bluez-5.75-1.fc41
List of Defects
Error: CLANG_WARNING: [#def1]
bluez-5.75/attrib/gatt.c:970:2: warning[unix.Malloc]: Potential leak of memory pointed to by 'long_write'
# 968| long_write->vlen = vlen;
# 969|
# 970|-> return prepare_write(long_write);
# 971| }
# 972|
Error: GCC_ANALYZER_WARNING (CWE-457): [#def2]
bluez-5.75/attrib/gattrib.c: scope_hint: In function ‘construct_full_pdu’
bluez-5.75/attrib/gattrib.c:207:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘pdu’
# 205|
# 206| if (pdu && length)
# 207|-> memcpy(buf + 1, pdu, length);
# 208|
# 209| return buf;
Error: GCC_ANALYZER_WARNING (CWE-775): [#def3]
bluez-5.75/btio/btio.c: scope_hint: In function ‘server_cb.part.0’
bluez-5.75/btio/btio.c:256:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘g_io_channel_unix_get_fd(io)’
# 254|
# 255| cli_sock = accept(srv_sock, NULL, NULL);
# 256|-> if (cli_sock < 0)
# 257| return TRUE;
# 258|
Error: GCC_ANALYZER_WARNING (CWE-775): [#def4]
bluez-5.75/btio/btio.c: scope_hint: In function ‘sco_connect’
bluez-5.75/btio/btio.c:2043:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘g_io_channel_unix_get_fd(create_io(0, &opts, gerr))’
bluez-5.75/btio/btio.c:21: included_from: Included from here.
# 2041| }
# 2042|
# 2043|-> switch (opts.type) {
# 2044| case BT_IO_L2CAP:
# 2045| err = l2cap_connect(sock, &opts.dst, opts.dst_type,
Error: GCC_ANALYZER_WARNING (CWE-775): [#def5]
bluez-5.75/btio/btio.c: scope_hint: In function ‘bt_io_listen’
bluez-5.75/btio/btio.c:2108:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘g_io_channel_unix_get_fd(create_io(1, &opts, err))’
# 2106| }
# 2107|
# 2108|-> if (listen(sock, 5) < 0) {
# 2109| ERROR_FAILED(err, "listen", errno);
# 2110| g_io_channel_unref(io);
Error: GCC_ANALYZER_WARNING (CWE-688): [#def6]
bluez-5.75/client/advertising.c: scope_hint: In function ‘ad_register’
bluez-5.75/client/advertising.c:524:14: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
/usr/include/glib-2.0/glib/gstring.h:37: included_from: Included from here.
/usr/include/glib-2.0/glib/giochannel.h:36: included_from: Included from here.
/usr/include/glib-2.0/glib.h:56: included_from: Included from here.
bluez-5.75/gdbus/gdbus.h:19: included_from: Included from here.
bluez-5.75/client/advertising.c:22: included_from: Included from here.
bluez-5.75/client/advertising.c:522:19: note: in expansion of macro ‘g_strdup’
bluez-5.75/client/advertising.c: scope_hint: In function ‘ad_register’
/usr/include/string.h:462: included_from: Included from here.
bluez-5.75/client/advertising.c:20: included_from: Included from here.
/usr/include/strings.h:116:12: note: argument 1 of ‘strcasecmp’ must be non-null
# 522| ad.type = g_strdup(type);
# 523|
# 524|-> if (!strcasecmp(ad.type, "Broadcast"))
# 525| ad.discoverable = false;
# 526|
Error: GCC_ANALYZER_WARNING (CWE-457): [#def7]
bluez-5.75/client/display.c: scope_hint: In function ‘rl_printf’
bluez-5.75/client/display.c:53:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘saved_line’
# 51| if (save_input) {
# 52| rl_restore_prompt();
# 53|-> rl_replace_line(saved_line, 0);
# 54| rl_point = saved_point;
# 55| rl_forced_update_display();
Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
bluez-5.75/client/mgmt.c: scope_hint: In function ‘parse_bytes’
bluez-5.75/client/mgmt.c:4640:16: warning[-Wanalyzer-malloc-leak]: leak of ‘adv_data’
# 4638| }
# 4639|
# 4640|-> *bytes = malloc(*len);
# 4641| if (!*bytes) {
# 4642| error("Failed to allocate memory");
Error: GCC_ANALYZER_WARNING (CWE-457): [#def9]
bluez-5.75/client/mgmt.c: scope_hint: In function ‘cmd_add_adv’
bluez-5.75/client/mgmt.c:4819:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘adv_data’
# 4817|
# 4818| if (adv_len)
# 4819|-> memcpy(cp->data + uuid_bytes, adv_data, adv_len);
# 4820|
# 4821| if (scan_rsp_len)
Error: GCC_ANALYZER_WARNING (CWE-457): [#def10]
bluez-5.75/client/mgmt.c: scope_hint: In function ‘cmd_add_ext_adv_data’
bluez-5.75/client/mgmt.c:5243:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘adv_data’
# 5241|
# 5242| if (adv_len)
# 5243|-> memcpy(cp->data + uuid_bytes, adv_data, adv_len);
# 5244|
# 5245| if (scan_rsp_len)
Error: GCC_ANALYZER_WARNING: [#def11]
bluez-5.75/client/player.c: scope_hint: In function ‘transport_send_seq.part.0’
bluez-5.75/client/player.c:4965:23: warning[-Wanalyzer-fd-use-without-check]: ‘read’ on possibly invalid file descriptor ‘fd’
bluez-5.75/client/player.c: scope_hint: In function ‘transport_send_seq.part.0’
bluez-5.75/client/player.c:20: included_from: Included from here.
bluez-5.75/client/player.c: scope_hint: In function ‘transport_send_seq.part.0’
# 4963| off_t offset;
# 4964|
# 4965|-> ret = read(fd, buf, transport->mtu[1]);
# 4966| if (ret <= 0) {
# 4967| if (ret < 0)
Error: GCC_ANALYZER_WARNING (CWE-775): [#def12]
bluez-5.75/client/player.c: scope_hint: In function ‘cmd_send_transport’
bluez-5.75/client/player.c:5101:32: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
bluez-5.75/client/player.c: scope_hint: In function ‘cmd_send_transport’
# 5099| if (!proxy) {
# 5100| bt_shell_printf("Transport %s not found\n", argv[i]);
# 5101|-> return bt_shell_noninteractive_quit(EXIT_FAILURE);
# 5102| }
# 5103|
Error: GCC_ANALYZER_WARNING (CWE-688): [#def13]
bluez-5.75/emulator/b1ee.c: scope_hint: In function ‘server_read_callback.part.0’
bluez-5.75/emulator/b1ee.c:153:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘server_pkt_data’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 151| ssize_t written;
# 152|
# 153|-> memcpy(server_pkt_data + server_pkt_len,
# 154| ptr, server_pkt_expect);
# 155| ptr += server_pkt_expect;
Error: GCC_ANALYZER_WARNING (CWE-688): [#def14]
bluez-5.75/emulator/b1ee.c:166:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘server_pkt_data’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 164| server_pkt_data = NULL;
# 165| } else {
# 166|-> memcpy(server_pkt_data + server_pkt_len, ptr, count);
# 167| server_pkt_len += count;
# 168| server_pkt_expect -= count;
Error: GCC_ANALYZER_WARNING (CWE-401): [#def15]
bluez-5.75/emulator/b1ee.c: scope_hint: In function ‘main’
bluez-5.75/emulator/b1ee.c:267:28: warning[-Wanalyzer-malloc-leak]: leak of ‘server_port’
# 265| case 'p':
# 266| server_port = set_port(optarg);
# 267|-> if (server_port == NULL)
# 268| goto usage;
# 269|
Error: CLANG_WARNING: [#def16]
bluez-5.75/emulator/b1ee.c:289:2: warning[deadcode.DeadStores]: Value stored to 'argc' is never read
# 287| }
# 288|
# 289|-> argc = argc - optind;
# 290| argv = argv + optind;
# 291| optind = 0;
Error: GCC_ANALYZER_WARNING (CWE-910): [#def17]
bluez-5.75/emulator/b1ee.c:300:19: warning[-Wanalyzer-fd-use-after-close]: ‘write’ on closed file descriptor ‘sniffer_fd’
# 298| sniffer_port ? : DEFAULT_SNIFFER_PORT);
# 299|
# 300|-> written = write(sniffer_fd, sniff_cmd, sizeof(sniff_cmd));
# 301| if (written < 0)
# 302| perror("Failed to enable sniffer");
Error: GCC_ANALYZER_WARNING: [#def18]
bluez-5.75/emulator/b1ee.c:300:19: warning[-Wanalyzer-fd-use-without-check]: ‘write’ on possibly invalid file descriptor ‘-1’
# 298| sniffer_port ? : DEFAULT_SNIFFER_PORT);
# 299|
# 300|-> written = write(sniffer_fd, sniff_cmd, sizeof(sniff_cmd));
# 301| if (written < 0)
# 302| perror("Failed to enable sniffer");
Error: CLANG_WARNING: [#def19]
bluez-5.75/emulator/b1ee.c:322:2: warning[unix.Malloc]: Potential leak of memory pointed to by 'server_port'
# 320|
# 321| usage:
# 322|-> usage();
# 323| done:
# 324| free(server_port);
Error: CLANG_WARNING: [#def20]
bluez-5.75/emulator/b1ee.c:322:2: warning[unix.Malloc]: Potential leak of memory pointed to by 'sniffer_port'
# 320|
# 321| usage:
# 322|-> usage();
# 323| done:
# 324| free(server_port);
Error: GCC_ANALYZER_WARNING (CWE-457): [#def21]
bluez-5.75/emulator/btdev.c: scope_hint: In function ‘le_meta_event’
bluez-5.75/emulator/btdev.c:3740:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘data’
bluez-5.75/emulator/btdev.c:31: included_from: Included from here.
bluez-5.75/src/shared/util.h:29:27: note: in definition of macro ‘cpu_to_le16’
# 3738|
# 3739| if (len > 0)
# 3740|-> memcpy(pkt_data + 1, data, len);
# 3741|
# 3742| send_event(btdev, BT_HCI_EVT_LE_META_EVENT, pkt_data, 1 + len);
Error: GCC_ANALYZER_WARNING (CWE-126): [#def22]
bluez-5.75/emulator/bthost.c: scope_hint: In function ‘queue_command’
bluez-5.75/emulator/bthost.c:571:52: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
bluez-5.75/emulator/bthost.c:571:52: note: read of 8 bytes from after the end of ‘iov’
bluez-5.75/emulator/bthost.c:571:52: note: valid subscripts for ‘iov’ are ‘[0]’ to ‘[2]’
# └──────────────────────────┘
# ^
# 569|
# 570| for (i = 0; i < iovlen; i++) {
# 571|-> memcpy(cmd->data + cmd->len, iov[i].iov_base, iov[i].iov_len);
# 572| cmd->len += iov[i].iov_len;
# 573| }
Error: GCC_ANALYZER_WARNING (CWE-126): [#def23]
bluez-5.75/emulator/bthost.c:571:69: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
bluez-5.75/emulator/bthost.c:571:69: note: read of 8 bytes from after the end of ‘iov’
bluez-5.75/emulator/bthost.c:571:69: note: valid subscripts for ‘iov’ are ‘[0]’ to ‘[2]’
# └──────────────────────────┘
# ^
# 569|
# 570| for (i = 0; i < iovlen; i++) {
# 571|-> memcpy(cmd->data + cmd->len, iov[i].iov_base, iov[i].iov_len);
# 572| cmd->len += iov[i].iov_len;
# 573| }
Error: GCC_ANALYZER_WARNING (CWE-476): [#def24]
bluez-5.75/emulator/bthost.c: scope_hint: In function ‘bthost_set_cig_params’
bluez-5.75/emulator/bthost.c:3405:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘cp’
# 3403| cp = malloc(sizeof(*cp) + sizeof(*cp->cis));
# 3404| memset(cp, 0, sizeof(*cp) + sizeof(*cp->cis));
# 3405|-> cp->cig_id = cig_id;
# 3406| put_le24(qos->ucast.in.interval ? qos->ucast.in.interval :
# 3407| qos->ucast.out.interval, cp->c_interval);
Error: GCC_ANALYZER_WARNING (CWE-476): [#def25]
bluez-5.75/emulator/bthost.c: scope_hint: In function ‘bthost_create_cis’
bluez-5.75/emulator/bthost.c:3437:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘cp’
# 3435| cp = malloc(sizeof(*cp) + sizeof(*cp->cis));
# 3436| memset(cp, 0, sizeof(*cp) + sizeof(*cp->cis));
# 3437|-> cp->num_cis = 0x01;
# 3438| cp->cis[0].cis_handle = cpu_to_le16(cis_handle);
# 3439| cp->cis[0].acl_handle = cpu_to_le16(acl_handle);
Error: GCC_ANALYZER_WARNING (CWE-688): [#def26]
bluez-5.75/emulator/serial.c: scope_hint: In function ‘serial_read_callback.part.0’
bluez-5.75/emulator/serial.c:129:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘*(struct serial *)user_data.pkt_data + (sizetype)*(struct serial *)user_data.pkt_len’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 127|
# 128| if (count >= serial->pkt_expect) {
# 129|-> memcpy(serial->pkt_data + serial->pkt_len,
# 130| ptr, serial->pkt_expect);
# 131| ptr += serial->pkt_expect;
Error: GCC_ANALYZER_WARNING (CWE-688): [#def27]
bluez-5.75/emulator/serial.c:140:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘*(struct serial *)user_data.pkt_data + (sizetype)*(struct serial *)user_data.pkt_len’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 138| serial->pkt_data = NULL;
# 139| } else {
# 140|-> memcpy(serial->pkt_data + serial->pkt_len, ptr, count);
# 141| serial->pkt_len += count;
# 142| serial->pkt_expect -= count;
Error: CPPCHECK_WARNING (CWE-457): [#def28]
bluez-5.75/emulator/serial.c:150: error[legacyUninitvar]: Uninitialized variable: type
# 148| static void open_pty(struct serial *serial)
# 149| {
# 150|-> enum btdev_type uninitialized_var(type);
# 151|
# 152| serial->fd = posix_openpt(O_RDWR | O_NOCTTY);
Error: CLANG_WARNING: [#def29]
bluez-5.75/emulator/serial.c:150:2: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 148| static void open_pty(struct serial *serial)
# 149| {
# 150|-> enum btdev_type uninitialized_var(type);
# 151|
# 152| serial->fd = posix_openpt(O_RDWR | O_NOCTTY);
Error: CLANG_WARNING: [#def30]
bluez-5.75/emulator/serial.c:150:36: warning[deadcode.DeadStores]: Value stored to 'type' during its initialization is never read
# 148| static void open_pty(struct serial *serial)
# 149| {
# 150|-> enum btdev_type uninitialized_var(type);
# 151|
# 152| serial->fd = posix_openpt(O_RDWR | O_NOCTTY);
Error: GCC_ANALYZER_WARNING (CWE-457): [#def31]
bluez-5.75/emulator/serial.c: scope_hint: In function ‘open_pty’
bluez-5.75/emulator/serial.c:191:25: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘type’
bluez-5.75/emulator/serial.c:35:30: note: in definition of macro ‘uninitialized_var’
bluez-5.75/emulator/serial.c:35:30: note: in definition of macro ‘uninitialized_var’
# 189| }
# 190|
# 191|-> serial->btdev = btdev_create(type, serial->id);
# 192| if (!serial->btdev) {
# 193| close(serial->fd);
Error: CPPCHECK_WARNING (CWE-457): [#def32]
bluez-5.75/emulator/serial.c:213: error[legacyUninitvar]: Uninitialized variable: dev_type
# 211| {
# 212| struct serial *serial;
# 213|-> enum btdev_type uninitialized_var(dev_type);
# 214|
# 215| serial = malloc(sizeof(*serial));
Error: CLANG_WARNING: [#def33]
bluez-5.75/emulator/serial.c:213:2: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 211| {
# 212| struct serial *serial;
# 213|-> enum btdev_type uninitialized_var(dev_type);
# 214|
# 215| serial = malloc(sizeof(*serial));
Error: CLANG_WARNING: [#def34]
bluez-5.75/emulator/serial.c:213:36: warning[deadcode.DeadStores]: Value stored to 'dev_type' during its initialization is never read
# 211| {
# 212| struct serial *serial;
# 213|-> enum btdev_type uninitialized_var(dev_type);
# 214|
# 215| serial = malloc(sizeof(*serial));
Error: GCC_ANALYZER_WARNING (CWE-688): [#def35]
bluez-5.75/emulator/server.c: scope_hint: In function ‘client_read_callback.part.0’
bluez-5.75/emulator/server.c:152:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘*(struct client *)user_data.pkt_data + (sizetype)*(struct client *)user_data.pkt_len’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 150|
# 151| if (count >= client->pkt_expect) {
# 152|-> memcpy(client->pkt_data + client->pkt_len,
# 153| ptr, client->pkt_expect);
# 154| ptr += client->pkt_expect;
Error: GCC_ANALYZER_WARNING (CWE-688): [#def36]
bluez-5.75/emulator/server.c:163:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘*(struct client *)user_data.pkt_data + (sizetype)*(struct client *)user_data.pkt_len’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 161| client->pkt_data = NULL;
# 162| } else {
# 163|-> memcpy(client->pkt_data + client->pkt_len, ptr, count);
# 164| client->pkt_len += count;
# 165| client->pkt_expect -= count;
Error: GCC_ANALYZER_WARNING (CWE-775): [#def37]
bluez-5.75/emulator/server.c: scope_hint: In function ‘accept_client’
bluez-5.75/emulator/server.c:182:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*(struct server *)user_data.fd’
# 180| if (getsockname(fd, (struct sockaddr *) &addr, &len) < 0) {
# 181| perror("Failed to get socket name");
# 182|-> return -1;
# 183| }
# 184|
Error: CPPCHECK_WARNING (CWE-457): [#def38]
bluez-5.75/emulator/server.c:200: error[legacyUninitvar]: Uninitialized variable: type
# 198| struct server *server = user_data;
# 199| struct client *client;
# 200|-> enum btdev_type uninitialized_var(type);
# 201|
# 202| if (events & (EPOLLERR | EPOLLHUP)) {
Error: CLANG_WARNING: [#def39]
bluez-5.75/emulator/server.c:200:2: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 198| struct server *server = user_data;
# 199| struct client *client;
# 200|-> enum btdev_type uninitialized_var(type);
# 201|
# 202| if (events & (EPOLLERR | EPOLLHUP)) {
Error: CLANG_WARNING: [#def40]
bluez-5.75/emulator/server.c:200:36: warning[deadcode.DeadStores]: Value stored to 'type' during its initialization is never read
# 198| struct server *server = user_data;
# 199| struct client *client;
# 200|-> enum btdev_type uninitialized_var(type);
# 201|
# 202| if (events & (EPOLLERR | EPOLLHUP)) {
Error: GCC_ANALYZER_WARNING (CWE-688): [#def41]
bluez-5.75/gdbus/object.c: scope_hint: In function 'invalidate_parent_data'
bluez-5.75/gdbus/object.c:696:17: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
bluez-5.75/gdbus/object.c: scope_hint: In function 'invalidate_parent_data'
bluez-5.75/gdbus/object.c: scope_hint: In function 'invalidate_parent_data'
/usr/include/glib-2.0/glib/gstring.h:37: included_from: Included from here.
/usr/include/glib-2.0/glib/giochannel.h:36: included_from: Included from here.
/usr/include/glib-2.0/glib.h:56: included_from: Included from here.
bluez-5.75/gdbus/object.c:18: included_from: Included from here.
bluez-5.75/gdbus/object.c:695:23: note: in expansion of macro 'g_strdup'
bluez-5.75/gdbus/object.c: scope_hint: In function 'invalidate_parent_data'
bluez-5.75/gdbus/object.c:16: included_from: Included from here.
/usr/include/string.h:273:14: note: argument 1 of 'strrchr' must be non-null
# 694|
# 695| parent_path = g_strdup(child_path);
# 696|-> slash = strrchr(parent_path, '/');
# 697| if (slash == NULL)
# 698| goto done;
Error: CLANG_WARNING: [#def42]
bluez-5.75/gdbus/watch.c:204:3: warning[unix.Malloc]: Attempt to free released memory
# 202|
# 203| for (l = data->callbacks; l != NULL; l = l->next)
# 204|-> g_free(l->data);
# 205|
# 206| g_slist_free(data->callbacks);
Error: GCC_ANALYZER_WARNING (CWE-131): [#def43]
bluez-5.75/gobex/gobex-apparam.c: scope_hint: In function ‘tag_new’
bluez-5.75/gobex/gobex-apparam.c:43:15: warning[-Wanalyzer-allocation-size]: allocated buffer size is not a multiple of the pointee's size
# 41| struct apparam_tag *tag;
# 42|
# 43|-> tag = g_malloc0(2 + len);
# 44| tag->id = id;
# 45| tag->len = len;
Error: CLANG_WARNING: [#def44]
bluez-5.75/gobex/gobex-header.c:67:2: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
# 65| static guint8 *put_bytes(guint8 *to, const void *from, gsize count)
# 66| {
# 67|-> memcpy(to, from, count);
# 68| return (to + count);
# 69| }
Error: GCC_ANALYZER_WARNING (CWE-688): [#def45]
bluez-5.75/gobex/gobex-header.c:67:9: warning[-Wanalyzer-null-argument]: use of NULL ‘utf16’ where non-null expected
bluez-5.75/gobex/gobex-header.c: scope_hint: In function ‘g_obex_header_encode’
bluez-5.75/gobex/gobex-header.c: scope_hint: In function ‘g_obex_header_encode’
/usr/include/glib-2.0/glib.h:89: included_from: Included from here.
bluez-5.75/gobex/gobex-header.h:13: included_from: Included from here.
bluez-5.75/gobex/gobex-header.c:16: included_from: Included from here.
/usr/include/glib-2.0/glib/gtestutils.h:60:62: note: in definition of macro ‘g_assert_cmpuint’
<built-in>: scope_hint: In function ‘g_obex_header_encode’
<built-in>: note: argument 2 of ‘__builtin_memcpy’ must be non-null
# 65| static guint8 *put_bytes(guint8 *to, const void *from, gsize count)
# 66| {
# 67|-> memcpy(to, from, count);
# 68| return (to + count);
# 69| }
Error: GCC_ANALYZER_WARNING (CWE-476): [#def46]
bluez-5.75/gobex/gobex-header.c: scope_hint: In function ‘g_obex_header_create_list’
bluez-5.75/gobex/gobex-header.c:534:34: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘hdr’
bluez-5.75/gobex/gobex-header.c:511:25: note: in expansion of macro ‘G_OBEX_HDR_ENC’
# 532|
# 533| l = g_slist_append(l, hdr);
# 534|-> *total_len += hdr->hlen;
# 535| id = va_arg(args, int);
# 536| }
Error: CLANG_WARNING: [#def47]
bluez-5.75/gobex/gobex-transfer.c:423:7: warning[unix.Malloc]: Use of memory after it is freed
# 421| transfer_put_req_first(transfer, req, first_hdr_id, args);
# 422| va_end(args);
# 423|-> if (!g_slist_find(transfers, transfer))
# 424| return 0;
# 425|
Error: CLANG_WARNING: [#def48]
bluez-5.75/lib/hci.c:97:4: warning[deadcode.DeadStores]: Value stored to 'ptr' is never read
# 95| while (m->str) {
# 96| if ((unsigned int) m->val == val) {
# 97|-> ptr += sprintf(ptr, "%s", m->str);
# 98| break;
# 99| }
Error: GCC_ANALYZER_WARNING (CWE-476): [#def49]
bluez-5.75/lib/sdp.c: scope_hint: In function 'sdp_attr_add'
bluez-5.75/lib/sdp.c:582:19: warning[-Wanalyzer-null-dereference]: dereference of NULL 'd'
bluez-5.75/lib/sdp.c: scope_hint: In function 'sdp_attr_add'
# 580| return -1;
# 581|
# 582|-> d->attrId = attr;
# 583| rec->attrlist = sdp_list_insert_sorted(rec->attrlist, d, sdp_attrid_comp_func);
# 584|
Error: GCC_ANALYZER_WARNING (CWE-775): [#def50]
bluez-5.75/lib/sdp.c: scope_hint: In function 'sdp_connect_local'
bluez-5.75/lib/sdp.c:4661:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'socket(1, 524289, 0)'
# 4659| strcpy(sa.sun_path, SDP_UNIX_PATH);
# 4660|
# 4661|-> return connect(session->sock, (struct sockaddr *) &sa, sizeof(sa));
# 4662| }
# 4663|
Error: GCC_ANALYZER_WARNING (CWE-775): [#def51]
bluez-5.75/lib/sdp.c: scope_hint: In function 'sdp_connect_l2cap'
bluez-5.75/lib/sdp.c:4709:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'socket(31, sockflags, 0)'
# 4707| if (bacmp(src, BDADDR_ANY)) {
# 4708| sa.l2_bdaddr = *src;
# 4709|-> if (bind(sk, (struct sockaddr *) &sa, sizeof(sa)) < 0)
# 4710| return -1;
# 4711| }
Error: GCC_ANALYZER_WARNING (CWE-666): [#def52]
bluez-5.75/lib/sdp.c:4727:27: warning[-Wanalyzer-fd-phase-mismatch]: 'connect' on file descriptor '*session.sock' in wrong phase
# 4725|
# 4726| do {
# 4727|-> int ret = connect(sk, (struct sockaddr *) &sa, sizeof(sa));
# 4728| if (!ret)
# 4729| return 0;
Error: GCC_ANALYZER_WARNING (CWE-666): [#def53]
bluez-5.75/lib/sdp.c:4727:27: warning[-Wanalyzer-fd-phase-mismatch]: 'connect' on file descriptor 'socket(31, sockflags, 0)' in wrong phase
# 4725|
# 4726| do {
# 4727|-> int ret = connect(sk, (struct sockaddr *) &sa, sizeof(sa));
# 4728| if (!ret)
# 4729| return 0;
Error: CLANG_WARNING: [#def54]
bluez-5.75/mesh/main.c:161:3: warning[deadcode.DeadStores]: Value stored to 'optarg' is never read
# 159| *opts = index;
# 160|
# 161|-> optarg += strlen("auto");
# 162| *index = MGMT_INDEX_NONE;
# 163| return true;
Error: GCC_ANALYZER_WARNING (CWE-775): [#def55]
bluez-5.75/mesh/mesh-io-unit.c: scope_hint: In function ‘unit_init’
bluez-5.75/mesh/mesh-io-unit.c:238:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*(struct mesh_io_private *)<unknown>.fd’
bluez-5.75/ell/ell.h:1: included_from: Included from here.
bluez-5.75/mesh/mesh-io-unit.c:22: included_from: Included from here.
bluez-5.75/mesh/mesh-io-unit.c:224:15: note: in expansion of macro ‘l_new’
# 236| strlen(pvt->addr.sun_path);
# 237|
# 238|-> if (bind(pvt->fd, (struct sockaddr *) &pvt->addr, size) < 0)
# 239| goto fail;
# 240|
Error: GCC_ANALYZER_WARNING (CWE-126): [#def56]
bluez-5.75/mesh/net.c: scope_hint: In function ‘friend_packet_queue’
bluez-5.75/mesh/net.c:1349:25: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
bluez-5.75/ell/ell.h:1: included_from: Included from here.
bluez-5.75/mesh/net.c:19: included_from: Included from here.
bluez-5.75/mesh/net.c:1198:28: note: in expansion of macro ‘l_new’
bluez-5.75/mesh/net.c:26: included_from: Included from here.
bluez-5.75/mesh/net.c:1366:29: note: in expansion of macro ‘FRND_OPCODE’
bluez-5.75/mesh/net.c:1349:25: note: read of 9 bytes from after the end of ‘msg’
bluez-5.75/mesh/net.c:1349:25: note: valid subscripts for ‘msg’ are ‘[0]’ to ‘[3]’
# └───────────────────────────────────────────────────────────┘
# ^ ^ ^
# 1347|
# 1348| for (i = 0; i <= seg_max; i++) {
# 1349|-> memcpy(frnd_msg->u.s12[i].data, data, 12);
# 1350| frnd_msg->u.s12[i].hdr = hdr;
# 1351| frnd_msg->u.s12[i].seq = seqAuth + i;
Error: GCC_ANALYZER_WARNING (CWE-688): [#def57]
bluez-5.75/mesh/node.c: scope_hint: In function ‘check_req_node’
bluez-5.75/mesh/node.c:1549:33: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
bluez-5.75/ell/util.h:11: included_from: Included from here.
bluez-5.75/ell/ell.h:1: included_from: Included from here.
bluez-5.75/mesh/node.c:21: included_from: Included from here.
/usr/include/string.h:64:12: note: argument 1 of ‘memcmp’ must be non-null
# 1547| node_del_comp(node, 128);
# 1548|
# 1549|-> if (len == node_len && !memcmp(node_comp, comp, len))
# 1550| return true;
# 1551|
Error: GCC_ANALYZER_WARNING (CWE-465): [#def58]
bluez-5.75/mesh/prov-acceptor.c: scope_hint: In function ‘acp_prov_rx’
bluez-5.75/mesh/prov-acceptor.c:685:12: warning[-Wanalyzer-deref-before-check]: check of ‘prov’ for NULL after already dereferencing it
bluez-5.75/ell/ell.h:2: included_from: Included from here.
bluez-5.75/mesh/prov-acceptor.c:15: included_from: Included from here.
bluez-5.75/ell/log.h:90:31: note: in expansion of macro ‘L_DEBUG_SYMBOL’
bluez-5.75/mesh/prov-acceptor.c:440:9: note: in expansion of macro ‘l_debug’
# 683| }
# 684|
# 685|-> if (prov)
# 686| prov->previous = type;
# 687| return;
Error: GCC_ANALYZER_WARNING (CWE-465): [#def59]
bluez-5.75/mesh/prov-initiator.c: scope_hint: In function ‘int_prov_rx’
bluez-5.75/mesh/prov-initiator.c:832:12: warning[-Wanalyzer-deref-before-check]: check of ‘prov’ for NULL after already dereferencing it
bluez-5.75/ell/ell.h:2: included_from: Included from here.
bluez-5.75/mesh/prov-initiator.c:15: included_from: Included from here.
bluez-5.75/ell/log.h:90:31: note: in expansion of macro ‘L_DEBUG_SYMBOL’
bluez-5.75/mesh/prov-initiator.c:664:9: note: in expansion of macro ‘l_debug’
# 830| }
# 831|
# 832|-> if (prov)
# 833| prov->previous = type;
# 834|
Error: COMPILER_WARNING: [#def60]
bluez-5.75/mesh/rpl.c: scope_hint: In function ‘rpl_put_entry’
bluez-5.75/mesh/rpl.c:54:41: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 4080 bytes into a region of size between 16 and 4096
# 54 | snprintf(src_file, PATH_MAX, "%s%s/%8.8x", node_path, rpl_dir,
# | ^~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 10 and 8170 bytes into a destination of size 4096
# 68 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 69 | __glibc_objsize (__s), __fmt,
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 70 | __va_arg_pack ());
# | ~~~~~~~~~~~~~~~~~
# 52| return false;
# 53|
# 54|-> snprintf(src_file, PATH_MAX, "%s%s/%8.8x", node_path, rpl_dir,
# 55| iv_index);
# 56| dir = opendir(src_file);
Error: COMPILER_WARNING: [#def61]
bluez-5.75/mesh/rpl.c: scope_hint: In function ‘rpl_del_entry’
bluez-5.75/mesh/rpl.c:104:41: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 4080 bytes into a region of size between 16 and 4096
# 104 | snprintf(rpl_path, PATH_MAX, "%s%s", node_path, rpl_dir);
# | ^~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 1 and 8161 bytes into a destination of size 4096
# 68 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 69 | __glibc_objsize (__s), __fmt,
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 70 | __va_arg_pack ());
# | ~~~~~~~~~~~~~~~~~
# 102| return;
# 103|
# 104|-> snprintf(rpl_path, PATH_MAX, "%s%s", node_path, rpl_dir);
# 105| dir = opendir(rpl_path);
# 106|
Error: COMPILER_WARNING: [#def62]
bluez-5.75/mesh/rpl.c: scope_hint: In function ‘rpl_update’
bluez-5.75/mesh/rpl.c:257:37: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 4080 bytes into a region of size between 16 and 4096
# 257 | snprintf(path, PATH_MAX, "%s%s", node_path, rpl_dir);
# | ^~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 1 and 8161 bytes into a destination of size 4096
# 68 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 69 | __glibc_objsize (__s), __fmt,
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 70 | __va_arg_pack ());
# | ~~~~~~~~~~~~~~~~~
# 255|
# 256| /* Make sure path exists */
# 257|-> snprintf(path, PATH_MAX, "%s%s", node_path, rpl_dir);
# 258| if (mkdir(path, 0755) != 0 && errno != EEXIST)
# 259| l_error("Failed to create dir(%d): %s", errno, path);
Error: CPPCHECK_WARNING (CWE-457): [#def63]
bluez-5.75/mesh/rpl.c:277: error[legacyUninitvar]: Uninitialized variable: val
# 275|
# 276| /* Delete all invalid iv_index trees */
# 277|-> if (del || (val != cur && val != old)) {
# 278| snprintf(path, PATH_MAX, "%s%s/%s",
# 279| node_path, rpl_dir, entry->d_name);
Error: COMPILER_WARNING: [#def64]
bluez-5.75/mesh/rpl.c: scope_hint: In function ‘rpl_init’
bluez-5.75/mesh/rpl.c:295:37: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 4080 bytes into a region of size between 16 and 4096
# 295 | snprintf(path, PATH_MAX, "%s%s", node_path, rpl_dir);
# | ^~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 1 and 8161 bytes into a destination of size 4096
# 68 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 69 | __glibc_objsize (__s), __fmt,
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 70 | __va_arg_pack ());
# | ~~~~~~~~~~~~~~~~~
# 293| return false;
# 294|
# 295|-> snprintf(path, PATH_MAX, "%s%s", node_path, rpl_dir);
# 296| if (mkdir(path, 0755) != 0 && errno != EEXIST)
# 297| l_error("Failed to create dir(%d): %s", errno, path);
Error: GCC_ANALYZER_WARNING (CWE-457): [#def65]
bluez-5.75/monitor/bnep.c: scope_hint: In function ‘get_macaddr’
bluez-5.75/monitor/bnep.c:62:66: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘addr[5]’
bluez-5.75/monitor/bnep.c:30: included_from: Included from here.
bluez-5.75/monitor/l2cap.h: scope_hint: In function ‘get_macaddr’
bluez-5.75/monitor/l2cap.h: scope_hint: In function ‘get_macaddr’
bluez-5.75/monitor/bnep.c:29: included_from: Included from here.
bluez-5.75/monitor/display.h:56:17: note: in expansion of macro ‘print_indent’
bluez-5.75/monitor/bnep.c:222:9: note: in expansion of macro ‘print_field’
bluez-5.75/monitor/l2cap.h: scope_hint: In function ‘get_macaddr’
bluez-5.75/monitor/l2cap.h: scope_hint: In function ‘get_macaddr’
bluez-5.75/monitor/l2cap.h: scope_hint: In function ‘get_macaddr’
bluez-5.75/monitor/bnep.c: scope_hint: In function ‘get_macaddr’
bluez-5.75/monitor/l2cap.h: scope_hint: In function ‘get_macaddr’
bluez-5.75/monitor/l2cap.h: scope_hint: In function ‘get_macaddr’
bluez-5.75/monitor/l2cap.h: scope_hint: In function ‘get_macaddr’
bluez-5.75/monitor/bnep.c: scope_hint: In function ‘get_macaddr’
# 60|
# 61| sprintf(str, "%02x:%02x:%02x:%02x:%02x:%02x",
# 62|-> addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]);
# 63|
# 64| return true;
Error: GCC_ANALYZER_WARNING (CWE-775): [#def66]
bluez-5.75/monitor/display.c:107:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd[0]’
# 105|
# 106| if (pager_pid > 0)
# 107|-> return;
# 108|
# 109| pager = getenv("PAGER");
Error: GCC_ANALYZER_WARNING (CWE-775): [#def67]
bluez-5.75/monitor/display.c:107:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd[1]’
# 105|
# 106| if (pager_pid > 0)
# 107|-> return;
# 108|
# 109| pager = getenv("PAGER");
Error: GCC_ANALYZER_WARNING (CWE-775): [#def68]
bluez-5.75/monitor/display.c:158:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(fd[1], 1)’
# 156| }
# 157|
# 158|-> if (dup2(fd[1], STDOUT_FILENO) < 0) {
# 159| perror("Failed to duplicate pager pipe");
# 160| return;
Error: GCC_ANALYZER_WARNING (CWE-775): [#def69]
bluez-5.75/monitor/display.c: scope_hint: In function ‘open_pager’
bluez-5.75/monitor/display.c:164:1: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd[0]’
# 162|
# 163| close_pipe(fd);
# 164|-> }
# 165|
# 166| void close_pager(void)
Error: GCC_ANALYZER_WARNING (CWE-775): [#def70]
bluez-5.75/monitor/display.c:164:1: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd[1]’
# 162|
# 163| close_pipe(fd);
# 164|-> }
# 165|
# 166| void close_pager(void)
Error: CLANG_WARNING: [#def71]
bluez-5.75/monitor/hwdb.c:59:2: warning[deadcode.DeadStores]: Value stored to 'hwdb' is never read
# 57| }
# 58|
# 59|-> hwdb = udev_hwdb_unref(hwdb);
# 60|
# 61| result = true;
Error: CLANG_WARNING: [#def72]
bluez-5.75/monitor/hwdb.c:64:2: warning[deadcode.DeadStores]: Value stored to 'udev' is never read
# 62|
# 63| done:
# 64|-> udev = udev_unref(udev);
# 65|
# 66| return result;
Error: CLANG_WARNING: [#def73]
bluez-5.75/monitor/hwdb.c:106:2: warning[deadcode.DeadStores]: Value stored to 'hwdb' is never read
# 104| }
# 105|
# 106|-> hwdb = udev_hwdb_unref(hwdb);
# 107|
# 108| result = true;
Error: CLANG_WARNING: [#def74]
bluez-5.75/monitor/hwdb.c:111:2: warning[deadcode.DeadStores]: Value stored to 'udev' is never read
# 109|
# 110| done:
# 111|-> udev = udev_unref(udev);
# 112|
# 113| return result;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def75]
bluez-5.75/monitor/jlink.c: scope_hint: In function ‘jlink_start_rtt’
bluez-5.75/monitor/jlink.c:206:13: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘tok’
# 204|
# 205| tok = strtok(cfg, ",");
# 206|-> if (strlen(tok)) {
# 207| address = strtol(tok, NULL, 0);
# 208| area_size = 0x1000;
Error: CLANG_WARNING: [#def76]
bluez-5.75/obexd/plugins/messages-dummy.c:163:9: warning[core.NullDereference]: Access to field 'next' results in a dereference of a null pointer (loaded from variable 'cur')
# 161|
# 162| for (cur = list; offs < fld->offset; offs++) {
# 163|-> cur = cur->next;
# 164| if (cur == NULL)
# 165| break;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def77]
bluez-5.75/obexd/plugins/messages-dummy.c: scope_hint: In function ‘return_folder_listing’
bluez-5.75/obexd/plugins/messages-dummy.c:163:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘cur’
bluez-5.75/obexd/plugins/messages-dummy.c:18: included_from: Included from here.
# 161|
# 162| for (cur = list; offs < fld->offset; offs++) {
# 163|-> cur = cur->next;
# 164| if (cur == NULL)
# 165| break;
Error: CLANG_WARNING: [#def78]
bluez-5.75/obexd/plugins/vcard.c:701:6: warning[core.CallAndMessage]: 2nd function call argument is an uninitialized value
# 699| address_fields[i++] = l->data;
# 700|
# 701|-> if (select_qp_encoding(format, address_fields[0], address_fields[1],
# 702| address_fields[2], address_fields[3],
# 703| address_fields[4], address_fields[5],
Error: CLANG_WARNING: [#def79]
bluez-5.75/obexd/plugins/vcard.c:701:6: warning[core.CallAndMessage]: 3rd function call argument is an uninitialized value
# 699| address_fields[i++] = l->data;
# 700|
# 701|-> if (select_qp_encoding(format, address_fields[0], address_fields[1],
# 702| address_fields[2], address_fields[3],
# 703| address_fields[4], address_fields[5],
Error: CLANG_WARNING: [#def80]
bluez-5.75/obexd/plugins/vcard.c:701:6: warning[core.CallAndMessage]: 4th function call argument is an uninitialized value
# 699| address_fields[i++] = l->data;
# 700|
# 701|-> if (select_qp_encoding(format, address_fields[0], address_fields[1],
# 702| address_fields[2], address_fields[3],
# 703| address_fields[4], address_fields[5],
Error: CLANG_WARNING: [#def81]
bluez-5.75/obexd/plugins/vcard.c:701:6: warning[core.CallAndMessage]: 5th function call argument is an uninitialized value
# 699| address_fields[i++] = l->data;
# 700|
# 701|-> if (select_qp_encoding(format, address_fields[0], address_fields[1],
# 702| address_fields[2], address_fields[3],
# 703| address_fields[4], address_fields[5],
Error: CPPCHECK_WARNING (CWE-570): [#def82]
bluez-5.75/obexd/src/log.c:85: error[comparePointers]: Comparing pointers that point to different objects
# 83| struct obex_debug_desc *desc;
# 84|
# 85|-> for (desc = __start___debug; desc < __stop___debug; desc++)
# 86| desc->flags |= OBEX_DEBUG_FLAG_PRINT;
# 87| }
Error: CPPCHECK_WARNING (CWE-570): [#def83]
bluez-5.75/obexd/src/log.c:98: error[comparePointers]: Comparing pointers that point to different objects
# 96| enabled = g_strsplit_set(debug, ":, ", 0);
# 97|
# 98|-> for (desc = __start___debug; desc < __stop___debug; desc++) {
# 99| if (file != NULL || name != NULL) {
# 100| if (g_strcmp0(desc->file, file) == 0) {
Error: CLANG_WARNING: [#def84]
bluez-5.75/obexd/src/main.c:278:6: warning[core.NullDereference]: Array access (from variable 'option_root') results in a null pointer dereference
# 276| }
# 277|
# 278|-> if (option_root[0] != '/') {
# 279| const char *home = getenv("HOME");
# 280| if (home) {
Error: CLANG_WARNING: [#def85]
bluez-5.75/obexd/src/obex.c:123:3: warning[core.NullDereference]: Access to field 'close' results in a dereference of a null pointer (loaded from field 'driver')
# 121| if (os->object) {
# 122| obex_object_reset_io_watch(os->object);
# 123|-> os->driver->close(os->object);
# 124| if (os->aborted && os->cmd == G_OBEX_OP_PUT && os->path &&
# 125| os->driver->remove)
Error: CPPCHECK_WARNING (CWE-457): [#def86]
bluez-5.75/peripheral/efivars.c:82: error[uninitvar]: Uninitialized variable: attr
# 80|
# 81| if (attributes)
# 82|-> *attributes = attr;
# 83|
# 84| return 0;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def87]
bluez-5.75/profiles/audio/a2dp.c: scope_hint: In function ‘a2dp_find_eps’
bluez-5.75/profiles/audio/a2dp.c:2852:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 2850|
# 2851| /* Prepend last used so it is preferred over others */
# 2852|-> if (chan->last_used && (chan->last_used->lsep == sep &&
# 2853| chan->last_used->rsep->sep == rsep))
# 2854| queue_push_head(seps, sep);
Error: CLANG_WARNING: [#def88]
bluez-5.75/profiles/audio/avdtp.c:639:19: warning[core.NullDereference]: Access to field 'open_acp' results in a dereference of a null pointer (loaded from variable 'stream')
# 637| static void stream_set_pending_open(struct avdtp_stream *stream, GIOChannel *io)
# 638| {
# 639|-> stream->open_acp = TRUE;
# 640| stream->session->pending_open = stream;
# 641| stream->session->pending_open_io = io;
Error: CLANG_WARNING: [#def89]
bluez-5.75/profiles/audio/avdtp.c:895:25: warning[unix.Malloc]: Use of memory after it is freed
# 893| req = l->data;
# 894| pending_req_free(req);
# 895|-> session->prio_queue = g_slist_remove(session->prio_queue, req);
# 896| }
# 897|
Error: CLANG_WARNING: [#def90]
bluez-5.75/profiles/audio/avdtp.c:902:24: warning[unix.Malloc]: Use of memory after it is freed
# 900| req = l->data;
# 901| pending_req_free(req);
# 902|-> session->req_queue = g_slist_remove(session->req_queue, req);
# 903| }
# 904| }
Error: CLANG_WARNING: [#def91]
bluez-5.75/profiles/audio/avdtp.c:1716:29: warning[core.NullDereference]: Access to field 'rseid' results in a dereference of a null pointer (loaded from variable 'stream')
# 1714| case AVDTP_OPEN:
# 1715| case AVDTP_CLOSE:
# 1716|-> check_seid_collision(req, stream->rseid);
# 1717| break;
# 1718| case AVDTP_START:
Error: GCC_ANALYZER_WARNING (CWE-688): [#def92]
bluez-5.75/profiles/audio/avrcp.c: scope_hint: In function ‘play_status_to_val’
bluez-5.75/profiles/audio/avrcp.c:731:14: warning[-Wanalyzer-null-argument]: use of NULL ‘status’ where non-null expected
bluez-5.75/profiles/audio/avrcp.c: scope_hint: In function ‘play_status_to_val’
/usr/include/string.h:462: included_from: Included from here.
/usr/include/glib-2.0/glib/galloca.h:35: included_from: Included from here.
/usr/include/glib-2.0/glib.h:32: included_from: Included from here.
bluez-5.75/profiles/audio/avrcp.c:30: included_from: Included from here.
/usr/include/strings.h:116:12: note: argument 1 of ‘strcasecmp’ must be non-null
# 729| static int play_status_to_val(const char *status)
# 730| {
# 731|-> if (!strcasecmp(status, "stopped"))
# 732| return AVRCP_PLAY_STATUS_STOPPED;
# 733| else if (!strcasecmp(status, "playing"))
Error: GCC_ANALYZER_WARNING (CWE-476): [#def93]
bluez-5.75/profiles/audio/avrcp.c: scope_hint: In function ‘avrcp_player_event.part.0’
bluez-5.75/profiles/audio/avrcp.c:814:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘data’
bluez-5.75/profiles/audio/avrcp.c: scope_hint: In function ‘avrcp_player_event.part.0’
# 812| case AVRCP_EVENT_TRACK_CHANGED:
# 813| size = 9;
# 814|-> memcpy(&pdu->params[1], data, sizeof(uint64_t));
# 815|
# 816| break;
Error: CPPCHECK_WARNING (CWE-457): [#def94]
bluez-5.75/profiles/audio/avrcp.c:2343: warning[uninitvar]: Uninitialized variable: attrs
# 2341| pdu->params[0] = count;
# 2342|
# 2343|-> memcpy(pdu->params + 1, attrs, count);
# 2344|
# 2345| avctp_send_vendordep_req(session->conn, AVC_CTYPE_STATUS,
Error: GCC_ANALYZER_WARNING (CWE-476): [#def95]
bluez-5.75/profiles/audio/bap.c: scope_hint: In function ‘setup_create_bcast_io’
bluez-5.75/profiles/audio/bap.c:2147:38: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘setup’
# 2145| sizeof(struct bt_iso_io_qos));
# 2146|
# 2147|-> if (bt_bap_pac_get_type(setup->ep->lpac) == BT_BAP_BCAST_SOURCE)
# 2148| setup_connect_io_broadcast(data, setup, stream, &iso_qos,
# 2149| defer);
Error: CLANG_WARNING: [#def96]
bluez-5.75/profiles/audio/media.c:1046:7: warning[unix.Malloc]: Use of memory after it is freed
# 1044| struct pac_select_data *data;
# 1045|
# 1046|-> if (req->cb != pac_select_cb) {
# 1047| l = g_slist_next(l);
# 1048| continue;
Error: GCC_ANALYZER_WARNING (CWE-688): [#def97]
bluez-5.75/profiles/audio/player.c: scope_hint: In function ‘media_player_set_setting’
bluez-5.75/profiles/audio/player.c:1359:13: warning[-Wanalyzer-null-argument]: use of NULL ‘value’ where non-null expected
/usr/include/glib-2.0/glib/gstring.h:37: included_from: Included from here.
/usr/include/glib-2.0/glib/giochannel.h:36: included_from: Included from here.
/usr/include/glib-2.0/glib.h:56: included_from: Included from here.
bluez-5.75/profiles/audio/player.c:25: included_from: Included from here.
bluez-5.75/profiles/audio/player.c:1350:59: note: in expansion of macro ‘g_strdup’
bluez-5.75/profiles/audio/player.c: scope_hint: In function ‘media_player_set_setting’
bluez-5.75/profiles/audio/player.c:1350:44: note: in expansion of macro ‘g_strdup’
bluez-5.75/profiles/audio/player.c: scope_hint: In function ‘media_player_set_setting’
/usr/include/string.h:462: included_from: Included from here.
bluez-5.75/profiles/audio/player.c:23: included_from: Included from here.
/usr/include/strings.h:116:12: note: argument 1 of ‘strcasecmp’ must be non-null
# 1357| return;
# 1358|
# 1359|-> if (strcasecmp(value, p->value) == 0)
# 1360| g_dbus_pending_property_success(p->id);
# 1361| else
Error: GCC_ANALYZER_WARNING (CWE-666): [#def98]
bluez-5.75/profiles/cups/hcrp.c: scope_hint: In function ‘hcrp_print’
bluez-5.75/profiles/cups/hcrp.c:213:13: warning[-Wanalyzer-fd-phase-mismatch]: ‘connect’ on file descriptor ‘ctrl_sk’ in wrong phase
# 211| addr.l2_psm = htobs(ctrl_psm);
# 212|
# 213|-> if (connect(ctrl_sk, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
# 214| perror("ERROR: Can't connect to device");
# 215| close(ctrl_sk);
Error: GCC_ANALYZER_WARNING (CWE-457): [#def99]
bluez-5.75/profiles/cups/main.c: scope_hint: In function ‘main’
bluez-5.75/profiles/cups/main.c:768:56: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘b[5]’
# 766| }
# 767| sprintf(device, "%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X",
# 768|-> b[0], b[1], b[2], b[3], b[4], b[5]);
# 769|
# 770| str2ba(device, &bdaddr);
Error: GCC_ANALYZER_WARNING (CWE-666): [#def100]
bluez-5.75/profiles/cups/spp.c: scope_hint: In function ‘spp_print’
bluez-5.75/profiles/cups/spp.c:59:13: warning[-Wanalyzer-fd-phase-mismatch]: ‘connect’ on file descriptor ‘sk’ in wrong phase
# 57| addr.rc_channel = channel;
# 58|
# 59|-> if (connect(sk, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
# 60| perror("ERROR: Can't connect to device");
# 61| close(sk);
Error: GCC_ANALYZER_WARNING (CWE-476): [#def101]
bluez-5.75/src/adv_monitor.c: scope_hint: In function ‘monitor_process’
bluez-5.75/src/adv_monitor.c:976:48: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*monitor.merged_pattern’
bluez-5.75/src/adv_monitor.c:36: included_from: Included from here.
bluez-5.75/src/adv_monitor.c:975:35: note: in expansion of macro ‘malloc0’
# 974|
# 975| monitor->merged_pattern = malloc0(sizeof(*monitor->merged_pattern));
# 976|-> monitor->merged_pattern->current_state = MERGED_PATTERN_STATE_STABLE;
# 977| monitor->merged_pattern->next_state = MERGED_PATTERN_STATE_STABLE;
# 978|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def102]
bluez-5.75/src/adv_monitor.c:976:48: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘calloc(56, 1)’
/usr/include/glib-2.0/glib/gstring.h:37: included_from: Included from here.
/usr/include/glib-2.0/glib/giochannel.h:36: included_from: Included from here.
/usr/include/glib-2.0/glib.h:56: included_from: Included from here.
bluez-5.75/src/adv_monitor.c:20: included_from: Included from here.
/usr/include/glib-2.0/glib/gstrfuncs.h:180:30: note: in definition of macro ‘g_str_has_prefix’
bluez-5.75/src/adv_monitor.c:695:19: note: in expansion of macro ‘new0’
bluez-5.75/src/adv_monitor.c:975:35: note: in expansion of macro ‘malloc0’
# 974|
# 975| monitor->merged_pattern = malloc0(sizeof(*monitor->merged_pattern));
# 976|-> monitor->merged_pattern->current_state = MERGED_PATTERN_STATE_STABLE;
# 977| monitor->merged_pattern->next_state = MERGED_PATTERN_STATE_STABLE;
# 978|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def103]
bluez-5.75/src/battery.c:234:20: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘battery’
bluez-5.75/src/log.h:60:9: note: in expansion of macro ‘DBG_IDX’
bluez-5.75/src/battery.c:222:9: note: in expansion of macro ‘DBG’
# 232| }
# 233|
# 234|-> if (battery->percentage == percentage)
# 235| return true;
# 236|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def104]
bluez-5.75/src/device.c: scope_hint: In function ‘device_bonding_retry’
bluez-5.75/src/device.c:6580:29: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘data’
bluez-5.75/src/device.c: scope_hint: In function ‘device_bonding_retry’
# 6578| struct btd_device *device = data;
# 6579| struct btd_adapter *adapter = device_get_adapter(device);
# 6580|-> struct bonding_req *bonding = device->bonding;
# 6581| uint8_t io_cap;
# 6582| int err;
Error: CPPCHECK_WARNING (CWE-570): [#def105]
bluez-5.75/src/log.c:159: error[comparePointers]: Comparing pointers that point to different objects
# 157| struct btd_debug_desc *desc;
# 158|
# 159|-> for (desc = __start___debug; desc < __stop___debug; desc++)
# 160| desc->flags |= BTD_DEBUG_FLAG_PRINT;
# 161| }
Error: GCC_ANALYZER_WARNING (CWE-476): [#def106]
bluez-5.75/src/battery.c:28: included_from: Included from here.
bluez-5.75/src/battery.c: scope_hint: In function ‘btd_battery_update’
bluez-5.75/src/log.h:56:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘battery’
bluez-5.75/src/log.h:60:9: note: in expansion of macro ‘DBG_IDX’
bluez-5.75/src/battery.c:222:9: note: in expansion of macro ‘DBG’
bluez-5.75/src/log.h:60:9: note: in expansion of macro ‘DBG_IDX’
bluez-5.75/src/battery.c:222:9: note: in expansion of macro ‘DBG’
bluez-5.75/src/log.h:60:9: note: in expansion of macro ‘DBG_IDX’
bluez-5.75/src/battery.c:222:9: note: in expansion of macro ‘DBG’
bluez-5.75/src/log.h:60:9: note: in expansion of macro ‘DBG_IDX’
bluez-5.75/src/battery.c:222:9: note: in expansion of macro ‘DBG’
# 54| }; \
# 55| if (__btd_debug_desc.flags & BTD_DEBUG_FLAG_PRINT) \
# 56|-> btd_debug(idx, fmt, ## arg); \
# 57| } while (0)
# 58|
Error: CLANG_WARNING: [#def107]
bluez-5.75/src/oui.c:50:2: warning[deadcode.DeadStores]: Value stored to 'hwdb' is never read
# 48| }
# 49|
# 50|-> hwdb = udev_hwdb_unref(hwdb);
# 51|
# 52| done:
Error: CLANG_WARNING: [#def108]
bluez-5.75/src/oui.c:53:2: warning[deadcode.DeadStores]: Value stored to 'udev' is never read
# 51|
# 52| done:
# 53|-> udev = udev_unref(udev);
# 54|
# 55| return comp;
Error: CLANG_WARNING: [#def109]
bluez-5.75/src/sdp-client.c:353:14: warning[core.NullDereference]: Access to field 'cb' results in a dereference of a null pointer
# 351| return err;
# 352|
# 353|-> (*ctxt)->cb = cb;
# 354| (*ctxt)->destroy = destroy;
# 355| (*ctxt)->user_data = user_data;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def110]
bluez-5.75/src/sdp-client.c:353:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
bluez-5.75/src/sdp-client.c: scope_hint: In function ‘bt_search_service’
bluez-5.75/src/sdp-client.c: scope_hint: In function ‘bt_search_service’
bluez-5.75/src/sdp-client.c:15: included_from: Included from here.
# 351| return err;
# 352|
# 353|-> (*ctxt)->cb = cb;
# 354| (*ctxt)->destroy = destroy;
# 355| (*ctxt)->user_data = user_data;
Error: CLANG_WARNING: [#def111]
bluez-5.75/src/sdp-xml.c:126:10: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 124|
# 125| buf[0] = data[i];
# 126|-> buf[1] = data[i + 1];
# 127|
# 128| val.data[j++] = strtoul(buf, 0, 16);
Error: CLANG_WARNING: [#def112]
bluez-5.75/src/sdp-xml.c:300:11: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 298| for (; i < 32; i += 2) {
# 299| buf[0] = data[i];
# 300|-> buf[1] = data[i + 1];
# 301|
# 302| val.data[i >> 1] = strtoul(buf, 0, 16);
Error: CLANG_WARNING: [#def113]
bluez-5.75/src/sdp-xml.c:338:11: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 336| for (i = 0; i < len; i += 2) {
# 337| buf[0] = data[i];
# 338|-> buf[1] = data[i + 1];
# 339|
# 340| decoded[i >> 1] = strtoul(buf, 0, 16);
Error: GCC_ANALYZER_WARNING (CWE-476): [#def114]
bluez-5.75/src/sdp-xml.c: scope_hint: In function ‘element_start.part.0’
bluez-5.75/src/sdp-xml.c:461:31: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 459| if (ctx_data->stack_head) {
# 460| struct sdp_xml_data *newelem = sdp_xml_data_alloc();
# 461|-> newelem->next = ctx_data->stack_head;
# 462| ctx_data->stack_head = newelem;
# 463| } else {
Error: GCC_ANALYZER_WARNING (CWE-476): [#def115]
bluez-5.75/src/sdp-xml.c:465:44: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 463| } else {
# 464| ctx_data->stack_head = sdp_xml_data_alloc();
# 465|-> ctx_data->stack_head->next = NULL;
# 466| }
# 467|
Error: GCC_ANALYZER_WARNING (CWE-688): [#def116]
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘sdp_cstate_alloc_buf’
bluez-5.75/src/sdpd-request.c:105:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘data’ where non-null expected
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘sdp_cstate_alloc_buf’
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘sdp_cstate_alloc_buf’
bluez-5.75/src/shared/util.h:215:16: note: in expansion of macro ‘be16_to_cpu’
bluez-5.75/src/shared/util.h:215:28: note: in expansion of macro ‘get_unaligned’
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘sdp_cstate_alloc_buf’
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
# 103| uint8_t *data = malloc(buf->data_size);
# 104|
# 105|-> memcpy(data, buf->data, buf->data_size);
# 106| memset(cinfo, 0, sizeof(sdp_cont_info_t));
# 107| cinfo->buf.data = data;
Error: GCC_ANALYZER_WARNING (CWE-688): [#def117]
bluez-5.75/src/sdpd-request.c:106:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘cinfo’ where non-null expected
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘sdp_cstate_alloc_buf’
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘sdp_cstate_alloc_buf’
bluez-5.75/src/shared/util.h:215:16: note: in expansion of macro ‘be16_to_cpu’
bluez-5.75/src/shared/util.h:215:28: note: in expansion of macro ‘get_unaligned’
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘sdp_cstate_alloc_buf’
<built-in>: note: argument 1 of ‘__builtin_memset’ must be non-null
# 104|
# 105| memcpy(data, buf->data, buf->data_size);
# 106|-> memset(cinfo, 0, sizeof(sdp_cont_info_t));
# 107| cinfo->buf.data = data;
# 108| cinfo->buf.data_size = buf->data_size;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def118]
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘extract_des’
bluez-5.75/src/sdpd-request.c:203:42: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘aid’
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘extract_des’
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘extract_des’
bluez-5.75/src/shared/util.h:239:16: note: in expansion of macro ‘be32_to_cpu’
bluez-5.75/src/shared/util.h:239:28: note: in expansion of macro ‘get_unaligned’
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘extract_des’
bluez-5.75/src/shared/util.h:215:16: note: in expansion of macro ‘be16_to_cpu’
bluez-5.75/src/shared/util.h:215:28: note: in expansion of macro ‘get_unaligned’
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘extract_des’
# 201| struct attrid *aid;
# 202| aid = malloc(sizeof(struct attrid));
# 203|-> aid->dtd = dataType;
# 204| aid->uint16 = get_be16(p);
# 205| pElem = (char *) aid;
Error: CLANG_WARNING: [#def119]
bluez-5.75/src/sdpd-request.c:211:13: warning[unix.MallocSizeof]: Result of 'malloc' is converted to a pointer of type 'char', which is incompatible with sizeof operand type 'uint16_t'
# 209| memcpy(&tmp, p, sizeof(tmp));
# 210|
# 211|-> pElem = malloc(sizeof(uint16_t));
# 212| put_be16(tmp, pElem);
# 213| }
Error: GCC_ANALYZER_WARNING (CWE-476): [#def120]
bluez-5.75/src/sdpd-request.c:230:42: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘aid’
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘extract_des’
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘extract_des’
bluez-5.75/src/shared/util.h:239:16: note: in expansion of macro ‘be32_to_cpu’
bluez-5.75/src/shared/util.h:239:28: note: in expansion of macro ‘get_unaligned’
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘extract_des’
bluez-5.75/src/shared/util.h:215:16: note: in expansion of macro ‘be16_to_cpu’
bluez-5.75/src/shared/util.h:215:28: note: in expansion of macro ‘get_unaligned’
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘extract_des’
# 228| struct attrid *aid;
# 229| aid = malloc(sizeof(struct attrid));
# 230|-> aid->dtd = dataType;
# 231| aid->uint32 = get_be32(p);
# 232|
Error: CLANG_WARNING: [#def121]
bluez-5.75/src/sdpd-request.c:239:13: warning[unix.MallocSizeof]: Result of 'malloc' is converted to a pointer of type 'char', which is incompatible with sizeof operand type 'uint32_t'
# 237| memcpy(&tmp, p, sizeof(tmp));
# 238|
# 239|-> pElem = malloc(sizeof(uint32_t));
# 240| put_be32(tmp, pElem);
# 241| }
Error: GCC_ANALYZER_WARNING (CWE-688): [#def122]
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘process_request’
bluez-5.75/src/sdpd-request.c:1017:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘buf’ where non-null expected
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘process_request’
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘process_request’
<built-in>: note: argument 1 of ‘__builtin_memset’ must be non-null
# 1015| int status = SDP_INVALID_SYNTAX;
# 1016|
# 1017|-> memset(buf, 0, USHRT_MAX);
# 1018| rsp.data = buf + sizeof(sdp_pdu_hdr_t);
# 1019| rsp.data_size = 0;
Error: GCC_ANALYZER_WARNING (CWE-688): [#def123]
bluez-5.75/src/shared/ad.c: scope_hint: In function 'ad_replace_data'
bluez-5.75/src/shared/ad.c:394:17: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
bluez-5.75/src/shared/ad.c:26: included_from: Included from here.
bluez-5.75/src/shared/ad.c:389:58: note: in expansion of macro 'UINT_TO_PTR'
<built-in>: note: argument 1 of '__builtin_memcpy' must be non-null
# 392| return false;
# 393| new_data->data = realloc(new_data->data, len);
# 394|-> memcpy(new_data->data, data, len);
# 395| new_data->len = len;
# 396| return true;
Error: GCC_ANALYZER_WARNING (CWE-688): [#def124]
bluez-5.75/src/shared/ad.c: scope_hint: In function 'bt_ad_add_manufacturer_data'
bluez-5.75/src/shared/ad.c:847:17: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
bluez-5.75/src/shared/ad.c:842:49: note: in expansion of macro 'UINT_TO_PTR'
<built-in>: note: argument 1 of '__builtin_memcpy' must be non-null
# 845| return false;
# 846| new_data->data = realloc(new_data->data, len);
# 847|-> memcpy(new_data->data, data, len);
# 848| new_data->len = len;
# 849| return true;
Error: GCC_ANALYZER_WARNING (CWE-688): [#def125]
bluez-5.75/src/shared/ad.c: scope_hint: In function 'bt_ad_add_service_data'
bluez-5.75/src/shared/ad.c:983:17: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
<built-in>: note: argument 1 of '__builtin_memcpy' must be non-null
# 981| return false;
# 982| new_data->data = realloc(new_data->data, len);
# 983|-> memcpy(new_data->data, data, len);
# 984| new_data->len = len;
# 985| return true;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def126]
bluez-5.75/src/shared/bap.c: scope_hint: In function 'bap_stream_io_attach'
bluez-5.75/src/shared/bap.c:40:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'stream'
bluez-5.75/src/shared/bap.c:2169:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/bap.c:2169:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/bap.c:2169:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/bap.c:2169:9: note: in expansion of macro 'DBG'
# 38| #define ASE_UUID(_id) (_id < NUM_SINKS ? ASE_SINK_UUID : ASE_SOURCE_UUID)
# 39| #define DBG(_bap, fmt, arg...) \
# 40|-> bap_debug(_bap, "%s:%s() " fmt, __FILE__, __func__, ## arg)
# 41|
# 42| #define LTV(_type, _bytes...) \
Error: GCC_ANALYZER_WARNING (CWE-476): [#def127]
bluez-5.75/src/shared/bap.c: scope_hint: In function 'bap_get_session.part.0'
bluez-5.75/src/shared/bap.c:639:18: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 637|
# 638| bap = bt_bap_new(db, NULL);
# 639|-> bap->att = att;
# 640|
# 641| bt_bap_attach(bap, NULL);
Error: GCC_ANALYZER_WARNING (CWE-476): [#def128]
bluez-5.75/src/shared/bap.c: scope_hint: In function 'bap_cp_attach'
bluez-5.75/src/shared/bap.c:4549:50: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 4547| struct bt_ascs *ascs = bap_get_ascs(bap);
# 4548|
# 4549|-> if (!gatt_db_attribute_get_char_data(ascs->ase_cp, NULL,
# 4550| &value_handle,
# 4551| NULL, NULL, NULL))
Error: GCC_ANALYZER_WARNING (CWE-476): [#def129]
bluez-5.75/src/shared/bap.c: scope_hint: In function 'foreach_ascs_service'
bluez-5.75/src/shared/bap.c:4614:23: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 4612| struct bt_ascs *ascs = bap_get_ascs(bap);
# 4613|
# 4614|-> ascs->service = attr;
# 4615|
# 4616| gatt_db_service_set_claimed(attr, true);
Error: GCC_ANALYZER_WARNING (CWE-476): [#def130]
bluez-5.75/src/shared/bass.c: scope_hint: In function 'bass_build_bcast_src'
bluez-5.75/src/shared/bass.c:294:17: warning[-Wanalyzer-null-dereference]: dereference of NULL 'bad_code'
# 292|
# 293| if (enc == BT_BASS_BIG_ENC_STATE_BAD_CODE)
# 294|-> memcpy(bcast_src->bad_code, bad_code, BT_BASS_BCAST_CODE_SIZE);
# 295| else
# 296| memset(bcast_src->bad_code, 0, BT_BASS_BCAST_CODE_SIZE);
Error: GCC_ANALYZER_WARNING (CWE-476): [#def131]
bluez-5.75/src/shared/bass.c: scope_hint: In function 'bass_get_session.part.0'
bluez-5.75/src/shared/bass.c:755:19: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 753|
# 754| bass = bt_bass_new(db, NULL, adapter_bdaddr);
# 755|-> bass->att = att;
# 756|
# 757| bt_bass_attach(bass, NULL);
Error: GCC_ANALYZER_WARNING (CWE-476): [#def132]
bluez-5.75/src/shared/ccp.c: scope_hint: In function 'bt_ccp_incom_call_attach'
bluez-5.75/src/shared/ccp.c:661:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/ccp.c:659:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/ccp.c:659:9: note: in expansion of macro 'DBG'
# 659| DBG(ccp, "");
# 660|
# 661|-> if (!gatt_db_attribute_get_char_data(ccs->incoming_call, NULL,
# 662| &value_handle,
# 663| NULL, NULL, NULL))
Error: GCC_ANALYZER_WARNING (CWE-476): [#def133]
bluez-5.75/src/shared/ccp.c: scope_hint: In function 'bt_ccp_call_state_attach'
bluez-5.75/src/shared/ccp.c:683:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/ccp.c:681:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/ccp.c:681:9: note: in expansion of macro 'DBG'
# 681| DBG(ccp, "");
# 682|
# 683|-> if (!gatt_db_attribute_get_char_data(ccs->call_state, NULL,
# 684| &value_handle,
# 685| NULL, NULL, NULL))
Error: GCC_ANALYZER_WARNING (CWE-476): [#def134]
bluez-5.75/src/shared/ccp.c: scope_hint: In function 'bt_ccp_call_list_attach'
bluez-5.75/src/shared/ccp.c:705:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/ccp.c:703:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/ccp.c:703:9: note: in expansion of macro 'DBG'
# 703| DBG(ccp, "");
# 704|
# 705|-> if (!gatt_db_attribute_get_char_data(ccs->current_call_list, NULL,
# 706| &value_handle,
# 707| NULL, NULL, NULL))
Error: GCC_ANALYZER_WARNING (CWE-476): [#def135]
bluez-5.75/src/shared/ccp.c: scope_hint: In function 'bt_ccp_name_attach'
bluez-5.75/src/shared/ccp.c:727:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/ccp.c:725:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/ccp.c:725:9: note: in expansion of macro 'DBG'
# 725| DBG(ccp, "");
# 726|
# 727|-> if (!gatt_db_attribute_get_char_data(ccs->bearer_name, NULL,
# 728| &value_handle,
# 729| NULL, NULL, NULL))
Error: GCC_ANALYZER_WARNING (CWE-476): [#def136]
bluez-5.75/src/shared/ccp.c: scope_hint: In function 'bt_ccp_term_reason_attach'
bluez-5.75/src/shared/ccp.c:749:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/ccp.c:747:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/ccp.c:747:9: note: in expansion of macro 'DBG'
# 747| DBG(ccp, "");
# 748|
# 749|-> if (!gatt_db_attribute_get_char_data(ccs->termination_reason, NULL,
# 750| &value_handle, NULL, NULL, NULL))
# 751| return;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def137]
bluez-5.75/src/shared/ccp.c: scope_hint: In function 'bt_ccp_status_attach'
bluez-5.75/src/shared/ccp.c:770:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/ccp.c:768:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/ccp.c:768:9: note: in expansion of macro 'DBG'
# 768| DBG(ccp, "");
# 769|
# 770|-> if (!gatt_db_attribute_get_char_data(ccs->status_flag, NULL,
# 771| &value_handle,
# 772| NULL, NULL, NULL))
Error: GCC_ANALYZER_WARNING (CWE-476): [#def138]
bluez-5.75/src/shared/ccp.c: scope_hint: In function 'bt_ccp_uci_attach'
bluez-5.75/src/shared/ccp.c:792:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/ccp.c:790:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/ccp.c:790:9: note: in expansion of macro 'DBG'
# 790| DBG(ccp, "");
# 791|
# 792|-> if (!gatt_db_attribute_get_char_data(ccs->bearer_uci, NULL,
# 793| &value_handle,
# 794| NULL, NULL, NULL))
Error: GCC_ANALYZER_WARNING (CWE-476): [#def139]
bluez-5.75/src/shared/ccp.c: scope_hint: In function 'bt_ccp_technology_attach'
bluez-5.75/src/shared/ccp.c:813:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/ccp.c:811:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/ccp.c:811:9: note: in expansion of macro 'DBG'
# 811| DBG(ccp, "");
# 812|
# 813|-> if (!gatt_db_attribute_get_char_data(ccs->bearer_technology, NULL,
# 814| &value_handle,
# 815| NULL, NULL, NULL))
Error: GCC_ANALYZER_WARNING (CWE-476): [#def140]
bluez-5.75/src/shared/ccp.c: scope_hint: In function 'bt_ccp_strength_attach'
bluez-5.75/src/shared/ccp.c:833:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/ccp.c:831:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/ccp.c:831:9: note: in expansion of macro 'DBG'
# 831| DBG(ccp, "");
# 832|
# 833|-> if (!gatt_db_attribute_get_char_data(ccs->signal_strength, NULL,
# 834| &value_handle,
# 835| NULL, NULL, NULL))
Error: GCC_ANALYZER_WARNING (CWE-476): [#def141]
bluez-5.75/src/shared/ccp.c: scope_hint: In function 'bt_ccp_ccid_attach'
bluez-5.75/src/shared/ccp.c:853:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/ccp.c:851:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/ccp.c:851:9: note: in expansion of macro 'DBG'
# 851| DBG(ccp, "");
# 852|
# 853|-> if (!gatt_db_attribute_get_char_data(ccs->ccid, NULL, &value_handle,
# 854| NULL, NULL, NULL))
# 855| return;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def142]
bluez-5.75/src/shared/ccp.c: scope_hint: In function 'bt_ccp_tar_uri_attach'
bluez-5.75/src/shared/ccp.c:872:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/ccp.c:870:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/ccp.c:870:9: note: in expansion of macro 'DBG'
# 870| DBG(ccp, "");
# 871|
# 872|-> if (!gatt_db_attribute_get_char_data(ccs->target_bearer_uri, NULL,
# 873| &value_handle,
# 874| NULL, NULL, NULL))
Error: GCC_ANALYZER_WARNING (CWE-476): [#def143]
bluez-5.75/src/shared/ccp.c: scope_hint: In function 'bt_ccp_ctrl_point_attach'
bluez-5.75/src/shared/ccp.c:893:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/ccp.c:891:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/ccp.c:891:9: note: in expansion of macro 'DBG'
# 891| DBG(ccp, "");
# 892|
# 893|-> if (!gatt_db_attribute_get_char_data(ccs->call_ctrl_point, NULL,
# 894| &value_handle,
# 895| NULL, NULL, NULL))
Error: GCC_ANALYZER_WARNING (CWE-476): [#def144]
bluez-5.75/src/shared/ccp.c: scope_hint: In function 'bt_ccp_ctrl_opcode_attach'
bluez-5.75/src/shared/ccp.c:913:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/ccp.c:911:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/ccp.c:911:9: note: in expansion of macro 'DBG'
# 911| DBG(ccp, "");
# 912|
# 913|-> if (!gatt_db_attribute_get_char_data(ccs->call_ctrl_opt_opcode, NULL,
# 914| &value_handle,
# 915| NULL, NULL, NULL))
Error: GCC_ANALYZER_WARNING (CWE-476): [#def145]
bluez-5.75/src/shared/ccp.c: scope_hint: In function 'bt_ccp_friendly_name_attach'
bluez-5.75/src/shared/ccp.c:933:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/ccp.c:931:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/ccp.c:931:9: note: in expansion of macro 'DBG'
# 931| DBG(ccp, "");
# 932|
# 933|-> if (!gatt_db_attribute_get_char_data(ccs->friendly_name, NULL,
# 934| &value_handle,
# 935| NULL, NULL, NULL))
Error: GCC_ANALYZER_WARNING (CWE-476): [#def146]
bluez-5.75/src/shared/ccp.c: scope_hint: In function 'bt_ccp_signal_intrvl_attach'
bluez-5.75/src/shared/ccp.c:953:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/ccp.c:951:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/ccp.c:951:9: note: in expansion of macro 'DBG'
# 951| DBG(ccp, "");
# 952|
# 953|-> if (!gatt_db_attribute_get_char_data(ccs->signal_reporting_intrvl, NULL,
# 954| &value_handle,
# 955| NULL, NULL, NULL))
Error: GCC_ANALYZER_WARNING (CWE-476): [#def147]
bluez-5.75/src/shared/ccp.c: scope_hint: In function 'bt_ccp_uri_list_attach'
bluez-5.75/src/shared/ccp.c:973:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/ccp.c:971:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/ccp.c:971:9: note: in expansion of macro 'DBG'
# 971| DBG(ccp, "");
# 972|
# 973|-> if (!gatt_db_attribute_get_char_data(ccs->bearer_uri_schemes_list, NULL,
# 974| &value_handle,
# 975| NULL, NULL, NULL))
Error: GCC_ANALYZER_WARNING (CWE-476): [#def148]
bluez-5.75/src/shared/ccp.c: scope_hint: In function 'foreach_ccs_service'
bluez-5.75/src/shared/ccp.c:1129:22: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 1127| struct bt_ccs *ccs = ccp_get_ccs(ccp);
# 1128|
# 1129|-> ccs->service = attr;
# 1130|
# 1131| gatt_db_service_foreach_char(attr, foreach_ccs_char, ccp);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def149]
bluez-5.75/src/shared/crypto.c: scope_hint: In function 'alg_new'
bluez-5.75/src/shared/crypto.c:212:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor '*crypto.cmac_aes'
# 210|
# 211| /* FIXME: This should use accept4() with SOCK_CLOEXEC */
# 212|-> return accept(fd, NULL, 0);
# 213| }
# 214|
Error: GCC_ANALYZER_WARNING (CWE-775): [#def150]
bluez-5.75/src/shared/crypto.c:212:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor '*crypto.ecb_aes'
bluez-5.75/src/shared/crypto.c: scope_hint: In function 'alg_new'
# 210|
# 211| /* FIXME: This should use accept4() with SOCK_CLOEXEC */
# 212|-> return accept(fd, NULL, 0);
# 213| }
# 214|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def151]
bluez-5.75/src/shared/csip.c: scope_hint: In function 'foreach_csis_service'
bluez-5.75/src/shared/csip.c:605:23: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 603| struct bt_csis *csis = csip_get_csis(csip);
# 604|
# 605|-> csis->service = attr;
# 606|
# 607| gatt_db_service_set_claimed(attr, true);
Error: GCC_ANALYZER_WARNING (CWE-416): [#def152]
bluez-5.75/src/shared/gatt-client.c: scope_hint: In function 'request_unref'
bluez-5.75/src/shared/gatt-client.c:199:32: warning[-Wanalyzer-use-after-free]: use after 'free' of 'data'
# 197| {
# 198| struct request *req = data;
# 199|-> struct bt_gatt_client *client = req->client;
# 200|
# 201| if (__sync_sub_and_fetch(&req->ref_count, 1))
Error: CLANG_WARNING: [#def153]
bluez-5.75/src/shared/gatt-client.c:451:21: warning[unix.Malloc]: Use of memory after it is freed
# 449| * range.
# 450| */
# 451|-> gatt_db_unregister(op->client->db, op->db_id);
# 452| op->db_id = 0;
# 453|
Error: CLANG_WARNING: [#def154]
bluez-5.75/src/shared/gatt-client.c:696:2: warning[unix.Malloc]: Use of memory after it is freed
# 694| discovery_op_unref(op);
# 695| failed:
# 696|-> discovery_op_complete(op, false, att_ecode);
# 697| }
# 698|
Error: CLANG_WARNING: [#def155]
bluez-5.75/src/shared/gatt-client.c:996:2: warning[unix.Malloc]: Use of memory after it is freed
# 994|
# 995| done:
# 996|-> discovery_op_complete(op, success, att_ecode);
# 997| }
# 998|
Error: CLANG_WARNING: [#def156]
bluez-5.75/src/shared/gatt-client.c:1102:2: warning[unix.Malloc]: Use of memory after it is freed
# 1100|
# 1101| done:
# 1102|-> discovery_op_complete(op, success, att_ecode);
# 1103| }
# 1104|
Error: CLANG_WARNING: [#def157]
bluez-5.75/src/shared/gatt-client.c:1294:2: warning[unix.Malloc]: Use of memory after it is freed
# 1292|
# 1293| done:
# 1294|-> discovery_op_complete(op, success, att_ecode);
# 1295| }
# 1296|
Error: CLANG_WARNING: [#def158]
bluez-5.75/src/shared/gatt-client.c:1359:2: warning[unix.Malloc]: Use of memory after it is freed
# 1357|
# 1358| done:
# 1359|-> discovery_op_complete(op, success, att_ecode);
# 1360| }
# 1361|
Error: CLANG_WARNING: [#def159]
bluez-5.75/src/shared/gatt-client.c:1634:6: warning[unix.Malloc]: Use of memory after it is freed
# 1632| read_server_feat(op);
# 1633|
# 1634|-> if (read_db_hash(op)) {
# 1635| op->success = false;
# 1636| return;
Error: CLANG_WARNING: [#def160]
bluez-5.75/src/shared/gatt-client.c:1639:2: warning[unix.Malloc]: Use of memory after it is freed
# 1637| }
# 1638|
# 1639|-> discover_all(op);
# 1640| }
# 1641|
Error: CLANG_WARNING: [#def161]
bluez-5.75/src/shared/gatt-client.c:2143:6: warning[unix.Malloc]: Use of memory after it is freed
# 2141| read_server_feat(op);
# 2142|
# 2143|-> if (read_db_hash(op)) {
# 2144| op->success = false;
# 2145| goto done;
Error: CLANG_WARNING: [#def162]
bluez-5.75/src/shared/gatt-client.c:2151:8: warning[unix.Malloc]: Use of memory after it is freed
# 2149| client->att, NULL,
# 2150| discover_primary_cb,
# 2151|-> discovery_op_ref(op),
# 2152| discovery_op_unref);
# 2153| if (!client->discovery_req) {
Error: GCC_ANALYZER_WARNING (CWE-457): [#def163]
bluez-5.75/src/shared/gatt-client.c: scope_hint: In function 'bt_gatt_client_write_value'
bluez-5.75/src/shared/gatt-client.c:3154:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'value'
bluez-5.75/src/shared/gatt-client.c:19: included_from: Included from here.
bluez-5.75/src/shared/gatt-client.c:3758:57: note: in expansion of macro 'UINT_TO_PTR'
bluez-5.75/src/shared/gatt-client.c:24: included_from: Included from here.
bluez-5.75/src/shared/gatt-client.c: scope_hint: In function 'bt_gatt_client_write_value'
bluez-5.75/src/shared/gatt-client.c:3138:14: note: in expansion of macro 'new0'
bluez-5.75/src/shared/gatt-client.c:145:15: note: in expansion of macro 'new0'
# 3152|
# 3153| put_le16(value_handle, pdu);
# 3154|-> memcpy(pdu + 2, value, length);
# 3155|
# 3156| req->att_id = bt_att_send(client->att, BT_ATT_OP_WRITE_REQ,
Error: CLANG_WARNING: [#def164]
bluez-5.75/src/shared/gatt-client.c:3240:2: warning[unix.Malloc]: Use of memory after it is freed
# 3238|
# 3239| done:
# 3240|-> complete_write_long_op(req, success, 0, false);
# 3241| }
# 3242|
Error: CLANG_WARNING: [#def165]
bluez-5.75/src/shared/gatt-client.c:3262:2: warning[unix.Malloc]: Use of memory after it is freed
# 3260| * necessary, since we also added a ref before pushing to the queue.
# 3261| */
# 3262|-> request_unref(req);
# 3263| }
# 3264|
Error: GCC_ANALYZER_WARNING (CWE-416): [#def166]
bluez-5.75/src/shared/gatt-client.c: scope_hint: In function 'complete_write_long_op'
bluez-5.75/src/shared/gatt-client.c:3293:31: warning[-Wanalyzer-use-after-free]: use after 'free' of 'req'
# 3291| uint8_t att_ecode, bool reliable_error)
# 3292| {
# 3293|-> struct long_write_op *op = req->data;
# 3294| uint8_t pdu;
# 3295| int err;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def167]
bluez-5.75/src/shared/gatt-db.c: scope_hint: In function 'read_ext_prop_value'
bluez-5.75/src/shared/gatt-db.c:1831:37: warning[-Wanalyzer-null-dereference]: dereference of NULL 'value'
# 1829| return;
# 1830|
# 1831|-> *ext_prop = (uint16_t) value[0];
# 1832| }
# 1833|
Error: GCC_ANALYZER_WARNING (CWE-457): [#def168]
bluez-5.75/src/shared/gatt-server.c: scope_hint: In function 'read_by_grp_type_cb'
bluez-5.75/src/shared/gatt-server.c:322:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'type'
bluez-5.75/src/shared/att.h:11: included_from: Included from here.
bluez-5.75/src/shared/gatt-server.c:19: included_from: Included from here.
bluez-5.75/src/shared/gatt-server.c:295:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/gatt-server.c:295:9: note: in expansion of macro 'DBG'
# 320| }
# 321|
# 322|-> gatt_db_read_by_group_type(server->db, start, end, type, q);
# 323|
# 324| if (queue_isempty(q)) {
Error: GCC_ANALYZER_WARNING (CWE-457): [#def169]
bluez-5.75/src/shared/gatt-server.c: scope_hint: In function 'read_by_type_cb'
bluez-5.75/src/shared/gatt-server.c:531:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'type'
# 529| }
# 530|
# 531|-> gatt_db_read_by_type(server->db, start, end, type, q);
# 532|
# 533| if (queue_isempty(q)) {
Error: GCC_ANALYZER_WARNING (CWE-688): [#def170]
bluez-5.75/src/shared/gatt-server.c: scope_hint: In function 'prep_write_cb'
bluez-5.75/src/shared/gatt-server.c:1350:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'malloc((long unsigned int)length)' where non-null expected
bluez-5.75/src/shared/util.h:26:27: note: in definition of macro 'le16_to_cpu'
bluez-5.75/src/shared/util.h:210:28: note: in expansion of macro 'get_unaligned'
bluez-5.75/src/shared/gatt-server.c: scope_hint: In function 'prep_write_cb'
bluez-5.75/src/shared/gatt-server.c:1337:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/gatt-server.c:1337:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/gatt-server.c:1337:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/gatt-server.c: scope_hint: In function 'prep_write_cb'
bluez-5.75/src/shared/gatt-server.c:1347:16: note: in expansion of macro 'new0'
<built-in>: note: argument 1 of '__builtin_memcpy' must be non-null
# 1348| pwcd->chan = chan;
# 1349| pwcd->pdu = malloc(length);
# 1350|-> memcpy(pwcd->pdu, pdu, length);
# 1351| pwcd->length = length;
# 1352| pwcd->server = server;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def171]
bluez-5.75/src/shared/mcp.c: scope_hint: In function 'mcp_send'
bluez-5.75/src/shared/mcp.c:586:17: warning[-Wanalyzer-null-dereference]: dereference of NULL 'mcp'
bluez-5.75/src/shared/mcp.c:584:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/mcp.c:584:9: note: in expansion of macro 'DBG'
# 584| DBG(mcp, "mcs %p", mcs);
# 585|
# 586|-> if (!mcp->client)
# 587| return -1;
# 588|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def172]
bluez-5.75/src/shared/mcp.c: scope_hint: In function 'bt_mcp_mp_name_attach'
bluez-5.75/src/shared/mcp.c:1008:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 1006| struct bt_mcs *mcs = mcp_get_mcs(mcp);
# 1007|
# 1008|-> if (!gatt_db_attribute_get_char_data(mcs->mp_name, NULL, &value_handle,
# 1009| NULL, NULL, NULL))
# 1010| return;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def173]
bluez-5.75/src/shared/mcp.c: scope_hint: In function 'bt_mcp_track_changed_attach'
bluez-5.75/src/shared/mcp.c:1026:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 1024| struct bt_mcs *mcs = mcp_get_mcs(mcp);
# 1025|
# 1026|-> if (!gatt_db_attribute_get_char_data(mcs->track_changed, NULL,
# 1027| &value_handle, NULL, NULL, NULL))
# 1028| return;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def174]
bluez-5.75/src/shared/mcp.c: scope_hint: In function 'bt_mcp_track_title_attach'
bluez-5.75/src/shared/mcp.c:1042:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 1040| struct bt_mcs *mcs = mcp_get_mcs(mcp);
# 1041|
# 1042|-> if (!gatt_db_attribute_get_char_data(mcs->track_title, NULL,
# 1043| &value_handle, NULL, NULL, NULL))
# 1044| return;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def175]
bluez-5.75/src/shared/mcp.c: scope_hint: In function 'bt_mcp_track_duration_attach'
bluez-5.75/src/shared/mcp.c:1060:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 1058| struct bt_mcs *mcs = mcp_get_mcs(mcp);
# 1059|
# 1060|-> if (!gatt_db_attribute_get_char_data(mcs->track_duration, NULL,
# 1061| &value_handle, NULL, NULL, NULL))
# 1062| return;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def176]
bluez-5.75/src/shared/mcp.c: scope_hint: In function 'bt_mcp_track_position_attach'
bluez-5.75/src/shared/mcp.c:1078:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 1076| struct bt_mcs *mcs = mcp_get_mcs(mcp);
# 1077|
# 1078|-> if (!gatt_db_attribute_get_char_data(mcs->track_position, NULL,
# 1079| &value_handle, NULL, NULL, NULL))
# 1080| return;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def177]
bluez-5.75/src/shared/mcp.c: scope_hint: In function 'bt_mcp_media_state_attach'
bluez-5.75/src/shared/mcp.c:1096:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 1094| struct bt_mcs *mcs = mcp_get_mcs(mcp);
# 1095|
# 1096|-> if (!gatt_db_attribute_get_char_data(mcs->media_state, NULL,
# 1097| &value_handle, NULL, NULL, NULL))
# 1098| return;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def178]
bluez-5.75/src/shared/mcp.c: scope_hint: In function 'bt_mcp_media_cp_attach'
bluez-5.75/src/shared/mcp.c:1114:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 1112| struct bt_mcs *mcs = mcp_get_mcs(mcp);
# 1113|
# 1114|-> if (!gatt_db_attribute_get_char_data(mcs->media_cp, NULL,
# 1115| &value_handle, NULL, NULL, NULL))
# 1116| return;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def179]
bluez-5.75/src/shared/mcp.c: scope_hint: In function 'bt_mcp_media_cp_op_supported_attach'
bluez-5.75/src/shared/mcp.c:1130:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 1128| struct bt_mcs *mcs = mcp_get_mcs(mcp);
# 1129|
# 1130|-> if (!gatt_db_attribute_get_char_data(mcs->media_cp_op_supportd, NULL,
# 1131| &value_handle, NULL, NULL, NULL))
# 1132| return;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def180]
bluez-5.75/src/shared/mcp.c: scope_hint: In function 'bt_mcp_content_control_id_supported_attach'
bluez-5.75/src/shared/mcp.c:1149:49: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 1147| struct bt_mcs *mcs = mcp_get_mcs(mcp);
# 1148|
# 1149|-> if (!gatt_db_attribute_get_char_data(mcs->content_control_id, NULL,
# 1150| &value_handle, NULL, NULL, NULL))
# 1151| return;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def181]
bluez-5.75/src/shared/mcp.c: scope_hint: In function 'foreach_mcs_service'
bluez-5.75/src/shared/mcp.c:1313:22: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/mcp.c:1311:9: note: in expansion of macro 'DBG'
bluez-5.75/src/shared/mcp.c:1311:9: note: in expansion of macro 'DBG'
# 1311| DBG(mcp, "");
# 1312|
# 1313|-> mcs->service = attr;
# 1314|
# 1315| gatt_db_service_foreach_char(attr, foreach_mcs_char, mcp);
Error: GCC_ANALYZER_WARNING (CWE-476): [#def182]
bluez-5.75/src/shared/micp.c: scope_hint: In function 'micp_get_session'
bluez-5.75/src/shared/micp.c:271:19: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 269|
# 270| micp = bt_micp_new(db, NULL);
# 271|-> micp->att = att;
# 272|
# 273| bt_att_register_disconnect(att, micp_disconnected, micp, NULL);
Error: GCC_ANALYZER_WARNING (CWE-476): [#def183]
bluez-5.75/src/shared/micp.c: scope_hint: In function 'mics_muted'
bluez-5.75/src/shared/micp.c:339:21: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/micp.c: scope_hint: In function 'mics_muted'
bluez-5.75/src/shared/micp.c: scope_hint: In function 'mics_muted'
# 337| mute_state = mdb_get_mute_state(mdb);
# 338|
# 339|-> *mute_state = MICS_MUTED;
# 340|
# 341| gatt_db_attribute_notify(mdb->mics->ms, (void *)mute_state,
Error: GCC_ANALYZER_WARNING (CWE-476): [#def184]
bluez-5.75/src/shared/micp.c: scope_hint: In function 'mics_mute_write'
bluez-5.75/src/shared/micp.c:417:13: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/micp.c: scope_hint: In function 'mics_mute_write'
bluez-5.75/src/shared/micp.c: scope_hint: In function 'mics_mute_write'
bluez-5.75/src/shared/micp.c: scope_hint: In function 'mics_mute_write'
# 415|
# 416| mute_state = mdb_get_mute_state(mdb);
# 417|-> if (*mute_state == MICS_DISABLED) {
# 418| DBG(micp, "state: MICS DISABLED , can not write value: %d",
# 419| *micp_op);
Error: GCC_ANALYZER_WARNING (CWE-476): [#def185]
bluez-5.75/src/shared/micp.c: scope_hint: In function 'foreach_mics_service'
bluez-5.75/src/shared/micp.c:782:23: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 780| struct bt_mics *mics = micp_get_mics(micp);
# 781|
# 782|-> mics->service = attr;
# 783|
# 784| gatt_db_service_set_claimed(attr, true);
Error: GCC_ANALYZER_WARNING (CWE-457): [#def186]
bluez-5.75/src/shared/shell.c: scope_hint: In function 'bt_shell_printf'
bluez-5.75/src/shared/shell.c:688:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'saved_line'
bluez-5.75/src/shared/shell.c:29: included_from: Included from here.
# 686| if (!data.saved_prompt)
# 687| rl_restore_prompt();
# 688|-> rl_replace_line(saved_line, 0);
# 689| rl_point = saved_point;
# 690| rl_forced_update_display();
Error: CLANG_WARNING: [#def187]
bluez-5.75/src/shared/shell.c:1331:13: warning[core.NullDereference]: Access to field 'options' results in a dereference of a null pointer (loaded from variable 'opt')
# 1329| }
# 1330|
# 1331|-> if (c != opt->options[index - offset].val) {
# 1332| usage(argc, argv, opt);
# 1333| exit(EXIT_SUCCESS);
Error: GCC_ANALYZER_WARNING (CWE-476): [#def188]
bluez-5.75/src/shared/tester.c: scope_hint: In function 'tester_setup_io'
bluez-5.75/src/shared/tester.c:1009:19: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/tester.c: scope_hint: In function 'tester_setup_io'
# 1007| }
# 1008|
# 1009|-> test->iov = iov;
# 1010| test->iovcnt = iovcnt;
# 1011|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def189]
bluez-5.75/src/shared/tester.c: scope_hint: In function 'tester_io_send'
bluez-5.75/src/shared/tester.c:1019:17: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/tester.c: scope_hint: In function 'tester_io_send'
# 1017| struct test_case *test = tester_get_test();
# 1018|
# 1019|-> if (test->iovcnt)
# 1020| io_set_write_handler(ios[1], test_io_send, NULL, NULL);
# 1021| }
Error: GCC_ANALYZER_WARNING (CWE-476): [#def190]
bluez-5.75/src/shared/tester.c: scope_hint: In function 'tester_io_set_complete_func'
bluez-5.75/src/shared/tester.c:1027:32: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.75/src/shared/tester.c: scope_hint: In function 'tester_io_set_complete_func'
# 1025| struct test_case *test = tester_get_test();
# 1026|
# 1027|-> test->io_complete_func = func;
# 1028| }
# 1029|
Error: GCC_ANALYZER_WARNING (CWE-688): [#def191]
bluez-5.75/src/shared/util.c: scope_hint: In function 'util_iov_memcpy.part.0'
bluez-5.75/src/shared/util.c:379:9: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
<built-in>: note: argument 1 of '__builtin_memcpy' must be non-null
# 377| iov->iov_base = realloc(iov->iov_base, len);
# 378| iov->iov_len = len;
# 379|-> memcpy(iov->iov_base, src, len);
# 380| }
# 381|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def192]
bluez-5.75/src/shared/util.c: scope_hint: In function 'strdelimit'
bluez-5.75/src/shared/util.c:1828:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'dup'
# 1826|
# 1827| dup = strdup(str);
# 1828|-> if (dup[0] == '\0')
# 1829| return dup;
# 1830|
Error: GCC_ANALYZER_WARNING (CWE-457): [#def193]
bluez-5.75/src/shared/util.h:60:12: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*(struct <anonymous> *)(&mic[0]).__v’
bluez-5.75/src/shared/util.h:239:16: note: in expansion of macro ‘be32_to_cpu’
bluez-5.75/src/shared/util.h:239:28: note: in expansion of macro ‘get_unaligned’
bluez-5.75/tools/mesh-gatt/crypto.c: scope_hint: In function ‘mesh_crypto_aes_ccm_decrypt’
bluez-5.75/src/shared/util.h:68:21: note: in definition of macro ‘put_unaligned’
bluez-5.75/src/shared/util.h:286:23: note: in expansion of macro ‘cpu_to_be32’
bluez-5.75/tools/mesh-gatt/crypto.c: scope_hint: In function ‘mesh_crypto_aes_ccm_decrypt’
bluez-5.75/tools/mesh-gatt/crypto.c: scope_hint: In function ‘mesh_crypto_aes_ccm_decrypt’
bluez-5.75/src/shared/util.h:239:16: note: in expansion of macro ‘be32_to_cpu’
bluez-5.75/src/shared/util.h:239:28: note: in expansion of macro ‘get_unaligned’
bluez-5.75/src/shared/util.h:239:16: note: in expansion of macro ‘be32_to_cpu’
bluez-5.75/src/shared/util.h:239:28: note: in expansion of macro ‘get_unaligned’
# 58| __typeof__(*(ptr)) __v; \
# 59| } *__p = (__typeof__(__p)) (ptr); \
# 60|-> __p->__v; \
# 61| })
# 62|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def194]
bluez-5.75/src/shared/util.h:68:18: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'data'
bluez-5.75/src/shared/util.h:259:9: note: in expansion of macro 'put_unaligned'
bluez-5.75/src/shared/gatt-db.c: scope_hint: In function 'gen_hash_m.part.0'
bluez-5.75/src/shared/util.h:259:9: note: in expansion of macro 'put_unaligned'
# 66| __typeof__(*(ptr)) __v; \
# 67| } *__p = (__typeof__(__p)) (ptr); \
# 68|-> __p->__v = (val); \
# 69| } while (0)
# 70|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def195]
bluez-5.75/src/shared/util.h:68:18: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘pElem’
bluez-5.75/src/shared/util.h:264:9: note: in expansion of macro ‘put_unaligned’
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘extract_des’
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘extract_des’
bluez-5.75/src/sdpd-request.c: scope_hint: In function ‘extract_des’
bluez-5.75/src/shared/util.h:264:9: note: in expansion of macro ‘put_unaligned’
# 66| __typeof__(*(ptr)) __v; \
# 67| } *__p = (__typeof__(__p)) (ptr); \
# 68|-> __p->__v = (val); \
# 69| } while (0)
# 70|
Error: GCC_ANALYZER_WARNING (CWE-688): [#def196]
bluez-5.75/src/shared/util.c:39: included_from: Included from here.
bluez-5.75/src/shared/util.c: scope_hint: In function 'util_iov_dup'
bluez-5.75/src/shared/util.h:83:17: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
bluez-5.75/src/shared/util.c:350:15: note: in expansion of macro 'new0'
bluez-5.75/src/shared/util.c:350:15: note: in expansion of macro 'new0'
bluez-5.75/src/shared/util.c:350:15: note: in expansion of macro 'new0'
bluez-5.75/src/shared/util.c:350:15: note: in expansion of macro 'new0'
bluez-5.75/src/shared/util.c:350:15: note: in expansion of macro 'new0'
<built-in>: note: argument 1 of '__builtin_memset' must be non-null
# 81| void *__p; \
# 82| __p = util_malloc(__n * __s); \
# 83|-> memset(__p, 0, __n * __s); \
# 84| __p; \
# 85| }))
Error: CLANG_WARNING: [#def197]
bluez-5.75/tools/mesh-gatt/crypto.c:32: included_from: Included from here.
bluez-5.75/src/shared/util.h:239:9: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 237| static inline uint32_t get_be32(const void *ptr)
# 238| {
# 239|-> return be32_to_cpu(get_unaligned((const uint32_t *) ptr));
# 240| }
# 241|
Error: CLANG_WARNING: [#def198]
bluez-5.75/tools/mesh-gatt/crypto.c:32: included_from: Included from here.
bluez-5.75/src/shared/util.h:249:9: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 247| static inline uint64_t get_be64(const void *ptr)
# 248| {
# 249|-> return be64_to_cpu(get_unaligned((const uint64_t *) ptr));
# 250| }
# 251|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def199]
bluez-5.75/src/shared/vcp.c: scope_hint: In function 'vcp_get_session.part.0'
bluez-5.75/src/shared/vcp.c:501:18: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 499|
# 500| vcp = bt_vcp_new(db, NULL);
# 501|-> vcp->att = att;
# 502|
# 503| bt_att_register_disconnect(att, vcp_disconnected, vcp, NULL);
Error: GCC_ANALYZER_WARNING (CWE-688): [#def200]
bluez-5.75/src/shared/vcp.c: scope_hint: In function 'aics_new'
bluez-5.75/src/shared/vcp.c:1721:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'ip_descr' where non-null expected
bluez-5.75/src/shared/vcp.c:22: included_from: Included from here.
bluez-5.75/src/shared/vcp.c:1716:16: note: in expansion of macro 'new0'
<built-in>: note: argument 1 of '__builtin_memset' must be non-null
# 1719| aics_gain_settng_prop = new0(struct gain_setting_prop, 1);
# 1720| ip_descr = malloc(256);
# 1721|-> memset(ip_descr, 0, 256);
# 1722|
# 1723| aics_aud_ip_st->mute = AICS_NOT_MUTED;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def201]
bluez-5.75/src/shared/vcp.c: scope_hint: In function 'vcp_audio_loc_notify'
bluez-5.75/src/shared/vcp.c:1969:27: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'vocs_audio_loc_n'
# 1967| {
# 1968| uint32_t *vocs_audio_loc_n = malloc(sizeof(uint32_t));
# 1969|-> *vocs_audio_loc_n = 0;
# 1970|
# 1971| if (value != NULL)
Error: GCC_ANALYZER_WARNING (CWE-688): [#def202]
bluez-5.75/src/shared/vcp.c: scope_hint: In function 'read_vocs_audio_descriptor.part.0'
bluez-5.75/src/shared/vcp.c:2131:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'vocs_ao_dec_r' where non-null expected
<built-in>: note: argument 1 of '__builtin_memset' must be non-null
# 2129|
# 2130| vocs_ao_dec_r = malloc(length+1);
# 2131|-> memset(vocs_ao_dec_r, 0, length+1);
# 2132| memcpy(vocs_ao_dec_r, value, length);
# 2133|
Error: GCC_ANALYZER_WARNING (CWE-688): [#def203]
bluez-5.75/src/shared/vcp.c: scope_hint: In function 'read_aics_audio_ip_description.part.0'
bluez-5.75/src/shared/vcp.c:2535:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'ip_descrptn' where non-null expected
<built-in>: note: argument 1 of '__builtin_memset' must be non-null
# 2533|
# 2534| ip_descrptn = malloc(length+1);
# 2535|-> memset(ip_descrptn, 0, length+1);
# 2536| memcpy(ip_descrptn, value, length);
# 2537|
Error: GCC_ANALYZER_WARNING (CWE-688): [#def204]
bluez-5.75/src/shared/vcp.c: scope_hint: In function 'aics_audio_ip_desr_notify'
bluez-5.75/src/shared/vcp.c:2555:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'aud_ip_desr' where non-null expected
<built-in>: note: argument 1 of '__builtin_memset' must be non-null
# 2553|
# 2554| aud_ip_desr = malloc(length+1);
# 2555|-> memset(aud_ip_desr, 0, length+1);
# 2556| memcpy(aud_ip_desr, value, length);
# 2557|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def205]
bluez-5.75/src/shared/vcp.c: scope_hint: In function 'foreach_vcs_service'
bluez-5.75/src/shared/vcp.c:2691:22: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 2689| struct bt_vcs *vcs = vcp_get_vcs(vcp);
# 2690|
# 2691|-> vcs->service = attr;
# 2692|
# 2693| gatt_db_service_set_claimed(attr, true);
Error: GCC_ANALYZER_WARNING (CWE-476): [#def206]
bluez-5.75/src/shared/vcp.c: scope_hint: In function 'foreach_vocs_service'
bluez-5.75/src/shared/vcp.c:2704:23: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 2702| struct bt_vocs *vocs = vcp_get_vocs(vcp);
# 2703|
# 2704|-> vocs->service = attr;
# 2705|
# 2706| gatt_db_service_set_claimed(attr, true);
Error: GCC_ANALYZER_WARNING (CWE-476): [#def207]
bluez-5.75/src/shared/vcp.c: scope_hint: In function 'foreach_aics_service'
bluez-5.75/src/shared/vcp.c:2717:23: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 2715| struct bt_aics *aics = vcp_get_aics(vcp);
# 2716|
# 2717|-> aics->service = attr;
# 2718|
# 2719| gatt_db_service_set_claimed(attr, true);
Error: GCC_ANALYZER_WARNING (CWE-666): [#def208]
bluez-5.75/tools/avinfo.c: scope_hint: In function ‘l2cap_connect’
bluez-5.75/tools/avinfo.c:880:13: warning[-Wanalyzer-fd-phase-mismatch]: ‘connect’ on file descriptor ‘sk’ in wrong phase
# 878| l2a.l2_psm = htobs(AVDTP_PSM);
# 879|
# 880|-> if (connect(sk, (struct sockaddr *) &l2a, sizeof(l2a)) < 0) {
# 881| printf("Connect failed. %s(%d)\n", strerror(errno), errno);
# 882| close(sk);
Error: CLANG_WARNING: [#def209]
bluez-5.75/tools/avtest.c:225:5: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 223| buf[2] = 0x29; /* Unsupported configuration */
# 224| printf("Rejecting discover command\n");
# 225|-> len = write(sk, buf, 3);
# 226| } else {
# 227| struct seid_info *sei = (void *) (buf + 2);
Error: CLANG_WARNING: [#def210]
bluez-5.75/tools/avtest.c:235:5: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 233| sei->media_type = AVDTP_MEDIA_TYPE_AUDIO;
# 234| printf("Accepting discover command\n");
# 235|-> len = write(sk, buf, 4);
# 236| }
# 237| break;
Error: CLANG_WARNING: [#def211]
bluez-5.75/tools/avtest.c:244:5: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 242| buf[2] = 0x29; /* Unsupported configuration */
# 243| printf("Rejecting get capabilties command\n");
# 244|-> len = write(sk, buf, 3);
# 245| } else if (fragment) {
# 246| struct avdtp_start_header *start = (void *) buf;
Error: CLANG_WARNING: [#def212]
bluez-5.75/tools/avtest.c:258:5: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 256| memcpy(&buf[3], media_transport,
# 257| sizeof(media_transport));
# 258|-> len = write(sk, buf,
# 259| 3 + sizeof(media_transport));
# 260|
Error: CLANG_WARNING: [#def213]
bluez-5.75/tools/avtest.c:265:5: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 263| memcpy(&buf[1], media_transport,
# 264| sizeof(media_transport));
# 265|-> len = write(sk, buf,
# 266| 1 + sizeof(media_transport));
# 267|
Error: CLANG_WARNING: [#def214]
bluez-5.75/tools/avtest.c:272:5: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 270| memcpy(&buf[1], media_transport,
# 271| sizeof(media_transport));
# 272|-> len = write(sk, buf,
# 273| 1 + sizeof(media_transport));
# 274| } else {
Error: CLANG_WARNING: [#def215]
bluez-5.75/tools/avtest.c:279:5: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 277| sizeof(media_transport));
# 278| printf("Accepting get capabilities command\n");
# 279|-> len = write(sk, buf,
# 280| 2 + sizeof(media_transport));
# 281| }
Error: CLANG_WARNING: [#def216]
bluez-5.75/tools/avtest.c:291:5: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 289| 0x13; /* SEP In Use */
# 290| printf("Rejecting set configuration command\n");
# 291|-> len = write(sk, buf, 4);
# 292| } else {
# 293| hdr->message_type = AVDTP_MSG_TYPE_ACCEPT;
Error: CLANG_WARNING: [#def217]
bluez-5.75/tools/avtest.c:295:5: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 293| hdr->message_type = AVDTP_MSG_TYPE_ACCEPT;
# 294| printf("Accepting set configuration command\n");
# 295|-> len = write(sk, buf, 2);
# 296| }
# 297| break;
Error: CLANG_WARNING: [#def218]
bluez-5.75/tools/avtest.c:304:5: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 302| buf[2] = 0x12; /* Bad ACP SEID */
# 303| printf("Rejecting get configuration command\n");
# 304|-> len = write(sk, buf, 3);
# 305| } else {
# 306| hdr->message_type = AVDTP_MSG_TYPE_ACCEPT;
Error: CLANG_WARNING: [#def219]
bluez-5.75/tools/avtest.c:308:5: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 306| hdr->message_type = AVDTP_MSG_TYPE_ACCEPT;
# 307| printf("Accepting get configuration command\n");
# 308|-> len = write(sk, buf, 2);
# 309| }
# 310| break;
Error: CLANG_WARNING: [#def220]
bluez-5.75/tools/avtest.c:317:5: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 315| buf[2] = 0x31; /* Bad State */
# 316| printf("Rejecting open command\n");
# 317|-> len = write(sk, buf, 3);
# 318| } else {
# 319| struct sockaddr_l2 addr;
Error: CLANG_WARNING: [#def221]
bluez-5.75/tools/avtest.c:324:5: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 322| hdr->message_type = AVDTP_MSG_TYPE_ACCEPT;
# 323| printf("Accepting open command\n");
# 324|-> len = write(sk, buf, 2);
# 325|
# 326| memset(&addr, 0, sizeof(addr));
Error: CLANG_WARNING: [#def222]
bluez-5.75/tools/avtest.c:346:5: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 344| buf[3] = 0x31; /* Bad State */
# 345| printf("Rejecting start command\n");
# 346|-> len = write(sk, buf, 4);
# 347| } else {
# 348| hdr->message_type = AVDTP_MSG_TYPE_ACCEPT;
Error: CLANG_WARNING: [#def223]
bluez-5.75/tools/avtest.c:350:5: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 348| hdr->message_type = AVDTP_MSG_TYPE_ACCEPT;
# 349| printf("Accepting start command\n");
# 350|-> len = write(sk, buf, 2);
# 351| }
# 352| break;
Error: CLANG_WARNING: [#def224]
bluez-5.75/tools/avtest.c:359:5: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 357| buf[2] = 0x31; /* Bad State */
# 358| printf("Rejecting close command\n");
# 359|-> len = write(sk, buf, 3);
# 360| } else {
# 361| hdr->message_type = AVDTP_MSG_TYPE_ACCEPT;
Error: CLANG_WARNING: [#def225]
bluez-5.75/tools/avtest.c:363:5: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 361| hdr->message_type = AVDTP_MSG_TYPE_ACCEPT;
# 362| printf("Accepting close command\n");
# 363|-> len = write(sk, buf, 2);
# 364| if (media_sock >= 0) {
# 365| close(media_sock);
Error: CLANG_WARNING: [#def226]
bluez-5.75/tools/avtest.c:376:5: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 374| buf[3] = 0x31; /* Bad State */
# 375| printf("Rejecting suspend command\n");
# 376|-> len = write(sk, buf, 4);
# 377| } else {
# 378| hdr->message_type = AVDTP_MSG_TYPE_ACCEPT;
Error: CLANG_WARNING: [#def227]
bluez-5.75/tools/avtest.c:380:5: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 378| hdr->message_type = AVDTP_MSG_TYPE_ACCEPT;
# 379| printf("Accepting suspend command\n");
# 380|-> len = write(sk, buf, 2);
# 381| }
# 382| break;
Error: CLANG_WARNING: [#def228]
bluez-5.75/tools/avtest.c:387:4: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 385| hdr->message_type = AVDTP_MSG_TYPE_ACCEPT;
# 386| printf("Accepting abort command\n");
# 387|-> len = write(sk, buf, 2);
# 388| if (media_sock >= 0) {
# 389| close(media_sock);
Error: CLANG_WARNING: [#def229]
bluez-5.75/tools/avtest.c:397:4: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 395| buf[1] = 0x00;
# 396| printf("Unknown command\n");
# 397|-> len = write(sk, buf, 2);
# 398| break;
# 399| }
Error: GCC_ANALYZER_WARNING (CWE-666): [#def230]
bluez-5.75/tools/avtest.c: scope_hint: In function ‘do_connect’
bluez-5.75/tools/avtest.c:532:15: warning[-Wanalyzer-fd-phase-mismatch]: ‘connect’ on file descriptor ‘sk’ in wrong phase
# 530| addr.l2_psm = htobs(avctp ? 23 : 25);
# 531|
# 532|-> err = connect(sk, (struct sockaddr *) &addr, sizeof(addr));
# 533| if (err < 0) {
# 534| perror("Unable to connect");
Error: CLANG_WARNING: [#def231]
bluez-5.75/tools/avtest.c:562:3: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 560| hdr->packet_type = AVDTP_PKT_TYPE_SINGLE;
# 561| hdr->signal_id = AVDTP_DISCOVER;
# 562|-> len = write(sk, buf, 2);
# 563| break;
# 564|
Error: CLANG_WARNING: [#def232]
bluez-5.75/tools/avtest.c:570:3: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 568| hdr->signal_id = AVDTP_GET_CAPABILITIES;
# 569| buf[2] = 1 << 2; /* SEID 1 */
# 570|-> len = write(sk, buf, invalid ? 2 : 3);
# 571| break;
# 572|
Error: CLANG_WARNING: [#def233]
bluez-5.75/tools/avtest.c:584:3: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 582| if (invalid)
# 583| buf[5] = 0x01; /* LOSC != 0 */
# 584|-> len = write(sk, buf, 4 + sizeof(media_transport));
# 585| break;
# 586|
Error: CLANG_WARNING: [#def234]
bluez-5.75/tools/avtest.c:597:3: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 595| else
# 596| buf[2] = 1 << 2; /* Valid ACP SEID */
# 597|-> len = write(sk, buf, 3);
# 598| break;
# 599|
Error: CLANG_WARNING: [#def235]
bluez-5.75/tools/avtest.c:607:3: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 605| hdr->signal_id = AVDTP_OPEN;
# 606| buf[2] = 1 << 2; /* ACP SEID */
# 607|-> len = write(sk, buf, 3);
# 608| break;
# 609|
Error: CLANG_WARNING: [#def236]
bluez-5.75/tools/avtest.c:619:3: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 617| hdr->signal_id = AVDTP_START;
# 618| buf[2] = 1 << 2; /* ACP SEID */
# 619|-> len = write(sk, buf, 3);
# 620| break;
# 621|
Error: CLANG_WARNING: [#def237]
bluez-5.75/tools/avtest.c:634:3: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 632| else
# 633| buf[2] = 1 << 2; /* Valid ACP SEID */
# 634|-> len = write(sk, buf, 3);
# 635| break;
# 636|
Error: CLANG_WARNING: [#def238]
bluez-5.75/tools/avtest.c:646:3: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 644| hdr->signal_id = AVDTP_SUSPEND;
# 645| buf[2] = 1 << 2; /* ACP SEID */
# 646|-> len = write(sk, buf, 3);
# 647| break;
# 648|
Error: CLANG_WARNING: [#def239]
bluez-5.75/tools/avtest.c:655:3: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 653| hdr->signal_id = AVDTP_ABORT;
# 654| buf[2] = 1 << 2; /* ACP SEID */
# 655|-> len = write(sk, buf, 3);
# 656| break;
# 657|
Error: CLANG_WARNING: [#def240]
bluez-5.75/tools/avtest.c:662:3: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 660| hdr->packet_type = AVDTP_PKT_TYPE_SINGLE;
# 661| hdr->signal_id = cmd;
# 662|-> len = write(sk, buf, 2);
# 663| break;
# 664| }
Error: CLANG_WARNING: [#def241]
bluez-5.75/tools/avtest.c:698:2: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 696| memcpy(&buf[AVCTP_HEADER_LENGTH], play_pressed, sizeof(play_pressed));
# 697|
# 698|-> len = write(sk, buf, AVCTP_HEADER_LENGTH + sizeof(play_pressed));
# 699|
# 700| len = read(sk, buf, sizeof(buf));
Error: GCC_ANALYZER_WARNING (CWE-479): [#def242]
bluez-5.75/tools/bneptest.c: scope_hint: In function ‘exit_handler’
bluez-5.75/tools/bneptest.c:483:9: warning[-Wanalyzer-unsafe-call-within-signal-handler]: call to ‘printf’ from within signal handler
bluez-5.75/tools/bneptest.c:35: included_from: Included from here.
bluez-5.75/src/log.h:60:9: note: in expansion of macro ‘DBG_IDX’
bluez-5.75/tools/bneptest.c:555:9: note: in expansion of macro ‘DBG’
# 481| static void exit_handler(int sig)
# 482| {
# 483|-> printf("got sig = %d, cleaning up...\n", sig);
# 484|
# 485| if (cleanup() < 0)
Error: GCC_ANALYZER_WARNING (CWE-479): [#def243]
bluez-5.75/tools/bneptest.c:490:9: warning[-Wanalyzer-unsafe-call-within-signal-handler]: call to ‘exit’ from within signal handler
bluez-5.75/src/log.h:60:9: note: in expansion of macro ‘DBG_IDX’
bluez-5.75/tools/bneptest.c:555:9: note: in expansion of macro ‘DBG’
bluez-5.75/tools/bneptest.c:490:9: note: ‘_exit’ is a possible signal-safe alternative for ‘exit’
# 488| printf("cleanup successful - exit\n");
# 489|
# 490|-> exit(0);
# 491| }
# 492|
Error: CLANG_WARNING: [#def244]
bluez-5.75/tools/btgatt-client.c:1824:2: warning[deadcode.DeadStores]: Value stored to 'argv' is never read
# 1822|
# 1823| argc -= optind;
# 1824|-> argv += optind;
# 1825| optind = 0;
# 1826|
Error: CLANG_WARNING: [#def245]
bluez-5.75/tools/btgatt-server.c:1212:2: warning[deadcode.DeadStores]: Value stored to 'argv' is never read
# 1210|
# 1211| argc -= optind;
# 1212|-> argv -= optind;
# 1213| optind = 0;
# 1214|
Error: GCC_ANALYZER_WARNING (CWE-775): [#def246]
bluez-5.75/tools/btsnoop.c: scope_hint: In function ‘command_merge’
bluez-5.75/tools/btsnoop.c:260:1: warning[-Wanalyzer-fd-leak]: leak of file descriptor
/usr/include/sys/types.h:176: included_from: Included from here.
/usr/include/stdlib.h:514: included_from: Included from here.
bluez-5.75/tools/btsnoop.c:21: included_from: Included from here.
# 258| for (i = 0; i < num_input; i++)
# 259| close(input_fd[i]);
# 260|-> }
# 261|
# 262| static void command_extract_eir(const char *input)
Error: CLANG_WARNING: [#def247]
bluez-5.75/tools/check-selftest.c:42:3: warning[deadcode.DeadStores]: Value stored to 'ptr' is never read
# 40| char result[32], *ptr;
# 41|
# 42|-> ptr = fgets(result, sizeof(result), fp);
# 43| fclose(fp);
# 44|
Error: CLANG_WARNING: [#def248]
bluez-5.75/tools/ciptool.c:350:7: warning[core.CallAndMessage]: 5th function call argument is an uninitialized value
# 348| psm = atoi(argv[2]);
# 349|
# 350|-> sk = do_connect(ctl, dev_id, &src, &dst, psm, (1 << CMTP_LOOPBACK));
# 351|
# 352| printf("Press CTRL-C for hangup\n");
Error: GCC_ANALYZER_WARNING (CWE-666): [#def249]
bluez-5.75/tools/cltest.c: scope_hint: In function ‘send_message’
bluez-5.75/tools/cltest.c:62:13: warning[-Wanalyzer-fd-phase-mismatch]: ‘connect’ on file descriptor ‘fd’ in wrong phase
bluez-5.75/tools/cltest.c:26: included_from: Included from here.
bluez-5.75/tools/cltest.c:249:33: note: in expansion of macro ‘BDADDR_ANY’
bluez-5.75/tools/cltest.c:250:53: note: in expansion of macro ‘BDADDR_ANY’
# 60| addr.l2_psm = htobs(psm);
# 61|
# 62|-> if (connect(fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
# 63| perror("Failed to connect transmitter socket");
# 64| close(fd);
Error: CLANG_WARNING: [#def250]
bluez-5.75/tools/create-image.c:76:3: warning[deadcode.DeadStores]: Value stored to 'fd' is never read
# 74|
# 75| if (!pathname) {
# 76|-> fd = -1;
# 77| map = NULL;
# 78| st.st_size = 0;
Error: CLANG_WARNING: [#def251]
bluez-5.75/tools/create-image.c:84:3: warning[deadcode.DeadStores]: Value stored to 'fd' is never read
# 82| fd = open(pathname, O_RDONLY | O_CLOEXEC);
# 83| if (fd < 0) {
# 84|-> fd = -1;
# 85| map = NULL;
# 86| st.st_size = 0;
Error: CLANG_WARNING: [#def252]
bluez-5.75/tools/create-image.c:92:3: warning[deadcode.DeadStores]: Value stored to 'fd' is never read
# 90| if (fstat(fd, &st) < 0) {
# 91| close(fd);
# 92|-> fd = -1;
# 93| map = NULL;
# 94| st.st_size = 0;
Error: CLANG_WARNING: [#def253]
bluez-5.75/tools/create-image.c:105:2: warning[deadcode.DeadStores]: Value stored to 'fd' is never read
# 103|
# 104| close(fd);
# 105|-> fd = -1;
# 106|
# 107| done:
Error: GCC_ANALYZER_WARNING (CWE-688): [#def254]
bluez-5.75/tools/create-image.c: scope_hint: In function ‘write_block’
bluez-5.75/tools/create-image.c:108:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘fp’ where non-null expected
bluez-5.75/tools/create-image.c:16: included_from: Included from here.
/usr/include/stdio.h:357:12: note: argument 1 of ‘fprintf’ must be non-null
# 106|
# 107| done:
# 108|-> fprintf(fp, HDR_FMT, HDR_MAGIC, ino, mode, 0, 0, 1, 0,
# 109| (uintmax_t) st.st_size, 0, 0, 0, 0, namelen + 1, 0, name);
# 110|
Error: CLANG_WARNING: [#def255]
bluez-5.75/tools/gatt-service.c:294:2: warning[core.CallAndMessage]: 2nd function call argument is an uninitialized value
# 292| }
# 293|
# 294|-> chr_write(chr, value, len);
# 295|
# 296| g_dbus_pending_property_success(id);
Error: CLANG_WARNING: [#def256]
bluez-5.75/tools/hciattach.c:816:7: warning[deadcode.DeadStores]: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
# 814|
# 815| /* Read reply */
# 816|-> if ((n = read_hci_event(fd, resp, 10)) < 0) {
# 817| fprintf(stderr, "Failed to set baud rate on chip\n");
# 818| return -1;
Error: CLANG_WARNING: [#def257]
bluez-5.75/tools/hciattach.c:864:7: warning[deadcode.DeadStores]: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
# 862|
# 863| /* Read reply */
# 864|-> if ((n = read_hci_event(fd, resp, 4)) < 0) {
# 865| fprintf(stderr, "Failed to reset chip\n");
# 866| return -1;
Error: CLANG_WARNING: [#def258]
bluez-5.75/tools/hciattach.c:886:8: warning[deadcode.DeadStores]: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
# 884|
# 885| /* Read reply */
# 886|-> if ((n = read_hci_event(fd, resp, 10)) < 0) {
# 887| fprintf(stderr, "Failed to set BD_ADDR\n");
# 888| return -1;
Error: CLANG_WARNING: [#def259]
bluez-5.75/tools/hciattach.c:908:7: warning[deadcode.DeadStores]: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
# 906|
# 907| /* Read reply */
# 908|-> if ((n = read_hci_event(fd, resp, 4)) < 0) {
# 909| fprintf(stderr, "Failed to read local version\n");
# 910| return -1;
Error: CLANG_WARNING: [#def260]
bluez-5.75/tools/hciattach.c:929:7: warning[deadcode.DeadStores]: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
# 927|
# 928| /* Read reply */
# 929|-> if ((n = read_hci_event(fd, resp, 4)) < 0) {
# 930| fprintf(stderr, "Failed to read local supported commands\n");
# 931| return -1;
Error: CLANG_WARNING: [#def261]
bluez-5.75/tools/hciattach.c:973:7: warning[deadcode.DeadStores]: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
# 971| }
# 972|
# 973|-> if ((n = read_hci_event(fd, resp, 6)) < 0) {
# 974| fprintf(stderr, "Failed to set baud rate\n");
# 975| return -1;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def262]
bluez-5.75/tools/hciattach.c: scope_hint: In function ‘main’
bluez-5.75/tools/hciattach.c:1321:34: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘u’
# 1319|
# 1320| case 2:
# 1321|-> u->speed = atoi(argv[optind]);
# 1322| break;
# 1323|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def263]
bluez-5.75/tools/hciattach.c:1326:34: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘u’
# 1324| case 3:
# 1325| if (!strcmp("flow", argv[optind]))
# 1326|-> u->flags |= FLOW_CTL;
# 1327| else
# 1328| u->flags &= ~FLOW_CTL;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def264]
bluez-5.75/tools/hciattach.c:1328:34: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘u’
# 1326| u->flags |= FLOW_CTL;
# 1327| else
# 1328|-> u->flags &= ~FLOW_CTL;
# 1329| break;
# 1330|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def265]
bluez-5.75/tools/hciattach.c:1333:39: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘u’
# 1331| case 4:
# 1332| if (!strcmp("sleep", argv[optind]))
# 1333|-> u->pm = ENABLE_PM;
# 1334| else
# 1335| u->pm = DISABLE_PM;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def266]
bluez-5.75/tools/hciattach.c:1335:39: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘u’
# 1333| u->pm = ENABLE_PM;
# 1334| else
# 1335|-> u->pm = DISABLE_PM;
# 1336| break;
# 1337|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def267]
bluez-5.75/tools/hciattach.c:1339:35: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘u’
# 1337|
# 1338| case 5:
# 1339|-> u->bdaddr = argv[optind];
# 1340| break;
# 1341| }
Error: GCC_ANALYZER_WARNING (CWE-775): [#def268]
bluez-5.75/tools/hciattach_qualcomm.c: scope_hint: In function ‘qualcomm_load_firmware’
bluez-5.75/tools/hciattach_qualcomm.c:93:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(firmware, 0)’
bluez-5.75/tools/hciattach_qualcomm.c:95:9: note: in expansion of macro ‘FAILIF’
bluez-5.75/tools/hciattach_qualcomm.c:95:9: note: in expansion of macro ‘FAILIF’
bluez-5.75/tools/hciattach_qualcomm.c:111:17: note: in expansion of macro ‘FAILIF’
# 91| int fw = open(firmware, O_RDONLY);
# 92|
# 93|-> fprintf(stdout, "Opening firmware file: %s\n", firmware);
# 94|
# 95| FAILIF(fw < 0,
Error: GCC_ANALYZER_WARNING (CWE-775): [#def269]
bluez-5.75/tools/hciattach_tialt.c: scope_hint: In function ‘texas_load_firmware’
bluez-5.75/tools/hciattach_tialt.c:95:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(firmware, 0)’
bluez-5.75/tools/hciattach_tialt.c:97:9: note: in expansion of macro ‘FAILIF’
bluez-5.75/tools/hciattach_tialt.c:97:9: note: in expansion of macro ‘FAILIF’
bluez-5.75/tools/hciattach_tialt.c:111:17: note: in expansion of macro ‘FAILIF’
# 93| int fw = open(firmware, O_RDONLY);
# 94|
# 95|-> fprintf(stdout, "Opening firmware file: %s\n", firmware);
# 96|
# 97| FAILIF(fw < 0,
Error: GCC_ANALYZER_WARNING (CWE-401): [#def270]
bluez-5.75/tools/hcidump.c: scope_hint: In function ‘process_frames’
bluez-5.75/tools/hcidump.c:141:24: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
# 139|
# 140| if (sock < 0)
# 141|-> return -1;
# 142|
# 143| if (snap_len < SNAP_LEN)
Error: CLANG_WARNING: [#def271]
bluez-5.75/tools/hcidump.c:180:9: warning[unix.Malloc]: Potential leak of memory pointed to by 'dp'
# 178| for (i = 0; i < nfds; i++) {
# 179| if (fds[i].revents & (POLLHUP | POLLERR | POLLNVAL)) {
# 180|-> if (fds[i].fd == sock)
# 181| printf("device: disconnected\n");
# 182| else
Error: CLANG_WARNING: [#def272]
bluez-5.75/tools/hcidump.c:248:17: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 246| dh->len = htobs(frm.data_len);
# 247| dh->in = frm.in;
# 248|-> dh->ts_sec = htobl(frm.ts.tv_sec);
# 249| dh->ts_usec = htobl(frm.ts.tv_usec);
# 250| }
Error: CLANG_WARNING: [#def273]
bluez-5.75/tools/hcidump.c:326:9: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 324| switch (btsnoop_type) {
# 325| case 1001:
# 326|-> if (be32toh(dp.flags) & 0x02) {
# 327| if (be32toh(dp.flags) & 0x01)
# 328| pkt_type = HCI_EVENT_PKT;
Error: CLANG_WARNING: [#def274]
bluez-5.75/tools/hcidump.c:341:20: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 339|
# 340| case 1002:
# 341|-> frm.data_len = be32toh(dp.len);
# 342| err = read_n(fd, frm.data, frm.data_len);
# 343| break;
Error: CLANG_WARNING: [#def275]
bluez-5.75/tools/hcidump.c:346:14: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 344|
# 345| case 2001:
# 346|-> opcode = be32toh(dp.flags) & 0xffff;
# 347|
# 348| switch (opcode) {
Error: CLANG_WARNING: [#def276]
bluez-5.75/tools/hcidump.c:384:17: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 382| }
# 383| } else {
# 384|-> frm.data_len = btohs(dh.len);
# 385| err = read_n(fd, frm.data, frm.data_len);
# 386| }
Error: CLANG_WARNING: [#def277]
bluez-5.75/tools/hcidump.c:394:11: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 392|
# 393| frm.ptr = frm.data;
# 394|-> frm.len = frm.data_len;
# 395|
# 396| if (parser.flags & DUMP_PKTLOG) {
Error: CLANG_WARNING: [#def278]
bluez-5.75/tools/hcidump.c:398:9: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 396| if (parser.flags & DUMP_PKTLOG) {
# 397| uint64_t ts;
# 398|-> ts = be64toh(ph.ts);
# 399| frm.ts.tv_sec = ts >> 32;
# 400| frm.ts.tv_usec = ts & 0xffffffff;
Error: CLANG_WARNING: [#def279]
bluez-5.75/tools/hcidump.c:403:13: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 401| } else if (parser.flags & DUMP_BTSNOOP) {
# 402| uint64_t ts;
# 403|-> frm.in = be32toh(dp.flags) & 0x01;
# 404| ts = be64toh(dp.ts) - 0x00E03AB44A676000ll;
# 405| frm.ts.tv_sec = (ts / 1000000ll) + 946684800ll;
Error: CLANG_WARNING: [#def280]
bluez-5.75/tools/hcidump.c:408:11: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 406| frm.ts.tv_usec = ts % 1000000ll;
# 407| } else {
# 408|-> frm.in = dh.in;
# 409| frm.ts.tv_sec = btohl(dh.ts_sec);
# 410| frm.ts.tv_usec = btohl(dh.ts_usec);
Error: CLANG_WARNING: [#def281]
bluez-5.75/tools/hcidump.c:437:7: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 435| open_flags = O_RDONLY;
# 436|
# 437|-> fd = open(file, open_flags, 0644);
# 438| if (fd < 0) {
# 439| perror("Can't open dump file");
Error: GCC_ANALYZER_WARNING (CWE-775): [#def282]
bluez-5.75/tools/iso-tester.c: scope_hint: In function ‘create_iso_sock’
bluez-5.75/tools/iso-tester.c:1801:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sk’
# 1799| tester_warn("Can't create socket: %s (%d)", strerror(errno),
# 1800| errno);
# 1801|-> return err;
# 1802| }
# 1803|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def283]
bluez-5.75/tools/iso-tester.c: scope_hint: In function ‘listen_iso_sock’
bluez-5.75/tools/iso-tester.c:2785:26: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘addr’
# 2783| addr = malloc(sizeof(*addr) + sizeof(*addr->iso_bc));
# 2784| memset(addr, 0, sizeof(*addr) + sizeof(*addr->iso_bc));
# 2785|-> addr->iso_family = AF_BLUETOOTH;
# 2786| bacpy(&addr->iso_bdaddr, (void *) src);
# 2787| addr->iso_bdaddr_type = BDADDR_LE_PUBLIC;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def284]
bluez-5.75/tools/isotest.c: scope_hint: In function ‘do_listen’
bluez-5.75/tools/isotest.c:516:26: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘addr’
bluez-5.75/tools/isotest.c:17: included_from: Included from here.
# 514| addr = malloc(sizeof(*addr) + sizeof(*addr->iso_bc));
# 515| memset(addr, 0, sizeof(*addr) + sizeof(*addr->iso_bc));
# 516|-> addr->iso_family = AF_BLUETOOTH;
# 517| bacpy(&addr->iso_bdaddr, mgmt_index != MGMT_INDEX_NONE ?
# 518| &bdaddr : BDADDR_ANY);
Error: GCC_ANALYZER_WARNING (CWE-476): [#def285]
bluez-5.75/tools/isotest.c: scope_hint: In function ‘main’
bluez-5.75/tools/isotest.c:1208:18: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘iso_qos’
# 1206| iso_qos = malloc(sizeof(*iso_qos));
# 1207| /* Default to 16_2_1 */
# 1208|-> *iso_qos = presets[3].qos;
# 1209| inout = true;
# 1210|
Error: GCC_ANALYZER_WARNING (CWE-666): [#def286]
bluez-5.75/tools/l2cap-tester.c: scope_hint: In function ‘connect_l2cap_impl’
bluez-5.75/tools/l2cap-tester.c:1494:15: warning[-Wanalyzer-fd-phase-mismatch]: ‘connect’ on file descriptor ‘sk’ in wrong phase
# 1492| addr.l2_cid = htobs(cid);
# 1493|
# 1494|-> err = connect(sk, (struct sockaddr *) &addr, sizeof(addr));
# 1495| if (err < 0 && !(errno == EAGAIN || errno == EINPROGRESS)) {
# 1496| err = -errno;
Error: GCC_ANALYZER_WARNING (CWE-775): [#def287]
bluez-5.75/tools/l2cap-tester.c: scope_hint: In function ‘l2cap_listen_cb’
bluez-5.75/tools/l2cap-tester.c:2164:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘g_io_channel_unix_get_fd(io)’
# 2162|
# 2163| new_sk = accept(sk, NULL, NULL);
# 2164|-> if (new_sk < 0) {
# 2165| tester_warn("accept failed: %s (%u)", strerror(errno), errno);
# 2166| tester_test_failed();
Error: CPPCHECK_WARNING (CWE-909): [#def288]
bluez-5.75/tools/mesh-cfgclient.c:2041: error[uninitStructMember]: Uninitialized struct member: result.last_seen
# 2039| l_queue_length(devices) + 1);
# 2040| dev = l_malloc(sizeof(struct unprov_device));
# 2041|-> *dev = result;
# 2042|
# 2043| } else if (dev->rssi < result.rssi)
Error: CPPCHECK_WARNING (CWE-909): [#def289]
bluez-5.75/tools/mesh-cfgclient.c:2044: error[uninitStructMember]: Uninitialized struct member: result.last_seen
# 2042|
# 2043| } else if (dev->rssi < result.rssi)
# 2044|-> *dev = result;
# 2045|
# 2046| dev->last_seen = time(NULL);
Error: GCC_ANALYZER_WARNING (CWE-457): [#def290]
bluez-5.75/tools/mesh-gatt/crypto.c: scope_hint: In function ‘mesh_crypto_aes_ccm_encrypt’
bluez-5.75/tools/mesh-gatt/crypto.c:376:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘&mic’
# 374|
# 375| if (out_msg)
# 376|-> memcpy(out_msg + msg_len, mic, mic_size);
# 377|
# 378| if (out_mic) {
Error: GCC_ANALYZER_WARNING (CWE-775): [#def291]
bluez-5.75/tools/mesh-gatt/prov-db.c: scope_hint: In function ‘prov_file_read’
bluez-5.75/tools/mesh-gatt/prov-db.c:56:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(filename, 0)’
# 54|
# 55| fd = open(filename,O_RDONLY);
# 56|-> if (!fd)
# 57| return NULL;
# 58|
Error: CLANG_WARNING: [#def292]
bluez-5.75/tools/meshctl.c:326:19: warning[core.NullDereference]: Access to field 'mesh_devices' results in a dereference of a null pointer (loaded from variable 'default_ctrl')
# 324| static void forget_mesh_devices()
# 325| {
# 326|-> g_list_free_full(default_ctrl->mesh_devices, g_free);
# 327| default_ctrl->mesh_devices = NULL;
# 328| }
Error: CPPCHECK_WARNING (CWE-457): [#def293]
bluez-5.75/tools/meshctl.c:762: warning[uninitvar]: Uninitialized variable: addr
# 760| dbus_message_iter_get_basic(&iter, &addr);
# 761|
# 762|-> bt_shell_printf("Attempting to disconnect from %s\n", addr);
# 763| }
# 764|
Error: CLANG_WARNING: [#def294]
bluez-5.75/tools/meshctl.c:762:2: warning[core.CallAndMessage]: 2nd function call argument is an uninitialized value
# 760| dbus_message_iter_get_basic(&iter, &addr);
# 761|
# 762|-> bt_shell_printf("Attempting to disconnect from %s\n", addr);
# 763| }
# 764|
Error: CLANG_WARNING: [#def295]
bluez-5.75/tools/meshctl.c:1957:2: warning[deadcode.DeadStores]: Value stored to 'len' is never read
# 1955| sprintf(mesh_local_config_filename + len + extra, "%s",
# 1956| "local_node.json");
# 1957|-> len = len + extra + strlen("local_node.json");
# 1958|
# 1959| if (!prov_db_read_local_node(mesh_local_config_filename, true)) {
Error: GCC_ANALYZER_WARNING (CWE-476): [#def296]
/usr/include/glib-2.0/glib/gstring.h:37: included_from: Included from here.
/usr/include/glib-2.0/glib/giochannel.h:36: included_from: Included from here.
/usr/include/glib-2.0/glib.h:56: included_from: Included from here.
bluez-5.75/tools/mpris-proxy.c:26: included_from: Included from here.
bluez-5.75/tools/mpris-proxy.c: scope_hint: In function ‘mpris_busname’
bluez-5.75/tools/mpris-proxy.c:1863:33: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘name’
/usr/include/glib-2.0/glib/gstrfuncs.h:71:29: note: in definition of macro ‘g_ascii_isdigit’
bluez-5.75/tools/mpris-proxy.c:1967:27: note: in expansion of macro ‘g_strdup’
bluez-5.75/tools/mpris-proxy.c:1967:27: note: in expansion of macro ‘g_strdup’
/usr/include/glib-2.0/glib/glist.h:34: included_from: Included from here.
/usr/include/glib-2.0/glib/ghash.h:36: included_from: Included from here.
/usr/include/glib-2.0/glib.h:52: included_from: Included from here.
bluez-5.75/tools/mpris-proxy.c: scope_hint: In function ‘mpris_busname’
/usr/include/glib-2.0/glib/gmem.h:332:57: note: in expansion of macro ‘_G_NEW’
bluez-5.75/tools/mpris-proxy.c:1969:18: note: in expansion of macro ‘g_new0’
/usr/include/glib-2.0/glib/gstrfuncs.h:71:29: note: in definition of macro ‘g_ascii_isdigit’
# 1861| static char *mpris_busname(char *name)
# 1862| {
# 1863|-> if (g_ascii_isdigit(name[0]))
# 1864| return g_strconcat(MPRIS_BUS_NAME, "bt_",
# 1865| g_strcanon(name, A_Z a_z _0_9, '_'), NULL);
Error: CLANG_WARNING: [#def297]
bluez-5.75/tools/obex-server-tool.c:133:13: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 131| data = g_new0(struct transfer_data, 1);
# 132|
# 133|-> data->fd = open(name, O_WRONLY | O_CREAT | O_NOCTTY, 0600);
# 134| if (data->fd < 0) {
# 135| g_printerr("open(%s): %s\n", name, strerror(errno));
Error: GCC_ANALYZER_WARNING (CWE-688): [#def298]
bluez-5.75/tools/obex-server-tool.c: scope_hint: In function ‘handle_put’
bluez-5.75/tools/obex-server-tool.c:133:20: warning[-Wanalyzer-null-argument]: use of NULL ‘name’ where non-null expected
bluez-5.75/tools/obex-server-tool.c:17: included_from: Included from here.
/usr/include/fcntl.h:209:12: note: argument 1 of ‘open’ must be non-null
# 131| data = g_new0(struct transfer_data, 1);
# 132|
# 133|-> data->fd = open(name, O_WRONLY | O_CREAT | O_NOCTTY, 0600);
# 134| if (data->fd < 0) {
# 135| g_printerr("open(%s): %s\n", name, strerror(errno));
Error: CLANG_WARNING: [#def299]
bluez-5.75/tools/obex-server-tool.c:192:13: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 190| data = g_new0(struct transfer_data, 1);
# 191|
# 192|-> data->fd = open(name, O_RDONLY | O_NOCTTY, 0);
# 193| if (data->fd < 0) {
# 194| g_printerr("open(%s): %s\n", name, strerror(errno));
Error: GCC_ANALYZER_WARNING (CWE-688): [#def300]
bluez-5.75/tools/obex-server-tool.c: scope_hint: In function ‘handle_get’
bluez-5.75/tools/obex-server-tool.c:192:20: warning[-Wanalyzer-null-argument]: use of NULL ‘name’ where non-null expected
/usr/include/fcntl.h:209:12: note: argument 1 of ‘open’ must be non-null
# 190| data = g_new0(struct transfer_data, 1);
# 191|
# 192|-> data->fd = open(name, O_RDONLY | O_NOCTTY, 0);
# 193| if (data->fd < 0) {
# 194| g_printerr("open(%s): %s\n", name, strerror(errno));
Error: CLANG_WARNING: [#def301]
bluez-5.75/tools/parser/amp.c:15: included_from: Included from here.
bluez-5.75/tools/parser/parser.h:121:16: warning[core.NullDereference]: Dereference of null pointer
# 119| if (parser.flags & DUMP_VERBOSE) {
# 120| struct tm tm;
# 121|-> time_t t = f->ts.tv_sec;
# 122| localtime_r(&t, &tm);
# 123| printf("%04d-%02d-%02d %02d:%02d:%02d.%06lu ",
Error: CLANG_WARNING: [#def302]
bluez-5.75/tools/parser/parser.h:127:27: warning[core.NullDereference]: Dereference of null pointer
# 125| tm.tm_hour, tm.tm_min, tm.tm_sec, f->ts.tv_usec);
# 126| } else
# 127|-> printf("%8lu.%06lu ", f->ts.tv_sec, f->ts.tv_usec);
# 128| }
# 129| printf("%c ", (f->in ? '>' : '<'));
Error: CLANG_WARNING: [#def303]
bluez-5.75/tools/parser/parser.h:129:18: warning[core.NullDereference]: Access to field 'in' results in a dereference of a null pointer (loaded from variable 'f')
# 127| printf("%8lu.%06lu ", f->ts.tv_sec, f->ts.tv_usec);
# 128| }
# 129|-> printf("%c ", (f->in ? '>' : '<'));
# 130| parser.state = 1;
# 131| } else
Error: GCC_ANALYZER_WARNING (CWE-476): [#def304]
bluez-5.75/tools/parser/amp.c:15: included_from: Included from here.
bluez-5.75/tools/parser/parser.h: scope_hint: In function ‘p_indent’
bluez-5.75/tools/parser/parser.h:129:33: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘f’
# 127| printf("%8lu.%06lu ", f->ts.tv_sec, f->ts.tv_usec);
# 128| }
# 129|-> printf("%c ", (f->in ? '>' : '<'));
# 130| parser.state = 1;
# 131| } else
Error: CLANG_WARNING: [#def305]
bluez-5.75/tools/parser/ppp.c:22: included_from: Included from here.
bluez-5.75/tools/parser/parser.h:156:2: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 154| frm->ptr += 1;
# 155| frm->len -= 1;
# 156|-> return *u8_ptr;
# 157| }
# 158|
Error: CLANG_WARNING: [#def306]
bluez-5.75/tools/parser/ppp.c:108:30: warning[core.UndefinedBinaryOperatorResult]: The left operand of '&' is a garbage value
# 106| dir2str(frm->in), addr, ctrl, frm->len, fcs);
# 107|
# 108|-> if (*((uint8_t *) frm->ptr) & 0x80)
# 109| proto = p_get_u16(frm);
# 110| else
Error: GCC_ANALYZER_WARNING (CWE-1341): [#def307]
bluez-5.75/tools/rctest.c: scope_hint: In function ‘do_listen’
bluez-5.75/tools/rctest.c:436:9: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘sk’
bluez-5.75/tools/rctest.c:18: included_from: Included from here.
# 434|
# 435| error:
# 436|-> close(sk);
# 437| exit(1);
# 438| }
Error: GCC_ANALYZER_WARNING: [#def308]
bluez-5.75/tools/rfcomm-tester.c: scope_hint: In function ‘create_rfcomm_sock’
bluez-5.75/tools/rfcomm-tester.c:404:13: warning[-Wanalyzer-fd-use-without-check]: ‘bind’ on possibly invalid file descriptor ‘sk’
# 402| bacpy(&addr.rc_bdaddr, address);
# 403|
# 404|-> if (bind(sk, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
# 405| close(sk);
# 406| return -1;
Error: GCC_ANALYZER_WARNING (CWE-666): [#def309]
bluez-5.75/tools/rfcomm-tester.c: scope_hint: In function ‘connect_rfcomm_sock’
bluez-5.75/tools/rfcomm-tester.c:422:15: warning[-Wanalyzer-fd-phase-mismatch]: ‘connect’ on file descriptor ‘sk’ in wrong phase
# 420| addr.rc_channel = htobs(channel);
# 421|
# 422|-> err = connect(sk, (struct sockaddr *) &addr, sizeof(addr));
# 423| if (err < 0 && !(errno == EAGAIN || errno == EINPROGRESS))
# 424| return err;
Error: GCC_ANALYZER_WARNING: [#def310]
bluez-5.75/tools/rfcomm-tester.c:422:15: warning[-Wanalyzer-fd-use-without-check]: ‘connect’ on possibly invalid file descriptor ‘sk’
# 420| addr.rc_channel = htobs(channel);
# 421|
# 422|-> err = connect(sk, (struct sockaddr *) &addr, sizeof(addr));
# 423| if (err < 0 && !(errno == EAGAIN || errno == EINPROGRESS))
# 424| return err;
Error: GCC_ANALYZER_WARNING (CWE-775): [#def311]
bluez-5.75/tools/rfcomm-tester.c: scope_hint: In function ‘rfcomm_listen_cb’
bluez-5.75/tools/rfcomm-tester.c:707:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘g_io_channel_unix_get_fd(io)’
# 705|
# 706| new_sk = accept(sk, NULL, NULL);
# 707|-> if (new_sk < 0) {
# 708| tester_test_failed();
# 709| return false;
Error: CLANG_WARNING: [#def312]
bluez-5.75/tools/rfcomm.c:234:3: warning[deadcode.DeadStores]: Value stored to 'i' is never read
# 232| sigaction(SIGPIPE, &sa, NULL);
# 233|
# 234|-> i = execvp(cmdargv[0], cmdargv);
# 235| fprintf(stderr, "Couldn't execute command %s (errno=%d:%s)\n",
# 236| cmdargv[0], errno, strerror(errno));
Error: CLANG_WARNING: [#def313]
bluez-5.75/tools/rfcomm.c:234:7: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 232| sigaction(SIGPIPE, &sa, NULL);
# 233|
# 234|-> i = execvp(cmdargv[0], cmdargv);
# 235| fprintf(stderr, "Couldn't execute command %s (errno=%d:%s)\n",
# 236| cmdargv[0], errno, strerror(errno));
Error: CLANG_WARNING: [#def314]
bluez-5.75/tools/rfcomm.c:354:8: warning[deadcode.DeadStores]: Although the value stored to 'fd' is used in the enclosing expression, the value is never actually read from 'fd'
# 352|
# 353| snprintf(devname, MAXPATHLEN - 1, "/dev/bluetooth/rfcomm/%d", dev);
# 354|-> if ((fd = open(devname, O_RDONLY | O_NOCTTY)) < 0) {
# 355| if (try--) {
# 356| snprintf(devname, MAXPATHLEN - 1, "/dev/rfcomm%d", dev);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def315]
bluez-5.75/tools/rfcomm.c: scope_hint: In function ‘cmd_connect’
bluez-5.75/tools/rfcomm.c:354:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&devname, 256)’
bluez-5.75/tools/rfcomm.c:17: included_from: Included from here.
# 352|
# 353| snprintf(devname, MAXPATHLEN - 1, "/dev/bluetooth/rfcomm/%d", dev);
# 354|-> if ((fd = open(devname, O_RDONLY | O_NOCTTY)) < 0) {
# 355| if (try--) {
# 356| snprintf(devname, MAXPATHLEN - 1, "/dev/rfcomm%d", dev);
Error: CLANG_WARNING: [#def316]
bluez-5.75/tools/rfcomm.c:497:14: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 495| bacpy(&req.src, &laddr.rc_bdaddr);
# 496| bacpy(&req.dst, &raddr.rc_bdaddr);
# 497|-> req.channel = raddr.rc_channel;
# 498|
# 499| dev = ioctl(nsk, RFCOMMCREATEDEV, &req);
Error: CLANG_WARNING: [#def317]
bluez-5.75/tools/rfcomm.c:515:8: warning[deadcode.DeadStores]: Although the value stored to 'fd' is used in the enclosing expression, the value is never actually read from 'fd'
# 513|
# 514| snprintf(devname, MAXPATHLEN - 1, "/dev/bluetooth/rfcomm/%d", dev);
# 515|-> if ((fd = open(devname, O_RDONLY | O_NOCTTY)) < 0) {
# 516| if (try--) {
# 517| snprintf(devname, MAXPATHLEN - 1, "/dev/rfcomm%d", dev);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def318]
bluez-5.75/tools/rfcomm.c: scope_hint: In function ‘cmd_listen’
bluez-5.75/tools/rfcomm.c:515:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&devname, 256)’
# 513|
# 514| snprintf(devname, MAXPATHLEN - 1, "/dev/bluetooth/rfcomm/%d", dev);
# 515|-> if ((fd = open(devname, O_RDONLY | O_NOCTTY)) < 0) {
# 516| if (try--) {
# 517| snprintf(devname, MAXPATHLEN - 1, "/dev/rfcomm%d", dev);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def319]
bluez-5.75/tools/sco-tester.c: scope_hint: In function ‘create_sco_sock’
bluez-5.75/tools/sco-tester.c:570:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sk’
# 568| tester_warn("Can't create socket: %s (%d)", strerror(errno),
# 569| errno);
# 570|-> return err;
# 571| }
# 572|
Error: GCC_ANALYZER_WARNING (CWE-666): [#def320]
bluez-5.75/tools/sco-tester.c: scope_hint: In function ‘connect_sco_sock’
bluez-5.75/tools/sco-tester.c:610:15: warning[-Wanalyzer-fd-phase-mismatch]: ‘connect’ on file descriptor ‘sk’ in wrong phase
# 608| bacpy(&addr.sco_bdaddr, (void *) client_bdaddr);
# 609|
# 610|-> err = connect(sk, (struct sockaddr *) &addr, sizeof(addr));
# 611| if (err < 0 && !(errno == EAGAIN || errno == EINPROGRESS)) {
# 612| err = -errno;
Error: CLANG_WARNING: [#def321]
bluez-5.75/tools/sdptool.c:941:26: warning[unix.MallocSizeof]: Result of 'malloc' is converted to a pointer of type 'uint32_t', which is incompatible with sizeof operand type 'int'
# 939| } else if (!strncasecmp(argv[i], "0x", 2)) {
# 940| /* Int */
# 941|-> uint32_t *value_int = malloc(sizeof(int));
# 942| if (!value_int) {
# 943| ret = -ENOMEM;
Error: CLANG_WARNING: [#def322]
bluez-5.75/tools/sdptool.c:980:4: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 978| for (i = 0; i < argc; i++)
# 979| if (allocArray)
# 980|-> free(allocArray[i]);
# 981|
# 982| free(dtdArray);
Error: CLANG_WARNING: [#def323]
bluez-5.75/tools/sdptool.c:3777:2: warning[unix.Malloc]: Potential leak of memory pointed to by 'si.name'
# 3775| si.name = strdup(argv[0]);
# 3776|
# 3777|-> return add_service(0, &si);
# 3778| }
# 3779|
Error: CLANG_WARNING: [#def324]
bluez-5.75/tools/sdptool.c:4112:4: warning[unix.Malloc]: Potential leak of memory pointed to by 'context.svc'
# 4110| if (!class && !uuid) {
# 4111| printf("Unknown service %s\n", context.svc);
# 4112|-> return -1;
# 4113| }
# 4114| }
Error: CPPCHECK_WARNING (CWE-457): [#def325]
bluez-5.75/tools/test-runner.c:945: warning[uninitvar]: Uninitialized variable: argv
# 943| envp[pos] = NULL;
# 944|
# 945|-> printf("Running command %s\n", cmdname ? cmdname : argv[0]);
# 946|
# 947| pid = fork();
Error: CLANG_WARNING: [#def326]
bluez-5.75/tools/test-runner.c:945:2: warning[core.CallAndMessage]: 2nd function call argument is an uninitialized value
# 943| envp[pos] = NULL;
# 944|
# 945|-> printf("Running command %s\n", cmdname ? cmdname : argv[0]);
# 946|
# 947| pid = fork();
Scan Properties
| analyzer-version-clang | 18.1.3 |
| analyzer-version-cppcheck | 2.13.0 |
| analyzer-version-gcc | 14.0.1 |
| analyzer-version-gcc-analyzer | 14.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| enabled-plugins | clang, cppcheck, gcc, shellcheck |
| exit-code | 0 |
| host | ip-172-16-1-187.us-west-2.compute.internal |
| mock-config | fedora-41-x86_64 |
| project-name | bluez-5.75-1.fc41 |
| store-results-to | /tmp/tmpm8gqi9gz/bluez-5.75-1.fc41.tar.xz |
| time-created | 2024-04-22 10:50:29 |
| time-finished | 2024-04-22 10:56:17 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmpm8gqi9gz/bluez-5.75-1.fc41.tar.xz' '--gcc-analyze' '/tmp/tmpm8gqi9gz/bluez-5.75-1.fc41.src.rpm' |
| tool-version | csmock-3.5.3-1.el9 |