Error: GCC_ANALYZER_WARNING (CWE-457): [#def1] libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha256.c: scope_hint: In function 'SHA256_Transform' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha256.c:93:14: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '*<unknown>' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha256.c:82:36: note: in definition of macro 'RND' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha256.c:120:17: note: in expansion of macro 'RNDr' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha256.c:28: included_from: Included from here. libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha256.h:47:25: note: in expansion of macro 'libcperciva_HMAC_SHA256_Buf' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha256.c:462:1: note: in expansion of macro 'HMAC_SHA256_Buf' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha256.h:39:21: note: in expansion of macro 'libcperciva_SHA256_Init' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha256.c:353:17: note: in expansion of macro 'SHA256_Init' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha256.c: scope_hint: In function 'SHA256_Transform' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha256.c:33: included_from: Included from here. libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha256.c:111:9: note: in expansion of macro 'be32dec_vect' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/byteorder.h:129:3: note: in definition of macro 'VECTOR_TO_CPU_' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/byteorder.h:144:1: note: in expansion of macro 'VECTOR_TO_CPU' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/byteorder.h:126:34: note: in expansion of macro 'VECTOR_TO_CPU_' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/byteorder.h:144:1: note: in expansion of macro 'VECTOR_TO_CPU' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/byteorder.h:133:16: note: in definition of macro 'VECTOR_TO_CPU_' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/byteorder.h:144:1: note: in expansion of macro 'VECTOR_TO_CPU' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/byteorder.h: scope_hint: In function 'SHA256_Transform' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/byteorder.h:126:34: note: in expansion of macro 'VECTOR_TO_CPU_' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/byteorder.h:144:1: note: in expansion of macro 'VECTOR_TO_CPU' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/byteorder.h:126:34: note: in expansion of macro 'VECTOR_TO_CPU_' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/byteorder.h:144:1: note: in expansion of macro 'VECTOR_TO_CPU' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha256.c:111:9: note: in expansion of macro 'be32dec_vect' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha256.c:82:36: note: in definition of macro 'RND' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha256.c:120:17: note: in expansion of macro 'RNDr' # 91| S[(68 - i) % 8], S[(69 - i) % 8], \ # 92| S[(70 - i) % 8], S[(71 - i) % 8], \ # 93|-> W[i + ii] + Krnd[i + ii]) # 94| # 95| /* Message schedule computation */ Error: GCC_ANALYZER_WARNING (CWE-457): [#def2] libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha512.c: scope_hint: In function 'SHA512_Transform' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha512.c:107:14: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'W[<unknown>]' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha512.c:96:36: note: in definition of macro 'RND' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha512.c:134:17: note: in expansion of macro 'RNDr' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha512.c:29: included_from: Included from here. libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha512.h:40:20: note: in expansion of macro 'libcperciva_SHA512_Buf' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha512.c:301:1: note: in expansion of macro 'SHA512_Buf' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha512.h:38:23: note: in expansion of macro 'libcperciva_SHA512_Update' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha512.c:307:9: note: in expansion of macro 'SHA512_Update' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha512.h:38:23: note: in expansion of macro 'libcperciva_SHA512_Update' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha512.c:236:1: note: in expansion of macro 'SHA512_Update' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha512.c:34: included_from: Included from here. libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha512.c:125:9: note: in expansion of macro 'be64dec_vect' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/byteorder.h:129:3: note: in definition of macro 'VECTOR_TO_CPU_' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/byteorder.h:145:1: note: in expansion of macro 'VECTOR_TO_CPU' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/byteorder.h:126:34: note: in expansion of macro 'VECTOR_TO_CPU_' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/byteorder.h:145:1: note: in expansion of macro 'VECTOR_TO_CPU' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/byteorder.h:133:16: note: in definition of macro 'VECTOR_TO_CPU_' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/byteorder.h:145:1: note: in expansion of macro 'VECTOR_TO_CPU' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/byteorder.h:126:34: note: in expansion of macro 'VECTOR_TO_CPU_' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/byteorder.h:145:1: note: in expansion of macro 'VECTOR_TO_CPU' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/byteorder.h:126:34: note: in expansion of macro 'VECTOR_TO_CPU_' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/byteorder.h:145:1: note: in expansion of macro 'VECTOR_TO_CPU' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha512.c:125:9: note: in expansion of macro 'be64dec_vect' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha512.c:96:36: note: in definition of macro 'RND' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-sha512.c:134:17: note: in expansion of macro 'RNDr' # 105| S[(84 - i) % 8], S[(85 - i) % 8], \ # 106| S[(86 - i) % 8], S[(87 - i) % 8], \ # 107|-> W[i + ii] + K[i + ii]) # 108| # 109| /* Message schedule computation */ Error: GCC_ANALYZER_WARNING (CWE-476): [#def3] libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-yescrypt-opt.c: scope_hint: In function 'yescrypt_kdf_body' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-yescrypt-opt.c:1319:17: warning[-Wanalyzer-null-dereference]: dereference of NULL 'B' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-yescrypt-opt.c:31: included_from: Included from here. libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-yescrypt-opt.c:1444:5: note: in expansion of macro 'yescrypt_init_shared' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-yescrypt-opt.c: scope_hint: In function 'yescrypt_kdf_body' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-yescrypt-opt.c:1473:21: note: in expansion of macro 'yescrypt_kdf' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-yescrypt-opt.c:1394:5: note: in expansion of macro 'yescrypt_kdf' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/alg-yescrypt-opt.c: scope_hint: In function 'yescrypt_kdf_body' # 1317| # 1318| if (flags) # 1319|-> memcpy(sha256, B, sizeof(sha256)); # 1320| # 1321| if (p == 1 || (flags & YESCRYPT_RW)) { Error: GCC_ANALYZER_WARNING (CWE-787): [#def4] libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/crypt-bcrypt.c: scope_hint: In function 'BF_crypt' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/crypt-bcrypt.c:732:24: warning[-Wanalyzer-out-of-bounds]: buffer over-read libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/crypt-port.h:329: included_from: Included from here. libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/crypt-bcrypt.c:46: included_from: Included from here. libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/crypt-bcrypt.c:1023:1: note: in expansion of macro 'crypt_bcrypt_x_rn' libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/crypt-bcrypt.c:732:24: note: valid subscripts for 'flags_by_subtype' are '[0]' to '[25]' # 730| setting[1] != '2' || # 731| setting[2] < 'a' || setting[2] > 'z' || # 732|-> !flags_by_subtype[(unsigned int) (unsigned char) setting[2] - 'a'] || # 733| setting[3] != '$' || # 734| setting[4] < '0' || setting[4] > '3' || Error: GCC_ANALYZER_WARNING (CWE-126): [#def5] libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/alg-hmac-sha1.c: scope_hint: In function ‘main’ libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/alg-hmac-sha1.c:82:9: warning[-Wanalyzer-out-of-bounds]: buffer over-read libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/alg-hmac-sha1.c:155:7: note: in expansion of macro ‘X2B’ libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/alg-hmac-sha1.c:155:7: note: in expansion of macro ‘X2B’ libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/alg-hmac-sha1.c:155:7: note: in expansion of macro ‘X2B’ libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/alg-hmac-sha1.c:155:7: note: in expansion of macro ‘X2B’ libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/alg-hmac-sha1.c:155:7: note: in expansion of macro ‘X2B’ libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/alg-hmac-sha1.c:155:7: note: in expansion of macro ‘X2B’ libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/alg-hmac-sha1.c:82:9: note: read of 2 bytes from after the end of ‘"0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"’ libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/alg-hmac-sha1.c:155:7: note: in expansion of macro ‘X2B’ libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/alg-hmac-sha1.c:82:9: note: valid subscripts for ‘"0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"’ are ‘[0]’ to ‘[42]’ libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/alg-hmac-sha1.c:155:7: note: in expansion of macro ‘X2B’ libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/crypt-port.h:35: included_from: Included from here. libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/alg-hmac-sha1.c:29: included_from: Included from here. /usr/include/string.h:407:15: note: argument 1 of ‘strlen’ must be a pointer to a null-terminated string # 80| if (memcmp (v, "0x", 2) == 0) { \ # 81| v += 2; \ # 82|-> char_to_bin (b, sizeof(b), v, strlen(v)); \ # 83| v = b; \ # 84| } \ Error: GCC_ANALYZER_WARNING (CWE-688): [#def6] libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/crypt-badargs.c:148:15: warning[-Wanalyzer-null-argument]: use of NULL ‘phrase’ where non-null expected /usr/include/unistd.h:1162:14: note: argument 1 of ‘crypt’ must be non-null # 146| const char *phrase, const char *setting, const char *expect) # 147| { # 148|-> char *got = crypt (phrase, setting); # 149| check (tag, expect, got); # 150| } Error: GCC_ANALYZER_WARNING (CWE-688): [#def7] libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/crypt-badargs.c: scope_hint: In function ‘test_crypt’ libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/crypt-badargs.c:148:15: warning[-Wanalyzer-null-argument]: use of NULL ‘setting’ where non-null expected libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/crypt-badargs.c:13: included_from: Included from here. /usr/include/bits/sigstksz.h:24: included_from: Included from here. /usr/include/signal.h:328: included_from: Included from here. /usr/include/sys/param.h:28: included_from: Included from here. libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/crypt-port.h:50: included_from: Included from here. libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/crypt-badargs.c:10: included_from: Included from here. /usr/include/unistd.h:1162:14: note: argument 2 of ‘crypt’ must be non-null # 146| const char *phrase, const char *setting, const char *expect) # 147| { # 148|-> char *got = crypt (phrase, setting); # 149| check (tag, expect, got); # 150| } Error: GCC_ANALYZER_WARNING (CWE-457): [#def8] libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/crypt-gost-yescrypt.c: scope_hint: In function ‘test_crypt_raw’ libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/crypt-gost-yescrypt.c:79:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘output[0]’ libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/crypt-port.h:329: included_from: Included from here. libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/crypt-gost-yescrypt.c:20: included_from: Included from here. libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/crypt-gost-yescrypt.c:76:3: note: in expansion of macro ‘crypt_gost_yescrypt_rn’ libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/crypt-gost-yescrypt.c:76:3: note: in expansion of macro ‘crypt_gost_yescrypt_rn’ libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/crypt-gost-yescrypt.c:88:1: note: in expansion of macro ‘crypt_gost_yescrypt_rn’ libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/crypt-gost-yescrypt.c:33: included_from: Included from here. libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/crypt-gost-yescrypt.c:88:1: note: in expansion of macro ‘crypt_gost_yescrypt_rn’ libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/crypt-gost-yescrypt.c:110:7: note: in expansion of macro ‘yescrypt_init_local’ libxcrypt-4.4.36-build/libxcrypt-4.4.36/lib/crypt-gost-yescrypt.c:30: included_from: Included from here. libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/crypt-gost-yescrypt.c:76:3: note: in expansion of macro ‘crypt_gost_yescrypt_rn’ # 77| (uint8_t *) output, sizeof (output), # 78| scratch, sizeof (scratch)); # 79|-> if (output[0] == '*') # 80| { # 81| fprintf(stderr, "ERROR: entropy test (crypt)\n"); Error: GCC_ANALYZER_WARNING (CWE-401): [#def9] libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/crypt-gost-yescrypt.c:91:6: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/crypt-gost-yescrypt.c:76:3: note: in expansion of macro ‘crypt_gost_yescrypt_rn’ # 89| } # 90| size_t len = strlen(h); # 91|-> *a = realloc (*a, *a_size + len + 1); # 92| strcpy (*a + *a_size, h); # 93| *a_size += len; Error: GCC_ANALYZER_WARNING (CWE-688): [#def10] libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/crypt-gost-yescrypt.c:92:3: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/crypt-gost-yescrypt.c:76:3: note: in expansion of macro ‘crypt_gost_yescrypt_rn’ <built-in>: note: argument 1 of ‘__builtin_strcpy’ must be non-null # 90| size_t len = strlen(h); # 91| *a = realloc (*a, *a_size + len + 1); # 92|-> strcpy (*a + *a_size, h); # 93| *a_size += len; # 94| (*a)[*a_size] = '\0'; Error: GCC_ANALYZER_WARNING (CWE-476): [#def11] libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/crypt-gost-yescrypt.c: scope_hint: In function ‘main’ libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/crypt-gost-yescrypt.c:116:6: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘a’ # 114| size_t *a_size = malloc (sizeof (size_t)); # 115| # 116|-> *a = malloc (sizeof (char)); # 117| (*a)[0] = '\0'; # 118| *a_size = 0; Error: GCC_ANALYZER_WARNING (CWE-476): [#def12] libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/crypt-gost-yescrypt.c:117:11: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc(1)’ # 115| # 116| *a = malloc (sizeof (char)); # 117|-> (*a)[0] = '\0'; # 118| *a_size = 0; # 119| Error: GCC_ANALYZER_WARNING (CWE-476): [#def13] libxcrypt-4.4.36-build/libxcrypt-4.4.36/test/crypt-gost-yescrypt.c:118:11: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘a_size’ # 116| *a = malloc (sizeof (char)); # 117| (*a)[0] = '\0'; # 118|-> *a_size = 0; # 119| # 120| for (m = 1; m < 3; m++)
| analyzer-version-clippy | 1.82.0 |
| analyzer-version-cppcheck | 2.16.0 |
| analyzer-version-gcc | 14.2.1 |
| analyzer-version-gcc-analyzer | 15.0.0 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-37.us-west-2.compute.internal |
| mock-config | fedora-rawhide-gcc-latest-x86_64 |
| project-name | libxcrypt-4.4.36-10.fc42 |
| store-results-to | /tmp/tmp3bx5l8dl/libxcrypt-4.4.36-10.fc42.tar.xz |
| time-created | 2024-11-13 01:51:36 |
| time-finished | 2024-11-13 01:55:23 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmp3bx5l8dl/libxcrypt-4.4.36-10.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmp3bx5l8dl/libxcrypt-4.4.36-10.fc42.src.rpm' |
| tool-version | csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9 |