Fixed findings

List of Findings

Error: COMPILER_WARNING: [#def1]
nftables-1.0.9-build/nftables-1.0.9/src/parser_bison.c: warning: -Wno-implicit-function-declaration detected - is this intentional ?

Error: GCC_ANALYZER_WARNING (CWE-457): [#def2]
nftables-1.0.9-build/nftables-1.0.9/src/parser_bison.c: scope_hint: In function ‘nft_parse’
nftables-1.0.9-build/nftables-1.0.9/src/parser_bison.c:2209:7: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyss’
nftables-1.0.9-build/nftables-1.0.9/src/parser_bison.c:2194:9: note: in expansion of macro ‘YYCOPY’
nftables-1.0.9-build/nftables-1.0.9/src/parser_bison.c:7746:9: note: in expansion of macro ‘YYSTACK_RELOCATE’
nftables-1.0.9-build/nftables-1.0.9/src/parser_bison.c:2209:25: note: in definition of macro ‘YYCOPY’
nftables-1.0.9-build/nftables-1.0.9/src/parser_bison.c:7746:9: note: in expansion of macro ‘YYSTACK_RELOCATE’
nftables-1.0.9-build/nftables-1.0.9/src/parser_bison.c:2194:9: note: in expansion of macro ‘YYCOPY’
nftables-1.0.9-build/nftables-1.0.9/src/parser_bison.c:7746:9: note: in expansion of macro ‘YYSTACK_RELOCATE’
# 2207|   #  if defined __GNUC__ && 1 < __GNUC__
# 2208|   #   define YYCOPY(Dst, Src, Count) \
# 2209|->       __builtin_memcpy (Dst, Src, YY_CAST (YYSIZE_T, (Count)) * sizeof (*(Src)))
# 2210|   #  else
# 2211|   #   define YYCOPY(Dst, Src, Count)              \

Error: GCC_ANALYZER_WARNING (CWE-457): [#def3]
nftables-1.0.9-build/nftables-1.0.9/src/parser_bison.c:7876:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
# 7874|        unconditionally makes the parser a bit smaller, and it avoids a
# 7875|        GCC warning that YYVAL may be used uninitialized.  */
# 7876|->   yyval = yyvsp[1-yylen];
# 7877|   
# 7878|     /* Default location. */

Error: GCC_ANALYZER_WARNING (CWE-476): [#def4]
nftables-1.0.9-build/nftables-1.0.9/src/payload.c: scope_hint: In function ‘payload_may_dependency_kill’
nftables-1.0.9-build/nftables-1.0.9/src/payload.c:897:60: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  895|   		 * for stacked protocols if we only have protcol type matches.
#  896|   		 */
#  897|-> 		if (dep->left->etype == EXPR_PAYLOAD && dep->op == OP_EQ &&
#  898|   		    expr->payload.base == dep->left->payload.base) {
#  899|   			if (expr->flags & EXPR_F_PROTOCOL)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def5]
nftables-1.0.9-build/nftables-1.0.9/src/rule.c: scope_hint: In function ‘table_print_declaration’
nftables-1.0.9-build/nftables-1.0.9/src/rule.c:2243:18: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘table’
# 2241|   	const char *family = family2str(table->handle.family);
# 2242|   
# 2243|-> 	if (table->has_xt_stmts)
# 2244|   		fprintf(octx->error_fp,
# 2245|   			"# Warning: table %s %s is managed by iptables-nft, do not touch!\n",

Error: COMPILER_WARNING: [#def6]
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c: warning: -Wno-implicit-function-declaration detected - is this intentional ?

Error: GCC_ANALYZER_WARNING (CWE-401): [#def7]
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c: scope_hint: In function ‘nft__scan_string’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:55:23: warning[-Wanalyzer-malloc-leak]: leak of ‘<return-value>’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7627:16: note: in expansion of macro ‘yy_scan_bytes’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.l:1244:13: note: in expansion of macro ‘yy_scan_string’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7624:17: note: in expansion of macro ‘yy_scan_string’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7627:16: note: in expansion of macro ‘yy_scan_bytes’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7639:17: note: in expansion of macro ‘yy_scan_bytes’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7657:13: note: in expansion of macro ‘yy_scan_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7585:17: note: in expansion of macro ‘yy_scan_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7585:17: note: in expansion of macro ‘yy_scan_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7595:31: note: in expansion of macro ‘yyalloc’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c: scope_hint: In function ‘nft__scan_string’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7609:9: note: in expansion of macro ‘yy_switch_to_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7272:10: note: in expansion of macro ‘yy_switch_to_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7284:9: note: in expansion of macro ‘yyensure_buffer_stack’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7530:13: note: in expansion of macro ‘yyensure_buffer_stack’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7284:9: note: in expansion of macro ‘yyensure_buffer_stack’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7285:14: note: in expansion of macro ‘YY_CURRENT_BUFFER’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7609:9: note: in expansion of macro ‘yy_switch_to_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7657:13: note: in expansion of macro ‘yy_scan_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7627:16: note: in expansion of macro ‘yy_scan_bytes’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7627:16: note: in expansion of macro ‘yy_scan_bytes’
#   53|   #define nft__scan_bytes_ALREADY_DEFINED
#   54|   #else
#   55|-> #define yy_scan_bytes nft__scan_bytes
#   56|   #endif
#   57|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:55:23: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7627:16: note: in expansion of macro ‘yy_scan_bytes’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.l:1244:13: note: in expansion of macro ‘yy_scan_string’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7624:17: note: in expansion of macro ‘yy_scan_string’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7627:16: note: in expansion of macro ‘yy_scan_bytes’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7639:17: note: in expansion of macro ‘yy_scan_bytes’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7648:24: note: in expansion of macro ‘yyalloc’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c: scope_hint: In function ‘nft__scan_string’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7657:13: note: in expansion of macro ‘yy_scan_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7585:17: note: in expansion of macro ‘yy_scan_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7585:17: note: in expansion of macro ‘yy_scan_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7609:9: note: in expansion of macro ‘yy_switch_to_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7272:10: note: in expansion of macro ‘yy_switch_to_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7284:9: note: in expansion of macro ‘yyensure_buffer_stack’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7530:13: note: in expansion of macro ‘yyensure_buffer_stack’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7284:9: note: in expansion of macro ‘yyensure_buffer_stack’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7285:14: note: in expansion of macro ‘YY_CURRENT_BUFFER’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7609:9: note: in expansion of macro ‘yy_switch_to_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7657:13: note: in expansion of macro ‘yy_scan_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7627:16: note: in expansion of macro ‘yy_scan_bytes’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7627:16: note: in expansion of macro ‘yy_scan_bytes’
#   53|   #define nft__scan_bytes_ALREADY_DEFINED
#   54|   #else
#   55|-> #define yy_scan_bytes nft__scan_bytes
#   56|   #endif
#   57|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def9]
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c: scope_hint: In function ‘nft__create_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7348:12: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(64)’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7331:21: note: in expansion of macro ‘yy_create_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7338:31: note: in expansion of macro ‘yyalloc’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c: scope_hint: In function ‘nft__create_buffer’
# 7346|   	 */
# 7347|   	b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2) , yyscanner );
# 7348|-> 	if ( ! b->yy_ch_buf )
# 7349|   		YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" );
# 7350|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def10]
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c: scope_hint: In function ‘nft__init_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7402:26: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘b’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7247:10: note: in expansion of macro ‘yyrestart’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7255:9: note: in expansion of macro ‘yyensure_buffer_stack’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7530:13: note: in expansion of macro ‘yyensure_buffer_stack’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7255:9: note: in expansion of macro ‘yyensure_buffer_stack’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7257:13: note: in expansion of macro ‘yy_create_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7331:21: note: in expansion of macro ‘yy_create_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7353:9: note: in expansion of macro ‘yy_init_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7390:17: note: in expansion of macro ‘yy_init_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7399:9: note: in expansion of macro ‘yy_flush_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7432:10: note: in expansion of macro ‘yy_flush_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7399:9: note: in expansion of macro ‘yy_flush_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7353:9: note: in expansion of macro ‘yy_init_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7257:13: note: in expansion of macro ‘yy_create_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7260:9: note: in expansion of macro ‘yy_init_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7260:9: note: in expansion of macro ‘yy_init_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7260:9: note: in expansion of macro ‘yy_init_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7390:17: note: in expansion of macro ‘yy_init_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7399:9: note: in expansion of macro ‘yy_flush_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7432:10: note: in expansion of macro ‘yy_flush_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7399:9: note: in expansion of macro ‘yy_flush_buffer’
# 7400|   
# 7401|   /* %if-c-only */
# 7402|-> 	b->yy_input_file = file;
# 7403|   /* %endif */
# 7404|   /* %if-c++-only */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def11]
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c: scope_hint: In function ‘nft_ensure_buffer_stack’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7553:42: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(8)’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.l:958:13: note: in expansion of macro ‘yy_create_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7331:21: note: in expansion of macro ‘yy_create_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7353:9: note: in expansion of macro ‘yy_init_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7390:17: note: in expansion of macro ‘yy_init_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7399:9: note: in expansion of macro ‘yy_flush_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7432:10: note: in expansion of macro ‘yy_flush_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7399:9: note: in expansion of macro ‘yy_flush_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7353:9: note: in expansion of macro ‘yy_init_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.l:958:13: note: in expansion of macro ‘yy_create_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.l:959:9: note: in expansion of macro ‘yypush_buffer_state’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c: scope_hint: In function ‘nft_ensure_buffer_stack’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7467:6: note: in expansion of macro ‘yypush_buffer_state’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7476:9: note: in expansion of macro ‘yyensure_buffer_stack’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7530:13: note: in expansion of macro ‘yyensure_buffer_stack’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7545:66: note: in expansion of macro ‘yyalloc’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c: scope_hint: In function ‘nft_ensure_buffer_stack’
# 7551|   		memset(yyg->yy_buffer_stack, 0, num_to_alloc * sizeof(struct yy_buffer_state*));
# 7552|   
# 7553|-> 		yyg->yy_buffer_stack_max = num_to_alloc;
# 7554|   		yyg->yy_buffer_stack_top = 0;
# 7555|   		return;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def12]
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c: scope_hint: In function ‘nft__scan_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7655:32: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(n)’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7639:17: note: in expansion of macro ‘yy_scan_bytes’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7648:24: note: in expansion of macro ‘yyalloc’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c: scope_hint: In function ‘nft__scan_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7657:13: note: in expansion of macro ‘yy_scan_buffer’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7585:17: note: in expansion of macro ‘yy_scan_buffer’
# 7653|   		buf[i] = yybytes[i];
# 7654|   
# 7655|-> 	buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR;
# 7656|   
# 7657|   	b = yy_scan_buffer( buf, n , yyscanner);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def13]
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7894:11: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘scanner’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.l: scope_hint: In function ‘scanner_init’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.l:1253:9: note: in expansion of macro ‘yylex_init_extra’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:7975:5: note: in expansion of macro ‘yylex_init_extra’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c: scope_hint: In function ‘scanner_init’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.c:274: included_from: Included from here.
nftables-1.0.9-build/nftables-1.0.9/src/scanner.l:1253:9: note: in expansion of macro ‘yylex_init_extra’
nftables-1.0.9-build/nftables-1.0.9/src/scanner.l:1254:9: note: in expansion of macro ‘yyset_out’
# 7892|   {
# 7893|       struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
# 7894|->     yyout = _out_str ;
# 7895|   }
# 7896|

Scan Properties

analyzer-version-clippy	1.82.0
analyzer-version-cppcheck	2.16.0
analyzer-version-gcc	14.2.1
analyzer-version-gcc-analyzer	15.0.0
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.82.0
diffbase-analyzer-version-cppcheck	2.16.0
diffbase-analyzer-version-gcc	14.2.1
diffbase-analyzer-version-gcc-analyzer	15.0.0
diffbase-analyzer-version-shellcheck	0.10.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-172.us-west-2.compute.internal
diffbase-mock-config	fedora-rawhide-gcc-latest-x86_64
diffbase-project-name	nftables-1.1.1-2.fc42
diffbase-store-results-to	/tmp/tmpurorjywv/nftables-1.1.1-2.fc42.tar.xz
diffbase-time-created	2024-11-13 02:03:20
diffbase-time-finished	2024-11-13 02:05:29
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpurorjywv/nftables-1.1.1-2.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpurorjywv/nftables-1.1.1-2.fc42.src.rpm'
diffbase-tool-version	csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-172.us-west-2.compute.internal
mock-config	fedora-rawhide-gcc-latest-x86_64
project-name	nftables-1.0.9-7.fc41
store-results-to	/tmp/tmpousc2gyr/nftables-1.0.9-7.fc41.tar.xz
time-created	2024-11-13 02:00:34
time-finished	2024-11-13 02:03:07
title	Fixed findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpousc2gyr/nftables-1.0.9-7.fc41.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpousc2gyr/nftables-1.0.9-7.fc41.src.rpm'
tool-version	csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9