curl-8.7.1-1.fc41
List of Defects
Error: SHELLCHECK_WARNING (CWE-563): [#def1]
/usr/bin/curl-config:27:1: warning[SC2034]: exec_prefix appears unused. Verify use (or export if used externally).
# 25|
# 26| prefix="/usr"
# 27|-> exec_prefix=/usr
# 28| includedir=/usr/include
# 29| cppflag_curl_staticlib=
Error: SHELLCHECK_WARNING (CWE-563): [#def2]
/usr/bin/curl-config:28:1: warning[SC2034]: includedir appears unused. Verify use (or export if used externally).
# 26| prefix="/usr"
# 27| exec_prefix=/usr
# 28|-> includedir=/usr/include
# 29| cppflag_curl_staticlib=
# 30|
Error: SHELLCHECK_WARNING (CWE-563): [#def3]
/usr/bin/curl-config:68:8: warning[SC2034]: value appears unused. Verify use (or export if used externally).
# 66| # [not currently used]
# 67| -*=*) value=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
# 68|-> *) value= ;;
# 69| esac
# 70|
Error: GCC_ANALYZER_WARNING (CWE-835): [#def4]
curl-8.7.1/lib/bufq.c: scope_hint: In function 'Curl_bufq_skip'
curl-8.7.1/lib/bufq.c:506:16: warning[-Wanalyzer-infinite-loop]: infinite loop
curl-8.7.1/lib/bufq.c: scope_hint: In function 'Curl_bufq_skip'
curl-8.7.1/lib/bufq.c: scope_hint: In function 'Curl_bufq_skip'
# 504| size_t n;
# 505|
# 506|-> while(amount && q->head) {
# 507| n = chunk_skip(q->head, amount);
# 508| amount -= n;
Error: CLANG_WARNING: [#def5]
curl-8.7.1/lib/cf-h2-proxy.c:865:5: warning[deadcode.DeadStores]: Value stored to 'nwritten' is never read
# 863| if(result != CURLE_AGAIN)
# 864| return NGHTTP2_ERR_CALLBACK_FAILURE;
# 865|-> nwritten = 0;
# 866| }
# 867| DEBUGASSERT((size_t)nwritten == len);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def6]
curl-8.7.1/lib/cf-socket.c: scope_hint: In function 'bindlocal'
curl-8.7.1/lib/cf-socket.c:431:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor '*ctx.sock'
curl-8.7.1/lib/sendf.h:29: included_from: Included from here.
curl-8.7.1/lib/cf-socket.c:58: included_from: Included from here.
curl-8.7.1/lib/cf-socket.c:997:5: note: in expansion of macro 'infof'
curl-8.7.1/lib/curl_trc.h:75:11: note: in expansion of macro 'Curl_trc_is_verbose'
curl-8.7.1/lib/cf-socket.c:997:5: note: in expansion of macro 'infof'
# 429| if(!dev && !port)
# 430| /* no local kind of binding was requested */
# 431|-> return CURLE_OK;
# 432|
# 433| memset(&sa, 0, sizeof(struct Curl_sockaddr_storage));
Error: GCC_ANALYZER_WARNING (CWE-476): [#def7]
curl-8.7.1/lib/conncache.c: scope_hint: In function 'Curl_conncache_add_conn'
curl-8.7.1/lib/conncache.c:243:30: warning[-Wanalyzer-null-dereference]: dereference of NULL 'connc'
# 241|
# 242| bundle_add_conn(bundle, conn);
# 243|-> conn->connection_id = connc->next_connection_id++;
# 244| connc->num_conn++;
# 245|
Error: GCC_ANALYZER_WARNING (CWE-775): [#def8]
curl-8.7.1/lib/file.c: scope_hint: In function 'file_connect'
curl-8.7.1/lib/file.c:244:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor '**data.req.p.file.fd'
curl-8.7.1/lib/file.c:236:8: note: in expansion of macro 'open_readonly'
curl-8.7.1/lib/file.c:236:8: note: in expansion of macro 'open_readonly'
# 242|
# 243| file->fd = fd;
# 244|-> if(!data->state.upload && (fd == -1)) {
# 245| failf(data, "Couldn't open file %s", data->state.up.path);
# 246| file_done(data, CURLE_FILE_COULDNT_READ_FILE, FALSE);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def9]
curl-8.7.1/lib/file.c:244:26: warning[-Wanalyzer-fd-leak]: leak of file descriptor '**data.req.p.file.fd'
curl-8.7.1/lib/file.c:236:8: note: in expansion of macro 'open_readonly'
curl-8.7.1/lib/file.c:236:8: note: in expansion of macro 'open_readonly'
# 242|
# 243| file->fd = fd;
# 244|-> if(!data->state.upload && (fd == -1)) {
# 245| failf(data, "Couldn't open file %s", data->state.up.path);
# 246| file_done(data, CURLE_FILE_COULDNT_READ_FILE, FALSE);
Error: CPPCHECK_WARNING (CWE-457): [#def10]
curl-8.7.1/lib/ftp.c:756: warning[uninitvar]: Uninitialized variable: *ftpcode
# 754| *nreadp = 0;
# 755|
# 756|-> while(!*ftpcode && !result) {
# 757| /* check and reset timeout value every lap */
# 758| timediff_t timeout = Curl_pp_state_timeout(data, pp, FALSE);
Error: GCC_ANALYZER_WARNING (CWE-476): [#def11]
curl-8.7.1/lib/http2.c: scope_hint: In function 'nw_in_reader'
curl-8.7.1/lib/http2.c:350:10: warning[-Wanalyzer-null-dereference]: dereference of NULL 'reader_ctx'
curl-8.7.1/lib/http2.c:42: included_from: Included from here.
curl-8.7.1/lib/http2.c:348:28: note: in expansion of macro 'CF_DATA_CURRENT'
# 348| struct Curl_easy *data = CF_DATA_CURRENT(cf);
# 349|
# 350|-> return Curl_conn_cf_recv(cf->next, data, (char *)buf, buflen, err);
# 351| }
# 352|
Error: GCC_ANALYZER_WARNING (CWE-126): [#def12]
curl-8.7.1/lib/http2.c: scope_hint: In function 'curl_pushheader_byname'
curl-8.7.1/lib/http2.c:744:30: warning[-Wanalyzer-out-of-bounds]: buffer over-read
curl-8.7.1/lib/http2.c:744:30: note: read of 1 byte from after the end of '":scheme"'
curl-8.7.1/lib/http2.c:744:30: note: valid subscripts for '":scheme"' are '[0]' to '[7]'
# └────────────────────────────────────────────────────────────┘
# ^ ^ ^ ^ ^ ^ ^ ^
curl-8.7.1/lib/curl_setup_once.h:34: included_from: Included from here.
curl-8.7.1/lib/curl_setup.h:737: included_from: Included from here.
curl-8.7.1/lib/http2.c:25: included_from: Included from here.
/usr/include/string.h:246:14: note: argument 1 of 'strchr' must be a pointer to a null-terminated string
# 742| this is because we do prefix match.*/
# 743| if(!h || !GOOD_EASY_HANDLE(h->data) || !header || !header[0] ||
# 744|-> !strcmp(header, ":") || strchr(header + 1, ':'))
# 745| return NULL;
# 746|
Error: CLANG_WARNING: [#def13]
curl-8.7.1/lib/http2.c:2248:8: warning[core.NullDereference]: Access to field 'closed' results in a dereference of a null pointer (loaded from variable 'stream')
# 2246| /* nghttp2 thinks this session is done. If the stream has not been
# 2247| * closed, this is an error state for out transfer */
# 2248|-> if(stream->closed) {
# 2249| nwritten = http2_handle_stream_close(cf, data, stream, err);
# 2250| }
Error: CLANG_WARNING: [#def14]
curl-8.7.1/lib/http2.c:2352:5: warning[deadcode.DeadStores]: Value stored to 'result' is never read
# 2350| result = h2_progress_egress(cf, data);
# 2351| if(result == CURLE_AGAIN)
# 2352|-> result = CURLE_OK;
# 2353| else if(result)
# 2354| goto out;
Error: GCC_ANALYZER_WARNING (CWE-126): [#def15]
curl-8.7.1/lib/http_negotiate.c: scope_hint: In function 'Curl_input_negotiate'
curl-8.7.1/lib/http_negotiate.c:90:9: warning[-Wanalyzer-out-of-bounds]: buffer over-read
curl-8.7.1/lib/http_negotiate.c:90:9: note: read of 9 bytes from after the end of '"Negotiate"'
curl-8.7.1/lib/http_negotiate.c:90:9: note: valid subscripts for '"Negotiate"' are '[0]' to '[9]'
# └─────────────────────────────────┘
# ^ ^
curl-8.7.1/lib/curl_setup_once.h:34: included_from: Included from here.
curl-8.7.1/lib/curl_setup.h:737: included_from: Included from here.
curl-8.7.1/lib/http_negotiate.c:25: included_from: Included from here.
/usr/include/string.h:407:15: note: argument 1 of 'strlen' must be a pointer to a null-terminated string
# 88| header++;
# 89|
# 90|-> len = strlen(header);
# 91| neg_ctx->havenegdata = len != 0;
# 92| if(!len) {
Error: CPPCHECK_WARNING (CWE-758): [#def16]
curl-8.7.1/lib/imap.c:1968: error[objectIndex]: The address of local variable 'path' is accessed at non-zero index.
# 1966| /* Remove the trailing slash if present */
# 1967| const char *end = ptr;
# 1968|-> if(end > begin && end[-1] == '/')
# 1969| end--;
# 1970|
Error: GCC_ANALYZER_WARNING (CWE-457): [#def17]
curl-8.7.1/lib/mprintf.c: scope_hint: In function 'formatf'
curl-8.7.1/lib/mprintf.c:704:42: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'input[<unknown>].val.nums'
# 702| /* pick up the specified width */
# 703| if(flags & FLAGS_WIDTHPARAM) {
# 704|-> width = (int)input[optr->width].val.nums;
# 705| if(width < 0) {
# 706| /* "A negative field width is taken as a '-' flag followed by a
Error: GCC_ANALYZER_WARNING (CWE-457): [#def18]
curl-8.7.1/lib/mprintf.c:721:45: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'input[<unknown>].val.nums'
# 719| /* pick up the specified precision */
# 720| if(flags & FLAGS_PRECPARAM) {
# 721|-> prec = (int)input[optr->precision].val.nums;
# 722| if(prec < 0)
# 723| /* "A negative precision is taken as if the precision were
Error: GCC_ANALYZER_WARNING (CWE-457): [#def19]
curl-8.7.1/lib/mprintf.c:735:16: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'input[<unknown>].type'
# 733| iptr = &input[optr->input];
# 734|
# 735|-> switch(iptr->type) {
# 736| case FORMAT_INTU:
# 737| case FORMAT_LONGU:
Error: GCC_ANALYZER_WARNING (CWE-476): [#def20]
curl-8.7.1/lib/sendf.c: scope_hint: In function 'Curl_creader_set_fread'
curl-8.7.1/lib/sendf.c:1058:7: warning[-Wanalyzer-null-dereference]: dereference of NULL 'r'
# 1056| if(result)
# 1057| return result;
# 1058|-> ctx = r->ctx;
# 1059| ctx->total_len = len;
# 1060|
Error: CPPCHECK_WARNING (CWE-457): [#def21]
curl-8.7.1/lib/sigpipe.h:68: warning[uninitvar]: Uninitialized variable: ig->no_signal
# 66| static void sigpipe_restore(struct sigpipe_ignore *ig)
# 67| {
# 68|-> if(!ig->no_signal)
# 69| /* restore the outside state */
# 70| sigaction(SIGPIPE, &ig->old_pipe_act, NULL);
Error: CLANG_WARNING: [#def22]
curl-8.7.1/lib/smtp.c:1892:5: warning[deadcode.DeadStores]: Value stored to 'result' is never read
# 1890| *peos = FALSE;
# 1891| if(!Curl_bufq_is_empty(&ctx->buf)) {
# 1892|-> result = Curl_bufq_cread(&ctx->buf, buf, blen, pnread);
# 1893| }
# 1894| else
Error: CLANG_WARNING: [#def23]
curl-8.7.1/lib/ws.c:985:7: warning[deadcode.DeadStores]: Value stored to 'done' is never read
# 983| continue; /* nothing written, try more input */
# 984| }
# 985|-> done = TRUE;
# 986| break;
# 987| }
Error: CLANG_WARNING: [#def24]
curl-8.7.1/lib/ws.c:995:7: warning[deadcode.DeadStores]: Value stored to 'done' is never read
# 993| * There are frames like PING were we auto-respond to and
# 994| * that we do not return. For these `ctx.written` is not set. */
# 995|-> done = TRUE;
# 996| break;
# 997| }
Error: GCC_ANALYZER_WARNING (CWE-775): [#def25]
curl-8.7.1/src/tool_cb_dbg.c: scope_hint: In function ‘tool_debug_cb’
curl-8.7.1/src/tool_cb_dbg.c:143:29: warning[-Wanalyzer-file-leak]: leak of FILE ‘*config.trace_stream’
# 141| else {
# 142| config->trace_stream = fopen(config->trace_dump, FOPEN_WRITETEXT);
# 143|-> config->trace_fopened = TRUE;
# 144| }
# 145| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def26]
curl-8.7.1/src/tool_cb_dbg.c:143:29: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.trace_stream’
# 141| else {
# 142| config->trace_stream = fopen(config->trace_dump, FOPEN_WRITETEXT);
# 143|-> config->trace_fopened = TRUE;
# 144| }
# 145| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def27]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.altsvc’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def28]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.aws_sigv4’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def29]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.cipher13_list’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def30]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.cipher_list’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def31]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.cookiejar’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def32]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.dns_interface’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def33]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.dns_ipv4_addr’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def34]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.dns_ipv6_addr’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def35]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.dns_servers’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def36]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.doh_url’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def37]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.ftp_account’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def38]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.ftp_alternative_to_user’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def39]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.haproxy_clientip’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def40]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.headerfile’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def41]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.hsts’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def42]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.iface’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def43]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.ipfs_gateway’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def44]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.krblevel’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def45]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.mail_auth’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def46]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.mail_from’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def47]
curl-8.7.1/src/tool_getparam.c: scope_hint: In function ‘getstr’
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.noproxy’
curl-8.7.1/lib/curlx.h:58: included_from: Included from here.
curl-8.7.1/src/tool_getparam.c:30: included_from: Included from here.
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def48]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.oauth_bearer’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def49]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.proto_default’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def50]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.proxy_cipher13_list’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def51]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.proxy_service_name’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def52]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.proxy’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def53]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.sasl_authzid’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def54]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.service_name’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def55]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.unix_socket_path’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def56]
curl-8.7.1/src/tool_getparam.c:68:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.useragent’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 66|
# 67| *str = strdup(val);
# 68|-> if(!*str)
# 69| return PARAM_NO_MEM;
# 70| }
Error: GCC_ANALYZER_WARNING (CWE-457): [#def57]
curl-8.7.1/src/tool_getparam.c: scope_hint: In function ‘url_query’
curl-8.7.1/src/tool_getparam.c:1050:25: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘query’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 1048| if(!err) {
# 1049| if(config->query) {
# 1050|-> CURLcode result = curlx_dyn_addf(&dyn, "%s&%s", config->query, query);
# 1051| free(query);
# 1052| if(result)
Error: GCC_ANALYZER_WARNING (CWE-457): [#def58]
curl-8.7.1/src/tool_getparam.c:1060:21: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘query’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 1058| }
# 1059| else
# 1060|-> config->query = query;
# 1061| }
# 1062| return err;
Error: GCC_ANALYZER_WARNING (CWE-401): [#def59]
curl-8.7.1/src/tool_getparam.c:1062:10: warning[-Wanalyzer-malloc-leak]: leak of ‘query’
curl-8.7.1/lib/curl_multibyte.h:72:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’
# 1060| config->query = query;
# 1061| }
# 1062|-> return err;
# 1063| }
# 1064|
Error: CPPCHECK_WARNING (CWE-457): [#def60]
curl-8.7.1/src/tool_getparam.c:1263: warning[uninitvar]: Uninitialized variables: &key.desc, &key.letter, &key.cmd
# 1261| key.lname = word;
# 1262|
# 1263|-> a = bsearch(&key, aliases, sizeof(aliases)/sizeof(aliases[0]),
# 1264| sizeof(aliases[0]), findarg);
# 1265| if(a) {
Error: GCC_ANALYZER_WARNING (CWE-775): [#def61]
curl-8.7.1/src/tool_main.c:99:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd[0]’
# 97| (fcntl(STDERR_FILENO, F_GETFD) == -1))
# 98| if(pipe(fd))
# 99|-> return 1;
# 100| return 0;
# 101| }
Error: GCC_ANALYZER_WARNING (CWE-775): [#def62]
curl-8.7.1/src/tool_main.c: scope_hint: In function ‘main_checkfds’
curl-8.7.1/src/tool_main.c:99:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd[1]’
# 97| (fcntl(STDERR_FILENO, F_GETFD) == -1))
# 98| if(pipe(fd))
# 99|-> return 1;
# 100| return 0;
# 101| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def63]
curl-8.7.1/src/tool_operate.c: scope_hint: In function ‘transfer_per_config’
curl-8.7.1/src/tool_operate.c:2591:11: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.cacert’
curl-8.7.1/include/curl/curl.h:3227: included_from: Included from here.
curl-8.7.1/src/tool_setup.h:46: included_from: Included from here.
curl-8.7.1/src/tool_operate.c:24: included_from: Included from here.
curl-8.7.1/src/tool_operate.c:2776:11: note: in expansion of macro ‘curl_share_setopt’
curl-8.7.1/src/tool_operate.c:50: included_from: Included from here.
curl-8.7.1/src/tool_operate.c:2588:13: note: in expansion of macro ‘curlx_getenv’
# 2589| if(env) {
# 2590| config->cacert = strdup(env);
# 2591|-> if(!config->cacert) {
# 2592| curl_free(env);
# 2593| curl_easy_cleanup(curltls);
Error: GCC_ANALYZER_WARNING (CWE-401): [#def64]
curl-8.7.1/src/tool_operate.c:2602:13: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.capath’
curl-8.7.1/src/tool_operate.c:2776:11: note: in expansion of macro ‘curl_share_setopt’
curl-8.7.1/src/tool_operate.c:2588:13: note: in expansion of macro ‘curlx_getenv’
curl-8.7.1/src/tool_operate.c:2599:15: note: in expansion of macro ‘curlx_getenv’
# 2600| if(env) {
# 2601| config->capath = strdup(env);
# 2602|-> if(!config->capath) {
# 2603| curl_free(env);
# 2604| curl_easy_cleanup(curltls);
Error: GCC_ANALYZER_WARNING (CWE-401): [#def65]
curl-8.7.1/src/tool_operate.c:2614:13: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.cacert’
curl-8.7.1/src/tool_operate.c:2776:11: note: in expansion of macro ‘curl_share_setopt’
curl-8.7.1/src/tool_operate.c:2588:13: note: in expansion of macro ‘curlx_getenv’
curl-8.7.1/src/tool_operate.c:2599:15: note: in expansion of macro ‘curlx_getenv’
curl-8.7.1/src/tool_operate.c:2611:15: note: in expansion of macro ‘curlx_getenv’
# 2612| if(env) {
# 2613| config->cacert = strdup(env);
# 2614|-> if(!config->cacert) {
# 2615| curl_free(env);
# 2616| if(capath_from_env)
Error: GCC_ANALYZER_WARNING (CWE-688): [#def66]
curl-8.7.1/src/tool_writeout.c: scope_hint: In function ‘writeString’
curl-8.7.1/src/tool_writeout.c:410:7: warning[-Wanalyzer-null-argument]: use of NULL ‘strinfo’ where non-null expected
curl-8.7.1/lib/curl_setup.h:376: included_from: Included from here.
curl-8.7.1/src/tool_setup.h:38: included_from: Included from here.
curl-8.7.1/src/tool_writeout.c:24: included_from: Included from here.
/usr/include/stdio.h:717:12: note: argument 1 of ‘fputs’ must be non-null
# 408| }
# 409| else
# 410|-> fputs(strinfo, stream);
# 411| }
# 412| else {
Error: GCC_ANALYZER_WARNING (CWE-476): [#def67]
curl-8.7.1/src/var.c: scope_hint: In function ‘varexpand’
curl-8.7.1/src/var.c:221:29: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘envp’
# 219| do {
# 220| envp = strstr(line, "{{");
# 221|-> if((envp > line) && envp[-1] == '\\') {
# 222| /* preceding backslash, we want this verbatim */
# 223|
Scan Properties
| analyzer-version-clang | 18.1.3 |
| analyzer-version-cppcheck | 2.13.0 |
| analyzer-version-gcc | 14.0.1 |
| analyzer-version-gcc-analyzer | 14.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| enabled-plugins | clang, cppcheck, gcc, shellcheck |
| exit-code | 0 |
| host | ip-172-16-1-113.us-west-2.compute.internal |
| mock-config | fedora-41-x86_64 |
| project-name | curl-8.7.1-1.fc41 |
| store-results-to | /tmp/tmp2yk1xhxm/curl-8.7.1-1.fc41.tar.xz |
| time-created | 2024-04-22 10:54:15 |
| time-finished | 2024-04-22 10:59:03 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmp2yk1xhxm/curl-8.7.1-1.fc41.tar.xz' '--gcc-analyze' '/tmp/tmp2yk1xhxm/curl-8.7.1-1.fc41.src.rpm' |
| tool-version | csmock-3.5.3-1.el9 |