libssh2-1.11.1-1.fc42

List of Findings

Error: COMPILER_WARNING (CWE-252): [#def1]
libssh2-1.11.1-build/libssh2-1.11.1/example/scp.c: scope_hint: In function ‘main’
libssh2-1.11.1-build/libssh2-1.11.1/example/scp.c:163:13: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  163 |             write(1, mem, (size_t)nread);
#      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~

Error: COMPILER_WARNING (CWE-252): [#def2]
libssh2-1.11.1-build/libssh2-1.11.1/example/scp_nonblock.c: scope_hint: In function ‘main’
libssh2-1.11.1-build/libssh2-1.11.1/example/scp_nonblock.c:255:17: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  255 |                 write(1, mem, (size_t)nread);
#      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~

Error: GCC_ANALYZER_WARNING (CWE-775): [#def3]
libssh2-1.11.1-build/libssh2-1.11.1/example/scp_write_nonblock.c: scope_hint: In function ‘main’
libssh2-1.11.1-build/libssh2-1.11.1/example/scp_write_nonblock.c:135:5: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(loclfile, "rb")’

Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
libssh2-1.11.1-build/libssh2-1.11.1/example/scp_write_nonblock.c:135:5: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(loclfile, "rb")’

Error: COMPILER_WARNING (CWE-252): [#def5]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp.c: scope_hint: In function ‘kbd_callback’
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp.c:73:9: warning[-Wunused-result]: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’
#   73 |         fgets(buf, sizeof(buf), stdin);
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Error: GCC_ANALYZER_WARNING (CWE-688): [#def6]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp.c:83:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘*<unknown>.text’ where non-null expected
/usr/include/stdio.h:735:15: note: argument 1 of ‘fwrite’ must be non-null

Error: GCC_ANALYZER_WARNING (CWE-688): [#def7]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp.c: scope_hint: In function ‘kbd_callback’
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp.c:83:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘*responses.text’ where non-null expected
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp.c:34: included_from: Included from here.
/usr/include/stdio.h:735:15: note: argument 1 of ‘fwrite’ must be non-null

Error: COMPILER_WARNING (CWE-252): [#def8]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp.c: scope_hint: In function ‘main’
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp.c:278:13: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  278 |             write(1, mem, (size_t)nread);
#      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~

Error: COMPILER_WARNING (CWE-252): [#def9]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_RW_nonblock.c: scope_hint: In function ‘main’
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_RW_nonblock.c:245:17: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  245 |                 write(2, mem, (size_t)nread);
#      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~

Error: COMPILER_WARNING (CWE-252): [#def10]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_nonblock.c: scope_hint: In function ‘main’
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_nonblock.c:267:13: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  267 |             write(1, mem, (size_t)nread);
#      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~

Error: GCC_ANALYZER_WARNING (CWE-775): [#def11]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_nonblock.c: scope_hint: In function ‘main’
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_nonblock.c:146:7: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(loclfile, "rb")’

Error: GCC_ANALYZER_WARNING (CWE-401): [#def12]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_nonblock.c:146:7: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(loclfile, "rb")’

Error: GCC_ANALYZER_WARNING (CWE-775): [#def13]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_nonblock.c:154:7: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(loclfile, "rb")’

Error: GCC_ANALYZER_WARNING (CWE-401): [#def14]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_nonblock.c:154:7: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(loclfile, "rb")’

Error: GCC_ANALYZER_WARNING (CWE-775): [#def15]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_nonblock.c:161:7: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(loclfile, "rb")’
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_nonblock.c:14: included_from: Included from here.
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_nonblock.c:160:15: note: in expansion of macro ‘libssh2_session_init’

Error: GCC_ANALYZER_WARNING (CWE-401): [#def16]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_nonblock.c:161:7: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(loclfile, "rb")’
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_nonblock.c:160:15: note: in expansion of macro ‘libssh2_session_init’

Error: GCC_ANALYZER_WARNING (CWE-775): [#def17]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_nonblock.c:174:7: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(loclfile, "rb")’
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_nonblock.c:160:15: note: in expansion of macro ‘libssh2_session_init’

Error: GCC_ANALYZER_WARNING (CWE-401): [#def18]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_nonblock.c:174:7: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(loclfile, "rb")’
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_nonblock.c:160:15: note: in expansion of macro ‘libssh2_session_init’

Error: GCC_ANALYZER_WARNING (CWE-775): [#def19]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_nonblock.c:187:60: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(loclfile, "rb")’
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_nonblock.c:160:15: note: in expansion of macro ‘libssh2_session_init’

Error: GCC_ANALYZER_WARNING (CWE-401): [#def20]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_nonblock.c:187:60: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(loclfile, "rb")’
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_nonblock.c:160:15: note: in expansion of macro ‘libssh2_session_init’

Error: GCC_ANALYZER_WARNING (CWE-775): [#def21]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_sliding.c: scope_hint: In function ‘main’
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_sliding.c:147:7: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(loclfile, "rb")’

Error: GCC_ANALYZER_WARNING (CWE-401): [#def22]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_sliding.c:147:7: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(loclfile, "rb")’

Error: GCC_ANALYZER_WARNING (CWE-775): [#def23]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_sliding.c:155:7: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(loclfile, "rb")’

Error: GCC_ANALYZER_WARNING (CWE-401): [#def24]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_sliding.c:155:7: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(loclfile, "rb")’

Error: GCC_ANALYZER_WARNING (CWE-775): [#def25]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_sliding.c:162:7: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(loclfile, "rb")’
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_sliding.c:14: included_from: Included from here.
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_sliding.c:161:15: note: in expansion of macro ‘libssh2_session_init’

Error: GCC_ANALYZER_WARNING (CWE-401): [#def26]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_sliding.c:162:7: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(loclfile, "rb")’
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_sliding.c:161:15: note: in expansion of macro ‘libssh2_session_init’

Error: GCC_ANALYZER_WARNING (CWE-775): [#def27]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_sliding.c:175:7: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(loclfile, "rb")’
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_sliding.c:161:15: note: in expansion of macro ‘libssh2_session_init’

Error: GCC_ANALYZER_WARNING (CWE-401): [#def28]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_sliding.c:175:7: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(loclfile, "rb")’
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_sliding.c:161:15: note: in expansion of macro ‘libssh2_session_init’

Error: GCC_ANALYZER_WARNING (CWE-775): [#def29]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_sliding.c:188:60: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(loclfile, "rb")’
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_sliding.c:161:15: note: in expansion of macro ‘libssh2_session_init’

Error: GCC_ANALYZER_WARNING (CWE-401): [#def30]
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_sliding.c:188:60: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(loclfile, "rb")’
libssh2-1.11.1-build/libssh2-1.11.1/example/sftp_write_sliding.c:161:15: note: in expansion of macro ‘libssh2_session_init’

Error: GCC_ANALYZER_WARNING (CWE-835): [#def31]
libssh2-1.11.1-build/libssh2-1.11.1/example/x11.c: scope_hint: In function ‘remove_node’
libssh2-1.11.1-build/libssh2-1.11.1/example/x11.c:71:23: warning[-Wanalyzer-infinite-loop]: infinite loop

Error: GCC_ANALYZER_WARNING (CWE-476): [#def32]
libssh2-1.11.1-build/libssh2-1.11.1/example/x11.c: scope_hint: In function ‘x11_callback’
libssh2-1.11.1-build/libssh2-1.11.1/example/x11.c:170:39: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘gp_x11_chan’

Error: GCC_ANALYZER_WARNING (CWE-476): [#def33]
libssh2-1.11.1-build/libssh2-1.11.1/example/x11.c:181:31: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘new’

Error: COMPILER_WARNING (CWE-252): [#def34]
libssh2-1.11.1-build/libssh2-1.11.1/example/x11.c: scope_hint: In function ‘x11_send_receive’
libssh2-1.11.1-build/libssh2-1.11.1/example/x11.c:242:13: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  242 |             write(sock, buf, (size_t)nread);
#      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Error: GCC_ANALYZER_WARNING (CWE-775): [#def35]
libssh2-1.11.1-build/libssh2-1.11.1/src/agent.c: scope_hint: In function 'agent_connect_unix'
libssh2-1.11.1-build/libssh2-1.11.1/src/agent.c:195:7: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'socket(1, 1, 0)'
#  193|       s_un.sun_path[sizeof(s_un.sun_path)-1] = 0; /* make sure there's a trailing
#  194|                                                      zero */
#  195|->     if(connect(agent->fd, (struct sockaddr*)(&s_un), sizeof(s_un)) != 0) {
#  196|           close(agent->fd);
#  197|           return _libssh2_error(agent->session, LIBSSH2_ERROR_AGENT_PROTOCOL,

Error: CPPCHECK_WARNING (CWE-562): [#def36]
libssh2-1.11.1-build/libssh2-1.11.1/src/kex.c:2091: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
# 2089|           switch(type) {
# 2090|               case LIBSSH2_EC_CURVE_NISTP256:
# 2091|->                 LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY(256);
# 2092|                   break;
# 2093|               case LIBSSH2_EC_CURVE_NISTP384:

Error: CPPCHECK_WARNING (CWE-562): [#def37]
libssh2-1.11.1-build/libssh2-1.11.1/src/kex.c:2094: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
# 2092|                   break;
# 2093|               case LIBSSH2_EC_CURVE_NISTP384:
# 2094|->                 LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY(384);
# 2095|                   break;
# 2096|               case LIBSSH2_EC_CURVE_NISTP521:

Error: CPPCHECK_WARNING (CWE-562): [#def38]
libssh2-1.11.1-build/libssh2-1.11.1/src/kex.c:2097: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
# 2095|                   break;
# 2096|               case LIBSSH2_EC_CURVE_NISTP521:
# 2097|->                 LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY(512);
# 2098|                   break;
# 2099|           }

Error: GCC_ANALYZER_WARNING (CWE-457): [#def39]
libssh2-1.11.1-build/libssh2-1.11.1/src/misc.c: scope_hint: In function 'libssh2_base64_decode'
libssh2-1.11.1-build/libssh2-1.11.1/src/misc.c:371:20: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'dlen'
#  369|   
#  370|       if(datalen)
#  371|->         *datalen = (unsigned int)dlen;
#  372|   
#  373|       return rc;

Error: GCC_ANALYZER_WARNING (CWE-835): [#def40]
libssh2-1.11.1-build/libssh2-1.11.1/src/scp.c: scope_hint: In function 'scp_recv'
libssh2-1.11.1-build/libssh2-1.11.1/src/scp.c:407:18: warning[-Wanalyzer-infinite-loop]: infinite loop
#  405|       if((session->scpRecv_state == libssh2_NB_state_sent2)
#  406|           || (session->scpRecv_state == libssh2_NB_state_sent3)) {
#  407|->         while(sb && (session->scpRecv_response_len <
#  408|                        LIBSSH2_SCP_RESPONSE_BUFLEN)) {
#  409|               unsigned char *s, *p;

Error: GCC_ANALYZER_WARNING (CWE-835): [#def41]
libssh2-1.11.1-build/libssh2-1.11.1/src/scp.c:608:22: warning[-Wanalyzer-infinite-loop]: infinite loop
#  606|       if((session->scpRecv_state == libssh2_NB_state_sent5)
#  607|           || (session->scpRecv_state == libssh2_NB_state_sent6)) {
#  608|->         while(session->scpRecv_response_len < LIBSSH2_SCP_RESPONSE_BUFLEN) {
#  609|               char *s, *p, *e = NULL;
#  610|   

Error: CPPCHECK_WARNING (CWE-562): [#def42]
libssh2-1.11.1-build/libssh2-1.11.1/src/session.c:482: error[returnDanglingLifetime]: Returning pointer to local variable 'abstract' that will be invalid when returning.
#  480|           _libssh2_init_if_needed();
#  481|       }
#  482|->     return session;
#  483|   }
#  484|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def43]
libssh2-1.11.1-build/libssh2-1.11.1/src/transport.c: scope_hint: In function '_libssh2_transport_read'
libssh2-1.11.1-build/libssh2-1.11.1/src/transport.c:583:21: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '&block'
libssh2-1.11.1-build/libssh2-1.11.1/src/transport.c:45: included_from: Included from here.
libssh2-1.11.1-build/libssh2-1.11.1/src/transport.c:441:16: note: in expansion of macro 'CRYPT_FLAG_R'
libssh2-1.11.1-build/libssh2-1.11.1/src/transport.c:441:16: note: in expansion of macro 'CRYPT_FLAG_R'
libssh2-1.11.1-build/libssh2-1.11.1/src/transport.c:49: included_from: Included from here.
#  581|                          used in the hash calculation later down.
#  582|                          This is ignored in the INTEGRATED_MAC case. */
#  583|->                     memcpy(p->init, block, 5);
#  584|                   }
#  585|                   else {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def44]
libssh2-1.11.1-build/libssh2-1.11.1/src/transport.c:628:44: warning[-Wanalyzer-null-dereference]: dereference of NULL 'remote_mac'
libssh2-1.11.1-build/libssh2-1.11.1/src/transport.c:441:16: note: in expansion of macro 'CRYPT_FLAG_R'
libssh2-1.11.1-build/libssh2-1.11.1/src/transport.c:441:16: note: in expansion of macro 'CRYPT_FLAG_R'
libssh2-1.11.1-build/libssh2-1.11.1/src/transport.c:600:31: note: in expansion of macro 'CRYPT_FLAG_R'
#  626|                        (5 bytes) packet length and padding length fields */
#  627|                       total_num = p->packet_length - 1 +
#  628|->                     (encrypted ? remote_mac->mac_len : 0);
#  629|                   }
#  630|               }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def45]
libssh2-1.11.1-build/libssh2-1.11.1/src/transport.c: scope_hint: In function '_libssh2_transport_send'
libssh2-1.11.1-build/libssh2-1.11.1/src/transport.c:1241:21: warning[-Wanalyzer-null-dereference]: dereference of NULL 'local_mac'
libssh2-1.11.1-build/libssh2-1.11.1/src/transport.c:1051:9: note: in expansion of macro 'CRYPT_FLAG_R'
libssh2-1.11.1-build/libssh2-1.11.1/src/transport.c:1051:9: note: in expansion of macro 'CRYPT_FLAG_R'
libssh2-1.11.1-build/libssh2-1.11.1/src/transport.c:1189:12: note: in expansion of macro 'CRYPT_FLAG_L'
libssh2-1.11.1-build/libssh2-1.11.1/src/transport.c:1189:12: note: in expansion of macro 'CRYPT_FLAG_L'
# 1239|               /* Call crypt one last time so it can be filled in with the MAC */
# 1240|               if(CRYPT_FLAG_L(session, INTEGRATED_MAC)) {
# 1241|->                 int authlen = local_mac->mac_len;
# 1242|                   assert((size_t)total_length <=
# 1243|                          packet_length + session->local.crypt->blocksize);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def46]
libssh2-1.11.1-build/libssh2-1.11.1/src/userauth.c: scope_hint: In function 'sign_fromfile'
libssh2-1.11.1-build/libssh2-1.11.1/src/userauth.c:888:18: warning[-Wanalyzer-null-dereference]: dereference of NULL 'privkeyobj'
libssh2-1.11.1-build/libssh2-1.11.1/src/userauth.c:52: included_from: Included from here.
libssh2-1.11.1-build/libssh2-1.11.1/src/session.h:59:18: note: in definition of macro 'BLOCK_ADJUST'
libssh2-1.11.1-build/libssh2-1.11.1/src/userauth.c:42: included_from: Included from here.
libssh2-1.11.1-build/libssh2-1.11.1/src/userauth.c:1733:19: note: in expansion of macro 'LIBSSH2_ALLOC'
#  886|       datavec.iov_len  = data_len;
#  887|   
#  888|->     if(privkeyobj->signv(session, sig, sig_len, 1, &datavec,
#  889|                            &hostkey_abstract)) {
#  890|           if(privkeyobj->dtor) {
Scan Properties

analyzer-version-clippy	1.82.0
analyzer-version-cppcheck	2.16.0
analyzer-version-gcc	14.2.1
analyzer-version-gcc-analyzer	15.0.0
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-40.us-west-2.compute.internal
mock-config	fedora-rawhide-gcc-latest-x86_64
project-name	libssh2-1.11.1-1.fc42
store-results-to	/tmp/tmp4sq4suy9/libssh2-1.11.1-1.fc42.tar.xz
time-created	2024-11-13 01:54:07
time-finished	2024-11-13 01:55:43
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmp4sq4suy9/libssh2-1.11.1-1.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmp4sq4suy9/libssh2-1.11.1-1.fc42.src.rpm'
tool-version	csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9