apr-util-1.6.3-21.fc42

List of Findings

Error: SHELLCHECK_WARNING (CWE-563): [#def1]
/usr/bin/apu-1-config:25:1: warning[SC2034]: exec_prefix appears unused. Verify use (or export if used externally).
#   23|   
#   24|   prefix="/usr"
#   25|-> exec_prefix="/usr"
#   26|   bindir="/usr/bin"
#   27|   includedir="/usr/include/apr-1"

Error: CPPCHECK_WARNING (CWE-823): [#def2]
apr-util-1.6.3-build/apr-util-1.6.3/crypto/apr_sha1.c:339: error[arrayIndexOutOfBounds]: Array 'sha_info->digest[5]' accessed at index 9998, which is out of bounds.
#  337|   
#  338|       for (i = 0, j = 0; j < APR_SHA1_DIGESTSIZE; i++) {
#  339|-> 	k = sha_info->digest[i];
#  340|   	digest[j++] = (unsigned char) ((k >> 24) & 0xff);
#  341|   	digest[j++] = (unsigned char) ((k >> 16) & 0xff);

Error: GCC_ANALYZER_WARNING (CWE-787): [#def3]
apr-util-1.6.3-build/apr-util-1.6.3/crypto/crypt_blowfish.c: scope_hint: In function 'BF_crypt'
apr-util-1.6.3-build/apr-util-1.6.3/crypto/crypt_blowfish.c:676:30: warning[-Wanalyzer-out-of-bounds]: buffer over-read
apr-util-1.6.3-build/apr-util-1.6.3/crypto/crypt_blowfish.c:676:30: note: valid subscripts for 'flags_by_subtype' are '[0]' to '[25]'
#  674|   	    setting[1] != '2' ||
#  675|   	    setting[2] < 'a' || setting[2] > 'z' ||
#  676|-> 	    !flags_by_subtype[(unsigned int)(unsigned char)setting[2] - 'a'] ||
#  677|   	    setting[3] != '$' ||
#  678|   	    setting[4] < '0' || setting[4] > '1' ||

Error: GCC_ANALYZER_WARNING (CWE-787): [#def4]
apr-util-1.6.3-build/apr-util-1.6.3/crypto/crypt_blowfish.c:694:29: warning[-Wanalyzer-out-of-bounds]: buffer over-read
apr-util-1.6.3-build/apr-util-1.6.3/crypto/crypt_blowfish.c: scope_hint: In function 'BF_crypt'
apr-util-1.6.3-build/apr-util-1.6.3/crypto/crypt_blowfish.c:694:29: note: valid subscripts for 'flags_by_subtype' are '[0]' to '[25]'
#  692|   
#  693|   	BF_set_key(key, data.expanded_key, data.ctx.P,
#  694|-> 	    flags_by_subtype[(unsigned int)(unsigned char)setting[2] - 'a']);
#  695|   
#  696|   	memcpy(data.ctx.S, BF_init_state.S, sizeof(data.ctx.S));

Error: GCC_ANALYZER_WARNING (CWE-476): [#def5]
apr-util-1.6.3-build/apr-util-1.6.3/xml/apr_xml.c:24: included_from: Included from here.
apr-util-1.6.3-build/apr-util-1.6.3/include/apr_xml.h:339:67: warning[-Wanalyzer-null-dereference]: dereference of NULL 'namespaces'
apr-util-1.6.3-build/apr-util-1.6.3/xml/apr_xml.c:699:37: note: in expansion of macro 'APR_XML_GET_URI_ITEM'
apr-util-1.6.3-build/apr-util-1.6.3/xml/apr_xml.c: scope_hint: In function 'elem_size'
apr-util-1.6.3-build/apr-util-1.6.3/xml/apr_xml.c:699:37: note: in expansion of macro 'APR_XML_GET_URI_ITEM'
#  337|   
#  338|   /** Get the URI item for this XML element */
#  339|-> #define APR_XML_GET_URI_ITEM(ary, i) (((const char * const *)(ary)->elts)[i])
#  340|   
#  341|   #if APR_CHARSET_EBCDIC

Error: CPPCHECK_WARNING (CWE-823): [#def6]
apr-util-1.6.3-build/apr-util-1.6.3/misc/apr_date.c:62: error[arrayIndexOutOfBounds]: Array 'mask[17]' accessed at index 255, which is out of bounds.
#   60|       for (i = 0; i < 256; i++) {
#   61|           d = data[i];
#   62|->         switch (mask[i]) {
#   63|           case '\0':
#   64|               return (d == '\0');

Error: GCC_ANALYZER_WARNING (CWE-476): [#def7]
apr-util-1.6.3-build/apr-util-1.6.3/misc/apr_thread_pool.c: scope_hint: In function 'thread_pool_func'
apr-util-1.6.3-build/apr-util-1.6.3/misc/apr_thread_pool.c:292:16: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
#  290|           }
#  291|   
#  292|->         if (elt->state != TH_STOP) {
#  293|               ++me->busy_cnt;
#  294|               APR_RING_INSERT_TAIL(me->busy_thds, elt,

Error: GCC_ANALYZER_WARNING (CWE-476): [#def8]
apr-util-1.6.3-build/apr-util-1.6.3/xml/apr_xml.c: scope_hint: In function 'elem_size'
apr-util-1.6.3-build/apr-util-1.6.3/xml/apr_xml.c:682:20: warning[-Wanalyzer-null-dereference]: dereference of NULL 'namespaces'
#  680|   	    */
#  681|   
#  682|-> 	    for (i = namespaces->nelts; i--;) {
#  683|   		/* compute size of: ' xmlns:ns%d="%s"' */
#  684|   		size += (9 + APR_XML_NS_LEN(i) + 2 +

Scan Properties

analyzer-version-clippy	1.82.0
analyzer-version-cppcheck	2.16.0
analyzer-version-gcc	14.2.1
analyzer-version-gcc-analyzer	15.0.0
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-48.us-west-2.compute.internal
mock-config	fedora-rawhide-gcc-latest-x86_64
project-name	apr-util-1.6.3-21.fc42
store-results-to	/tmp/tmpmqpxxeqj/apr-util-1.6.3-21.fc42.tar.xz
time-created	2024-11-12 23:12:53
time-finished	2024-11-12 23:14:18
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpmqpxxeqj/apr-util-1.6.3-21.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpmqpxxeqj/apr-util-1.6.3-21.fc42.src.rpm'
tool-version	csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9