Fixed defects
List of Defects
Error: GCC_ANALYZER_WARNING (CWE-688): [#def1]
wavpack-5.6.0-build/wavpack-5.6.0/cli/import_id3.c: scope_hint: In function ‘ImportID3v2_syncsafe’
wavpack-5.6.0-build/wavpack-5.6.0/cli/import_id3.c:165:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘frame_body’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 163| frame_body = malloc (frame_size + 4);
# 164|
# 165|-> memcpy (frame_body, tag_data, frame_size);
# 166| tag_size -= frame_size;
# 167| tag_data += frame_size;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def2]
wavpack-5.6.0-build/wavpack-5.6.0/cli/import_id3.c:180:53: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc((long unsigned int)(frame_size * 3))’
# 178|
# 179| for (i = 0; fp < fe; ++i)
# 180|-> if (!(utf8_strings [si] [i] = *fp++))
# 181| break;
# 182|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def3]
wavpack-5.6.0-build/wavpack-5.6.0/cli/import_id3.c:184:47: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc((long unsigned int)(frame_size * 3))’
# 182|
# 183| if (fp == fe)
# 184|-> utf8_strings [si] [i] = 0;
# 185|
# 186| Latin1ToUTF8 (utf8_strings [si++], frame_size * 3);
Error: GCC_ANALYZER_WARNING (CWE-688): [#def4]
wavpack-5.6.0-build/wavpack-5.6.0/cli/import_id3.c:323:21: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘binary_tag_image’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strcpy’ must be non-null
# 321| char *binary_tag_image = malloc (binary_tag_size);
# 322|
# 323|-> strcpy (binary_tag_image, item);
# 324| strcat (binary_tag_image, extension);
# 325| memcpy (binary_tag_image + binary_tag_size - frame_bytes, frame_ptr, frame_bytes);
Error: GCC_ANALYZER_WARNING (CWE-476): [#def5]
wavpack-5.6.0-build/wavpack-5.6.0/cli/import_id3.c: scope_hint: In function ‘WideCharToUTF8’
wavpack-5.6.0-build/wavpack-5.6.0/cli/import_id3.c:401:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘pUTF8’
# 399| while (*pWide) {
# 400| if (*pWide < 0x80 && outndx + 1 < len)
# 401|-> pUTF8 [outndx++] = (unsigned char) *pWide++;
# 402| else if (*pWide < 0x800 && outndx + 2 < len) {
# 403| pUTF8 [outndx++] = (unsigned char) (0xc0 | ((*pWide >> 6) & 0x1f));
Error: GCC_ANALYZER_WARNING (CWE-476): [#def6]
wavpack-5.6.0-build/wavpack-5.6.0/cli/import_id3.c:403:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘pUTF8’
# 401| pUTF8 [outndx++] = (unsigned char) *pWide++;
# 402| else if (*pWide < 0x800 && outndx + 2 < len) {
# 403|-> pUTF8 [outndx++] = (unsigned char) (0xc0 | ((*pWide >> 6) & 0x1f));
# 404| pUTF8 [outndx++] = (unsigned char) (0x80 | (*pWide++ & 0x3f));
# 405| }
Error: GCC_ANALYZER_WARNING (CWE-476): [#def7]
wavpack-5.6.0-build/wavpack-5.6.0/cli/import_id3.c:407:30: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘pUTF8’
# 405| }
# 406| else if (outndx + 3 < len) {
# 407|-> pUTF8 [outndx++] = (unsigned char) (0xe0 | ((*pWide >> 12) & 0xf));
# 408| pUTF8 [outndx++] = (unsigned char) (0x80 | ((*pWide >> 6) & 0x3f));
# 409| pUTF8 [outndx++] = (unsigned char) (0x80 | (*pWide++ & 0x3f));
Error: GCC_ANALYZER_WARNING (CWE-476): [#def8]
wavpack-5.6.0-build/wavpack-5.6.0/cli/import_id3.c:415:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘pUTF8’
# 413| }
# 414|
# 415|-> pUTF8 [outndx] = 0;
# 416| return (int)(pWide - Wide);
# 417| }
Error: GCC_ANALYZER_WARNING (CWE-688): [#def9]
wavpack-5.6.0-build/wavpack-5.6.0/cli/import_id3.c:455:14: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘string’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
# 453| memset(temp, 0, len);
# 454|
# 455|-> insize = strlen (string);
# 456| converter = iconv_open ("UTF-8", "ISO-8859-1");
# 457|
Error: GCC_ANALYZER_WARNING (CWE-457): [#def10]
wavpack-5.6.0-build/wavpack-5.6.0/cli/import_id3.c:455:14: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*(char *)string’
wavpack-5.6.0-build/wavpack-5.6.0/cli/import_id3.c:17: included_from: Included from here.
/usr/include/string.h:407:15: note: argument 1 of ‘strlen’ must be a pointer to a null-terminated string
# 453| memset(temp, 0, len);
# 454|
# 455|-> insize = strlen (string);
# 456| converter = iconv_open ("UTF-8", "ISO-8859-1");
# 457|
Error: CLANG_WARNING: [#def11]
wavpack-5.6.0-build/wavpack-5.6.0/cli/wavpack.c:2943:9: warning[unix.Malloc]: Potential leak of memory pointed to by 'out2filename_temp'
# 2941| }
# 2942| else if ((wv_file.file = fopen (use_tempfiles ? outfilename_temp : outfilename, "w+b")) == NULL) {
# 2943|-> error_line ("can't create file %s!", use_tempfiles ? outfilename_temp : outfilename);
# 2944| WavpackCloseFile (infile);
# 2945| WavpackCloseFile (outfile);
Error: CLANG_WARNING: [#def12]
wavpack-5.6.0-build/wavpack-5.6.0/cli/wvgain.c:1378:41: warning[core.DivideZero]: Division by zero
# 1376| }
# 1377|
# 1378|-> return (int)(out_samples - samples) / num_channels;
# 1379| }
# 1380|
Error: COMPILER_WARNING: [#def13]
wavpack-5.6.0-build/wavpack-5.6.0/cli/wvunpack.c: scope_hint: In function ‘main’
wavpack-5.6.0-build/wavpack-5.6.0/cli/wvunpack.c:288:5: warning[-Wstringop-truncation]: ‘strncpy’ specified bound 4096 equals destination size
# 288 | strncpy (selfname, *argv, sizeof (selfname));
# | ^
# 286| if (!GetModuleFileName (NULL, selfname, sizeof (selfname)))
# 287| #endif
# 288|-> strncpy (selfname, *argv, sizeof (selfname));
# 289|
# 290| if (filespec_name (selfname)) {
Error: GCC_ANALYZER_WARNING (CWE-688): [#def14]
wavpack-5.6.0-build/wavpack-5.6.0/src/extra2.c:601:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'info.sampleptrs[0]' where non-null expected
<built-in>: note: argument 1 of '__builtin_memcpy' must be non-null
# 599|
# 600| memcpy (info.dps, wps->decorr_passes, sizeof (info.dps));
# 601|-> memcpy (info.sampleptrs [0], samples, wps->wphdr.block_samples * 8);
# 602|
# 603| for (i = 0; i < info.nterms && info.dps [i].term; ++i)
Error: GCC_ANALYZER_WARNING (CWE-457): [#def15]
wavpack-5.6.0-build/wavpack-5.6.0/src/extra2.c:604:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'info.sampleptrs[<unknown>]'
# 602|
# 603| for (i = 0; i < info.nterms && info.dps [i].term; ++i)
# 604|-> decorr_stereo_pass (info.sampleptrs [i], info.sampleptrs [i + 1], wps->wphdr.block_samples, info.dps + i, 1);
# 605|
# 606| info.best_bits = LOG2BUFFER (info.sampleptrs [info.nterms], wps->wphdr.block_samples * 2, 0) * 1;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def16]
wavpack-5.6.0-build/wavpack-5.6.0/src/unpack_utils.c: scope_hint: In function 'WavpackUnpackSamples'
wavpack-5.6.0-build/wavpack-5.6.0/src/unpack_utils.c:58:16: warning[-Wanalyzer-null-dereference]: dereference of NULL 'wps'
# 56|
# 57| if (!wps->wphdr.block_samples || !(wps->wphdr.flags & INITIAL_BLOCK) ||
# 58|-> wps->sample_index >= GET_BLOCK_INDEX (wps->wphdr) + wps->wphdr.block_samples) {
# 59|
# 60| int64_t nexthdrpos;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def17]
wavpack-5.6.0-build/wavpack-5.6.0/src/unpack_utils.c:76:32: warning[-Wanalyzer-null-dereference]: dereference of NULL 'wps'
# 74| // allocate the memory for the entire raw block and read it in
# 75|
# 76|-> wps->blockbuff = (unsigned char *)malloc (wps->wphdr.ckSize + 8);
# 77|
# 78| if (!wps->blockbuff)
Error: CLANG_WARNING: [#def18]
wavpack-5.6.0-build/wavpack-5.6.0/src/unpack_utils.c:327:21: warning[core.NullDereference]: Dereference of null pointer
# 325|
# 326| if (offset != num_channels) {
# 327|-> if (wps->wphdr.flags & DSD_FLAG) {
# 328| int samples_to_zero = samples_to_unpack * num_channels;
# 329| int32_t *zptr = bptr;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def19]
wavpack-5.6.0-build/wavpack-5.6.0/src/unpack_utils.c:343:17: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 341| // and free the temp buffer
# 342|
# 343|-> wps = wpc->streams [wpc->current_stream = 0];
# 344| free (temp_buffer);
# 345| }
Scan Properties
| analyzer-version-clang | 18.1.7 |
| analyzer-version-cppcheck | 2.14.2 |
| analyzer-version-gcc | 14.1.1 |
| analyzer-version-gcc-analyzer | 14.1.1 |
| analyzer-version-shellcheck | 0.10.0 |
| diffbase-analyzer-version-clang | 18.1.7 |
| diffbase-analyzer-version-cppcheck | 2.14.2 |
| diffbase-analyzer-version-gcc | 14.1.1 |
| diffbase-analyzer-version-gcc-analyzer | 14.1.1 |
| diffbase-analyzer-version-shellcheck | 0.10.0 |
| diffbase-enabled-plugins | clang, cppcheck, gcc, shellcheck |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-176.us-west-2.compute.internal |
| diffbase-mock-config | fedora-41-x86_64 |
| diffbase-project-name | wavpack-5.7.0-1.fc41 |
| diffbase-store-results-to | /tmp/tmp_uza3psp/wavpack-5.7.0-1.fc41.tar.xz |
| diffbase-time-created | 2024-07-03 18:25:02 |
| diffbase-time-finished | 2024-07-03 18:26:34 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmp_uza3psp/wavpack-5.7.0-1.fc41.tar.xz' '--gcc-analyze' '/tmp/tmp_uza3psp/wavpack-5.7.0-1.fc41.src.rpm' |
| diffbase-tool-version | csmock-3.5.3-1.el9 |
| enabled-plugins | clang, cppcheck, gcc, shellcheck |
| exit-code | 0 |
| host | ip-172-16-1-176.us-west-2.compute.internal |
| mock-config | fedora-41-x86_64 |
| project-name | wavpack-5.6.0-6.fc40 |
| store-results-to | /tmp/tmp6cil0mvr/wavpack-5.6.0-6.fc40.tar.xz |
| time-created | 2024-07-03 18:22:39 |
| time-finished | 2024-07-03 18:24:38 |
| title | Fixed defects |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmp6cil0mvr/wavpack-5.6.0-6.fc40.tar.xz' '--gcc-analyze' '/tmp/tmp6cil0mvr/wavpack-5.6.0-6.fc40.src.rpm' |
| tool-version | csmock-3.5.3-1.el9 |