libusb1-1.0.27-1.fc41

List of Defects

Error: GCC_ANALYZER_WARNING (CWE-789): [#def1]
libusb-1.0.27/examples/ezusb.c: scope_hint: In function ‘fx3_load_ram’
libusb-1.0.27/examples/ezusb.c:649:40: warning[-Wanalyzer-tainted-allocation-size]: use of attacker-controlled value ‘(long unsigned int)dLength * 4’ as allocation size without upper-bounds checking
libusb-1.0.27/examples/ezusb.c:649:40: note: heap-based allocation
#  647|   
#  648|   		// coverity[tainted_data]
#  649|-> 		dImageBuf = (uint32_t*)calloc(dLength, sizeof(uint32_t));
#  650|   		if (dImageBuf == NULL) {
#  651|   			logerror("could not allocate buffer for image chunk\n");

Error: GCC_ANALYZER_WARNING (CWE-129): [#def2]
libusb-1.0.27/examples/ezusb.c:649:40: warning[-Wanalyzer-tainted-size]: use of attacker-controlled value ‘(long unsigned int)dLength * 4’ as size without upper-bounds checking
#  647|   
#  648|   		// coverity[tainted_data]
#  649|-> 		dImageBuf = (uint32_t*)calloc(dLength, sizeof(uint32_t));
#  650|   		if (dImageBuf == NULL) {
#  651|   			logerror("could not allocate buffer for image chunk\n");

Error: CLANG_WARNING: [#def3]
libusb-1.0.27/libusb/core.c:1475:7: warning[unix.Malloc]: Use of memory after it is freed
# 1473|   	while ((dev = devs[i++]) != NULL) {
# 1474|   		struct libusb_device_descriptor desc;
# 1475|-> 		r = libusb_get_device_descriptor(dev, &desc);
# 1476|   		if (r < 0)
# 1477|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def4]
libusb-1.0.27/libusb/core.c: scope_hint: In function 'libusb_set_log_cb_internal.part.0'
libusb-1.0.27/libusb/core.c:2227:34: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
libusb-1.0.27/libusb/core.c:23: included_from: Included from here.
# 2225|   	if (mode & LIBUSB_LOG_CB_CONTEXT) {
# 2226|   		ctx = usbi_get_context(ctx);
# 2227|-> 		ctx->log_handler = cb;
# 2228|   	}
# 2229|   #else

Error: GCC_ANALYZER_WARNING (CWE-685): [#def5]
libusb-1.0.27/libusb/core.c: scope_hint: In function 'libusb_set_option'
libusb-1.0.27/libusb/core.c:2310:24: warning[-Wanalyzer-va-list-exhausted]: 'ap' has no more arguments (0 consumed)
libusb-1.0.27/libusb/libusbi.h:117: included_from: Included from here.
libusb-1.0.27/libusb/libusbi.h:29: included_from: Included from here.
libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ'
libusb-1.0.27/libusb/os/threads_posix.h:32:9: note: in expansion of macro 'PTHREAD_CHECK'
libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ'
libusb-1.0.27/libusb/os/threads_posix.h:32:9: note: in expansion of macro 'PTHREAD_CHECK'
libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ'
libusb-1.0.27/libusb/os/threads_posix.h:36:9: note: in expansion of macro 'PTHREAD_CHECK'
libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ'
libusb-1.0.27/libusb/os/threads_posix.h:42:9: note: in expansion of macro 'PTHREAD_CHECK'
libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ'
libusb-1.0.27/libusb/os/threads_posix.h:42:9: note: in expansion of macro 'PTHREAD_CHECK'
# 2308|   	}
# 2309|   	if (LIBUSB_OPTION_LOG_CB == option) {
# 2310|-> 		log_cb = (libusb_log_cb) va_arg(ap, libusb_log_cb);
# 2311|   	}
# 2312|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
libusb-1.0.27/libusb/descriptor.c: scope_hint: In function 'libusb_free_bos_descriptor.part.0'
libusb-1.0.27/libusb/descriptor.c:905:9: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
#  903|   	for (i = 0; i < bos->bNumDeviceCaps; i++)
#  904|   		free(bos->dev_capability[i]);
#  905|-> 	free(bos);
#  906|   }
#  907|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def7]
libusb-1.0.27/libusb/hotplug.c: scope_hint: In function 'libusb_hotplug_register_callback'
libusb-1.0.27/libusb/hotplug.c:370:33: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
libusb-1.0.27/libusb/hotplug.c:22: included_from: Included from here.
libusb-1.0.27/libusb/libusbi.h:117: included_from: Included from here.
libusb-1.0.27/libusb/libusbi.h:29: included_from: Included from here.
libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ'
libusb-1.0.27/libusb/os/threads_posix.h:46:9: note: in expansion of macro 'PTHREAD_CHECK'
#  368|   
#  369|   	/* protect the handle by the context hotplug lock */
#  370|-> 	hotplug_cb->handle = ctx->next_hotplug_cb_handle++;
#  371|   
#  372|   	/* handle the unlikely case of overflow */

Error: GCC_ANALYZER_WARNING (CWE-476): [#def8]
libusb-1.0.27/libusb/hotplug.c: scope_hint: In function 'libusb_hotplug_deregister_callback.part.0'
libusb-1.0.27/libusb/hotplug.c:437:29: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ'
libusb-1.0.27/libusb/os/threads_posix.h:46:9: note: in expansion of macro 'PTHREAD_CHECK'
libusb-1.0.27/libusb/libusbi.h:189:9: note: in expansion of macro 'list_for_each_entry'
libusb-1.0.27/libusb/libusbi.h:1514:9: note: in expansion of macro 'for_each_helper'
libusb-1.0.27/libusb/hotplug.c:423:9: note: in expansion of macro 'for_each_hotplug_cb'
libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ'
libusb-1.0.27/libusb/os/threads_posix.h:50:9: note: in expansion of macro 'PTHREAD_CHECK'
libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ'
libusb-1.0.27/libusb/os/threads_posix.h:46:9: note: in expansion of macro 'PTHREAD_CHECK'
#  435|   
#  436|   		usbi_mutex_lock(&ctx->event_data_lock);
#  437|-> 		event_flags = ctx->event_flags;
#  438|   		ctx->event_flags |= USBI_EVENT_HOTPLUG_CB_DEREGISTERED;
#  439|   		if (!event_flags)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def9]
libusb-1.0.27/libusb/io.c: scope_hint: In function 'libusb_set_pollfd_notifiers'
libusb-1.0.27/libusb/io.c:2650:26: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 2648|   #if !defined(PLATFORM_WINDOWS)
# 2649|   	ctx = usbi_get_context(ctx);
# 2650|-> 	ctx->fd_added_cb = added_cb;
# 2651|   	ctx->fd_removed_cb = removed_cb;
# 2652|   	ctx->fd_cb_user_data = user_data;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def10]
libusb-1.0.27/libusb/io.c: scope_hint: In function 'usbi_handle_disconnect'
libusb-1.0.27/libusb/io.c:2820:56: warning[-Wanalyzer-null-dereference]: dereference of NULL 'dev_handle'
libusb-1.0.27/libusb/libusbi.h:316:67: note: in definition of macro '_usbi_log'
libusb-1.0.27/libusb/io.c:2819:9: note: in expansion of macro 'usbi_dbg'
libusb-1.0.27/libusb/io.c:2815:38: note: in expansion of macro 'HANDLE_CTX'
libusb-1.0.27/libusb/libusbi.h:316:67: note: in definition of macro '_usbi_log'
libusb-1.0.27/libusb/io.c:2819:9: note: in expansion of macro 'usbi_dbg'
libusb-1.0.27/libusb/libusbi.h:316:67: note: in definition of macro '_usbi_log'
libusb-1.0.27/libusb/io.c:2819:9: note: in expansion of macro 'usbi_dbg'
# 2818|   
# 2819|   	usbi_dbg(ctx, "device %d.%d",
# 2820|-> 		dev_handle->dev->bus_number, dev_handle->dev->device_address);
# 2821|   
# 2822|   	/* terminate all pending transfers with the LIBUSB_TRANSFER_NO_DEVICE

Error: CLANG_WARNING: [#def11]
libusb-1.0.27/examples/dpfp.c:34: included_from: Included from here.
libusb-1.0.27/libusb/libusb.h:1846:23: warning[core.NullDereference]: Access to field 'dev_handle' results in a dereference of a null pointer (loaded from variable 'transfer')
# 1844|   	void *user_data, unsigned int timeout)
# 1845|   {
# 1846|-> 	transfer->dev_handle = dev_handle;
# 1847|   	transfer->endpoint = endpoint;
# 1848|   	transfer->type = LIBUSB_TRANSFER_TYPE_BULK;

Error: CPPCHECK_WARNING (CWE-476): [#def12]
libusb-1.0.27/libusb/libusbi.h:485: error[ctunullpointer]: Null pointer dereference: ctx
#  483|   static inline int usbi_handling_events(struct libusb_context *ctx)
#  484|   {
#  485|-> 	return usbi_tls_key_get(ctx->event_handling_key) != NULL;
#  486|   }
#  487|   

Error: CPPCHECK_WARNING (CWE-476): [#def13]
libusb-1.0.27/libusb/libusbi.h:485: warning[nullPointer]: Possible null pointer dereference: ctx
#  483|   static inline int usbi_handling_events(struct libusb_context *ctx)
#  484|   {
#  485|-> 	return usbi_tls_key_get(ctx->event_handling_key) != NULL;
#  486|   }
#  487|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def14]
libusb-1.0.27/libusb/libusbi.h:485:16: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
libusb-1.0.27/libusb/sync.c: scope_hint: In function 'libusb_control_transfer'
#  483|   static inline int usbi_handling_events(struct libusb_context *ctx)
#  484|   {
#  485|-> 	return usbi_tls_key_get(ctx->event_handling_key) != NULL;
#  486|   }
#  487|   

Error: CLANG_WARNING: [#def15]
libusb-1.0.27/libusb/sync.c:23: included_from: Included from here.
libusb-1.0.27/libusb/libusbi.h:485:26: warning[core.NullDereference]: Access to field 'event_handling_key' results in a dereference of a null pointer (loaded from variable 'ctx')
#  483|   static inline int usbi_handling_events(struct libusb_context *ctx)
#  484|   {
#  485|-> 	return usbi_tls_key_get(ctx->event_handling_key) != NULL;
#  486|   }
#  487|   

Error: CLANG_WARNING: [#def16]
libusb-1.0.27/libusb/os/events_posix.c:241:13: warning[unix.Malloc]: Use of memory allocated with size zero
#  239|   
#  240|   	for_each_event_source(ctx, ievent_source) {
#  241|-> 		fds[i].fd = ievent_source->data.os_handle;
#  242|   		fds[i].events = ievent_source->data.poll_events;
#  243|   		i++;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def17]
libusb-1.0.27/libusb/os/events_posix.h:58:21: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
libusb-1.0.27/libusb/io.c: scope_hint: In function 'libusb_get_next_timeout'
#   56|   static inline int usbi_timer_valid(usbi_timer_t *timer)
#   57|   {
#   58|-> 	return timer->timerfd >= 0;
#   59|   }
#   60|   #endif

Error: GCC_ANALYZER_WARNING (CWE-476): [#def18]
libusb-1.0.27/libusb/os/events_posix.h:58:21: warning[-Wanalyzer-null-dereference]: dereference of NULL 'ctx'
libusb-1.0.27/libusb/io.c: scope_hint: In function 'libusb_get_next_timeout'
#   56|   static inline int usbi_timer_valid(usbi_timer_t *timer)
#   57|   {
#   58|-> 	return timer->timerfd >= 0;
#   59|   }
#   60|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def19]
libusb-1.0.27/libusb/os/linux_usbfs.c: scope_hint: In function 'submit_bulk_transfer'
libusb-1.0.27/libusb/os/linux_usbfs.c:1986:23: warning[-Wanalyzer-malloc-leak]: leak of 'urbs'
# 1984|   	tpriv->reap_status = LIBUSB_TRANSFER_COMPLETED;
# 1985|   
# 1986|-> 	for (i = 0; i < num_urbs; i++) {
# 1987|   		struct usbfs_urb *urb = &urbs[i];
# 1988|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def20]
libusb-1.0.27/libusb/os/linux_usbfs.c: scope_hint: In function 'submit_iso_transfer'
libusb-1.0.27/libusb/os/linux_usbfs.c:2175:23: warning[-Wanalyzer-malloc-leak]: leak of 'urbs'
# 2173|   
# 2174|   	/* submit URBs */
# 2175|-> 	for (i = 0; i < num_urbs; i++) {
# 2176|   		int r = ioctl(hpriv->fd, IOCTL_USBFS_SUBMITURB, urbs[i]);
# 2177|   

Error: CPPCHECK_WARNING (CWE-562): [#def21]
libusb-1.0.27/tests/umockdev.c:603: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
#  601|   	struct libusb_transfer *transfer = NULL;
#  602|   
#  603|-> 	fixture->chat = chat;
#  604|   
#  605|   	/* Open */

Error: CPPCHECK_WARNING (CWE-562): [#def22]
libusb-1.0.27/tests/umockdev.c:650: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
#  648|   	struct libusb_transfer *transfer = NULL;
#  649|   
#  650|-> 	fixture->chat = chat;
#  651|   
#  652|   	/* Open */

Error: CPPCHECK_WARNING (CWE-562): [#def23]
libusb-1.0.27/tests/umockdev.c:696: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
#  694|   	struct libusb_transfer *transfer = NULL;
#  695|   
#  696|-> 	fixture->chat = chat;
#  697|   
#  698|   	/* Open */

Error: CPPCHECK_WARNING (CWE-562): [#def24]
libusb-1.0.27/tests/umockdev.c:778: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
#  776|   	};
#  777|   
#  778|-> 	fixture->chat = chat;
#  779|   
#  780|   	handle = libusb_open_device_with_vid_pid(fixture->ctx, 0x04a9, 0x31c0);

Error: CPPCHECK_WARNING (CWE-562): [#def25]
libusb-1.0.27/tests/umockdev.c:825: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
#  823|   	struct libusb_transfer *transfer = NULL;
#  824|   
#  825|-> 	fixture->chat = chat;
#  826|   
#  827|   	handle = libusb_open_device_with_vid_pid(fixture->ctx, 0x04a9, 0x31c0);

Scan Properties

analyzer-version-clang18.1.3
analyzer-version-cppcheck2.13.0
analyzer-version-gcc14.0.1
analyzer-version-gcc-analyzer14.0.1
analyzer-version-shellcheck0.10.0
enabled-pluginsclang, cppcheck, gcc, shellcheck
exit-code0
hostip-172-16-1-103.us-west-2.compute.internal
mock-configfedora-41-x86_64
project-namelibusb1-1.0.27-1.fc41
store-results-to/tmp/tmpjjjfsj3m/libusb1-1.0.27-1.fc41.tar.xz
time-created2024-04-22 11:05:47
time-finished2024-04-22 11:06:59
toolcsmock
tool-args'/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmpjjjfsj3m/libusb1-1.0.27-1.fc41.tar.xz' '--gcc-analyze' '/tmp/tmpjjjfsj3m/libusb1-1.0.27-1.fc41.src.rpm'
tool-versioncsmock-3.5.3-1.el9