libcue-2.3.0-7.fc41

List of Defects

Error: GCC_ANALYZER_WARNING (CWE-476): [#def1]
libcue-2.3.0-build/libcue-2.3.0/cd.c: scope_hint: In function ‘track_delete.part.0’
libcue-2.3.0-build/libcue-2.3.0/cd.c:71:27: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘track’
#   69|   		rem_free(track_get_rem(track));
#   70|   
#   71|-> 		free(track->isrc);
#   72|   
#   73|   		free(track->zero_pre.name);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def2]
libcue-2.3.0-build/libcue-2.3.0/cdtext.c: scope_hint: In function ‘cdtext_set’
libcue-2.3.0-build/libcue-2.3.0/cdtext.c:81:47: warning[-Wanalyzer-malloc-leak]: leak of ‘*cdtext.value’
#   79|   			if (pti == cdtext->pti) {
#   80|   				free (cdtext->value);
#   81|-> 				cdtext->value = strdup (value);
#   82|   			}
#   83|   }

Error: GCC_ANALYZER_WARNING (CWE-457): [#def3]
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_parser.c: scope_hint: In function ‘yyparse’
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_parser.c:536:7: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyss’
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_parser.c:521:9: note: in expansion of macro ‘YYCOPY’
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_parser.c:1137:9: note: in expansion of macro ‘YYSTACK_RELOCATE’
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_parser.c:521:9: note: in expansion of macro ‘YYCOPY’
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_parser.c:1137:9: note: in expansion of macro ‘YYSTACK_RELOCATE’
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_parser.c:521:9: note: in expansion of macro ‘YYCOPY’
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_parser.c:1137:9: note: in expansion of macro ‘YYSTACK_RELOCATE’
#  534|   #  if defined __GNUC__ && 1 < __GNUC__
#  535|   #   define YYCOPY(Dst, Src, Count) \
#  536|->       __builtin_memcpy (Dst, Src, YY_CAST (YYSIZE_T, (Count)) * sizeof (*(Src)))
#  537|   #  else
#  538|   #   define YYCOPY(Dst, Src, Count)              \

Error: GCC_ANALYZER_WARNING (CWE-457): [#def4]
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_parser.c:1264:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
# 1262|        unconditionally makes the parser a bit smaller, and it avoids a
# 1263|        GCC warning that YYVAL may be used uninitialized.  */
# 1264|->   yyval = yyvsp[1-yylen];
# 1265|   
# 1266|   

Error: CPPCHECK_WARNING: [#def5]
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_scanner.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_scanner.c: scope_hint: In function ‘yy_get_next_buffer’
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_scanner.c:1752:18: warning[-Wanalyzer-malloc-leak]: leak of ‘*b.yy_ch_buf’
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_scanner.c: scope_hint: In function ‘yy_get_next_buffer’
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_scanner.c: scope_hint: In function ‘yy_get_next_buffer’
# 1750|   				else
# 1751|   					b->yy_buf_size *= 2;
# 1752|-> 
# 1753|   				b->yy_ch_buf = (char *)
# 1754|   					/* Include room in for 2 EOB chars. */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def7]
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_scanner.c: scope_hint: In function ‘yy_create_buffer’
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_scanner.c:2044:12: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(64)’
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_scanner.c: scope_hint: In function ‘yy_create_buffer’
# 2042|   	 * we need to put in 2 end-of-buffer characters.
# 2043|   	 */
# 2044|-> 	b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2)  );
# 2045|   	if ( ! b->yy_ch_buf )
# 2046|   		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );

Error: CPPCHECK_WARNING (CWE-476): [#def8]
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_scanner.c:2084: warning[nullPointer]: Possible null pointer dereference: b
# 2082|       
# 2083|   	yy_flush_buffer( b );
# 2084|-> 
# 2085|   	b->yy_input_file = file;
# 2086|   	b->yy_fill_buffer = 1;

Error: CPPCHECK_WARNING (CWE-476): [#def9]
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_scanner.c:2085: warning[nullPointer]: Possible null pointer dereference: b
# 2083|   	yy_flush_buffer( b );
# 2084|   
# 2085|-> 	b->yy_input_file = file;
# 2086|   	b->yy_fill_buffer = 1;
# 2087|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def10]
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_scanner.c: scope_hint: In function ‘yy_scan_buffer’
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_scanner.c:2298:25: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(n)’
libcue-2.3.0-build/libcue-2.3.0/redhat-linux-build/cue_scanner.c: scope_hint: In function ‘yy_scan_buffer’
# 2296|   	for ( i = 0; i < _yybytes_len; ++i )
# 2297|   		buf[i] = yybytes[i];
# 2298|-> 
# 2299|   	buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
# 2300|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def11]
libcue-2.3.0-build/libcue-2.3.0/rem.c: scope_hint: In function ‘rem_set’
libcue-2.3.0-build/libcue-2.3.0/rem.c:103:36: warning[-Wanalyzer-malloc-leak]: leak of ‘*rem.value’
#  101|   		{
#  102|   			free(rem->value);
#  103|-> 			rem->value = strdup(value);
#  104|   			return;
#  105|   		}

Error: COMPILER_WARNING: [#def12]
libcue-2.3.0-build/libcue-2.3.0/rem.c:110:1: warning[-Wenum-int-mismatch]: conflicting types for ‘rem_get’ due to enum/integer mismatch; have ‘const char *(RemType,  Rem *)’
#  110 | rem_get(        RemType cmt,
#      | ^~~~~~~
libcue-2.3.0-build/libcue-2.3.0/rem.h:27: included_from: Included from here.
libcue-2.3.0-build/libcue-2.3.0/rem.c:27: included_from: Included from here.
libcue-2.3.0-build/libcue-2.3.0/libcue.h:136:24: note: previous declaration of ‘rem_get’ with type ‘const char *(unsigned int,  Rem *)’
#  136 | CUE_EXPORT const char* rem_get(unsigned int, Rem*);
#      |                        ^~~~~~~
#  108|   
#  109|   const char*
#  110|-> rem_get(	RemType cmt,
#  111|   		Rem* rem)
#  112|   {

Error: CPPCHECK_WARNING: [#def13]
libcue-2.3.0-build/libcue-2.3.0/t/multiple_files.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CPPCHECK_WARNING: [#def14]
libcue-2.3.0-build/libcue-2.3.0/t/noncompliant.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CPPCHECK_WARNING: [#def15]
libcue-2.3.0-build/libcue-2.3.0/t/single_idx_00.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: CPPCHECK_WARNING: [#def16]
libcue-2.3.0-build/libcue-2.3.0/t/standard_cue.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: COMPILER_WARNING: [#def17]
libcue-2.3.0-build/libcue-2.3.0/time.c: scope_hint: In function ‘time_frame_to_mmssff’
libcue-2.3.0-build/libcue-2.3.0/time.c:33:33: warning[-Wformat-overflow=]: ‘%02d’ directive writing between 2 and 3 bytes into a region of size between 0 and 3
#   33 |         sprintf(msf, "%02d:%02d:%02d", minutes, seconds, frames);
#      |                                 ^~~~
libcue-2.3.0-build/libcue-2.3.0/time.c:33:22: note: directive argument in the range [-74, 74]
#   33 |         sprintf(msf, "%02d:%02d:%02d", minutes, seconds, frames);
#      |                      ^~~~~~~~~~~~~~~~
/usr/include/bits/stdio2.h:30:10: note: ‘__sprintf_chk’ output between 9 and 20 bytes into a destination of size 9
#   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   31 |                                   __glibc_objsize (__s), __fmt,
#      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   32 |                                   __va_arg_pack ());
#      |                                   ~~~~~~~~~~~~~~~~~
#   31|   
#   32|   	time_frame_to_msf(f, &minutes, &seconds, &frames);
#   33|-> 	sprintf(msf, "%02d:%02d:%02d", minutes, seconds, frames);
#   34|   
#   35|   	return msf;
Scan Properties

analyzer-version-clang	18.1.7
analyzer-version-cppcheck	2.14.2
analyzer-version-gcc	14.1.1
analyzer-version-gcc-analyzer	14.1.1
analyzer-version-shellcheck	0.10.0
enabled-plugins	clang, cppcheck, gcc, shellcheck
exit-code	0
host	ip-172-16-1-145.us-west-2.compute.internal
mock-config	fedora-41-x86_64
project-name	libcue-2.3.0-7.fc41
store-results-to	/tmp/tmp4hau2fdy/libcue-2.3.0-7.fc41.tar.xz
time-created	2024-07-03 14:36:53
time-finished	2024-07-03 14:37:40
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmp4hau2fdy/libcue-2.3.0-7.fc41.tar.xz' '--gcc-analyze' '/tmp/tmp4hau2fdy/libcue-2.3.0-7.fc41.src.rpm'
tool-version	csmock-3.5.3-1.el9