rpcbind-1.2.7-1.rc1.fc42

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-476): [#def1]
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcb_svc_4.c: scope_hint: In function ‘rpcbproc_getaddrlist_4_local’
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcb_svc_4.c:411:47: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘tail’
#  409|   			tail = rp;
#  410|   		} else {
#  411|-> 			tail->rpcb_entry_next = rp;
#  412|   			tail = rp;
#  413|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def2]
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcb_svc_com.c: scope_hint: In function ‘forward_register’
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcb_svc_com.c:964:29: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
#  962|   	rpcb_rmtcalls++;	/* no of pending calls */
#  963|   	FINFO[j].flag = FINFO_ACTIVE;
#  964|-> 	FINFO[j].reply_type = reply_type;
#  965|   	FINFO[j].versnum = versnum;
#  966|   	FINFO[j].time = time_now;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def3]
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcb_svc_com.c: scope_hint: In function ‘handle_reply’
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcb_svc_com.c:1254:22: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘reply_msg.rm_xid’
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcb_svc_com.c: scope_hint: In function ‘handle_reply’
# 1252|   		free(buffer);
# 1253|   
# 1254|-> 	if (reply_msg.rm_xid == 0) {
# 1255|   #ifdef	SVC_RUN_DEBUG
# 1256|   	if (debugging) {

Error: COMPILER_WARNING (CWE-457): [#def4]
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcb_svc_com.c: scope_hint: In function ‘handle_reply’
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcb_svc_com.c:1254:22: warning[-Wmaybe-uninitialized]: ‘reply_msg.rm_xid’ may be used uninitialized
# 1254 |         if (reply_msg.rm_xid == 0) {
#      |             ~~~~~~~~~^~~~~~~
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcb_svc_com.c:1177:25: note: ‘reply_msg’ declared here
# 1177 |         struct rpc_msg  reply_msg;
#      |                         ^~~~~~~~~
# 1252|   		free(buffer);
# 1253|   
# 1254|-> 	if (reply_msg.rm_xid == 0) {
# 1255|   #ifdef	SVC_RUN_DEBUG
# 1256|   	if (debugging) {

Error: CPPCHECK_WARNING (CWE-401): [#def5]
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcbind.c:483: error[memleakOnRealloc]: Common realloc mistake: 'hosts' nulled but not freed upon failure
#  481|   		nhostsbak = nhosts;
#  482|   		nhostsbak++;
#  483|-> 		hosts = realloc(hosts, nhostsbak * sizeof(char *));
#  484|   		if (nhostsbak == 1)
#  485|   			hosts[0] = "*";

Error: GCC_ANALYZER_WARNING (CWE-476): [#def6]
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcbind.c: scope_hint: In function ‘init_transport’
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcbind.c:485:34: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  483|   		hosts = realloc(hosts, nhostsbak * sizeof(char *));
#  484|   		if (nhostsbak == 1)
#  485|-> 			hosts[0] = "*";
#  486|   		else {
#  487|   			if (hints.ai_family == AF_INET) {

Error: GCC_ANALYZER_WARNING (CWE-457): [#def7]
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcbind.c:487:34: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘hints.ai_family’
#  485|   			hosts[0] = "*";
#  486|   		else {
#  487|-> 			if (hints.ai_family == AF_INET) {
#  488|   				hosts[nhostsbak - 1] = "127.0.0.1";
#  489|   			} else if (hints.ai_family == AF_INET6) {

Error: GCC_ANALYZER_WARNING (CWE-457): [#def8]
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcbind.c:510:30: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘hints.ai_flags’
#  508|   			}
#  509|   
#  510|-> 			hints.ai_flags &= ~AI_NUMERICHOST;
#  511|   			switch (hints.ai_family) {
#  512|   			case AF_INET:

Error: GCC_ANALYZER_WARNING (CWE-688): [#def9]
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcbind.c:671:17: warning[-Wanalyzer-null-argument]: use of NULL ‘sa’ where non-null expected
<built-in>: note: argument 2 of ‘__builtin_memcpy’ must be non-null
#  669|   			return 1;
#  670|   		}
#  671|-> 		memcpy(taddr.addr.buf, sa, addrlen);
#  672|   #ifdef RPCBIND_DEBUG
#  673|   		if (debugging) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def10]
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcinfo.c:1016:3: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcinfo.c:841:11: note: in expansion of macro ‘CLNT_GETERR’
# 1014|       }
# 1015|     clnt_destroy (client);
# 1016|->   return;
# 1017|   error:fprintf (stderr, "rpcinfo: no memory\n");
# 1018|     return;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def11]
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcinfo.c: scope_hint: In function ‘rpcbdump’
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcinfo.c:1016:3: warning[-Wanalyzer-malloc-leak]: leak of ‘prev’
/usr/include/tirpc/rpc/rpc.h:49: included_from: Included from here.
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcinfo.c:52: included_from: Included from here.
rpcbind-1.2.7-build/rpcbind-1.2.7/src/rpcinfo.c:841:11: note: in expansion of macro ‘CLNT_GETERR’
# 1014|       }
# 1015|     clnt_destroy (client);
# 1016|->   return;
# 1017|   error:fprintf (stderr, "rpcinfo: no memory\n");
# 1018|     return;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def12]
rpcbind-1.2.7-build/rpcbind-1.2.7/src/util.c: scope_hint: In function ‘network_init’
rpcbind-1.2.7-build/rpcbind-1.2.7/src/util.c:326:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘local_in4’
#  324|   				fprintf(stderr, "can't alloc local ip4 addr\n");
#  325|   		}
#  326|-> 		memcpy(local_in4, res->ai_addr, sizeof *local_in4);
#  327|   	}
#  328|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def13]
rpcbind-1.2.7-build/rpcbind-1.2.7/src/util.c:341:17: warning[-Wanalyzer-null-argument]: use of NULL ‘local_in6’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
#  339|   				fprintf(stderr, "can't alloc local ip6 addr\n");
#  340|   		}
#  341|-> 		memcpy(local_in6, res->ai_addr, sizeof *local_in6);
#  342|   	}
#  343|   

Scan Properties