jose-14-1.fc41
List of Defects
Error: CLANG_WARNING: [#def1]
jose-14-build/jose-14/cmd/alg.c:136:5: warning[core.VLASize]: Declared variable-length array (VLA) has zero size
# 134| }
# 135|
# 136|-> const char *names[len];
# 137|
# 138| for (const jose_hook_alg_t *a = jose_hook_alg_list(); a; a = a->next) {
Error: CPPCHECK_WARNING (CWE-457): [#def2]
jose-14-build/jose-14/cmd/alg.c:143: warning[uninitvar]: Uninitialized variable: names
# 141| }
# 142|
# 143|-> qsort(names, sizeof(names) / sizeof(*names), sizeof(*names), cmp);
# 144|
# 145| for (size_t i = 0; i < sizeof(names) / sizeof(*names); i++)
Error: CPPCHECK_WARNING: [#def3]
jose-14-build/jose-14/cmd/b64/dec.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def4]
jose-14-build/jose-14/cmd/b64/enc.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-775): [#def5]
jose-14-build/jose-14/cmd/fmt.c: scope_hint: In function ‘cmd_foreach’
jose-14-build/jose-14/cmd/fmt.c:133:8: warning[-Wanalyzer-file-leak]: leak of FILE ‘file’
jose-14-build/jose-14/include/jose/b64.h:27: included_from: Included from here.
jose-14-build/jose-14/redhat-linux-build/include/jose/jose.h:38: included_from: Included from here.
jose-14-build/jose-14/cmd/jose.h:20: included_from: Included from here.
jose-14-build/jose-14/cmd/fmt.c:18: included_from: Included from here.
# 131|
# 132| egress:
# 133|-> if (strcmp(s, "-") != 0)
# 134| fclose(file);
# 135| return ret;
Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
jose-14-build/jose-14/cmd/fmt.c:133:8: warning[-Wanalyzer-malloc-leak]: leak of ‘file’
cc1: note: unrecognized command-line option ‘-Wno-unused-command-line-argument’ may have been intended to silence earlier diagnostics
# 131|
# 132| egress:
# 133|-> if (strcmp(s, "-") != 0)
# 134| fclose(file);
# 135| return ret;
Error: CPPCHECK_WARNING: [#def7]
jose-14-build/jose-14/cmd/jose.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-775): [#def8]
jose-14-build/jose-14/cmd/jose.c: scope_hint: In function ‘jcmd_opt_set_jwkt’
jose-14-build/jose-14/cmd/jose.c:336:31: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(arg, "r")’
# 334| tmp = json_loadf(stdin, flags, NULL);
# 335| } else {
# 336|-> FILE_AUTO *file = fopen(arg, "r");
# 337| tmp = json_loadf(file, flags, NULL);
# 338| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def9]
jose-14-build/jose-14/cmd/jose.c:336:31: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(arg, "r")’
# 334| tmp = json_loadf(stdin, flags, NULL);
# 335| } else {
# 336|-> FILE_AUTO *file = fopen(arg, "r");
# 337| tmp = json_loadf(file, flags, NULL);
# 338| }
Error: GCC_ANALYZER_WARNING (CWE-775): [#def10]
jose-14-build/jose-14/cmd/jose.c: scope_hint: In function ‘jcmd_opt_set_jwks’
jose-14-build/jose-14/cmd/jose.c:366:27: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(arg, "r")’
# 364| tmp = json_loadf(stdin, flags, NULL);
# 365| } else {
# 366|-> FILE_AUTO *file = fopen(arg, "r");
# 367| tmp = json_loadf(file, flags, NULL);
# 368| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def11]
jose-14-build/jose-14/cmd/jose.c:366:27: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(arg, "r")’
cc1: note: unrecognized command-line option ‘-Wno-unused-command-line-argument’ may have been intended to silence earlier diagnostics
# 364| tmp = json_loadf(stdin, flags, NULL);
# 365| } else {
# 366|-> FILE_AUTO *file = fopen(arg, "r");
# 367| tmp = json_loadf(file, flags, NULL);
# 368| }
Error: CLANG_WARNING: [#def12]
jose-14-build/jose-14/cmd/jose.c:511:5: warning[core.VLASize]: Declared variable-length array (VLA) has zero size
# 509| }
# 510|
# 511|-> const jcmd_t *all[len];
# 512|
# 513| for (const jcmd_t *c = cmds; c; c = c->next)
Error: CPPCHECK_WARNING (CWE-457): [#def13]
jose-14-build/jose-14/cmd/jose.c:516: warning[uninitvar]: Uninitialized variables: all.next, all.names, all.func, all.desc
# 514| all[--len] = c;
# 515|
# 516|-> qsort(all, sizeof(all) / sizeof(*all), sizeof(*all), cmp);
# 517|
# 518| fprintf(stderr, "Usage: jose COMMAND [OPTIONS] [ARGUMENTS]\n\n");
Error: CPPCHECK_WARNING: [#def14]
jose-14-build/jose-14/cmd/jwe/dec.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def15]
jose-14-build/jose-14/cmd/jwe/enc.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING (CWE-227): [#def16]
jose-14-build/jose-14/cmd/jwe/pwd.h:69: error[IOWithoutPositioning]: Read and write operations without a call to a positioning function (fseek, fsetpos or rewind) or fflush in between result in undefined behaviour.
# 67| memset(pwd, 0, sizeof(pwd));
# 68| for (size_t i = 0; i < sizeof(pwd) - 1; i++) {
# 69|-> int c = fgetc(tty);
# 70| if (c == EOF || !isprint(c) || isspace(c))
# 71| break;
Error: CPPCHECK_WARNING: [#def17]
jose-14-build/jose-14/cmd/jwk/exc.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def18]
jose-14-build/jose-14/cmd/jwk/thp.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def19]
jose-14-build/jose-14/cmd/jws/sig.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def20]
jose-14-build/jose-14/lib/b64.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING (CWE-401): [#def21]
jose-14-build/jose-14/lib/b64.c:211: error[memleak]: Memory leak: i
# 209|
# 210| i->next = jose_io_incref(next);
# 211|-> return jose_io_incref(io);
# 212| }
# 213|
Error: CPPCHECK_WARNING (CWE-401): [#def22]
jose-14-build/jose-14/lib/b64.c:335: error[memleak]: Memory leak: i
# 333|
# 334| i->next = jose_io_incref(next);
# 335|-> return jose_io_incref(io);
# 336| }
# 337|
Error: GCC_ANALYZER_WARNING (CWE-401): [#def23]
jose-14-build/jose-14/lib/io.c: scope_hint: In function ‘jose_io_buffer’
jose-14-build/jose-14/lib/io.c:54:9: warning[-Wanalyzer-malloc-leak]: leak of ‘i’
# 52|
# 53| jose_io_decref(*io);
# 54|-> *io = NULL;
# 55| }
# 56|
Error: CPPCHECK_WARNING (CWE-401): [#def24]
jose-14-build/jose-14/lib/io.c:137: error[memleak]: Memory leak: i
# 135| i->buf = buf;
# 136| i->len = len;
# 137|-> return jose_io_incref(io);
# 138| }
# 139|
Error: CPPCHECK_WARNING (CWE-401): [#def25]
jose-14-build/jose-14/lib/io.c:201: error[memleak]: Memory leak: i
# 199|
# 200| *len = 0;
# 201|-> return jose_io_incref(io);
# 202| }
# 203|
Error: CPPCHECK_WARNING: [#def26]
jose-14-build/jose-14/lib/jwe.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def27]
jose-14-build/jose-14/lib/jwk.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def28]
jose-14-build/jose-14/lib/jws.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def29]
jose-14-build/jose-14/lib/jws.c:200:24: warning[unix.Malloc]: Potential leak of memory pointed to by 'ios'
# 198| ios[i] = jose_jws_sig_io(cfg, jws, tmp, key);
# 199| if (!ios[i])
# 200|-> return NULL;
# 201| }
# 202|
Error: CLANG_WARNING: [#def30]
jose-14-build/jose-14/lib/jws.c:270:24: warning[unix.Malloc]: Potential leak of memory pointed to by 'ios'
# 268| j++;
# 269| else if (all)
# 270|-> return NULL;
# 271| }
# 272|
Error: CPPCHECK_WARNING: [#def31]
jose-14-build/jose-14/lib/openssl/aesgcm.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def32]
jose-14-build/jose-14/lib/openssl/aesgcmkw.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def33]
jose-14-build/jose-14/lib/openssl/ecdhes.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def34]
jose-14-build/jose-14/lib/openssl/ecdsa.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING (CWE-401): [#def35]
jose-14-build/jose-14/lib/openssl/ecdsa.c:252: error[memleak]: Memory leak: i
# 250| i->key = jose_openssl_jwk_to_EC_KEY(cfg, jwk);
# 251| if (!i->b || !i->h || !i->obj || !i->sig || !i->key)
# 252|-> return NULL;
# 253|
# 254| return jose_io_incref(io);
Error: CPPCHECK_WARNING (CWE-401): [#def36]
jose-14-build/jose-14/lib/openssl/ecdsa.c:254: error[memleak]: Memory leak: i
# 252| return NULL;
# 253|
# 254|-> return jose_io_incref(io);
# 255| }
# 256|
Error: CPPCHECK_WARNING (CWE-401): [#def37]
jose-14-build/jose-14/lib/openssl/ecdsa.c:283: error[memleak]: Memory leak: i
# 281| i->key = jose_openssl_jwk_to_EC_KEY(cfg, jwk);
# 282| if (!i->b || !i->h || !i->sig || !i->key)
# 283|-> return NULL;
# 284|
# 285| return jose_io_incref(io);
Error: CPPCHECK_WARNING (CWE-401): [#def38]
jose-14-build/jose-14/lib/openssl/ecdsa.c:285: error[memleak]: Memory leak: i
# 283| return NULL;
# 284|
# 285|-> return jose_io_incref(io);
# 286| }
# 287|
Error: CPPCHECK_WARNING: [#def39]
jose-14-build/jose-14/lib/openssl/hmac.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING (CWE-401): [#def40]
jose-14-build/jose-14/lib/openssl/hmac.c:256: error[memleak]: Memory leak: i
# 254| i->hctx = jhmac(alg, cfg, sig, jwk);
# 255| if (!i->obj || !i->sig || !i->hctx)
# 256|-> return NULL;
# 257|
# 258| return jose_io_incref(io);
Error: CPPCHECK_WARNING (CWE-401): [#def41]
jose-14-build/jose-14/lib/openssl/hmac.c:258: error[memleak]: Memory leak: i
# 256| return NULL;
# 257|
# 258|-> return jose_io_incref(io);
# 259| }
# 260|
Error: CPPCHECK_WARNING (CWE-401): [#def42]
jose-14-build/jose-14/lib/openssl/hmac.c:280: error[memleak]: Memory leak: i
# 278| i->hctx = jhmac(alg, cfg, sig, jwk);
# 279| if (!i->sig || !i->hctx)
# 280|-> return NULL;
# 281|
# 282| return jose_io_incref(io);
Error: CPPCHECK_WARNING (CWE-401): [#def43]
jose-14-build/jose-14/lib/openssl/hmac.c:282: error[memleak]: Memory leak: i
# 280| return NULL;
# 281|
# 282|-> return jose_io_incref(io);
# 283| }
# 284|
Error: CPPCHECK_WARNING: [#def44]
jose-14-build/jose-14/lib/openssl/jwk.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def45]
jose-14-build/jose-14/lib/openssl/misc.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def46]
jose-14-build/jose-14/lib/openssl/pbes2.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def47]
jose-14-build/jose-14/lib/openssl/pbes2.c:42:15: warning[deadcode.DeadStores]: Although the value stored to 'key' is used in the enclosing expression, the value is never actually read from 'key'
# 40|
# 41| if (json_is_string(jwk)) {
# 42|-> jwk = key = json_pack("{s:s,s:o}", "kty", "oct", "k",
# 43| jose_b64_enc(json_string_value(jwk),
# 44| json_string_length(jwk)));
Error: CPPCHECK_WARNING: [#def48]
jose-14-build/jose-14/lib/openssl/rsaes.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def49]
jose-14-build/jose-14/lib/openssl/rsassa.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING (CWE-401): [#def50]
jose-14-build/jose-14/lib/openssl/rsassa.c:244: error[memleak]: Memory leak: i
# 242| i->emc = setup(cfg, jwk, sig, alg->name, EVP_DigestSignInit);
# 243| if (!i->obj || !i->sig || !i->emc)
# 244|-> return NULL;
# 245|
# 246| return jose_io_incref(io);
Error: CPPCHECK_WARNING (CWE-401): [#def51]
jose-14-build/jose-14/lib/openssl/rsassa.c:246: error[memleak]: Memory leak: i
# 244| return NULL;
# 245|
# 246|-> return jose_io_incref(io);
# 247| }
# 248|
Error: CPPCHECK_WARNING (CWE-401): [#def52]
jose-14-build/jose-14/lib/openssl/rsassa.c:268: error[memleak]: Memory leak: i
# 266| i->emc = setup(cfg, jwk, sig, alg->name, EVP_DigestVerifyInit);
# 267| if (!i->sig || !i->emc)
# 268|-> return NULL;
# 269|
# 270| return jose_io_incref(io);
Error: CPPCHECK_WARNING (CWE-401): [#def53]
jose-14-build/jose-14/lib/openssl/rsassa.c:270: error[memleak]: Memory leak: i
# 268| return NULL;
# 269|
# 270|-> return jose_io_incref(io);
# 271| }
# 272|
Error: CPPCHECK_WARNING (CWE-401): [#def54]
jose-14-build/jose-14/lib/zlib/deflate.c:153: error[memleak]: Memory leak: i
# 151| i->next = jose_io_incref(next);
# 152| if (!i->next)
# 153|-> return NULL;
# 154|
# 155| if (deflateInit2(&i->strm, Z_DEFAULT_COMPRESSION, Z_DEFLATED,
Error: CPPCHECK_WARNING (CWE-401): [#def55]
jose-14-build/jose-14/lib/zlib/deflate.c:157: error[memleak]: Memory leak: i
# 155| if (deflateInit2(&i->strm, Z_DEFAULT_COMPRESSION, Z_DEFLATED,
# 156| -MAX_WBITS, MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY) != Z_OK)
# 157|-> return NULL;
# 158|
# 159| return jose_io_incref(io);
Error: CPPCHECK_WARNING (CWE-401): [#def56]
jose-14-build/jose-14/lib/zlib/deflate.c:159: error[memleak]: Memory leak: i
# 157| return NULL;
# 158|
# 159|-> return jose_io_incref(io);
# 160| }
# 161|
Error: CPPCHECK_WARNING (CWE-401): [#def57]
jose-14-build/jose-14/lib/zlib/deflate.c:179: error[memleak]: Memory leak: i
# 177| i->next = jose_io_incref(next);
# 178| if (!i->next)
# 179|-> return NULL;
# 180|
# 181| if (inflateInit2(&i->strm, -MAX_WBITS) != Z_OK)
Error: CPPCHECK_WARNING (CWE-401): [#def58]
jose-14-build/jose-14/lib/zlib/deflate.c:182: error[memleak]: Memory leak: i
# 180|
# 181| if (inflateInit2(&i->strm, -MAX_WBITS) != Z_OK)
# 182|-> return NULL;
# 183|
# 184| return jose_io_incref(io);
Error: CPPCHECK_WARNING (CWE-401): [#def59]
jose-14-build/jose-14/lib/zlib/deflate.c:184: error[memleak]: Memory leak: i
# 182| return NULL;
# 183|
# 184|-> return jose_io_incref(io);
# 185| }
# 186|
Error: GCC_ANALYZER_WARNING (CWE-401): [#def60]
jose-14-build/jose-14/tests/alg_comp.c: scope_hint: In function ‘test_long_string’
jose-14-build/jose-14/tests/alg_comp.c:55:28: warning[-Wanalyzer-malloc-leak]: leak of ‘get_random_string((unsigned int)inputlen)’
jose-14-build/jose-14/tests/alg_comp.c:20: included_from: Included from here.
# 53| {
# 54| assert(length);
# 55|-> uint8_t* c = (uint8_t*)malloc(length*sizeof(uint8_t));
# 56| assert(c);
# 57| for (uint32_t i=0; i<length; i++) {
Error: CPPCHECK_WARNING (CWE-457): [#def61]
jose-14-build/jose-14/tests/alg_hash.c:102: warning[uninitvar]: Uninitialized variable: a
# 100| sscanf(&v[i].hsh[j * 2], "%02hhx", &a[j]);
# 101|
# 102|-> test(alg, v[i].msg, a, sizeof(a), false);
# 103| test(alg, v[i].msg, a, sizeof(a), true);
# 104| }
Error: CPPCHECK_WARNING: [#def62]
jose-14-build/jose-14/tests/api_b64.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Scan Properties
| analyzer-version-clang | 18.1.7 |
| analyzer-version-cppcheck | 2.14.2 |
| analyzer-version-gcc | 14.1.1 |
| analyzer-version-gcc-analyzer | 14.1.1 |
| analyzer-version-shellcheck | 0.10.0 |
| enabled-plugins | clang, cppcheck, gcc, shellcheck |
| exit-code | 0 |
| host | ip-172-16-1-198.us-west-2.compute.internal |
| mock-config | fedora-41-x86_64 |
| project-name | jose-14-1.fc41 |
| store-results-to | /tmp/tmpr8j55ahq/jose-14-1.fc41.tar.xz |
| time-created | 2024-07-03 13:29:10 |
| time-finished | 2024-07-03 13:30:17 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmpr8j55ahq/jose-14-1.fc41.tar.xz' '--gcc-analyze' '/tmp/tmpr8j55ahq/jose-14-1.fc41.src.rpm' |
| tool-version | csmock-3.5.3-1.el9 |