Error: GCC_ANALYZER_WARNING (CWE-789): [#def1] libusb1-1.0.27-build/libusb-1.0.27/examples/ezusb.c: scope_hint: In function ‘fx3_load_ram’ libusb1-1.0.27-build/libusb-1.0.27/examples/ezusb.c:649:40: warning[-Wanalyzer-tainted-allocation-size]: use of attacker-controlled value ‘(long unsigned int)dLength * 4’ as allocation size without upper-bounds checking libusb1-1.0.27-build/libusb-1.0.27/examples/ezusb.c:649:40: note: heap-based allocation # 647| # 648| // coverity[tainted_data] # 649|-> dImageBuf = (uint32_t*)calloc(dLength, sizeof(uint32_t)); # 650| if (dImageBuf == NULL) { # 651| logerror("could not allocate buffer for image chunk\n"); Error: GCC_ANALYZER_WARNING (CWE-129): [#def2] libusb1-1.0.27-build/libusb-1.0.27/examples/ezusb.c:649:40: warning[-Wanalyzer-tainted-size]: use of attacker-controlled value ‘(long unsigned int)dLength * 4’ as size without upper-bounds checking # 647| # 648| // coverity[tainted_data] # 649|-> dImageBuf = (uint32_t*)calloc(dLength, sizeof(uint32_t)); # 650| if (dImageBuf == NULL) { # 651| logerror("could not allocate buffer for image chunk\n"); Error: GCC_ANALYZER_WARNING (CWE-457): [#def3] libusb1-1.0.27-build/libusb-1.0.27/examples/xusb.c: scope_hint: In function ‘send_mass_storage_command’ libusb1-1.0.27-build/libusb-1.0.27/examples/xusb.c:352:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘cdb’ libusb1-1.0.27-build/libusb-1.0.27/examples/xusb.c:858:9: note: in expansion of macro ‘CALL_CHECK_CLOSE’ libusb1-1.0.27-build/libusb-1.0.27/examples/xusb.c:882:9: note: in expansion of macro ‘CALL_CHECK_CLOSE’ libusb1-1.0.27-build/libusb-1.0.27/examples/xusb.c:67:50: note: in definition of macro ‘CALL_CHECK_CLOSE’ # 350| // Subclass is 1 or 6 => cdb_len # 351| cbw.bCBWCBLength = cdb_len; # 352|-> memcpy(cbw.CBWCB, cdb, cdb_len); # 353| # 354| i = 0; Error: GCC_ANALYZER_WARNING (CWE-457): [#def4] libusb1-1.0.27-build/libusb-1.0.27/examples/xusb.c: scope_hint: In function ‘test_mass_storage’ libusb1-1.0.27-build/libusb-1.0.27/examples/xusb.c:503:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘expected_tag’ libusb1-1.0.27-build/libusb-1.0.27/examples/xusb.c:858:9: note: in expansion of macro ‘CALL_CHECK_CLOSE’ libusb1-1.0.27-build/libusb-1.0.27/examples/xusb.c:882:9: note: in expansion of macro ‘CALL_CHECK_CLOSE’ libusb1-1.0.27-build/libusb-1.0.27/examples/xusb.c:67:50: note: in definition of macro ‘CALL_CHECK_CLOSE’ libusb1-1.0.27-build/libusb-1.0.27/examples/xusb.c:491:9: note: in expansion of macro ‘CALL_CHECK’ # 501| rev[4] = 0; # 502| printf(" VID:PID:REV \"%8s\":\"%8s\":\"%4s\"\n", vid, pid, rev); # 503|-> if (get_mass_storage_status(handle, endpoint_in, expected_tag) == -2) { # 504| get_sense(handle, endpoint_in, endpoint_out); # 505| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def5] libusb1-1.0.27-build/libusb-1.0.27/libusb/core.c: scope_hint: In function 'libusb_set_log_cb_internal.part.0' libusb1-1.0.27-build/libusb-1.0.27/libusb/core.c:2227:34: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' libusb1-1.0.27-build/libusb-1.0.27/libusb/core.c:23: included_from: Included from here. # 2225| if (mode & LIBUSB_LOG_CB_CONTEXT) { # 2226| ctx = usbi_get_context(ctx); # 2227|-> ctx->log_handler = cb; # 2228| } # 2229| #else Error: GCC_ANALYZER_WARNING (CWE-685): [#def6] libusb1-1.0.27-build/libusb-1.0.27/libusb/core.c: scope_hint: In function 'libusb_set_option' libusb1-1.0.27-build/libusb-1.0.27/libusb/core.c:2310:24: warning[-Wanalyzer-va-list-exhausted]: 'ap' has no more arguments (0 consumed) libusb1-1.0.27-build/libusb-1.0.27/libusb/libusbi.h:117: included_from: Included from here. libusb1-1.0.27-build/libusb-1.0.27/libusb/libusbi.h:29: included_from: Included from here. libusb1-1.0.27-build/libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ' libusb1-1.0.27-build/libusb-1.0.27/libusb/os/threads_posix.h:32:9: note: in expansion of macro 'PTHREAD_CHECK' libusb1-1.0.27-build/libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ' libusb1-1.0.27-build/libusb-1.0.27/libusb/os/threads_posix.h:32:9: note: in expansion of macro 'PTHREAD_CHECK' libusb1-1.0.27-build/libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ' libusb1-1.0.27-build/libusb-1.0.27/libusb/os/threads_posix.h:36:9: note: in expansion of macro 'PTHREAD_CHECK' libusb1-1.0.27-build/libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ' libusb1-1.0.27-build/libusb-1.0.27/libusb/os/threads_posix.h:42:9: note: in expansion of macro 'PTHREAD_CHECK' libusb1-1.0.27-build/libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ' libusb1-1.0.27-build/libusb-1.0.27/libusb/os/threads_posix.h:42:9: note: in expansion of macro 'PTHREAD_CHECK' # 2308| } # 2309| if (LIBUSB_OPTION_LOG_CB == option) { # 2310|-> log_cb = (libusb_log_cb) va_arg(ap, libusb_log_cb); # 2311| } # 2312| Error: GCC_ANALYZER_WARNING (CWE-401): [#def7] libusb1-1.0.27-build/libusb-1.0.27/libusb/descriptor.c: scope_hint: In function 'libusb_free_bos_descriptor.part.0' libusb1-1.0.27-build/libusb-1.0.27/libusb/descriptor.c:905:9: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>' # 903| for (i = 0; i < bos->bNumDeviceCaps; i++) # 904| free(bos->dev_capability[i]); # 905|-> free(bos); # 906| } # 907| Error: GCC_ANALYZER_WARNING (CWE-476): [#def8] libusb1-1.0.27-build/libusb-1.0.27/libusb/hotplug.c: scope_hint: In function 'libusb_hotplug_register_callback' libusb1-1.0.27-build/libusb-1.0.27/libusb/hotplug.c:370:33: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' libusb1-1.0.27-build/libusb-1.0.27/libusb/hotplug.c:22: included_from: Included from here. libusb1-1.0.27-build/libusb-1.0.27/libusb/libusbi.h:117: included_from: Included from here. libusb1-1.0.27-build/libusb-1.0.27/libusb/libusbi.h:29: included_from: Included from here. libusb1-1.0.27-build/libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ' libusb1-1.0.27-build/libusb-1.0.27/libusb/os/threads_posix.h:46:9: note: in expansion of macro 'PTHREAD_CHECK' # 368| # 369| /* protect the handle by the context hotplug lock */ # 370|-> hotplug_cb->handle = ctx->next_hotplug_cb_handle++; # 371| # 372| /* handle the unlikely case of overflow */ Error: GCC_ANALYZER_WARNING (CWE-476): [#def9] libusb1-1.0.27-build/libusb-1.0.27/libusb/hotplug.c: scope_hint: In function 'libusb_hotplug_deregister_callback.part.0' libusb1-1.0.27-build/libusb-1.0.27/libusb/hotplug.c:437:29: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' libusb1-1.0.27-build/libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ' libusb1-1.0.27-build/libusb-1.0.27/libusb/os/threads_posix.h:46:9: note: in expansion of macro 'PTHREAD_CHECK' libusb1-1.0.27-build/libusb-1.0.27/libusb/libusbi.h:189:9: note: in expansion of macro 'list_for_each_entry' libusb1-1.0.27-build/libusb-1.0.27/libusb/libusbi.h:1514:9: note: in expansion of macro 'for_each_helper' libusb1-1.0.27-build/libusb-1.0.27/libusb/hotplug.c:423:9: note: in expansion of macro 'for_each_hotplug_cb' libusb1-1.0.27-build/libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ' libusb1-1.0.27-build/libusb-1.0.27/libusb/os/threads_posix.h:50:9: note: in expansion of macro 'PTHREAD_CHECK' libusb1-1.0.27-build/libusb-1.0.27/libusb/os/threads_posix.h:26:41: note: in expansion of macro 'ASSERT_EQ' libusb1-1.0.27-build/libusb-1.0.27/libusb/os/threads_posix.h:46:9: note: in expansion of macro 'PTHREAD_CHECK' # 435| # 436| usbi_mutex_lock(&ctx->event_data_lock); # 437|-> event_flags = ctx->event_flags; # 438| ctx->event_flags |= USBI_EVENT_HOTPLUG_CB_DEREGISTERED; # 439| if (!event_flags) Error: GCC_ANALYZER_WARNING (CWE-476): [#def10] libusb1-1.0.27-build/libusb-1.0.27/libusb/io.c: scope_hint: In function 'libusb_set_pollfd_notifiers' libusb1-1.0.27-build/libusb-1.0.27/libusb/io.c:2650:26: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' # 2648| #if !defined(PLATFORM_WINDOWS) # 2649| ctx = usbi_get_context(ctx); # 2650|-> ctx->fd_added_cb = added_cb; # 2651| ctx->fd_removed_cb = removed_cb; # 2652| ctx->fd_cb_user_data = user_data; Error: GCC_ANALYZER_WARNING (CWE-476): [#def11] libusb1-1.0.27-build/libusb-1.0.27/libusb/io.c: scope_hint: In function 'usbi_handle_disconnect' libusb1-1.0.27-build/libusb-1.0.27/libusb/io.c:2820:56: warning[-Wanalyzer-null-dereference]: dereference of NULL 'dev_handle' libusb1-1.0.27-build/libusb-1.0.27/libusb/libusbi.h:316:67: note: in definition of macro '_usbi_log' libusb1-1.0.27-build/libusb-1.0.27/libusb/io.c:2819:9: note: in expansion of macro 'usbi_dbg' libusb1-1.0.27-build/libusb-1.0.27/libusb/io.c:2815:38: note: in expansion of macro 'HANDLE_CTX' libusb1-1.0.27-build/libusb-1.0.27/libusb/libusbi.h:316:67: note: in definition of macro '_usbi_log' libusb1-1.0.27-build/libusb-1.0.27/libusb/io.c:2819:9: note: in expansion of macro 'usbi_dbg' libusb1-1.0.27-build/libusb-1.0.27/libusb/libusbi.h:316:67: note: in definition of macro '_usbi_log' libusb1-1.0.27-build/libusb-1.0.27/libusb/io.c:2819:9: note: in expansion of macro 'usbi_dbg' # 2818| # 2819| usbi_dbg(ctx, "device %d.%d", # 2820|-> dev_handle->dev->bus_number, dev_handle->dev->device_address); # 2821| # 2822| /* terminate all pending transfers with the LIBUSB_TRANSFER_NO_DEVICE Error: CPPCHECK_WARNING (CWE-476): [#def12] libusb1-1.0.27-build/libusb-1.0.27/libusb/libusbi.h:485: error[ctunullpointer]: Null pointer dereference: ctx # 483| static inline int usbi_handling_events(struct libusb_context *ctx) # 484| { # 485|-> return usbi_tls_key_get(ctx->event_handling_key) != NULL; # 486| } # 487| Error: CPPCHECK_WARNING (CWE-476): [#def13] libusb1-1.0.27-build/libusb-1.0.27/libusb/libusbi.h:485: warning[nullPointer]: Possible null pointer dereference: ctx # 483| static inline int usbi_handling_events(struct libusb_context *ctx) # 484| { # 485|-> return usbi_tls_key_get(ctx->event_handling_key) != NULL; # 486| } # 487| Error: GCC_ANALYZER_WARNING (CWE-476): [#def14] libusb1-1.0.27-build/libusb-1.0.27/libusb/libusbi.h:485:16: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' libusb1-1.0.27-build/libusb-1.0.27/libusb/sync.c: scope_hint: In function 'libusb_control_transfer' # 483| static inline int usbi_handling_events(struct libusb_context *ctx) # 484| { # 485|-> return usbi_tls_key_get(ctx->event_handling_key) != NULL; # 486| } # 487| Error: GCC_ANALYZER_WARNING (CWE-476): [#def15] libusb1-1.0.27-build/libusb-1.0.27/libusb/os/events_posix.h:58:21: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' libusb1-1.0.27-build/libusb-1.0.27/libusb/io.c: scope_hint: In function 'libusb_get_next_timeout' # 56| static inline int usbi_timer_valid(usbi_timer_t *timer) # 57| { # 58|-> return timer->timerfd >= 0; # 59| } # 60| #endif Error: GCC_ANALYZER_WARNING (CWE-476): [#def16] libusb1-1.0.27-build/libusb-1.0.27/libusb/os/events_posix.h:58:21: warning[-Wanalyzer-null-dereference]: dereference of NULL 'ctx' libusb1-1.0.27-build/libusb-1.0.27/libusb/io.c: scope_hint: In function 'libusb_get_next_timeout' # 56| static inline int usbi_timer_valid(usbi_timer_t *timer) # 57| { # 58|-> return timer->timerfd >= 0; # 59| } # 60| #endif Error: GCC_ANALYZER_WARNING (CWE-401): [#def17] libusb1-1.0.27-build/libusb-1.0.27/libusb/os/linux_usbfs.c: scope_hint: In function 'submit_bulk_transfer' libusb1-1.0.27-build/libusb-1.0.27/libusb/os/linux_usbfs.c:1986:23: warning[-Wanalyzer-malloc-leak]: leak of 'urbs' # 1984| tpriv->reap_status = LIBUSB_TRANSFER_COMPLETED; # 1985| # 1986|-> for (i = 0; i < num_urbs; i++) { # 1987| struct usbfs_urb *urb = &urbs[i]; # 1988| Error: GCC_ANALYZER_WARNING (CWE-401): [#def18] libusb1-1.0.27-build/libusb-1.0.27/libusb/os/linux_usbfs.c: scope_hint: In function 'submit_iso_transfer' libusb1-1.0.27-build/libusb-1.0.27/libusb/os/linux_usbfs.c:2175:23: warning[-Wanalyzer-malloc-leak]: leak of 'urbs' # 2173| # 2174| /* submit URBs */ # 2175|-> for (i = 0; i < num_urbs; i++) { # 2176| int r = ioctl(hpriv->fd, IOCTL_USBFS_SUBMITURB, urbs[i]); # 2177| Error: CPPCHECK_WARNING (CWE-562): [#def19] libusb1-1.0.27-build/libusb-1.0.27/tests/umockdev.c:603: error[autoVariables]: Address of local auto-variable assigned to a function parameter. # 601| struct libusb_transfer *transfer = NULL; # 602| # 603|-> fixture->chat = chat; # 604| # 605| /* Open */ Error: CPPCHECK_WARNING (CWE-562): [#def20] libusb1-1.0.27-build/libusb-1.0.27/tests/umockdev.c:650: error[autoVariables]: Address of local auto-variable assigned to a function parameter. # 648| struct libusb_transfer *transfer = NULL; # 649| # 650|-> fixture->chat = chat; # 651| # 652| /* Open */ Error: CPPCHECK_WARNING (CWE-562): [#def21] libusb1-1.0.27-build/libusb-1.0.27/tests/umockdev.c:696: error[autoVariables]: Address of local auto-variable assigned to a function parameter. # 694| struct libusb_transfer *transfer = NULL; # 695| # 696|-> fixture->chat = chat; # 697| # 698| /* Open */ Error: CPPCHECK_WARNING (CWE-562): [#def22] libusb1-1.0.27-build/libusb-1.0.27/tests/umockdev.c:778: error[autoVariables]: Address of local auto-variable assigned to a function parameter. # 776| }; # 777| # 778|-> fixture->chat = chat; # 779| # 780| handle = libusb_open_device_with_vid_pid(fixture->ctx, 0x04a9, 0x31c0); Error: CPPCHECK_WARNING (CWE-562): [#def23] libusb1-1.0.27-build/libusb-1.0.27/tests/umockdev.c:825: error[autoVariables]: Address of local auto-variable assigned to a function parameter. # 823| struct libusb_transfer *transfer = NULL; # 824| # 825|-> fixture->chat = chat; # 826| # 827| handle = libusb_open_device_with_vid_pid(fixture->ctx, 0x04a9, 0x31c0);
| analyzer-version-clippy | 1.82.0 |
| analyzer-version-cppcheck | 2.16.0 |
| analyzer-version-gcc | 14.2.1 |
| analyzer-version-gcc-analyzer | 15.0.0 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-191.us-west-2.compute.internal |
| mock-config | fedora-rawhide-gcc-latest-x86_64 |
| project-name | libusb1-1.0.27-4.fc42 |
| store-results-to | /tmp/tmpkfjaljam/libusb1-1.0.27-4.fc42.tar.xz |
| time-created | 2024-11-13 01:53:51 |
| time-finished | 2024-11-13 01:55:41 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpkfjaljam/libusb1-1.0.27-4.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpkfjaljam/libusb1-1.0.27-4.fc42.src.rpm' |
| tool-version | csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9 |