libusb1-1.0.27-1.fc41
List of Defects
Error: GCC_ANALYZER_WARNING (CWE-789): [#def1]
libusb-1.0.27/examples/ezusb.c: scope_hint: In function ‘fx3_load_ram’
libusb-1.0.27/examples/ezusb.c:649:40: warning[-Wanalyzer-tainted-allocation-size]: use of attacker-controlled value ‘(long unsigned int)dLength * 4’ as allocation size without upper-bounds checking
libusb-1.0.27/examples/ezusb.c:649:40: note: heap-based allocation
# 647|
# 648| // coverity[tainted_data]
# 649|-> dImageBuf = (uint32_t*)calloc(dLength, sizeof(uint32_t));
# 650| if (dImageBuf == NULL) {
# 651| logerror("could not allocate buffer for image chunk\n");
Error: GCC_ANALYZER_WARNING (CWE-129): [#def2]
libusb-1.0.27/examples/ezusb.c:649:40: warning[-Wanalyzer-tainted-size]: use of attacker-controlled value ‘(long unsigned int)dLength * 4’ as size without upper-bounds checking
# 647|
# 648| // coverity[tainted_data]
# 649|-> dImageBuf = (uint32_t*)calloc(dLength, sizeof(uint32_t));
# 650| if (dImageBuf == NULL) {
# 651| logerror("could not allocate buffer for image chunk\n");
Error: CLANG_WARNING: [#def3]
libusb-1.0.27/libusb/core.c:1475:7: warning[unix.Malloc]: Use of memory after it is freed
# 1473| while ((dev = devs[i++]) != NULL) {
# 1474| struct libusb_device_descriptor desc;
# 1475|-> r = libusb_get_device_descriptor(dev, &desc);
# 1476| if (r < 0)
# 1477| goto out;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def4]
libusb-1.0.27/libusb/core.c: scope_hint: In function 'libusb_set_log_cb_internal.part.0'
libusb-1.0.27/libusb/core.c:2227:34: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
libusb-1.0.27/libusb/core.c:23: included_from: Included from here.
# 2225| if (mode & LIBUSB_LOG_CB_CONTEXT) {
# 2226| ctx = usbi_get_context(ctx);
# 2227|-> ctx->log_handler = cb;
# 2228| }
# 2229| #else
Error: GCC_ANALYZER_WARNING (CWE-685): [#def5]
libusb-1.0.27/libusb/core.c: scope_hint: In function 'libusb_set_option'
libusb-1.0.27/libusb/core.c:2310:24: warning[-Wanalyzer-va-list-exhausted]: 'ap' has no more arguments (0 consumed)
libusb-1.0.27/libusb/libusbi.h:117: included_from: Included from here.
libusb-1.0.27/libusb/libusbi.h:29: included_from: Included from here.
libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ'
libusb-1.0.27/libusb/os/threads_posix.h:32:9: note: in expansion of macro 'PTHREAD_CHECK'
libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ'
libusb-1.0.27/libusb/os/threads_posix.h:32:9: note: in expansion of macro 'PTHREAD_CHECK'
libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ'
libusb-1.0.27/libusb/os/threads_posix.h:36:9: note: in expansion of macro 'PTHREAD_CHECK'
libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ'
libusb-1.0.27/libusb/os/threads_posix.h:42:9: note: in expansion of macro 'PTHREAD_CHECK'
libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ'
libusb-1.0.27/libusb/os/threads_posix.h:42:9: note: in expansion of macro 'PTHREAD_CHECK'
# 2308| }
# 2309| if (LIBUSB_OPTION_LOG_CB == option) {
# 2310|-> log_cb = (libusb_log_cb) va_arg(ap, libusb_log_cb);
# 2311| }
# 2312|
Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
libusb-1.0.27/libusb/descriptor.c: scope_hint: In function 'libusb_free_bos_descriptor.part.0'
libusb-1.0.27/libusb/descriptor.c:905:9: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
# 903| for (i = 0; i < bos->bNumDeviceCaps; i++)
# 904| free(bos->dev_capability[i]);
# 905|-> free(bos);
# 906| }
# 907|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def7]
libusb-1.0.27/libusb/hotplug.c: scope_hint: In function 'libusb_hotplug_register_callback'
libusb-1.0.27/libusb/hotplug.c:370:33: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
libusb-1.0.27/libusb/hotplug.c:22: included_from: Included from here.
libusb-1.0.27/libusb/libusbi.h:117: included_from: Included from here.
libusb-1.0.27/libusb/libusbi.h:29: included_from: Included from here.
libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ'
libusb-1.0.27/libusb/os/threads_posix.h:46:9: note: in expansion of macro 'PTHREAD_CHECK'
# 368|
# 369| /* protect the handle by the context hotplug lock */
# 370|-> hotplug_cb->handle = ctx->next_hotplug_cb_handle++;
# 371|
# 372| /* handle the unlikely case of overflow */
Error: GCC_ANALYZER_WARNING (CWE-476): [#def8]
libusb-1.0.27/libusb/hotplug.c: scope_hint: In function 'libusb_hotplug_deregister_callback.part.0'
libusb-1.0.27/libusb/hotplug.c:437:29: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ'
libusb-1.0.27/libusb/os/threads_posix.h:46:9: note: in expansion of macro 'PTHREAD_CHECK'
libusb-1.0.27/libusb/libusbi.h:189:9: note: in expansion of macro 'list_for_each_entry'
libusb-1.0.27/libusb/libusbi.h:1514:9: note: in expansion of macro 'for_each_helper'
libusb-1.0.27/libusb/hotplug.c:423:9: note: in expansion of macro 'for_each_hotplug_cb'
libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ'
libusb-1.0.27/libusb/os/threads_posix.h:50:9: note: in expansion of macro 'PTHREAD_CHECK'
libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ'
libusb-1.0.27/libusb/os/threads_posix.h:46:9: note: in expansion of macro 'PTHREAD_CHECK'
# 435|
# 436| usbi_mutex_lock(&ctx->event_data_lock);
# 437|-> event_flags = ctx->event_flags;
# 438| ctx->event_flags |= USBI_EVENT_HOTPLUG_CB_DEREGISTERED;
# 439| if (!event_flags)
Error: GCC_ANALYZER_WARNING (CWE-476): [#def9]
libusb-1.0.27/libusb/io.c: scope_hint: In function 'libusb_set_pollfd_notifiers'
libusb-1.0.27/libusb/io.c:2650:26: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
# 2648| #if !defined(PLATFORM_WINDOWS)
# 2649| ctx = usbi_get_context(ctx);
# 2650|-> ctx->fd_added_cb = added_cb;
# 2651| ctx->fd_removed_cb = removed_cb;
# 2652| ctx->fd_cb_user_data = user_data;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def10]
libusb-1.0.27/libusb/io.c: scope_hint: In function 'usbi_handle_disconnect'
libusb-1.0.27/libusb/io.c:2820:56: warning[-Wanalyzer-null-dereference]: dereference of NULL 'dev_handle'
libusb-1.0.27/libusb/libusbi.h:316:67: note: in definition of macro '_usbi_log'
libusb-1.0.27/libusb/io.c:2819:9: note: in expansion of macro 'usbi_dbg'
libusb-1.0.27/libusb/io.c:2815:38: note: in expansion of macro 'HANDLE_CTX'
libusb-1.0.27/libusb/libusbi.h:316:67: note: in definition of macro '_usbi_log'
libusb-1.0.27/libusb/io.c:2819:9: note: in expansion of macro 'usbi_dbg'
libusb-1.0.27/libusb/libusbi.h:316:67: note: in definition of macro '_usbi_log'
libusb-1.0.27/libusb/io.c:2819:9: note: in expansion of macro 'usbi_dbg'
# 2818|
# 2819| usbi_dbg(ctx, "device %d.%d",
# 2820|-> dev_handle->dev->bus_number, dev_handle->dev->device_address);
# 2821|
# 2822| /* terminate all pending transfers with the LIBUSB_TRANSFER_NO_DEVICE
Error: CLANG_WARNING: [#def11]
libusb-1.0.27/examples/dpfp.c:34: included_from: Included from here.
libusb-1.0.27/libusb/libusb.h:1846:23: warning[core.NullDereference]: Access to field 'dev_handle' results in a dereference of a null pointer (loaded from variable 'transfer')
# 1844| void *user_data, unsigned int timeout)
# 1845| {
# 1846|-> transfer->dev_handle = dev_handle;
# 1847| transfer->endpoint = endpoint;
# 1848| transfer->type = LIBUSB_TRANSFER_TYPE_BULK;
Error: CPPCHECK_WARNING (CWE-476): [#def12]
libusb-1.0.27/libusb/libusbi.h:485: error[ctunullpointer]: Null pointer dereference: ctx
# 483| static inline int usbi_handling_events(struct libusb_context *ctx)
# 484| {
# 485|-> return usbi_tls_key_get(ctx->event_handling_key) != NULL;
# 486| }
# 487|
Error: CPPCHECK_WARNING (CWE-476): [#def13]
libusb-1.0.27/libusb/libusbi.h:485: warning[nullPointer]: Possible null pointer dereference: ctx
# 483| static inline int usbi_handling_events(struct libusb_context *ctx)
# 484| {
# 485|-> return usbi_tls_key_get(ctx->event_handling_key) != NULL;
# 486| }
# 487|
Error: GCC_ANALYZER_WARNING (CWE-476): [#def14]
libusb-1.0.27/libusb/libusbi.h:485:16: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
libusb-1.0.27/libusb/sync.c: scope_hint: In function 'libusb_control_transfer'
# 483| static inline int usbi_handling_events(struct libusb_context *ctx)
# 484| {
# 485|-> return usbi_tls_key_get(ctx->event_handling_key) != NULL;
# 486| }
# 487|
Error: CLANG_WARNING: [#def15]
libusb-1.0.27/libusb/sync.c:23: included_from: Included from here.
libusb-1.0.27/libusb/libusbi.h:485:26: warning[core.NullDereference]: Access to field 'event_handling_key' results in a dereference of a null pointer (loaded from variable 'ctx')
# 483| static inline int usbi_handling_events(struct libusb_context *ctx)
# 484| {
# 485|-> return usbi_tls_key_get(ctx->event_handling_key) != NULL;
# 486| }
# 487|
Error: CLANG_WARNING: [#def16]
libusb-1.0.27/libusb/os/events_posix.c:241:13: warning[unix.Malloc]: Use of memory allocated with size zero
# 239|
# 240| for_each_event_source(ctx, ievent_source) {
# 241|-> fds[i].fd = ievent_source->data.os_handle;
# 242| fds[i].events = ievent_source->data.poll_events;
# 243| i++;
Error: GCC_ANALYZER_WARNING (CWE-476): [#def17]
libusb-1.0.27/libusb/os/events_posix.h:58:21: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
libusb-1.0.27/libusb/io.c: scope_hint: In function 'libusb_get_next_timeout'
# 56| static inline int usbi_timer_valid(usbi_timer_t *timer)
# 57| {
# 58|-> return timer->timerfd >= 0;
# 59| }
# 60| #endif
Error: GCC_ANALYZER_WARNING (CWE-476): [#def18]
libusb-1.0.27/libusb/os/events_posix.h:58:21: warning[-Wanalyzer-null-dereference]: dereference of NULL 'ctx'
libusb-1.0.27/libusb/io.c: scope_hint: In function 'libusb_get_next_timeout'
# 56| static inline int usbi_timer_valid(usbi_timer_t *timer)
# 57| {
# 58|-> return timer->timerfd >= 0;
# 59| }
# 60| #endif
Error: GCC_ANALYZER_WARNING (CWE-401): [#def19]
libusb-1.0.27/libusb/os/linux_usbfs.c: scope_hint: In function 'submit_bulk_transfer'
libusb-1.0.27/libusb/os/linux_usbfs.c:1986:23: warning[-Wanalyzer-malloc-leak]: leak of 'urbs'
# 1984| tpriv->reap_status = LIBUSB_TRANSFER_COMPLETED;
# 1985|
# 1986|-> for (i = 0; i < num_urbs; i++) {
# 1987| struct usbfs_urb *urb = &urbs[i];
# 1988|
Error: GCC_ANALYZER_WARNING (CWE-401): [#def20]
libusb-1.0.27/libusb/os/linux_usbfs.c: scope_hint: In function 'submit_iso_transfer'
libusb-1.0.27/libusb/os/linux_usbfs.c:2175:23: warning[-Wanalyzer-malloc-leak]: leak of 'urbs'
# 2173|
# 2174| /* submit URBs */
# 2175|-> for (i = 0; i < num_urbs; i++) {
# 2176| int r = ioctl(hpriv->fd, IOCTL_USBFS_SUBMITURB, urbs[i]);
# 2177|
Error: CPPCHECK_WARNING (CWE-562): [#def21]
libusb-1.0.27/tests/umockdev.c:603: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
# 601| struct libusb_transfer *transfer = NULL;
# 602|
# 603|-> fixture->chat = chat;
# 604|
# 605| /* Open */
Error: CPPCHECK_WARNING (CWE-562): [#def22]
libusb-1.0.27/tests/umockdev.c:650: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
# 648| struct libusb_transfer *transfer = NULL;
# 649|
# 650|-> fixture->chat = chat;
# 651|
# 652| /* Open */
Error: CPPCHECK_WARNING (CWE-562): [#def23]
libusb-1.0.27/tests/umockdev.c:696: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
# 694| struct libusb_transfer *transfer = NULL;
# 695|
# 696|-> fixture->chat = chat;
# 697|
# 698| /* Open */
Error: CPPCHECK_WARNING (CWE-562): [#def24]
libusb-1.0.27/tests/umockdev.c:778: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
# 776| };
# 777|
# 778|-> fixture->chat = chat;
# 779|
# 780| handle = libusb_open_device_with_vid_pid(fixture->ctx, 0x04a9, 0x31c0);
Error: CPPCHECK_WARNING (CWE-562): [#def25]
libusb-1.0.27/tests/umockdev.c:825: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
# 823| struct libusb_transfer *transfer = NULL;
# 824|
# 825|-> fixture->chat = chat;
# 826|
# 827| handle = libusb_open_device_with_vid_pid(fixture->ctx, 0x04a9, 0x31c0);
Scan Properties
analyzer-version-clang | 18.1.3 |
analyzer-version-cppcheck | 2.13.0 |
analyzer-version-gcc | 14.0.1 |
analyzer-version-gcc-analyzer | 14.0.1 |
analyzer-version-shellcheck | 0.10.0 |
enabled-plugins | clang, cppcheck, gcc, shellcheck |
exit-code | 0 |
host | ip-172-16-1-103.us-west-2.compute.internal |
mock-config | fedora-41-x86_64 |
project-name | libusb1-1.0.27-1.fc41 |
store-results-to | /tmp/tmpjjjfsj3m/libusb1-1.0.27-1.fc41.tar.xz |
time-created | 2024-04-22 11:05:47 |
time-finished | 2024-04-22 11:06:59 |
tool | csmock |
tool-args | '/usr/bin/csmock' '-r' 'fedora-41-x86_64' '-t' 'cppcheck,gcc,clang,shellcheck' '-o' '/tmp/tmpjjjfsj3m/libusb1-1.0.27-1.fc41.tar.xz' '--gcc-analyze' '/tmp/tmpjjjfsj3m/libusb1-1.0.27-1.fc41.src.rpm' |
tool-version | csmock-3.5.3-1.el9 |