xorg-x11-xauth-1.1.3-1.fc41

List of Defects

Error: GCC_ANALYZER_WARNING (CWE-476): [#def1]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/gethost.c: scope_hint: In function ‘get_address_info’
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/gethost.c:226:28: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘c’
#  224|   			src = fulldpyname;
#  225|   		} else {
#  226|-> 			*c = '\0';
#  227|   			src = buf;
#  228|   		}

Error: CPPCHECK_WARNING: [#def2]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/parsedpy.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: GCC_ANALYZER_WARNING (CWE-122): [#def3]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/parsedpy.c: scope_hint: In function ‘copystring’
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/parsedpy.c:66:17: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
#   64|       if (cp) {
#   65|   	if (src) memcpy (cp, src, len);
#   66|-> 	cp[len] = '\0';
#   67|       }
#   68|       return cp;

Error: CPPCHECK_WARNING: [#def4]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Error: GCC_ANALYZER_WARNING (CWE-476): [#def5]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c: scope_hint: In function ‘split_into_words’
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c:292:15: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  290|   	jword = skip_space (src);
#  291|   	src = skip_nonspace (jword);
#  292|-> 	savec = *src;
#  293|   	*src = '\0';
#  294|   	if (cur == total) {

Error: GCC_ANALYZER_WARNING (CWE-762): [#def6]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c:297:24: warning[-Wanalyzer-mismatching-deallocation]: ‘argv’ should have been deallocated with ‘free’ but was deallocated with ‘reallocarray’
#  295|   	    const char **new_argv;
#  296|   	    total += WORDSTOALLOC;
#  297|-> 	    new_argv = reallocarray (argv, total, sizeof (char *));
#  298|   	    if (new_argv != NULL) {
#  299|   		argv = new_argv;

Error: CLANG_WARNING: [#def7]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c:455:12: warning[unix.Malloc]: Potential leak of memory pointed to by 'auth'
#  453|     bad:
#  454|       if (auth) XauDisposeAuth (auth);	/* won't free null pointers */
#  455|->     return NULL;
#  456|   }
#  457|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c: scope_hint: In function ‘get_displayname_auth’
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c:539:28: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
#  537|   
#  538|   		if (authl_cur == NULL) {
#  539|-> 		    *authl = authl_cur = newal;
#  540|   		} else {
#  541|   		    authl_cur->next = newal;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def9]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c:539:28: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
#  537|   
#  538|   		if (authl_cur == NULL) {
#  539|-> 		    *authl = authl_cur = newal;
#  540|   		} else {
#  541|   		    authl_cur->next = newal;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def10]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c:539:28: warning[-Wanalyzer-malloc-leak]: leak of ‘proto_head’
#  537|   
#  538|   		if (authl_cur == NULL) {
#  539|-> 		    *authl = authl_cur = newal;
#  540|   		} else {
#  541|   		    authl_cur->next = newal;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def11]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c:546:29: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
#  544|   
#  545|   		newal->next = NULL;
#  546|-> 		newal->auth = auth;
#  547|   
#  548|   		auth->family = addrlist_cur->family;

Error: CLANG_WARNING: [#def12]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c:602:2: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
#  600|   
#  601|       for (us = (unsigned char *) retval, i = len; i > 0; hexstr++) {
#  602|-> 	char c = *hexstr;
#  603|   	if (isspace(c)) continue;	 /* already know it is ascii */
#  604|   	if (isupper(c))

Error: CLANG_WARNING: [#def13]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c:1080:6: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
# 1078|   	    a->number_length == b->number_length &&
# 1079|   	    a->name_length == b->name_length &&
# 1080|-> 	    memcmp(a->address, b->address, a->address_length) == 0 &&
# 1081|   	    memcmp(a->number, b->number, a->number_length) == 0 &&
# 1082|   	    memcmp(a->name, b->name, a->name_length) == 0) ? 1 : 0);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def14]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c: scope_hint: In function ‘eq_auth_dpy_and_name’
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c:1080:13: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c:51: included_from: Included from here.
/usr/include/X11/Xos.h:62: included_from: Included from here.
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/xauth.h:29: included_from: Included from here.
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c:37: included_from: Included from here.
/usr/include/string.h:64:12: note: argument 2 of ‘memcmp’ must be non-null
# 1078|   	    a->number_length == b->number_length &&
# 1079|   	    a->name_length == b->name_length &&
# 1080|-> 	    memcmp(a->address, b->address, a->address_length) == 0 &&
# 1081|   	    memcmp(a->number, b->number, a->number_length) == 0 &&
# 1082|   	    memcmp(a->name, b->name, a->name_length) == 0) ? 1 : 0);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def15]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c:1081:13: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
/usr/include/string.h:64:12: note: argument 2 of ‘memcmp’ must be non-null
# 1079|   	    a->name_length == b->name_length &&
# 1080|   	    memcmp(a->address, b->address, a->address_length) == 0 &&
# 1081|-> 	    memcmp(a->number, b->number, a->number_length) == 0 &&
# 1082|   	    memcmp(a->name, b->name, a->name_length) == 0) ? 1 : 0);
# 1083|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def16]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c: scope_hint: In function ‘match_auth_dpy’
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c:1096:37: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘b’
# 1094|   match_auth_dpy(register Xauth *a, register Xauth *b)
# 1095|   {
# 1096|->     if (a->family != FamilyWild && b->family != FamilyWild) {
# 1097|           /* Both "a" and "b" are not FamilyWild, they are "normal" families. */
# 1098|   	

Error: GCC_ANALYZER_WARNING (CWE-688): [#def17]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c:1109:13: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
/usr/include/string.h:64:12: note: argument 2 of ‘memcmp’ must be non-null
# 1107|   	 * "FamilyWild". */
# 1108|   	if (a->address_length != b->address_length ||
# 1109|->             memcmp(a->address, b->address, a->address_length) != 0)
# 1110|               return 0;
# 1111|       }

Error: CLANG_WARNING: [#def18]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c:1109:13: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
# 1107|   	 * "FamilyWild". */
# 1108|   	if (a->address_length != b->address_length ||
# 1109|->             memcmp(a->address, b->address, a->address_length) != 0)
# 1110|               return 0;
# 1111|       }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def19]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c:1113:35: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘b’
# 1111|       }
# 1112|       
# 1113|->     if (a->number_length != 0 && b->number_length != 0) {
# 1114|   	/* Both "a" and "b" have a number, make sure they match: */
# 1115|   	if (a->number_length != b->number_length ||

Error: CLANG_WARNING: [#def20]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c:1325:7: warning[unix.Malloc]: Potential leak of memory pointed to by 'tmp_auth'
# 1323|   	    XauDisposeAuth(tmp_auth);
# 1324|   	    if (matched == False) {
# 1325|-> 		if (nfunc) {
# 1326|   		    status = (*nfunc) (inputfilename, lineno,
# 1327|   				       l->auth, data);

Error: CLANG_WARNING: [#def21]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c:1543:39: warning[unix.Malloc]: Potential leak of memory pointed to by 'listtail'
# 1541|   	    errors++;
# 1542|   	} else {			/* link it in */
# 1543|-> 	    add_to_list (listhead, listtail, head);
# 1544|    	}
# 1545|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def22]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c: scope_hint: In function ‘do_generate’
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c:1953:26: warning[-Wanalyzer-malloc-leak]: leak of ‘authdata’
# 1951|   	    authdatalen = strlen(hexdata);
# 1952|   	    if (hexdata[0] == '"' && hexdata[authdatalen-1] == '"') {
# 1953|-> 		authdata = malloc(authdatalen-1);
# 1954|   		if (!authdata) {
# 1955|   		    fprintf(stderr, "unable to allocate memory\n");

Error: CLANG_WARNING: [#def23]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/process.c:1959:3: warning[unix.Malloc]: Potential leak of memory pointed to by 'authdata'
# 1957|   		    goto exit_generate;
# 1958|   		}
# 1959|-> 		strncpy(authdata, hexdata+1, authdatalen-2);
# 1960|   		authdata[authdatalen-2] = '\0';
# 1961|   		authdatalen -= 2;

Error: CPPCHECK_WARNING: [#def24]
xorg-x11-xauth-1.1.3-build/xauth-1.1.3/xauth.c: information[normalCheckLevelMaxBranches]: Limiting analysis of branches. Use --check-level=exhaustive to analyze all branches.

Scan Properties