Newly introduced findings

List of Findings

Error: CPPCHECK_WARNING (CWE-457): [#def1]
nvme-cli-2.11-build/nvme-cli-2.11/nvme.c:4632: warning[uninitvar]: Uninitialized variable: result_def
# 4630|   	}
# 4631|   
# 4632|-> 	if (err || !cfg.changed || err_def || result != result_def ||
# 4633|   	    (buf && buf_def && !strcmp(buf, buf_def)))
# 4634|   		get_feature_id_print(cfg, err, result, buf);

Error: CPPCHECK_WARNING (CWE-404): [#def2]
nvme-cli-2.11-build/nvme-cli-2.11/nvme.c:9666: error[resourceLeak]: Resource leak: fd
# 9664|   			nvme_show_error("Failed to revoke key '%s'",
# 9665|   					nvme_strerror(errno));
# 9666|-> 			return err;
# 9667|   		}
# 9668|   

Error: CPPCHECK_WARNING (CWE-457): [#def3]
nvme-cli-2.11-build/nvme-cli-2.11/plugins/innogrit/innogrit-nvme.c:72: error[uninitvar]: Uninitialized variable: pdrvinfo->signature
#   70|   	for (ilogid = 0xe1; ilogid < 0xe2; ilogid++) {
#   71|   		getlogpage(dev, ilogid, 0, data, 4096, NULL);
#   72|-> 		if (pdrvinfo->signature == 0x5A)
#   73|   			return 1;
#   74|   	}

Error: CPPCHECK_WARNING (CWE-457): [#def4]
nvme-cli-2.11-build/nvme-cli-2.11/plugins/innogrit/innogrit-nvme.c:114: error[uninitvar]: Uninitialized variable: pevlog->signature
#  112|   		}
#  113|   
#  114|-> 		if (pevlog->signature == EVLOG_SIG) {
#  115|   			errcnt = 0;
#  116|   		} else {

Error: GCC_ANALYZER_WARNING (CWE-688): [#def5]
nvme-cli-2.11-build/nvme-cli-2.11/plugins/innogrit/innogrit-nvme.c: scope_hint: In function ‘getvsc_eventlog’
nvme-cli-2.11-build/nvme-cli-2.11/plugins/innogrit/innogrit-nvme.c:135:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘fp’ where non-null expected
nvme-cli-2.11-build/nvme-cli-2.11/plugins/innogrit/innogrit-nvme.c:2: included_from: Included from here.
/usr/include/stdio.h:735:15: note: argument 4 of ‘fwrite’ must be non-null
#  133|   			printf("get eventlog by vsc command\n");
#  134|   			start_flag = 1;
#  135|-> 			fwrite(data, 1, 4096, fp);
#  136|   			rxlen += 4096;
#  137|   		}

Error: GCC_ANALYZER_WARNING (CWE-688): [#def6]
nvme-cli-2.11-build/nvme-cli-2.11/plugins/innogrit/innogrit-nvme.c: scope_hint: In function ‘getlogpage_eventlog’
nvme-cli-2.11-build/nvme-cli-2.11/plugins/innogrit/innogrit-nvme.c:169:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘fp’ where non-null expected
/usr/include/stdio.h:735:15: note: argument 4 of ‘fwrite’ must be non-null
#  167|   			return IG_ERROR;
#  168|   		}
#  169|-> 		fwrite(data, 1, 4096, fp);
#  170|   	}
#  171|   	printf("\n");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def7]
nvme-cli-2.11-build/nvme-cli-2.11/plugins/innogrit/innogrit-nvme.c: scope_hint: In function ‘innogrit_vsc_getcdump’
nvme-cli-2.11-build/nvme-cli-2.11/plugins/innogrit/innogrit-nvme.c:241:24: warning[-Wanalyzer-file-leak]: leak of FILE ‘fp’
#  239|   	ret = parse_and_open(&dev, argc, argv, desc, opts);
#  240|   	if (ret)
#  241|-> 		return ret;
#  242|   
#  243|   	ivsctype = getvsctype(dev);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
nvme-cli-2.11-build/nvme-cli-2.11/plugins/innogrit/innogrit-nvme.c:241:24: warning[-Wanalyzer-malloc-leak]: leak of ‘fp’
#  239|   	ret = parse_and_open(&dev, argc, argv, desc, opts);
#  240|   	if (ret)
#  241|-> 		return ret;
#  242|   
#  243|   	ivsctype = getvsctype(dev);

Error: CPPCHECK_WARNING (CWE-404): [#def9]
nvme-cli-2.11-build/nvme-cli-2.11/plugins/innogrit/innogrit-nvme.c:305: error[resourceLeak]: Resource leak: fp
#  303|   	if (itotal == 0) {
#  304|   		printf("no cdump data\n");
#  305|-> 		return 0;
#  306|   	}
#  307|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def10]
nvme-cli-2.11-build/nvme-cli-2.11/plugins/innogrit/innogrit-nvme.c:311:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘fp’ where non-null expected
/usr/include/stdio.h:735:15: note: argument 4 of ‘fwrite’ must be non-null
#  309|   		memset(data, 0, 4096);
#  310|   		strcpy((char *)data, "cdumpstart");
#  311|-> 		fwrite(data, 1, strlen((char *)data), fp);
#  312|   		for (icur = 0; icur < itotal; icur += 4096) {
#  313|   			memset(data, 0, 4096);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def11]
nvme-cli-2.11-build/nvme-cli-2.11/plugins/netapp/netapp-nvme.c: scope_hint: In function ‘netapp_ontapdevices_print_regular’
nvme-cli-2.11-build/nvme-cli-2.11/plugins/netapp/netapp-nvme.c:449:25: warning[-Wanalyzer-null-argument]: use of NULL ‘formatstr’ where non-null expected
nvme-cli-2.11-build/nvme-cli-2.11/plugins/netapp/netapp-nvme.c:17: included_from: Included from here.
/usr/include/stdio.h:363:12: note: argument 1 of ‘printf’ must be non-null
#  447|   					devices[i].log_data);
#  448|   
#  449|-> 			printf(formatstr, devices[i].dev, vsname, nspath,
#  450|   					devices[i].nsid, uuid_str, size);
#  451|   			return;

Error: GCC_ANALYZER_WARNING: [#def12]
nvme-cli-2.11-build/nvme-cli-2.11/plugins/ocp/ocp-hardware-component-log.c: scope_hint: In function ‘get_hwcomp_log_data’
nvme-cli-2.11-build/nvme-cli-2.11/plugins/ocp/ocp-hardware-component-log.c:197:21: warning[-Wanalyzer-imprecise-fp-arithmetic]: use of floating-point arithmetic here might yield unexpected results
nvme-cli-2.11-build/nvme-cli-2.11/plugins/ocp/ocp-hardware-component-log.c:10: included_from: Included from here.
nvme-cli-2.11-build/nvme-cli-2.11/plugins/ocp/ocp-hardware-component-log.c:191:9: note: in expansion of macro ‘print_info’
nvme-cli-2.11-build/nvme-cli-2.11/plugins/ocp/ocp-hardware-component-log.c:197:21: note: only use operands of an integer type inside the size argument
#  195|   
#  196|   	args.len = uint128_t_to_double(le128_to_cpu(log->size)) * sizeof(__le32);
#  197|-> 	log->desc = calloc(1, args.len);
#  198|   	if (!log->desc) {
#  199|   		fprintf(stderr, "error: ocp: calloc: %s\n", strerror(errno));

Error: CPPCHECK_WARNING (CWE-476): [#def13]
nvme-cli-2.11-build/nvme-cli-2.11/plugins/ocp/ocp-telemetry-decode.c:441: warning[nullPointer]: Possible null pointer dereference: pdata
#  439|   
#  440|   	for (size_t i = 0; i < data_size; ++i) {
#  441|-> 		sprintf(temp_buffer, "%02X", pdata[i]);
#  442|   		strcat(description_str, temp_buffer);
#  443|   	}

Error: CPPCHECK_WARNING (CWE-457): [#def14]
nvme-cli-2.11-build/nvme-cli-2.11/plugins/solidigm/solidigm-workload-tracker.c:477: warning[uninitvar]: Uninitialized variable: dest
#  475|   static void join_fields(char *dest, struct field *fields)
#  476|   {
#  477|-> 	strcat(dest, fields[0].name);
#  478|   	for (int i = 1; i < MAX_FIELDS; i++) {
#  479|   		char *name = fields[i].name;

Scan Properties

analyzer-version-clippy	1.82.0
analyzer-version-cppcheck	2.16.0
analyzer-version-gcc	14.2.1
analyzer-version-gcc-analyzer	15.0.0
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.82.0
diffbase-analyzer-version-cppcheck	2.16.0
diffbase-analyzer-version-gcc	14.2.1
diffbase-analyzer-version-gcc-analyzer	15.0.0
diffbase-analyzer-version-shellcheck	0.10.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-7.us-west-2.compute.internal
diffbase-mock-config	fedora-rawhide-gcc-latest-x86_64
diffbase-project-name	nvme-cli-2.10.2-2.fc41
diffbase-store-results-to	/tmp/tmp_jymjton/nvme-cli-2.10.2-2.fc41.tar.xz
diffbase-time-created	2024-11-13 02:01:10
diffbase-time-finished	2024-11-13 02:04:07
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmp_jymjton/nvme-cli-2.10.2-2.fc41.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmp_jymjton/nvme-cli-2.10.2-2.fc41.src.rpm'
diffbase-tool-version	csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-7.us-west-2.compute.internal
mock-config	fedora-rawhide-gcc-latest-x86_64
project-name	nvme-cli-2.11-1.fc42
store-results-to	/tmp/tmpqeu9h3i3/nvme-cli-2.11-1.fc42.tar.xz
time-created	2024-11-13 02:04:35
time-finished	2024-11-13 02:06:55
title	Newly introduced findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpqeu9h3i3/nvme-cli-2.11-1.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpqeu9h3i3/nvme-cli-2.11-1.fc42.src.rpm'
tool-version	csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9