gnupg2-2.4.5-1.fc41
List of Defects
Error: SHELLCHECK_WARNING (CWE-758): [#def1]
/etc/profile.d/gnupg2.sh:1:1: error[SC2148]: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
# 1|-> export GPG_TTY=$(tty)
Error: SHELLCHECK_WARNING (CWE-571): [#def2]
/etc/profile.d/gnupg2.sh:1:8: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 1|-> export GPG_TTY=$(tty)
Error: SHELLCHECK_WARNING (CWE-569): [#def3]
/usr/sbin/addgnupghome:118:13: warning[SC2048]: Use "$@" (with quotes) to prevent whitespace problems.
# 116| fi
# 117|
# 118|-> for name in $*; do
# 119| one_user $name
# 120| done
Error: SHELLCHECK_WARNING (CWE-477): [#def4]
/usr/sbin/applygnupgdefaults:34:23: warning[SC2166]: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
# 32| cleanup ()
# 33| {
# 34|-> [ -n "$errorfile" -a -f "$errorfile" ] && rm "$errorfile"
# 35| }
# 36| trap cleanup EXIT SIGINT SIGHUP SIGPIPE
Error: SHELLCHECK_WARNING: [#def5]
/usr/sbin/applygnupgdefaults:36:19: warning[SC3048]: In POSIX sh, prefixing signal names with 'SIG' is undefined.
# 34| [ -n "$errorfile" -a -f "$errorfile" ] && rm "$errorfile"
# 35| }
# 36|-> trap cleanup EXIT SIGINT SIGHUP SIGPIPE
# 37| errorfile=$(mktemp "/tmp/$PGM.log.XXXXXX")
# 38| [ -n "$errorfile" -a -f "$errorfile" ] || exit 2
Error: SHELLCHECK_WARNING: [#def6]
/usr/sbin/applygnupgdefaults:36:26: warning[SC3048]: In POSIX sh, prefixing signal names with 'SIG' is undefined.
# 34| [ -n "$errorfile" -a -f "$errorfile" ] && rm "$errorfile"
# 35| }
# 36|-> trap cleanup EXIT SIGINT SIGHUP SIGPIPE
# 37| errorfile=$(mktemp "/tmp/$PGM.log.XXXXXX")
# 38| [ -n "$errorfile" -a -f "$errorfile" ] || exit 2
Error: SHELLCHECK_WARNING: [#def7]
/usr/sbin/applygnupgdefaults:36:33: warning[SC3048]: In POSIX sh, prefixing signal names with 'SIG' is undefined.
# 34| [ -n "$errorfile" -a -f "$errorfile" ] && rm "$errorfile"
# 35| }
# 36|-> trap cleanup EXIT SIGINT SIGHUP SIGPIPE
# 37| errorfile=$(mktemp "/tmp/$PGM.log.XXXXXX")
# 38| [ -n "$errorfile" -a -f "$errorfile" ] || exit 2
Error: SHELLCHECK_WARNING (CWE-477): [#def8]
/usr/sbin/applygnupgdefaults:38:19: warning[SC2166]: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
# 36| trap cleanup EXIT SIGINT SIGHUP SIGPIPE
# 37| errorfile=$(mktemp "/tmp/$PGM.log.XXXXXX")
# 38|-> [ -n "$errorfile" -a -f "$errorfile" ] || exit 2
# 39|
# 40| # Check whether we can use getent
Error: SHELLCHECK_WARNING (CWE-156): [#def9]
/usr/sbin/applygnupgdefaults:57:6: warning[SC2046]: Quote this to prevent word splitting.
# 55| fi
# 56|
# 57|-> if [ $(id -u) -ne 0 ]; then
# 58| error "needs to be run as root"
# 59| exit 1
Error: SHELLCHECK_WARNING (CWE-563): [#def10]
/usr/sbin/applygnupgdefaults:63:30: warning[SC2034]: dmy_a appears unused. Verify use (or export if used externally).
# 61|
# 62| ${cat_passwd} \
# 63|-> | while IFS=: read -r user dmy_a uid dmy_c dmy_d home shell dmy_rest; do
# 64| # Process only entries with a valid login shell
# 65| grep </etc/shells "^$shell" 2>/dev/null >/dev/null || continue
Error: SHELLCHECK_WARNING (CWE-563): [#def11]
/usr/sbin/applygnupgdefaults:63:40: warning[SC2034]: dmy_c appears unused. Verify use (or export if used externally).
# 61|
# 62| ${cat_passwd} \
# 63|-> | while IFS=: read -r user dmy_a uid dmy_c dmy_d home shell dmy_rest; do
# 64| # Process only entries with a valid login shell
# 65| grep </etc/shells "^$shell" 2>/dev/null >/dev/null || continue
Error: SHELLCHECK_WARNING (CWE-563): [#def12]
/usr/sbin/applygnupgdefaults:63:46: warning[SC2034]: dmy_d appears unused. Verify use (or export if used externally).
# 61|
# 62| ${cat_passwd} \
# 63|-> | while IFS=: read -r user dmy_a uid dmy_c dmy_d home shell dmy_rest; do
# 64| # Process only entries with a valid login shell
# 65| grep </etc/shells "^$shell" 2>/dev/null >/dev/null || continue
Error: SHELLCHECK_WARNING (CWE-563): [#def13]
/usr/sbin/applygnupgdefaults:63:63: warning[SC2034]: dmy_rest appears unused. Verify use (or export if used externally).
# 61|
# 62| ${cat_passwd} \
# 63|-> | while IFS=: read -r user dmy_a uid dmy_c dmy_d home shell dmy_rest; do
# 64| # Process only entries with a valid login shell
# 65| grep </etc/shells "^$shell" 2>/dev/null >/dev/null || continue
Error: SHELLCHECK_WARNING (CWE-569): [#def14]
/usr/share/doc/gnupg2/examples/scd-event:65:7: warning[SC2221]: This pattern always overrides a later one on line 71.
# 63| prev=new_code
# 64| ;;
# 65|-> --new-code=*)
# 66| new_code="$optarg"
# 67| ;;
Error: SHELLCHECK_WARNING (CWE-569): [#def15]
/usr/share/doc/gnupg2/examples/scd-event:71:7: warning[SC2222]: This pattern never matches because of a previous pattern on line 65.
# 69| prev=status
# 70| ;;
# 71|-> --new-code=*)
# 72| status="$optarg"
# 73| ;;
Error: CLANG_WARNING: [#def16]
gnupg-2.4.5/agent/call-pinentry.c:859:19: warning[deadcode.DeadStores]: Although the value stored to 'nbytes' is used in the enclosing expression, the value is never actually read from 'nbytes'
# 857| {
# 858| unsigned int nbits = DEFAULT_GENPIN_BITS;
# 859|-> size_t nbytes = nbytes = (nbits + 7) / 8;
# 860| void *rand;
# 861| char *generated;
Error: CLANG_WARNING: [#def17]
gnupg-2.4.5/agent/call-pinentry.c:975:13: warning[deadcode.DeadStores]: Although the value stored to 's' is used in the enclosing expression, the value is never actually read from 's'
# 973| }
# 974| }
# 975|-> else if ((s = has_leading_keyword (line, "GENPIN")))
# 976| {
# 977| int wasconf;
Error: GCC_ANALYZER_WARNING (CWE-457): [#def18]
gnupg-2.4.5/agent/call-pinentry.c: scope_hint: In function ‘watch_sock_end’
gnupg-2.4.5/agent/call-pinentry.c:1367:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*thread_p’
gnupg-2.4.5/agent/agent.h:28: included_from: Included from here.
gnupg-2.4.5/agent/call-pinentry.c:37: included_from: Included from here.
# 1365|
# 1366| *sock_p = GNUPG_INVALID_FD;
# 1367|-> err = npth_join (*thread_p, NULL);
# 1368| if (err)
# 1369| log_error ("watch_sock_end: error joining thread: %s\n", strerror (err));
Error: CLANG_WARNING: [#def19]
gnupg-2.4.5/agent/call-pinentry.c:1367:9: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 1365|
# 1366| *sock_p = GNUPG_INVALID_FD;
# 1367|-> err = npth_join (*thread_p, NULL);
# 1368| if (err)
# 1369| log_error ("watch_sock_end: error joining thread: %s\n", strerror (err));
Error: CLANG_WARNING: [#def20]
gnupg-2.4.5/agent/call-pinentry.c:1555:13: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 1553| NULL, NULL, NULL, NULL, NULL, NULL);
# 1554| if (rc)
# 1555|-> rc = 0; /* Pinentry does not support it. */
# 1556| }
# 1557|
Error: CLANG_WARNING: [#def21]
gnupg-2.4.5/agent/call-pinentry.c:1825:13: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 1823| NULL, NULL, NULL, NULL, NULL, NULL);
# 1824| if (rc)
# 1825|-> rc = 0; /* Pinentry does not support it. */
# 1826| }
# 1827|
Error: CLANG_WARNING: [#def22]
gnupg-2.4.5/agent/call-scd.c:400:13: warning[deadcode.DeadStores]: Although the value stored to 's' is used in the enclosing expression, the value is never actually read from 's'
# 398| s, NULL, 1);
# 399| }
# 400|-> else if ((s = has_leading_keyword (line, "DISMISSPINPADPROMPT")))
# 401| {
# 402| rc = parm->getpin_cb (parm->getpin_cb_arg, parm->getpin_cb_desc,
Error: GCC_ANALYZER_WARNING (CWE-121): [#def23]
gnupg-2.4.5/agent/call-scd.c: scope_hint: In function ‘agent_card_pkdecrypt’
gnupg-2.4.5/agent/call-scd.c:596:11: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
gnupg-2.4.5/agent/call-scd.c:596:11: note: write of 8 bytes to beyond the end of ‘line’
gnupg-2.4.5/agent/call-scd.c:596:11: note: valid subscripts for ‘line’ are ‘[0]’ to ‘[1001]’
# 594| for (i=0; len < indatalen && (i*2 < DIM(line)-50); i++, len++)
# 595| {
# 596|-> sprintf (p, "%02X", indata[len]);
# 597| p += 2;
# 598| }
Error: CLANG_WARNING: [#def24]
gnupg-2.4.5/agent/call-scd.c:681:8: warning[deadcode.DeadStores]: Although the value stored to 's' is used in the enclosing expression, the value is never actually read from 's'
# 679| const char *s;
# 680|
# 681|-> if ((s = has_leading_keyword (line, "KEYPAIRINFO"))
# 682| && !parm->keyref)
# 683| {
Error: CLANG_WARNING: [#def25]
gnupg-2.4.5/agent/call-scd.c:700:12: warning[deadcode.DeadStores]: Although the value stored to 'nfields' is used in the enclosing expression, the value is never actually read from 'nfields'
# 698| }
# 699|
# 700|-> if ((nfields = split_fields (line_buffer, fields, DIM (fields))) < 2)
# 701| goto leave; /* Not enough args; invalid status line - skip. */
# 702|
Error: CLANG_WARNING: [#def26]
gnupg-2.4.5/agent/command-ssh.c:2743:3: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 2741|
# 2742| /* Sort the array. */
# 2743|-> qsort (keyarray.items, keyarray.nitems, sizeof *keyarray.items,
# 2744| compare_key_collection_items);
# 2745| if (opt.debug)
Error: GCC_ANALYZER_WARNING (CWE-688): [#def27]
gnupg-2.4.5/agent/command-ssh.c: scope_hint: In function ‘ssh_handler_extension’
gnupg-2.4.5/agent/command-ssh.c:3576:8: warning[-Wanalyzer-null-argument]: use of NULL ‘exttype’ where non-null expected
gnupg-2.4.5/agent/command-ssh.c: scope_hint: In function ‘ssh_handler_extension’
gnupg-2.4.5/agent/agent.h:35: included_from: Included from here.
gnupg-2.4.5/agent/command-ssh.c:55: included_from: Included from here.
gnupg-2.4.5/common/util.h:102:40: note: in definition of macro ‘xtrymalloc’
gnupg-2.4.5/agent/command-ssh.c: scope_hint: In function ‘ssh_handler_extension’
gnupg-2.4.5/agent/command-ssh.c:40: included_from: Included from here.
/usr/include/string.h:156:12: note: argument 1 of ‘strcmp’ must be non-null
# 3574| if (opt.verbose)
# 3575| log_info ("ssh-agent extension '%s' received\n", exttype);
# 3576|-> if (!strcmp (exttype, "ssh-env@gnupg.org"))
# 3577| {
# 3578| for (;;)
Error: GCC_ANALYZER_WARNING (CWE-457): [#def28]
gnupg-2.4.5/agent/command.c: scope_hint: In function ‘cmd_readkey’
gnupg-2.4.5/agent/command.c:1461:25: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘pkbuflen’
gnupg-2.4.5/agent/command.c:307:12: note: in expansion of macro ‘set_error’
# 1459| }
# 1460|
# 1461|-> rc = opt_no_data? 0 : assuan_send_data (ctx, pkbuf, pkbuflen);
# 1462|
# 1463| leave:
Error: CLANG_WARNING: [#def29]
gnupg-2.4.5/agent/command.c:1461:25: warning[core.CallAndMessage]: 3rd function call argument is an uninitialized value
# 1459| }
# 1460|
# 1461|-> rc = opt_no_data? 0 : assuan_send_data (ctx, pkbuf, pkbuflen);
# 1462|
# 1463| leave:
Error: CLANG_WARNING: [#def30]
gnupg-2.4.5/agent/command.c:1567:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1565| goto leave; /* No attribute available. */
# 1566|
# 1567|-> err = agent_raw_key_from_file (ctrl, grip, &s_key, &keymeta);
# 1568| if (!keymeta)
# 1569| istrue = 0;
Error: GCC_ANALYZER_WARNING (CWE-457): [#def31]
gnupg-2.4.5/agent/command.c: scope_hint: In function ‘cmd_keytocard’
gnupg-2.4.5/agent/command.c:3303:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘n’
# 3301| if (err)
# 3302| goto leave; /* Badly formatted ecdh params. */
# 3303|-> n /= 2;
# 3304| if (n < 4)
# 3305| {
Error: CLANG_WARNING: [#def32]
gnupg-2.4.5/agent/command.c:3504:32: warning[deadcode.DeadStores]: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
# 3502| goto leave;
# 3503| }
# 3504|-> if (!ttlstr || !*ttlstr || !(n = parse_ttl (ttlstr, &ttl)))
# 3505| {
# 3506| err = set_error (GPG_ERR_ASS_PARAMETER, "no or invalid TTL given");
Error: CLANG_WARNING: [#def33]
gnupg-2.4.5/agent/cvt-openpgp.c:1238:23: warning[core.UndefinedBinaryOperatorResult]: The left operand of '>>' is a garbage value
# 1236| for (i = 0; i < (nskey-npkey); i++ )
# 1237| {
# 1238|-> *p++ = nbits[i] >> 8 ;
# 1239| *p++ = nbits[i];
# 1240| memcpy (p, bufarr[i], narr[i]);
Error: CLANG_WARNING: [#def34]
gnupg-2.4.5/agent/cvt-openpgp.c:1240:7: warning[core.CallAndMessage]: 2nd function call argument is an uninitialized value
# 1238| *p++ = nbits[i] >> 8 ;
# 1239| *p++ = nbits[i];
# 1240|-> memcpy (p, bufarr[i], narr[i]);
# 1241| p += narr[i];
# 1242| xfree (bufarr[i]);
Error: COMPILER_WARNING (CWE-704): [#def35]
gnupg-2.4.5/agent/cvt-openpgp.h:27:13: warning[-Wlto-type-mismatch]: type of ‘convert_from_openpgp_native’ does not match original declaration
# 27 | gpg_error_t convert_from_openpgp_native (ctrl_t ctrl,
# | ^
gnupg-2.4.5/agent/t-protect.c:344:1: note: type mismatch in parameter 4
# 344 | convert_from_openpgp_native (gcry_sexp_t s_pgp, const char *passphrase,
# | ^
gnupg-2.4.5/agent/t-protect.c:344:1: note: ‘convert_from_openpgp_native’ was previously declared here
# 25| const char *cache_nonce,
# 26| unsigned char **r_key, char **r_passphrase);
# 27|-> gpg_error_t convert_from_openpgp_native (ctrl_t ctrl,
# 28| gcry_sexp_t s_pgp,
# 29| const char *passphrase,
Error: CLANG_WARNING: [#def36]
gnupg-2.4.5/agent/divert-tpm2.c:38:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 36| gcry_sexp_t s_pkey;
# 37|
# 38|-> err = agent_public_key_from_file (ctrl, grip, &s_pkey);
# 39| len = gcry_sexp_sprint(s_pkey, GCRYSEXP_FMT_CANON, NULL, 0);
# 40| pkbuf = xtrymalloc (len);
Error: CLANG_WARNING: [#def37]
gnupg-2.4.5/agent/findkey.c:287:19: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
# 285| && tokenfields[0] && tokenfields[1] && tokenfields[2]
# 286| && tokenfields[3]
# 287|-> && !strcmp (tokenfields[3], dispserialno))
# 288| ; /* No need to update Token entry. */
# 289| else
Error: CLANG_WARNING: [#def38]
gnupg-2.4.5/agent/genkey.c:124:7: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 122| NULL, NULL, NULL, timestamp);
# 123|
# 124|-> if (!err)
# 125| {
# 126| char hexgrip[2*KEYGRIP_LEN+1];
Error: CLANG_WARNING: [#def39]
gnupg-2.4.5/agent/genkey.c:217:11: warning[deadcode.DeadStores]: Value stored to 'result' is never read
# 215| err = gpg_error_from_syserror ();
# 216| log_error (_("error writing to pipe: %s\n"), gpg_strerror (err));
# 217|-> result = 1; /* Error - assume password should not be used. */
# 218| }
# 219| else
Error: CLANG_WARNING: [#def40]
gnupg-2.4.5/agent/protect.c:986:3: warning[deadcode.DeadStores]: Value stored to 'p' is never read
# 984| *cutoff = p - newlist;
# 985| memcpy (p, startpos, endpos - startpos);
# 986|-> p += endpos - startpos;
# 987|
# 988|
Error: CLANG_WARNING: [#def41]
gnupg-2.4.5/agent/protect.c:1085:11: warning[deadcode.DeadStores]: Value stored to 'prot_begin' is never read
# 1083| while (*s == '(')
# 1084| {
# 1085|-> prot_begin = s;
# 1086| s++;
# 1087| n = snext (&s);
Error: CLANG_WARNING: [#def42]
gnupg-2.4.5/agent/protect.c:1543:3: warning[deadcode.DeadStores]: Value stored to 'p' is never read
# 1541| *p++ = ')';
# 1542| memcpy (p, point, pubkey_len - (point - pubkey));
# 1543|-> p += pubkey_len - (point - pubkey);
# 1544|
# 1545| return 0;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def43]
gnupg-2.4.5/common/asshelp.c: scope_hint: In function ‘start_new_service’
gnupg-2.4.5/common/asshelp.c:474:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘p’
gnupg-2.4.5/common/asshelp.c:41: included_from: Included from here.
gnupg-2.4.5/common/asshelp.c:464:21: note: in expansion of macro ‘xtrystrdup’
# 472| }
# 473| p = strchr (program, '|');
# 474|-> *p++ = 0;
# 475| program_arg = p;
# 476| }
Error: CLANG_WARNING: [#def44]
gnupg-2.4.5/common/audit.c:1182:8: warning[deadcode.DeadStores]: Although the value stored to 's' is used in the enclosing expression, the value is never actually read from 's'
# 1180| /* We use an environment variable to include some debug info in the
# 1181| log. */
# 1182|-> if ((s = getenv ("gnupg_debug_audit")))
# 1183| show_raw = 1;
# 1184|
Error: COMPILER_WARNING (CWE-252): [#def45]
gnupg-2.4.5/common/dotlock.c: scope_hint: In function ‘use_hardlinks_p’
gnupg-2.4.5/common/dotlock.c:667:10: warning[-Wunused-result]: ignoring return value of ‘link’ declared with attribute ‘warn_unused_result’
# 667 | (void) link (tname, lname);
# | ^~~~~~~~~~~~~~~~~~~
# 665|
# 666| /* We ignore the return value of link() because it is unreliable. */
# 667|-> (void) link (tname, lname);
# 668|
# 669| if (stat (tname, &sb))
Error: GCC_ANALYZER_WARNING (CWE-775): [#def46]
gnupg-2.4.5/common/dotlock.c: scope_hint: In function ‘dotlock_take_unix’
gnupg-2.4.5/common/dotlock.c:1296:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
gnupg-2.4.5/common/dotlock.c:283: included_from: Included from here.
/usr/include/gcrypt.h:31: included_from: Included from here.
gnupg-2.4.5/common/util.h:34: included_from: Included from here.
gnupg-2.4.5/common/dotlock.c:312: included_from: Included from here.
gnupg-2.4.5/common/dotlock.c:1387:7: note: in expansion of macro ‘my_info_0’
# 1294| {
# 1295| my_set_errno (0);
# 1296|-> fd = open (h->lockname, O_WRONLY|O_CREAT|O_EXCL,
# 1297| S_IRUSR|S_IRGRP|S_IROTH|S_IWUSR );
# 1298| }
Error: GCC_ANALYZER_WARNING (CWE-775): [#def47]
gnupg-2.4.5/common/dotlock.c:1313:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
# 1311| h->lockname, strerror (saveerrno));
# 1312| my_set_errno (saveerrno);
# 1313|-> return -1;
# 1314| }
# 1315| else
Error: COMPILER_WARNING (CWE-252): [#def48]
gnupg-2.4.5/common/dotlock.c: scope_hint: In function ‘dotlock_take_unix’
gnupg-2.4.5/common/dotlock.c:1349:14: warning[-Wunused-result]: ignoring return value of ‘link’ declared with attribute ‘warn_unused_result’
# 1349 | (void) link (h->tname, h->lockname);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1347|
# 1348| /* We ignore the return value of link() because it is unreliable. */
# 1349|-> (void) link (h->tname, h->lockname);
# 1350|
# 1351| if (stat (h->tname, &sb))
Error: GCC_ANALYZER_WARNING (CWE-775): [#def49]
gnupg-2.4.5/common/exechelp-posix.c: scope_hint: In function ‘do_exec’
gnupg-2.4.5/common/exechelp-posix.c:329:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(fds[i], i)’
# 327| if (nodevnull[i])
# 328| continue;
# 329|-> if (fds[i] != i && dup2 (fds[i], i) == -1)
# 330| log_fatal ("dup2 std%s failed: %s\n",
# 331| i==0?"in":i==1?"out":"err", strerror (errno));
Error: GCC_ANALYZER_WARNING: [#def50]
gnupg-2.4.5/common/exechelp-posix.c:329:26: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘-1’
# 327| if (nodevnull[i])
# 328| continue;
# 329|-> if (fds[i] != i && dup2 (fds[i], i) == -1)
# 330| log_fatal ("dup2 std%s failed: %s\n",
# 331| i==0?"in":i==1?"out":"err", strerror (errno));
Error: CLANG_WARNING: [#def51]
gnupg-2.4.5/common/iobuf.c:2462:4: warning[core.NonNullParamChecker]: Null pointer passed to 2nd parameter expecting 'nonnull'
# 2460| if (size > buflen)
# 2461| size = buflen;
# 2462|-> memcpy (a->d.buf + a->d.len, buf, size);
# 2463| buflen -= size;
# 2464| buf += size;
Error: CLANG_WARNING: [#def52]
gnupg-2.4.5/common/name-value.c:210:39: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 208|
# 209| /* On the first line we need to subtract space for the name. */
# 210|-> if (entry->raw_value == NULL && strlen (entry->name) < linelen)
# 211| linelen -= strlen (entry->name);
# 212|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def53]
gnupg-2.4.5/common/name-value.c: scope_hint: In function ‘_nvc_add’
gnupg-2.4.5/common/name-value.c:408:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘pk’
gnupg-2.4.5/common/name-value.c:43: included_from: Included from here.
gnupg-2.4.5/common/name-value.c:480:7: note: in expansion of macro ‘xtrystrdup’
gnupg-2.4.5/common/name-value.c:36: included_from: Included from here.
# 406| e->raw_value = raw_value;
# 407|
# 408|-> if (pk->first)
# 409| {
# 410| nve_t last;
Error: COMPILER_WARNING (CWE-252): [#def54]
gnupg-2.4.5/common/signal.c: scope_hint: In function ‘got_fatal_signal’
gnupg-2.4.5/common/signal.c:113:9: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 113 | (void)write (2, "\n", 1 );
# | ^~~~~~~~~~~~~~~~~~~
# 111| cleanup_fnc ();
# 112| /* Better don't translate these messages. */
# 113|-> (void)write (2, "\n", 1 );
# 114| s = log_get_prefix (NULL);
# 115| if (s)
Error: COMPILER_WARNING (CWE-252): [#def55]
gnupg-2.4.5/common/signal.c:116:11: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 116 | (void)write(2, s, strlen (s));
# | ^~~~~~~~~~~~~~~~~~~~~~~
# 114| s = log_get_prefix (NULL);
# 115| if (s)
# 116|-> (void)write(2, s, strlen (s));
# 117| (void)write (2, ": signal ", 9 );
# 118| s = get_signal_name(sig);
Error: COMPILER_WARNING (CWE-252): [#def56]
gnupg-2.4.5/common/signal.c:117:9: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 117 | (void)write (2, ": signal ", 9 );
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~
# 115| if (s)
# 116| (void)write(2, s, strlen (s));
# 117|-> (void)write (2, ": signal ", 9 );
# 118| s = get_signal_name(sig);
# 119| if (s)
Error: COMPILER_WARNING (CWE-252): [#def57]
gnupg-2.4.5/common/signal.c:120:12: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 120 | (void) write (2, s, strlen(s) );
# | ^~~~~~~~~~~~~~~~~~~~~~~~
# 118| s = get_signal_name(sig);
# 119| if (s)
# 120|-> (void) write (2, s, strlen(s) );
# 121| else
# 122| {
Error: COMPILER_WARNING (CWE-252): [#def58]
gnupg-2.4.5/common/signal.c:130:15: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 130 | (void)write (2, "?", 1);
# | ^~~~~~~~~~~~~~~~~
# 128| this is a bug in that system, we will protect against it. */
# 129| if (sig < 0 || sig >= 100000)
# 130|-> (void)write (2, "?", 1);
# 131| else
# 132| {
Error: COMPILER_WARNING (CWE-252): [#def59]
gnupg-2.4.5/common/signal.c:139:25: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 139 | (void)write (2, &"0123456789"[value/i], 1);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 137| if (value >= i || ((any || i==1) && !(value/i)))
# 138| {
# 139|-> (void)write (2, &"0123456789"[value/i], 1);
# 140| if ((value/i))
# 141| any = 1;
Error: COMPILER_WARNING (CWE-252): [#def60]
gnupg-2.4.5/common/signal.c:147:9: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 147 | (void)write (2, " caught ... exiting\n", 20);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 145| }
# 146| }
# 147|-> (void)write (2, " caught ... exiting\n", 20);
# 148|
# 149| /* Reset action to default action and raise signal again */
Error: GCC_ANALYZER_WARNING (CWE-121): [#def61]
gnupg-2.4.5/common/simple-pwquery.c: scope_hint: In function ‘copy_and_escape’
gnupg-2.4.5/common/simple-pwquery.c:301:11: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
gnupg-2.4.5/common/simple-pwquery.c:301:11: note: write of 17 bytes to beyond the end of ‘line’
gnupg-2.4.5/common/simple-pwquery.c:301:11: note: valid subscripts for ‘line’ are ‘[0]’ to ‘[499]’
# 299| if (s[i] < ' ' || s[i] == '+')
# 300| {
# 301|-> sprintf (p, "%%%02X", s[i]);
# 302| p += 3;
# 303| }
Error: GCC_ANALYZER_WARNING (CWE-775): [#def62]
gnupg-2.4.5/common/sysutils.c: scope_hint: In function ‘gnupg_reopen_std’
gnupg-2.4.5/common/sysutils.c:705:10: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 0)’
# 703| if (fcntl (STDIN_FILENO, F_GETFD) == -1 && errno ==EBADF)
# 704| {
# 705|-> if (open ("/dev/null",O_RDONLY) == STDIN_FILENO)
# 706| did_stdin = 1;
# 707| else
Error: GCC_ANALYZER_WARNING (CWE-775): [#def63]
gnupg-2.4.5/common/sysutils.c:713:10: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 1)’
# 711| if (fcntl (STDOUT_FILENO, F_GETFD) == -1 && errno == EBADF)
# 712| {
# 713|-> if (open ("/dev/null",O_WRONLY) == STDOUT_FILENO)
# 714| did_stdout = 1;
# 715| else
Error: GCC_ANALYZER_WARNING (CWE-775): [#def64]
gnupg-2.4.5/common/sysutils.c:721:10: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 1)’
# 719| if (fcntl (STDERR_FILENO, F_GETFD)==-1 && errno==EBADF)
# 720| {
# 721|-> if (open ("/dev/null", O_WRONLY) == STDERR_FILENO)
# 722| did_stderr = 1;
# 723| else
Error: CLANG_WARNING: [#def65]
gnupg-2.4.5/common/sysutils.c:1794:26: warning[core.UndefinedBinaryOperatorResult]: The left operand of '!=' is a garbage value
# 1792| log_error ("could not getsockname(%d): %s\n", fd,
# 1793| gpg_strerror (my_error_from_syserror ()));
# 1794|-> else if (un.sun_family != AF_UNIX)
# 1795| log_error ("file descriptor %d is not a unix-domain socket\n", fd);
# 1796| else if (len <= offsetof (struct sockaddr_un, sun_path))
Error: GCC_ANALYZER_WARNING (CWE-688): [#def66]
gnupg-2.4.5/common/t-b64.c: scope_hint: In function ‘test_b64enc_file’
gnupg-2.4.5/common/t-b64.c:185:20: warning[-Wanalyzer-null-argument]: use of NULL ‘<unknown>’ where non-null expected
gnupg-2.4.5/common/util.h:35: included_from: Included from here.
gnupg-2.4.5/common/t-b64.c:26: included_from: Included from here.
gnupg-2.4.5/common/t-b64.c:23: included_from: Included from here.
/usr/include/stdio.h:738:15: note: argument 4 of ‘fread’ must be non-null
# 183| fail (1);
# 184|
# 185|-> while ( (nread = fread (buffer, 1, sizeof buffer, fp)) )
# 186| {
# 187| err = b64enc_write (&state, buffer, nread);
Error: CLANG_WARNING: [#def67]
gnupg-2.4.5/common/t-b64.c:185:20: warning[core.NonNullParamChecker]: Null pointer passed to 4th parameter expecting 'nonnull'
# 183| fail (1);
# 184|
# 185|-> while ( (nread = fread (buffer, 1, sizeof buffer, fp)) )
# 186| {
# 187| err = b64enc_write (&state, buffer, nread);
Error: GCC_ANALYZER_WARNING (CWE-688): [#def68]
gnupg-2.4.5/common/t-b64.c: scope_hint: In function ‘test_b64dec_file’
gnupg-2.4.5/common/t-b64.c:222:20: warning[-Wanalyzer-null-argument]: use of NULL ‘<unknown>’ where non-null expected
/usr/include/stdio.h:738:15: note: argument 4 of ‘fread’ must be non-null
# 220| fail (1);
# 221|
# 222|-> while ( (nread = fread (buffer, 1, sizeof buffer, fp)) )
# 223| {
# 224| err = b64dec_proc (&state, buffer, nread, &nbytes);
Error: CLANG_WARNING: [#def69]
gnupg-2.4.5/common/t-b64.c:222:20: warning[core.NonNullParamChecker]: Null pointer passed to 4th parameter expecting 'nonnull'
# 220| fail (1);
# 221|
# 222|-> while ( (nread = fread (buffer, 1, sizeof buffer, fp)) )
# 223| {
# 224| err = b64dec_proc (&state, buffer, nread, &nbytes);
Error: COMPILER_WARNING (CWE-252): [#def70]
gnupg-2.4.5/common/t-exechelp.c: scope_hint: In function ‘test_close_all_fds’
gnupg-2.4.5/common/t-exechelp.c:96:3: warning[-Wunused-result]: ignoring return value of ‘dup’ declared with attribute ‘warn_unused_result’
# 96 | dup (1);
# | ^~~~~~~
# 94|
# 95| /* Some dups to get more file descriptors and close one. */
# 96|-> dup (1);
# 97| dup (1);
# 98| fd = dup (1);
Error: COMPILER_WARNING (CWE-252): [#def71]
gnupg-2.4.5/common/t-exechelp.c:97:3: warning[-Wunused-result]: ignoring return value of ‘dup’ declared with attribute ‘warn_unused_result’
# 97 | dup (1);
# | ^~~~~~~
# 95| /* Some dups to get more file descriptors and close one. */
# 96| dup (1);
# 97|-> dup (1);
# 98| fd = dup (1);
# 99| dup (1);
Error: COMPILER_WARNING (CWE-252): [#def72]
gnupg-2.4.5/common/t-exechelp.c:99:3: warning[-Wunused-result]: ignoring return value of ‘dup’ declared with attribute ‘warn_unused_result’
# 99 | dup (1);
# | ^~~~~~~
# 97| dup (1);
# 98| fd = dup (1);
# 99|-> dup (1);
# 100| close (fd);
# 101|
Error: COMPILER_WARNING (CWE-252): [#def73]
gnupg-2.4.5/common/t-exechelp.c:140:9: warning[-Wunused-result]: ignoring return value of ‘dup’ declared with attribute ‘warn_unused_result’
# 140 | dup (1);
# | ^~~~~~~
# 138|
# 139| for (n=initial_count; n < 31; n++)
# 140|-> dup (1);
# 141| array = xget_all_open_fds ();
# 142| if (verbose)
Error: COMPILER_WARNING (CWE-252): [#def74]
gnupg-2.4.5/common/t-exechelp.c:147:11: warning[-Wunused-result]: ignoring return value of ‘dup’ declared with attribute ‘warn_unused_result’
# 147 | dup (1);
# | ^~~~~~~
# 145| for (n=0; n < 5; n++)
# 146| {
# 147|-> dup (1);
# 148| array = xget_all_open_fds ();
# 149| if (verbose)
Error: GCC_ANALYZER_WARNING (CWE-476): [#def75]
gnupg-2.4.5/common/t-iobuf.c: scope_hint: In function ‘content_filter_new’
gnupg-2.4.5/common/t-iobuf.c:91:14: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘state’
# 89| = malloc (sizeof (struct content_filter_state));
# 90|
# 91|-> state->pos = 0;
# 92| state->len = strlen (buffer);
# 93| state->buffer = buffer;
Error: GCC_ANALYZER_WARNING (CWE-775): [#def76]
gnupg-2.4.5/common/t-ssh-utils.c: scope_hint: In function ‘read_file’
gnupg-2.4.5/common/t-ssh-utils.c:224:6: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname, "rb")’
# 222| }
# 223|
# 224|-> if (fstat (fileno(fp), &st))
# 225| {
# 226| fprintf (stderr, "%s:%d: can't stat '%s': %s\n",
Error: GCC_ANALYZER_WARNING (CWE-401): [#def77]
gnupg-2.4.5/common/t-ssh-utils.c:224:6: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname, "rb")’
# 222| }
# 223|
# 224|-> if (fstat (fileno(fp), &st))
# 225| {
# 226| fprintf (stderr, "%s:%d: can't stat '%s': %s\n",
Error: GCC_ANALYZER_WARNING (CWE-775): [#def78]
gnupg-2.4.5/common/t-ssh-utils.c:231:14: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname, "rb")’
# 229| }
# 230|
# 231|-> buflen = st.st_size;
# 232| buf = xmalloc (buflen+1);
# 233| if (fread (buf, buflen, 1, fp) != 1)
Error: GCC_ANALYZER_WARNING (CWE-401): [#def79]
gnupg-2.4.5/common/t-ssh-utils.c:231:14: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname, "rb")’
# 229| }
# 230|
# 231|-> buflen = st.st_size;
# 232| buf = xmalloc (buflen+1);
# 233| if (fread (buf, buflen, 1, fp) != 1)
Error: CLANG_WARNING: [#def80]
gnupg-2.4.5/common/tlv-builder.c:260:3: warning[deadcode.DeadStores]: Value stored to 'mb_initialized' is never read
# 258| else
# 259| init_membuf (&mb, 512);
# 260|-> mb_initialized = 1;
# 261|
# 262| for (idx=0; idx < tb->nitems; idx++)
Error: CLANG_WARNING: [#def81]
gnupg-2.4.5/common/tlv-parser.c:682:9: warning[deadcode.DeadStores]: Although the value stored to 'n' is used in the enclosing expression, the value is never actually read from 'n'
# 680| return (tlv->lasterr = gpg_error (GPG_ERR_INV_OBJ));
# 681| p = tlv->buffer;
# 682|-> if (!(n=tlv->ti.length))
# 683| return (tlv->lasterr = gpg_error (GPG_ERR_TOO_SHORT));
# 684|
Error: GCC_ANALYZER_WARNING (CWE-401): [#def82]
gnupg-2.4.5/common/utf8conv.c: scope_hint: In function ‘do_utf8_to_native’
gnupg-2.4.5/common/utf8conv.c:631:14: warning[-Wanalyzer-malloc-leak]: leak of ‘iconv_open(active_charset_name, "utf-8")’
gnupg-2.4.5/common/utf8conv.c:52: included_from: Included from here.
gnupg-2.4.5/common/utf8conv.c:618:24: note: in expansion of macro ‘xmalloc’
# 629|
# 630| cd = iconv_open (active_charset_name, "utf-8");
# 631|-> if (cd == (iconv_t)-1)
# 632| {
# 633| handle_iconv_error (active_charset_name, "utf-8", 1);
Error: GCC_ANALYZER_WARNING (CWE-401): [#def83]
gnupg-2.4.5/common/utf8conv.c:640:17: warning[-Wanalyzer-malloc-leak]: leak of ‘iconv_open(active_charset_name, "utf-8")’
gnupg-2.4.5/common/utf8conv.c:618:24: note: in expansion of macro ‘xmalloc’
# 638| /* Allocate a new buffer large enough to hold all possible
# 639| encodings. */
# 640|-> n = p - buffer + 1;
# 641| inbytes = n - 1;;
# 642| inptr = buffer;
Error: GCC_ANALYZER_WARNING (CWE-465): [#def84]
gnupg-2.4.5/common/w32-cmdline.c: scope_hint: In function ‘parse_cmdstring’
gnupg-2.4.5/common/w32-cmdline.c:281:14: warning[-Wanalyzer-deref-before-check]: check of ‘p0’ for NULL after already dereferencing it
gnupg-2.4.5/common/w32-cmdline.c: scope_hint: In function ‘parse_cmdstring’
# 279| else if (*p == '\\' && (n=count_backslashes (p)))
# 280| {
# 281|-> if (!p0) /* First non-WS; set start. */
# 282| p0 = p;
# 283| if (p[n] == '"')
Error: GCC_ANALYZER_WARNING (CWE-465): [#def85]
gnupg-2.4.5/common/w32-cmdline.c:299:14: warning[-Wanalyzer-deref-before-check]: check of ‘p0’ for NULL after already dereferencing it
# 297| else if (*p == ' ' || *p == '\t')
# 298| {
# 299|-> if (p0) /* We are in an argument and reached WS. */
# 300| {
# 301| if (argv)
Error: GCC_ANALYZER_WARNING (CWE-465): [#def86]
gnupg-2.4.5/common/w32-cmdline.c:313:15: warning[-Wanalyzer-deref-before-check]: check of ‘p0’ for NULL after already dereferencing it
# 311| }
# 312| }
# 313|-> else if (!p0) /* First non-WS; set start. */
# 314| p0 = p;
# 315| }
Error: CLANG_WARNING: [#def87]
gnupg-2.4.5/common/w32-cmdline.c:420:11: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 418| return NULL; /* Ooops. */
# 419| }
# 420|-> rc = 0;
# 421| for (i=0; i < argc; i++)
# 422| {
Error: CLANG_WARNING: [#def88]
gnupg-2.4.5/dirmngr/cdblib.c:614:4: warning[deadcode.DeadStores]: Value stored to 'r' is never read
# 612| }
# 613| else
# 614|-> r = 1;
# 615| }
# 616| /* fall through */
Error: CLANG_WARNING: [#def89]
gnupg-2.4.5/dirmngr/crlcache.c:2071:13: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 2069| else
# 2070| crlissuer_cert = find_cert_bysubject (ctrl, crlissuer, NULL);
# 2071|-> err = 0;
# 2072| if (!crlissuer_cert)
# 2073| {
Error: CLANG_WARNING: [#def90]
gnupg-2.4.5/dirmngr/crlcache.c:2385:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 2383| {
# 2384| log_error (_("error reading CRL extensions: %s\n"), gpg_strerror (err));
# 2385|-> err = gpg_error (GPG_ERR_INV_CRL);
# 2386| }
# 2387|
Error: CLANG_WARNING: [#def91]
gnupg-2.4.5/dirmngr/crlfetch.c:117:27: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'nread')
# 115| return gpg_error (GPG_ERR_EIO);
# 116|
# 117|-> if (!cb_ctx->checked && *nread)
# 118| {
# 119| int c = *(unsigned char *)buffer;
Error: CLANG_WARNING: [#def92]
gnupg-2.4.5/dirmngr/crlfetch.c:132:25: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'nread')
# 130| }
# 131| }
# 132|-> if (cb_ctx->is_pem && *nread)
# 133| {
# 134| size_t nread2;
Error: CLANG_WARNING: [#def93]
gnupg-2.4.5/dirmngr/dirmngr-client.c:264:5: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 262|
# 263| if (cmd_ping)
# 264|-> err = 0;
# 265| else if (cmd_lookup || cmd_loadcrl)
# 266| {
Error: CLANG_WARNING: [#def94]
gnupg-2.4.5/dirmngr/dirmngr-client.c:269:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 267| if (!argc)
# 268| gpgrt_usage (1);
# 269|-> err = 0;
# 270| }
# 271| else if (cmd_squid_mode)
Error: CLANG_WARNING: [#def95]
gnupg-2.4.5/dirmngr/dirmngr-client.c:273:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 271| else if (cmd_squid_mode)
# 272| {
# 273|-> err = 0;
# 274| if (argc)
# 275| gpgrt_usage (1);
Error: CLANG_WARNING: [#def96]
gnupg-2.4.5/dirmngr/dirmngr-client.c:293:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 291| else
# 292| {
# 293|-> err = 0;
# 294| gpgrt_usage (1);
# 295| }
Error: CLANG_WARNING: [#def97]
gnupg-2.4.5/dirmngr/dirmngr-client.c:373:13: warning[core.CallAndMessage]: 2nd function call argument is an uninitialized value
# 371| else
# 372| {
# 373|-> err = do_check (ctx, certbuf, certbuflen);
# 374| xfree (certbuf);
# 375| }
Error: CLANG_WARNING: [#def98]
gnupg-2.4.5/dirmngr/dns-stuff.c:939:21: warning[core.NullDereference]: Access to field 'ai_family' results in a dereference of a null pointer (loaded from variable 'ent')
# 937| }
# 938|
# 939|-> dai->family = ent->ai_family;
# 940| dai->socktype = ent->ai_socktype;
# 941| dai->protocol = ent->ai_protocol;
Error: CLANG_WARNING: [#def99]
gnupg-2.4.5/dirmngr/dns-stuff.c:2149:3: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 2147|
# 2148| /* Order by priority */
# 2149|-> qsort(*list,srvcount,sizeof(struct srventry),priosort);
# 2150|
# 2151| /* For each priority, move the zero-weighted items first. */
Error: CPPCHECK_WARNING (CWE-909): [#def100]
gnupg-2.4.5/dirmngr/dns.c:4510: error[uninitStructMember]: Uninitialized struct member: src.p
# 4508| dns_b_putc(&dst, '"');
# 4509|
# 4510|-> while (src.p < src.pe) {
# 4511| dns_b_putc(&dst, '\\');
# 4512| dns_b_fmtju(&dst, *src.p++, 3);
Error: CPPCHECK_WARNING (CWE-909): [#def101]
gnupg-2.4.5/dirmngr/dns.c:4510: error[uninitStructMember]: Uninitialized struct member: src.pe
# 4508| dns_b_putc(&dst, '"');
# 4509|
# 4510|-> while (src.p < src.pe) {
# 4511| dns_b_putc(&dst, '\\');
# 4512| dns_b_fmtju(&dst, *src.p++, 3);
Error: CPPCHECK_WARNING (CWE-457): [#def102]
gnupg-2.4.5/dirmngr/dns.c:4510: warning[uninitvar]: Uninitialized variable: src.p
# 4508| dns_b_putc(&dst, '"');
# 4509|
# 4510|-> while (src.p < src.pe) {
# 4511| dns_b_putc(&dst, '\\');
# 4512| dns_b_fmtju(&dst, *src.p++, 3);
Error: CPPCHECK_WARNING (CWE-909): [#def103]
gnupg-2.4.5/dirmngr/dns.c:4512: error[uninitStructMember]: Uninitialized struct member: src.p
# 4510| while (src.p < src.pe) {
# 4511| dns_b_putc(&dst, '\\');
# 4512|-> dns_b_fmtju(&dst, *src.p++, 3);
# 4513| }
# 4514|
Error: CPPCHECK_WARNING (CWE-786): [#def104]
gnupg-2.4.5/dirmngr/dns.c:7658: error[negativeIndex]: Array 'so->query->data[1]' accessed at index -2, which is out of bounds.
# 7656| size_t n;
# 7657|
# 7658|-> so->query->data[-2] = 0xff & (so->query->end >> 8);
# 7659| so->query->data[-1] = 0xff & (so->query->end >> 0);
# 7660|
Error: CPPCHECK_WARNING (CWE-786): [#def105]
gnupg-2.4.5/dirmngr/dns.c:7659: error[negativeIndex]: Array 'so->query->data[1]' accessed at index -1, which is out of bounds.
# 7657|
# 7658| so->query->data[-2] = 0xff & (so->query->end >> 8);
# 7659|-> so->query->data[-1] = 0xff & (so->query->end >> 0);
# 7660|
# 7661| qend = so->query->end + 2;
Error: CPPCHECK_WARNING (CWE-786): [#def106]
gnupg-2.4.5/dirmngr/dns.c:7664: error[negativeIndex]: Array 'so->query->data[1]' accessed at index -2, which is out of bounds.
# 7662|
# 7663| while (so->qout < qend) {
# 7664|-> qsrc = &so->query->data[-2] + so->qout;
# 7665| n = dns_send_nopipe(so->tcp, (void *)qsrc, qend - so->qout, 0, &error);
# 7666| dns_trace_sys_send(so->trace, so->tcp, SOCK_STREAM, qsrc, n, error);
Error: CPPCHECK_WARNING (CWE-786): [#def107]
gnupg-2.4.5/dirmngr/dns.c:7687: error[negativeIndex]: Array 'so->answer->data[1]' accessed at index -2, which is out of bounds.
# 7685|
# 7686| while (so->apos < aend) {
# 7687|-> asrc = &so->answer->data[-2];
# 7688|
# 7689| n = dns_recv(so->tcp, (void *)&asrc[so->apos], aend - so->apos, 0, &error);
Error: CPPCHECK_WARNING (CWE-786): [#def108]
gnupg-2.4.5/dirmngr/dns.c:7698: error[negativeIndex]: Array 'so->answer->data[1]' accessed at index -2, which is out of bounds.
# 7696|
# 7697| if (so->alen == 0 && so->apos >= 2) {
# 7698|-> alen = ((0xff & so->answer->data[-2]) << 8)
# 7699| | ((0xff & so->answer->data[-1]) << 0);
# 7700|
Error: CPPCHECK_WARNING (CWE-786): [#def109]
gnupg-2.4.5/dirmngr/dns.c:7699: error[negativeIndex]: Array 'so->answer->data[1]' accessed at index -1, which is out of bounds.
# 7697| if (so->alen == 0 && so->apos >= 2) {
# 7698| alen = ((0xff & so->answer->data[-2]) << 8)
# 7699|-> | ((0xff & so->answer->data[-1]) << 0);
# 7700|
# 7701| if ((error = dns_so_newanswer(so, alen)))
Error: CLANG_WARNING: [#def110]
gnupg-2.4.5/dirmngr/http.c:3680:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 3678| srvtag, server, gpg_strerror (err));
# 3679| /* Note that on error SRVCOUNT is zero. */
# 3680|-> err = 0;
# 3681| }
# 3682|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def111]
gnupg-2.4.5/dirmngr/ks-action.c: scope_hint: In function ‘ks_action_query’
gnupg-2.4.5/dirmngr/ks-action.c:571:11: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘puri’
# 569| {
# 570| /* Reset authentication for a serverless connection. */
# 571|-> puri->parsed_uri->ad_current = 0;
# 572| puri->parsed_uri->auth = NULL;
# 573| }
Error: GCC_ANALYZER_WARNING (CWE-476): [#def112]
gnupg-2.4.5/dirmngr/ks-action.c:575:20: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘puri’
# 573| }
# 574|
# 575|-> if (!strcmp (puri->parsed_uri->scheme, "ldap")
# 576| || !strcmp (puri->parsed_uri->scheme, "ldaps")
# 577| || !strcmp (puri->parsed_uri->scheme, "ldapi")
Error: CLANG_WARNING: [#def113]
gnupg-2.4.5/dirmngr/ks-engine-hkp.c:260:34: warning[core.DivideZero]: Division by zero
# 258| pidx = tbl[0];
# 259| else
# 260|-> pidx = tbl[get_uint_nonce () % tblsize];
# 261|
# 262| xfree (tbl);
Error: CLANG_WARNING: [#def114]
gnupg-2.4.5/dirmngr/ks-engine-hkp.c:444:3: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 442| hostinfo_sort_pool (hostinfo_t hi)
# 443| {
# 444|-> qsort (hi->pool, hi->pool_len, sizeof *hi->pool, sort_hostpool);
# 445| }
# 446|
Error: CLANG_WARNING: [#def115]
gnupg-2.4.5/dirmngr/ks-engine-hkp.c:565:11: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 563| {
# 564| log_error ("resolving '%s' failed: %s\n", name, gpg_strerror (err));
# 565|-> err = 0;
# 566| }
# 567| else
Error: GCC_ANALYZER_WARNING (CWE-476): [#def116]
gnupg-2.4.5/dirmngr/ks-engine-hkp.c: scope_hint: In function ‘make_host_part’
gnupg-2.4.5/dirmngr/ks-engine-hkp.c:1104:7: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘hostname’
gnupg-2.4.5/dirmngr/dirmngr.h:34: included_from: Included from here.
gnupg-2.4.5/dirmngr/ks-engine-hkp.c:39: included_from: Included from here.
gnupg-2.4.5/dirmngr/ks-engine-hkp.c:1846:3: note: in expansion of macro ‘xfree’
gnupg-2.4.5/dirmngr/ks-engine-hkp.c:1852:3: note: in expansion of macro ‘xfree’
gnupg-2.4.5/dirmngr/ks-engine-hkp.c:1853:3: note: in expansion of macro ‘xfree’
gnupg-2.4.5/dirmngr/ks-engine-hkp.c:489:25: note: in expansion of macro ‘xtrystrdup’
# 1102| strcpy (portstr, "11371");
# 1103|
# 1104|-> if (*hostname != '[' && is_ip_address (hostname) == 6)
# 1105| *r_hostport = strconcat (scheme, "://[", hostname, "]:", portstr, NULL);
# 1106| else
Error: GCC_ANALYZER_WARNING (CWE-457): [#def117]
gnupg-2.4.5/dirmngr/ks-engine-hkp.c: scope_hint: In function ‘ks_hkp_put’
gnupg-2.4.5/dirmngr/ks-engine-hkp.c:1871:7: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘http_status’
gnupg-2.4.5/dirmngr/ks-engine-hkp.c:1846:3: note: in expansion of macro ‘xfree’
gnupg-2.4.5/dirmngr/ks-engine-hkp.c:1860:3: note: in expansion of macro ‘xfree’
# 1869| err = send_request (ctrl, request, hostport, httphost, 0,
# 1870| put_post_cb, &parm, &fp, &http_status);
# 1871|-> if (handle_send_request_error (ctrl, err, request, http_status,
# 1872| &tries, &extra_tries))
# 1873| {
Error: CLANG_WARNING: [#def118]
gnupg-2.4.5/dirmngr/ks-engine-hkp.c:1871:7: warning[core.CallAndMessage]: 4th function call argument is an uninitialized value
# 1869| err = send_request (ctrl, request, hostport, httphost, 0,
# 1870| put_post_cb, &parm, &fp, &http_status);
# 1871|-> if (handle_send_request_error (ctrl, err, request, http_status,
# 1872| &tries, &extra_tries))
# 1873| {
Error: GCC_ANALYZER_WARNING (CWE-476): [#def119]
gnupg-2.4.5/dirmngr/ks-engine-ldap.c: scope_hint: In function ‘ks_ldap_query’
gnupg-2.4.5/dirmngr/ks-engine-ldap.c:3076:30: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
gnupg-2.4.5/dirmngr/ks-engine-ldap.c: scope_hint: In function ‘ks_ldap_query’
gnupg-2.4.5/dirmngr/ks-engine-ldap.c: scope_hint: In function ‘ks_ldap_query’
# 3074| {
# 3075| next_again:
# 3076|-> if (!ctrl->ks_get_state->msg_iter && ctrl->ks_get_state->more_pages)
# 3077| {
# 3078| /* Get the next page of results. */
Error: CLANG_WARNING: [#def120]
gnupg-2.4.5/dirmngr/ldap-wrapper.c:238:7: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 236| ctx->linesize = newsize;
# 237| }
# 238|-> memcpy (ctx->line + ctx->linelen, line, n);
# 239| ctx->linelen += n;
# 240| ctx->line[ctx->linelen] = 0;
Error: CLANG_WARNING: [#def121]
gnupg-2.4.5/dirmngr/ocsp.c:810:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 808| ksba_free (resp_name);
# 809| ksba_free (resp_keyid);
# 810|-> err = 0;
# 811| }
# 812|
Error: CLANG_WARNING: [#def122]
gnupg-2.4.5/dirmngr/server.c:912:11: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 910| if (err)
# 911| {
# 912|-> err = 0;
# 913| xfree (domainbuf);
# 914| domainbuf = NULL;
Error: CLANG_WARNING: [#def123]
gnupg-2.4.5/dirmngr/server.c:938:13: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 936| * which do not work as expected. */
# 937| if (gpg_err_code (err) == GPG_ERR_SERVER_FAILED)
# 938|-> err = 0; /*(srvcount is guaranteed to be 0)*/
# 939| else
# 940| goto leave;
Error: CLANG_WARNING: [#def124]
gnupg-2.4.5/dirmngr/server.c:2061:3: warning[deadcode.DeadStores]: Value stored to 'line' is never read
# 2059| tls_mode = has_option (line, "--tls");
# 2060| no_crl = has_option (line, "--no-crl");
# 2061|-> line = skip_options (line);
# 2062|
# 2063| if (tls_mode)
Error: CLANG_WARNING: [#def125]
gnupg-2.4.5/dirmngr/server.c:2687:3: warning[deadcode.DeadStores]: Value stored to 'line' is never read
# 2685|
# 2686| /* No options for now. */
# 2687|-> line = skip_options (line);
# 2688|
# 2689| err = ensure_keyserver (ctrl);
Error: CLANG_WARNING: [#def126]
gnupg-2.4.5/dirmngr/server.c:3078:10: warning[deadcode.DeadStores]: Although the value stored to 'j' is used in the enclosing expression, the value is never actually read from 'j'
# 3076| int i, j, rc;
# 3077|
# 3078|-> for (i=j=0; table[i].name; i++)
# 3079| {
# 3080| rc = assuan_register_command (ctx, table[i].name, table[i].handler,
Error: CLANG_WARNING: [#def127]
gnupg-2.4.5/dirmngr/validate.c:460:9: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 458| &buflen);
# 459| if (err || buflen != sizeof (validated_at) || !validated_at)
# 460|-> err = 0; /* Not available or other error. */
# 461| else
# 462| {
Error: CLANG_WARNING: [#def128]
gnupg-2.4.5/dirmngr/validate.c:556:11: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 554| {
# 555| any_no_policy_match = 1;
# 556|-> err = 0;
# 557| }
# 558| else if (err)
Error: CLANG_WARNING: [#def129]
gnupg-2.4.5/doc/mkdefsinc.c:223:15: warning[unix.Malloc]: Potential leak of memory pointed to by 'opt_date'
# 221| {
# 222| opt_date = xstrdup (*argv);
# 223|-> argc--; argv++;
# 224| }
# 225| }
Error: GCC_ANALYZER_WARNING (CWE-401): [#def130]
gnupg-2.4.5/doc/mkdefsinc.c: scope_hint: In function ‘main’
gnupg-2.4.5/doc/mkdefsinc.c:223:27: warning[-Wanalyzer-malloc-leak]: leak of ‘opt_date’
# 221| {
# 222| opt_date = xstrdup (*argv);
# 223|-> argc--; argv++;
# 224| }
# 225| }
Error: CPPCHECK_WARNING (CWE-457): [#def131]
gnupg-2.4.5/doc/mkdefsinc.c:337: warning[uninitvar]: Uninitialized variable: monthoff
# 335|
# 336| printf ("@set UPDATED %s\n", opt_date);
# 337|-> printf ("@set UPDATED-MONTH %s\n", opt_date + monthoff);
# 338| printf ("@set EDITION %s\n", PACKAGE_VERSION);
# 339| printf ("@set VERSION %s\n", PACKAGE_VERSION);
Error: CLANG_WARNING: [#def132]
gnupg-2.4.5/doc/mkdefsinc.c:338:3: warning[unix.Malloc]: Potential leak of memory pointed to by 'opt_date'
# 336| printf ("@set UPDATED %s\n", opt_date);
# 337| printf ("@set UPDATED-MONTH %s\n", opt_date + monthoff);
# 338|-> printf ("@set EDITION %s\n", PACKAGE_VERSION);
# 339| printf ("@set VERSION %s\n", PACKAGE_VERSION);
# 340|
Error: CLANG_WARNING: [#def133]
gnupg-2.4.5/g10/build-packet.c:794:27: warning[core.uninitialized.Assign]: Assigned value is garbage or undefined
# 792| goto leave;
# 793| }
# 794|-> skbytes += n;
# 795| }
# 796|
Error: CLANG_WARNING: [#def134]
gnupg-2.4.5/g10/call-agent.c:618:13: warning[deadcode.DeadStores]: Although the value stored to 'p' is used in the enclosing expression, the value is never actually read from 'p'
# 616| int abool;
# 617|
# 618|-> buf = p = unescape_status_string (line);
# 619| if (buf)
# 620| {
Error: CLANG_WARNING: [#def135]
gnupg-2.4.5/g10/call-agent.c:1538:8: warning[deadcode.DeadStores]: Although the value stored to 'args' is used in the enclosing expression, the value is never actually read from 'args'
# 1536|
# 1537| /* FIXME: Get that info from the KEYPAIRINFO line. */
# 1538|-> if ((args = has_leading_keyword (line, "KEYPAIRINFO"))
# 1539| && !*keytimep)
# 1540| {
Error: CLANG_WARNING: [#def136]
gnupg-2.4.5/g10/call-agent.c:2324:11: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 2322| log_info ("problem with fast path key listing: %s - ignored\n",
# 2323| gpg_strerror (err));
# 2324|-> err = 0;
# 2325| }
# 2326| /* We want to do this only once. */
Error: CLANG_WARNING: [#def137]
gnupg-2.4.5/g10/call-dirmngr.c:393:28: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 391| * "foo:389:user:pass:base:flags"
# 392| * we strip off everything beyound the port. */
# 393|-> if ((p = strchr (p+1, ':')))
# 394| {
# 395| if (p[-1] == ':')
Error: CLANG_WARNING: [#def138]
gnupg-2.4.5/g10/card-util.c:465:12: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 463| if (!serialno)
# 464| ;
# 465|-> else if (strlen (info.serialno)+1 > serialnobuflen)
# 466| log_error ("serial number longer than expected\n");
# 467| else
Error: CLANG_WARNING: [#def139]
gnupg-2.4.5/g10/card-util.c:484:14: warning[core.NullDereference]: Dereference of null pointer
# 482| else
# 483| es_fprintf (fp, "version:%.4s:\n", info.serialno+12);
# 484|-> uval = xtoi_2(info.serialno+16)*256 + xtoi_2 (info.serialno+18);
# 485| pesc = (info.manufacturer_name
# 486| ? percent_escape (info.manufacturer_name, NULL) : NULL);
Error: CLANG_WARNING: [#def140]
gnupg-2.4.5/g10/card-util.c:587:20: warning[core.NullDereference]: Array access (via field 'serialno') results in a null pointer dereference
# 585| else
# 586| tty_fprintf (fp, "Version ..........: %.1s%c.%.1s%c\n",
# 587|-> info.serialno[12] == '0'?"":info.serialno+12,
# 588| info.serialno[13],
# 589| info.serialno[14] == '0'?"":info.serialno+14,
Error: CLANG_WARNING: [#def141]
gnupg-2.4.5/g10/card-util.c:762:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 760| }
# 761|
# 762|-> err = agent_scd_cardlist (&card_list);
# 763|
# 764| for (sl = card_list; sl; sl = sl->next)
Error: CLANG_WARNING: [#def142]
gnupg-2.4.5/g10/card-util.c:789:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 787|
# 788| /* Select the original card again. */
# 789|-> err = agent_scd_serialno (NULL, serialno0);
# 790|
# 791| leave:
Error: CLANG_WARNING: [#def143]
gnupg-2.4.5/g10/card-util.c:1897:11: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1895| if (!ecdh_param_str)
# 1896| {
# 1897|-> err = gpg_error_from_syserror ();
# 1898| goto leave;
# 1899| }
Error: CLANG_WARNING: [#def144]
gnupg-2.4.5/g10/card-util.c:2083:5: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 2081| /* Then, connect the card again. */
# 2082| if (!err)
# 2083|-> err = agent_scd_serialno (NULL, NULL);
# 2084|
# 2085| leave:
Error: CLANG_WARNING: [#def145]
gnupg-2.4.5/g10/decrypt-data.c:848:26: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 846| if (DBG_FILTER)
# 847| log_debug ("aead_underflow: returning %zu (%s)\n",
# 848|-> totallen, gpg_strerror (err));
# 849|
# 850| /* In case of an auth error we map the error code to the same as
Error: CLANG_WARNING: [#def146]
gnupg-2.4.5/g10/decrypt-data.c:852:7: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 850| /* In case of an auth error we map the error code to the same as
# 851| * used by the MDC decryption. */
# 852|-> if (gpg_err_code (err) == GPG_ERR_CHECKSUM)
# 853| err = gpg_error (GPG_ERR_BAD_SIGNATURE);
# 854|
Error: CLANG_WARNING: [#def147]
gnupg-2.4.5/g10/encrypt.c:601:21: warning[core.NullDereference]: Access to field 'timestamp' results in a dereference of a null pointer (loaded from variable 'pt')
# 599| {
# 600| /* Note that PT has been initialized above in !no_literal mode. */
# 601|-> pt->timestamp = make_timestamp();
# 602| pt->mode = opt.mimemode? 'm' : opt.textmode? 't' : 'b';
# 603| pt->len = filesize;
Error: CLANG_WARNING: [#def148]
gnupg-2.4.5/g10/encrypt.c:945:21: warning[core.NullDereference]: Access to field 'timestamp' results in a dereference of a null pointer (loaded from variable 'pt')
# 943| if (!opt.no_literal)
# 944| {
# 945|-> pt->timestamp = make_timestamp();
# 946| pt->mode = opt.mimemode? 'm' : opt.textmode ? 't' : 'b';
# 947| pt->len = filesize;
Error: CLANG_WARNING: [#def149]
gnupg-2.4.5/g10/export.c:739:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 737|
# 738| case GCRY_PK_ECC:
# 739|-> err = 0;
# 740| if (!(pk->pubkey_algo == PUBKEY_ALGO_ECDSA
# 741| || pk->pubkey_algo == PUBKEY_ALGO_ECDH
Error: CLANG_WARNING: [#def150]
gnupg-2.4.5/g10/export.c:1356:31: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 1354| if (!gcry_mpi_get_flag (skey[npkey], GCRYMPI_FLAG_USER1))
# 1355| goto bad_seckey;
# 1356|-> if (npkey+1 < DIM (skey) && skey[npkey+1])
# 1357| goto bad_seckey;
# 1358|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def151]
gnupg-2.4.5/g10/export.c: scope_hint: In function ‘print_dane_records’
gnupg-2.4.5/g10/export.c:1754:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘domain’
gnupg-2.4.5/g10/main.h:25: included_from: Included from here.
gnupg-2.4.5/g10/options.h:27: included_from: Included from here.
gnupg-2.4.5/g10/export.c:30: included_from: Included from here.
gnupg-2.4.5/g10/export.c:2273:14: note: in expansion of macro ‘xcalloc’
# 1752|
# 1753| domain = strchr (mbox, '@');
# 1754|-> *domain++ = 0;
# 1755|
# 1756| if (1)
Error: CLANG_WARNING: [#def152]
gnupg-2.4.5/g10/export.c:2332:7: warning[core.uninitialized.Assign]: The expression is an uninitialized value. The computed value will also be garbage
# 2330| continue;
# 2331| }
# 2332|-> stats->count++;
# 2333| setup_main_keyids (keyblock); /* gpg_format_keydesc needs it. */
# 2334| pk = node->pkt->pkt.public_key;
Error: CLANG_WARNING: [#def153]
gnupg-2.4.5/g10/export.c:2887:15: warning[deadcode.DeadStores]: Value stored to 'latest_date' is never read
# 2885| if (DBG_LOOKUP)
# 2886| log_debug ("\tprimary key is fine\n");
# 2887|-> latest_date = pk->timestamp;
# 2888| latest_key = node;
# 2889| }
Error: GCC_ANALYZER_WARNING (CWE-476): [#def154]
gnupg-2.4.5/g10/getkey.c:30: included_from: Included from here.
gnupg-2.4.5/g10/getkey.c: scope_hint: In function ‘cache_public_key’
gnupg-2.4.5/g10/getkey.c:190:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘pk’
gnupg-2.4.5/g10/packet.h:72:25: note: in definition of macro ‘is_ELGAMAL’
gnupg-2.4.5/g10/getkey.c:29: included_from: Included from here.
gnupg-2.4.5/g10/getkey.c:387:12: note: in expansion of macro ‘xtrycalloc’
gnupg-2.4.5/g10/packet.h:72:25: note: in definition of macro ‘is_ELGAMAL’
gnupg-2.4.5/g10/packet.h:72:25: note: in definition of macro ‘is_ELGAMAL’
# 188| return;
# 189|
# 190|-> if (is_ELGAMAL (pk->pubkey_algo)
# 191| || pk->pubkey_algo == PUBKEY_ALGO_DSA
# 192| || pk->pubkey_algo == PUBKEY_ALGO_ECDSA
Error: GCC_ANALYZER_WARNING (CWE-476): [#def155]
gnupg-2.4.5/g10/gpg.h:37: included_from: Included from here.
gnupg-2.4.5/g10/keyedit.c:33: included_from: Included from here.
gnupg-2.4.5/g10/keyedit.c: scope_hint: In function ‘keyedit_quick_revsig’
gnupg-2.4.5/g10/keyedit.c:3006:23: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘keyblock’
# 3004| if (err)
# 3005| goto leave;
# 3006|-> log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
# 3007| || keyblock->pkt->pkttype == PKT_SECRET_KEY);
# 3008| primarypk = keyblock->pkt->pkt.public_key;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def156]
gnupg-2.4.5/g10/keyedit.c: scope_hint: In function ‘menu_expire’
gnupg-2.4.5/g10/keyedit.c:5088:46: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sub_pk’
gnupg-2.4.5/g10/keyedit.c: scope_hint: In function ‘menu_expire’
# 5086|
# 5087| if ((only_mainkey && main_pk->version < 4)
# 5088|-> || (!only_mainkey && sub_pk->version < 4))
# 5089| {
# 5090| log_info
Error: GCC_ANALYZER_WARNING (CWE-476): [#def157]
gnupg-2.4.5/g10/keyedit.c: scope_hint: In function ‘menu_changeusage’
gnupg-2.4.5/g10/keyedit.c:5192:41: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sub_pk’
# 5190|
# 5191| if ((mainkey && main_pk->version < 4)
# 5192|-> || (!mainkey && sub_pk->version < 4))
# 5193| {
# 5194| /* Note: This won't happen because we don't support
Error: GCC_ANALYZER_WARNING (CWE-476): [#def158]
gnupg-2.4.5/g10/keyid.c: scope_hint: In function ‘do_hash_public_key’
gnupg-2.4.5/g10/keyid.c:322:23: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘gcry_mpi_get_opaque(*pk.pkey[i], &nbits)’
# 320| if (is_sos)
# 321| {
# 322|-> if (*p)
# 323| {
# 324| nbits = ((nbits + 7) / 8) * 8;
Error: CLANG_WARNING: [#def159]
gnupg-2.4.5/g10/keyid.c:322:23: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'p')
# 320| if (is_sos)
# 321| {
# 322|-> if (*p)
# 323| {
# 324| nbits = ((nbits + 7) / 8) * 8;
Error: CLANG_WARNING: [#def160]
gnupg-2.4.5/g10/keyring.c:150:24: warning[core.UndefinedBinaryOperatorResult]: The left operand of '%' is a garbage value
# 148| struct key_present *k;
# 149|
# 150|-> for (k = tbl[(kid[1] % (KEY_PRESENT_HASH_BUCKETS - 1))]; k; k = k->next)
# 151| {
# 152| if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
Error: COMPILER_WARNING (CWE-704): [#def161]
gnupg-2.4.5/g10/keyserver-internal.h:34:24: warning[-Wlto-type-mismatch]: type of ‘parse_keyserver_uri’ does not match original declaration
# 34 | struct keyserver_spec *parse_keyserver_uri (const char *string,
# | ^
gnupg-2.4.5/g10/gpgv.c:636:1: note: type mismatch in parameter 3
# 636 | parse_keyserver_uri (const char *uri, int require_scheme,
# | ^
gnupg-2.4.5/g10/gpgv.c:636:1: note: ‘parse_keyserver_uri’ was previously declared here
# 32| void free_keyserver_spec(struct keyserver_spec *keyserver);
# 33| struct keyserver_spec *keyserver_match(struct keyserver_spec *spec);
# 34|-> struct keyserver_spec *parse_keyserver_uri (const char *string,
# 35| int require_scheme);
# 36| struct keyserver_spec *parse_preferred_keyserver(PKT_signature *sig);
Error: COMPILER_WARNING (CWE-704): [#def162]
gnupg-2.4.5/g10/keyserver-internal.h:45:5: warning[-Wlto-type-mismatch]: type of ‘keyserver_import_keyid’ does not match original declaration
# 45 | int keyserver_import_keyid (ctrl_t ctrl, u32 *keyid,
# | ^
gnupg-2.4.5/g10/gpgv.c:450:1: note: type mismatch in parameter 3
# 450 | keyserver_import_keyid (u32 *keyid, void *dummy, unsigned int flags)
# | ^
gnupg-2.4.5/g10/gpgv.c:450:1: note: ‘keyserver_import_keyid’ was previously declared here
# 43| int keyserver_import_fprint_ntds (ctrl_t ctrl,
# 44| const byte *fprint, size_t fprint_len);
# 45|-> int keyserver_import_keyid (ctrl_t ctrl, u32 *keyid,
# 46| struct keyserver_spec *keyserver,
# 47| unsigned int flags);
Error: COMPILER_WARNING (CWE-704): [#def163]
gnupg-2.4.5/g10/keyserver-internal.h:51:5: warning[-Wlto-type-mismatch]: type of ‘keyserver_import_cert’ does not match original declaration
# 51 | int keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
# | ^
gnupg-2.4.5/g10/gpgv.c:481:1: note: type mismatch in parameter 2
# 481 | keyserver_import_cert (const char *name)
# | ^
gnupg-2.4.5/g10/gpgv.c:481:1: note: ‘keyserver_import_cert’ was previously declared here
# 49| gpg_error_t keyserver_search (ctrl_t ctrl, strlist_t tokens);
# 50| int keyserver_fetch (ctrl_t ctrl, strlist_t urilist, int origin);
# 51|-> int keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode,
# 52| unsigned char **fpr,size_t *fpr_len);
# 53| gpg_error_t keyserver_import_wkd (ctrl_t ctrl, const char *name,
Error: COMPILER_WARNING (CWE-704): [#def164]
gnupg-2.4.5/g10/keyserver-internal.h:58:5: warning[-Wlto-type-mismatch]: type of ‘keyserver_import_mbox’ does not match original declaration
# 58 | int keyserver_import_mbox (ctrl_t ctrl, const char *mbox,
# | ^
gnupg-2.4.5/g10/gpgv.c:500:1: note: type mismatch in parameter 3
# 500 | keyserver_import_mbox (const char *name,struct keyserver_spec *spec)
# | ^
gnupg-2.4.5/g10/gpgv.c:500:1: note: ‘keyserver_import_mbox’ was previously declared here
# 56| int keyserver_import_ntds (ctrl_t ctrl, const char *name,
# 57| unsigned char **fpr,size_t *fpr_len);
# 58|-> int keyserver_import_mbox (ctrl_t ctrl, const char *mbox,
# 59| unsigned char **fpr,size_t *fpr_len,
# 60| struct keyserver_spec *keyserver);
Error: COMPILER_WARNING (CWE-704): [#def165]
gnupg-2.4.5/g10/keyserver-internal.h:61:5: warning[-Wlto-type-mismatch]: type of ‘keyserver_import_ldap’ does not match original declaration
# 61 | int keyserver_import_ldap (ctrl_t ctrl, const char *name,
# | ^
gnupg-2.4.5/g10/gpgv.c:519:1: note: type mismatch in parameter 2
# 519 | keyserver_import_ldap (const char *name)
# | ^
gnupg-2.4.5/g10/gpgv.c:519:1: note: ‘keyserver_import_ldap’ was previously declared here
# 59| unsigned char **fpr,size_t *fpr_len,
# 60| struct keyserver_spec *keyserver);
# 61|-> int keyserver_import_ldap (ctrl_t ctrl, const char *name,
# 62| unsigned char **fpr,size_t *fpr_len);
# 63|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def166]
gnupg-2.4.5/g10/keyserver.c: scope_hint: In function ‘keyserver_refresh’
gnupg-2.4.5/g10/keyserver.c:1212:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘desc’
gnupg-2.4.5/g10/keydb.h:26: included_from: Included from here.
gnupg-2.4.5/g10/keyserver.c:32: included_from: Included from here.
gnupg-2.4.5/g10/keyserver.c:1168:7: note: in expansion of macro ‘xfree’
# 1210| for(i=0;i<numdesc;i++)
# 1211| {
# 1212|-> if(desc[i].skipfncvalue)
# 1213| {
# 1214| struct keyserver_spec *keyserver=desc[i].skipfncvalue;
Error: CLANG_WARNING: [#def167]
gnupg-2.4.5/g10/mainproc.c:176:15: warning[deadcode.DeadStores]: Although the value stored to 'node' is used in the enclosing expression, the value is never actually read from 'node'
# 174| add_kbnode (c->list, new_kbnode (pkt));
# 175| else /* Insert the first one. */
# 176|-> c->list = node = new_kbnode (pkt);
# 177|
# 178| return 1;
Error: CLANG_WARNING: [#def168]
gnupg-2.4.5/g10/misc.c:1408:9: warning[deadcode.DeadStores]: Value stored to 'ver' during its initialization is never read
# 1406| compliance_failure(void)
# 1407| {
# 1408|-> char *ver="???";
# 1409|
# 1410| switch(opt.compliance)
Error: CLANG_WARNING: [#def169]
gnupg-2.4.5/g10/parse-packet.c:216:12: warning[deadcode.DeadStores]: Although the value stored to 'c1' is used in the enclosing expression, the value is never actually read from 'c1'
# 214| goto overflow;
# 215|
# 216|-> if ((c = c1 = iobuf_get (inp)) == -1)
# 217| goto leave;
# 218| if (++nread == nmax)
Error: CLANG_WARNING: [#def170]
gnupg-2.4.5/g10/parse-packet.c:221:12: warning[deadcode.DeadStores]: Although the value stored to 'c2' is used in the enclosing expression, the value is never actually read from 'c2'
# 219| goto overflow;
# 220| nbits = c << 8;
# 221|-> if ((c = c2 = iobuf_get (inp)) == -1)
# 222| goto leave;
# 223| ++nread;
Error: CLANG_WARNING: [#def171]
gnupg-2.4.5/g10/parse-packet.c:3008:5: warning[core.CallAndMessage]: 3rd function call argument is an uninitialized value
# 3006| /* Note that KEYID below has been initialized above in list_mode. */
# 3007| if (list_mode)
# 3008|-> es_fprintf (listfp, "\tkeyid: %08lX%08lX\n",
# 3009| (ulong) keyid[0], (ulong) keyid[1]);
# 3010|
Error: CLANG_WARNING: [#def172]
gnupg-2.4.5/g10/passphrase.c:396:34: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 394| if (!(dek->keylen > 0 && dek->keylen <= DIM(dek->key)))
# 395| BUG ();
# 396|-> err = gcry_kdf_derive (pw, strlen (pw),
# 397| s2k->mode == 3? GCRY_KDF_ITERSALTED_S2K :
# 398| s2k->mode == 1? GCRY_KDF_SALTED_S2K :
Error: COMPILER_WARNING (CWE-252): [#def173]
gnupg-2.4.5/g10/photoid.c: scope_hint: In function ‘run_with_pipe’
gnupg-2.4.5/g10/photoid.c:625:7: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 625 | write (to[1], image, len);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~
# 623| else
# 624| {
# 625|-> write (to[1], image, len);
# 626| close (to[1]);
# 627|
Error: COMPILER_WARNING (CWE-704): [#def174]
gnupg-2.4.5/g10/photoid.h:31:6: warning[-Wlto-type-mismatch]: type of ‘show_photos’ does not match original declaration
# 31 | void show_photos (ctrl_t ctrl, const struct user_attribute *attrs, int count,
# | ^
gnupg-2.4.5/g10/gpgv.c:654:1: note: type mismatch in parameter 2
# 654 | show_photos (const struct user_attribute *attrs, int count, PKT_public_key *pk)
# | ^
gnupg-2.4.5/g10/gpgv.c:654:1: note: ‘show_photos’ was previously declared here
# 29| int parse_image_header(const struct user_attribute *attr,byte *type,u32 *len);
# 30| const char *image_type_to_string(byte type,int style);
# 31|-> void show_photos (ctrl_t ctrl, const struct user_attribute *attrs, int count,
# 32| PKT_public_key *pk, PKT_user_id *uid);
# 33|
Error: CLANG_WARNING: [#def175]
gnupg-2.4.5/g10/pkclist.c:1231:23: warning[deadcode.DeadStores]: Although the value stored to 'rc' is used in the enclosing expression, the value is never actually read from 'rc'
# 1229| if (rc)
# 1230| tty_printf(_("No such user ID.\n"));
# 1231|-> else if ( !(rc=openpgp_pk_test_algo2 (pk->pubkey_algo,
# 1232| PUBKEY_USAGE_ENC)) )
# 1233| {
Error: CLANG_WARNING: [#def176]
gnupg-2.4.5/g10/sig-check.c:1052:51: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 1050| {
# 1051| log_assert (packet->pkttype == PKT_USER_ID);
# 1052|-> if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig
# 1053| && !opt.flags.allow_weak_key_signatures)
# 1054| {
Error: GCC_ANALYZER_WARNING (CWE-476): [#def177]
gnupg-2.4.5/g10/sign.c: scope_hint: In function ‘write_plaintext_packet’
gnupg-2.4.5/g10/sign.c:859:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘pt’
gnupg-2.4.5/g10/sign.c:28: included_from: Included from here.
gnupg-2.4.5/g10/sign.c:1718:8: note: in expansion of macro ‘DBG_HASHING’
# 857|
# 858| /* Note that PT has been initialized above in no_literal mode. */
# 859|-> pt->timestamp = make_timestamp ();
# 860| pt->mode = ptmode;
# 861| pt->len = filesize;
Error: CLANG_WARNING: [#def178]
gnupg-2.4.5/g10/sign.c:859:21: warning[core.NullDereference]: Access to field 'timestamp' results in a dereference of a null pointer (loaded from variable 'pt')
# 857|
# 858| /* Note that PT has been initialized above in no_literal mode. */
# 859|-> pt->timestamp = make_timestamp ();
# 860| pt->mode = ptmode;
# 861| pt->len = filesize;
Error: CLANG_WARNING: [#def179]
gnupg-2.4.5/g10/sign.c:986:11: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 984| }
# 985|
# 986|-> if (!err)
# 987| err = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0);
# 988| gcry_md_close (md);
Error: CLANG_WARNING: [#def180]
gnupg-2.4.5/g10/sign.c:1381:15: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 1379| mdb = gcry_md_read(mfx.md, opt.def_digest_algo);
# 1380| mdlen = gcry_md_get_algo_dlen(opt.def_digest_algo);
# 1381|-> if (strlen(fname) != mdlen * 2 + 11)
# 1382| log_bug("digests must be %zu + '@' + 5 bytes\n", mdlen);
# 1383| d = -1;
Error: CLANG_WARNING: [#def181]
gnupg-2.4.5/g10/skclist.c:416:23: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 414| if (!err)
# 415| {
# 416|-> err = agent_scd_keyinfo (NULL, GCRY_PK_USAGE_ENCR,
# 417| &c->card_keyinfo_list);
# 418| }
Error: CLANG_WARNING: [#def182]
gnupg-2.4.5/g10/t-stutter.c:171:7: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 169| p = tail + 1;
# 170|
# 171|-> if (strlen (p) % 2 != 0)
# 172| log_fatal ("Session key must consist of an even number of hexadecimal characters.\n");
# 173|
Error: CLANG_WARNING: [#def183]
gnupg-2.4.5/g10/tdbio.c:1675:48: warning[deadcode.DeadStores]: Value stored to 'p' is never read
# 1673| ulongtobuf(p, rec->r.ver.firstfree ); p += 4;
# 1674| p += 4;
# 1675|-> ulongtobuf(p, rec->r.ver.trusthashtbl ); p += 4;
# 1676| break;
# 1677|
Error: CLANG_WARNING: [#def184]
gnupg-2.4.5/g10/tdbio.c:1679:40: warning[deadcode.DeadStores]: Value stored to 'p' is never read
# 1677|
# 1678| case RECTYPE_FREE:
# 1679|-> ulongtobuf(p, rec->r.free.next); p += 4;
# 1680| break;
# 1681|
Error: CLANG_WARNING: [#def185]
gnupg-2.4.5/g10/tdbio.c:1703:47: warning[deadcode.DeadStores]: Value stored to 'p' is never read
# 1701| *p++ = rec->r.trust.min_ownertrust;
# 1702| *p++ = rec->r.trust.flags;
# 1703|-> ulongtobuf( p, rec->r.trust.validlist); p += 4;
# 1704| break;
# 1705|
Error: GCC_ANALYZER_WARNING (CWE-688): [#def186]
gnupg-2.4.5/g10/t-keydb.c:20: included_from: Included from here.
gnupg-2.4.5/g10/test.c: scope_hint: In function ‘prepend_srcdir’
gnupg-2.4.5/g10/test.c:163:3: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘result’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strcpy’ must be non-null
# 161|
# 162| result = malloc (strlen (srcdir) + strlen ("/g10/") + strlen (fname) + 1);
# 163|-> strcpy (result, srcdir);
# 164| strcat (result, "/g10/");
# 165| strcat (result, fname);
Error: CLANG_WARNING: [#def187]
gnupg-2.4.5/g10/tofu.c:1521:30: warning[core.NullDereference]: Access to field 'pkt' results in a dereference of a null pointer (loaded from variable 'a')
# 1519| if (DBG_TRUST)
# 1520| log_debug ("TOFU: %s is NOT signed by an ultimately trusted key.\n",
# 1521|-> pk_keyid_str (a->pkt->pkt.public_key));
# 1522|
# 1523| return 0;
Error: CLANG_WARNING: [#def188]
gnupg-2.4.5/g10/tofu.c:2082:7: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 2080| print_further_info ("listing fingerprints");
# 2081| sqlite3_free (sqerr);
# 2082|-> rc = gpg_error (GPG_ERR_GENERAL);
# 2083| return NULL;
# 2084| }
Error: CLANG_WARNING: [#def189]
gnupg-2.4.5/g10/tofu.c:2363:7: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 2361| print_further_info ("reading the policy");
# 2362| sqlite3_free (err);
# 2363|-> rc = gpg_error (GPG_ERR_GENERAL);
# 2364| goto out;
# 2365| }
Error: CLANG_WARNING: [#def190]
gnupg-2.4.5/g10/tofu.c:2463:3: warning[deadcode.DeadStores]: Value stored to 'effective_policy' is never read
# 2461|
# 2462| /* Unless proven wrong, assume the effective policy is 'auto'. */
# 2463|-> effective_policy = TOFU_POLICY_AUTO;
# 2464|
# 2465| /* See if the key is ultimately trusted. */
Error: GCC_ANALYZER_WARNING (CWE-476): [#def191]
gnupg-2.4.5/g10/tofu.c: scope_hint: In function ‘get_policy’
gnupg-2.4.5/g10/tofu.c:2535:23: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
gnupg-2.4.5/g10/gpg.h:37: included_from: Included from here.
gnupg-2.4.5/g10/tofu.c:33: included_from: Included from here.
# 2533|
# 2534| if (conflict_set_count == 1
# 2535|-> && (conflict_set->flags & BINDING_NEW))
# 2536| {
# 2537| /* We've never observed a binding with this email address and we
Error: GCC_ANALYZER_WARNING (CWE-476): [#def192]
gnupg-2.4.5/g10/main.h:25: included_from: Included from here.
gnupg-2.4.5/g10/options.h:27: included_from: Included from here.
gnupg-2.4.5/g10/tofu.c:37: included_from: Included from here.
gnupg-2.4.5/g10/tofu.c:2586:35: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
gnupg-2.4.5/common/util.h:117:41: note: in definition of macro ‘xstrdup’
gnupg-2.4.5/common/util.h:117:41: note: in definition of macro ‘xstrdup’
gnupg-2.4.5/common/util.h:117:41: note: in definition of macro ‘xstrdup’
# 2584| log_assert (conflict_set_count > 1);
# 2585| effective_policy = TOFU_POLICY_ASK;
# 2586|-> conflict = xstrdup (conflict_set->next->d);
# 2587|
# 2588| out:
Error: CLANG_WARNING: [#def193]
gnupg-2.4.5/g10/tofu.c:2840:11: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 2838| sqlite3_free (sqerr);
# 2839| sqerr = NULL;
# 2840|-> rc = gpg_error (GPG_ERR_GENERAL);
# 2841| }
# 2842| else if (DBG_TRUST)
Error: CLANG_WARNING: [#def194]
gnupg-2.4.5/g10/tofu.c:3030:7: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 3028| print_further_info ("getting signature statistics");
# 3029| sqlite3_free (err);
# 3030|-> rc = gpg_error (GPG_ERR_GENERAL);
# 3031| goto out;
# 3032| }
Error: CLANG_WARNING: [#def195]
gnupg-2.4.5/g10/tofu.c:3047:7: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 3045| print_further_info ("getting signature statistics (by day)");
# 3046| sqlite3_free (err);
# 3047|-> rc = gpg_error (GPG_ERR_GENERAL);
# 3048| goto out;
# 3049| }
Error: CLANG_WARNING: [#def196]
gnupg-2.4.5/g10/tofu.c:3084:7: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 3082| print_further_info ("getting encryption statistics");
# 3083| sqlite3_free (err);
# 3084|-> rc = gpg_error (GPG_ERR_GENERAL);
# 3085| goto out;
# 3086| }
Error: CLANG_WARNING: [#def197]
gnupg-2.4.5/g10/tofu.c:3101:7: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 3099| print_further_info ("getting encryption statistics (by day)");
# 3100| sqlite3_free (err);
# 3101|-> rc = gpg_error (GPG_ERR_GENERAL);
# 3102| goto out;
# 3103| }
Error: CLANG_WARNING: [#def198]
gnupg-2.4.5/g10/tofu.c:3521:10: warning[core.NullDereference]: Access to field 'pkt' results in a dereference of a null pointer (loaded from variable 'kb')
# 3519| /* Make sure PK is a primary key. */
# 3520| if (! pk_is_primary (pk))
# 3521|-> pk = kb->pkt->pkt.public_key;
# 3522|
# 3523| if (! user_id_list)
Error: GCC_ANALYZER_WARNING (CWE-465): [#def199]
gnupg-2.4.5/g10/tofu.c: scope_hint: In function ‘tofu_set_policy’
gnupg-2.4.5/g10/tofu.c:3925:10: warning[-Wanalyzer-deref-before-check]: check of ‘kb’ for NULL after already dereferencing it
gnupg-2.4.5/g10/tofu.c:3913:7: note: in expansion of macro ‘DBG_TRUST’
# 3923| begin_transaction (ctrl, 0);
# 3924|
# 3925|-> for (; kb; kb = kb->next)
# 3926| {
# 3927| PKT_user_id *user_id;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def200]
gnupg-2.4.5/g10/trust.c: scope_hint: In function ‘register_trusted_key’
gnupg-2.4.5/g10/trust.c:71:30: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
gnupg-2.4.5/g10/keydb.h:26: included_from: Included from here.
gnupg-2.4.5/g10/trust.c:28: included_from: Included from here.
gnupg-2.4.5/g10/trust.c:68:13: note: in expansion of macro ‘xtrystrdup’
# 69| if (buf)
# 70| {
# 71|-> *strchr (buf, '#') = 0;
# 72| tdb_register_trusted_key (buf);
# 73| xfree (buf);
Error: GCC_ANALYZER_WARNING (CWE-457): [#def201]
gnupg-2.4.5/g13/g13tuple.c: scope_hint: In function ‘find_tuple_uint’
gnupg-2.4.5/g13/g13tuple.c:240:10: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘n’
# 238|
# 239| s = find_tuple (tupledesc, tag, &n);
# 240|-> return convert_uint (s, n, r_value);
# 241| }
# 242|
Error: CLANG_WARNING: [#def202]
gnupg-2.4.5/g13/mount.c:99:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 97| }
# 98|
# 99|-> err = 0;
# 100| if (needs_syshelp)
# 101| lock = NULL;
Error: CLANG_WARNING: [#def203]
gnupg-2.4.5/g13/runner.c:208:18: warning[deadcode.DeadStores]: Although the value stored to 'namebuffer' is used in the enclosing expression, the value is never actually read from 'namebuffer'
# 206|
# 207| runner->identifier = namecounter;
# 208|-> runner->name = namebuffer = xtryasprintf ("%s-%d", name, namecounter);
# 209| if (!runner->name)
# 210| {
Error: CLANG_WARNING: [#def204]
gnupg-2.4.5/g13/sh-cmd.c:399:3: warning[deadcode.DeadStores]: Value stored to 'line' is never read
# 397| size_t enckeybloblen;
# 398|
# 399|-> line = skip_options (line);
# 400|
# 401| if (!ctrl->server_local->devicename
Error: CLANG_WARNING: [#def205]
gnupg-2.4.5/g13/sh-cmd.c:416:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 414| goto leave;
# 415| }
# 416|-> err = 0;
# 417|
# 418| err = g13_keyblob_read (ctrl->server_local->devicename,
Error: CLANG_WARNING: [#def206]
gnupg-2.4.5/g13/sh-cmd.c:474:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 472| goto leave;
# 473| }
# 474|-> err = 0;
# 475|
# 476| /* We expect that the client already decrypted the keyblob.
Error: CLANG_WARNING: [#def207]
gnupg-2.4.5/g13/sh-cmd.c:576:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 574| goto leave;
# 575| }
# 576|-> err = 0;
# 577|
# 578| err = sh_dmcrypt_suspend_container (ctrl, ctrl->server_local->devicename);
Error: CLANG_WARNING: [#def208]
gnupg-2.4.5/g13/sh-cmd.c:622:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 620| goto leave;
# 621| }
# 622|-> err = 0;
# 623|
# 624| /* We expect that the client already decrypted the keyblob.
Error: CLANG_WARNING: [#def209]
gnupg-2.4.5/kbx/backend-sqlite.c:649:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 647| log_error ("error reading database version: %s\n",
# 648| gpg_strerror (err));
# 649|-> err = 0;
# 650| dbversion = 0;
# 651| }
Error: CLANG_WARNING: [#def210]
gnupg-2.4.5/kbx/backend-sqlite.c:681:9: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 679| err = set_config_value ("dbversion", STR2(DATABASE_VERSION));
# 680| if (!err)
# 681|-> err = set_config_value ("created", isotimestamp (gnupg_get_time ()));
# 682| }
# 683|
Error: CLANG_WARNING: [#def211]
gnupg-2.4.5/kbx/backend-sqlite.c:1724:13: warning[core.CallAndMessage]: 6th function call argument is an uninitialized value
# 1722|
# 1723| kinfo = &info.primary;
# 1724|-> err = store_into_fingerprint (ubid, 0, kinfo->grip,
# 1725| kinfo->keyid,
# 1726| kinfo->fpr, kinfo->fprlen);
Error: CLANG_WARNING: [#def212]
gnupg-2.4.5/kbx/kbx-client-util.c:198:11: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 196| if (nread != 4)
# 197| {
# 198|-> err = gpg_error (GPG_ERR_EIO);
# 199| log_error ("error reading data length from keyboxd: %s\n",
# 200| "short read");
Error: CLANG_WARNING: [#def213]
gnupg-2.4.5/kbx/kbxserver.c:863:10: warning[deadcode.DeadStores]: Although the value stored to 'j' is used in the enclosing expression, the value is never actually read from 'j'
# 861| int i, j, rc;
# 862|
# 863|-> for (i=j=0; table[i].name; i++)
# 864| {
# 865| rc = assuan_register_command (ctx, table[i].name, table[i].handler,
Error: CLANG_WARNING: [#def214]
gnupg-2.4.5/kbx/keybox-openpgp.c:582:22: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'utail')
# 580| u->off = data - image_start;
# 581| u->len = datalen;
# 582|-> *utail = u;
# 583| utail = &u->next;
# 584| }
Error: CLANG_WARNING: [#def215]
gnupg-2.4.5/kbx/keybox-openpgp.c:639:26: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'ktail')
# 637| else
# 638| {
# 639|-> *ktail = k;
# 640| ktail = &k->next;
# 641| }
Error: CLANG_WARNING: [#def216]
gnupg-2.4.5/scd/app-openpgp.c:3154:13: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 3152|
# 3153| if (!rc)
# 3154|-> rc = iso7816_put_data (app_get_slot (app), 0, 0xD3, NULL, 0);
# 3155|
# 3156| wipe_and_free (buffer1, bufferlen1);
Error: CLANG_WARNING: [#def217]
gnupg-2.4.5/scd/app-openpgp.c:3606:57: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 3604| rc = iso7816_change_reference_data (app_get_slot (app),
# 3605| 0x81, NULL, 0,
# 3606|-> pinvalue, strlen (pinvalue));
# 3607| if (!rc)
# 3608| rc = iso7816_change_reference_data (app_get_slot (app),
Error: CLANG_WARNING: [#def218]
gnupg-2.4.5/scd/app-openpgp.c:3616:57: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 3614| rc = iso7816_change_reference_data (app_get_slot (app),
# 3615| 0x80 + chvno, NULL, 0,
# 3616|-> pinvalue, strlen (pinvalue));
# 3617| }
# 3618| }
Error: CLANG_WARNING: [#def219]
gnupg-2.4.5/scd/app-openpgp.c:4305:12: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
# 4303|
# 4304| last_depth1 = depth;
# 4305|-> while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
# 4306| && depth && depth >= last_depth1)
# 4307| {
Error: CLANG_WARNING: [#def220]
gnupg-2.4.5/scd/app-openpgp.c:4354:12: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
# 4352| /* Parse other attributes. */
# 4353| last_depth1 = depth;
# 4354|-> while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
# 4355| && depth && depth >= last_depth1)
# 4356| {
Error: CLANG_WARNING: [#def221]
gnupg-2.4.5/scd/app-openpgp.c:4623:12: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
# 4621| curve = "Ed448" */
# 4622| last_depth1 = depth;
# 4623|-> while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
# 4624| && depth && depth >= last_depth1)
# 4625| {
Error: CLANG_WARNING: [#def222]
gnupg-2.4.5/scd/app-openpgp.c:4699:12: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
# 4697| /* Parse other attributes. */
# 4698| last_depth1 = depth;
# 4699|-> while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
# 4700| && depth && depth >= last_depth1)
# 4701| {
Error: CLANG_WARNING: [#def223]
gnupg-2.4.5/scd/app-piv.c:1466:8: warning[deadcode.DeadStores]: Although the value stored to 'keyref' is used in the enclosing expression, the value is never actually read from 'keyref'
# 1464|
# 1465| dobj = find_dobj_by_keyref (app, keyrefstr);
# 1466|-> if ((keyref = keyref_from_dobj (dobj)) == -1)
# 1467| {
# 1468| err = gpg_error (GPG_ERR_INV_ID);
Error: CLANG_WARNING: [#def224]
gnupg-2.4.5/scd/app-piv.c:2695:12: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
# 2693|
# 2694| last_depth1 = depth;
# 2695|-> while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
# 2696| && depth && depth >= last_depth1)
# 2697| {
Error: CLANG_WARNING: [#def225]
gnupg-2.4.5/scd/app-piv.c:2854:12: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
# 2852|
# 2853| last_depth1 = depth;
# 2854|-> while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))
# 2855| && depth && depth >= last_depth1)
# 2856| {
Error: CLANG_WARNING: [#def226]
gnupg-2.4.5/scd/app.c:1300:11: warning[core.NullDereference]: Access to field 'next' results in a dereference of a null pointer (loaded from field 'app')
# 1298|
# 1299| /* Select the first app again. */
# 1300|-> if (c->app->next)
# 1301| run_reselect (ctrl, c, c->app, a_prev);
# 1302|
Error: CLANG_WARNING: [#def227]
gnupg-2.4.5/scd/app.c:1316:7: warning[deadcode.DeadStores]: Value stored to 'locked' is never read
# 1314| {
# 1315| unlock_card (c);
# 1316|-> locked = 0;
# 1317| }
# 1318| return c;
Error: CLANG_WARNING: [#def228]
gnupg-2.4.5/scd/app.c:1436:11: warning[deadcode.DeadStores]: Value stored to 'sn' is never read
# 1434| sn /= 10;
# 1435| buf[10] |= (sn % 10) << 4;
# 1436|-> sn /= 10;
# 1437| buf[14] = 0; /* Last two bytes are RFU. */
# 1438| buf[15] = 0;
Error: CLANG_WARNING: [#def229]
gnupg-2.4.5/scd/app.c:1666:32: warning[core.NullDereference]: Access to field 'cardtype' results in a dereference of a null pointer (loaded from field 'card')
# 1664| if (app && app->card && app->card->maybe_check_aid)
# 1665| app->card->maybe_check_aid = 0;
# 1666|-> else if (!opt.pcsc_shared || app->card->cardtype != CARDTYPE_YUBIKEY)
# 1667| return 0;
# 1668|
Error: CLANG_WARNING: [#def230]
gnupg-2.4.5/scd/app.c:1715:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1713| log_error ("slot %d, app %s: forced re-select failed: %s - ignored\n",
# 1714| card->slot, xstrapptype (card->app), gpg_strerror (err));
# 1715|-> err = 0;
# 1716| }
# 1717|
Error: CLANG_WARNING: [#def231]
gnupg-2.4.5/scd/command.c:1802:7: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 1800| if (rc && has_option (line, "--wait"))
# 1801| {
# 1802|-> rc = 0;
# 1803| gnupg_sleep (1); /* Better implement an event mechanism. However,
# 1804| for card operations this should be
Error: CLANG_WARNING: [#def232]
gnupg-2.4.5/scd/command.c:2385:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 2383| return err;
# 2384|
# 2385|-> err = 0;
# 2386|
# 2387| card = card_get (ctrl, NULL);
Error: CLANG_WARNING: [#def233]
gnupg-2.4.5/scd/command.c:2727:41: warning[deadcode.DeadStores]: Although the value stored to 'ctx' is used in the enclosing expression, the value is never actually read from 'ctx'
# 2725| }
# 2726|
# 2727|-> if (!ctrl || !ctrl->server_local || !(ctx=ctrl->server_local->assuan_ctx))
# 2728| return;
# 2729| if (pin && !pinlen)
Error: COMPILER_WARNING (CWE-252): [#def234]
gnupg-2.4.5/scd/scdaemon.c: scope_hint: In function ‘scd_kick_the_loop’
gnupg-2.4.5/scd/scdaemon.c:1255:3: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 1255 | write (notify_fd, "", 1);
# | ^~~~~~~~~~~~~~~~~~~~~~~~
# 1253| w32_strerror (-1));
# 1254| #elif defined(HAVE_PSELECT_NO_EINTR)
# 1255|-> write (notify_fd, "", 1);
# 1256| #else
# 1257| int ret = kill (main_thread_pid, SIGCONT);
Error: COMPILER_WARNING (CWE-252): [#def235]
gnupg-2.4.5/scd/scdaemon.c: scope_hint: In function ‘handle_connections’
gnupg-2.4.5/scd/scdaemon.c:1415:11: warning[-Wunused-result]: ignoring return value of ‘read’ declared with attribute ‘warn_unused_result’
# 1415 | read (pipe_fd[0], buf, sizeof buf);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1413| char buf[256];
# 1414|
# 1415|-> read (pipe_fd[0], buf, sizeof buf);
# 1416| }
# 1417| #endif
Error: GCC_ANALYZER_WARNING (CWE-121): [#def236]
gnupg-2.4.5/sm/call-agent.c: scope_hint: In function ‘gpgsm_scd_pksign’
gnupg-2.4.5/sm/call-agent.c:403:5: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
gnupg-2.4.5/sm/gpgsm.h:32: included_from: Included from here.
gnupg-2.4.5/sm/call-agent.c:32: included_from: Included from here.
gnupg-2.4.5/sm/call-agent.c:385:3: note: in expansion of macro ‘snprintf’
gnupg-2.4.5/sm/call-agent.c:403:5: note: write of 12 bytes to beyond the end of ‘line’
gnupg-2.4.5/sm/call-agent.c:403:5: note: valid subscripts for ‘line’ are ‘[0]’ to ‘[1001]’
# 401| p = stpcpy (line, "SCD SETDATA " );
# 402| for (i=0; i < digestlen ; i++, p += 2 )
# 403|-> sprintf (p, "%02X", digest[i]);
# 404| rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
# 405| if (rc)
Error: CLANG_WARNING: [#def237]
gnupg-2.4.5/sm/certchain.c:1712:15: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 1710| {
# 1711| any_no_policy_match = 1;
# 1712|-> rc = 1; /* Be on the safe side and set RC. */
# 1713| }
# 1714| else if (rc)
Error: CLANG_WARNING: [#def238]
gnupg-2.4.5/sm/certchain.c:2225:32: warning[deadcode.DeadStores]: Although the value stored to 'flags' is used in the enclosing expression, the value is never actually read from 'flags'
# 2223| rc = do_validate_chain (ctrl, cert, checktime,
# 2224| r_exptime, listmode, listfp,
# 2225|-> (flags |= VALIDATE_FLAG_CHAIN_MODEL),
# 2226| &rootca_flags);
# 2227| *retflags |= VALIDATE_FLAG_CHAIN_MODEL;
Error: GCC_ANALYZER_WARNING (CWE-457): [#def239]
gnupg-2.4.5/sm/certcheck.c: scope_hint: In function ‘gpgsm_check_cms_signature’
gnupg-2.4.5/sm/certcheck.c:693:12: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘frame’
gnupg-2.4.5/sm/certcheck.c:31: included_from: Included from here.
gnupg-2.4.5/sm/certcheck.c:652:7: note: in expansion of macro ‘DBG_CRYPTO’
gnupg-2.4.5/sm/gpgsm.h:32: included_from: Included from here.
gnupg-2.4.5/sm/certcheck.c:164:15: note: in expansion of macro ‘xtrymalloc’
gnupg-2.4.5/sm/gpgsm.h:28: included_from: Included from here.
/usr/include/gpg-error.h: scope_hint: In function ‘gpgsm_check_cms_signature’
/usr/include/gpg-error.h: scope_hint: In function ‘gpgsm_check_cms_signature’
gnupg-2.4.5/sm/certcheck.c: scope_hint: In function ‘gpgsm_check_cms_signature’
# 691| }
# 692| /* put hash into the S-Exp s_hash */
# 693|-> if ( gcry_sexp_build (&s_hash, NULL, "%m", frame) )
# 694| BUG ();
# 695| gcry_mpi_release (frame);
Error: CLANG_WARNING: [#def240]
gnupg-2.4.5/sm/certreqgen.c:1059:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1057| if (!hexbuf)
# 1058| {
# 1059|-> err = gpg_error_from_syserror ();
# 1060| goto leave;
# 1061| }
Error: CLANG_WARNING: [#def241]
gnupg-2.4.5/sm/certreqgen.c:1071:17: warning[deadcode.DeadStores]: Although the value stored to 'p' is used in the enclosing expression, the value is never actually read from 'p'
# 1069| /* Now build the S-expression. */
# 1070| snprintf (numbuf, DIM(numbuf), "%u:", (unsigned int)len);
# 1071|-> buf = p = xtrymalloc (1 + strlen (numbuf) + len + 1 + 1);
# 1072| if (!buf)
# 1073| {
Error: CLANG_WARNING: [#def242]
gnupg-2.4.5/sm/certreqgen.c:1074:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1072| if (!buf)
# 1073| {
# 1074|-> err = gpg_error_from_syserror ();
# 1075| xfree (hexbuf);
# 1076| goto leave;
Error: CLANG_WARNING: [#def243]
gnupg-2.4.5/sm/certreqgen.c:1206:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1204| if (!hexbuf)
# 1205| {
# 1206|-> err = gpg_error_from_syserror ();
# 1207| goto leave;
# 1208| }
Error: CLANG_WARNING: [#def244]
gnupg-2.4.5/sm/certreqgen.c:1214:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1212| if (len > 125)
# 1213| {
# 1214|-> err = gpg_error (GPG_ERR_TOO_LARGE);
# 1215| xfree (hexbuf);
# 1216| goto leave;
Error: CLANG_WARNING: [#def245]
gnupg-2.4.5/sm/certreqgen.c:1256:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1254| if (qlen > 125)
# 1255| {
# 1256|-> err = gpg_error (GPG_ERR_TOO_LARGE);
# 1257| goto leave;
# 1258| }
Error: CLANG_WARNING: [#def246]
gnupg-2.4.5/sm/certreqgen.c:1263:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1261| if (!der)
# 1262| {
# 1263|-> err = gpg_error_from_syserror ();
# 1264| goto leave;
# 1265| }
Error: CLANG_WARNING: [#def247]
gnupg-2.4.5/sm/certreqgen.c:1294:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1292| if (!hexbuf)
# 1293| {
# 1294|-> err = gpg_error_from_syserror ();
# 1295| goto leave;
# 1296| }
Error: CLANG_WARNING: [#def248]
gnupg-2.4.5/sm/certreqgen.c:1302:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1300| if (len > 127)
# 1301| {
# 1302|-> err = gpg_error (GPG_ERR_TOO_LARGE);
# 1303| xfree (hexbuf);
# 1304| goto leave;
Error: CLANG_WARNING: [#def249]
gnupg-2.4.5/sm/certreqgen.c:1343:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1341| if (qlen > 127)
# 1342| {
# 1343|-> err = gpg_error (GPG_ERR_TOO_LARGE);
# 1344| goto leave;
# 1345| }
Error: CLANG_WARNING: [#def250]
gnupg-2.4.5/sm/certreqgen.c:1350:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1348| if (!der)
# 1349| {
# 1350|-> err = gpg_error_from_syserror ();
# 1351| goto leave;
# 1352| }
Error: CLANG_WARNING: [#def251]
gnupg-2.4.5/sm/certreqgen.c:1376:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1374| if (!s)
# 1375| {
# 1376|-> err = gpg_error (GPG_ERR_INTERNAL);
# 1377| goto leave;
# 1378| }
Error: CLANG_WARNING: [#def252]
gnupg-2.4.5/sm/certreqgen.c:1383:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1381| if (!oidstr)
# 1382| {
# 1383|-> err = gpg_error_from_syserror ();
# 1384| goto leave;
# 1385| }
Error: CLANG_WARNING: [#def253]
gnupg-2.4.5/sm/certreqgen.c:1394:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1392| if (!*s)
# 1393| {
# 1394|-> err = gpg_error (GPG_ERR_INTERNAL);
# 1395| xfree (oidstr);
# 1396| goto leave;
Error: CLANG_WARNING: [#def254]
gnupg-2.4.5/sm/certreqgen.c:1412:15: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1410| if (!hexbuf)
# 1411| {
# 1412|-> err = gpg_error_from_syserror ();
# 1413| xfree (oidstr);
# 1414| goto leave;
Error: CLANG_WARNING: [#def255]
gnupg-2.4.5/sm/certreqgen.c:1418:11: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1416| for (p=hexbuf, len=0; p[0] && p[1]; p += 2)
# 1417| ((unsigned char*)hexbuf)[len++] = xtoi_2 (p);
# 1418|-> err = ksba_certreq_add_extension (cr, oidstr, crit,
# 1419| hexbuf, len);
# 1420| xfree (oidstr);
Error: CLANG_WARNING: [#def256]
gnupg-2.4.5/sm/certreqgen.c:1428:7: warning[deadcode.DeadStores]: Value stored to 'sigkeypkalgo' is never read
# 1426| sigkey = public;
# 1427| sigkeylen = publiclen;
# 1428|-> sigkeypkalgo = publicpkalgo;
# 1429| }
# 1430|
Error: GCC_ANALYZER_WARNING (CWE-457): [#def257]
gnupg-2.4.5/sm/decrypt.c: scope_hint: In function ‘gpgsm_decrypt’
gnupg-2.4.5/sm/decrypt.c:1368:24: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘nbits’
gnupg-2.4.5/sm/gpgsm.h:28: included_from: Included from here.
gnupg-2.4.5/sm/decrypt.c:31: included_from: Included from here.
# 1366| log_info ("recp %d - KEKRI or PWRI\n", recp);
# 1367|
# 1368|-> rc = prepare_decryption (ctrl, hexkeygrip, pk_algo, nbits,
# 1369| desc, enc_val, &dfparm);
# 1370| xfree (enc_val);
Error: CLANG_WARNING: [#def258]
gnupg-2.4.5/sm/decrypt.c:1368:24: warning[core.CallAndMessage]: 4th function call argument is an uninitialized value
# 1366| log_info ("recp %d - KEKRI or PWRI\n", recp);
# 1367|
# 1368|-> rc = prepare_decryption (ctrl, hexkeygrip, pk_algo, nbits,
# 1369| desc, enc_val, &dfparm);
# 1370| xfree (enc_val);
Error: CLANG_WARNING: [#def259]
gnupg-2.4.5/sm/encrypt.c:822:3: warning[deadcode.DeadStores]: Value stored to 'recpno' is never read
# 820|
# 821| /* Main control loop for encryption. */
# 822|-> recpno = 0;
# 823| do
# 824| {
Error: CLANG_WARNING: [#def260]
gnupg-2.4.5/sm/export.c:186:15: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 184| log_error ("key '%s' not found: %s\n",
# 185| sl->d, gpg_strerror (rc));
# 186|-> rc = 0;
# 187| }
# 188| else
Error: GCC_ANALYZER_WARNING (CWE-457): [#def261]
gnupg-2.4.5/sm/export.c: scope_hint: In function ‘export_p12’
gnupg-2.4.5/sm/export.c:770:20: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘resultlen’
# 768| {
# 769| *r_result = result;
# 770|-> *r_resultlen = resultlen;
# 771| }
# 772| return err;
Error: CLANG_WARNING: [#def262]
gnupg-2.4.5/sm/keydb.c:1015:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1013| }
# 1014|
# 1015|-> err = GPG_ERR_BUG;
# 1016| switch (hd->active[hd->found].type)
# 1017| {
Error: CLANG_WARNING: [#def263]
gnupg-2.4.5/sm/keydb.c:1062:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1060| }
# 1061|
# 1062|-> err = gpg_error (GPG_ERR_BUG);
# 1063| switch (hd->active[hd->found].type)
# 1064| {
Error: CLANG_WARNING: [#def264]
gnupg-2.4.5/sm/keydb.c:1234:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1232| gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); /* kludge*/
# 1233|
# 1234|-> err = gpg_error (GPG_ERR_BUG);
# 1235| switch (hd->active[idx].type)
# 1236| {
Error: CLANG_WARNING: [#def265]
gnupg-2.4.5/sm/keydb.c:1357:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1355| }
# 1356|
# 1357|-> err = gpg_error (GPG_ERR_BUG);
# 1358| switch (hd->active[hd->found].type)
# 1359| {
Error: CLANG_WARNING: [#def266]
gnupg-2.4.5/sm/keylist.c:1171:17: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
# 1169|
# 1170|
# 1171|-> for (idx=0; !(err=ksba_cert_get_extension (cert, idx,
# 1172| &oid, &i, &off, &len));idx++)
# 1173| {
Error: CLANG_WARNING: [#def267]
gnupg-2.4.5/sm/keylist.c:1372:17: warning[deadcode.DeadStores]: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
# 1370|
# 1371| /* Print restrictions. */
# 1372|-> for (idx=0; !(err=ksba_cert_get_extension (cert, idx,
# 1373| &oid, NULL, &off, &len));idx++)
# 1374| {
Error: CLANG_WARNING: [#def268]
gnupg-2.4.5/sm/keylist.c:1589:15: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 1587| log_error ("key '%s' not found: %s\n",
# 1588| sl->d, gpg_strerror (rc));
# 1589|-> rc = 0;
# 1590| }
# 1591| else
Error: CLANG_WARNING: [#def269]
gnupg-2.4.5/sm/keylist.c:1680:15: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 1678| else if ( gpg_err_code (rc) != GPG_ERR_NO_SECKEY)
# 1679| goto leave;
# 1680|-> rc = 0;
# 1681| xfree (p);
# 1682| }
Error: CLANG_WARNING: [#def270]
gnupg-2.4.5/sm/minip12.c:323:11: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 321|
# 322| cur_keylen = 0;
# 323|-> pwlen = strlen (pw);
# 324| if (pwlen > 63/2)
# 325| {
Error: CLANG_WARNING: [#def271]
gnupg-2.4.5/sm/minip12.c:2047:3: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 2045| else if (err && gpg_err_code (err) != GPG_ERR_EOF)
# 2046| goto bailout;
# 2047|-> err = 0;
# 2048|
# 2049| tlv_parser_release (tlv);
Error: CLANG_WARNING: [#def272]
gnupg-2.4.5/sm/misc.c:218:32: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 216| }
# 217| }
# 218|-> else if (toklen == 5 && !memcmp (tok, "curve", 5))
# 219| {
# 220| if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)))
Error: GCC_ANALYZER_WARNING (CWE-775): [#def273]
gnupg-2.4.5/sm/t-minip12.c: scope_hint: In function ‘one_file’
gnupg-2.4.5/sm/t-minip12.c:399:6: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(name, "rb")’
# 397| }
# 398|
# 399|-> if (fstat (fileno(fp), &st))
# 400| {
# 401| fprintf (stderr, PGM": can't stat '%s': %s\n", name, strerror (errno));
Error: GCC_ANALYZER_WARNING (CWE-401): [#def274]
gnupg-2.4.5/sm/t-minip12.c:399:6: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(name, "rb")’
# 397| }
# 398|
# 399|-> if (fstat (fileno(fp), &st))
# 400| {
# 401| fprintf (stderr, PGM": can't stat '%s': %s\n", name, strerror (errno));
Error: GCC_ANALYZER_WARNING (CWE-775): [#def275]
gnupg-2.4.5/sm/t-minip12.c:405:14: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(name, "rb")’
# 403| }
# 404|
# 405|-> buflen = st.st_size;
# 406| buf = xmalloc (buflen+1);
# 407| if (fread (buf, buflen, 1, fp) != 1)
Error: GCC_ANALYZER_WARNING (CWE-401): [#def276]
gnupg-2.4.5/sm/t-minip12.c:405:14: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(name, "rb")’
# 403| }
# 404|
# 405|-> buflen = st.st_size;
# 406| buf = xmalloc (buflen+1);
# 407| if (fread (buf, buflen, 1, fp) != 1)
Error: CLANG_WARNING: [#def277]
gnupg-2.4.5/sm/t-minip12.c:623:12: warning[deadcode.DeadStores]: Although the value stored to 'ntests' is used in the enclosing expression, the value is never actually read from 'ntests'
# 621| die ("error opening '%s': %s\n", descfname, strerror (errno));
# 622|
# 623|-> lineno = ntests = 0;
# 624| while ((line = read_textline (fp, &lineno)))
# 625| {
Error: CLANG_WARNING: [#def278]
gnupg-2.4.5/sm/verify.c:321:11: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 319| {
# 320| log_info ("certs-only message accepted\n");
# 321|-> rc = 0;
# 322| break;
# 323| }
Error: CLANG_WARNING: [#def279]
gnupg-2.4.5/sm/verify.c:327:13: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 325| {
# 326| if (signer && rc == -1)
# 327|-> rc = 0;
# 328| break;
# 329| }
Error: CLANG_WARNING: [#def280]
gnupg-2.4.5/sm/verify.c:377:11: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 375| {
# 376| log_assert (!msgdigest);
# 377|-> rc = 0;
# 378| algoid = NULL;
# 379| algo = 0;
Error: CLANG_WARNING: [#def281]
gnupg-2.4.5/sm/verify.c:417:7: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 415| goto next_signer;
# 416| }
# 417|-> rc = 0;
# 418|
# 419|
Error: CLANG_WARNING: [#def282]
gnupg-2.4.5/sm/verify.c:632:11: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 630| gpgsm_status_with_err_code (ctrl, STATUS_ERROR, "verify.keyusage",
# 631| gpg_err_code (rc));
# 632|-> rc = 0;
# 633| }
# 634|
Error: CLANG_WARNING: [#def283]
gnupg-2.4.5/sm/verify.c:733:7: warning[deadcode.DeadStores]: Value stored to 'rc' is never read
# 731|
# 732| next_signer:
# 733|-> rc = 0;
# 734| xfree (issuer);
# 735| xfree (serial);
Error: CLANG_WARNING: [#def284]
gnupg-2.4.5/tests/asschk.c:512:7: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 510| {
# 511| var = xcalloc (1, sizeof *var + strlen (name));
# 512|-> strcpy (var->name, name);
# 513| var->next = variable_list;
# 514| variable_list = var;
Error: CLANG_WARNING: [#def285]
gnupg-2.4.5/tests/asschk.c:1088:10: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'p')
# 1086| if (!p)
# 1087| die_0 ("incomplete script line");
# 1088|-> *p = 0;
# 1089| if (interpreter (buffer))
# 1090| break;
Error: COMPILER_WARNING (CWE-252): [#def286]
gnupg-2.4.5/tests/gpgscm/ffi.c: scope_hint: In function ‘do_file_equal’
gnupg-2.4.5/tests/gpgscm/ffi.c:1052:3: warning[-Wunused-result]: ignoring return value of ‘fread’ declared with attribute ‘warn_unused_result’
# 1052 | fread (b_buf, 1, 1, b_stream);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1050| }
# 1051|
# 1052|-> fread (b_buf, 1, 1, b_stream);
# 1053| if (! feof (b_stream))
# 1054| goto out; /* b is longer */
Error: CLANG_WARNING: [#def287]
gnupg-2.4.5/tests/gpgscm/main.c:272:17: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 270| scmpath = getenv ("GPGSCM_PATH");
# 271|
# 272|-> p = scmpath = strdup (scmpath);
# 273| if (p == NULL)
# 274| return 2;
Error: CLANG_WARNING: [#def288]
gnupg-2.4.5/tests/gpgscm/scheme.c:2846:3: warning[core.CallAndMessage]: 4th function call argument is an uninitialized value
# 2844| slot = find_slot_spec_in_env(sc, sc->envir, variable, 0, &sslot);
# 2845| assert(slot == sc->NIL);
# 2846|-> new_slot_spec_in_env(sc, variable, value, sslot);
# 2847| }
# 2848|
Error: CLANG_WARNING: [#def289]
gnupg-2.4.5/tests/gpgscm/scheme.c:5838:11: warning[core.CallAndMessage]: 4th function call argument is an uninitialized value
# 5836| set_slot_in_env(sc, x, value);
# 5837| } else {
# 5838|-> new_slot_spec_in_env(sc, symbol, value, sslot);
# 5839| }
# 5840| }
Error: CLANG_WARNING: [#def290]
gnupg-2.4.5/tests/gpgscm/scheme.c:5958:5: warning[unix.Malloc]: Potential leak of memory pointed to by 'sc.strbuff'
# 5956| }
# 5957| if(!scheme_init(&sc)) {
# 5958|-> fprintf(stderr,"Could not initialize!\n");
# 5959| return 2;
# 5960| }
Error: GCC_ANALYZER_WARNING (CWE-775): [#def291]
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:80:6: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname, "r")’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
# 78|
# 79| sink = fopen (fname_new, "w");
# 80|-> if (! sink)
# 81| {
# 82| perror (fname_new);
Error: GCC_ANALYZER_WARNING (CWE-401): [#def292]
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:80:6: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname, "r")’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
# 78|
# 79| sink = fopen (fname_new, "w");
# 80|-> if (! sink)
# 81| {
# 82| perror (fname_new);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def293]
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:92:14: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname, "r")’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
# 90| {
# 91| passphrase = strdup (linebuf);
# 92|-> if (passphrase == NULL)
# 93| {
# 94| perror ("strdup");
Error: GCC_ANALYZER_WARNING (CWE-775): [#def294]
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:92:14: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname_new, "w")’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
# 90| {
# 91| passphrase = strdup (linebuf);
# 92|-> if (passphrase == NULL)
# 93| {
# 94| perror ("strdup");
Error: GCC_ANALYZER_WARNING (CWE-401): [#def295]
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:92:14: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname, "r")’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
# 90| {
# 91| passphrase = strdup (linebuf);
# 92|-> if (passphrase == NULL)
# 93| {
# 94| perror ("strdup");
Error: GCC_ANALYZER_WARNING (CWE-401): [#def296]
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:92:14: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname_new, "w")’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
# 90| {
# 91| passphrase = strdup (linebuf);
# 92|-> if (passphrase == NULL)
# 93| {
# 94| perror ("strdup");
Error: GCC_ANALYZER_WARNING (CWE-775): [#def297]
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:102:6: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname, "r")’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
# 100| }
# 101|
# 102|-> if (ferror (source))
# 103| {
# 104| perror (fname);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def298]
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:102:6: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname_new, "w")’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
# 100| }
# 101|
# 102|-> if (ferror (source))
# 103| {
# 104| perror (fname);
Error: GCC_ANALYZER_WARNING (CWE-401): [#def299]
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:102:6: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname, "r")’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
# 100| }
# 101|
# 102|-> if (ferror (source))
# 103| {
# 104| perror (fname);
Error: GCC_ANALYZER_WARNING (CWE-401): [#def300]
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:102:6: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname_new, "w")’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
# 100| }
# 101|
# 102|-> if (ferror (source))
# 103| {
# 104| perror (fname);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def301]
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:108:6: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname, "r")’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
# 106| }
# 107|
# 108|-> if (ferror (sink))
# 109| {
# 110| perror (fname_new);
Error: GCC_ANALYZER_WARNING (CWE-775): [#def302]
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:108:6: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fname_new, "w")’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
# 106| }
# 107|
# 108|-> if (ferror (sink))
# 109| {
# 110| perror (fname_new);
Error: GCC_ANALYZER_WARNING (CWE-401): [#def303]
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:108:6: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname, "r")’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
# 106| }
# 107|
# 108|-> if (ferror (sink))
# 109| {
# 110| perror (fname_new);
Error: GCC_ANALYZER_WARNING (CWE-401): [#def304]
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:108:6: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fname_new, "w")’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:147:13: note: in expansion of macro ‘whitespacep’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c: scope_hint: In function ‘get_passphrase’
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:189:19: note: in expansion of macro ‘whitespacep’
# 106| }
# 107|
# 108|-> if (ferror (sink))
# 109| {
# 110| perror (fname_new);
Error: CLANG_WARNING: [#def305]
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:211:16: warning[unix.Malloc]: Potential memory leak
# 209| if (log_stream)
# 210| fclose (log_stream);
# 211|-> log_stream = NULL;
# 212|
# 213| logfile = option_value (args, "--logfile");
Error: CLANG_WARNING: [#def306]
gnupg-2.4.5/tests/openpgp/fake-pinentry.c:239:7: warning[deadcode.DeadStores]: Value stored to 'args' is never read
# 237| more = !! *p;
# 238| *p = 0;
# 239|-> args = more ? p+1 : p;
# 240|
# 241| passphrase = get_passphrase (passphrasefile);
Error: CLANG_WARNING: [#def307]
gnupg-2.4.5/tools/card-call-scd.c:207:15: warning[deadcode.DeadStores]: Value stored to 'result' during its initialization is never read
# 205| app_type_string (app_type_t app_type)
# 206| {
# 207|-> const char *result = "?";
# 208| switch (app_type)
# 209| {
Error: CLANG_WARNING: [#def308]
gnupg-2.4.5/tools/card-call-scd.c:715:17: warning[deadcode.DeadStores]: Although the value stored to 'p' is used in the enclosing expression, the value is never actually read from 'p'
# 713| unsigned long number;
# 714|
# 715|-> buf = p = unescape_status_string (line);
# 716| if (buf)
# 717| {
Error: CLANG_WARNING: [#def309]
gnupg-2.4.5/tools/card-call-scd.c:934:25: warning[deadcode.DeadStores]: Although the value stored to 'pline' is used in the enclosing expression, the value is never actually read from 'pline'
# 932| char *label;
# 933|
# 934|-> line_buffer = pline = xstrdup (line);
# 935|
# 936| if ((nfields = split_fields (line_buffer, fields, DIM (fields))) < 2)
Error: CLANG_WARNING: [#def310]
gnupg-2.4.5/tools/card-call-scd.c:936:16: warning[deadcode.DeadStores]: Although the value stored to 'nfields' is used in the enclosing expression, the value is never actually read from 'nfields'
# 934| line_buffer = pline = xstrdup (line);
# 935|
# 936|-> if ((nfields = split_fields (line_buffer, fields, DIM (fields))) < 2)
# 937| goto leave; /* not enough args - ignore. */
# 938|
Error: CLANG_WARNING: [#def311]
gnupg-2.4.5/tools/card-call-scd.c:1045:25: warning[deadcode.DeadStores]: Although the value stored to 'pline' is used in the enclosing expression, the value is never actually read from 'pline'
# 1043| time_t keytime;
# 1044|
# 1045|-> line_buffer = pline = xstrdup (line);
# 1046|
# 1047| if ((nfields = split_fields (line_buffer, fields, DIM (fields))) < 2)
Error: CLANG_WARNING: [#def312]
gnupg-2.4.5/tools/card-call-scd.c:1191:9: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1189| if (gpg_err_code (err) == GPG_ERR_INV_NAME
# 1190| || gpg_err_code (err) == GPG_ERR_UNSUPPORTED_OPERATION)
# 1191|-> err = 0; /* Not implemented or GETATTR not supported. */
# 1192| err = scd_getattr ("$DISPSERIALNO", info);
# 1193| if (gpg_err_code (err) == GPG_ERR_INV_NAME
Error: CLANG_WARNING: [#def313]
gnupg-2.4.5/tools/card-call-scd.c:1195:9: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1193| if (gpg_err_code (err) == GPG_ERR_INV_NAME
# 1194| || gpg_err_code (err) == GPG_ERR_UNSUPPORTED_OPERATION)
# 1195|-> err = 0; /* Not implemented or GETATTR not supported. */
# 1196| err = scd_getattr ("KEY-LABEL", info);
# 1197| if (gpg_err_code (err) == GPG_ERR_INV_NAME
Error: CLANG_WARNING: [#def314]
gnupg-2.4.5/tools/card-keys.c:234:15: warning[deadcode.DeadStores]: Value stored to 'keyblock_tail' is never read
# 232| {
# 233| *keyblock_tail = kb;
# 234|-> keyblock_tail = &kb->next;
# 235| kb = NULL;
# 236| }
Error: CLANG_WARNING: [#def315]
gnupg-2.4.5/tools/card-keys.c:422:11: warning[deadcode.DeadStores]: Value stored to 'n' is never read
# 420| goto leave;
# 421| }
# 422|-> n /= 2;
# 423|
# 424| for (pk = kb->keys; pk->next; pk = pk->next)
Error: CLANG_WARNING: [#def316]
gnupg-2.4.5/tools/card-keys.c:479:7: warning[deadcode.DeadStores]: Value stored to 'keyblock_tail' is never read
# 477| {
# 478| *keyblock_tail = kb;
# 479|-> keyblock_tail = &kb->next;
# 480| kb = NULL;
# 481| }
Error: CLANG_WARNING: [#def317]
gnupg-2.4.5/tools/gpg-auth.c:548:13: warning[deadcode.DeadStores]: Although the value stored to 's' is used in the enclosing expression, the value is never actually read from 's'
# 546| xfree (pin);
# 547| }
# 548|-> else if ((s = has_leading_keyword (line, "POPUPPINPADPROMPT")))
# 549| {
# 550|
Error: CLANG_WARNING: [#def318]
gnupg-2.4.5/tools/gpg-auth.c:565:13: warning[deadcode.DeadStores]: Although the value stored to 's' is used in the enclosing expression, the value is never actually read from 's'
# 563| }
# 564| }
# 565|-> else if ((s = has_leading_keyword (line, "DISMISSPINPADPROMPT")))
# 566| {
# 567| ;
Error: COMPILER_WARNING (CWE-252): [#def319]
gnupg-2.4.5/tools/gpg-auth.c: scope_hint: In function ‘getpin’
gnupg-2.4.5/tools/gpg-auth.c:962:3: warning[-Wunused-result]: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’
# 962 | fgets (line, ASSUAN_LINELENGTH, stdin);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 960| }
# 961|
# 962|-> fgets (line, ASSUAN_LINELENGTH, stdin);
# 963| if (split_fields (line, fields, DIM (fields)) < DIM (fields))
# 964| rc = GPG_ERR_PROTOCOL_VIOLATION;
Error: COMPILER_WARNING (CWE-704): [#def320]
gnupg-2.4.5/tools/gpg-card.c: scope_hint: In function ‘main’
gnupg-2.4.5/tools/gpg-card.c:318:21: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 316| /* Set defaults for non given options. */
# 317| if (!opt.gpg_program)
# 318|-> opt.gpg_program = gnupg_module_name (GNUPG_MODULE_NAME_GPG);
# 319| if (!opt.gpgsm_program)
# 320| opt.gpgsm_program = gnupg_module_name (GNUPG_MODULE_NAME_GPGSM);
Error: COMPILER_WARNING (CWE-704): [#def321]
gnupg-2.4.5/tools/gpg-card.c:320:23: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 318| opt.gpg_program = gnupg_module_name (GNUPG_MODULE_NAME_GPG);
# 319| if (!opt.gpgsm_program)
# 320|-> opt.gpgsm_program = gnupg_module_name (GNUPG_MODULE_NAME_GPGSM);
# 321|
# 322| /* Now build the list of commands. We guess the size of the array
Error: CLANG_WARNING: [#def322]
gnupg-2.4.5/tools/gpg-card.c:723:55: warning[deadcode.DeadStores]: Value stored to 'any' is never read
# 721| { tty_fprintf (fp, "%sauth", any?",":""); any=1; }
# 722| if ((kinfo->usage & GCRY_PK_USAGE_ENCR))
# 723|-> { tty_fprintf (fp, "%sencr", any?",":""); any=1; }
# 724| tty_fprintf (fp, ")");
# 725| }
Error: CLANG_WARNING: [#def323]
gnupg-2.4.5/tools/gpg-card.c:1312:11: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1310| }
# 1311| }
# 1312|-> err = scd_switchcard (sl->d);
# 1313| need_learn = 1;
# 1314| }
Error: CLANG_WARNING: [#def324]
gnupg-2.4.5/tools/gpg-card.c:4078:31: warning[core.NullDereference]: Access to field 'need_sn_cmd' results in a dereference of a null pointer (loaded from variable 'info')
# 4076| log_error ("Command '%s' failed: %s\n", command, gpg_strerror (err));
# 4077| if (gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT)
# 4078|-> info->need_sn_cmd = 1;
# 4079| }
# 4080| }
Error: CLANG_WARNING: [#def325]
gnupg-2.4.5/tools/gpg-check-pattern.c:470:3: warning[deadcode.DeadStores]: Value stored to 'accept_match' is never read
# 468| }
# 469|
# 470|-> accept_match = 0;
# 471| accept_skip = 0;
# 472| for (pat = patarray; pat->type != PAT_NULL; pat++)
Error: CLANG_WARNING: [#def326]
gnupg-2.4.5/tools/gpg-check-pattern.c:476:9: warning[deadcode.DeadStores]: Value stored to 'accept_match' is never read
# 474| match = 0;
# 475| if (pat->newblock)
# 476|-> accept_match = accept_skip = 0;
# 477|
# 478| if (pat->type == PAT_STRING)
Error: CLANG_WARNING: [#def327]
gnupg-2.4.5/tools/gpg-check-pattern.c:540:15: warning[deadcode.DeadStores]: Value stored to 'accept_match' is never read
# 538| return pat;
# 539| /* The next is not really but we do it for clarity. */
# 540|-> accept_match = accept_skip = 0;
# 541| }
# 542| }
Error: CLANG_WARNING: [#def328]
gnupg-2.4.5/tools/gpg-connect-agent.c:1543:15: warning[deadcode.DeadStores]: Value stored to 'n' is never read
# 1541| *p++ = *s++;
# 1542| *p = 0;
# 1543|-> n = p - line;
# 1544| }
# 1545| }
Error: GCC_ANALYZER_WARNING (CWE-686): [#def329]
gnupg-2.4.5/tools/gpg-pair-tool.c: scope_hint: In function ‘hmac_data’
gnupg-2.4.5/tools/gpg-pair-tool.c:1125:15: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘size_t’ {aka ‘long unsigned int’} but received ‘int’ for variadic argument 4 of ‘arg_ptr’
/usr/include/gcrypt.h:31: included_from: Included from here.
gnupg-2.4.5/common/util.h:34: included_from: Included from here.
gnupg-2.4.5/tools/gpg-pair-tool.c:134: included_from: Included from here.
# 1123| while ((data = va_arg (arg_ptr, const void *)))
# 1124| {
# 1125|-> datalen = va_arg (arg_ptr, size_t);
# 1126| /* log_printhex (data, datalen, " data:"); */
# 1127| err = gcry_mac_write (hd, data, datalen);
Error: CLANG_WARNING: [#def330]
gnupg-2.4.5/tools/gpg-wks-client.c:1223:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1221| policy = xcalloc (1, sizeof *policy);
# 1222| submission_to = xstrdup (fake_submission_addr);
# 1223|-> err = 0;
# 1224| }
# 1225| else
Error: CLANG_WARNING: [#def331]
gnupg-2.4.5/tools/gpg-wks-client.c:2097:7: warning[core.uninitialized.Branch]: Branch condition evaluates to a garbage value
# 2095| log_info ("a total of %u user ids from %d keys published\n",
# 2096| mirror_one_key_parm.nuids, mirror_one_key_parm.nkeys);
# 2097|-> if (err)
# 2098| log_error ("error mirroring LDAP directory: %s <%s>\n",
# 2099| gpg_strerror (err), gpg_strsource (err));
Error: CLANG_WARNING: [#def332]
gnupg-2.4.5/tools/gpg-wks-server.c:1973:11: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 1971| {
# 1972| struct policy_flags_s policy;
# 1973|-> err = wks_parse_policy (&policy, fp, 0);
# 1974| es_fclose (fp);
# 1975| wks_free_policy (&policy);
Error: CLANG_WARNING: [#def333]
gnupg-2.4.5/tools/gpgconf-comp.c:1135:13: warning[core.NullDereference]: Dereference of null pointer
# 1133| if (*src == '%')
# 1134| {
# 1135|-> *(dst++) = '%';
# 1136| *(dst++) = '2';
# 1137| *(dst++) = '5';
Error: CLANG_WARNING: [#def334]
gnupg-2.4.5/tools/gpgconf-comp.c:1142:13: warning[core.NullDereference]: Dereference of null pointer
# 1140| {
# 1141| /* The colon is used as field separator. */
# 1142|-> *(dst++) = '%';
# 1143| *(dst++) = '3';
# 1144| *(dst++) = 'a';
Error: CLANG_WARNING: [#def335]
gnupg-2.4.5/tools/gpgconf-comp.c:1149:13: warning[core.NullDereference]: Dereference of null pointer
# 1147| {
# 1148| /* The comma is used as list separator. */
# 1149|-> *(dst++) = '%';
# 1150| *(dst++) = '2';
# 1151| *(dst++) = 'c';
Error: CLANG_WARNING: [#def336]
gnupg-2.4.5/tools/gpgconf-comp.c:1156:13: warning[core.NullDereference]: Dereference of null pointer
# 1154| {
# 1155| /* The newline is problematic in a line-based format. */
# 1156|-> *(dst++) = '%';
# 1157| *(dst++) = '0';
# 1158| *(dst++) = 'a';
Error: CLANG_WARNING: [#def337]
gnupg-2.4.5/tools/gpgconf-comp.c:1161:11: warning[core.NullDereference]: Dereference of null pointer
# 1159| }
# 1160| else
# 1161|-> *(dst++) = *(src);
# 1162| src++;
# 1163| }
Error: CLANG_WARNING: [#def338]
gnupg-2.4.5/tools/gpgconf-comp.c:1197:13: warning[core.NullDereference]: Dereference of null pointer
# 1195| gc_error (1, 0, "malformed end of string %s", src);
# 1196|
# 1197|-> *(dst++) = (char) val;
# 1198| src += 3;
# 1199| }
Error: CLANG_WARNING: [#def339]
gnupg-2.4.5/tools/gpgconf-comp.c:1201:11: warning[core.NullDereference]: Dereference of null pointer
# 1199| }
# 1200| else
# 1201|-> *(dst++) = *(src++);
# 1202| }
# 1203| *dst = '\0';
Error: CLANG_WARNING: [#def340]
gnupg-2.4.5/tools/gpgconf-comp.c:1203:8: warning[core.NullDereference]: Dereference of null pointer (loaded from variable 'dst')
# 1201| *(dst++) = *(src++);
# 1202| }
# 1203|-> *dst = '\0';
# 1204| return str;
# 1205| }
Error: CLANG_WARNING: [#def341]
gnupg-2.4.5/tools/gpgconf-comp.c:2001:4: warning[deadcode.DeadStores]: Value stored to 'linep' is never read
# 1999| default_value = linep;
# 2000|
# 2001|-> linep = end;
# 2002| }
# 2003|
Error: CLANG_WARNING: [#def342]
gnupg-2.4.5/tools/gpgconf-comp.c:2081:17: warning[core.NullDereference]: Dereference of null pointer
# 2079| /* We only have the short option. Search in the option table
# 2080| * for the long option name. */
# 2081|-> for (i=0; opt_table[i].short_opt; i++)
# 2082| if (opt_table[i].short_opt == pargs.r_opt)
# 2083| break;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def343]
gnupg-2.4.5/tools/gpgconf-comp.c: scope_hint: In function ‘change_options_program’
gnupg-2.4.5/tools/gpgconf-comp.c:2545:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘option’
# 2543|
# 2544| option = gc_component[component].options;
# 2545|-> for ( ; option->name; option++)
# 2546| {
# 2547| if (!option->is_header && option->new_value)
Error: CLANG_WARNING: [#def344]
gnupg-2.4.5/tools/gpgconf-comp.c:2799:15: warning[deadcode.DeadStores]: Value stored to 'linep' is never read
# 2797| *(end++) = '\0';
# 2798| new_value = linep;
# 2799|-> linep = end;
# 2800| }
# 2801|
Error: CLANG_WARNING: [#def345]
gnupg-2.4.5/tools/gpgconf-comp.c:2921:13: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 2919| gnupg_rename_file (orig_filename, dest_filename, NULL);
# 2920| else
# 2921|-> unlink (dest_filename);
# 2922| }
# 2923| if (err)
Error: CLANG_WARNING: [#def346]
gnupg-2.4.5/tools/gpgconf-comp.c:3010:21: warning[core.NullDereference]: Access to field 'pw_name' results in a dereference of a null pointer (loaded from variable 'pw')
# 3008| if (!pw)
# 3009| gc_error (1, errno, "getpwuid failed for current user");
# 3010|-> my_name = xstrdup (pw->pw_name);
# 3011| }
# 3012| if (!strcmp (user, my_name))
Error: CLANG_WARNING: [#def347]
gnupg-2.4.5/tools/gpgconf-comp.c:3028:22: warning[core.NullDereference]: Access to field 'gr_name' results in a dereference of a null pointer (loaded from variable 'gr')
# 3026| if (!gr)
# 3027| gc_error (1, errno, "getgrgid failed for current user");
# 3028|-> my_group = xstrdup (gr->gr_name);
# 3029| }
# 3030| if (!strcmp (group, my_group))
Error: CLANG_WARNING: [#def348]
gnupg-2.4.5/tools/gpgconf-comp.c:3049:33: warning[core.NullDereference]: Access to field 'gr_name' results in a dereference of a null pointer (loaded from variable 'gr')
# 3047| if (!gr)
# 3048| gc_error (1, errno, "getgrgid failed for supplementary group");
# 3049|-> my_supgroups[n] = xstrdup (gr->gr_name);
# 3050| }
# 3051| xfree (gids);
Error: CLANG_WARNING: [#def349]
gnupg-2.4.5/tools/gpgconf.c:1388:25: warning[deadcode.DeadStores]: Value stored to 'sl' during its initialization is never read
# 1386| {
# 1387| int isreg = (tokens[0][3] == 'r');
# 1388|-> strlist_t sl = *listp;
# 1389|
# 1390| for (sl = *listp; sl; sl = sl->next)
Error: GCC_ANALYZER_WARNING (CWE-775): [#def350]
gnupg-2.4.5/tools/gpgparsemail.c: scope_hint: In function ‘run_gnupg’
gnupg-2.4.5/tools/gpgparsemail.c:191:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(sig_fd, 0)’
gnupg-2.4.5/tools/gpgparsemail.c:36: included_from: Included from here.
# 189| if (sig_fd != 0)
# 190| {
# 191|-> if (dup2 (sig_fd, 0) == -1)
# 192| die ("dup2 stdin failed: %s", strerror (errno));
# 193| }
Error: GCC_ANALYZER_WARNING (CWE-775): [#def351]
gnupg-2.4.5/tools/gpgparsemail.c:205:10: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 1)’
# 203| if (fd == -1)
# 204| die ("can't open '/dev/null': %s", strerror (errno));
# 205|-> if (fd != 1)
# 206| {
# 207| if (dup2 (fd, 1) == -1)
Error: GCC_ANALYZER_WARNING (CWE-775): [#def352]
gnupg-2.4.5/tools/gpgparsemail.c:207:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 1), 1)’
# 205| if (fd != 1)
# 206| {
# 207|-> if (dup2 (fd, 1) == -1)
# 208| die ("dup2 stderr failed: %s", strerror (errno));
# 209| }
Error: GCC_ANALYZER_WARNING (CWE-775): [#def353]
gnupg-2.4.5/tools/gpgparsemail.c:207:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 1)’
# 205| if (fd != 1)
# 206| {
# 207|-> if (dup2 (fd, 1) == -1)
# 208| die ("dup2 stderr failed: %s", strerror (errno));
# 209| }
Error: GCC_ANALYZER_WARNING (CWE-775): [#def354]
gnupg-2.4.5/tools/gpgparsemail.c:214:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(rp[1], 2)’
# 212| if (rp[1] != 2)
# 213| {
# 214|-> if (dup2 (rp[1], 2) == -1)
# 215| die ("dup2 stderr failed: %s", strerror (errno));
# 216| }
Error: CLANG_WARNING: [#def355]
gnupg-2.4.5/tools/gpgparsemail.c:254:3: warning[deadcode.DeadStores]: Value stored to 'is_status' is never read
# 252|
# 253| pos = 0;
# 254|-> is_status = 0;
# 255| assert (sizeof status_buf > 9);
# 256| while ((c=getc (fp)) != EOF)
Error: CLANG_WARNING: [#def356]
gnupg-2.4.5/tools/gpgparsemail.c:256:13: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 254| is_status = 0;
# 255| assert (sizeof status_buf > 9);
# 256|-> while ((c=getc (fp)) != EOF)
# 257| {
# 258| if (pos < 9)
Error: CLANG_WARNING: [#def357]
gnupg-2.4.5/tools/gpgparsemail.c:636:10: warning[core.NonNullParamChecker]: Null pointer passed to 3rd parameter expecting 'nonnull'
# 634| /* Fixme: We should not use fgets because it can't cope with
# 635| embedded nul characters. */
# 636|-> while (fgets (line, sizeof (line), fp))
# 637| {
# 638| lineno++;
Error: CLANG_WARNING: [#def358]
gnupg-2.4.5/tools/gpgparsemail.c:803:7: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 801| die ("can't open '%s': %s", *argv, strerror (errno));
# 802| parse_message (fp);
# 803|-> fclose (fp);
# 804| }
# 805| else
Error: CLANG_WARNING: [#def359]
gnupg-2.4.5/tools/gpgtar-create.c:573:7: warning[deadcode.DeadStores]: Although the value stored to 'pend' is used in the enclosing expression, the value is never actually read from 'pend'
# 571| v = value;
# 572| n = length;
# 573|-> p = pend = buffer + length;
# 574| *--p = 0; /* Nul byte. */
# 575| n--;
Error: CLANG_WARNING: [#def360]
gnupg-2.4.5/tools/gpgtar-create.c:593:11: warning[deadcode.DeadStores]: Although the value stored to 'pend' is used in the enclosing expression, the value is never actually read from 'pend'
# 591| v = value;
# 592| n = length;
# 593|-> p = pend = buffer + length;
# 594| do
# 595| {
Error: GCC_ANALYZER_WARNING (CWE-688): [#def361]
gnupg-2.4.5/tools/rfc822parse.c: scope_hint: In function ‘rfc822parse_get_field’
gnupg-2.4.5/tools/rfc822parse.c:646:11: warning[-Wanalyzer-null-argument]: use of NULL ‘p’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_strchr’ must be non-null
# 644| if (valueoff)
# 645| {
# 646|-> p = strchr (buf, ':');
# 647| if (!p)
# 648| *valueoff = 0; /* Oops: should never happen. */
Error: GCC_ANALYZER_WARNING (CWE-457): [#def362]
gnupg-2.4.5/tools/rfc822parse.c:646:11: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*p’
gnupg-2.4.5/tools/rfc822parse.c:37: included_from: Included from here.
/usr/include/string.h:246:14: note: argument 1 of ‘strchr’ must be a pointer to a null-terminated string
# 644| if (valueoff)
# 645| {
# 646|-> p = strchr (buf, ':');
# 647| if (!p)
# 648| *valueoff = 0; /* Oops: should never happen. */
Error: CLANG_WARNING: [#def363]
gnupg-2.4.5/tools/rfc822parse.c:646:11: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 644| if (valueoff)
# 645| {
# 646|-> p = strchr (buf, ':');
# 647| if (!p)
# 648| *valueoff = 0; /* Oops: should never happen. */
Error: CLANG_WARNING: [#def364]
gnupg-2.4.5/tools/rfc822parse.c:981:17: warning[deadcode.DeadStores]: Although the value stored to 's2' is used in the enclosing expression, the value is never actually read from 's2'
# 979| s++; /* skip the delimiter */
# 980| }
# 981|-> else if ((s2 = strchr (delimiters2, *s)))
# 982| { /* Special characters which are not handled above. */
# 983| invalid = 0;
Error: CLANG_WARNING: [#def365]
gnupg-2.4.5/tools/rfc822parse.c:1027:16: warning[unix.Malloc]: Potential leak of memory pointed to by 't'
# 1025| failure:
# 1026| {
# 1027|-> int save = errno;
# 1028| release_token_list (tok);
# 1029| errno = save;
Error: CLANG_WARNING: [#def366]
gnupg-2.4.5/tools/watchgnupg.c:223:7: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 221| : xmalloc (c->size));
# 222| }
# 223|-> memcpy (c->buffer + c->len, line, n);
# 224| c->len += n;
# 225| }
Error: GCC_ANALYZER_WARNING (CWE-775): [#def367]
gnupg-2.4.5/tools/watchgnupg.c: scope_hint: In function ‘get_logname’
gnupg-2.4.5/tools/watchgnupg.c:305:10: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 1)’
# 303| if (fd == -1)
# 304| die ("can't open '/dev/null': %s", strerror (errno));
# 305|-> if (fd != 0 && dup2 (fd, 0) == -1)
# 306| die ("dup2 stderr failed: %s", strerror (errno));
# 307|
Error: GCC_ANALYZER_WARNING (CWE-775): [#def368]
gnupg-2.4.5/tools/watchgnupg.c:305:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(open("/dev/null", 1), 0)’
# 303| if (fd == -1)
# 304| die ("can't open '/dev/null': %s", strerror (errno));
# 305|-> if (fd != 0 && dup2 (fd, 0) == -1)
# 306| die ("dup2 stderr failed: %s", strerror (errno));
# 307|
Error: GCC_ANALYZER_WARNING (CWE-775): [#def369]
gnupg-2.4.5/tools/watchgnupg.c:305:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 1)’
# 303| if (fd == -1)
# 304| die ("can't open '/dev/null': %s", strerror (errno));
# 305|-> if (fd != 0 && dup2 (fd, 0) == -1)
# 306| die ("dup2 stderr failed: %s", strerror (errno));
# 307|
Error: GCC_ANALYZER_WARNING (CWE-775): [#def370]
gnupg-2.4.5/tools/watchgnupg.c:309:22: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(rp[1], 1)’
# 307|
# 308| /* Connect stdout to our pipe. */
# 309|-> if (rp[1] != 1 && dup2 (rp[1], 1) == -1)
# 310| die ("dup2 stdout failed: %s", strerror (errno));
# 311|
Error: CLANG_WARNING: [#def371]
gnupg-2.4.5/tools/watchgnupg.c:335:13: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
# 333|
# 334| pos = 0;
# 335|-> while ((c=getc (fp)) != EOF)
# 336| {
# 337| if (pos+1 >= sizeof filename)
Error: CPPCHECK_WARNING (CWE-476): [#def372]
gnupg-2.4.5/tools/watchgnupg.c:557: error[nullPointer]: Null pointer dereference: (struct sockaddr_un*)0
# 555| srvr_addr_un.sun_path[sizeof (srvr_addr_un.sun_path) - 1] = 0;
# 556| addr_un = (struct sockaddr *)&srvr_addr_un;
# 557|-> addrlen_un = SUN_LEN (&srvr_addr_un);
# 558| }
# 559| else
Error: CLANG_WARNING: [#def373]
gnupg-2.4.5/tools/wks-receive.c:111:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 109| if (!argv)
# 110| {
# 111|-> err = gpg_error_from_syserror ();
# 112| goto leave;
# 113| }
Error: CLANG_WARNING: [#def374]
gnupg-2.4.5/tools/wks-receive.c:178:7: warning[deadcode.DeadStores]: Value stored to 'err' is never read
# 176| if (!argv)
# 177| {
# 178|-> err = gpg_error_from_syserror ();
# 179| goto leave;
# 180| }
Error: CLANG_WARNING: [#def375]
gnupg-2.4.5/tools/wks-util.c:1218:3: warning[core.uninitialized.UndefReturn]: Undefined or garbage value returned to caller
# 1216| es_fclose (fp);
# 1217| es_free (line);
# 1218|-> return err;
# 1219| }
# 1220|
Error: GCC_ANALYZER_WARNING (CWE-457): [#def376]
gnupg-2.4.5/tools/wks-util.c: scope_hint: In function ‘install_key_from_spec_file’
gnupg-2.4.5/tools/wks-util.c:1218:10: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘err’
# 1216| es_fclose (fp);
# 1217| es_free (line);
# 1218|-> return err;
# 1219| }
# 1220|
Error: CLANG_WARNING: [#def377]
gnupg-2.4.5/tpm2d/command.c:341:8: warning[core.CallAndMessage]: 2nd function call argument is an uninitialized value
# 339| goto out;
# 340|
# 341|-> rc = assuan_send_data (ctx, buf, buflen);
# 342| xfree (buf);
# 343|
Error: CLANG_WARNING: [#def378]
gnupg-2.4.5/tpm2d/tpm2.c:736:7: warning[core.CallAndMessage]: 4th function call argument is an uninitialized value
# 734| * write to the digest buffer */
# 735| hash.hashAlg = nalg;
# 736|-> TSS_Hash_Generate (&hash, bsize, s2b,
# 737| name->size, name->name,
# 738| 0, NULL);
Error: CLANG_WARNING: [#def379]
gnupg-2.4.5/tpm2d/tpm2.c:825:13: warning[core.CallAndMessage]: 1st function call argument is an uninitialized value
# 823| return ret;
# 824| len = strlen(passphrase);
# 825|-> if (len > TSS_GetDigestSize(objectPublic.publicArea.nameAlg))
# 826| {
# 827| len = TSS_GetDigestSize(objectPublic.publicArea.nameAlg);
Error: COMPILER_WARNING (CWE-252): [#def380]
gnupg-2.4.5/tpm2d/tpm2daemon.c: scope_hint: In function ‘tpm2d_kick_the_loop’
gnupg-2.4.5/tpm2d/tpm2daemon.c:1062:3: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 1062 | write (notify_fd, "", 1);
# | ^~~~~~~~~~~~~~~~~~~~~~~~
# 1060| w32_strerror (-1));
# 1061| #elif defined(HAVE_PSELECT_NO_EINTR)
# 1062|-> write (notify_fd, "", 1);
# 1063| #else
# 1064| int ret;
Error: COMPILER_WARNING (CWE-252): [#def381]
gnupg-2.4.5/tpm2d/tpm2daemon.c: scope_hint: In function ‘handle_connections’
gnupg-2.4.5/tpm2d/tpm2daemon.c:1230:11: warning[-Wunused-result]: ignoring return value of ‘read’ declared with attribute ‘warn_unused_result’
# 1230 | read (pipe_fd[0], buf, sizeof buf);
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1228| char buf[256];
# 1229|
# 1230|-> read (pipe_fd[0], buf, sizeof buf);
# 1231| }
# 1232| #endif
Scan Properties
| analyzer-version-clang | 18.1.3 |
| analyzer-version-cppcheck | 2.13.0 |
| analyzer-version-gcc | 14.0.1 |
| analyzer-version-gcc-analyzer | 14.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| enabled-plugins | clang, cppcheck, gcc, shellcheck |
| exit-code | 0 |
| host | ip-172-16-1-27.us-west-2.compute.internal |
| mock-config | fedora-41-x86_64 |
| project-name | gnupg2-2.4.5-1.fc41 |
| store-results-to | /tmp/tmphzc17kfn/gnupg2-2.4.5-1.fc41.tar.xz |
| time-created | 2024-04-22 11:00:28 |
| time-finished | 2024-04-22 11:08:12 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmphzc17kfn/gnupg2-2.4.5-1.fc41.tar.xz' '--gcc-analyze' '/tmp/tmphzc17kfn/gnupg2-2.4.5-1.fc41.src.rpm' |
| tool-version | csmock-3.5.3-1.el9 |