python-crypto-2.6.1-53.fc42

List of Findings

Error: COMPILER_WARNING: [#def1]
python-crypto-2.6.1-build/pycrypto-2.6.1/src/MD2.c: scope_hint: At top level
python-crypto-2.6.1-build/pycrypto-2.6.1/src/MD2.c:45:19: warning[-Wunused-const-variable=]: ‘md2_oid’ defined but not used
#   45 | static const char md2_oid[] = { 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x02 };
#      |                   ^~~~~~~
#   43|    * 			}
#   44|    */
#   45|-> static const char md2_oid[] = { 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x02 };
#   46|   
#   47|   #define DER_OID 		((void*)&md2_oid)

Error: COMPILER_WARNING (CWE-195): [#def2]
python-crypto-2.6.1-build/pycrypto-2.6.1/src/MD2.c: scope_hint: In function ‘hash_update’
python-crypto-2.6.1-build/pycrypto-2.6.1/src/MD2.c:102:36: warning[-Wsign-compare]: comparison of integer expressions of different signedness: ‘int’ and ‘U32’ {aka ‘unsigned int’}
#  102 |                 L=(16-self->count) < len ? (16-self->count) : len;
#      |                                    ^
#  100|   	while (len) 
#  101|   	{
#  102|-> 		L=(16-self->count) < len ? (16-self->count) : len;
#  103|   		memcpy(self->buf+self->count, buf, L);
#  104|   		self->count+=L;

Error: COMPILER_WARNING (CWE-195): [#def3]
python-crypto-2.6.1-build/pycrypto-2.6.1/src/MD2.c:102:44: warning[-Wsign-compare]: operand of ‘?:’ changes signedness from ‘int’ to ‘U32’ {aka ‘unsigned int’} due to unsignedness of other operand
#  102 |                 L=(16-self->count) < len ? (16-self->count) : len;
#      |                                            ^~~~~~~~~~~~~~~~
#  100|   	while (len) 
#  101|   	{
#  102|-> 		L=(16-self->count) < len ? (16-self->count) : len;
#  103|   		memcpy(self->buf+self->count, buf, L);
#  104|   		self->count+=L;

Error: COMPILER_WARNING (CWE-195): [#def4]
python-crypto-2.6.1-build/pycrypto-2.6.1/src/MD2.c: scope_hint: In function ‘hash_digest’
python-crypto-2.6.1-build/pycrypto-2.6.1/src/MD2.c:142:19: warning[-Wsign-compare]: comparison of integer expressions of different signedness: ‘int’ and ‘U32’ {aka ‘unsigned int’}
#  142 |         for(i=0; i<padlen; i++) padding[i]=padlen;
#      |                   ^
#  140|   	memcpy(&temp, self, sizeof(hash_state));
#  141|   	padlen= 16-self->count;
#  142|-> 	for(i=0; i<padlen; i++) padding[i]=padlen;
#  143|   	hash_update(&temp, padding, padlen);
#  144|   	hash_update(&temp, temp.C, 16);

Error: COMPILER_WARNING (CWE-483): [#def5]
python-crypto-2.6.1-build/pycrypto-2.6.1/src/_counter.c: scope_hint: In function ‘PyInit__counter’
python-crypto-2.6.1-build/pycrypto-2.6.1/src/_counter.c:570:5: warning[-Wmisleading-indentation]: this ‘if’ clause does not guard...
#  570 |     if (m == NULL)
#      |     ^~
python-crypto-2.6.1-build/pycrypto-2.6.1/src/_counter.c:573:9: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the ‘if’
#  573 |         return m;
#      |         ^~~~~~
#  568|       /* Initialize the module */
#  569|       m = PyModule_Create(&moduledef);
#  570|->     if (m == NULL)
#  571|           return NULL;
#  572|   

Error: COMPILER_WARNING (CWE-195): [#def6]
python-crypto-2.6.1-build/pycrypto-2.6.1/src/_fastmath.c: scope_hint: In function ‘rabinMillerTest’
python-crypto-2.6.1-build/pycrypto-2.6.1/src/_fastmath.c:1398:57: warning[-Wsign-compare]: comparison of integer expressions of different signedness: ‘long unsigned int’ and ‘int’
# 1398 |         if (mpz_fits_ulong_p (n) && (mpz_get_ui (n) - 2 < rounds))
#      |                                                         ^
# 1396|   	mpz_fdiv_q_2exp (m, n_1, b);
# 1397|   
# 1398|-> 	if (mpz_fits_ulong_p (n) && (mpz_get_ui (n) - 2 < rounds))
# 1399|   		rounds = mpz_get_ui (n) - 2;
# 1400|   	for (i = 0; i < rounds; ++i)

Error: COMPILER_WARNING (CWE-195): [#def7]
python-crypto-2.6.1-build/pycrypto-2.6.1/src/_fastmath.c:1400:23: warning[-Wsign-compare]: comparison of integer expressions of different signedness: ‘long unsigned int’ and ‘int’
# 1400 |         for (i = 0; i < rounds; ++i)
#      |                       ^
# 1398|   	if (mpz_fits_ulong_p (n) && (mpz_get_ui (n) - 2 < rounds))
# 1399|   		rounds = mpz_get_ui (n) - 2;
# 1400|-> 	for (i = 0; i < rounds; ++i)
# 1401|   	{
# 1402|   		mpz_set_ui (tmp, 2);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def8]
python-crypto-2.6.1-build/pycrypto-2.6.1/src/_fastmath.c: scope_hint: In function ‘getStrongPrime’
python-crypto-2.6.1-build/pycrypto-2.6.1/src/_fastmath.c:1563:34: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘field’
/usr/include/python3.13/Python.h:124: included_from: Included from here.
python-crypto-2.6.1-build/pycrypto-2.6.1/src/_fastmath.c:31: included_from: Included from here.
python-crypto-2.6.1-build/pycrypto-2.6.1/src/_fastmath.c:1505:9: note: in expansion of macro ‘Py_BEGIN_ALLOW_THREADS’
/usr/include/python3.13/Python.h:72: included_from: Included from here.
python-crypto-2.6.1-build/pycrypto-2.6.1/src/_fastmath.c:1258:9: note: in expansion of macro ‘Py_XDECREF’
python-crypto-2.6.1-build/pycrypto-2.6.1/src/_fastmath.c:1258:9: note: in expansion of macro ‘Py_XDECREF’
python-crypto-2.6.1-build/pycrypto-2.6.1/src/_fastmath.c:1258:9: note: in expansion of macro ‘Py_XDECREF’
python-crypto-2.6.1-build/pycrypto-2.6.1/src/_fastmath.c:1258:9: note: in expansion of macro ‘Py_XDECREF’
python-crypto-2.6.1-build/pycrypto-2.6.1/src/_fastmath.c:1258:9: note: in expansion of macro ‘Py_XDECREF’
python-crypto-2.6.1-build/pycrypto-2.6.1/src/_fastmath.c:1258:9: note: in expansion of macro ‘Py_XDECREF’
# 1561|   		{
# 1562|   			/* look for next canidate */
# 1563|-> 			if (field[j])
# 1564|   				continue;
# 1565|   			mpz_add_ui (tmp[0], y[i], j);

Error: COMPILER_WARNING (CWE-569): [#def9]
python-crypto-2.6.1-build/pycrypto-2.6.1/src/SHA256.c:72: included_from: Included from here.
python-crypto-2.6.1-build/pycrypto-2.6.1/src/hash_SHA2_template.c: scope_hint: In function ‘add_length’
python-crypto-2.6.1-build/pycrypto-2.6.1/src/hash_SHA2_template.c:97:30: warning[-Wtautological-compare]: self-comparison always evaluates to false
#   97 |         if (hs->length_upper > hs->length_upper)
#      |                              ^
#   95|           overflow_detector = hs->length_upper;
#   96|           hs->length_upper++;
#   97|->         if (hs->length_upper > hs->length_upper)
#   98|               return 0;
#   99|       }

Error: COMPILER_WARNING: [#def10]
python-crypto-2.6.1-build/pycrypto-2.6.1/src/strxor.c:31:19: warning[-Wunused-const-variable=]: ‘rcsid’ defined but not used
#   31 | static const char rcsid[] = "$Id$";
#      |                   ^~~~~
#   29|   #include "pycrypto_compat.h"
#   30|   
#   31|-> static const char rcsid[] = "$Id$";
#   32|   
#   33|   /*

Scan Properties

analyzer-version-clippy	1.82.0
analyzer-version-cppcheck	2.16.0
analyzer-version-gcc	14.2.1
analyzer-version-gcc-analyzer	15.0.0
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-147.us-west-2.compute.internal
mock-config	fedora-rawhide-gcc-latest-x86_64
project-name	python-crypto-2.6.1-53.fc42
store-results-to	/tmp/tmpedj6_ybt/python-crypto-2.6.1-53.fc42.tar.xz
time-created	2024-11-13 02:37:31
time-finished	2024-11-13 02:39:04
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpedj6_ybt/python-crypto-2.6.1-53.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpedj6_ybt/python-crypto-2.6.1-53.fc42.src.rpm'
tool-version	csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9