Error: GCC_ANALYZER_WARNING (CWE-401): [#def1] libssh-0.11.1-build/libssh-0.11.1/include/libssh/libssh.h:843:29: warning[-Wanalyzer-malloc-leak]: leak of ‘h’ libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c:526:9: note: in expansion of macro ‘SSH_STRING_FREE’ libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c:54: included_from: Included from here. libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c:517:5: note: in expansion of macro ‘SSH_LOG’ libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c:526:9: note: in expansion of macro ‘SSH_STRING_FREE’ # 841| LIBSSH_API int ssh_string_fill(ssh_string str, const void *data, size_t len); # 842| #define SSH_STRING_FREE(x) \ # 843|-> do { if ((x) != NULL) { ssh_string_free(x); x = NULL; } } while(0) # 844| LIBSSH_API void ssh_string_free(ssh_string str); # 845| LIBSSH_API ssh_string ssh_string_from_char(const char *what); Error: GCC_ANALYZER_WARNING (CWE-401): [#def2] libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c:49: included_from: Included from here. libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c: scope_hint: In function ‘process_opendir’ libssh-0.11.1-build/libssh-0.11.1/include/libssh/libssh.h:881:29: warning[-Wanalyzer-malloc-leak]: leak of ‘h’ libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c:513:9: note: in expansion of macro ‘SSH_BUFFER_FREE’ libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c:513:9: note: in expansion of macro ‘SSH_BUFFER_FREE’ libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c:513:9: note: in expansion of macro ‘SSH_BUFFER_FREE’ # 879| LIBSSH_API void ssh_buffer_free(ssh_buffer buffer); # 880| #define SSH_BUFFER_FREE(x) \ # 881|-> do { if ((x) != NULL) { ssh_buffer_free(x); x = NULL; } } while(0) # 882| LIBSSH_API int ssh_buffer_reinit(ssh_buffer buffer); # 883| LIBSSH_API int ssh_buffer_add_data(ssh_buffer buffer, const void *data, uint32_t len); Error: GCC_ANALYZER_WARNING (CWE-465): [#def3] libssh-0.11.1-build/libssh-0.11.1/tests/torture.h:33: included_from: Included from here. libssh-0.11.1-build/libssh-0.11.1/tests/server/torture_sftpserver.c:34: included_from: Included from here. libssh-0.11.1-build/libssh-0.11.1/tests/server/torture_sftpserver.c: scope_hint: In function ‘session_teardown’ libssh-0.11.1-build/libssh-0.11.1/include/libssh/priv.h:353:30: warning[-Wanalyzer-deref-before-check]: check of ‘*s.ssh.tsftp’ for NULL after already dereferencing it libssh-0.11.1-build/libssh-0.11.1/tests/server/torture_sftpserver.c:342:5: note: in expansion of macro ‘SAFE_FREE’ libssh-0.11.1-build/libssh-0.11.1/include/libssh/priv.h:353:32: note: in definition of macro ‘SAFE_FREE’ libssh-0.11.1-build/libssh-0.11.1/tests/server/torture_sftpserver.c:342:5: note: in expansion of macro ‘SAFE_FREE’ # 351| # 352| /** Free memory space */ # 353|-> #define SAFE_FREE(x) do { if ((x) != NULL) {free(x); x=NULL;} } while(0) # 354| # 355| /** Zero a structure */ Error: GCC_ANALYZER_WARNING (CWE-465): [#def4] libssh-0.11.1-build/libssh-0.11.1/src/sftp.c:47: included_from: Included from here. libssh-0.11.1-build/libssh-0.11.1/src/sftp.c: scope_hint: In function ‘sftp_free’ libssh-0.11.1-build/libssh-0.11.1/include/libssh/priv.h:353:30: warning[-Wanalyzer-deref-before-check]: check of ‘*sftp.read_packet’ for NULL after already dereferencing it libssh-0.11.1-build/libssh-0.11.1/src/sftp.c:347:5: note: in expansion of macro ‘SAFE_FREE’ libssh-0.11.1-build/libssh-0.11.1/include/libssh/priv.h:353:32: note: in definition of macro ‘SAFE_FREE’ libssh-0.11.1-build/libssh-0.11.1/src/sftp.c:345:5: note: in expansion of macro ‘SAFE_FREE’ libssh-0.11.1-build/libssh-0.11.1/src/sftp.c:345:5: note: in expansion of macro ‘SAFE_FREE’ libssh-0.11.1-build/libssh-0.11.1/include/libssh/priv.h:191: included_from: Included from here. libssh-0.11.1-build/libssh-0.11.1/include/libssh/libssh.h:881:15: note: in definition of macro ‘SSH_BUFFER_FREE’ libssh-0.11.1-build/libssh-0.11.1/src/sftp.c:346:5: note: in expansion of macro ‘SSH_BUFFER_FREE’ libssh-0.11.1-build/libssh-0.11.1/include/libssh/priv.h:353:32: note: in definition of macro ‘SAFE_FREE’ libssh-0.11.1-build/libssh-0.11.1/src/sftp.c:347:5: note: in expansion of macro ‘SAFE_FREE’ # 351| # 352| /** Free memory space */ # 353|-> #define SAFE_FREE(x) do { if ((x) != NULL) {free(x); x=NULL;} } while(0) # 354| # 355| /** Zero a structure */ Error: GCC_ANALYZER_WARNING (CWE-476): [#def5] libssh-0.11.1-build/libssh-0.11.1/include/libssh/sftp_priv.h:72:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sftp’ libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_aio.c: scope_hint: In function ‘sftp_open’ libssh-0.11.1-build/libssh-0.11.1/tests/torture.h:33: included_from: Included from here. libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_aio.c:5: included_from: Included from here. libssh-0.11.1-build/libssh-0.11.1/src/sftp.c:1026:5: note: in expansion of macro ‘ZERO_STRUCT’ libssh-0.11.1-build/libssh-0.11.1/src/sftp.c:1046:5: note: in expansion of macro ‘SSH_LOG’ # 70| static inline uint32_t sftp_get_new_id(sftp_session session) # 71| { # 72|-> return ++session->id_counter; # 73| } # 74| Error: GCC_ANALYZER_WARNING (CWE-775): [#def6] libssh-0.11.1-build/libssh-0.11.1/src/bind.c: scope_hint: In function ‘ssh_bind_accept_fd’ libssh-0.11.1-build/libssh-0.11.1/src/bind.c:435:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*sshbind.bindfd’ # 433| } # 434| # 435|-> session->server = 1; # 436| # 437| /* Copy options from bind to session */ Error: GCC_ANALYZER_WARNING (CWE-688): [#def7] libssh-0.11.1-build/libssh-0.11.1/src/ecdh_crypto.c: scope_hint: In function ‘ecdh_build_k’ libssh-0.11.1-build/libssh-0.11.1/src/ecdh_crypto.c:339:8: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected libssh-0.11.1-build/libssh-0.11.1/src/ecdh_crypto.c: scope_hint: In function ‘ecdh_build_k’ <built-in>: note: argument 1 of ‘__builtin_strlen’ must be non-null # 337| } # 338| curve = ecdh_kex_type_to_curve(next_crypto->kex_type); # 339|-> rc = OSSL_PARAM_BLD_push_utf8_string(param_bld, # 340| OSSL_PKEY_PARAM_GROUP_NAME, # 341| (char *)curve, Error: GCC_ANALYZER_WARNING (CWE-401): [#def8] libssh-0.11.1-build/libssh-0.11.1/src/gssapi.c: scope_hint: In function ‘ssh_packet_userauth_gssapi_token_server’ libssh-0.11.1-build/libssh-0.11.1/src/gssapi.c:69:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ssh_gssapi_name_to_char(client_name)’ libssh-0.11.1-build/libssh-0.11.1/include/libssh/priv.h:192: included_from: Included from here. libssh-0.11.1-build/libssh-0.11.1/include/libssh/session.h:25: included_from: Included from here. libssh-0.11.1-build/libssh-0.11.1/include/libssh/gssapi.h:26: included_from: Included from here. libssh-0.11.1-build/libssh-0.11.1/src/gssapi.c:32: included_from: Included from here. libssh-0.11.1-build/libssh-0.11.1/include/libssh/callbacks.h:561:13: note: in definition of macro ‘SSH_PACKET_CALLBACK’ libssh-0.11.1-build/libssh-0.11.1/include/libssh/callbacks.h:467:4: note: in definition of macro ‘ssh_callbacks_exists’ # 67| # 68| do { # 69|-> gss_display_status(&dummy_min, # 70| maj_stat, # 71| GSS_C_GSS_CODE, Error: COMPILER_WARNING (CWE-477): [#def9] libssh-0.11.1-build/libssh-0.11.1/src/legacy.c: scope_hint: In function ‘channel_get_exit_status’ libssh-0.11.1-build/libssh-0.11.1/src/legacy.c:198:3: warning[-Wdeprecated-declarations]: ‘ssh_channel_get_exit_status’ is deprecated # 198 | return ssh_channel_get_exit_status(channel); # | ^~~~~~ libssh-0.11.1-build/libssh-0.11.1/include/libssh/libssh.h:471:31: note: declared here # 471 | SSH_DEPRECATED LIBSSH_API int ssh_channel_get_exit_status(ssh_channel channel); # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ # 196| # 197| int channel_get_exit_status(ssh_channel channel){ # 198|-> return ssh_channel_get_exit_status(channel); # 199| } # 200| Error: GCC_ANALYZER_WARNING (CWE-401): [#def10] libssh-0.11.1-build/libssh-0.11.1/src/sftp.c: scope_hint: In function ‘sftp_init’ libssh-0.11.1-build/libssh-0.11.1/src/sftp.c:434:16: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp’ libssh-0.11.1-build/libssh-0.11.1/src/sftp.c:51: included_from: Included from here. libssh-0.11.1-build/libssh-0.11.1/src/sftp.c:437:10: note: in expansion of macro ‘ssh_buffer_pack’ libssh-0.11.1-build/libssh-0.11.1/src/sftp.c:451:5: note: in expansion of macro ‘SSH_BUFFER_FREE’ libssh-0.11.1-build/libssh-0.11.1/src/sftp.c:466:10: note: in expansion of macro ‘ssh_buffer_unpack’ libssh-0.11.1-build/libssh-0.11.1/src/sftp.c:475:5: note: in expansion of macro ‘SSH_LOG’ libssh-0.11.1-build/libssh-0.11.1/src/sftp.c:488:9: note: in expansion of macro ‘SSH_LOG’ libssh-0.11.1-build/libssh-0.11.1/include/libssh/priv.h:298:24: note: in definition of macro ‘ssh_set_error_oom’ libssh-0.11.1-build/libssh-0.11.1/src/sftp.c:508:13: note: in expansion of macro ‘SAFE_FREE’ libssh-0.11.1-build/libssh-0.11.1/src/sftp.c:509:13: note: in expansion of macro ‘SAFE_FREE’ libssh-0.11.1-build/libssh-0.11.1/src/sftp.c:509:13: note: in expansion of macro ‘SAFE_FREE’ # 432| ssh_set_error_oom(sftp->session); # 433| sftp_set_error(sftp, SSH_FX_FAILURE); # 434|-> return -1; # 435| } # 436| Error: GCC_ANALYZER_WARNING (CWE-476): [#def11] libssh-0.11.1-build/libssh-0.11.1/src/sftp.c: scope_hint: In function ‘sftp_open’ libssh-0.11.1-build/libssh-0.11.1/src/sftp.c:1022:31: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sftp’ libssh-0.11.1-build/libssh-0.11.1/include/libssh/priv.h:298:24: note: in definition of macro ‘ssh_set_error_oom’ libssh-0.11.1-build/libssh-0.11.1/include/libssh/priv.h:298:24: note: in definition of macro ‘ssh_set_error_oom’ libssh-0.11.1-build/libssh-0.11.1/include/libssh/priv.h:298:24: note: in definition of macro ‘ssh_set_error_oom’ # 1020| buffer = ssh_buffer_new(); # 1021| if (buffer == NULL) { # 1022|-> ssh_set_error_oom(sftp->session); # 1023| return NULL; # 1024| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def12] libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c:507:8: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ # 505| # 506| out = ssh_buffer_new(); # 507|-> if (out == NULL) { # 508| return -1; # 509| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def13] libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c: scope_hint: In function ‘process_opendir’ libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c:507:8: warning[-Wanalyzer-malloc-leak]: leak of ‘h’ # 505| # 506| out = ssh_buffer_new(); # 507|-> if (out == NULL) { # 508| return -1; # 509| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def14] libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c: scope_hint: In function ‘sftp_handle_alloc’ libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c:666:12: warning[-Wanalyzer-malloc-leak]: leak of ‘*sftp.handles’ # 664| if (sftp->handles == NULL) { # 665| sftp->handles = calloc(SFTP_HANDLES, sizeof(void *)); # 666|-> if (sftp->handles == NULL) { # 667| return NULL; # 668| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def15] libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c: scope_hint: In function ‘process_read’ libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c:956:10: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ # 954| # 955| h = sftp_handle(sftp, handle); # 956|-> if (h->type == SFTP_FILE_HANDLE) { # 957| fd = h->fd; # 958| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def16] libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c: scope_hint: In function ‘process_write’ libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c:1014:10: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ # 1012| # 1013| h = sftp_handle(sftp, handle); # 1014|-> if (h->type == SFTP_FILE_HANDLE) { # 1015| fd = h->fd; # 1016| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def17] libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c: scope_hint: In function ‘process_close’ libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c:1059:10: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ # 1057| # 1058| h = sftp_handle(sftp, handle); # 1059|-> if (h->type == SFTP_FILE_HANDLE) { # 1060| int fd = h->fd; # 1061| close(fd); Error: GCC_ANALYZER_WARNING (CWE-476): [#def18] libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c: scope_hint: In function ‘process_readdir’ libssh-0.11.1-build/libssh-0.11.1/src/sftpserver.c:1226:10: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ # 1224| # 1225| h = sftp_handle(sftp, client_msg->handle); # 1226|-> if (h->type == SFTP_DIR_HANDLE) { # 1227| dir = h->dirp; # 1228| handle_name = h->name; Error: GCC_ANALYZER_WARNING: [#def19] libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_auth_cert.c: scope_hint: In function ‘agent_cert_setup_explicit’ libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_auth_cert.c:736:10: warning[-Wanalyzer-fd-use-without-check]: ‘read’ on possibly invalid file descriptor ‘open(&orig_doe_ssh_key, 0)’ # 734| fd = open(orig_doe_ssh_key, O_RDONLY); # 735| assert_true(fd > 0); # 736|-> rc = read(fd, keydata, sizeof(keydata)); # 737| assert_true(rc > 0); # 738| keydata[rc] = '\0'; Error: GCC_ANALYZER_WARNING: [#def20] libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_request_pty_modes.c: scope_hint: In function ‘torture_request_pty_modes_use_stdin_modes’ libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_request_pty_modes.c:183:5: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘stdin_backup_fd’ libssh-0.11.1-build/libssh-0.11.1/tests/torture.h:37: included_from: Included from here. libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_request_pty_modes.c:26: included_from: Included from here. # 181| # 182| /* revert the changes to STDIN first! */ # 183|-> dup2(stdin_backup_fd, STDIN_FILENO); # 184| close(stdin_backup_fd); # 185| close(master_fd); Error: GCC_ANALYZER_WARNING: [#def21] libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_request_pty_modes.c: scope_hint: In function ‘torture_request_pty_modes_use_default_modes’ libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_request_pty_modes.c:226:5: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘stdin_backup_fd’ # 224| # 225| /* revert the changes to STDIN first! */ # 226|-> dup2(stdin_backup_fd, STDIN_FILENO); # 227| close(stdin_backup_fd); # 228| Error: COMPILER_WARNING (CWE-477): [#def22] libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_session.c: scope_hint: In function ‘torture_freed_channel_get_exit_status’ libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_session.c:504:9: warning[-Wdeprecated-declarations]: ‘ssh_channel_get_exit_status’ is deprecated # 504 | rc = ssh_channel_get_exit_status(channel); # | ^~ libssh-0.11.1-build/libssh-0.11.1/include/libssh/priv.h:191: included_from: Included from here. libssh-0.11.1-build/libssh-0.11.1/tests/torture.h:33: included_from: Included from here. libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_session.c:26: included_from: Included from here. libssh-0.11.1-build/libssh-0.11.1/include/libssh/libssh.h:471:31: note: declared here # 471 | SSH_DEPRECATED LIBSSH_API int ssh_channel_get_exit_status(ssh_channel channel); # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ # 502| # 503| if (!channel_freed) { # 504|-> rc = ssh_channel_get_exit_status(channel); # 505| assert_ssh_return_code_equal(session, rc, SSH_ERROR); # 506| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def23] libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_aio.c: scope_hint: In function ‘torture_sftp_aio_read_file’ libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_aio.c:94:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ # 92| li = sftp_limits(t->sftp); # 93| assert_non_null(li); # 94|-> chunk_size = li->max_read_length; # 95| # 96| a.buf = calloc(chunk_size, 1); Error: GCC_ANALYZER_WARNING (CWE-476): [#def24] libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_aio.c:114:15: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ libssh-0.11.1-build/libssh-0.11.1/src/sftp.c: scope_hint: In function ‘torture_sftp_aio_read_file’ libssh-0.11.1-build/libssh-0.11.1/src/sftp.c: scope_hint: In function ‘torture_sftp_aio_read_file’ libssh-0.11.1-build/libssh-0.11.1/include/libssh/priv.h:298:24: note: in definition of macro ‘ssh_set_error_oom’ libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_aio.c: scope_hint: In function ‘torture_sftp_aio_read_file’ # 112| file_attr = sftp_stat(t->sftp, SSH_EXECUTABLE); # 113| assert_non_null(file_attr); # 114|-> file_size = file_attr->size; # 115| # 116| total_bytes_requested = 0; Error: GCC_ANALYZER_WARNING (CWE-476): [#def25] libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_aio.c: scope_hint: In function ‘torture_sftp_aio_read_more_than_cap’ libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_aio.c:223:35: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ # 221| /* Try reading more than the max limit */ # 222| bytes = sftp_aio_begin_read(file, # 223|-> li->max_read_length * 2, # 224| &aio); # 225| assert_int_equal(bytes, li->max_read_length); Error: GCC_ANALYZER_WARNING (CWE-476): [#def26] libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_aio.c: scope_hint: In function ‘torture_sftp_aio_write_file’ libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_aio.c:263:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ # 261| li = sftp_limits(t->sftp); # 262| assert_non_null(li); # 263|-> chunk_size = li->max_write_length; # 264| # 265| rd.buf = calloc(chunk_size, 1); Error: GCC_ANALYZER_WARNING (CWE-476): [#def27] libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_aio.c: scope_hint: In function ‘torture_sftp_aio_write_more_than_cap’ libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_aio.c:339:18: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ # 337| assert_non_null(li); # 338| # 339|-> buf_size = li->max_write_length * 2; # 340| buf = calloc(buf_size, 1); # 341| assert_non_null(buf); Error: GCC_ANALYZER_WARNING (CWE-476): [#def28] libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_aio.c: scope_hint: In function ‘torture_sftp_aio_read_negative’ libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_aio.c:381:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ # 379| li = sftp_limits(t->sftp); # 380| assert_non_null(li); # 381|-> chunk_size = li->max_read_length; # 382| # 383| buf = calloc(chunk_size, 1); Error: GCC_ANALYZER_WARNING (CWE-476): [#def29] libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_aio.c: scope_hint: In function ‘torture_sftp_aio_write_negative’ libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_aio.c:459:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ # 457| li = sftp_limits(t->sftp); # 458| assert_non_null(li); # 459|-> chunk_size = li->max_write_length; # 460| # 461| buf = calloc(chunk_size, 1); Error: GCC_ANALYZER_WARNING (CWE-476): [#def30] libssh-0.11.1-build/libssh-0.11.1/tests/torture.h:37: included_from: Included from here. libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_limits.c: scope_hint: In function ‘torture_sftp_limits’ libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_limits.c:139:28: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ # 137| } else { # 138| /* Check for the default limits */ # 139|-> assert_int_equal(li->max_packet_length, 34000); # 140| assert_int_equal(li->max_read_length, 32768); # 141| assert_int_equal(li->max_write_length, 32768); Error: GCC_ANALYZER_WARNING (CWE-457): [#def31] libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_packet_read.c: scope_hint: In function ‘torture_sftp_packet_read’ libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_packet_read.c:88:5: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘fds[0]’ # 86| # 87| t->ssh->opts.timeout = 1; # 88|-> ssh_socket_set_fd(t->ssh->socket, fds[0]); # 89| # 90| /* Error: GCC_ANALYZER_WARNING (CWE-476): [#def32] libssh-0.11.1-build/libssh-0.11.1/tests/torture.h:37: included_from: Included from here. libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_setstat.c:7: included_from: Included from here. libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_setstat.c: scope_hint: In function ‘torture_sftp_setstat_chown’ libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_setstat.c:158:30: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ libssh-0.11.1-build/libssh-0.11.1/src/sftp.c: scope_hint: In function ‘torture_sftp_setstat_chown’ libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_setstat.c: scope_hint: In function ‘torture_sftp_setstat_chown’ # 156| tmp_attr = sftp_stat(t->sftp, name); # 157| assert_non_null(tmp_attr); # 158|-> assert_int_equal(tmp_attr->uid, pwd->pw_uid); # 159| assert_int_equal(tmp_attr->gid, pwd->pw_gid); # 160| sftp_attributes_free(tmp_attr); Error: GCC_ANALYZER_WARNING (CWE-476): [#def33] libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_setstat.c: scope_hint: In function ‘torture_sftp_lsetstat_chown’ libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_setstat.c:289:30: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ libssh-0.11.1-build/libssh-0.11.1/src/sftp.c: scope_hint: In function ‘torture_sftp_lsetstat_chown’ libssh-0.11.1-build/libssh-0.11.1/tests/client/torture_sftp_setstat.c: scope_hint: In function ‘torture_sftp_lsetstat_chown’ # 287| tmp_attr = sftp_lstat(t->sftp, name); # 288| assert_non_null(tmp_attr); # 289|-> assert_int_equal(tmp_attr->uid, pwd->pw_uid); # 290| assert_int_equal(tmp_attr->gid, pwd->pw_gid); # 291| sftp_attributes_free(tmp_attr); Error: GCC_ANALYZER_WARNING (CWE-775): [#def34] libssh-0.11.1-build/libssh-0.11.1/tests/server/test_server/test_server.c: scope_hint: In function ‘run_server’ libssh-0.11.1-build/libssh-0.11.1/tests/server/test_server/test_server.c:125:12: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(*state.log_file, "a")’ # 123| } # 124| fd = dup2(fileno(f), STDERR_FILENO); # 125|-> if (fd == -1) { # 126| fprintf(stderr, "dup2 of log file to stderr failed: %s\n", # 127| strerror(errno)); Error: GCC_ANALYZER_WARNING (CWE-401): [#def35] libssh-0.11.1-build/libssh-0.11.1/tests/server/test_server/test_server.c:125:12: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(*state.log_file, "a")’ # 123| } # 124| fd = dup2(fileno(f), STDERR_FILENO); # 125|-> if (fd == -1) { # 126| fprintf(stderr, "dup2 of log file to stderr failed: %s\n", # 127| strerror(errno)); Error: GCC_ANALYZER_WARNING (CWE-775): [#def36] libssh-0.11.1-build/libssh-0.11.1/tests/server/test_server/test_server.c:131:12: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(*state.log_file, "a")’ # 129| } # 130| fd = dup2(fileno(f), STDOUT_FILENO); # 131|-> if (fd == -1) { # 132| fprintf(stderr, "dup2 of log file to stdout failed: %s\n", # 133| strerror(errno)); Error: GCC_ANALYZER_WARNING (CWE-401): [#def37] libssh-0.11.1-build/libssh-0.11.1/tests/server/test_server/test_server.c:131:12: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(*state.log_file, "a")’ # 129| } # 130| fd = dup2(fileno(f), STDOUT_FILENO); # 131|-> if (fd == -1) { # 132| fprintf(stderr, "dup2 of log file to stdout failed: %s\n", # 133| strerror(errno)); Error: GCC_ANALYZER_WARNING (CWE-688): [#def38] libssh-0.11.1-build/libssh-0.11.1/tests/unittests/torture_options.c: scope_hint: In function ‘torture_options_minus_sign’ libssh-0.11.1-build/libssh-0.11.1/tests/unittests/torture_options.c:1664:5: warning[-Wanalyzer-null-argument]: use of NULL ‘p’ where non-null expected <built-in>: note: argument 1 of ‘__builtin_memmove’ must be non-null # 1662| p = strstr(awaited, alg); # 1663| assert_non_null(p); # 1664|-> memmove(p, p+alg_len, strlen(p + alg_len) + 1); # 1665| # 1666| if (ssh_fips_mode()) { Error: GCC_ANALYZER_WARNING (CWE-688): [#def39] libssh-0.11.1-build/libssh-0.11.1/tests/unittests/torture_options.c:1677:5: warning[-Wanalyzer-null-argument]: use of NULL ‘p’ where non-null expected <built-in>: note: argument 1 of ‘__builtin_memmove’ must be non-null # 1675| p = strstr(awaited, algs); # 1676| assert_non_null(p); # 1677|-> memmove(p, p+algs_len, strlen(p + algs_len) + 1); # 1678| # 1679| if (ssh_fips_mode()) { Error: GCC_ANALYZER_WARNING (CWE-688): [#def40] libssh-0.11.1-build/libssh-0.11.1/tests/unittests/torture_options.c: scope_hint: In function ‘torture_options_caret_sign’ libssh-0.11.1-build/libssh-0.11.1/tests/unittests/torture_options.c:1730:9: warning[-Wanalyzer-null-argument]: use of NULL ‘p’ where non-null expected <built-in>: note: argument 1 of ‘__builtin_memmove’ must be non-null # 1728| /* look for second occurrence */ # 1729| p = strstr(p+1, algs); # 1730|-> memmove(p, p+alg_len, strlen(p + alg_len) + 1); # 1731| } # 1732| Error: GCC_ANALYZER_WARNING (CWE-688): [#def41] libssh-0.11.1-build/libssh-0.11.1/tests/unittests/torture_options.c:1752:9: warning[-Wanalyzer-null-argument]: use of NULL ‘p’ where non-null expected <built-in>: note: argument 1 of ‘__builtin_memmove’ must be non-null # 1750| /* look for second occurrence */ # 1751| p = strstr(p+1, algs); # 1752|-> memmove(p, p+algs_len, strlen(p + algs_len) + 1); # 1753| } # 1754|
| analyzer-version-clippy | 1.82.0 |
| analyzer-version-cppcheck | 2.16.0 |
| analyzer-version-gcc | 14.2.1 |
| analyzer-version-gcc-analyzer | 15.0.0 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.82.0 |
| diffbase-analyzer-version-cppcheck | 2.16.0 |
| diffbase-analyzer-version-gcc | 14.2.1 |
| diffbase-analyzer-version-gcc-analyzer | 15.0.0 |
| diffbase-analyzer-version-shellcheck | 0.10.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-86.us-west-2.compute.internal |
| diffbase-mock-config | fedora-rawhide-gcc-latest-x86_64 |
| diffbase-project-name | libssh-0.10.6-8.fc41 |
| diffbase-store-results-to | /tmp/tmpfu2djo8y/libssh-0.10.6-8.fc41.tar.xz |
| diffbase-time-created | 2024-11-13 01:40:28 |
| diffbase-time-finished | 2024-11-13 01:47:48 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpfu2djo8y/libssh-0.10.6-8.fc41.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpfu2djo8y/libssh-0.10.6-8.fc41.src.rpm' |
| diffbase-tool-version | csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-86.us-west-2.compute.internal |
| mock-config | fedora-rawhide-gcc-latest-x86_64 |
| project-name | libssh-0.11.1-1.fc42 |
| store-results-to | /tmp/tmpxoq8qzff/libssh-0.11.1-1.fc42.tar.xz |
| time-created | 2024-11-13 01:48:01 |
| time-finished | 2024-11-13 01:55:05 |
| title | Newly introduced findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpxoq8qzff/libssh-0.11.1-1.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpxoq8qzff/libssh-0.11.1-1.fc42.src.rpm' |
| tool-version | csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9 |