Newly introduced defects

List of Defects

Error: GCC_ANALYZER_WARNING (CWE-688): [#def1]
libssh-0.10.6/src/ecdh_crypto.c: scope_hint: In function ‘ecdh_build_k’
libssh-0.10.6/src/ecdh_crypto.c:302:15: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
libssh-0.10.6/src/ecdh_crypto.c: scope_hint: In function ‘ecdh_build_k’
<built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null
#  300|                                                   ssh_string_len(peer_pubkey));
#  301|     curve = ecdh_kex_type_to_curve(next_crypto->kex_type);
#  302|->   params[1] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
#  303|                                                  (char *)curve,
#  304|                                                  strlen(curve));

Error: CLANG_WARNING: [#def2]
libssh-0.10.6/src/ecdh_crypto.c:337:7: warning[unix.Malloc]: Potential leak of memory pointed to by 'secret'
#  335|     rc = EVP_PKEY_derive(dh_ctx, secret, &secret_len);
#  336|     if (rc != 1) {
#  337|->       EVP_PKEY_CTX_free(dh_ctx);
#  338|         return -1;
#  339|     }

Error: COMPILER_WARNING (CWE-563): [#def3]
libssh-0.10.6/tests/torture.c: scope_hint: In function ‘torture_setup_tokens’
libssh-0.10.6/tests/torture.c:1242:10: warning[-Wunused-variable]: unused variable ‘conf_path’
# 1242 |     char conf_path[1024] = {0};
#      |          ^~~~~~~~~
# 1240|       char token_setup_start_cmd[1024] = {0};
# 1241|       char socket_path[1204] = {0};
# 1242|->     char conf_path[1024] = {0};
# 1243|       int rc;
# 1244|   

Error: COMPILER_WARNING (CWE-563): [#def4]
libssh-0.10.6/tests/torture.c:1286:9: warning[-Wunused-variable]: unused variable ‘rc’
# 1286 |     int rc;
#      |         ^~
# 1284|   {
# 1285|       char pidfile[1024] = {0};
# 1286|->     int rc;
# 1287|       pid_t pid;
# 1288|   

Error: COMPILER_WARNING (CWE-563): [#def5]
libssh-0.10.6/tests/torture.c: scope_hint: In function ‘torture_cleanup_tokens’
libssh-0.10.6/tests/torture.c:1287:11: warning[-Wunused-variable]: unused variable ‘pid’
# 1287 |     pid_t pid;
#      |           ^~~
# 1285|       char pidfile[1024] = {0};
# 1286|       int rc;
# 1287|->     pid_t pid;
# 1288|   
# 1289|   #ifdef WITH_PKCS11_PROVIDER

Scan Properties

analyzer-version-clang	18.1.3
analyzer-version-cppcheck	2.13.0
analyzer-version-gcc	14.0.1
analyzer-version-gcc-analyzer	14.0.1
analyzer-version-shellcheck	0.10.0
diffbase-analyzer-version-clang	18.1.3
diffbase-analyzer-version-cppcheck	2.13.0
diffbase-analyzer-version-gcc	14.0.1
diffbase-analyzer-version-gcc-analyzer	14.0.1
diffbase-analyzer-version-shellcheck	0.10.0
diffbase-enabled-plugins	clang, cppcheck, gcc, shellcheck
diffbase-exit-code	0
diffbase-host	ip-172-16-1-253.us-west-2.compute.internal
diffbase-mock-config	fedora-41-x86_64
diffbase-project-name	libssh-0.10.6-5.fc40
diffbase-store-results-to	/tmp/tmp55myl6x4/libssh-0.10.6-5.fc40.tar.xz
diffbase-time-created	2024-04-22 10:59:37
diffbase-time-finished	2024-04-22 11:07:33
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmp55myl6x4/libssh-0.10.6-5.fc40.tar.xz' '--gcc-analyze' '/tmp/tmp55myl6x4/libssh-0.10.6-5.fc40.src.rpm'
diffbase-tool-version	csmock-3.5.3-1.el9
enabled-plugins	clang, cppcheck, gcc, shellcheck
exit-code	0
host	ip-172-16-1-253.us-west-2.compute.internal
mock-config	fedora-41-x86_64
project-name	libssh-0.10.6-6.fc41
store-results-to	/tmp/tmp4rqd_qe5/libssh-0.10.6-6.fc41.tar.xz
time-created	2024-04-22 11:07:56
time-finished	2024-04-22 11:15:24
title	Newly introduced defects
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmp4rqd_qe5/libssh-0.10.6-6.fc41.tar.xz' '--gcc-analyze' '/tmp/tmp4rqd_qe5/libssh-0.10.6-6.fc41.src.rpm'
tool-version	csmock-3.5.3-1.el9