xz-5.4.6-3.fc41

List of Defects

Error: SHELLCHECK_WARNING (CWE-758): [#def1]
/etc/profile.d/colorxzgrep.sh:1:1: error[SC2148]: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
#    1|-> /usr/libexec/grepconf.sh -c || return
#    2|   alias xzgrep='xzgrep --color=auto' 2>/dev/null
#    3|   alias xzegrep='xzegrep --color=auto' 2>/dev/null

Error: SHELLCHECK_WARNING (CWE-569): [#def2]
/usr/bin/xzdiff:65:25: warning[SC2188]: This redirection doesn't have a command. Move to its command (or use 'true' as no-op).
#   63|   
#   64|   for file; do
#   65|->   test "X$file" = X- || <"$file" || exit 2
#   66|   done
#   67|   

Error: SHELLCHECK_WARNING (CWE-563): [#def3]
/usr/bin/xzdiff:100:7: warning[SC2034]: FILE appears unused. Verify use (or export if used externally).
#   98|         FILE=`expr "X$1" : 'X\(.*[-.]t\)zo$'`ar;;
#   99|       *.tzst)
#  100|->       FILE=`expr "X$1" : 'X\(.*[-.]t\)zst$'`ar;;
#  101|     esac
#  102|     xz_status=$(

Error: SHELLCHECK_WARNING (CWE-569): [#def4]
/usr/bin/xzless:47:30: warning[SC2089]: Quotes/backslashes will be treated literally. Rewrite using set/"$@" or functions.
#   45|   	nl='
#   46|   '
#   47|-> 	LESSMETACHARS="$space$tab$nl'"';*?"()<>[|&^`#\$%=~'
#   48|   fi
#   49|   

Error: SHELLCHECK_WARNING (CWE-569): [#def5]
/usr/bin/xzless:57:8: warning[SC2090]: Quotes/backslashes in this variable will not be respected.
#   55|   	LESSOPEN="|$xz -cdfqQ -- %s"
#   56|   fi
#   57|-> export LESSMETACHARS LESSOPEN
#   58|   
#   59|   exec less "$@"

Error: SHELLCHECK_WARNING (CWE-398): [#def6]
/usr/bin/xzmore:46:46: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names.
#   44|   fi
#   45|   if test $? -eq 0 && test -n "$oldtty"; then
#   46|-> 	trap 'stty $oldtty 2>/dev/null; exit' 0 2 3 5 10 13 15
#   47|   else
#   48|   	trap 'stty $ncb echo 2>/dev/null; exit' 0 2 3 5 10 13 15

Error: SHELLCHECK_WARNING (CWE-398): [#def7]
/usr/bin/xzmore:46:48: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names.
#   44|   fi
#   45|   if test $? -eq 0 && test -n "$oldtty"; then
#   46|-> 	trap 'stty $oldtty 2>/dev/null; exit' 0 2 3 5 10 13 15
#   47|   else
#   48|   	trap 'stty $ncb echo 2>/dev/null; exit' 0 2 3 5 10 13 15

Error: SHELLCHECK_WARNING (CWE-398): [#def8]
/usr/bin/xzmore:46:51: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names.
#   44|   fi
#   45|   if test $? -eq 0 && test -n "$oldtty"; then
#   46|-> 	trap 'stty $oldtty 2>/dev/null; exit' 0 2 3 5 10 13 15
#   47|   else
#   48|   	trap 'stty $ncb echo 2>/dev/null; exit' 0 2 3 5 10 13 15

Error: SHELLCHECK_WARNING (CWE-398): [#def9]
/usr/bin/xzmore:48:48: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names.
#   46|   	trap 'stty $oldtty 2>/dev/null; exit' 0 2 3 5 10 13 15
#   47|   else
#   48|-> 	trap 'stty $ncb echo 2>/dev/null; exit' 0 2 3 5 10 13 15
#   49|   fi
#   50|   

Error: SHELLCHECK_WARNING (CWE-398): [#def10]
/usr/bin/xzmore:48:50: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names.
#   46|   	trap 'stty $oldtty 2>/dev/null; exit' 0 2 3 5 10 13 15
#   47|   else
#   48|-> 	trap 'stty $ncb echo 2>/dev/null; exit' 0 2 3 5 10 13 15
#   49|   fi
#   50|   

Error: SHELLCHECK_WARNING (CWE-398): [#def11]
/usr/bin/xzmore:48:53: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names.
#   46|   	trap 'stty $oldtty 2>/dev/null; exit' 0 2 3 5 10 13 15
#   47|   else
#   48|-> 	trap 'stty $ncb echo 2>/dev/null; exit' 0 2 3 5 10 13 15
#   49|   fi
#   50|   

Error: SHELLCHECK_WARNING (CWE-569): [#def12]
/usr/bin/xzmore:60:3: warning[SC2188]: This redirection doesn't have a command. Move to its command (or use 'true' as no-op).
#   58|   	FIRST=1
#   59|   	for FILE; do
#   60|-> 		< "$FILE" || continue
#   61|   		if test $FIRST -eq 0; then
#   62|   			printf "%s--More--(Next file: %s)" "" "$FILE"

Error: GCC_ANALYZER_WARNING (CWE-775): [#def13]
xz-5.4.6/src/common/tuklib_open_stdxxx.c: scope_hint: In function ‘tuklib_open_stdxxx’
xz-5.4.6/src/common/tuklib_open_stdxxx.c:41:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", <unknown>)’
#   39|   					| (i == 0 ? O_WRONLY : O_RDONLY));
#   40|   
#   41|-> 			if (fd != i) {
#   42|   				if (fd != -1)
#   43|   					(void)close(fd);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def14]
xz-5.4.6/src/liblzma/common/filter_encoder.c: scope_hint: In function 'lzma_mt_block_size'
xz-5.4.6/src/liblzma/common/filter_encoder.c:259:23: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
xz-5.4.6/src/liblzma/common/filter_encoder.c: scope_hint: In function 'lzma_mt_block_size'
#  257|   		const lzma_filter_encoder *const fe
#  258|   				= encoder_find(filters[i].id);
#  259|-> 		if (fe->block_size != NULL) {
#  260|   			const uint64_t size
#  261|   					= fe->block_size(filters[i].options);

Error: CLANG_WARNING: [#def15]
xz-5.4.6/src/liblzma/common/index.c:266:11: warning[core.NullDereference]: Access to field 'parent' results in a dereference of a null pointer (loaded from variable 'node')
#  264|   		up = ctz32(tree->count) + 2;
#  265|   		do {
#  266|-> 			node = node->parent;
#  267|   		} while (--up > 0);
#  268|   

Error: CLANG_WARNING: [#def16]
xz-5.4.6/src/liblzma/common/index.c:270:28: warning[core.NullDereference]: Access to field 'right' results in a dereference of a null pointer (loaded from variable 'node')
#  268|   
#  269|   		// Rotate left using node as the rotation root.
#  270|-> 		index_tree_node *pivot = node->right;
#  271|   
#  272|   		if (node->parent == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def17]
xz-5.4.6/src/liblzma/common/index.c:319:32: warning[-Wanalyzer-null-dereference]: dereference of NULL 'result'
xz-5.4.6/src/liblzma/common/index.c: scope_hint: In function 'lzma_index_iter_locate'
xz-5.4.6/src/liblzma/common/index.c: scope_hint: In function 'lzma_index_iter_locate'
#  317|   {
#  318|   	const index_tree_node *result = NULL;
#  319|-> 	const index_tree_node *node = tree->root;
#  320|   
#  321|   	assert(tree->leftmost == NULL

Error: GCC_ANALYZER_WARNING (CWE-476): [#def18]
xz-5.4.6/src/liblzma/common/index.c: scope_hint: In function 'lzma_index_iter_locate'
xz-5.4.6/src/liblzma/common/index.c:1252:16: warning[-Wanalyzer-null-dereference]: dereference of NULL 'result'
xz-5.4.6/src/liblzma/common/index.c: scope_hint: In function 'lzma_index_iter_locate'
# 1250|   	// we don't want to return them.
# 1251|   	size_t left = 0;
# 1252|-> 	size_t right = group->last;
# 1253|   
# 1254|   	while (left < right) {

Error: CLANG_WARNING: [#def19]
xz-5.4.6/src/xz/args.c:97:13: warning[core.NonNullParamChecker]: Null pointer passed to 1st parameter expecting 'nonnull'
#   95|   	for (size_t i = 0; i < count; ++i) {
#   96|   		// Locate the next comma and replace it with \0.
#   97|-> 		char *p = strchr(str, ',');
#   98|   		if (p != NULL)
#   99|   			*p = '\0';

Error: CPPCHECK_WARNING (CWE-369): [#def20]
xz-5.4.6/src/xz/util.c:156: error[zerodiv]: Division by zero.
#  154|   
#  155|   		// Don't overflow here either.
#  156|-> 		if (result > UINT64_MAX / multiplier)
#  157|   			goto error;
#  158|   

Error: CPPCHECK_WARNING (CWE-562): [#def21]
xz-5.4.6/src/xzdec/xzdec.c:171: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
#  169|   
#  170|   	strm->avail_in = 0;
#  171|-> 	strm->next_out = out_buf;
#  172|   	strm->avail_out = BUFSIZ;
#  173|   

Error: CPPCHECK_WARNING (CWE-562): [#def22]
xz-5.4.6/src/xzdec/xzdec.c:178: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
#  176|   	while (true) {
#  177|   		if (strm->avail_in == 0) {
#  178|-> 			strm->next_in = in_buf;
#  179|   			strm->avail_in = fread(in_buf, 1, BUFSIZ, file);
#  180|   

Error: CPPCHECK_WARNING (CWE-457): [#def23]
xz-5.4.6/src/xzdec/xzdec.c:206: error[uninitvar]: Uninitialized variable: out_buf
#  204|   			const size_t write_size = BUFSIZ - strm->avail_out;
#  205|   
#  206|-> 			if (fwrite(out_buf, 1, write_size, stdout)
#  207|   					!= write_size) {
#  208|   				// Wouldn't be a surprise if writing to stderr

Error: CPPCHECK_WARNING (CWE-562): [#def24]
xz-5.4.6/src/xzdec/xzdec.c:216: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
#  214|   			}
#  215|   
#  216|-> 			strm->next_out = out_buf;
#  217|   			strm->avail_out = BUFSIZ;
#  218|   		}

Error: CLANG_WARNING: [#def25]
xz-5.4.6/src/xzdec/xzdec.c:230:6: warning[core.StackAddressEscape]: Address of stack memory associated with local variable 'out_buf' is still referred to by the stack variable 'strm' upon returning to the caller.  This will be a dangling reference
#  228|   					ret = LZMA_DATA_ERROR;
#  229|   				else
#  230|-> 					return;
#  231|   #else
#  232|   				// lzma_stream_decoder() already guarantees

Error: CLANG_WARNING: [#def26]
xz-5.4.6/src/xzdec/xzdec.c:237:5: warning[core.StackAddressEscape]: Address of stack memory associated with local variable 'out_buf' is still referred to by the stack variable 'strm' upon returning to the caller.  This will be a dangling reference
#  235|   				assert(action == LZMA_FINISH);
#  236|   				assert(feof(file));
#  237|-> 				return;
#  238|   #endif
#  239|   			}

Scan Properties