sudo-1.9.15-4.p5.fc41
List of Defects
Error: GCC_ANALYZER_WARNING (CWE-775): [#def1]
sudo-1.9.15-build/sudo-1.9.15p5/src/sudo.h:40: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:45: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c: scope_hint: In function ‘exec_nopty’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:251:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘errpipe[0]’
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:589:9: note: in expansion of macro ‘debug_return’
sudo-1.9.15-build/sudo-1.9.15p5/src/sudo.h:38: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_compat.h:156:27: note: in definition of macro ‘ISSET’
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:589:9: note: in expansion of macro ‘debug_return’
# 249| do { \
# 250| sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); \
# 251|-> return; \
# 252| } while (0)
# 253|
Error: GCC_ANALYZER_WARNING (CWE-775): [#def2]
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:251:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘errpipe[1]’
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:589:9: note: in expansion of macro ‘debug_return’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_compat.h:156:27: note: in definition of macro ‘ISSET’
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:589:9: note: in expansion of macro ‘debug_return’
# 249| do { \
# 250| sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); \
# 251|-> return; \
# 252| } while (0)
# 253|
Error: GCC_ANALYZER_WARNING (CWE-775): [#def3]
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:251:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘io_pipe[0][0]’
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:589:9: note: in expansion of macro ‘debug_return’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_compat.h:156:27: note: in definition of macro ‘ISSET’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:378:5: note: in expansion of macro ‘sudo_debug_printf2’
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:504:13: note: in expansion of macro ‘sudo_debug_printf’
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:589:9: note: in expansion of macro ‘debug_return’
# 249| do { \
# 250| sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); \
# 251|-> return; \
# 252| } while (0)
# 253|
Error: GCC_ANALYZER_WARNING (CWE-775): [#def4]
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:251:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘io_pipe[1][1]’
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:589:9: note: in expansion of macro ‘debug_return’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_compat.h:156:27: note: in definition of macro ‘ISSET’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:378:5: note: in expansion of macro ‘sudo_debug_printf2’
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:504:13: note: in expansion of macro ‘sudo_debug_printf’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:378:5: note: in expansion of macro ‘sudo_debug_printf2’
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:514:13: note: in expansion of macro ‘sudo_debug_printf’
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:589:9: note: in expansion of macro ‘debug_return’
# 249| do { \
# 250| sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); \
# 251|-> return; \
# 252| } while (0)
# 253|
Error: GCC_ANALYZER_WARNING (CWE-775): [#def5]
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:251:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘io_pipe[2][1]’
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:589:9: note: in expansion of macro ‘debug_return’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_compat.h:156:27: note: in definition of macro ‘ISSET’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:378:5: note: in expansion of macro ‘sudo_debug_printf2’
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:504:13: note: in expansion of macro ‘sudo_debug_printf’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:378:5: note: in expansion of macro ‘sudo_debug_printf2’
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:524:13: note: in expansion of macro ‘sudo_debug_printf’
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:589:9: note: in expansion of macro ‘debug_return’
# 249| do { \
# 250| sudo_debug_exit(__func__, __FILE__, __LINE__, sudo_debug_subsys); \
# 251|-> return; \
# 252| } while (0)
# 253|
Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
sudo-1.9.15-build/sudo-1.9.15p5/src/selinux.c: scope_hint: In function ‘selinux_execve’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:427:28: warning[-Wanalyzer-malloc-leak]: leak of ‘nargv’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:134:9: note: in expansion of macro ‘sudo_debug_printf2’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:250:9: note: in expansion of macro ‘sudo_debug_exit’
sudo-1.9.15-build/sudo-1.9.15p5/src/selinux.c:497:13: note: in expansion of macro ‘debug_return’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_fatal.h:111:5: note: in expansion of macro ‘sudo_debug_printf2’
sudo-1.9.15-build/sudo-1.9.15p5/src/selinux.c:496:13: note: in expansion of macro ‘sudo_warnx’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:134:9: note: in expansion of macro ‘sudo_debug_printf2’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:250:9: note: in expansion of macro ‘sudo_debug_exit’
sudo-1.9.15-build/sudo-1.9.15p5/src/selinux.c:497:13: note: in expansion of macro ‘debug_return’
# 425| #define sudo_debug_get_instance(_a) sudo_debug_get_instance_v1((_a))
# 426| #define sudo_debug_parse_flags(_a, _b) sudo_debug_parse_flags_v1((_a), (_b))
# 427|-> #define sudo_debug_printf2 sudo_debug_printf2_v1
# 428| #define sudo_debug_printf_nvm sudo_debug_printf_nvm_v1
# 429| #define sudo_debug_register(_a, _b, _c, _d, _e) sudo_debug_register_v2((_a), (_b), (_c), (_d), (_e))
Error: CPPCHECK_WARNING: [#def7]
sudo-1.9.15-build/sudo-1.9.15p5/lib/eventlog/eventlog.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-775): [#def8]
sudo-1.9.15-build/sudo-1.9.15p5/lib/eventlog/eventlog.c: scope_hint: In function 'exec_mailer'
sudo-1.9.15-build/sudo-1.9.15p5/lib/eventlog/eventlog.c:303:8: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'dup3(pipein, 0, 0)'
sudo-1.9.15-build/sudo-1.9.15p5/lib/eventlog/eventlog.c:52: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/lib/eventlog/eventlog.c:468:19: note: in expansion of macro 'sudo_debug_fork'
# 301|
# 302| /* Set stdin to read side of the pipe. */
# 303|-> if (dup3(pipein, STDIN_FILENO, 0) == -1) {
# 304| syslog(LOG_ERR, _("unable to dup stdin: %m")); // -V618
# 305| sudo_debug_printf(SUDO_DEBUG_ERROR,
Error: CPPCHECK_WARNING: [#def9]
sudo-1.9.15-build/sudo-1.9.15p5/lib/eventlog/eventlog_free.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def10]
sudo-1.9.15-build/sudo-1.9.15p5/lib/eventlog/parse_json.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-416): [#def11]
sudo-1.9.15-build/sudo-1.9.15p5/lib/eventlog/parse_json.c: scope_hint: In function 'free_json_items'
sudo-1.9.15-build/sudo-1.9.15p5/lib/eventlog/parse_json.c:594:21: warning[-Wanalyzer-use-after-free]: use after 'free' of 'item'
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:29: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/lib/eventlog/parse_json.c:41: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/lib/eventlog/parse_json.c:786:5: note: in expansion of macro 'TAILQ_INIT'
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:708:14: note: in expansion of macro 'TAILQ_NEXT'
sudo-1.9.15-build/sudo-1.9.15p5/lib/eventlog/parse_json.c:593:9: note: in expansion of macro 'TAILQ_REMOVE'
sudo-1.9.15-build/sudo-1.9.15p5/lib/eventlog/parse_json.c:593:9: note: in expansion of macro 'TAILQ_REMOVE'
sudo-1.9.15-build/sudo-1.9.15p5/lib/eventlog/parse_json.c:593:9: note: in expansion of macro 'TAILQ_REMOVE'
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:708:14: note: in expansion of macro 'TAILQ_NEXT'
sudo-1.9.15-build/sudo-1.9.15p5/lib/eventlog/parse_json.c:593:9: note: in expansion of macro 'TAILQ_REMOVE'
sudo-1.9.15-build/sudo-1.9.15p5/lib/eventlog/parse_json.c:593:9: note: in expansion of macro 'TAILQ_REMOVE'
sudo-1.9.15-build/sudo-1.9.15p5/lib/eventlog/parse_json.c:593:9: note: in expansion of macro 'TAILQ_REMOVE'
# 592| while ((item = TAILQ_FIRST(items)) != NULL) {
# 593| TAILQ_REMOVE(items, item, entries);
# 594|-> switch (item->type) {
# 595| case JSON_STRING:
# 596| free(item->u.string);
Error: CPPCHECK_WARNING: [#def12]
sudo-1.9.15-build/sudo-1.9.15p5/lib/fuzzstub/fuzzstub.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def13]
sudo-1.9.15-build/sudo-1.9.15p5/lib/iolog/hostcheck.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def14]
sudo-1.9.15-build/sudo-1.9.15p5/lib/iolog/iolog_open.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def15]
sudo-1.9.15-build/sudo-1.9.15p5/lib/iolog/iolog_path.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def16]
sudo-1.9.15-build/sudo-1.9.15p5/lib/iolog/iolog_timing.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def17]
sudo-1.9.15-build/sudo-1.9.15p5/lib/protobuf-c/protobuf-c.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def18]
sudo-1.9.15-build/sudo-1.9.15p5/lib/util/arc4random.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def19]
sudo-1.9.15-build/sudo-1.9.15p5/lib/util/event.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def20]
sudo-1.9.15-build/sudo-1.9.15p5/lib/util/event_poll.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def21]
sudo-1.9.15-build/sudo-1.9.15p5/lib/util/getentropy.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def22]
sudo-1.9.15-build/sudo-1.9.15p5/lib/util/gidlist.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def23]
sudo-1.9.15-build/sudo-1.9.15p5/lib/util/lbuf.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def24]
sudo-1.9.15-build/sudo-1.9.15p5/lib/util/mktemp.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def25]
sudo-1.9.15-build/sudo-1.9.15p5/lib/util/parseln.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def26]
sudo-1.9.15-build/sudo-1.9.15p5/lib/util/progname.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def27]
sudo-1.9.15-build/sudo-1.9.15p5/lib/util/pw_dup.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def28]
sudo-1.9.15-build/sudo-1.9.15p5/lib/util/regex.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def29]
sudo-1.9.15-build/sudo-1.9.15p5/lib/util/strtonum.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def30]
sudo-1.9.15-build/sudo-1.9.15p5/lib/util/sudo_conf.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def31]
sudo-1.9.15-build/sudo-1.9.15p5/lib/util/sudo_debug.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def32]
sudo-1.9.15-build/sudo-1.9.15p5/lib/util/sudo_dso.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def33]
sudo-1.9.15-build/sudo-1.9.15p5/lib/util/ttyname_dev.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-401): [#def34]
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/iolog_writer.c: scope_hint: In function ‘create_iolog_path’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/iolog_writer.c:594:27: warning[-Wanalyzer-malloc-leak]: leak of ‘*evlog.iolog_path’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/iolog_writer.c: scope_hint: In function ‘create_iolog_path’
# 592|
# 593| /* We use iolog_dir_fd in calls to openat(2) */
# 594|-> closure->iolog_dir_fd =
# 595| iolog_openat(AT_FDCWD, evlog->iolog_path, O_RDONLY);
# 596| if (closure->iolog_dir_fd == -1) {
Error: CPPCHECK_WARNING: [#def35]
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-415): [#def36]
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c: scope_hint: In function ‘connection_closure_free’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:152:13: warning[-Wanalyzer-double-free]: double-‘free’ of ‘*buf.data’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:64: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:203:24: note: in expansion of macro ‘sudo_ev_alloc’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:63: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:379:5: note: in definition of macro ‘sudo_debug_printf’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_conf.h:28: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:62: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:146:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:146:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:708:14: note: in expansion of macro ‘TAILQ_NEXT’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:151:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:151:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:151:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:708:14: note: in expansion of macro ‘TAILQ_NEXT’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:151:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:151:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:151:13: note: in expansion of macro ‘TAILQ_REMOVE’
# 150| while ((buf = TAILQ_FIRST(&closure->free_bufs)) != NULL) {
# 151| TAILQ_REMOVE(&closure->free_bufs, buf, entries);
# 152|-> free(buf->data);
# 153| free(buf);
# 154| }
Error: GCC_ANALYZER_WARNING (CWE-416): [#def37]
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:152:21: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘buf’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:203:24: note: in expansion of macro ‘sudo_ev_alloc’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:379:5: note: in definition of macro ‘sudo_debug_printf’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:146:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:146:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:708:14: note: in expansion of macro ‘TAILQ_NEXT’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:151:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:151:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:151:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:708:14: note: in expansion of macro ‘TAILQ_NEXT’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:151:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:151:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:151:13: note: in expansion of macro ‘TAILQ_REMOVE’
# 150| while ((buf = TAILQ_FIRST(&closure->free_bufs)) != NULL) {
# 151| TAILQ_REMOVE(&closure->free_bufs, buf, entries);
# 152|-> free(buf->data);
# 153| free(buf);
# 154| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def38]
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c: scope_hint: In function ‘get_free_buf’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:313:12: warning[-Wanalyzer-malloc-leak]: leak of ‘*buf.data’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:203:24: note: in expansion of macro ‘sudo_ev_alloc’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:209:29: note: in expansion of macro ‘sudo_ev_alloc’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:214:30: note: in expansion of macro ‘sudo_ev_alloc’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:584:35: note: in definition of macro ‘TAILQ_EMPTY’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:320:32: note: in definition of macro ‘debug_return_bool’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:30: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:708:14: note: in expansion of macro ‘TAILQ_NEXT’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:299:9: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:72: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd.c:306:33: note: in expansion of macro ‘sudo_pow2_roundup’
# 311| }
# 312| free(buf->data);
# 313|-> if ((buf->data = malloc(new_size)) == NULL)
# 314| goto oom;
# 315| buf->size = new_size;
Error: CPPCHECK_WARNING: [#def39]
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd_conf.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def40]
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd_journal.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def41]
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd_local.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-401): [#def42]
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd_local.c: scope_hint: In function ‘store_exit_local’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd_local.c:416:12: warning[-Wanalyzer-malloc-leak]: leak of ‘*evlog.signal_name’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd_local.c:55: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:379:5: note: in definition of macro ‘sudo_debug_printf’
# 414| msg->dumped_core ? " (core dumped)" : "");
# 415| evlog->signal_name = strdup(msg->signal);
# 416|-> if (evlog->signal_name == NULL) {
# 417| closure->errstr = _("unable to allocate memory");
# 418| debug_return_bool(false);
Error: CPPCHECK_WARNING: [#def43]
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd_queue.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def44]
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/logsrvd_relay.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def45]
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-401): [#def46]
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c: scope_hint: In function ‘get_free_buf’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:264:29: warning[-Wanalyzer-malloc-leak]: leak of ‘*buf.data’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:65: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1647:24: note: in expansion of macro ‘sudo_ev_alloc’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_conf.h:28: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:63: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:708:14: note: in expansion of macro ‘TAILQ_NEXT’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:253:9: note: in expansion of macro ‘TAILQ_REMOVE’
# 262| free(buf->data);
# 263| buf->size = sudo_pow2_roundup(len);
# 264|-> if (buf->size < len || (buf->data = malloc(buf->size)) == NULL) {
# 265| sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
# 266| free(buf);
Error: GCC_ANALYZER_WARNING (CWE-415): [#def47]
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c: scope_hint: In function ‘client_closure_free’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1597:13: warning[-Wanalyzer-double-free]: double-‘free’ of ‘*buf.data’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1647:24: note: in expansion of macro ‘sudo_ev_alloc’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:708:14: note: in expansion of macro ‘TAILQ_NEXT’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1575:9: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:64: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:379:5: note: in definition of macro ‘sudo_debug_printf’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1591:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1591:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:708:14: note: in expansion of macro ‘TAILQ_NEXT’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1596:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1596:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1596:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:708:14: note: in expansion of macro ‘TAILQ_NEXT’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1596:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1596:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1596:13: note: in expansion of macro ‘TAILQ_REMOVE’
# 1595| while ((buf = TAILQ_FIRST(&closure->free_bufs)) != NULL) {
# 1596| TAILQ_REMOVE(&closure->free_bufs, buf, entries);
# 1597|-> free(buf->data);
# 1598| free(buf);
# 1599| }
Error: GCC_ANALYZER_WARNING (CWE-416): [#def48]
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1597:21: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘buf’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1647:24: note: in expansion of macro ‘sudo_ev_alloc’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:708:14: note: in expansion of macro ‘TAILQ_NEXT’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1575:9: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:379:5: note: in definition of macro ‘sudo_debug_printf’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1591:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1591:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:708:14: note: in expansion of macro ‘TAILQ_NEXT’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1596:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1596:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1596:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:708:14: note: in expansion of macro ‘TAILQ_NEXT’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1596:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1596:13: note: in expansion of macro ‘TAILQ_REMOVE’
sudo-1.9.15-build/sudo-1.9.15p5/logsrvd/sendlog.c:1596:13: note: in expansion of macro ‘TAILQ_REMOVE’
# 1595| while ((buf = TAILQ_FIRST(&closure->free_bufs)) != NULL) {
# 1596| TAILQ_REMOVE(&closure->free_bufs, buf, entries);
# 1597|-> free(buf->data);
# 1598| free(buf);
# 1599| }
Error: GCC_ANALYZER_WARNING (CWE-688): [#def49]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/group_file/getgrent.c: scope_hint: In function 'mygetgrnam'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/group_file/getgrent.c:171:9: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
sudo-1.9.15-build/sudo-1.9.15p5/plugins/group_file/getgrent.c: scope_hint: In function 'mygetgrnam'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/group_file/getgrent.c:30: included_from: Included from here.
/usr/include/stdio.h:184:12: note: argument 1 of 'fclose' must be non-null
# 169| }
# 170| if (!gr_stayopen) {
# 171|-> fclose(grf);
# 172| grf = NULL;
# 173| }
Error: GCC_ANALYZER_WARNING (CWE-688): [#def50]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/group_file/getgrent.c: scope_hint: In function 'mygetgrgid'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/group_file/getgrent.c:189:9: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
sudo-1.9.15-build/sudo-1.9.15p5/plugins/group_file/getgrent.c: scope_hint: In function 'mygetgrgid'
/usr/include/stdio.h:184:12: note: argument 1 of 'fclose' must be non-null
# 187| }
# 188| if (!gr_stayopen) {
# 189|-> fclose(grf);
# 190| grf = NULL;
# 191| }
Error: CPPCHECK_WARNING: [#def51]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sample/sample_plugin.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-688): [#def52]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sample/sample_plugin.c: scope_hint: In function 'find_in_path.part.0'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sample/sample_plugin.c:162:19: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'path' where non-null expected
<built-in>: note: argument 1 of '__builtin_strchr' must be non-null
# 160| path = path0 = strdup(path ? path : _PATH_DEFPATH);
# 161| do {
# 162|-> if ((cp = strchr(path, ':')))
# 163| *cp = '\0';
# 164| snprintf(pathbuf, sizeof(pathbuf), "%s/%s", *path ? path : ".",
Error: CLANG_WARNING: [#def53]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sample/sample_plugin.c:289:13: warning[unix.Malloc]: Potential leak of memory pointed to by 'cp'
# 287| if (editor_path != editor)
# 288| free(editor);
# 289|-> nargv = reallocarray(NULL, (size_t)nargc + 1 + (size_t)nfiles + 1,
# 290| sizeof(char *));
# 291| if (nargv == NULL) {
Error: CPPCHECK_WARNING: [#def54]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/alias.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def55]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/audit.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def56]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/auth/pam.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def57]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/auth/sudo_auth.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def58]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/b64_decode.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def59]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/b64_encode.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def60]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/check.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def61]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/check_aliases.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def62]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/cvtsudoers.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def63]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/cvtsudoers_csv.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def64]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/cvtsudoers_json.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def65]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/cvtsudoers_ldif.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def66]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/cvtsudoers_merge.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def67]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/cvtsudoers_pwutil.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def68]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/defaults.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def69]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/display.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def70]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/editor.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def71]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/env.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def72]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/env_pattern.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def73]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/file.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def74]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/find_path.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def75]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/fmtsudoers.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def76]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/fmtsudoers_cvt.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def77]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/getdate.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-457): [#def78]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/getdate.c: scope_hint: In function ‘yyparse’
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/getdate.c:611:7: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyss’
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/getdate.c:596:9: note: in expansion of macro ‘YYCOPY’
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/getdate.c:1151:9: note: in expansion of macro ‘YYSTACK_RELOCATE’
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/getdate.c:596:9: note: in expansion of macro ‘YYCOPY’
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/getdate.c:1151:9: note: in expansion of macro ‘YYSTACK_RELOCATE’
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/getdate.c:596:9: note: in expansion of macro ‘YYCOPY’
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/getdate.c:1151:9: note: in expansion of macro ‘YYSTACK_RELOCATE’
# 609| #endif
# 610|
# 611|-> #if defined YYCOPY_NEEDED && YYCOPY_NEEDED
# 612| /* Copy COUNT objects from SRC to DST. The source and destination do
# 613| not overlap. */
Error: GCC_ANALYZER_WARNING (CWE-457): [#def79]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/getdate.c:1278:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
# 1276| /* If YYLEN is nonzero, implement the default value of the action:
# 1277| '$$ = $1'.
# 1278|->
# 1279| Otherwise, the following line sets YYVAL to garbage.
# 1280| This behavior is undocumented and Bison
Error: CPPCHECK_WARNING: [#def80]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/gram.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def81]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/iolog.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def82]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/ldap.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-124): [#def83]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/ldap.c: scope_hint: In function 'sudo_ldap_join_uri'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/ldap.c:169:16: warning[-Wanalyzer-out-of-bounds]: heap-based buffer underwrite
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_conf.h:28: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/sudoers.h:39: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/ldap.c:64: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/ldap.c:1582:10: note: in expansion of macro 'STAILQ_EMPTY'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/ldap.c:165:9: note: in expansion of macro 'STAILQ_FOREACH'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/ldap.c:165:9: note: in expansion of macro 'STAILQ_FOREACH'
# 167| *cp++ = ' ';
# 168| }
# 169|-> cp[-1] = '\0';
# 170| }
# 171| debug_return_str(buf);
Error: CPPCHECK_WARNING: [#def84]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/ldap_conf.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def85]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/ldap_innetgr.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def86]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/ldap_util.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-476): [#def87]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/ldap_util.c: scope_hint: In function 'sudo_ldap_parse_option'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/ldap_util.c:82:16: warning[-Wanalyzer-null-dereference]: dereference of NULL 'cp'
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_conf.h:28: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/sudoers.h:39: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/ldap_util.c:37: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/ldap_util.c:370:5: note: in expansion of macro 'TAILQ_INIT'
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:573:14: note: in expansion of macro 'TAILQ_EMPTY'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/ldap_util.c:394:9: note: in expansion of macro 'TAILQ_CONCAT'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/ldap_util.c:394:9: note: in expansion of macro 'TAILQ_CONCAT'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/sudoers_debug.h:22: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/sudoers.h:47: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:204:9: note: in expansion of macro 'sudo_debug_printf2'
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:321:9: note: in expansion of macro 'sudo_debug_exit_bool'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/ldap_util.c:63:5: note: in expansion of macro 'debug_return_bool'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/ldap_util.c:424:13: note: in expansion of macro 'TAILQ_INSERT_TAIL'
# 80| if (cp != NULL && cp > var) {
# 81| val = cp + 1;
# 82|-> op = cp[-1]; /* peek for += or -= cases */
# 83| if (op == '+' || op == '-') {
# 84| /* case var+=val or var-=val */
Error: CPPCHECK_WARNING: [#def88]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/log_client.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-415): [#def89]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/log_client.c: scope_hint: In function 'client_closure_free'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/log_client.c:667:9: warning[-Wanalyzer-double-free]: double-'free' of '*buf.data'
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_conf.h:28: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/sudoers.h:39: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/log_client.c:67: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/log_client.c:596:5: note: in expansion of macro 'STAILQ_FOREACH'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/log_client.c:596:5: note: in expansion of macro 'STAILQ_FOREACH'
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:708:14: note: in expansion of macro 'TAILQ_NEXT'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/log_client.c:666:9: note: in expansion of macro 'TAILQ_REMOVE'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/log_client.c:666:9: note: in expansion of macro 'TAILQ_REMOVE'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/log_client.c:666:9: note: in expansion of macro 'TAILQ_REMOVE'
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:708:14: note: in expansion of macro 'TAILQ_NEXT'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/log_client.c:666:9: note: in expansion of macro 'TAILQ_REMOVE'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/log_client.c:666:9: note: in expansion of macro 'TAILQ_REMOVE'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/log_client.c:666:9: note: in expansion of macro 'TAILQ_REMOVE'
# 665| while ((buf = TAILQ_FIRST(&closure->write_bufs)) != NULL) {
# 666| TAILQ_REMOVE(&closure->write_bufs, buf, entries);
# 667|-> free(buf->data);
# 668| free(buf);
# 669| }
Error: GCC_ANALYZER_WARNING (CWE-416): [#def90]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/log_client.c:667:17: warning[-Wanalyzer-use-after-free]: use after 'free' of 'buf'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/log_client.c:596:5: note: in expansion of macro 'STAILQ_FOREACH'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/log_client.c:596:5: note: in expansion of macro 'STAILQ_FOREACH'
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:708:14: note: in expansion of macro 'TAILQ_NEXT'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/log_client.c:666:9: note: in expansion of macro 'TAILQ_REMOVE'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/log_client.c:666:9: note: in expansion of macro 'TAILQ_REMOVE'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/log_client.c:666:9: note: in expansion of macro 'TAILQ_REMOVE'
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:708:14: note: in expansion of macro 'TAILQ_NEXT'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/log_client.c:666:9: note: in expansion of macro 'TAILQ_REMOVE'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/log_client.c:666:9: note: in expansion of macro 'TAILQ_REMOVE'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/log_client.c:666:9: note: in expansion of macro 'TAILQ_REMOVE'
# 665| while ((buf = TAILQ_FIRST(&closure->write_bufs)) != NULL) {
# 666| TAILQ_REMOVE(&closure->write_bufs, buf, entries);
# 667|-> free(buf->data);
# 668| free(buf);
# 669| }
Error: CPPCHECK_WARNING: [#def91]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/logging.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def92]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/lookup.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def93]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/match.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING (CWE-457): [#def94]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/match.c:320: error[uninitvar]: Uninitialized variable: &m_user.entries
# 318| m_user.type = WORD;
# 319| m_user.negated = false;
# 320|-> TAILQ_INSERT_HEAD(&_user_list, &m_user, entries);
# 321| user_list = &_user_list;
# 322| matching_user = NULL;
Error: CPPCHECK_WARNING: [#def95]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/match_addr.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING (CWE-457): [#def96]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/match_addr.c:122: error[legacyUninitvar]: Uninitialized variable: family
# 120| }
# 121|
# 122|-> if (family == AF_INET) {
# 123| if (strchr(m, '.')) {
# 124| if (inet_pton(AF_INET, m, &mask.ip4) != 1) {
Error: CPPCHECK_WARNING: [#def97]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/match_command.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def98]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/parse_ldif.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def99]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/policy.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def100]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/prompt.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def101]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/pwutil.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def102]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/pwutil_impl.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def103]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/redblack.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def104]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/sssd.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def105]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/strvec_join.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def106]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/sudoers.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def107]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/sudoers_cb.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def108]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/sudoers_ctx_free.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def109]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/sudoreplay.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-401): [#def110]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/sudoreplay.c: scope_hint: In function ‘find_sessions’
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/sudoreplay.c:1503:8: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(dir)’
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/sudoreplay.c:62: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:256:31: note: in definition of macro ‘debug_return_int’
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/sudoreplay.c:71: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/sudoreplay.c:1588:14: note: in expansion of macro ‘sudo_regex_compile’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:256:31: note: in definition of macro ‘debug_return_int’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:256:31: note: in definition of macro ‘debug_return_int’
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/sudoreplay.c: scope_hint: In function ‘find_sessions’
# 1501| /* XXX - would be faster to use openat() and relative names */
# 1502| sdlen = strlcpy(pathbuf, dir, sizeof(pathbuf));
# 1503|-> if (sdlen + 1 >= sizeof(pathbuf)) {
# 1504| errno = ENAMETOOLONG;
# 1505| sudo_fatal("%s/", dir);
Error: CPPCHECK_WARNING: [#def111]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/testsudoers.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-124): [#def112]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/testsudoers.c: scope_hint: In function ‘main’
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/testsudoers.c:310:15: warning[-Wanalyzer-out-of-bounds]: heap-based buffer underwrite
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/sudoers.h:41: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/testsudoers.c:52: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/testsudoers.c:121:5: note: in expansion of macro ‘sudo_warn_set_locale_func’
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/sudoers.h:46: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/testsudoers.c:276:31: note: in expansion of macro ‘sudo_basename’
# 308| *cp++ = ' ';
# 309| }
# 310|-> *--cp = '\0';
# 311| }
# 312|
Error: CPPCHECK_WARNING: [#def113]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/testsudoers_pwutil.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def114]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/timestamp.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def115]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-401): [#def116]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c: scope_hint: In function 'sudoers_switch_to_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:519:46: warning[-Wanalyzer-malloc-leak]: leak of 'sudoers_create_buffer(open_sudoers(*pl.path, 0, 0, & keepopen), 16384)'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5286:12: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.l:1458:27: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.l:1458:27: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5220:10: note: in expansion of macro 'yy_delete_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5226:12: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5226:12: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5227:3: note: in expansion of macro 'YY_CURRENT_BUFFER_LVALUE'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5232:9: note: in expansion of macro 'yyfree'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.l: scope_hint: In function 'sudoers_switch_to_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:279:31: note: in expansion of macro 'SLIST_NEXT'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.l:1461:9: note: in expansion of macro 'SLIST_REMOVE_HEAD'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5192:21: note: in expansion of macro 'yy_create_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5196:24: note: in expansion of macro 'yyalloc'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c: scope_hint: In function 'sudoers_switch_to_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5211:9: note: in expansion of macro 'yy_init_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5239:17: note: in expansion of macro 'yy_init_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5244:2: note: in expansion of macro 'yy_flush_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5267:10: note: in expansion of macro 'yy_flush_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5286:12: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5286:12: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5244:2: note: in expansion of macro 'yy_flush_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5253:21: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5253:21: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5211:9: note: in expansion of macro 'yy_init_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5147:10: note: in expansion of macro 'yy_switch_to_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5155:2: note: in expansion of macro 'yyensure_buffer_stack'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5345:20: note: in expansion of macro 'yyensure_buffer_stack'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5155:2: note: in expansion of macro 'yyensure_buffer_stack'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5156:14: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5286:12: note: in expansion of macro 'YY_CURRENT_BUFFER'
# 517|
# 518| /* We provide macros for accessing buffer states in case in the
# 519|-> * future we want to put the buffer states in a more general
# 520| * "scanner state".
# 521| *
Error: GCC_ANALYZER_WARNING (CWE-401): [#def117]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c: scope_hint: In function 'yy_get_next_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:4918:18: warning[-Wanalyzer-malloc-leak]: leak of '*b.yy_ch_buf'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:4920:41: note: in expansion of macro 'yyrealloc'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c: scope_hint: In function 'yy_get_next_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:4920:41: note: in expansion of macro 'yyrealloc'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c: scope_hint: In function 'yy_get_next_buffer'
# 4916| {
# 4917| int new_size = b->yy_buf_size * 2;
# 4918|->
# 4919| if ( new_size <= 0 )
# 4920| b->yy_buf_size += b->yy_buf_size / 8;
Error: GCC_ANALYZER_WARNING (CWE-401): [#def118]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c: scope_hint: In function 'sudoers_switch_to_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5156:12: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.l:1458:27: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.l:1458:27: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5220:10: note: in expansion of macro 'yy_delete_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5226:12: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5226:12: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5227:3: note: in expansion of macro 'YY_CURRENT_BUFFER_LVALUE'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5232:9: note: in expansion of macro 'yyfree'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.l: scope_hint: In function 'sudoers_switch_to_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_conf.h:28: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/sudoers.h:39: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.l:41: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_queue.h:279:31: note: in expansion of macro 'SLIST_NEXT'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.l:1461:9: note: in expansion of macro 'SLIST_REMOVE_HEAD'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5192:21: note: in expansion of macro 'yy_create_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5205:26: note: in expansion of macro 'yyalloc'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c: scope_hint: In function 'sudoers_switch_to_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5211:9: note: in expansion of macro 'yy_init_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5239:17: note: in expansion of macro 'yy_init_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5244:2: note: in expansion of macro 'yy_flush_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5267:10: note: in expansion of macro 'yy_flush_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5286:12: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5286:12: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5244:2: note: in expansion of macro 'yy_flush_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5253:21: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5253:21: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5211:9: note: in expansion of macro 'yy_init_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5147:10: note: in expansion of macro 'yy_switch_to_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5155:2: note: in expansion of macro 'yyensure_buffer_stack'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5345:20: note: in expansion of macro 'yyensure_buffer_stack'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5155:2: note: in expansion of macro 'yyensure_buffer_stack'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5156:14: note: in expansion of macro 'YY_CURRENT_BUFFER'
# 5154| {
# 5155|
# 5156|-> /* TODO. We should be able to replace this entire function body
# 5157| * with
# 5158| * yypop_buffer_state();
Error: GCC_ANALYZER_WARNING (CWE-476): [#def119]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5167:41: warning[-Wanalyzer-null-dereference]: dereference of NULL 'yy_buffer_stack'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/sudoers.h:46: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.l:1243:15: note: in expansion of macro 'sudo_strsplit'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.l:1414:25: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5192:21: note: in expansion of macro 'yy_create_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5211:9: note: in expansion of macro 'yy_init_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5239:17: note: in expansion of macro 'yy_init_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5244:2: note: in expansion of macro 'yy_flush_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5267:10: note: in expansion of macro 'yy_flush_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5286:12: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5244:2: note: in expansion of macro 'yy_flush_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5253:21: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5211:9: note: in expansion of macro 'yy_init_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5147:10: note: in expansion of macro 'yy_switch_to_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5155:2: note: in expansion of macro 'yyensure_buffer_stack'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5345:20: note: in expansion of macro 'yyensure_buffer_stack'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5356:49: note: in expansion of macro 'yyalloc'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c: scope_hint: In function 'sudoers_switch_to_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c: scope_hint: In function 'sudoers_switch_to_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5155:2: note: in expansion of macro 'yyensure_buffer_stack'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5156:14: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5167:16: note: in expansion of macro 'YY_CURRENT_BUFFER_LVALUE'
# 5165| if ( YY_CURRENT_BUFFER )
# 5166| {
# 5167|-> /* Flush out information for old buffer. */
# 5168| *(yy_c_buf_p) = (yy_hold_char);
# 5169| YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p);
Error: GCC_ANALYZER_WARNING (CWE-401): [#def120]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c: scope_hint: In function 'sudoers_create_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5206:12: warning[-Wanalyzer-malloc-leak]: leak of 'malloc(64)'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5192:21: note: in expansion of macro 'yy_create_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5196:24: note: in expansion of macro 'yyalloc'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c: scope_hint: In function 'sudoers_create_buffer'
# 5204| YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
# 5205|
# 5206|-> b->yy_buf_size = size;
# 5207|
# 5208| /* yy_ch_buf has to be 2 characters longer than the size given because
Error: CPPCHECK_WARNING (CWE-476): [#def121]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5246: warning[nullPointer]: Possible null pointer dereference: b
# 5244| */
# 5245| static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file )
# 5246|->
# 5247| {
# 5248| int oerrno = errno;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def122]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c: scope_hint: In function 'sudoers_init_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5246:19: warning[-Wanalyzer-null-dereference]: dereference of NULL 'b'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5130:10: note: in expansion of macro 'yyrestart'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5134:9: note: in expansion of macro 'yyensure_buffer_stack'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5345:20: note: in expansion of macro 'yyensure_buffer_stack'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c: scope_hint: In function 'sudoers_init_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5134:9: note: in expansion of macro 'yyensure_buffer_stack'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5136:13: note: in expansion of macro 'yy_create_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5192:21: note: in expansion of macro 'yy_create_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5211:9: note: in expansion of macro 'yy_init_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5239:17: note: in expansion of macro 'yy_init_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5244:2: note: in expansion of macro 'yy_flush_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5267:10: note: in expansion of macro 'yy_flush_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5244:2: note: in expansion of macro 'yy_flush_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5211:9: note: in expansion of macro 'yy_init_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5136:13: note: in expansion of macro 'yy_create_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5139:9: note: in expansion of macro 'yy_init_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5139:9: note: in expansion of macro 'yy_init_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5139:9: note: in expansion of macro 'yy_init_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5239:17: note: in expansion of macro 'yy_init_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5244:2: note: in expansion of macro 'yy_flush_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5267:10: note: in expansion of macro 'yy_flush_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5244:2: note: in expansion of macro 'yy_flush_buffer'
# 5244| */
# 5245| static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file )
# 5246|->
# 5247| {
# 5248| int oerrno = errno;
Error: CPPCHECK_WARNING (CWE-476): [#def123]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5247: warning[nullPointer]: Possible null pointer dereference: b
# 5245| static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file )
# 5246|
# 5247|-> {
# 5248| int oerrno = errno;
# 5249|
Error: GCC_ANALYZER_WARNING (CWE-401): [#def124]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5349:6: warning[-Wanalyzer-malloc-leak]: leak of 'sudoers_create_buffer(fp, 16384)'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.l:1243:15: note: in expansion of macro 'sudo_strsplit'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.l:1414:25: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5192:21: note: in expansion of macro 'yy_create_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5196:24: note: in expansion of macro 'yyalloc'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c: scope_hint: In function 'sudoers_switch_to_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5211:9: note: in expansion of macro 'yy_init_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5239:17: note: in expansion of macro 'yy_init_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5244:2: note: in expansion of macro 'yy_flush_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5267:10: note: in expansion of macro 'yy_flush_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5286:12: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5244:2: note: in expansion of macro 'yy_flush_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5253:21: note: in expansion of macro 'YY_CURRENT_BUFFER'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5211:9: note: in expansion of macro 'yy_init_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5147:10: note: in expansion of macro 'yy_switch_to_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5155:2: note: in expansion of macro 'yyensure_buffer_stack'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5345:20: note: in expansion of macro 'yyensure_buffer_stack'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5356:49: note: in expansion of macro 'yyalloc'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c: scope_hint: In function 'sudoers_switch_to_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c: scope_hint: In function 'sudoers_switch_to_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5155:2: note: in expansion of macro 'yyensure_buffer_stack'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5156:14: note: in expansion of macro 'YY_CURRENT_BUFFER'
# 5347|
# 5348| /* Allocates the stack if it does not exist.
# 5349|-> * Guarantees space for at least one push.
# 5350| */
# 5351| static void yyensure_buffer_stack (void)
Error: GCC_ANALYZER_WARNING (CWE-401): [#def125]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c: scope_hint: In function 'sudoers_scan_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5460:32: warning[-Wanalyzer-malloc-leak]: leak of 'malloc(n)'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5444:17: note: in expansion of macro 'yy_scan_bytes'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5453:24: note: in expansion of macro 'yyalloc'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c: scope_hint: In function 'sudoers_scan_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5462:6: note: in expansion of macro 'yy_scan_buffer'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:5394:17: note: in expansion of macro 'yy_scan_buffer'
# 5458| n = (yy_size_t) (_yybytes_len + 2);
# 5459| buf = (char *) yyalloc( n );
# 5460|-> if ( ! buf )
# 5461| YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" );
# 5462|
Error: GCC_ANALYZER_WARNING (CWE-416): [#def126]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.l: scope_hint: In function 'read_dir_files'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.l:1037:32: warning[-Wanalyzer-use-after-free]: use after 'reallocarray' of 'paths'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.l:968:32: note: in expansion of macro 'NAMLEN'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.l:968:32: note: in expansion of macro 'NAMLEN'
# 1035| closedir(dir);
# 1036| for (i = 0; i < count; i++) {
# 1037|-> sudo_rcstr_delref(paths[i]->path);
# 1038| free(paths[i]);
# 1039| }
Error: GCC_ANALYZER_WARNING (CWE-688): [#def127]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.l: scope_hint: In function 'switch_dir'
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.l:1058:9: warning[-Wanalyzer-null-argument]: use of NULL 'paths' where non-null expected
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke.c:281: included_from: Included from here.
/usr/include/stdlib.h:970:13: note: argument 1 of 'qsort' must be non-null
# 1056| if (count > 0) {
# 1057| /* Sort the list as an array in reverse order. */
# 1058|-> qsort(paths, count, sizeof(*paths), pl_compare);
# 1059|
# 1060| /* Build up the list in sorted order. */
Error: CPPCHECK_WARNING: [#def128]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/toke_util.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def129]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/tsgetgrpw.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-688): [#def130]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/tsgetgrpw.c: scope_hint: In function ‘testsudoers_getgrnam’
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/tsgetgrpw.c:321:9: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/tsgetgrpw.c: scope_hint: In function ‘testsudoers_getgrnam’
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/tsgetgrpw.c:33: included_from: Included from here.
/usr/include/stdio.h:184:12: note: argument 1 of ‘fclose’ must be non-null
# 319| }
# 320| if (!gr_stayopen) {
# 321|-> fclose(grf);
# 322| grf = NULL;
# 323| }
Error: GCC_ANALYZER_WARNING (CWE-688): [#def131]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/tsgetgrpw.c: scope_hint: In function ‘testsudoers_getgrgid’
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/tsgetgrpw.c:339:9: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/tsgetgrpw.c: scope_hint: In function ‘testsudoers_getgrgid’
/usr/include/stdio.h:184:12: note: argument 1 of ‘fclose’ must be non-null
# 337| }
# 338| if (!gr_stayopen) {
# 339|-> fclose(grf);
# 340| grf = NULL;
# 341| }
Error: CPPCHECK_WARNING: [#def132]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/visudo.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING (CWE-562): [#def133]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/visudo.c:542: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
# 540| if (lineno > 0) {
# 541| (void)snprintf(linestr, sizeof(linestr), "+%d", lineno);
# 542|-> editor_argv[ac++] = linestr; // -V507
# 543| }
# 544| editor_argv[ac++] = (char *)"--";
Error: GCC_ANALYZER_WARNING (CWE-775): [#def134]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/visudo.c: scope_hint: In function ‘reparse_sudoers’
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/visudo.c:665:12: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(*sp.tpath, "r+")’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_conf.h:28: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/sudoers.h:39: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/visudo.c:66: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/visudo.c:658:16: note: in expansion of macro ‘TAILQ_LAST’
# 663|
# 664| /* Clean slate for each parse */
# 665|-> if (!init_defaults())
# 666| sudo_fatalx("%s", U_("unable to initialize sudoers default values"));
# 667| init_parser(ctx, sp->opath);
Error: GCC_ANALYZER_WARNING (CWE-401): [#def135]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/visudo.c:665:12: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(*sp.tpath, "r+")’
sudo-1.9.15-build/sudo-1.9.15p5/plugins/sudoers/visudo.c:658:16: note: in expansion of macro ‘TAILQ_LAST’
# 663|
# 664| /* Clean slate for each parse */
# 665|-> if (!init_defaults())
# 666| sudo_fatalx("%s", U_("unable to initialize sudoers default values"));
# 667| init_parser(ctx, sp->opath);
Error: CPPCHECK_WARNING: [#def136]
sudo-1.9.15-build/sudo-1.9.15p5/plugins/system_group/system_group.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def137]
sudo-1.9.15-build/sudo-1.9.15p5/src/conversation.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def138]
sudo-1.9.15-build/sudo-1.9.15p5/src/copy_file.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def139]
sudo-1.9.15-build/sudo-1.9.15p5/src/edit_open.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def140]
sudo-1.9.15-build/sudo-1.9.15p5/src/env_hooks.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def141]
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_iolog.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def142]
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_monitor.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-775): [#def143]
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_monitor.c: scope_hint: In function ‘exec_cmnd_pty’
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_monitor.c:362:8: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup3(io_fds[0], 0, 0)’
# 360|
# 361| /* Wire up standard fds, note that stdout/stderr may be pipes. */
# 362|-> if (dup3(io_fds[SFD_STDIN], STDIN_FILENO, 0) == -1)
# 363| sudo_fatal("dup3");
# 364| if (io_fds[SFD_STDIN] != io_fds[SFD_FOLLOWER])
Error: GCC_ANALYZER_WARNING (CWE-775): [#def144]
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_monitor.c:366:8: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup3(io_fds[1], 1, 0)’
# 364| if (io_fds[SFD_STDIN] != io_fds[SFD_FOLLOWER])
# 365| close(io_fds[SFD_STDIN]);
# 366|-> if (dup3(io_fds[SFD_STDOUT], STDOUT_FILENO, 0) == -1)
# 367| sudo_fatal("dup3");
# 368| if (io_fds[SFD_STDOUT] != io_fds[SFD_FOLLOWER])
Error: GCC_ANALYZER_WARNING (CWE-775): [#def145]
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_monitor.c:370:8: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup3(io_fds[2], 2, 0)’
# 368| if (io_fds[SFD_STDOUT] != io_fds[SFD_FOLLOWER])
# 369| close(io_fds[SFD_STDOUT]);
# 370|-> if (dup3(io_fds[SFD_STDERR], STDERR_FILENO, 0) == -1)
# 371| sudo_fatal("dup3");
# 372| if (io_fds[SFD_STDERR] != io_fds[SFD_FOLLOWER])
Error: CPPCHECK_WARNING: [#def146]
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-775): [#def147]
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:615:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup3(io_pipe[0][0], 0, 0)’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_compat.h:156:27: note: in definition of macro ‘ISSET’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:378:5: note: in expansion of macro ‘sudo_debug_printf2’
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:504:13: note: in expansion of macro ‘sudo_debug_printf’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_compat.h:156:27: note: in definition of macro ‘ISSET’
# 613| /* Replace stdin/stdout/stderr with pipes as needed and exec. */
# 614| if (io_pipe[STDIN_FILENO][0] != -1) {
# 615|-> if (dup3(io_pipe[STDIN_FILENO][0], STDIN_FILENO, 0) == -1)
# 616| sudo_fatal("dup3");
# 617| close(io_pipe[STDIN_FILENO][0]);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def148]
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:621:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup3(io_pipe[1][1], 1, 0)’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_compat.h:156:27: note: in definition of macro ‘ISSET’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:378:5: note: in expansion of macro ‘sudo_debug_printf2’
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:504:13: note: in expansion of macro ‘sudo_debug_printf’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:378:5: note: in expansion of macro ‘sudo_debug_printf2’
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:514:13: note: in expansion of macro ‘sudo_debug_printf’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_compat.h:156:27: note: in definition of macro ‘ISSET’
# 619| }
# 620| if (io_pipe[STDOUT_FILENO][0] != -1) {
# 621|-> if (dup3(io_pipe[STDOUT_FILENO][1], STDOUT_FILENO, 0) == -1)
# 622| sudo_fatal("dup3");
# 623| close(io_pipe[STDOUT_FILENO][0]);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def149]
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:627:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup3(io_pipe[2][1], 2, 0)’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_compat.h:156:27: note: in definition of macro ‘ISSET’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:378:5: note: in expansion of macro ‘sudo_debug_printf2’
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:504:13: note: in expansion of macro ‘sudo_debug_printf’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:378:5: note: in expansion of macro ‘sudo_debug_printf2’
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_nopty.c:524:13: note: in expansion of macro ‘sudo_debug_printf’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_compat.h:156:27: note: in definition of macro ‘ISSET’
# 625| }
# 626| if (io_pipe[STDERR_FILENO][0] != -1) {
# 627|-> if (dup3(io_pipe[STDERR_FILENO][1], STDERR_FILENO, 0) == -1)
# 628| sudo_fatal("dup3");
# 629| close(io_pipe[STDERR_FILENO][0]);
Error: CPPCHECK_WARNING: [#def150]
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_preload.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def151]
sudo-1.9.15-build/sudo-1.9.15p5/src/exec_pty.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def152]
sudo-1.9.15-build/sudo-1.9.15p5/src/limits.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def153]
sudo-1.9.15-build/sudo-1.9.15p5/src/load_plugins.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def154]
sudo-1.9.15-build/sudo-1.9.15p5/src/parse_args.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def155]
sudo-1.9.15-build/sudo-1.9.15p5/src/preserve_fds.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-775): [#def156]
sudo-1.9.15-build/sudo-1.9.15p5/src/preserve_fds.c: scope_hint: In function ‘closefrom_except’
sudo-1.9.15-build/sudo-1.9.15p5/src/preserve_fds.c:163:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(*pfd.lowfd, *pfd.highfd)’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_conf.h:28: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/src/sudo.h:39: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/src/preserve_fds.c:33: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/src/preserve_fds.c:132:5: note: in expansion of macro ‘TAILQ_FOREACH’
sudo-1.9.15-build/sudo-1.9.15p5/src/preserve_fds.c:161:5: note: in expansion of macro ‘TAILQ_FOREACH_REVERSE’
# 161| TAILQ_FOREACH_REVERSE(pfd, pfds, preserved_fd_list, entries) {
# 162| if (pfd->lowfd != pfd->highfd) {
# 163|-> if (dup2(pfd->lowfd, pfd->highfd) == -1) {
# 164| sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
# 165| "dup2(%d, %d): %s", pfd->lowfd, pfd->highfd,
Error: CPPCHECK_WARNING: [#def157]
sudo-1.9.15-build/sudo-1.9.15p5/src/selinux.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-775): [#def158]
sudo-1.9.15-build/sudo-1.9.15p5/src/selinux.c: scope_hint: In function ‘selinux_relabel_tty’
sudo-1.9.15-build/sudo-1.9.15p5/src/selinux.c:256:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup3(se_state.ttyfd, ptyfd, flags)’
sudo-1.9.15-build/sudo-1.9.15p5/src/sudo.h:40: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/src/selinux.c:57: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:378:5: note: in expansion of macro ‘sudo_debug_printf2’
sudo-1.9.15-build/sudo-1.9.15p5/src/selinux.c:184:5: note: in expansion of macro ‘sudo_debug_printf’
sudo-1.9.15-build/sudo-1.9.15p5/src/selinux.c: scope_hint: In function ‘selinux_relabel_tty’
sudo-1.9.15-build/sudo-1.9.15p5/src/selinux.c:38: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/src/sudo.h:38: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/src/selinux.c:248:13: note: in expansion of macro ‘ISSET’
sudo-1.9.15-build/sudo-1.9.15p5/src/selinux.c:254:13: note: in expansion of macro ‘ISSET’
# 254| if (ISSET(oflags, FD_CLOEXEC))
# 255| flags |= O_CLOEXEC;
# 256|-> if (dup3(se_state.ttyfd, ptyfd, flags) == -1) {
# 257| sudo_warn("dup3");
# 258| goto bad;
Error: GCC_ANALYZER_WARNING (CWE-775): [#def159]
sudo-1.9.15-build/sudo-1.9.15p5/src/selinux.c:276:38: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(se_state.ttyfd, fd)’
sudo-1.9.15-build/sudo-1.9.15p5/include/sudo_debug.h:378:5: note: in expansion of macro ‘sudo_debug_printf2’
sudo-1.9.15-build/sudo-1.9.15p5/src/selinux.c:184:5: note: in expansion of macro ‘sudo_debug_printf’
sudo-1.9.15-build/sudo-1.9.15p5/src/sudo.h:45: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/src/selinux.c:276:17: note: in expansion of macro ‘sudo_isatty’
# 274| fcntl(se_state.ttyfd, F_GETFL, 0) & ~O_NONBLOCK);
# 275| for (fd = STDIN_FILENO; fd <= STDERR_FILENO; fd++) {
# 276|-> if (sudo_isatty(fd, &sb) && dup2(se_state.ttyfd, fd) == -1) {
# 277| sudo_warn("dup2");
# 278| goto bad;
Error: CPPCHECK_WARNING: [#def160]
sudo-1.9.15-build/sudo-1.9.15p5/src/sesh.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def161]
sudo-1.9.15-build/sudo-1.9.15p5/src/sudo.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-775): [#def162]
sudo-1.9.15-build/sudo-1.9.15p5/src/sudo.c: scope_hint: In function ‘fix_fds’
sudo-1.9.15-build/sudo-1.9.15p5/src/sudo.c:376:32: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(__open_alias("/dev/null", 2, 420), 0)’
# 374| if (devnull == -1)
# 375| sudo_fatal(U_("unable to open %s"), _PATH_DEVNULL);
# 376|-> if (miss[STDIN_FILENO] && dup2(devnull, STDIN_FILENO) == -1)
# 377| sudo_fatal("dup2");
# 378| if (miss[STDOUT_FILENO] && dup2(devnull, STDOUT_FILENO) == -1)
Error: GCC_ANALYZER_WARNING (CWE-775): [#def163]
sudo-1.9.15-build/sudo-1.9.15p5/src/sudo.c:378:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(__open_alias("/dev/null", 2, 420), 1)’
# 376| if (miss[STDIN_FILENO] && dup2(devnull, STDIN_FILENO) == -1)
# 377| sudo_fatal("dup2");
# 378|-> if (miss[STDOUT_FILENO] && dup2(devnull, STDOUT_FILENO) == -1)
# 379| sudo_fatal("dup2");
# 380| if (miss[STDERR_FILENO] && dup2(devnull, STDERR_FILENO) == -1)
Error: GCC_ANALYZER_WARNING (CWE-775): [#def164]
sudo-1.9.15-build/sudo-1.9.15p5/src/sudo.c:380:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(__open_alias("/dev/null", 2, 420), 2)’
# 378| if (miss[STDOUT_FILENO] && dup2(devnull, STDOUT_FILENO) == -1)
# 379| sudo_fatal("dup2");
# 380|-> if (miss[STDERR_FILENO] && dup2(devnull, STDERR_FILENO) == -1)
# 381| sudo_fatal("dup2");
# 382| if (devnull > STDERR_FILENO)
Error: CPPCHECK_WARNING: [#def165]
sudo-1.9.15-build/sudo-1.9.15p5/src/sudo_edit.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def166]
sudo-1.9.15-build/sudo-1.9.15p5/src/suspend_parent.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: CPPCHECK_WARNING: [#def167]
sudo-1.9.15-build/sudo-1.9.15p5/src/tgetpass.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.
Error: GCC_ANALYZER_WARNING (CWE-775): [#def168]
sudo-1.9.15-build/sudo-1.9.15p5/src/tgetpass.c: scope_hint: In function ‘sudo_askpass’
sudo-1.9.15-build/sudo-1.9.15p5/src/tgetpass.c:314:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup3(pfd[1], 1, 0)’
sudo-1.9.15-build/sudo-1.9.15p5/src/sudo.h:40: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/src/tgetpass.c:44: included_from: Included from here.
sudo-1.9.15-build/sudo-1.9.15p5/src/tgetpass.c:308:13: note: in expansion of macro ‘sudo_debug_fork’
# 312| if (child == 0) {
# 313| /* child, set stdout to write side of the pipe */
# 314|-> if (dup3(pfd[1], STDOUT_FILENO, 0) == -1) {
# 315| sudo_warn("dup3");
# 316| _exit(255);
Scan Properties
| analyzer-version-clang | 18.1.7 |
| analyzer-version-cppcheck | 2.14.2 |
| analyzer-version-gcc | 14.1.1 |
| analyzer-version-gcc-analyzer | 14.1.1 |
| analyzer-version-shellcheck | 0.10.0 |
| enabled-plugins | clang, cppcheck, gcc, shellcheck |
| exit-code | 0 |
| host | ip-172-16-1-105.us-west-2.compute.internal |
| mock-config | fedora-41-x86_64 |
| project-name | sudo-1.9.15-4.p5.fc41 |
| store-results-to | /tmp/tmp6gw3kryx/sudo-1.9.15-4.p5.fc41.tar.xz |
| time-created | 2024-07-03 18:17:57 |
| time-finished | 2024-07-03 18:24:31 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmp6gw3kryx/sudo-1.9.15-4.p5.fc41.tar.xz' '--gcc-analyze' '/tmp/tmp6gw3kryx/sudo-1.9.15-4.p5.fc41.src.rpm' |
| tool-version | csmock-3.5.3-1.el9 |