Error: SHELLCHECK_WARNING (CWE-252): [#def1] /usr/lib/rpm/brp-compress:10:1: warning[SC2164]: Use 'cd ... || exit' or 'cd ... || return' in case cd fails. # 8| PREFIX=${1:-/usr} # 9| # 10|-> cd "$RPM_BUILD_ROOT" # 11| # 12| # Compress man pages Error: SHELLCHECK_WARNING (CWE-569): [#def2] /usr/lib/rpm/brp-remove-la-files:8:45: warning[SC2227]: Redirection applies to the find command itself. Rewrite to work per action (or move to end). # 6| fi # 7| # 8|-> find "$RPM_BUILD_ROOT" -type f -name '*.la' 2>/dev/null -print0 | # 9| xargs -0 grep --fixed-strings '.la - a libtool library file' --files-with-matches --null | # 10| xargs -0 rm --force Error: SHELLCHECK_WARNING: [#def3] /usr/lib/rpm/brp-strip:32:3: warning[SC3043]: In POSIX sh, 'local' is undefined. # 30| strip_elf_binaries() # 31| { # 32|-> local nlinks="${1}" # 33| local nprocs="${2}" # 34| Error: SHELLCHECK_WARNING: [#def4] /usr/lib/rpm/brp-strip:33:3: warning[SC3043]: In POSIX sh, 'local' is undefined. # 31| { # 32| local nlinks="${1}" # 33|-> local nprocs="${2}" # 34| # 35| find "$RPM_BUILD_ROOT" -type f \ Error: SHELLCHECK_WARNING (CWE-569): [#def5] /usr/lib/rpm/check-files:26:15: warning[SC2064]: Use single quotes, otherwise this expands now rather than when signalled. # 24| # 25| # Ensure temporary file is cleaned up when we exit # 26|-> trap "rm -f \"${FILES_DISK}\"" 0 2 3 5 10 13 15 # 27| # 28| # Find non-directory files in the build root and compare to the manifest. Error: SHELLCHECK_WARNING (CWE-398): [#def6] /usr/lib/rpm/check-files:26:38: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names. # 24| # 25| # Ensure temporary file is cleaned up when we exit # 26|-> trap "rm -f \"${FILES_DISK}\"" 0 2 3 5 10 13 15 # 27| # 28| # Find non-directory files in the build root and compare to the manifest. Error: SHELLCHECK_WARNING (CWE-398): [#def7] /usr/lib/rpm/check-files:26:40: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names. # 24| # 25| # Ensure temporary file is cleaned up when we exit # 26|-> trap "rm -f \"${FILES_DISK}\"" 0 2 3 5 10 13 15 # 27| # 28| # Find non-directory files in the build root and compare to the manifest. Error: SHELLCHECK_WARNING (CWE-398): [#def8] /usr/lib/rpm/check-files:26:43: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names. # 24| # 25| # Ensure temporary file is cleaned up when we exit # 26|-> trap "rm -f \"${FILES_DISK}\"" 0 2 3 5 10 13 15 # 27| # 28| # Find non-directory files in the build root and compare to the manifest. Error: SHELLCHECK_WARNING (CWE-138): [#def9] /usr/lib/rpm/check-rpaths-worker:90:23: error[SC2145]: Argument mixes string and array. Use * or separate argument. # 88| # 89| shift 2 # 90|-> echo "$msg $code: $@" >&2 # 91| # 92| test -z "$fail" Error: SHELLCHECK_WARNING (CWE-88): [#def10] /usr/lib/rpm/find-lang.sh:133:13: error[SC2068]: Double quote array expansions to avoid re-splitting elements. # 131| fi # 132| # 133|-> for NAME in ${NAMES[@]}; do # 134| # 135| find "$TOP_DIR" -type f -o -type l|sed ' Error: SHELLCHECK_WARNING (CWE-569): [#def11] /usr/lib/rpm/ocamldeps.sh:232:30: warning[SC2124]: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate. # 230| export rpm_prefix_implementation # 231| export mode # 232|-> export ignore_implementation="${ignore_implementation_a[@]}" # 233| export ignore_interface="${ignore_interface_a[@]}" # 234| # Error: SHELLCHECK_WARNING (CWE-569): [#def12] /usr/lib/rpm/ocamldeps.sh:233:25: warning[SC2124]: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate. # 231| export mode # 232| export ignore_implementation="${ignore_implementation_a[@]}" # 233|-> export ignore_interface="${ignore_interface_a[@]}" # 234| # # 235| while read filename Error: SHELLCHECK_WARNING: [#def13] /usr/lib/rpm/rpm2cpio.sh:13:2: warning[SC3043]: In POSIX sh, 'local' is undefined. # 11| # 12| _dd() { # 13|-> local o="$1"; shift # 14| dd if="$pkg" skip="$o" iflag=skip_bytes status=none $* # 15| } Error: SHELLCHECK_WARNING (CWE-569): [#def14] /usr/lib/rpm/rpm2cpio.sh:14:54: warning[SC2048]: Use "$@" (with quotes) to prevent whitespace problems. # 12| _dd() { # 13| local o="$1"; shift # 14|-> dd if="$pkg" skip="$o" iflag=skip_bytes status=none $* # 15| } # 16| Error: SHELLCHECK_WARNING: [#def15] /usr/lib/rpm/rpm2cpio.sh:26:2: warning[SC3043]: In POSIX sh, 'local' is undefined. # 24| offset=$(($1 + 8)) # 25| # 26|-> local i b b0 b1 b2 b3 b4 b5 b6 b7 # 27| # 28| i=0 Error: SHELLCHECK_WARNING (CWE-563): [#def16] /usr/lib/rpm/rpm2cpio.sh:55:1: warning[SC2034]: hdrsize appears unused. Verify use (or export if used externally). # 53| # 54| calcsize $(($offset + (8 - ($sigsize % 8)) % 8)) # 55|-> hdrsize=$rsize # 56| # 57| case "$(_dd $offset bs=2 count=1 | tr -d '\0')" in Error: SHELLCHECK_WARNING (CWE-569): [#def17] /usr/lib/rpm/tgpg:4:12: warning[SC2048]: Use "$@" (with quotes) to prevent whitespace problems. # 2| # 3| # 4|-> for pkg in $* # 5| do # 6| if [ "$pkg" = "" ] || [ ! -e "$pkg" ]; then Error: SHELLCHECK_WARNING (CWE-156): [#def18] /usr/lib/rpm/tgpg:21:9: warning[SC2046]: Quote this to prevent word splitting. # 19| o=`expr $leadsize + 8` # 20| # 21|-> set `od -j $o -N 8 -t u1 $pkg` # 22| il=`expr 256 \* \( 256 \* \( 256 \* $2 + $3 \) + $4 \) + $5` # 23| dl=`expr 256 \* \( 256 \* \( 256 \* $6 + $7 \) + $8 \) + $9` Error: GCC_ANALYZER_WARNING (CWE-465): [#def19] rpm-4.20.0-build/rpm-4.20.0/build/files.c: scope_hint: In function ‘addFile’ rpm-4.20.0-build/rpm-4.20.0/build/files.c:1450:8: warning[-Wanalyzer-deref-before-check]: check of ‘fl.buildRoot’ for NULL after already dereferencing it # 1448| * # 1449| */ # 1450|-> if (fl->buildRoot && !rstreq(fl->buildRoot, "/")) # 1451| cpioPath += fl->buildRootLen; # 1452| Error: GCC_ANALYZER_WARNING (CWE-775): [#def20] rpm-4.20.0-build/rpm-4.20.0/build/rpmfc.c:295:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fromProg[0]’ rpm-4.20.0-build/rpm-4.20.0/misc/system.h:60:41: note: in definition of macro ‘xcalloc’ rpm-4.20.0-build/rpm-4.20.0/build/rpmfc.c:1677:13: note: in expansion of macro ‘_’ /usr/include/sys/select.h:30: included_from: Included from here. /usr/include/sys/types.h:179: included_from: Included from here. /usr/include/sys/param.h:25: included_from: Included from here. rpm-4.20.0-build/rpm-4.20.0/misc/system.h:15: included_from: Included from here. # 293| if (doio && (pipe(toProg) < 0 || pipe(fromProg) < 0)) { # 294| rpmlog(RPMLOG_ERR, _("Couldn't create pipe for %s: %m\n"), argv[0]); # 295|-> return -1; # 296| } # 297| Error: GCC_ANALYZER_WARNING (CWE-775): [#def21] rpm-4.20.0-build/rpm-4.20.0/build/rpmfc.c: scope_hint: In function ‘getOutputFrom’ rpm-4.20.0-build/rpm-4.20.0/build/rpmfc.c:295:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘toProg[0]’ rpm-4.20.0-build/rpm-4.20.0/build/rpmfc.c:1: included_from: Included from here. rpm-4.20.0-build/rpm-4.20.0/misc/system.h:60:41: note: in definition of macro ‘xcalloc’ rpm-4.20.0-build/rpm-4.20.0/misc/system.h:87: included_from: Included from here. rpm-4.20.0-build/rpm-4.20.0/build/rpmfc.c:1677:13: note: in expansion of macro ‘_’ # 293| if (doio && (pipe(toProg) < 0 || pipe(fromProg) < 0)) { # 294| rpmlog(RPMLOG_ERR, _("Couldn't create pipe for %s: %m\n"), argv[0]); # 295|-> return -1; # 296| } # 297| Error: GCC_ANALYZER_WARNING (CWE-775): [#def22] rpm-4.20.0-build/rpm-4.20.0/build/rpmfc.c:295:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘toProg[1]’ rpm-4.20.0-build/rpm-4.20.0/misc/system.h:60:41: note: in definition of macro ‘xcalloc’ rpm-4.20.0-build/rpm-4.20.0/build/rpmfc.c:1677:13: note: in expansion of macro ‘_’ # 293| if (doio && (pipe(toProg) < 0 || pipe(fromProg) < 0)) { # 294| rpmlog(RPMLOG_ERR, _("Couldn't create pipe for %s: %m\n"), argv[0]); # 295|-> return -1; # 296| } # 297| Error: GCC_ANALYZER_WARNING: [#def23] rpm-4.20.0-build/rpm-4.20.0/build/rpmfc.c:328:13: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘-1’ rpm-4.20.0-build/rpm-4.20.0/misc/system.h:60:41: note: in definition of macro ‘xcalloc’ rpm-4.20.0-build/rpm-4.20.0/build/rpmfc.c:1677:13: note: in expansion of macro ‘_’ # 326| close(toProg[0]); # 327| } else { # 328|-> dup2(fromProg[1], STDIN_FILENO); # 329| } # 330| Error: GCC_ANALYZER_WARNING: [#def24] rpm-4.20.0-build/rpm-4.20.0/build/rpmfc.c:331:9: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘-1’ rpm-4.20.0-build/rpm-4.20.0/misc/system.h:60:41: note: in definition of macro ‘xcalloc’ rpm-4.20.0-build/rpm-4.20.0/build/rpmfc.c:1677:13: note: in expansion of macro ‘_’ # 329| } # 330| # 331|-> dup2(fromProg[1], STDOUT_FILENO); /* Make stdout the out pipe */ # 332| close(fromProg[1]); # 333| Error: GCC_ANALYZER_WARNING (CWE-476): [#def25] rpm-4.20.0-build/rpm-4.20.0/build/rpmfc.c: scope_hint: In function ‘initAttrs’ rpm-4.20.0-build/rpm-4.20.0/build/rpmfc.c:1226:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ # 1224| # 1225| for (int i = 0; i < nattrs; i++) { # 1226|-> fc->atypes[i] = rpmfcAttrNew(all_attrs[i]); # 1227| } # 1228| fc->atypes[nattrs] = NULL; Error: CPPCHECK_WARNING (CWE-758): [#def26] rpm-4.20.0-build/rpm-4.20.0/include/rpm/rpmbuild.h:43: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 41| RPMBUILD_MKBUILDDIR = (1 << 23), /*!< Internal use only */ # 42| # 43|-> RPMBUILD_NOBUILD = (1 << 31) /*!< Don't execute or package. */ # 44| }; # 45| Error: CPPCHECK_WARNING (CWE-758): [#def27] rpm-4.20.0-build/rpm-4.20.0/include/rpm/rpmfc.h:40: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 38| RPMFC_WHITE = (1 << 29), # 39| RPMFC_INCLUDE = (1 << 30), # 40|-> RPMFC_ERROR = (1 << 31) # 41| }; # 42| Error: CPPCHECK_WARNING (CWE-758): [#def28] rpm-4.20.0-build/rpm-4.20.0/include/rpm/rpmfiles.h:91: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 89| RPMVERIFY_READFAIL = (1 << 29), /*!< file read failed */ # 90| RPMVERIFY_LSTATFAIL = (1 << 30), /*!< lstat failed */ # 91|-> RPMVERIFY_LGETFILECONFAIL = (1 << 31) /*!< lgetfilecon failed */ # 92| }; # 93| Error: CPPCHECK_WARNING (CWE-758): [#def29] rpm-4.20.0-build/rpm-4.20.0/include/rpm/rpmplugin.h:25: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 23| enum rpmFileActionFlags_e { # 24| /* bits 0-15 reserved for actions */ # 25|-> FAF_UNOWNED = (1 << 31) # 26| }; # 27| typedef rpmFlags rpmFileActionFlags; Error: GCC_ANALYZER_WARNING (CWE-688): [#def30] rpm-4.20.0-build/rpm-4.20.0/include/rpm/rpmstring.h:117:13: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmstrpool.c: scope_hint: In function ‘rpmstrPoolStreq’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmstrpool.c: scope_hint: In function ‘rpmstrPoolStreq’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmstrpool.c: scope_hint: In function ‘rpmstrPoolStreq’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmstrpool.c: scope_hint: In function ‘rpmstrPoolStreq’ rpm-4.20.0-build/rpm-4.20.0/include/rpm/rpmstring.h:10: included_from: Included from here. /usr/include/string.h: scope_hint: In function ‘rpmstrPoolStreq’ /usr/include/string.h:156:12: note: argument 1 of ‘strcmp’ must be non-null # 115| static inline int rstreq(const char *s1, const char *s2) # 116| { # 117|-> return (strcmp(s1, s2) == 0); # 118| } # 119| Error: CPPCHECK_WARNING (CWE-758): [#def31] rpm-4.20.0-build/rpm-4.20.0/include/rpm/rpmts.h:59: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 57| RPMTRANS_FLAG_NOARTIFACTS = (1 << 29), /*!< from --noartifacts */ # 58| RPMTRANS_FLAG_NOCONFIGS = (1 << 30), /*!< from --noconfigs */ # 59|-> RPMTRANS_FLAG_DEPLOOPS = (1 << 31) /*!< from --deploops */ # 60| }; # 61| Error: GCC_ANALYZER_WARNING (CWE-476): [#def32] rpm-4.20.0-build/rpm-4.20.0/lib/backend/sqlite.c: scope_hint: In function ‘sqlite_pkgdbPut’ rpm-4.20.0-build/rpm-4.20.0/lib/backend/sqlite.c:453:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘hdrNum’ # 451| # 452| if (!rc) # 453|-> rc = dbiCursorBindPkg(dbc, *hdrNum, hdrBlob, hdrLen); # 454| # 455| if (!rc) { Error: CPPCHECK_WARNING (CWE-476): [#def33] rpm-4.20.0-build/rpm-4.20.0/lib/depends.c:855: warning[nullPointer]: Possible null pointer dereference: dep # 853| dep = rpmdsN(depds); # 854| if (neg) { # 855|-> ndep = (char *)xmalloc(strlen(dep) + 2); # 856| ndep[0] = '!'; # 857| strcpy(ndep + 1, dep); Error: CPPCHECK_WARNING (CWE-476): [#def34] rpm-4.20.0-build/rpm-4.20.0/lib/depends.c:857: warning[nullPointer]: Possible null pointer dereference: dep # 855| ndep = (char *)xmalloc(strlen(dep) + 2); # 856| ndep[0] = '!'; # 857|-> strcpy(ndep + 1, dep); # 858| dep = ndep; # 859| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def35] rpm-4.20.0-build/rpm-4.20.0/lib/formats.c: scope_hint: In function ‘jsonEscape’ rpm-4.20.0-build/rpm-4.20.0/lib/formats.c:344:29: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘c’ # 342| char *es = NULL; # 343| rstrcat(&es, "\""); # 344|-> for (const char *c = s; *c != '\0'; c++) { # 345| const char *ec = NULL; # 346| switch (*c) { Error: COMPILER_WARNING (CWE-252): [#def36] rpm-4.20.0-build/rpm-4.20.0/lib/fsm.c: scope_hint: In function ‘removeSBITS’ rpm-4.20.0-build/rpm-4.20.0/lib/fsm.c:479:20: warning[-Wunused-result]: ignoring return value of ‘fchmodat’ declared with attribute ‘warn_unused_result’ # 479 | (void) fchmodat(dirfd, path, stb.st_mode & 0777, 0); # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 477| /* We now know it's not a link so no need to worry about following */ # 478| if ((stb.st_mode & 06000) != 0) { # 479|-> (void) fchmodat(dirfd, path, stb.st_mode & 0777, 0); # 480| } # 481| #ifdef WITH_CAP Error: CPPCHECK_WARNING (CWE-457): [#def37] rpm-4.20.0-build/rpm-4.20.0/lib/header.c:894: error[uninitvar]: Uninitialized variables: &key.data, &key.length, &key.rdlen # 892| key.info.tag = tag; # 893| # 894|-> entry = (indexEntry)bsearch(&key, h->index, h->indexUsed, sizeof(*h->index), indexCmp); # 895| if (entry == NULL) # 896| return NULL; Error: GCC_ANALYZER_WARNING (CWE-476): [#def38] rpm-4.20.0-build/rpm-4.20.0/lib/rpmds.c: scope_hint: In function ‘rpmrichParseInternal’ rpm-4.20.0-build/rpm-4.20.0/lib/rpmds.c:1403:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘depstr’ # 1401| if (cb && cb(cbdata, RPMRICH_PARSE_ENTER, p, 0, 0, 0, 0, op, emsg) != RPMRC_OK) # 1402| return RPMRC_FAIL; # 1403|-> if (*p++ != '(') { # 1404| if (emsg) # 1405| rasprintf(emsg, _("Rich dependency does not start with '('")); Error: GCC_ANALYZER_WARNING (CWE-476): [#def39] rpm-4.20.0-build/rpm-4.20.0/lib/rpmds.c: scope_hint: In function ‘rpmdsParseRichDepCB’ rpm-4.20.0-build/rpm-4.20.0/lib/rpmds.c:1553:20: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ rpm-4.20.0-build/rpm-4.20.0/lib/rpmds.c: scope_hint: In function ‘rpmdsParseRichDepCB’ # 1551| sense |= RPMSENSE_RPMLIB; # 1552| ds = singleDS(data->dep->pool, data->dep->tagN, 0, 0, sense | data->depflags, 0, 0, 0); # 1553|-> ds->N[0] = rpmstrPoolIdn(ds->pool, n, nl, 1); # 1554| ds->EVR[0] = rpmstrPoolIdn(ds->pool, e ? e : "", el, 1); # 1555| if (!data->leftds) Error: GCC_ANALYZER_WARNING (CWE-476): [#def40] rpm-4.20.0-build/rpm-4.20.0/lib/rpmfi.c: scope_hint: In function ‘iterWriteArchiveNextFile’ rpm-4.20.0-build/rpm-4.20.0/lib/rpmfi.c:2101:15: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘fi’ rpm-4.20.0-build/rpm-4.20.0/lib/rpmfi.c:1924:1: note: in expansion of macro ‘RPMFI_ITERFUNC’ rpm-4.20.0-build/rpm-4.20.0/lib/rpmfi.c:1924:1: note: in expansion of macro ‘RPMFI_ITERFUNC’ rpm-4.20.0-build/rpm-4.20.0/lib/rpmfi.c:1924:1: note: in expansion of macro ‘RPMFI_ITERFUNC’ rpm-4.20.0-build/rpm-4.20.0/lib/rpmfi.c:1924:1: note: in expansion of macro ‘RPMFI_ITERFUNC’ rpm-4.20.0-build/rpm-4.20.0/lib/rpmfi.c:1924:1: note: in expansion of macro ‘RPMFI_ITERFUNC’ # 2099| } # 2100| } else { # 2101|-> fi->i = -1; # 2102| /* search next non hardlinked file */ # 2103| for (int i=fx+1; i<fc; i++) { Error: GCC_ANALYZER_WARNING (CWE-457): [#def41] rpm-4.20.0-build/rpm-4.20.0/lib/rpmrc.c: scope_hint: In function ‘rpmSetTables’ rpm-4.20.0-build/rpm-4.20.0/lib/rpmrc.c:1533:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘arch’ # 1531| if (ctx->currTables[ARCH] != archTable) { # 1532| ctx->currTables[ARCH] = archTable; # 1533|-> rebuildCompatTables(ctx, ARCH, arch); # 1534| } # 1535| Error: GCC_ANALYZER_WARNING (CWE-457): [#def42] rpm-4.20.0-build/rpm-4.20.0/lib/rpmrc.c:1538:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘os’ # 1536| if (ctx->currTables[OS] != osTable) { # 1537| ctx->currTables[OS] = osTable; # 1538|-> rebuildCompatTables(ctx, OS, os); # 1539| } # 1540| } Error: GCC_ANALYZER_WARNING (CWE-457): [#def43] rpm-4.20.0-build/rpm-4.20.0/lib/rpmrc.c: scope_hint: In function ‘rpmSetMachine’ rpm-4.20.0-build/rpm-4.20.0/lib/rpmrc.c:1561:14: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘host_cpu’ # 1559| # 1560| if (arch == NULL) { # 1561|-> arch = host_cpu; # 1562| if (ctx->tables[ctx->currTables[ARCH]].hasTranslate) # 1563| arch = lookupInDefaultTable(arch, Error: GCC_ANALYZER_WARNING (CWE-688): [#def44] rpm-4.20.0-build/rpm-4.20.0/lib/rpmscript.c: scope_hint: In function ‘runExtScript’ rpm-4.20.0-build/rpm-4.20.0/lib/rpmscript.c:380:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘in’ where non-null expected rpm-4.20.0-build/rpm-4.20.0/include/rpm/rpmio.h:12: included_from: Included from here. rpm-4.20.0-build/rpm-4.20.0/include/rpm/rpmfileutil.h:10: included_from: Included from here. rpm-4.20.0-build/rpm-4.20.0/lib/rpmscript.c:9: included_from: Included from here. /usr/include/stdio.h:184:12: note: argument 1 of ‘fclose’ must be non-null # 378| sname, *argvp[0], (unsigned)getpid()); # 379| # 380|-> fclose(in); # 381| dup2(inpipe[0], STDIN_FILENO); # 382| Error: GCC_ANALYZER_WARNING (CWE-688): [#def45] rpm-4.20.0-build/rpm-4.20.0/lib/rpmscript.c:400:24: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘in’ where non-null expected /usr/include/stdio.h:735:15: note: argument 4 of ‘fwrite’ must be non-null # 398| mline[size] = '\n'; # 399| # 400|-> ret_size = fwrite(mline, size + 1, 1, in); # 401| mline = _free(mline); # 402| if (ret_size != 1) { Error: GCC_ANALYZER_WARNING (CWE-688): [#def46] rpm-4.20.0-build/rpm-4.20.0/lib/rpmscript.c:413:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘in’ where non-null expected /usr/include/stdio.h:184:12: note: argument 1 of ‘fclose’ must be non-null # 411| } # 412| } # 413|-> fclose(in); # 414| in = NULL; # 415| Error: GCC_ANALYZER_WARNING (CWE-131): [#def47] rpm-4.20.0-build/rpm-4.20.0/lib/rpmscript.c: scope_hint: In function ‘rpmScriptFromTriggerTag’ rpm-4.20.0-build/rpm-4.20.0/lib/rpmscript.c:658:22: warning[-Wanalyzer-allocation-size]: allocated buffer size is not a multiple of the pointee's size rpm-4.20.0-build/rpm-4.20.0/lib/rpmscript.c: scope_hint: In function ‘rpmScriptFromTriggerTag’ rpm-4.20.0-build/rpm-4.20.0/lib/rpmscript.c: scope_hint: In function ‘rpmScriptFromTriggerTag’ # 656| # 657| /* hack up a hge-style NULL-terminated array */ # 658|-> script->args = (char **)xmalloc(2 * sizeof(*script->args) + strlen(prog) + 1); # 659| script->args[0] = (char *)(script->args + 2); # 660| script->args[1] = NULL; Error: GCC_ANALYZER_WARNING (CWE-476): [#def48] rpm-4.20.0-build/rpm-4.20.0/lib/rpmte.c: scope_hint: In function ‘appendProblem’ rpm-4.20.0-build/rpm-4.20.0/lib/rpmte.c:712:45: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘te’ # 710| { # 711| rpmProblem o; # 712|-> rpmProblem p = rpmProblemCreate(type, te->NEVRA, key, altNEVR, str, number); # 713| rpmpsi psi = rpmpsInitIterator(te->probs); # 714| Error: GCC_ANALYZER_WARNING (CWE-476): [#def49] rpm-4.20.0-build/rpm-4.20.0/lib/tagexts.c: scope_hint: In function ‘epochnumTag’ rpm-4.20.0-build/rpm-4.20.0/lib/tagexts.c:858:12: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘e’ # 856| if (!headerGet(h, RPMTAG_EPOCH, td, HEADERGET_ALLOC)) { # 857| uint32_t *e = (uint32_t *)malloc(sizeof(*e)); # 858|-> *e = 0; # 859| td->data = e; # 860| td->type = RPM_INT32_TYPE; Error: GCC_ANALYZER_WARNING (CWE-688): [#def50] rpm-4.20.0-build/rpm-4.20.0/misc/fts.c: scope_hint: In function ‘fts_safe_changedir.part.0’ rpm-4.20.0-build/rpm-4.20.0/misc/fts.c:84:25: warning[-Wanalyzer-null-argument]: use of NULL ‘path’ where non-null expected rpm-4.20.0-build/rpm-4.20.0/misc/fts.c:1137:32: note: in expansion of macro ‘__open’ rpm-4.20.0-build/rpm-4.20.0/misc/fts.c: scope_hint: In function ‘fts_safe_changedir.part.0’ rpm-4.20.0-build/rpm-4.20.0/misc/fts.c:1137:32: note: in expansion of macro ‘__open’ rpm-4.20.0-build/rpm-4.20.0/misc/fts.c:1137:32: note: in expansion of macro ‘__open’ /usr/include/features.h:511: included_from: Included from here. /usr/include/sys/types.h:25: included_from: Included from here. /usr/include/sys/param.h:25: included_from: Included from here. rpm-4.20.0-build/rpm-4.20.0/misc/system.h:15: included_from: Included from here. rpm-4.20.0-build/rpm-4.20.0/misc/fts.c:76: included_from: Included from here. /usr/include/fcntl.h:212:12: note: argument 1 of ‘open’ must be non-null # 82| #include "rpmfts.h" # 83| # define __set_errno(val) (*__errno_location ()) = (val) # 84|-> # define __open open # 85| # define __close close # 86| # define __fchdir fchdir Error: GCC_ANALYZER_WARNING (CWE-688): [#def51] rpm-4.20.0-build/rpm-4.20.0/misc/fts.c: scope_hint: In function ‘fts_build’ rpm-4.20.0-build/rpm-4.20.0/misc/fts.c:810:33: warning[-Wanalyzer-null-argument]: use of NULL ‘cp’ where non-null expected rpm-4.20.0-build/rpm-4.20.0/misc/fts.c:716:15: note: in expansion of macro ‘NAPPEND’ rpm-4.20.0-build/rpm-4.20.0/misc/fts.c:717:13: note: in expansion of macro ‘ISSET’ rpm-4.20.0-build/rpm-4.20.0/misc/fts.c:734:22: note: in expansion of macro ‘ISSET’ rpm-4.20.0-build/rpm-4.20.0/misc/fts.c:80: included_from: Included from here. rpm-4.20.0-build/rpm-4.20.0/misc/fts.c:808:29: note: in expansion of macro ‘ISSET’ <built-in>: note: argument 1 of ‘__builtin_memmove’ must be non-null # 808| if (ISSET(FTS_NOCHDIR)) { # 809| p->fts_accpath = p->fts_path; # 810|-> memmove(cp, p->fts_name, p->fts_namelen + 1); # 811| } else # 812| p->fts_accpath = p->fts_name; Error: CPPCHECK_WARNING (CWE-476): [#def52] rpm-4.20.0-build/rpm-4.20.0/misc/rpmhash.C:106: error[ctunullpointer]: Null pointer dereference: ht # 104| unsigned int HASHPREFIX(KeyHash)(HASHTYPE ht, HTKEYTYPE key) # 105| { # 106|-> return ht->fn(key); # 107| } # 108| Error: COMPILER_WARNING (CWE-252): [#def53] rpm-4.20.0-build/rpm-4.20.0/plugins/audit.c: scope_hint: In function ‘audit_tsm_post’ rpm-4.20.0-build/rpm-4.20.0/plugins/audit.c:85:13: warning[-Wunused-result]: ignoring return value of ‘audit_log_user_comm_message’ declared with attribute ‘warn_unused_result’ # 85 | audit_log_user_comm_message(auditFd, AUDIT_SOFTWARE_UPDATE, # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 86 | eventTxt, NULL, NULL, NULL, NULL, result); # | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 83| "op=%s %s sw_type=rpm key_enforce=%u gpg_res=%u %s", # 84| op, nevra, enforce, verified, dir); # 85|-> audit_log_user_comm_message(auditFd, AUDIT_SOFTWARE_UPDATE, # 86| eventTxt, NULL, NULL, NULL, NULL, result); # 87| free(nevra); Error: GCC_ANALYZER_WARNING (CWE-775): [#def54] rpm-4.20.0-build/rpm-4.20.0/plugins/fapolicyd.c: scope_hint: In function ‘open_fifo’ rpm-4.20.0-build/rpm-4.20.0/plugins/fapolicyd.c:37:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(*state.fifo_path, 2049)’ # 35| } # 36| # 37|-> if (stat(state->fifo_path, &s) == -1) { # 38| rpmlog(RPMLOG_DEBUG, "Stat: %s -> %s\n", state->fifo_path, strerror(errno)); # 39| goto bad; Error: GCC_ANALYZER_WARNING (CWE-126): [#def55] rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c: scope_hint: In function ‘base64_encode_block’ rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:28:26: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:28:26: note: read of 1 byte from after the end of ‘crc’ # 26| return codechar; # 27| } # 28|-> fragment = *plainchar++; # 29| result = (fragment & 0x0fc) >> 2; # 30| *codechar++ = base64_encode_value(result); Error: GCC_ANALYZER_WARNING (CWE-122): [#def56] rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:34:37: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c: scope_hint: In function ‘base64_encode_block’ rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:34:37: note: write of 1 byte to beyond the end of the region # 32| if (plainchar == plaintextend) # 33| { # 34|-> *codechar++ = base64_encode_value(result); # 35| *codechar++ = '='; # 36| *codechar++ = '='; Error: GCC_ANALYZER_WARNING (CWE-122): [#def57] rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:35:37: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c: scope_hint: In function ‘base64_encode_block’ rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:35:37: note: write of 1 byte to beyond the end of the region # 33| { # 34| *codechar++ = base64_encode_value(result); # 35|-> *codechar++ = '='; # 36| *codechar++ = '='; # 37| return codechar; Error: GCC_ANALYZER_WARNING (CWE-122): [#def58] rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:36:37: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c: scope_hint: In function ‘base64_encode_block’ rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:36:37: note: write of 1 byte to beyond the end of the region # 34| *codechar++ = base64_encode_value(result); # 35| *codechar++ = '='; # 36|-> *codechar++ = '='; # 37| return codechar; # 38| } Error: GCC_ANALYZER_WARNING (CWE-126): [#def59] rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:39:26: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:39:26: note: read of 1 byte from after the end of ‘crc’ # 37| return codechar; # 38| } # 39|-> fragment = *plainchar++; # 40| result |= (fragment & 0x0f0) >> 4; # 41| *codechar++ = base64_encode_value(result); Error: GCC_ANALYZER_WARNING (CWE-122): [#def60] rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:41:29: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:41:29: note: write of 1 byte to beyond the end of the region # 39| fragment = *plainchar++; # 40| result |= (fragment & 0x0f0) >> 4; # 41|-> *codechar++ = base64_encode_value(result); # 42| result = (fragment & 0x00f) << 2; # 43| if (plainchar == plaintextend) Error: GCC_ANALYZER_WARNING (CWE-122): [#def61] rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:45:37: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c: scope_hint: In function ‘base64_encode_block’ rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:45:37: note: write of 1 byte to beyond the end of the region # 43| if (plainchar == plaintextend) # 44| { # 45|-> *codechar++ = base64_encode_value(result); # 46| *codechar++ = '='; # 47| return codechar; Error: GCC_ANALYZER_WARNING (CWE-122): [#def62] rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:46:37: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c: scope_hint: In function ‘base64_encode_block’ rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:46:37: note: write of 1 byte to beyond the end of the region # 44| { # 45| *codechar++ = base64_encode_value(result); # 46|-> *codechar++ = '='; # 47| return codechar; # 48| } Error: GCC_ANALYZER_WARNING (CWE-126): [#def63] rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:49:26: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:49:26: note: read of 1 byte from after the end of ‘crc’ # 47| return codechar; # 48| } # 49|-> fragment = *plainchar++; # 50| result |= (fragment & 0x0c0) >> 6; # 51| *codechar++ = base64_encode_value(result); Error: GCC_ANALYZER_WARNING (CWE-122): [#def64] rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:51:29: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:51:29: note: write of 1 byte to beyond the end of the region # 49| fragment = *plainchar++; # 50| result |= (fragment & 0x0c0) >> 6; # 51|-> *codechar++ = base64_encode_value(result); # 52| result = (fragment & 0x03f) >> 0; # 53| *codechar++ = base64_encode_value(result); Error: GCC_ANALYZER_WARNING (CWE-122): [#def65] rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:53:29: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow rpm-4.20.0-build/rpm-4.20.0/rpmio/base64.c:53:29: note: write of 1 byte to beyond the end of the region # 51| *codechar++ = base64_encode_value(result); # 52| result = (fragment & 0x03f) >> 0; # 53|-> *codechar++ = base64_encode_value(result); # 54| } # 55| /* control should not reach here */ Error: GCC_ANALYZER_WARNING (CWE-685): [#def66] rpm-4.20.0-build/rpm-4.20.0/rpmio/macro.c: scope_hint: In function ‘rpmExpand’ rpm-4.20.0-build/rpm-4.20.0/rpmio/macro.c:2256:42: warning[-Wanalyzer-va-list-exhausted]: ‘ap’ has no more arguments (2 consumed) # 2254| # 2255| va_start(ap, arg); # 2256|-> for (pe = buf, s = arg; s != NULL; s = va_arg(ap, const char *)) # 2257| pe = stpcpy(pe, s); # 2258| va_end(ap); Error: GCC_ANALYZER_WARNING (CWE-685): [#def67] rpm-4.20.0-build/rpm-4.20.0/rpmio/macro.c:2256:42: warning[-Wanalyzer-va-list-exhausted]: ‘ap’ has no more arguments (3 consumed) # 2254| # 2255| va_start(ap, arg); # 2256|-> for (pe = buf, s = arg; s != NULL; s = va_arg(ap, const char *)) # 2257| pe = stpcpy(pe, s); # 2258| va_end(ap); Error: GCC_ANALYZER_WARNING (CWE-416): [#def68] rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c:68:35: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘fd’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c: scope_hint: In function ‘fdstat_exit’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c: scope_hint: In function ‘fdstat_exit’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c:1402:44: note: in expansion of macro ‘FDIOVEC’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c:1402:44: note: in expansion of macro ‘FDIOVEC’ # 66| static FDSTACK_t fdGetFps(FD_t fd) # 67| { # 68|-> return (fd != NULL) ? fd->fps : NULL; # 69| } # 70| Error: GCC_ANALYZER_WARNING (CWE-416): [#def69] rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c: scope_hint: In function ‘fdPop’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c:91:15: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘fd’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c: scope_hint: In function ‘fdPop’ # 89| static FDSTACK_t fdPop(FD_t fd) # 90| { # 91|-> FDSTACK_t fps = fd->fps; # 92| fd->fps = fps->prev; # 93| free(fps); Error: GCC_ANALYZER_WARNING (CWE-416): [#def70] rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c: scope_hint: In function ‘fdstat_exit’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c:197:11: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘fd’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c: scope_hint: In function ‘fdstat_exit’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c:1402:44: note: in expansion of macro ‘FDIOVEC’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c:1402:44: note: in expansion of macro ‘FDIOVEC’ # 195| fps->syserrno = errno; # 196| } # 197|-> if (fd->stats != NULL) # 198| (void) rpmswExit(fdOp(fd, opx), rc); # 199| } Error: GCC_ANALYZER_WARNING (CWE-416): [#def71] rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c: scope_hint: In function ‘fdstat_print’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c:206:25: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘fd’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c: scope_hint: In function ‘fdstat_print’ # 204| int opx; # 205| # 206|-> if (fd == NULL || fd->stats == NULL) return; # 207| for (opx = 0; opx < 4; opx++) { # 208| rpmop op = &fd->stats->ops[opx]; Error: GCC_ANALYZER_WARNING (CWE-416): [#def72] rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c: scope_hint: In function ‘fdFree’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c:323:17: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘fd’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c: scope_hint: In function ‘fdFree’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c:64:25: note: in expansion of macro ‘DBG’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c:1418:5: note: in expansion of macro ‘DBGIO’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c:64:25: note: in expansion of macro ‘DBG’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c:1418:5: note: in expansion of macro ‘DBGIO’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c:5: included_from: Included from here. rpm-4.20.0-build/rpm-4.20.0/misc/system.h:64:28: note: in definition of macro ‘_free’ # 321| { # 322| if (fd) { # 323|-> if (--fd->nrefs > 0) # 324| return fd; # 325| fd->stats = _free(fd->stats); Error: GCC_ANALYZER_WARNING (CWE-476): [#def73] rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c: scope_hint: In function ‘Ferror’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c:1645:14: warning[-Wanalyzer-jump-through-null]: jump through null pointer rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c:1644:42: note: in expansion of macro ‘FDIOVEC’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio.c:1644:42: note: in expansion of macro ‘FDIOVEC’ # 1643| for (FDSTACK_t fps = fd->fps; fps != NULL; fps = fps->prev) { # 1644| fdio_ferror_function_t _ferror = FDIOVEC(fps, _ferror); # 1645|-> rc = _ferror(fps); # 1646| # 1647| if (rc) Error: GCC_ANALYZER_WARNING (CWE-775): [#def74] rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:78:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘r’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c: scope_hint: In function ‘rpm_redirect2null.part.0’ # 76| static int pushresult(lua_State *L, int result) # 77| { # 78|-> lua_pushnumber(L, result); # 79| return 1; # 80| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def75] rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c: scope_hint: In function ‘rpmluaGetLua’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:178:15: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘lua’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:177:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:177:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:177:5: note: in expansion of macro ‘INITSTATE’ /usr/include/strings.h:23: included_from: Included from here. /usr/include/string.h:462: included_from: Included from here. rpm-4.20.0-build/rpm-4.20.0/include/rpm/rpmpgp.h:17: included_from: Included from here. rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmio_internal.h:9: included_from: Included from here. rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:27: included_from: Included from here. rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:177:5: note: in expansion of macro ‘INITSTATE’ # 176| { # 177| INITSTATE(lua); # 178|-> return lua->L; # 179| } # 180| Error: GCC_ANALYZER_WARNING (CWE-476): [#def76] rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c: scope_hint: In function ‘rpmluaPushPrintBuffer’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:188:22: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘lua’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:183:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:183:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:183:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:183:5: note: in expansion of macro ‘INITSTATE’ # 186| prbuf->alloced = 0; # 187| prbuf->used = 0; # 188|-> prbuf->next = lua->printbuf; # 189| # 190| lua->printbuf = prbuf; Error: GCC_ANALYZER_WARNING (CWE-476): [#def77] rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c: scope_hint: In function ‘rpmluaPopPrintBuffer’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:196:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘lua’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:195:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:195:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:195:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:195:5: note: in expansion of macro ‘INITSTATE’ # 194| { # 195| INITSTATE(lua); # 196|-> rpmluapb prbuf = lua->printbuf; # 197| char *ret = NULL; # 198| Error: GCC_ANALYZER_WARNING (CWE-476): [#def78] rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c: scope_hint: In function ‘rpmluaCheckScript’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:211:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘lua’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:210:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:210:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:210:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:210:5: note: in expansion of macro ‘INITSTATE’ # 209| { # 210| INITSTATE(lua); # 211|-> lua_State *L = lua->L; # 212| int ret = 0; # 213| if (name == NULL) Error: GCC_ANALYZER_WARNING (CWE-476): [#def79] rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c: scope_hint: In function ‘rpmluaRunScript’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:254:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘lua’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:253:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:253:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:253:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:253:5: note: in expansion of macro ‘INITSTATE’ # 252| { # 253| INITSTATE(lua); # 254|-> lua_State *L = lua->L; # 255| int ret = -1; # 256| int oind = 0; Error: GCC_ANALYZER_WARNING (CWE-476): [#def80] rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c: scope_hint: In function ‘rpmluaRunScriptFile’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:329:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘lua’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:328:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:328:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:328:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:328:5: note: in expansion of macro ‘INITSTATE’ # 327| { # 328| INITSTATE(lua); # 329|-> lua_State *L = lua->L; # 330| int ret = 0; # 331| if (luaL_loadfile(L, filename) != 0) { Error: GCC_ANALYZER_WARNING (CWE-476): [#def81] rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c: scope_hint: In function ‘rpmluaInteractive’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:422:5: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘lua’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:421:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:421:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:421:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:421:5: note: in expansion of macro ‘INITSTATE’ # 420| { # 421| INITSTATE(lua); # 422|-> _rpmluaInteractive(lua->L, rl); # 423| } # 424| Error: GCC_ANALYZER_WARNING (CWE-476): [#def82] rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c: scope_hint: In function ‘rpmluaCallStringFunction’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:428:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘lua’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:427:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:427:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:427:5: note: in expansion of macro ‘INITSTATE’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:427:5: note: in expansion of macro ‘INITSTATE’ # 426| { # 427| INITSTATE(lua); # 428|-> lua_State *L = lua->L; # 429| int i; # 430| char *fcall = NULL; Error: CPPCHECK_WARNING (CWE-476): [#def83] rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:874: warning[nullPointer]: Possible null pointer dereference: argv # 872| rpmSetCloseOnExec(); # 873| # 874|-> status = posix_spawnp(&pid, argv[0], fap, NULL, argv, environ); # 875| # 876| argvFree(argv); Error: GCC_ANALYZER_WARNING (CWE-476): [#def84] rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c: scope_hint: In function ‘rpm_spawn’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmlua.c:874:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘argv’ # 872| rpmSetCloseOnExec(); # 873| # 874|-> status = posix_spawnp(&pid, argv[0], fap, NULL, argv, environ); # 875| # 876| argvFree(argv); Error: GCC_ANALYZER_WARNING (CWE-476): [#def85] rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmstrpool.c: scope_hint: In function ‘rstrlenhash’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmstrpool.c:69:12: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘s’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmstrpool.c: scope_hint: In function ‘rstrlenhash’ # 67| const char * s = str; # 68| # 69|-> while (*s != '\0') { # 70| hash += *s; # 71| hash += (hash << 10); Error: GCC_ANALYZER_WARNING (CWE-688): [#def86] rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmstrpool.c: scope_hint: In function ‘poolHashAddHEntry’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmstrpool.c:170:21: warning[-Wanalyzer-null-argument]: use of NULL ‘s’ where non-null expected rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmstrpool.c: scope_hint: In function ‘poolHashAddHEntry’ /usr/include/string.h:156:12: note: argument 1 of ‘strcmp’ must be non-null # 168| ht->keyCount++; # 169| break; # 170|-> } else if (!strcmp(id2str(pool, ht->buckets[hash].keyid), key)) { # 171| return; # 172| } Error: GCC_ANALYZER_WARNING (CWE-688): [#def87] rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmstrpool.c: scope_hint: In function ‘rpmstrPoolGet’ rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmstrpool.c:388:13: warning[-Wanalyzer-null-argument]: use of NULL ‘s’ where non-null expected rpm-4.20.0-build/rpm-4.20.0/rpmio/rpmstrpool.c: scope_hint: In function ‘rpmstrPoolGet’ /usr/include/string.h:159:12: note: argument 1 of ‘strncmp’ must be non-null # 386| s = id2str(pool, ht->buckets[hash].keyid); # 387| /* pool string could be longer than keylen, require exact matche */ # 388|-> if (strncmp(s, key, keylen) == 0 && s[keylen] == '\0') # 389| return ht->buckets[hash].keyid; # 390| } Error: COMPILER_WARNING (CWE-477): [#def88] rpm-4.20.0-build/rpm-4.20.0/sign/rpmsignfiles.c: scope_hint: In function ‘signFile’ rpm-4.20.0-build/rpm-4.20.0/sign/rpmsignfiles.c:56:5: warning[-Wdeprecated-declarations]: ‘sign_hash’ is deprecated rpm-4.20.0-build/rpm-4.20.0/sign/rpmsignfiles.h:12: included_from: Included from here. rpm-4.20.0-build/rpm-4.20.0/sign/rpmsignfiles.c:17: included_from: Included from here. /usr/include/imaevm.h:241:23: note: declared here # 54| # 55| /* calculate file signature */ # 56|-> siglen = sign_hash(algo, fdigest, diglen, key, keypass, signature+1); # 57| if (siglen < 0) { # 58| rpmlog(RPMLOG_ERR, _("sign_hash failed\n")); Error: GCC_ANALYZER_WARNING (CWE-688): [#def89] rpm-4.20.0-build/rpm-4.20.0/tools/rpmbuild.c: scope_hint: In function ‘buildForTarget’ rpm-4.20.0-build/rpm-4.20.0/tools/rpmbuild.c:539:16: warning[-Wanalyzer-null-argument]: use of NULL ‘specFile’ where non-null expected /usr/include/bits/sigstksz.h:24: included_from: Included from here. /usr/include/signal.h:328: included_from: Included from here. /usr/include/sys/param.h:28: included_from: Included from here. rpm-4.20.0-build/rpm-4.20.0/misc/system.h:15: included_from: Included from here. rpm-4.20.0-build/rpm-4.20.0/tools/rpmbuild.c:1: included_from: Included from here. /usr/include/unistd.h:858:12: note: argument 1 of ‘unlink’ must be non-null # 537| exit: # 538| if (buildMode == 't') # 539|-> (void) unlink(specFile); # 540| free(specFile); # 541| rpmSpecFree(spec); Error: GCC_ANALYZER_WARNING (CWE-457): [#def90] /usr/include/arpa/inet.h:22: included_from: Included from here. rpm-4.20.0-build/rpm-4.20.0/tools/rpmdump.c:9: included_from: Included from here. rpm-4.20.0-build/rpm-4.20.0/tools/rpmdump.c: scope_hint: In function ‘dumptag’ rpm-4.20.0-build/rpm-4.20.0/tools/rpmdump.c:103:47: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*entry.offset’ # 101| printf("%stype: %4d (%s)\n", pfx, htonl(entry->type), # 102| tagTypeNames[htonl(entry->type)]); # 103|-> printf("%soffset: %4d\n", pfx, htonl(entry->offset)); # 104| printf("%scount: %4d\n", pfx, htonl(entry->count)); # 105| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def91] rpm-4.20.0-build/rpm-4.20.0/tools/rpmdump.c: scope_hint: In function ‘readhdr’ rpm-4.20.0-build/rpm-4.20.0/tools/rpmdump.c:132:13: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘blob’ # 130| # 131| blob = (uint32_t *)malloc(sizeof(numEntries) + sizeof(numBytes) + headerLen); # 132|-> blob[0] = htonl(numEntries); # 133| blob[1] = htonl(numBytes); # 134| Error: GCC_ANALYZER_WARNING (CWE-457): [#def92] rpm-4.20.0-build/rpm-4.20.0/tools/rpmdump.c:169:48: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*(struct entryInfo *)((char *)blob + 8).offset’ # 167| if (tag == 62 || tag == 63) { # 168| /* The trailer isn't guaranteed to be aligned, copy required */ # 169|-> memcpy(trailer, dataStart + htonl(entry->offset), sizeof(*trailer)); # 170| toffset = -htonl(trailer->offset); # 171| regionEnd = dataStart + toffset + 16; Error: GCC_ANALYZER_WARNING (CWE-775): [#def93] rpm-4.20.0-build/rpm-4.20.0/tools/rpmsort.c: scope_hint: In function ‘read_file’ rpm-4.20.0-build/rpm-4.20.0/tools/rpmsort.c:45:19: warning[-Wanalyzer-file-leak]: leak of FILE ‘in’ # 43| fclose(in); # 44| # 45|-> return offset + 1; # 46| } # 47| Error: GCC_ANALYZER_WARNING (CWE-401): [#def94] rpm-4.20.0-build/rpm-4.20.0/tools/rpmsort.c:45:19: warning[-Wanalyzer-malloc-leak]: leak of ‘in’ # 43| fclose(in); # 44| # 45|-> return offset + 1; # 46| } # 47| Error: GCC_ANALYZER_WARNING (CWE-465): [#def95] rpm-4.20.0-build/rpm-4.20.0/tools/rpmsort.c: scope_hint: In function ‘split_package_string’ rpm-4.20.0-build/rpm-4.20.0/tools/rpmsort.c:74:8: warning[-Wanalyzer-deref-before-check]: check of ‘package_string’ for NULL after already dereferencing it # 72| # 73| /* Bubble up non-null values from release to name */ # 74|-> if (*name == NULL) { # 75| *name = (*version == NULL ? *release : *version); # 76| *version = *release;
| analyzer-version-clippy | 1.82.0 |
| analyzer-version-cppcheck | 2.16.0 |
| analyzer-version-gcc | 14.2.1 |
| analyzer-version-gcc-analyzer | 15.0.0 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-129.us-west-2.compute.internal |
| mock-config | fedora-rawhide-gcc-latest-x86_64 |
| project-name | rpm-4.20.0-1.fc42 |
| store-results-to | /tmp/tmpelafnuzd/rpm-4.20.0-1.fc42.tar.xz |
| time-created | 2024-11-13 03:06:48 |
| time-finished | 2024-11-13 03:09:36 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpelafnuzd/rpm-4.20.0-1.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpelafnuzd/rpm-4.20.0-1.fc42.src.rpm' |
| tool-version | csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9 |