libbpf-1.4.3-1.fc41

List of Defects

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1]
libbpf-1.4.3-build/libbpf-1.4.3/include/linux/err.h:15:16: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
libbpf-1.4.3-build/libbpf-1.4.3/src/btf.c: scope_hint: In function ‘btf_new’
#   13|   static inline void * ERR_PTR(long error_)
#   14|   {
#   15|-> 	return (void *) error_;
#   16|   }
#   17|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def2]
libbpf-1.4.3-build/libbpf-1.4.3/include/linux/err.h:15:16: warning[-Wanalyzer-malloc-leak]: leak of ‘btf’
libbpf-1.4.3-build/libbpf-1.4.3/src/btf.c: scope_hint: In function ‘btf_new’
#   13|   static inline void * ERR_PTR(long error_)
#   14|   {
#   15|-> 	return (void *) error_;
#   16|   }
#   17|   

Error: CPPCHECK_WARNING: [#def3]
libbpf-1.4.3-build/libbpf-1.4.3/src/bpf.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: GCC_ANALYZER_WARNING (CWE-122): [#def4]
libbpf-1.4.3-build/libbpf-1.4.3/src/bpf_prog_linfo.c: scope_hint: In function ‘dissect_jited_func’
libbpf-1.4.3-build/libbpf-1.4.3/src/bpf_prog_linfo.c:79:64: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
cc1: note: unrecognized command-line option ‘-Wno-unknown-warning-option’ may have been intended to silence earlier diagnostics
#   77|   		goto errout;
#   78|   
#   79|-> 	prog_linfo->nr_jited_linfo_per_func[nr_jited_func - 1] =
#   80|   		nr_linfo - prev_i;
#   81|   

Error: CPPCHECK_WARNING: [#def5]
libbpf-1.4.3-build/libbpf-1.4.3/src/btf.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: GCC_ANALYZER_WARNING (CWE-476): [#def6]
libbpf-1.4.3-build/libbpf-1.4.3/src/btf.c: scope_hint: In function ‘btf__str_by_offset’
libbpf-1.4.3-build/libbpf-1.4.3/src/btf.c:1500:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘btf’
libbpf-1.4.3-build/libbpf-1.4.3/src/btf.c: scope_hint: In function ‘btf__str_by_offset’
libbpf-1.4.3-build/libbpf-1.4.3/src/btf.c: scope_hint: In function ‘btf__str_by_offset’
libbpf-1.4.3-build/libbpf-1.4.3/src/btf.c: scope_hint: In function ‘btf__str_by_offset’
cc1: note: unrecognized command-line option ‘-Wno-unknown-warning-option’ may have been intended to silence earlier diagnostics
# 1498|   const char *btf__str_by_offset(const struct btf *btf, __u32 offset)
# 1499|   {
# 1500|-> 	if (offset < btf->start_str_off)
# 1501|   		return btf__str_by_offset(btf->base_btf, offset);
# 1502|   	else if (offset - btf->start_str_off < btf->hdr->str_len)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def7]
libbpf-1.4.3-build/libbpf-1.4.3/src/btf.h:322:31: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
libbpf-1.4.3-build/libbpf-1.4.3/include/uapi/linux/btf.h:55:36: note: in definition of macro ‘BTF_INFO_KIND’
libbpf-1.4.3-build/libbpf-1.4.3/src/btf.c: scope_hint: In function ‘determine_ptr_size.part.0’
libbpf-1.4.3-build/libbpf-1.4.3/src/btf.c:19: included_from: Included from here.
libbpf-1.4.3-build/libbpf-1.4.3/include/uapi/linux/btf.h:55:36: note: in definition of macro ‘BTF_INFO_KIND’
#  320|   static inline __u16 btf_kind(const struct btf_type *t)
#  321|   {
#  322|-> 	return BTF_INFO_KIND(t->info);
#  323|   }
#  324|   

Error: CPPCHECK_WARNING: [#def8]
libbpf-1.4.3-build/libbpf-1.4.3/src/btf_dump.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CLANG_WARNING: [#def9]
libbpf-1.4.3-build/libbpf-1.4.3/src/btf_dump.c:191:9: warning[unix.Malloc]: Potential leak of memory pointed to by 'd'
#  189|   err:
#  190|   	btf_dump__free(d);
#  191|-> 	return libbpf_err_ptr(err);
#  192|   }
#  193|   

Error: CLANG_WARNING: [#def10]
libbpf-1.4.3-build/libbpf-1.4.3/src/btf_dump.c:1782:16: warning[core.BitwiseShift]: Left shift by '64' overflows the capacity of '__u64'
# 1780|   	right_shift_bits = 64 - bit_sz;
# 1781|   
# 1782|-> 	*value = (num << left_shift_bits) >> right_shift_bits;
# 1783|   
# 1784|   	return 0;

Error: CPPCHECK_WARNING: [#def11]
libbpf-1.4.3-build/libbpf-1.4.3/src/elf.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CLANG_WARNING: [#def12]
libbpf-1.4.3-build/libbpf-1.4.3/src/elf.c:57:2: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
#   55|   	if (!elf_fd)
#   56|   		return;
#   57|-> 	elf_end(elf_fd->elf);
#   58|   	close(elf_fd->fd);
#   59|   }

Error: CLANG_WARNING: [#def13]
libbpf-1.4.3-build/libbpf-1.4.3/src/elf.c:383:8: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
#  381|   	if (ret)
#  382|   		return ret;
#  383|-> 	ret = elf_find_func_offset(elf_fd.elf, binary_path, name);
#  384|   	elf_close(&elf_fd);
#  385|   	return ret;

Error: CLANG_WARNING: [#def14]
libbpf-1.4.3-build/libbpf-1.4.3/src/elf.c:440:9: warning[core.CallAndMessage]: 2nd function call argument is an uninitialized value
#  438|   		struct elf_sym *sym;
#  439|   
#  440|-> 		err = elf_sym_iter_new(&iter, elf_fd.elf, binary_path, sh_types[i], st_type);
#  441|   		if (err == -ENOENT)
#  442|   			continue;

Error: CLANG_WARNING: [#def15]
libbpf-1.4.3-build/libbpf-1.4.3/src/elf.c:521:9: warning[core.CallAndMessage]: 2nd function call argument is an uninitialized value
#  519|   		struct elf_sym *sym;
#  520|   
#  521|-> 		err = elf_sym_iter_new(&iter, elf_fd.elf, binary_path, sh_types[i], STT_FUNC);
#  522|   		if (err == -ENOENT)
#  523|   			continue;

Error: CPPCHECK_WARNING (CWE-457): [#def16]
libbpf-1.4.3-build/libbpf-1.4.3/src/features.c:325: error[uninitvar]: Uninitialized variable: name
#  323|   
#  324|   	memset(&info, 0, sizeof(info));
#  325|-> 	info.name = ptr_to_u64(name);
#  326|   	info.name_len = sizeof(name);
#  327|   

Error: CPPCHECK_WARNING: [#def17]
libbpf-1.4.3-build/libbpf-1.4.3/src/hashmap.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CPPCHECK_WARNING (CWE-758): [#def18]
libbpf-1.4.3-build/libbpf-1.4.3/src/libbpf_internal.h:245: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  243|   static inline __u32 btf_type_info(int kind, int vlen, int kflag)
#  244|   {
#  245|-> 	return (kflag << 31) | (kind << 24) | vlen;
#  246|   }
#  247|   

Error: CPPCHECK_WARNING: [#def19]
libbpf-1.4.3-build/libbpf-1.4.3/src/libbpf_probes.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CPPCHECK_WARNING: [#def20]
libbpf-1.4.3-build/libbpf-1.4.3/src/linker.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: GCC_ANALYZER_WARNING (CWE-401): [#def21]
libbpf-1.4.3-build/libbpf-1.4.3/src/linker.c: scope_hint: In function ‘add_new_sym’
libbpf-1.4.3-build/libbpf-1.4.3/src/linker.c:285:15: warning[-Wanalyzer-malloc-leak]: leak of ‘realloc(*symtab.raw_data,  __real__ <unknown>)’
libbpf-1.4.3-build/libbpf-1.4.3/src/linker.c: scope_hint: In function ‘add_new_sym’
#  283|   
#  284|   	symtab->raw_data = syms;
#  285|-> 	symtab->sec_sz += sizeof(*sym);
#  286|   	symtab->shdr->sh_size += sizeof(*sym);
#  287|   	symtab->data->d_size += sizeof(*sym);

Error: CLANG_WARNING: [#def22]
libbpf-1.4.3-build/libbpf-1.4.3/src/linker.c:1154:3: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 1152|   
# 1153|   		/* pad dst section, if it's alignment forced size increase */
# 1154|-> 		memset(dst->raw_data + dst->sec_sz, 0, dst_align_sz - dst->sec_sz);
# 1155|   		/* now copy src data at a properly aligned offset */
# 1156|   		memcpy(dst->raw_data + dst_align_sz, src->data->d_buf, src->shdr->sh_size);

Error: CPPCHECK_WARNING (CWE-476): [#def23]
libbpf-1.4.3-build/libbpf-1.4.3/src/linker.c:1521: error[ctunullpointer]: Null pointer dereference: extra_def
# 1519|   	const char *reason;
# 1520|   
# 1521|-> 	if (main_def->map_type != extra_def->map_type) {
# 1522|   		reason = "type";
# 1523|   		goto mismatch;

Error: CPPCHECK_WARNING (CWE-476): [#def24]
libbpf-1.4.3-build/libbpf-1.4.3/src/linker.c:1521: error[ctunullpointer]: Null pointer dereference: main_def
# 1519|   	const char *reason;
# 1520|   
# 1521|-> 	if (main_def->map_type != extra_def->map_type) {
# 1522|   		reason = "type";
# 1523|   		goto mismatch;

Error: CLANG_WARNING: [#def25]
libbpf-1.4.3-build/libbpf-1.4.3/src/linker.c:1521:6: warning[core.NullDereference]: Access to field 'map_type' results in a dereference of a null pointer (loaded from variable 'main_def')
# 1519|   	const char *reason;
# 1520|   
# 1521|-> 	if (main_def->map_type != extra_def->map_type) {
# 1522|   		reason = "type";
# 1523|   		goto mismatch;

Error: CLANG_WARNING: [#def26]
libbpf-1.4.3-build/libbpf-1.4.3/src/linker.c:1963:23: warning[core.NullDereference]: Access to field 'sec_idx' results in a dereference of a null pointer (loaded from variable 'dst_sec')
# 1961|   		 */
# 1962|   		sym_update_type(dst_sym, sym_type);
# 1963|-> 		dst_sym->st_shndx = dst_sec->sec_idx;
# 1964|   		dst_sym->st_value = src_sec->dst_off + sym->st_value;
# 1965|   		dst_sym->st_size = sym->st_size;

Error: CLANG_WARNING: [#def27]
libbpf-1.4.3-build/libbpf-1.4.3/src/linker.c:2001:24: warning[core.NullDereference]: Access to field 'sec_sym_idx' results in a dereference of a null pointer (loaded from variable 'dst_sec')
# 1999|   
# 2000|   	if (sym_type == STT_SECTION && dst_sym) {
# 2001|-> 		dst_sec->sec_sym_idx = dst_sym_idx;
# 2002|   		dst_sym->st_value = 0;
# 2003|   	}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def28]
libbpf-1.4.3-build/libbpf-1.4.3/src/linker.c: scope_hint: In function ‘linker_append_btf’
libbpf-1.4.3-build/libbpf-1.4.3/src/linker.c:2382:45: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
cc1: note: unrecognized command-line option ‘-Wno-unknown-warning-option’ may have been intended to silence earlier diagnostics
# 2380|   				name = btf__str_by_offset(linker->btf, t->name_off);
# 2381|   				glob_sym = find_glob_sym(linker, name);
# 2382|-> 				if (glob_sym->sec_id != dst_sec->id) {
# 2383|   					pr_warn("global '%s': section mismatch %d vs %d\n",
# 2384|   						name, glob_sym->sec_id, dst_sec->id);

Error: CPPCHECK_WARNING: [#def29]
libbpf-1.4.3-build/libbpf-1.4.3/src/netlink.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CLANG_WARNING: [#def30]
libbpf-1.4.3-build/libbpf-1.4.3/src/netlink.c:486:20: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
#  484|   	req.nh.nlmsg_len = NLMSG_LENGTH(GENL_HDRLEN);
#  485|   	req.nh.nlmsg_flags = NLM_F_REQUEST;
#  486|-> 	req.nh.nlmsg_type = id;
#  487|   	req.gnl.cmd = NETDEV_CMD_DEV_GET;
#  488|   	req.gnl.version = 2;

Error: CPPCHECK_WARNING: [#def31]
libbpf-1.4.3-build/libbpf-1.4.3/src/nlattr.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CPPCHECK_WARNING: [#def32]
libbpf-1.4.3-build/libbpf-1.4.3/src/relo_core.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CPPCHECK_WARNING: [#def33]
libbpf-1.4.3-build/libbpf-1.4.3/src/ringbuf.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CLANG_WARNING: [#def34]
libbpf-1.4.3-build/libbpf-1.4.3/src/gen_loader.c:15: included_from: Included from here.
libbpf-1.4.3-build/libbpf-1.4.3/src/skel_internal.h:316:2: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  314|   	union bpf_attr attr;
#  315|   
#  316|-> 	err = map_fd = skel_map_create(BPF_MAP_TYPE_ARRAY, "__loader.map", 4, opts->data_sz, 1);
#  317|   	if (map_fd < 0) {
#  318|   		opts->errstr = "failed to create loader map";

Error: CLANG_WARNING: [#def35]
libbpf-1.4.3-build/libbpf-1.4.3/src/skel_internal.h:341:2: warning[deadcode.DeadStores]: Value stored to 'err' is never read
#  339|   	attr.log_buf = opts->ctx->log_buf;
#  340|   	attr.prog_flags = BPF_F_SLEEPABLE;
#  341|-> 	err = prog_fd = skel_sys_bpf(BPF_PROG_LOAD, &attr, prog_load_attr_sz);
#  342|   	if (prog_fd < 0) {
#  343|   		opts->errstr = "failed to load loader prog";

Error: CPPCHECK_WARNING: [#def36]
libbpf-1.4.3-build/libbpf-1.4.3/src/usdt.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CLANG_WARNING: [#def37]
libbpf-1.4.3-build/libbpf-1.4.3/src/usdt.c:871:4: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#  869|   		 */
#  870|   		if (new_free_ids || new_cnt == 0) {
#  871|-> 			memcpy(new_free_ids + man->free_spec_cnt, usdt_link->spec_ids,
#  872|   			       usdt_link->spec_cnt * sizeof(*usdt_link->spec_ids));
#  873|   			man->free_spec_ids = new_free_ids;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def38]
libbpf-1.4.3-build/libbpf-1.4.3/src/usdt.c: scope_hint: In function ‘bpf_link_usdt_detach’
libbpf-1.4.3-build/libbpf-1.4.3/src/usdt.c:874:44: warning[-Wanalyzer-malloc-leak]: leak of ‘*man.free_spec_ids’
libbpf-1.4.3-build/libbpf-1.4.3/src/usdt.c: scope_hint: In function ‘bpf_link_usdt_detach’
cc1: note: unrecognized command-line option ‘-Wno-unknown-warning-option’ may have been intended to silence earlier diagnostics
#  872|   			       usdt_link->spec_cnt * sizeof(*usdt_link->spec_ids));
#  873|   			man->free_spec_ids = new_free_ids;
#  874|-> 			man->free_spec_cnt = new_cnt;
#  875|   		}
#  876|   	}

Error: CLANG_WARNING: [#def39]
libbpf-1.4.3-build/libbpf-1.4.3/src/usdt.c:1069:15: warning[core.NullDereference]: Array access (from variable 'offsets') results in a null pointer dereference
# 1067|   
# 1068|   		if (man->has_uprobe_multi) {
# 1069|-> 			offsets[i] = target->rel_ip;
# 1070|   			ref_ctr_offsets[i] = target->sema_off;
# 1071|   			cookies[i] = spec_id;

Error: CLANG_WARNING: [#def40]
libbpf-1.4.3-build/libbpf-1.4.3/src/usdt.c:1112:2: warning[unix.Malloc]: Potential leak of memory pointed to by 'cookies'
# 1110|   	}
# 1111|   
# 1112|-> 	free(targets);
# 1113|   	hashmap__free(specs_hash);
# 1114|   	elf_close(&elf_fd);

Error: CLANG_WARNING: [#def41]
libbpf-1.4.3-build/libbpf-1.4.3/src/usdt.c:1112:2: warning[unix.Malloc]: Potential leak of memory pointed to by 'offsets'
# 1110|   	}
# 1111|   
# 1112|-> 	free(targets);
# 1113|   	hashmap__free(specs_hash);
# 1114|   	elf_close(&elf_fd);

Error: CLANG_WARNING: [#def42]
libbpf-1.4.3-build/libbpf-1.4.3/src/usdt.c:1112:2: warning[unix.Malloc]: Potential leak of memory pointed to by 'ref_ctr_offsets'
# 1110|   	}
# 1111|   
# 1112|-> 	free(targets);
# 1113|   	hashmap__free(specs_hash);
# 1114|   	elf_close(&elf_fd);
Scan Properties

analyzer-version-clang	18.1.7
analyzer-version-cppcheck	2.14.2
analyzer-version-gcc	14.1.1
analyzer-version-gcc-analyzer	14.1.1
analyzer-version-shellcheck	0.10.0
enabled-plugins	clang, cppcheck, gcc, shellcheck
exit-code	0
host	ip-172-16-1-7.us-west-2.compute.internal
mock-config	fedora-41-x86_64
project-name	libbpf-1.4.3-1.fc41
store-results-to	/tmp/tmp9y9xyj6k/libbpf-1.4.3-1.fc41.tar.xz
time-created	2024-07-03 14:33:20
time-finished	2024-07-03 14:35:02
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmp9y9xyj6k/libbpf-1.4.3-1.fc41.tar.xz' '--gcc-analyze' '/tmp/tmp9y9xyj6k/libbpf-1.4.3-1.fc41.src.rpm'
tool-version	csmock-3.5.3-1.el9