Error: GCC_ANALYZER_WARNING (CWE-835): [#def1] curl-8.10.1-build/curl-8.10.1/lib/bufq.c: scope_hint: In function 'Curl_bufq_skip' curl-8.10.1-build/curl-8.10.1/lib/bufq.c:575:16: warning[-Wanalyzer-infinite-loop]: infinite loop curl-8.10.1-build/curl-8.10.1/lib/bufq.c: scope_hint: In function 'Curl_bufq_skip' curl-8.10.1-build/curl-8.10.1/lib/bufq.c: scope_hint: In function 'Curl_bufq_skip' # 573| size_t n; # 574| # 575|-> while(amount && q->head) { # 576| n = chunk_skip(q->head, amount); # 577| amount -= n; Error: CPPCHECK_WARNING (CWE-476): [#def2] curl-8.10.1-build/curl-8.10.1/lib/conncache.c:1042: warning[nullPointer]: Possible null pointer dereference: cpool # 1040| DEBUGASSERT(data || cpool); # 1041| if(!data) # 1042|-> data = cpool->idata; # 1043| # 1044| /* the transfer must be detached from the connection */ Error: GCC_ANALYZER_WARNING (CWE-775): [#def3] curl-8.10.1-build/curl-8.10.1/lib/file.c: scope_hint: In function 'file_connect' curl-8.10.1-build/curl-8.10.1/lib/file.c:253:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor '**data.req.p.file.fd' curl-8.10.1-build/curl-8.10.1/lib/file.c:245:8: note: in expansion of macro 'open_readonly' curl-8.10.1-build/curl-8.10.1/lib/file.c:245:8: note: in expansion of macro 'open_readonly' # 251| # 252| file->fd = fd; # 253|-> if(!data->state.upload && (fd == -1)) { # 254| failf(data, "Couldn't open file %s", data->state.up.path); # 255| file_done(data, CURLE_FILE_COULDNT_READ_FILE, FALSE); Error: GCC_ANALYZER_WARNING (CWE-775): [#def4] curl-8.10.1-build/curl-8.10.1/lib/file.c:253:26: warning[-Wanalyzer-fd-leak]: leak of file descriptor '**data.req.p.file.fd' curl-8.10.1-build/curl-8.10.1/lib/file.c:245:8: note: in expansion of macro 'open_readonly' curl-8.10.1-build/curl-8.10.1/lib/file.c:245:8: note: in expansion of macro 'open_readonly' # 251| # 252| file->fd = fd; # 253|-> if(!data->state.upload && (fd == -1)) { # 254| failf(data, "Couldn't open file %s", data->state.up.path); # 255| file_done(data, CURLE_FILE_COULDNT_READ_FILE, FALSE); Error: GCC_ANALYZER_WARNING (CWE-476): [#def5] curl-8.10.1-build/curl-8.10.1/lib/http2.c: scope_hint: In function 'nw_in_reader' curl-8.10.1-build/curl-8.10.1/lib/http2.c:460:10: warning[-Wanalyzer-null-dereference]: dereference of NULL 'reader_ctx' curl-8.10.1-build/curl-8.10.1/lib/http2.c:43: included_from: Included from here. curl-8.10.1-build/curl-8.10.1/lib/http2.c:458:28: note: in expansion of macro 'CF_DATA_CURRENT' # 458| struct Curl_easy *data = CF_DATA_CURRENT(cf); # 459| # 460|-> return Curl_conn_cf_recv(cf->next, data, (char *)buf, buflen, err); # 461| } # 462| Error: GCC_ANALYZER_WARNING (CWE-126): [#def6] curl-8.10.1-build/curl-8.10.1/lib/http2.c: scope_hint: In function 'curl_pushheader_byname' curl-8.10.1-build/curl-8.10.1/lib/http2.c:847:30: warning[-Wanalyzer-out-of-bounds]: buffer over-read curl-8.10.1-build/curl-8.10.1/lib/http2.c:847:30: note: read of 1 byte from after the end of '":authority"' curl-8.10.1-build/curl-8.10.1/lib/http2.c:847:30: note: valid subscripts for '":authority"' are '[0]' to '[10]' curl-8.10.1-build/curl-8.10.1/lib/curl_setup_once.h:34: included_from: Included from here. curl-8.10.1-build/curl-8.10.1/lib/curl_setup.h:816: included_from: Included from here. curl-8.10.1-build/curl-8.10.1/lib/http2.c:25: included_from: Included from here. /usr/include/string.h:246:14: note: argument 1 of 'strchr' must be a pointer to a null-terminated string # 845| this is because we do prefix match.*/ # 846| if(!h || !GOOD_EASY_HANDLE(h->data) || !header || !header[0] || # 847|-> !strcmp(header, ":") || strchr(header + 1, ':')) # 848| return NULL; # 849| Error: GCC_ANALYZER_WARNING (CWE-126): [#def7] curl-8.10.1-build/curl-8.10.1/lib/http_negotiate.c: scope_hint: In function 'Curl_input_negotiate' curl-8.10.1-build/curl-8.10.1/lib/http_negotiate.c:91:9: warning[-Wanalyzer-out-of-bounds]: buffer over-read curl-8.10.1-build/curl-8.10.1/lib/http_negotiate.c:91:9: note: read of 9 bytes from after the end of '"Negotiate"' curl-8.10.1-build/curl-8.10.1/lib/http_negotiate.c:91:9: note: valid subscripts for '"Negotiate"' are '[0]' to '[9]' curl-8.10.1-build/curl-8.10.1/lib/curl_setup_once.h:34: included_from: Included from here. curl-8.10.1-build/curl-8.10.1/lib/curl_setup.h:816: included_from: Included from here. curl-8.10.1-build/curl-8.10.1/lib/http_negotiate.c:25: included_from: Included from here. /usr/include/string.h:407:15: note: argument 1 of 'strlen' must be a pointer to a null-terminated string # 89| header++; # 90| # 91|-> len = strlen(header); # 92| neg_ctx->havenegdata = len != 0; # 93| if(!len) { Error: GCC_ANALYZER_WARNING (CWE-457): [#def8] curl-8.10.1-build/curl-8.10.1/lib/mprintf.c: scope_hint: In function 'formatf' curl-8.10.1-build/curl-8.10.1/lib/mprintf.c:704:42: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'input[<unknown>].val.nums' # 702| /* pick up the specified width */ # 703| if(flags & FLAGS_WIDTHPARAM) { # 704|-> width = (int)input[optr->width].val.nums; # 705| if(width < 0) { # 706| /* "A negative field width is taken as a '-' flag followed by a Error: GCC_ANALYZER_WARNING (CWE-457): [#def9] curl-8.10.1-build/curl-8.10.1/lib/mprintf.c:721:45: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'input[<unknown>].val.nums' # 719| /* pick up the specified precision */ # 720| if(flags & FLAGS_PRECPARAM) { # 721|-> prec = (int)input[optr->precision].val.nums; # 722| if(prec < 0) # 723| /* "A negative precision is taken as if the precision were Error: GCC_ANALYZER_WARNING (CWE-457): [#def10] curl-8.10.1-build/curl-8.10.1/lib/mprintf.c:735:16: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'input[<unknown>].type' # 733| iptr = &input[optr->input]; # 734| # 735|-> switch(iptr->type) { # 736| case FORMAT_INTU: # 737| case FORMAT_LONGU: Error: CPPCHECK_WARNING (CWE-457): [#def11] curl-8.10.1-build/curl-8.10.1/lib/request.c:319: error[uninitvar]: Uninitialized variable: &tmp # 317| char tmp; # 318| size_t nwritten; # 319|-> result = xfer_send(data, &tmp, 0, 0, &nwritten); # 320| if(result) # 321| return result; Error: GCC_ANALYZER_WARNING (CWE-476): [#def12] curl-8.10.1-build/curl-8.10.1/lib/sendf.c: scope_hint: In function 'Curl_creader_set_fread' curl-8.10.1-build/curl-8.10.1/lib/sendf.c:1132:7: warning[-Wanalyzer-null-dereference]: dereference of NULL 'r' # 1130| if(result) # 1131| goto out; # 1132|-> ctx = r->ctx; # 1133| ctx->total_len = len; # 1134| Error: GCC_ANALYZER_WARNING (CWE-775): [#def13] curl-8.10.1-build/curl-8.10.1/src/tool_cb_dbg.c: scope_hint: In function ‘tool_debug_cb’ curl-8.10.1-build/curl-8.10.1/src/tool_cb_dbg.c:141:29: warning[-Wanalyzer-file-leak]: leak of FILE ‘*config.trace_stream’ # 139| else { # 140| config->trace_stream = fopen(config->trace_dump, FOPEN_WRITETEXT); # 141|-> config->trace_fopened = TRUE; # 142| } # 143| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def14] curl-8.10.1-build/curl-8.10.1/src/tool_cb_dbg.c:141:29: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.trace_stream’ # 139| else { # 140| config->trace_stream = fopen(config->trace_dump, FOPEN_WRITETEXT); # 141|-> config->trace_fopened = TRUE; # 142| } # 143| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def15] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.altsvc’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def16] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.aws_sigv4’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def17] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.cipher13_list’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def18] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.cipher_list’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def19] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.cookiejar’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def20] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.dns_interface’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def21] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.dns_ipv4_addr’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def22] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.dns_ipv6_addr’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def23] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.dns_servers’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def24] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.doh_url’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def25] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.ftp_account’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def26] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.ftp_alternative_to_user’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def27] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.haproxy_clientip’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def28] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.hsts’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def29] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.iface’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def30] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.ipfs_gateway’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def31] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.krblevel’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def32] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.mail_auth’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def33] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.mail_from’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def34] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c: scope_hint: In function ‘getstr’ curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.noproxy’ curl-8.10.1-build/curl-8.10.1/lib/curlx.h:56: included_from: Included from here. curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:28: included_from: Included from here. curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def35] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.oauth_bearer’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def36] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.proto_default’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def37] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.proxy_cipher13_list’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def38] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.proxy_service_name’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def39] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.proxy’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def40] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.sasl_authzid’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def41] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.service_name’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def42] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.unix_socket_path’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def43] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:66:7: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.useragent’ curl-8.10.1-build/curl-8.10.1/lib/curl_multibyte.h:73:51: note: in definition of macro ‘curlx_convert_tchar_to_UTF8’ # 64| # 65| *str = strdup(val); # 66|-> if(!*str) # 67| return PARAM_NO_MEM; # 68| } Error: CPPCHECK_WARNING (CWE-457): [#def44] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:1012: error[uninitvar]: Uninitialized variables: &key.desc, &key.letter, &key.cmd # 1010| key.lname = opt; # 1011| # 1012|-> return bsearch(&key, aliases, sizeof(aliases)/sizeof(aliases[0]), # 1013| sizeof(aliases[0]), findarg); # 1014| } Error: CPPCHECK_WARNING (CWE-457): [#def45] curl-8.10.1-build/curl-8.10.1/src/tool_getparam.c:1443: error[uninitvar]: Uninitialized variable: &find.value # 1441| const struct TOSEntry *entry; # 1442| find.name = nextarg; # 1443|-> entry = bsearch(&find, tos_entries, # 1444| sizeof(tos_entries)/sizeof(*tos_entries), # 1445| sizeof(*tos_entries), find_tos); Error: GCC_ANALYZER_WARNING (CWE-775): [#def46] curl-8.10.1-build/curl-8.10.1/src/tool_main.c: scope_hint: In function ‘main_checkfds’ curl-8.10.1-build/curl-8.10.1/src/tool_main.c:97:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd[0]’ # 95| (fcntl(STDERR_FILENO, F_GETFD) == -1)) # 96| if(pipe(fd)) # 97|-> return 1; # 98| return 0; # 99| } Error: GCC_ANALYZER_WARNING (CWE-775): [#def47] curl-8.10.1-build/curl-8.10.1/src/tool_main.c:97:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd[1]’ # 95| (fcntl(STDERR_FILENO, F_GETFD) == -1)) # 96| if(pipe(fd)) # 97|-> return 1; # 98| return 0; # 99| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def48] curl-8.10.1-build/curl-8.10.1/src/tool_operate.c: scope_hint: In function ‘transfer_per_config’ curl-8.10.1-build/curl-8.10.1/src/tool_operate.c:3045:9: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.cacert’ curl-8.10.1-build/curl-8.10.1/include/curl/curl.h:3247: included_from: Included from here. curl-8.10.1-build/curl-8.10.1/src/tool_setup.h:46: included_from: Included from here. curl-8.10.1-build/curl-8.10.1/src/tool_operate.c:24: included_from: Included from here. curl-8.10.1-build/curl-8.10.1/src/tool_operate.c:3232:11: note: in expansion of macro ‘curl_share_setopt’ # 3043| if(env) { # 3044| config->cacert = strdup(env); # 3045|-> curl_free(env); # 3046| if(!config->cacert) { # 3047| curl_easy_cleanup(curltls); Error: GCC_ANALYZER_WARNING (CWE-401): [#def49] curl-8.10.1-build/curl-8.10.1/src/tool_operate.c:3056:11: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.capath’ curl-8.10.1-build/curl-8.10.1/src/tool_operate.c:3232:11: note: in expansion of macro ‘curl_share_setopt’ # 3054| if(env) { # 3055| config->capath = strdup(env); # 3056|-> curl_free(env); # 3057| if(!config->capath) { # 3058| curl_easy_cleanup(curltls); Error: GCC_ANALYZER_WARNING (CWE-401): [#def50] curl-8.10.1-build/curl-8.10.1/src/tool_operate.c:3067:11: warning[-Wanalyzer-malloc-leak]: leak of ‘*config.cacert’ curl-8.10.1-build/curl-8.10.1/src/tool_operate.c:3232:11: note: in expansion of macro ‘curl_share_setopt’ # 3065| if(env) { # 3066| config->cacert = strdup(env); # 3067|-> curl_free(env); # 3068| if(!config->cacert) { # 3069| if(capath_from_env) Error: GCC_ANALYZER_WARNING (CWE-688): [#def51] curl-8.10.1-build/curl-8.10.1/src/tool_writeout.c: scope_hint: In function ‘writeString’ curl-8.10.1-build/curl-8.10.1/src/tool_writeout.c:421:7: warning[-Wanalyzer-null-argument]: use of NULL ‘strinfo’ where non-null expected curl-8.10.1-build/curl-8.10.1/lib/curl_setup.h:439: included_from: Included from here. curl-8.10.1-build/curl-8.10.1/src/tool_setup.h:38: included_from: Included from here. curl-8.10.1-build/curl-8.10.1/src/tool_writeout.c:24: included_from: Included from here. /usr/include/stdio.h:707:12: note: argument 1 of ‘fputs’ must be non-null # 419| } # 420| else # 421|-> fputs(strinfo, stream); # 422| } # 423| else { Error: GCC_ANALYZER_WARNING (CWE-476): [#def52] curl-8.10.1-build/curl-8.10.1/src/var.c: scope_hint: In function ‘varexpand’ curl-8.10.1-build/curl-8.10.1/src/var.c:219:29: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘envp’ # 217| do { # 218| envp = strstr(line, "{{"); # 219|-> if((envp > line) && envp[-1] == '\\') { # 220| /* preceding backslash, we want this verbatim */ # 221|
| analyzer-version-clippy | 1.82.0 |
| analyzer-version-cppcheck | 2.16.0 |
| analyzer-version-gcc | 14.2.1 |
| analyzer-version-gcc-analyzer | 15.0.0 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-179.us-west-2.compute.internal |
| mock-config | fedora-rawhide-gcc-latest-x86_64 |
| project-name | curl-8.10.1-2.fc42 |
| store-results-to | /tmp/tmpiqeixm6_/curl-8.10.1-2.fc42.tar.xz |
| time-created | 2024-11-12 23:43:23 |
| time-finished | 2024-11-12 23:47:56 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpiqeixm6_/curl-8.10.1-2.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpiqeixm6_/curl-8.10.1-2.fc42.src.rpm' |
| tool-version | csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9 |