Newly introduced findings

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1]
nftables-1.1.1-build/nftables-1.1.1/src/parser_bison.c: scope_hint: In function 'nft_parse'
nftables-1.1.1-build/nftables-1.1.1/src/parser_bison.c:2248:7: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'yyss'
nftables-1.1.1-build/nftables-1.1.1/src/parser_bison.c:2233:9: note: in expansion of macro 'YYCOPY'
nftables-1.1.1-build/nftables-1.1.1/src/parser_bison.c:7833:9: note: in expansion of macro 'YYSTACK_RELOCATE'
nftables-1.1.1-build/nftables-1.1.1/src/parser_bison.c:2248:25: note: in definition of macro 'YYCOPY'
nftables-1.1.1-build/nftables-1.1.1/src/parser_bison.c:7833:9: note: in expansion of macro 'YYSTACK_RELOCATE'
nftables-1.1.1-build/nftables-1.1.1/src/parser_bison.c:2233:9: note: in expansion of macro 'YYCOPY'
nftables-1.1.1-build/nftables-1.1.1/src/parser_bison.c:7833:9: note: in expansion of macro 'YYSTACK_RELOCATE'
# 2246|   #  if defined __GNUC__ && 1 < __GNUC__
# 2247|   #   define YYCOPY(Dst, Src, Count) \
# 2248|->       __builtin_memcpy (Dst, Src, YY_CAST (YYSIZE_T, (Count)) * sizeof (*(Src)))
# 2249|   #  else
# 2250|   #   define YYCOPY(Dst, Src, Count)              \

Error: GCC_ANALYZER_WARNING (CWE-457): [#def2]
nftables-1.1.1-build/nftables-1.1.1/src/parser_bison.c:7964:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '*<unknown>'
# 7962|        unconditionally makes the parser a bit smaller, and it avoids a
# 7963|        GCC warning that YYVAL may be used uninitialized.  */
# 7964|->   yyval = yyvsp[1-yylen];
# 7965|   
# 7966|     /* Default location. */

Error: GCC_ANALYZER_WARNING (CWE-476): [#def3]
nftables-1.1.1-build/nftables-1.1.1/src/payload.c: scope_hint: In function 'payload_may_dependency_kill'
nftables-1.1.1-build/nftables-1.1.1/src/payload.c:882:60: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
#  880|   		 * for stacked protocols if we only have protcol type matches.
#  881|   		 */
#  882|-> 		if (dep->left->etype == EXPR_PAYLOAD && dep->op == OP_EQ &&
#  883|   		    expr->payload.base == dep->left->payload.base) {
#  884|   			if (expr->flags & EXPR_F_PROTOCOL)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def4]
nftables-1.1.1-build/nftables-1.1.1/src/rule.c: scope_hint: In function 'table_print_declaration'
nftables-1.1.1-build/nftables-1.1.1/src/rule.c:2265:18: warning[-Wanalyzer-null-dereference]: dereference of NULL 'table'
# 2263|   	const char *family = family2str(table->handle.family);
# 2264|   
# 2265|-> 	if (table->has_xt_stmts)
# 2266|   		fprintf(octx->error_fp,
# 2267|   			"# Warning: table %s %s is managed by iptables-nft, do not touch!\n",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def5]
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c: scope_hint: In function 'nft__scan_string'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:55:23: warning[-Wanalyzer-malloc-leak]: leak of '<return-value>'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9031:16: note: in expansion of macro 'yy_scan_bytes'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.l:1262:13: note: in expansion of macro 'yy_scan_string'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9028:17: note: in expansion of macro 'yy_scan_string'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9031:16: note: in expansion of macro 'yy_scan_bytes'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9043:17: note: in expansion of macro 'yy_scan_bytes'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9061:13: note: in expansion of macro 'yy_scan_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8989:17: note: in expansion of macro 'yy_scan_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8989:17: note: in expansion of macro 'yy_scan_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8999:31: note: in expansion of macro 'yyalloc'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c: scope_hint: In function 'nft__scan_string'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9013:9: note: in expansion of macro 'yy_switch_to_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8676:10: note: in expansion of macro 'yy_switch_to_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8688:9: note: in expansion of macro 'yyensure_buffer_stack'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8934:13: note: in expansion of macro 'yyensure_buffer_stack'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8688:9: note: in expansion of macro 'yyensure_buffer_stack'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8689:14: note: in expansion of macro 'YY_CURRENT_BUFFER'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9013:9: note: in expansion of macro 'yy_switch_to_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9061:13: note: in expansion of macro 'yy_scan_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9031:16: note: in expansion of macro 'yy_scan_bytes'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9031:16: note: in expansion of macro 'yy_scan_bytes'
#   53|   #define nft__scan_bytes_ALREADY_DEFINED
#   54|   #else
#   55|-> #define yy_scan_bytes nft__scan_bytes
#   56|   #endif
#   57|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:55:23: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9031:16: note: in expansion of macro 'yy_scan_bytes'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.l:1262:13: note: in expansion of macro 'yy_scan_string'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9028:17: note: in expansion of macro 'yy_scan_string'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9031:16: note: in expansion of macro 'yy_scan_bytes'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9043:17: note: in expansion of macro 'yy_scan_bytes'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9052:24: note: in expansion of macro 'yyalloc'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c: scope_hint: In function 'nft__scan_string'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9061:13: note: in expansion of macro 'yy_scan_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8989:17: note: in expansion of macro 'yy_scan_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8989:17: note: in expansion of macro 'yy_scan_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9013:9: note: in expansion of macro 'yy_switch_to_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8676:10: note: in expansion of macro 'yy_switch_to_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8688:9: note: in expansion of macro 'yyensure_buffer_stack'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8934:13: note: in expansion of macro 'yyensure_buffer_stack'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8688:9: note: in expansion of macro 'yyensure_buffer_stack'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8689:14: note: in expansion of macro 'YY_CURRENT_BUFFER'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9013:9: note: in expansion of macro 'yy_switch_to_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9061:13: note: in expansion of macro 'yy_scan_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9031:16: note: in expansion of macro 'yy_scan_bytes'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9031:16: note: in expansion of macro 'yy_scan_bytes'
#   53|   #define nft__scan_bytes_ALREADY_DEFINED
#   54|   #else
#   55|-> #define yy_scan_bytes nft__scan_bytes
#   56|   #endif
#   57|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def7]
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c: scope_hint: In function 'nft__create_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8752:12: warning[-Wanalyzer-malloc-leak]: leak of 'malloc(64)'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8735:21: note: in expansion of macro 'yy_create_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8742:31: note: in expansion of macro 'yyalloc'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c: scope_hint: In function 'nft__create_buffer'
# 8750|   	 */
# 8751|   	b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2) , yyscanner );
# 8752|-> 	if ( ! b->yy_ch_buf )
# 8753|   		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
# 8754|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def8]
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c: scope_hint: In function 'nft__init_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8806:26: warning[-Wanalyzer-null-dereference]: dereference of NULL 'b'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8651:10: note: in expansion of macro 'yyrestart'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8659:9: note: in expansion of macro 'yyensure_buffer_stack'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8934:13: note: in expansion of macro 'yyensure_buffer_stack'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8659:9: note: in expansion of macro 'yyensure_buffer_stack'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8661:13: note: in expansion of macro 'yy_create_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8735:21: note: in expansion of macro 'yy_create_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8757:9: note: in expansion of macro 'yy_init_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8794:17: note: in expansion of macro 'yy_init_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8803:9: note: in expansion of macro 'yy_flush_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8836:10: note: in expansion of macro 'yy_flush_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8803:9: note: in expansion of macro 'yy_flush_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8757:9: note: in expansion of macro 'yy_init_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8661:13: note: in expansion of macro 'yy_create_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8664:9: note: in expansion of macro 'yy_init_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8664:9: note: in expansion of macro 'yy_init_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8664:9: note: in expansion of macro 'yy_init_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8794:17: note: in expansion of macro 'yy_init_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8803:9: note: in expansion of macro 'yy_flush_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8836:10: note: in expansion of macro 'yy_flush_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8803:9: note: in expansion of macro 'yy_flush_buffer'
# 8804|   
# 8805|   /* %if-c-only */
# 8806|-> 	b->yy_input_file = file;
# 8807|   /* %endif */
# 8808|   /* %if-c++-only */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def9]
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c: scope_hint: In function 'nft_ensure_buffer_stack'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8957:42: warning[-Wanalyzer-malloc-leak]: leak of 'malloc(8)'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.l:957:13: note: in expansion of macro 'yy_create_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8735:21: note: in expansion of macro 'yy_create_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8757:9: note: in expansion of macro 'yy_init_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8794:17: note: in expansion of macro 'yy_init_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8803:9: note: in expansion of macro 'yy_flush_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8836:10: note: in expansion of macro 'yy_flush_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8803:9: note: in expansion of macro 'yy_flush_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8757:9: note: in expansion of macro 'yy_init_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.l:957:13: note: in expansion of macro 'yy_create_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.l:958:9: note: in expansion of macro 'yypush_buffer_state'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c: scope_hint: In function 'nft_ensure_buffer_stack'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8871:6: note: in expansion of macro 'yypush_buffer_state'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8880:9: note: in expansion of macro 'yyensure_buffer_stack'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8934:13: note: in expansion of macro 'yyensure_buffer_stack'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8949:66: note: in expansion of macro 'yyalloc'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c: scope_hint: In function 'nft_ensure_buffer_stack'
# 8955|   		memset(yyg->yy_buffer_stack, 0, num_to_alloc * sizeof(struct yy_buffer_state*));
# 8956|   
# 8957|-> 		yyg->yy_buffer_stack_max = num_to_alloc;
# 8958|   		yyg->yy_buffer_stack_top = 0;
# 8959|   		return;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def10]
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c: scope_hint: In function 'nft__scan_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9059:32: warning[-Wanalyzer-malloc-leak]: leak of 'malloc(n)'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9043:17: note: in expansion of macro 'yy_scan_bytes'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9052:24: note: in expansion of macro 'yyalloc'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c: scope_hint: In function 'nft__scan_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9061:13: note: in expansion of macro 'yy_scan_buffer'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:8989:17: note: in expansion of macro 'yy_scan_buffer'
# 9057|   		buf[i] = yybytes[i];
# 9058|   
# 9059|-> 	buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
# 9060|   
# 9061|   	b = yy_scan_buffer( buf, n , yyscanner);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def11]
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9298:11: warning[-Wanalyzer-null-dereference]: dereference of NULL 'scanner'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.l: scope_hint: In function 'scanner_init'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.l:1271:9: note: in expansion of macro 'yylex_init_extra'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:9379:5: note: in expansion of macro 'yylex_init_extra'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c: scope_hint: In function 'scanner_init'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.c:274: included_from: Included from here.
nftables-1.1.1-build/nftables-1.1.1/src/scanner.l:1271:9: note: in expansion of macro 'yylex_init_extra'
nftables-1.1.1-build/nftables-1.1.1/src/scanner.l:1272:9: note: in expansion of macro 'yyset_out'
# 9296|   {
# 9297|       struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
# 9298|->     yyout = _out_str ;
# 9299|   }
# 9300|

Scan Properties

analyzer-version-clippy	1.82.0
analyzer-version-cppcheck	2.16.0
analyzer-version-gcc	14.2.1
analyzer-version-gcc-analyzer	15.0.0
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.82.0
diffbase-analyzer-version-cppcheck	2.16.0
diffbase-analyzer-version-gcc	14.2.1
diffbase-analyzer-version-gcc-analyzer	15.0.0
diffbase-analyzer-version-shellcheck	0.10.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-172.us-west-2.compute.internal
diffbase-mock-config	fedora-rawhide-gcc-latest-x86_64
diffbase-project-name	nftables-1.0.9-7.fc41
diffbase-store-results-to	/tmp/tmpousc2gyr/nftables-1.0.9-7.fc41.tar.xz
diffbase-time-created	2024-11-13 02:00:34
diffbase-time-finished	2024-11-13 02:03:07
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpousc2gyr/nftables-1.0.9-7.fc41.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpousc2gyr/nftables-1.0.9-7.fc41.src.rpm'
diffbase-tool-version	csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-172.us-west-2.compute.internal
mock-config	fedora-rawhide-gcc-latest-x86_64
project-name	nftables-1.1.1-2.fc42
store-results-to	/tmp/tmpurorjywv/nftables-1.1.1-2.fc42.tar.xz
time-created	2024-11-13 02:03:20
time-finished	2024-11-13 02:05:29
title	Newly introduced findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpurorjywv/nftables-1.1.1-2.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpurorjywv/nftables-1.1.1-2.fc42.src.rpm'
tool-version	csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9