Newly introduced defects
List of Defects
Error: GCC_ANALYZER_WARNING (CWE-131): [#def1]
wavpack-5.7.0-build/wavpack-5.7.0/cli/import_id3.c: scope_hint: In function ‘ID3v2StringsToUTF8’
wavpack-5.7.0-build/wavpack-5.7.0/cli/import_id3.c:556:23: warning[-Wanalyzer-allocation-size]: allocated buffer size is not a multiple of the pointee's size
# 554| return -1;
# 555|
# 556|-> wide_string = malloc (src_length + 2);
# 557|
# 558| while (fp <= fe - 2 && (!num_segments || fp [0] || fp [1])) {
Error: CLANG_WARNING: [#def2]
wavpack-5.7.0-build/wavpack-5.7.0/cli/import_id3.c:598:12: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 596| int outndx = 0;
# 597|
# 598|-> while (*pWide) {
# 599| if (*pWide < 0x80 && outndx + 1 < len)
# 600| pUTF8 [outndx++] = (unsigned char) *pWide++;
Error: CLANG_WARNING: [#def3]
wavpack-5.7.0-build/wavpack-5.7.0/cli/wavpack.c:3668:71: warning[core.DivideZero]: Division by zero
# 3666| }
# 3667|
# 3668|-> sample_count = (uint32_t) ((dptr - format_buffer) / num_channels);
# 3669| }
# 3670| else {
Error: GCC_ANALYZER_WARNING (CWE-688): [#def4]
wavpack-5.7.0-build/wavpack-5.7.0/src/extra1.c: scope_hint: In function 'analyze_mono'
wavpack-5.7.0-build/wavpack-5.7.0/src/extra1.c:433:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'info.sampleptrs[*wps.mask_decorr]' where non-null expected
<built-in>: note: argument 1 of '__builtin_memcpy' must be non-null
# 431|
# 432| memcpy (info.dps, wps->decorr_passes, sizeof (info.dps));
# 433|-> memcpy (info.sampleptrs [0], samples, wps->wphdr.block_samples * 4);
# 434|
# 435| for (i = 0; i < info.nterms && info.dps [i].term; ++i)
Error: GCC_ANALYZER_WARNING (CWE-457): [#def5]
wavpack-5.7.0-build/wavpack-5.7.0/src/extra1.c:433:29: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'info.sampleptrs[0]'
# 431|
# 432| memcpy (info.dps, wps->decorr_passes, sizeof (info.dps));
# 433|-> memcpy (info.sampleptrs [0], samples, wps->wphdr.block_samples * 4);
# 434|
# 435| for (i = 0; i < info.nterms && info.dps [i].term; ++i)
Error: GCC_ANALYZER_WARNING (CWE-688): [#def6]
wavpack-5.7.0-build/wavpack-5.7.0/src/extra2.c:597:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'info.sampleptrs[*wps.best_decorr]' where non-null expected
<built-in>: note: argument 1 of '__builtin_memcpy' must be non-null
# 595|
# 596| memcpy (info.dps, wps->decorr_passes, sizeof (info.dps));
# 597|-> memcpy (info.sampleptrs [0], samples, wps->wphdr.block_samples * 8);
# 598|
# 599| for (i = 0; i < info.nterms && info.dps [i].term; ++i)
Error: GCC_ANALYZER_WARNING (CWE-688): [#def7]
wavpack-5.7.0-build/wavpack-5.7.0/src/pack_utils.c: scope_hint: In function 'pack_streams'
wavpack-5.7.0-build/wavpack-5.7.0/src/pack_utils.c:1167:13: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'wps_copy' where non-null expected
<built-in>: note: argument 1 of '__builtin_memcpy' must be non-null
# 1165| WavpackStream *wps_copy = malloc (sizeof (WavpackStream));
# 1166|
# 1167|-> memcpy (wps_copy, wps, sizeof (WavpackStream));
# 1168|
# 1169| // If there is a discontinuity (i.e., the previous block is not done, so we can't get any
Error: GCC_ANALYZER_WARNING (CWE-688): [#def8]
wavpack-5.7.0-build/wavpack-5.7.0/src/pack_utils.c:1178:13: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'malloc((long unsigned int)(block_samples * <unknown>))' where non-null expected
<built-in>: note: argument 1 of '__builtin_memcpy' must be non-null
# 1176|
# 1177| wps_copy->sample_buffer = malloc (block_samples * (wps->wphdr.flags & MONO_FLAG ? 4 : 8));
# 1178|-> memcpy (wps_copy->sample_buffer, wps->sample_buffer, block_samples * (wps->wphdr.flags & MONO_FLAG ? 4 : 8));
# 1179|
# 1180| if (wps->discontinuous && wps->pre_sample_buffer && wps->num_pre_samples) {
Error: GCC_ANALYZER_WARNING (CWE-688): [#def9]
wavpack-5.7.0-build/wavpack-5.7.0/src/pack_utils.c:1182:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'malloc((long unsigned int)(*wps.num_pre_samples * <unknown>))' where non-null expected
<built-in>: note: argument 1 of '__builtin_memcpy' must be non-null
# 1180| if (wps->discontinuous && wps->pre_sample_buffer && wps->num_pre_samples) {
# 1181| wps_copy->pre_sample_buffer = malloc (wps->num_pre_samples * (wps->wphdr.flags & MONO_FLAG ? 4 : 8));
# 1182|-> memcpy (wps_copy->pre_sample_buffer, wps->pre_sample_buffer, wps->num_pre_samples * (wps->wphdr.flags & MONO_FLAG ? 4 : 8));
# 1183| }
# 1184| else {
Error: GCC_ANALYZER_WARNING (CWE-688): [#def10]
wavpack-5.7.0-build/wavpack-5.7.0/src/pack_utils.c:1191:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'malloc(1024)' where non-null expected
<built-in>: note: argument 1 of '__builtin_memcpy' must be non-null
# 1189| if (wps->dsd.ptable) {
# 1190| wps_copy->dsd.ptable = malloc (256 * sizeof (*wps->dsd.ptable));
# 1191|-> memcpy (wps_copy->dsd.ptable, wps->dsd.ptable, 256 * sizeof (*wps->dsd.ptable));
# 1192| }
# 1193|
Error: GCC_ANALYZER_WARNING (CWE-688): [#def11]
wavpack-5.7.0-build/wavpack-5.7.0/src/pack_utils.c:1244:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL '*wps.pre_sample_buffer' where non-null expected
wavpack-5.7.0-build/wavpack-5.7.0/src/pack_utils.c:22: included_from: Included from here.
wavpack-5.7.0-build/wavpack-5.7.0/src/pack_utils.c:1822:5: note: in expansion of macro 'wp_mutex_release'
<built-in>: note: argument 1 of '__builtin_memcpy' must be non-null
# 1242|
# 1243| if (wps->wpc->block_samples > wps->wpc->max_pre_samples) {
# 1244|-> memcpy (wps->pre_sample_buffer,
# 1245| wps->sample_buffer + (wps->wpc->block_samples - wps->wpc->max_pre_samples) * (wps->wphdr.flags & MONO_FLAG ? 1 : 2),
# 1246| wps->wpc->max_pre_samples * (wps->wphdr.flags & MONO_FLAG ? 4 : 8));
Error: GCC_ANALYZER_WARNING (CWE-688): [#def12]
wavpack-5.7.0-build/wavpack-5.7.0/src/pack_utils.c:1251:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL '*wps.pre_sample_buffer' where non-null expected
wavpack-5.7.0-build/wavpack-5.7.0/src/pack_utils.c:1822:5: note: in expansion of macro 'wp_mutex_release'
<built-in>: note: argument 1 of '__builtin_memcpy' must be non-null
# 1249| }
# 1250| else {
# 1251|-> memcpy (wps->pre_sample_buffer, wps->sample_buffer, wps->wpc->block_samples * (wps->wphdr.flags & MONO_FLAG ? 4 : 8));
# 1252| wps->num_pre_samples = wps->wpc->block_samples;
# 1253| }
Error: GCC_ANALYZER_WARNING (CWE-476): [#def13]
wavpack-5.7.0-build/wavpack-5.7.0/src/pack_utils.c: scope_hint: In function 'worker_threads_create'
wavpack-5.7.0-build/wavpack-5.7.0/src/pack_utils.c:1841:36: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL '*wpc.workers'
wavpack-5.7.0-build/wavpack-5.7.0/src/pack_utils.c:1835:9: note: in expansion of macro 'wp_mutex_init'
# 1839|
# 1840| for (i = 0; i < wpc->num_workers; ++i) {
# 1841|-> wpc->workers [i].mutex = &wpc->mutex;
# 1842| wpc->workers [i].global_cond = &wpc->global_cond;
# 1843| wpc->workers [i].workers_ready = &wpc->workers_ready;
Error: CLANG_WARNING: [#def14]
wavpack-5.7.0-build/wavpack-5.7.0/src/unpack.c:735:25: warning[core.BitwiseShift]: Left shift overflows the capacity of 'uint32_t'
# 733| }
# 734| else {
# 735|-> getbits (&data, sent_bits, &wps->wvxbits);
# 736| *dptr = ((uint32_t) *dptr << sent_bits) | (data & mask);
# 737| }
Error: CLANG_WARNING: [#def15]
wavpack-5.7.0-build/wavpack-5.7.0/src/unpack_floats.c:93:29: warning[core.BitwiseShift]: Left shift overflows the capacity of 'uint32_t'
# 91|
# 92| if ((shift_count -= num_zeros) > 0) {
# 93|-> getbits (&temp, shift_count, &wps->wvxbits);
# 94| *values |= (temp << num_zeros) & mask;
# 95| }
Error: GCC_ANALYZER_WARNING (CWE-476): [#def16]
wavpack-5.7.0-build/wavpack-5.7.0/src/unpack_utils.c: scope_hint: In function 'unpack_samples_interleave'
wavpack-5.7.0-build/wavpack-5.7.0/src/unpack_utils.c:68:23: warning[-Wanalyzer-null-dereference]: dereference of NULL 'src'
wavpack-5.7.0-build/wavpack-5.7.0/src/unpack_utils.c:19: included_from: Included from here.
wavpack-5.7.0-build/wavpack-5.7.0/src/unpack_utils.c:504:9: note: in expansion of macro 'wp_mutex_release'
# 66| if (wps->wphdr.flags & MONO_FLAG) {
# 67| while (samcnt--) {
# 68|-> dst [0] = *src++;
# 69| dst += num_channels;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-476): [#def17]
wavpack-5.7.0-build/wavpack-5.7.0/src/unpack_utils.c:77:27: warning[-Wanalyzer-null-dereference]: dereference of NULL 'src'
wavpack-5.7.0-build/wavpack-5.7.0/src/unpack_utils.c:504:9: note: in expansion of macro 'wp_mutex_release'
# 75| else if (offset == num_channels - 1) {
# 76| while (samcnt--) {
# 77|-> dst [0] = src [0];
# 78| dst += num_channels;
# 79| src += 2;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def18]
wavpack-5.7.0-build/wavpack-5.7.0/src/unpack_utils.c:87:23: warning[-Wanalyzer-null-dereference]: dereference of NULL 'src'
wavpack-5.7.0-build/wavpack-5.7.0/src/unpack_utils.c:504:9: note: in expansion of macro 'wp_mutex_release'
# 85| else {
# 86| while (samcnt--) {
# 87|-> dst [0] = *src++;
# 88| dst [1] = *src++;
# 89| dst += num_channels;
Error: CLANG_WARNING: [#def19]
wavpack-5.7.0-build/wavpack-5.7.0/src/unpack_utils.c:396:33: warning[deadcode.DeadStores]: Although the value stored to 'stream_index' is used in the enclosing expression, the value is never actually read from 'stream_index'
# 394| // go back to the first stream (we're going to leave them all loaded for now because they might have more samples)
# 395|
# 396|-> wps = wpc->streams [stream_index = 0];
# 397| }
# 398| // catch the error situation where we have only one channel but run into a stereo block
Error: CPPCHECK_WARNING (CWE-401): [#def20]
wavpack-5.7.0-build/wavpack-5.7.0/src/unpack_utils.c:510: error[memleakOnRealloc]: Common realloc mistake: 'temp_buffer' nulled but not freed upon failure
# 508|
# 509| if (cxt->samcnt > temp_samples) // reallocate temp buffer if not big enough
# 510|-> temp_buffer = (int32_t *) realloc (temp_buffer, (temp_samples = cxt->samcnt) * 8);
# 511|
# 512| // this is where the work is done
Error: GCC_ANALYZER_WARNING (CWE-476): [#def21]
wavpack-5.7.0-build/wavpack-5.7.0/src/unpack_utils.c: scope_hint: In function 'worker_threads_create'
wavpack-5.7.0-build/wavpack-5.7.0/src/unpack_utils.c:594:36: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL '*wpc.workers'
wavpack-5.7.0-build/wavpack-5.7.0/src/unpack_utils.c:588:9: note: in expansion of macro 'wp_mutex_init'
# 592|
# 593| for (i = 0; i < wpc->num_workers; ++i) {
# 594|-> wpc->workers [i].mutex = &wpc->mutex;
# 595| wpc->workers [i].global_cond = &wpc->global_cond;
# 596| wpc->workers [i].workers_ready = &wpc->workers_ready;
Scan Properties
| analyzer-version-clang | 18.1.7 |
| analyzer-version-cppcheck | 2.14.2 |
| analyzer-version-gcc | 14.1.1 |
| analyzer-version-gcc-analyzer | 14.1.1 |
| analyzer-version-shellcheck | 0.10.0 |
| diffbase-analyzer-version-clang | 18.1.7 |
| diffbase-analyzer-version-cppcheck | 2.14.2 |
| diffbase-analyzer-version-gcc | 14.1.1 |
| diffbase-analyzer-version-gcc-analyzer | 14.1.1 |
| diffbase-analyzer-version-shellcheck | 0.10.0 |
| diffbase-enabled-plugins | clang, cppcheck, gcc, shellcheck |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-176.us-west-2.compute.internal |
| diffbase-mock-config | fedora-41-x86_64 |
| diffbase-project-name | wavpack-5.6.0-6.fc40 |
| diffbase-store-results-to | /tmp/tmp6cil0mvr/wavpack-5.6.0-6.fc40.tar.xz |
| diffbase-time-created | 2024-07-03 18:22:39 |
| diffbase-time-finished | 2024-07-03 18:24:38 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmp6cil0mvr/wavpack-5.6.0-6.fc40.tar.xz' '--gcc-analyze' '/tmp/tmp6cil0mvr/wavpack-5.6.0-6.fc40.src.rpm' |
| diffbase-tool-version | csmock-3.5.3-1.el9 |
| enabled-plugins | clang, cppcheck, gcc, shellcheck |
| exit-code | 0 |
| host | ip-172-16-1-176.us-west-2.compute.internal |
| mock-config | fedora-41-x86_64 |
| project-name | wavpack-5.7.0-1.fc41 |
| store-results-to | /tmp/tmp_uza3psp/wavpack-5.7.0-1.fc41.tar.xz |
| time-created | 2024-07-03 18:25:02 |
| time-finished | 2024-07-03 18:26:34 |
| title | Newly introduced defects |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmp_uza3psp/wavpack-5.7.0-1.fc41.tar.xz' '--gcc-analyze' '/tmp/tmp_uza3psp/wavpack-5.7.0-1.fc41.src.rpm' |
| tool-version | csmock-3.5.3-1.el9 |