librepo-1.17.1-2.fc41
List of Defects
Error: CPPCHECK_WARNING: [#def1]
librepo-1.17.1-build/librepo-1.17.1/librepo/checksum.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def2]
librepo-1.17.1-build/librepo-1.17.1/librepo/downloader.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def3]
librepo-1.17.1-build/librepo-1.17.1/librepo/downloader.c:1332:5: warning[deadcode.DeadStores]: Value stored to 'zck' is never read
# 1330| return FALSE;
# 1331| }
# 1332|-> zck = zck_dl_get_zck(target->target->zck_dl);
# 1333|
# 1334| if(target->zck_state == LR_ZCK_DL_HEADER) {
Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
librepo-1.17.1-build/librepo-1.17.1/librepo/downloader.c:1400:15: warning[-Wanalyzer-malloc-leak]: leak of ‘open_target_file(target, err)’
librepo-1.17.1-build/librepo-1.17.1/librepo/downloader.c:26: included_from: Included from here.
# 1398| FILE *f;
# 1399|
# 1400|-> if (target->target->fd != -1) {
# 1401| // Use supplied filedescriptor
# 1402| fd = dup(target->target->fd);
Error: COMPILER_WARNING (CWE-477): [#def5]
librepo-1.17.1-build/librepo-1.17.1/librepo/downloader.c: scope_hint: In function ‘prepare_next_transfer’
librepo-1.17.1-build/librepo-1.17.1/librepo/downloader.c:1622:9: warning[-Wdeprecated-declarations]: ‘CURLOPT_PROGRESSFUNCTION’ is deprecated: since 7.32.0. Use CURLOPT_XFERINFOFUNCTION
librepo-1.17.1-build/librepo-1.17.1/librepo/downloader.c:37: included_from: Included from here.
/usr/include/curl/curl.h:1295:3: note: declared here
# 1620| target->cb_return_code = LR_CB_OK;
# 1621| if (target->target->progresscb) {
# 1622|-> c_rc = curl_easy_setopt(h, CURLOPT_PROGRESSFUNCTION, lr_progresscb) ||
# 1623| curl_easy_setopt(h, CURLOPT_NOPROGRESS, 0) ||
# 1624| curl_easy_setopt(h, CURLOPT_PROGRESSDATA, target);
Error: CPPCHECK_WARNING: [#def6]
librepo-1.17.1-build/librepo-1.17.1/librepo/fastestmirror.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def7]
librepo-1.17.1-build/librepo-1.17.1/librepo/gpg_rpm.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CLANG_WARNING: [#def8]
librepo-1.17.1-build/librepo-1.17.1/librepo/gpg_rpm.c:355:9: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
# 353| if (memchr(block_begin, '\0', key_len) == NULL) {
# 354| key_with_null_byte = g_new(gchar, key_len + 1);
# 355|-> memcpy(key_with_null_byte, key, key_len);
# 356| key_with_null_byte[key_len] = '\0';
# 357|
Error: CLANG_WARNING: [#def9]
librepo-1.17.1-build/librepo-1.17.1/librepo/gpg_rpm.c:537:13: warning[deadcode.DeadStores]: Value stored to 'sig_buf' is never read
# 535| // set block_begin and key to null byte terminated local copy
# 536| block_begin = sig_buf_with_null_byte + (block_begin - sig_buf);
# 537|-> sig_buf = sig_buf_with_null_byte;
# 538| }
# 539|
Error: CLANG_WARNING: [#def10]
librepo-1.17.1-build/librepo-1.17.1/librepo/gpg_rpm.c:540:9: warning[unix.Malloc]: Potential leak of memory pointed to by 'sig_buf'
# 538| }
# 539|
# 540|-> pgpArmor ret_pgparmor = pgpParsePkts((const char *)block_begin, &pkts, &pkts_len);
# 541| if (ret_pgparmor < 0) {
# 542| g_debug("%s: Error: Parsing armored OpenPGP packet(s) failed", __func__);
Error: GCC_ANALYZER_WARNING (CWE-688): [#def11]
librepo-1.17.1-build/librepo-1.17.1/librepo/gpg_rpm.c: scope_hint: In function ‘check_signature’
librepo-1.17.1-build/librepo-1.17.1/librepo/gpg_rpm.c:550:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘pkts’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 548| pkts_len = sig_buf_len;
# 549| pkts = malloc(sig_buf_len);
# 550|-> memcpy(pkts, sig_buf, sig_buf_len);
# 551| }
# 552|
Error: CPPCHECK_WARNING: [#def12]
librepo-1.17.1-build/librepo-1.17.1/librepo/handle.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-476): [#def13]
librepo-1.17.1-build/librepo-1.17.1/librepo/handle.c: scope_hint: In function ‘lr_handle_setopt’
librepo-1.17.1-build/librepo-1.17.1/librepo/handle.c:560:22: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘handle_list’
# 558|
# 559| // Copy the list
# 560|-> *handle_list = lr_strv_dup(list);
# 561| break;
# 562| }
Error: CPPCHECK_WARNING (CWE-457): [#def14]
librepo-1.17.1-build/librepo-1.17.1/librepo/handle.c:916: error[legacyUninitvar]: Uninitialized variable: baseurl
# 914| else if (handle->urls)
# 915| baseurl = handle->urls[0];
# 916|-> assert(baseurl);
# 917|
# 918| g_autoptr(GUri) uri = g_uri_parse(baseurl, G_URI_FLAGS_NONE, NULL);
Error: CLANG_WARNING: [#def15]
librepo-1.17.1-build/librepo-1.17.1/librepo/handle.c:916:5: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 914| else if (handle->urls)
# 915| baseurl = handle->urls[0];
# 916|-> assert(baseurl);
# 917|
# 918| g_autoptr(GUri) uri = g_uri_parse(baseurl, G_URI_FLAGS_NONE, NULL);
Error: GCC_ANALYZER_WARNING (CWE-457): [#def16]
librepo-1.17.1-build/librepo-1.17.1/librepo/handle.c: scope_hint: In function ‘lr_handle_network_wait’
librepo-1.17.1-build/librepo-1.17.1/librepo/handle.c:918:27: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘baseurl’
# 916| assert(baseurl);
# 917|
# 918|-> g_autoptr(GUri) uri = g_uri_parse(baseurl, G_URI_FLAGS_NONE, NULL);
# 919| if (uri == NULL) {
# 920| return FALSE;
Error: COMPILER_WARNING (CWE-457): [#def17]
librepo-1.17.1-build/librepo-1.17.1/librepo/handle.c: scope_hint: In function ‘lr_handle_network_wait’
librepo-1.17.1-build/librepo-1.17.1/librepo/handle.c:918:27: warning[-Wmaybe-uninitialized]: ‘baseurl’ may be used uninitialized
# 918 | g_autoptr(GUri) uri = g_uri_parse(baseurl, G_URI_FLAGS_NONE, NULL);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
librepo-1.17.1-build/librepo-1.17.1/librepo/handle.c:909:18: note: ‘baseurl’ was declared here
# 909 | const gchar *baseurl;
# | ^~~~~~~
# 916| assert(baseurl);
# 917|
# 918|-> g_autoptr(GUri) uri = g_uri_parse(baseurl, G_URI_FLAGS_NONE, NULL);
# 919| if (uri == NULL) {
# 920| return FALSE;
Error: GCC_ANALYZER_WARNING (CWE-775): [#def18]
librepo-1.17.1-build/librepo-1.17.1/librepo/handle.c: scope_hint: In function ‘lr_handle_prepare_mirrorlist’
librepo-1.17.1-build/librepo-1.17.1/librepo/handle.c:1020:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(lr_pathconcat(localpath, "mirrorlist", 0), 0)’
/usr/include/glib-2.0/glib.h:64: included_from: Included from here.
librepo-1.17.1-build/librepo-1.17.1/librepo/handle.c:1019:13: note: in expansion of macro ‘g_debug’
# 1018| if (g_file_test(path, G_FILE_TEST_IS_REGULAR)) {
# 1019| g_debug("%s: Local mirrorlist found at %s", __func__, path);
# 1020|-> fd = open(path, O_RDONLY);
# 1021| if (fd < 0) {
# 1022| g_set_error(err, LR_HANDLE_ERROR, LRE_IO,
Error: GCC_ANALYZER_WARNING (CWE-775): [#def19]
librepo-1.17.1-build/librepo-1.17.1/librepo/handle.c: scope_hint: In function ‘lr_handle_prepare_metalink’
librepo-1.17.1-build/librepo-1.17.1/librepo/handle.c:1135:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(lr_pathconcat(localpath, "metalink.xml", 0), 0)’
librepo-1.17.1-build/librepo-1.17.1/librepo/handle.c:1134:13: note: in expansion of macro ‘g_debug’
# 1133| if (g_file_test(path, G_FILE_TEST_IS_REGULAR)) {
# 1134| g_debug("%s: Local metalink.xml found at %s", __func__, path);
# 1135|-> fd = open(path, O_RDONLY);
# 1136| if (fd < 0) {
# 1137| g_set_error(err, LR_HANDLE_ERROR, LRE_IO,
Error: CPPCHECK_WARNING: [#def20]
librepo-1.17.1-build/librepo-1.17.1/librepo/lrmirrorlist.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def21]
librepo-1.17.1-build/librepo-1.17.1/librepo/metadata_downloader.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-476): [#def22]
librepo-1.17.1-build/librepo-1.17.1/librepo/metadata_downloader.c: scope_hint: In function ‘appendFdValue’
librepo-1.17.1-build/librepo-1.17.1/librepo/metadata_downloader.c:154:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘fd_allocated’
# 152| {
# 153| int *fd_allocated = malloc(sizeof(int));
# 154|-> *fd_allocated = fd;
# 155| fd_list = g_slist_append(fd_list, fd_allocated);
# 156| return fd_list;
Error: CPPCHECK_WARNING: [#def23]
librepo-1.17.1-build/librepo-1.17.1/librepo/metalink.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def24]
librepo-1.17.1-build/librepo-1.17.1/librepo/mirrorlist.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def25]
librepo-1.17.1-build/librepo-1.17.1/librepo/package_downloader.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-775): [#def26]
librepo-1.17.1-build/librepo-1.17.1/librepo/package_downloader.c: scope_hint: In function ‘lr_download_packages’
librepo-1.17.1-build/librepo-1.17.1/librepo/package_downloader.c:310:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(*packagetarget.local_path, 0)’
# 308| * completely downloaded, then the download is going to fail.
# 309| */
# 310|-> int fd_r = open(packagetarget->local_path, O_RDONLY);
# 311| if (fd_r != -1) {
# 312| gboolean matches;
Error: GCC_ANALYZER_WARNING (CWE-775): [#def27]
librepo-1.17.1-build/librepo-1.17.1/librepo/package_downloader.c: scope_hint: In function ‘lr_check_packages’
librepo-1.17.1-build/librepo-1.17.1/librepo/package_downloader.c:568:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(*packagetarget.local_path, 0)’
/usr/include/glib-2.0/glib/gmain.h:28: included_from: Included from here.
/usr/include/glib-2.0/glib/giochannel.h:35: included_from: Included from here.
/usr/include/glib-2.0/glib.h:56: included_from: Included from here.
librepo-1.17.1-build/librepo-1.17.1/librepo/package_downloader.c:22: included_from: Included from here.
librepo-1.17.1-build/librepo-1.17.1/librepo/package_downloader.c:511:47: note: in expansion of macro ‘g_slist_next’
# 566| if (g_access(packagetarget->local_path, R_OK) == 0) {
# 567| // If the file exists check its checksum
# 568|-> int fd_r = open(packagetarget->local_path, O_RDONLY);
# 569| if (fd_r != -1) {
# 570| // File was successfully opened
Error: COMPILER_WARNING (CWE-1164): [#def28]
librepo-1.17.1-build/librepo-1.17.1/librepo/python/globalstate-py.h:60:1: warning[-Wunused-function]: ‘gil_logger_hack_begin’ defined but not used
# 60 | gil_logger_hack_begin(PyThreadState **state)
# | ^~~~~~~~~~~~~~~~~~~~~
# 58|
# 59| static int
# 60|-> gil_logger_hack_begin(PyThreadState **state)
# 61| {
# 62| int ret = GIL_HACK_DO_NOT_CLEAR;
Error: COMPILER_WARNING (CWE-1164): [#def29]
librepo-1.17.1-build/librepo-1.17.1/librepo/python/librepomodule.c:35: included_from: Included from here.
librepo-1.17.1-build/librepo-1.17.1/librepo/python/globalstate-py.h:84:1: warning[-Wunused-function]: ‘gil_logger_hack_end’ defined but not used
# 84 | gil_logger_hack_end(int hack_begin_rc)
# | ^~~~~~~~~~~~~~~~~~~
# 82|
# 83| static gboolean
# 84|-> gil_logger_hack_end(int hack_begin_rc)
# 85| {
# 86| int ret;
Error: CPPCHECK_WARNING: [#def30]
librepo-1.17.1-build/librepo-1.17.1/librepo/repoconf.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def31]
librepo-1.17.1-build/librepo-1.17.1/librepo/repomd.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def32]
librepo-1.17.1-build/librepo-1.17.1/librepo/url_substitution.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def33]
librepo-1.17.1-build/librepo-1.17.1/librepo/util.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def34]
librepo-1.17.1-build/librepo-1.17.1/librepo/yum.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-476): [#def35]
librepo-1.17.1-build/librepo-1.17.1/librepo/yum.c: scope_hint: In function ‘cbdata_new’
librepo-1.17.1-build/librepo-1.17.1/librepo/yum.c:274:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘data’
librepo-1.17.1-build/librepo-1.17.1/librepo/yum.c:27: included_from: Included from here.
# 272| {
# 273| CbData *data = calloc(1, sizeof(*data));
# 274|-> data->userdata = userdata;
# 275| data->cbdata = cbdata;
# 276| data->progresscb = progresscb;
Error: GCC_ANALYZER_WARNING (CWE-775): [#def36]
librepo-1.17.1-build/librepo-1.17.1/librepo/yum.c: scope_hint: In function ‘lr_yum_use_local_load_base’
librepo-1.17.1-build/librepo-1.17.1/librepo/yum.c:1151:10: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(lr_pathconcat(baseurl, "repodata/repomd.xml", 0), 0)’
# 1149| // Open repomd.xml
# 1150| path = lr_pathconcat(baseurl, "repodata/repomd.xml", NULL);
# 1151|-> fd = open(path, O_RDONLY);
# 1152| if (fd < 0) {
# 1153| g_debug("%s: open(%s): %s", __func__, path, g_strerror(errno));
Error: CLANG_WARNING: [#def37]
librepo-1.17.1-build/librepo-1.17.1/tests/fixtures.c:23:12: warning[deadcode.DeadStores]: Value stored to 'level' during its initialization is never read
# 21| time_t rawtime;
# 22| char buffer[255];
# 23|-> gchar *level = "";
# 24|
# 25| switch(log_level) {
Error: CPPCHECK_WARNING: [#def38]
librepo-1.17.1-build/librepo-1.17.1/tests/test_main.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Scan Properties
| analyzer-version-clang | 18.1.7 |
| analyzer-version-cppcheck | 2.14.2 |
| analyzer-version-gcc | 14.1.1 |
| analyzer-version-gcc-analyzer | 14.1.1 |
| analyzer-version-shellcheck | 0.10.0 |
| enabled-plugins | clang, cppcheck, gcc, shellcheck |
| exit-code | 0 |
| host | ip-172-16-1-56.us-west-2.compute.internal |
| mock-config | fedora-41-x86_64 |
| project-name | librepo-1.17.1-2.fc41 |
| store-results-to | /tmp/tmp10qc7sjy/librepo-1.17.1-2.fc41.tar.xz |
| time-created | 2024-07-03 15:52:50 |
| time-finished | 2024-07-03 15:54:20 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmp10qc7sjy/librepo-1.17.1-2.fc41.tar.xz' '--gcc-analyze' '/tmp/tmp10qc7sjy/librepo-1.17.1-2.fc41.src.rpm' |
| tool-version | csmock-3.5.3-1.el9 |