iptables.c:305:21: warning[core.NullDereference]: Dereference of null pointer
# 303| mask = make_delete_mask(matches, target, sizeof(*fw));
# 304| for (i = 0; i < nsaddrs; i++) {
# 305|-> fw->ip.src.s_addr = saddrs[i].s_addr;
# 306| fw->ip.smsk.s_addr = smasks[i].s_addr;
# 307| for (j = 0; j < ndaddrs; j++) {
Error: CLANG_WARNING: [#def54]
iptables-1.8.10-build/iptables-1.8.10/iptables/iptables.c:335:21: warning[core.NullDereference]: Dereference of null pointer
# 333| mask = make_delete_mask(matches, target, sizeof(*fw));
# 334| for (i = 0; i < nsaddrs; i++) {
# 335|-> fw->ip.src.s_addr = saddrs[i].s_addr;
# 336| fw->ip.smsk.s_addr = smasks[i].s_addr;
# 337| for (j = 0; j < ndaddrs; j++) {
Error: CPPCHECK_WARNING: [#def55]
iptables-1.8.10-build/iptables-1.8.10/iptables/nft-arp.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def56]
iptables-1.8.10-build/iptables-1.8.10/iptables/nft-arp.c:327:3: warning[deadcode.DeadStores]: Value stored to 'sep' is never read
# 325| if (fw->arp.arpro_mask != 65535)
# 326| printf("/%x", ntohs(fw->arp.arpro_mask));
# 327|-> sep = " ";
# 328| }
# 329| }
Error: CPPCHECK_WARNING: [#def57]
iptables-1.8.10-build/iptables-1.8.10/iptables/nft-bridge.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def58]
iptables-1.8.10-build/iptables-1.8.10/iptables/nft-cache.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def59]
iptables-1.8.10-build/iptables-1.8.10/iptables/nft-ruleparse-arp.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def60]
iptables-1.8.10-build/iptables-1.8.10/iptables/nft-ruleparse-bridge.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def61]
iptables-1.8.10-build/iptables-1.8.10/iptables/nft-ruleparse.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-476): [#def62]
iptables-1.8.10-build/iptables-1.8.10/iptables/nft-ruleparse.c: scope_hint: In function ‘nft_parse_range’
iptables-1.8.10-build/iptables-1.8.10/iptables/nft-ruleparse.c:870:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
iptables-1.8.10-build/iptables-1.8.10/iptables/nft-ruleparse.c:30: included_from: Included from here.
# 868| sreg = nft_xt_ctx_get_sreg(ctx, reg);
# 869|
# 870|-> switch (sreg->type) {
# 871| case NFT_XT_REG_UNDEF:
# 872| ctx->errmsg = "range sreg undef";
Error: CPPCHECK_WARNING: [#def63]
iptables-1.8.10-build/iptables-1.8.10/iptables/nft-shared.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def64]
iptables-1.8.10-build/iptables-1.8.10/iptables/nft.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING (CWE-457): [#def65]
iptables-1.8.10-build/iptables-1.8.10/iptables/nft.c:251: error[uninitvar]: Uninitialized variable: nlh->nlmsg_seq
# 249| if (ret == -1) {
# 250| mnl_err_list_node_add(&h->err_list, errno,
# 251|-> nlh->nlmsg_seq);
# 252| err = -1;
# 253| }
Error: CLANG_WARNING: [#def66]
iptables-1.8.10-build/iptables-1.8.10/iptables/nft.c:3266:3: warning[unix.Malloc]: Use of memory after it is freed
# 3264|
# 3265| list_for_each_entry_safe(n, tmp, &h->obj_list, head) {
# 3266|-> list_for_each_entry_safe(err, ne, &h->err_list, head) {
# 3267| if (err->seqnum > n->seq)
# 3268| break;
Error: CPPCHECK_WARNING: [#def67]
iptables-1.8.10-build/iptables-1.8.10/iptables/xtables-eb-translate.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def68]
iptables-1.8.10-build/iptables-1.8.10/iptables/xtables-eb-translate.c:404:8: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 402|
# 403| cs.eb.bitmask &= ~((unsigned int)EBT_NOPROTO);
# 404|-> i = strtol(optarg, &buffer, 16);
# 405| if (*buffer == '\0' && (i < 0 || i > 0xFFFF))
# 406| xtables_error(PARAMETER_PROBLEM,
Error: CPPCHECK_WARNING: [#def69]
iptables-1.8.10-build/iptables-1.8.10/iptables/xtables-eb.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def70]
iptables-1.8.10-build/iptables-1.8.10/iptables/xtables-eb.c:84:6: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 82| static void ebt_assert_valid_chain_name(const char *chainname)
# 83| {
# 84|-> if (strlen(chainname) >= EBT_CHAIN_MAXNAMELEN)
# 85| xtables_error(PARAMETER_PROBLEM,
# 86| "Chain name length can't exceed %d",
Error: CLANG_WARNING: [#def71]
iptables-1.8.10-build/iptables-1.8.10/iptables/xtables-eb.c:818:10: warning[deadcode.DeadStores]: Although the value stored to 'chcounter' is used in the enclosing expression, the value is never actually read from 'chcounter'
# 816| optind++;
# 817| } else if (c == 'C') {
# 818|-> if ((chcounter = parse_change_counters_rule(argc, argv, &rule_nr, &rule_nr_end, &cs)) == -1)
# 819| return -1;
# 820| } else if (c == 'I') {
Error: CLANG_WARNING: [#def72]
iptables-1.8.10-build/iptables-1.8.10/iptables/xtables-eb.c:1037:8: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 1035|
# 1036| cs.eb.bitmask &= ~((unsigned int)EBT_NOPROTO);
# 1037|-> i = strtol(optarg, &buffer, 16);
# 1038| if (*buffer == '\0' && (i < 0 || i > 0xFFFF))
# 1039| xtables_error(PARAMETER_PROBLEM,
Error: CPPCHECK_WARNING: [#def73]
iptables-1.8.10-build/iptables-1.8.10/iptables/xtables-monitor.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def74]
iptables-1.8.10-build/iptables-1.8.10/iptables/xtables-restore.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-775): [#def75]
iptables-1.8.10-build/iptables-1.8.10/iptables/xtables-save.c: scope_hint: In function ‘xtables_save_main’
iptables-1.8.10-build/iptables-1.8.10/iptables/xtables-save.c:176:28: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(optarg, "w")’
# 174| }
# 175| ret = dup2(fileno(file), STDOUT_FILENO);
# 176|-> if (ret == -1) {
# 177| fprintf(stderr, "Failed to redirect stdout, error: %s\n",
# 178| strerror(errno));
Error: GCC_ANALYZER_WARNING (CWE-401): [#def76]
iptables-1.8.10-build/iptables-1.8.10/iptables/xtables-save.c:176:28: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(optarg, "w")’
# 174| }
# 175| ret = dup2(fileno(file), STDOUT_FILENO);
# 176|-> if (ret == -1) {
# 177| fprintf(stderr, "Failed to redirect stdout, error: %s\n",
# 178| strerror(errno));
Error: GCC_ANALYZER_WARNING (CWE-775): [#def77]
iptables-1.8.10-build/iptables-1.8.10/iptables/xtables-save.c:229:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘ret’
# 227| default:
# 228| fprintf(stderr, "Unknown family %d\n", family);
# 229|-> return 1;
# 230| }
# 231|
Error: CPPCHECK_WARNING: [#def78]
iptables-1.8.10-build/iptables-1.8.10/iptables/xtables-translate.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def79]
iptables-1.8.10-build/iptables-1.8.10/iptables/xtables-translate.c:263:6: warning[core.NullDereference]: Access to field 'init_cs' results in a dereference of a null pointer (loaded from field 'ops')
# 261| };
# 262|
# 263|-> if (h->ops->init_cs)
# 264| h->ops->init_cs(&cs);
# 265|
Error: CPPCHECK_WARNING: [#def80]
iptables-1.8.10-build/iptables-1.8.10/libiptc/libip4tc.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def81]
iptables-1.8.10-build/iptables-1.8.10/libiptc/libip6tc.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-688): [#def82]
iptables-1.8.10-build/iptables-1.8.10/libiptc/libip6tc.c:111: included_from: Included from here.
iptables-1.8.10-build/iptables-1.8.10/libiptc/libiptc.c: scope_hint: In function 'iptcc_chain_index_alloc'
iptables-1.8.10-build/iptables-1.8.10/libiptc/libiptc.c:499:9: warning[-Wanalyzer-null-argument]: use of NULL '*h.chain_index' where non-null expected
iptables-1.8.10-build/iptables-1.8.10/libiptc/libiptc.c:2226:1: note: in expansion of macro 'TC_CREATE_CHAIN'
iptables-1.8.10-build/iptables-1.8.10/libiptc/libiptc.c:40: included_from: Included from here.
iptables-1.8.10-build/iptables-1.8.10/libiptc/linux_list.h:16:56: note: in definition of macro 'container_of'
iptables-1.8.10-build/iptables-1.8.10/libiptc/linux_list.h:381:20: note: in expansion of macro 'list_entry'
iptables-1.8.10-build/iptables-1.8.10/libiptc/libiptc.c:867:17: note: in expansion of macro 'list_for_each_entry'
<built-in>: note: argument 1 of '__builtin_memset' must be non-null
# 497| return -ENOMEM;
# 498| }
# 499|-> memset(h->chain_index, 0, array_mem);
# 500| h->chain_index_sz = array_elems;
# 501|
Error: CPPCHECK_WARNING: [#def83]
iptables-1.8.10-build/iptables-1.8.10/libxtables/xtables.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING (CWE-457): [#def84]
iptables-1.8.10-build/iptables-1.8.10/libxtables/xtables.c:287: warning[uninitvar]: Uninitialized variable: cur
# 285| hlist_for_each_entry_safe(cur, pos, n, ¬argets[i], node) {
# 286| hlist_del(&cur->node);
# 287|-> free(cur);
# 288| }
# 289| }
Error: CPPCHECK_WARNING: [#def85]
iptables-1.8.10-build/iptables-1.8.10/libxtables/xtoptions.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-476): [#def86]
iptables-1.8.10-build/iptables-1.8.10/libxtables/xtoptions.c: scope_hint: In function 'xtopt_parse_hostmask'
iptables-1.8.10-build/iptables-1.8.10/libxtables/xtoptions.c:753:14: warning[-Wanalyzer-null-dereference]: dereference of NULL 'p'
# 751| work = xtables_strdup(orig_arg);
# 752| p = strchr(work, '/'); /* by def this can't be NULL now */
# 753|-> *p++ = '\0';
# 754| /*
# 755| * Because xtopt_parse_host and xtopt_parse_plenmask would store
Error: CPPCHECK_WARNING: [#def87]
iptables-1.8.10-build/iptables-1.8.10/utils/nfbpf_compile.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def88]
iptables-1.8.10-build/iptables-1.8.10/utils/nfnl_osf.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Scan Properties
| analyzer-version-clang | 18.1.7 |
| analyzer-version-cppcheck | 2.14.2 |
| analyzer-version-gcc | 14.1.1 |
| analyzer-version-gcc-analyzer | 14.1.1 |
| analyzer-version-shellcheck | 0.10.0 |
| enabled-plugins | clang, cppcheck, gcc, shellcheck |
| exit-code | 0 |
| host | ip-172-16-1-157.us-west-2.compute.internal |
| mock-config | fedora-41-x86_64 |
| project-name | iptables-1.8.10-8.fc41 |
| store-results-to | /tmp/tmpnba9pdej/iptables-1.8.10-8.fc41.tar.xz |
| time-created | 2024-07-03 13:19:08 |
| time-finished | 2024-07-03 13:21:02 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmpnba9pdej/iptables-1.8.10-8.fc41.tar.xz' '--gcc-analyze' '/tmp/tmpnba9pdej/iptables-1.8.10-8.fc41.src.rpm' |
| tool-version | csmock-3.5.3-1.el9 |