jansson-2.14-1.fc42

List of Findings

Error: COMPILER_WARNING: [#def1]
jansson-2.14-build/jansson-2.14/src/error.c: scope_hint: In function 'jsonp_error_set_source'
jansson-2.14-build/jansson-2.14/src/error.c:25:9: warning[-Wstringop-truncation]: 'strncpy' specified bound depends on the length of the source argument
#   25 |         strncpy(error->source, source, length + 1);
#      |         ^
jansson-2.14-build/jansson-2.14/src/error.c:23:14: note: length computed here
#   23 |     length = strlen(source);
#      |              ^~~~~~~~~~~~~~
#   23|       length = strlen(source);
#   24|       if (length < JSON_ERROR_SOURCE_LENGTH)
#   25|->         strncpy(error->source, source, length + 1);
#   26|       else {
#   27|           size_t extra = length - JSON_ERROR_SOURCE_LENGTH + 4;

Error: GCC_ANALYZER_WARNING (CWE-835): [#def2]
jansson-2.14-build/jansson-2.14/src/load.c:227:12: warning[-Wanalyzer-infinite-loop]: infinite loop
jansson-2.14-build/jansson-2.14/src/load.c: scope_hint: In function 'lex_scan'
jansson-2.14-build/jansson-2.14/src/load.c: scope_hint: In function 'lex_scan'
jansson-2.14-build/jansson-2.14/src/load.c: scope_hint: In function 'lex_scan'
#  225|   
#  226|   static int lex_get(lex_t *lex, json_error_t *error) {
#  227|->     return stream_get(&lex->stream, error);
#  228|   }
#  229|   

Error: CPPCHECK_WARNING (CWE-664): [#def3]
jansson-2.14-build/jansson-2.14/src/value.c:845: error[va_list_usedBeforeStarted]: va_list 'aq' used before va_start() was called.
#  843|       char *buf;
#  844|       va_list aq;
#  845|->     va_copy(aq, ap);
#  846|   
#  847|       length = vsnprintf(NULL, 0, fmt, ap);

Scan Properties