Newly introduced findings

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1]
screen-5.0.0-build/screen-5.0.0/ansi.c: scope_hint: In function ‘MFixLine’
screen-5.0.0-build/screen-5.0.0/ansi.c:1928:20: warning[-Wanalyzer-malloc-leak]: leak of ‘calloc((long unsigned int)(*win.w_layer.l_width + 1), 4)’
screen-5.0.0-build/screen-5.0.0/screen.h:72: included_from: Included from here.
screen-5.0.0-build/screen-5.0.0/ansi.c:37: included_from: Included from here.
screen-5.0.0-build/screen-5.0.0/ansi.c:1919:45: note: in expansion of macro ‘w_width’
screen-5.0.0-build/screen-5.0.0/ansi.c:1928:48: note: in expansion of macro ‘w_width’
# 1926|   	}
# 1927|   	if (mc->colorbg && ml->colorbg == null) {
# 1928|-> 		if ((ml->colorbg = calloc(win->w_width + 1, 4)) == NULL) {
# 1929|   			ml->colorbg = null;
# 1930|   			mc->colorbg = win->w_rend.colorbg = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def2]
screen-5.0.0-build/screen-5.0.0/ansi.c:1935:20: warning[-Wanalyzer-malloc-leak]: leak of ‘calloc((long unsigned int)(*win.w_layer.l_width + 1), 4)’
screen-5.0.0-build/screen-5.0.0/ansi.c:1919:45: note: in expansion of macro ‘w_width’
screen-5.0.0-build/screen-5.0.0/ansi.c:1935:48: note: in expansion of macro ‘w_width’
# 1933|   	}
# 1934|   	if (mc->colorfg && ml->colorfg == null) {
# 1935|-> 		if ((ml->colorfg = calloc(win->w_width + 1, 4)) == NULL) {
# 1936|   			ml->colorfg = null;
# 1937|   			mc->colorfg = win->w_rend.colorfg = 0;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def3]
screen-5.0.0-build/screen-5.0.0/attacher.c: scope_hint: In function ‘SendCmdMessage’
screen-5.0.0-build/screen-5.0.0/attacher.c:484:25: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘&query’
#  482|   		for (c = 'A'; c <= 'Z'; c++) {
#  483|   			query[6] = c;
#  484|-> 			strncpy(sp, query, strlen(SocketPath));
#  485|   			if ((r = MakeServerSocket()) >= 0)
#  486|   				break;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def4]
screen-5.0.0-build/screen-5.0.0/canvas.c:282:40: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘p’
#  280|   					if (p == window)
#  281|   						break;
#  282|-> 				*pp = p->w_prev_mru;
#  283|   				p->w_prev_mru = mru_window;
#  284|   				mru_window = p;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def5]
screen-5.0.0-build/screen-5.0.0/canvas.c:760:49: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘calloc(1, 304)’
#  758|   		if (cvf->c_slperp) {
#  759|   			cvt->c_slperp = calloc(1, sizeof(Canvas));
#  760|-> 			cvt->c_slperp->c_slback = cvt;
#  761|   			CanvasInitBlank(cvt->c_slperp);
#  762|   			DupLayoutCv(cvf->c_slperp, cvt->c_slperp, save);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def6]
screen-5.0.0-build/screen-5.0.0/canvas.c:766:49: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘calloc(1, 304)’
#  764|   		if (cvf->c_slnext) {
#  765|   			cvt->c_slnext = calloc(1, sizeof(Canvas));
#  766|-> 			cvt->c_slnext->c_slprev = cvt;
#  767|   			cvt->c_slnext->c_slback = cvt->c_slback;
#  768|   			CanvasInitBlank(cvt->c_slnext);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def7]
screen-5.0.0-build/screen-5.0.0/fileio.c: scope_hint: In function ‘CatExtra’
screen-5.0.0-build/screen-5.0.0/fileio.c:70:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘cp’
screen-5.0.0-build/screen-5.0.0/window.h:42: included_from: Included from here.
screen-5.0.0-build/screen-5.0.0/fileio.h:4: included_from: Included from here.
screen-5.0.0-build/screen-5.0.0/fileio.c:31: included_from: Included from here.
screen-5.0.0-build/screen-5.0.0/display.h:209:25: note: in expansion of macro ‘DISPLAY’
screen-5.0.0-build/screen-5.0.0/fileio.c:154:34: note: in expansion of macro ‘D_termname’
#   68|   		if ((cp = realloc(str2, len1 + len2 + add_colon + 1)) == NULL)
#   69|   			Panic(0, "%s", strnomem);
#   70|-> 		memmove(cp + len1 + add_colon, cp, len2 + 1);
#   71|   	} else {
#   72|   		if ((cp = malloc(len1 + add_colon + 1)) == NULL)

Error: COMPILER_WARNING: [#def8]
screen-5.0.0-build/screen-5.0.0/fileio.c: scope_hint: In function ‘WriteFile’
screen-5.0.0-build/screen-5.0.0/fileio.c:352:25: warning[-Wstringop-truncation]: ‘__strncpy_chk’ output may be truncated copying between 0 and 4087 bytes from a string of length 4095
#  352 |                         strncpy(fnbuf, SocketPath, i);
#      |                         ^
#  350|   			if (i > (int)ARRAY_SIZE(fnbuf) - 9)
#  351|   				i = 0;
#  352|-> 			strncpy(fnbuf, SocketPath, i);
#  353|   			strncpy(fnbuf + i, ".termcap", 9);
#  354|   			fn = fnbuf;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def9]
screen-5.0.0-build/screen-5.0.0/fileio.c:575:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup(pi[0])’
#  573|   		ServerSocket = -1;
#  574|   		close(0);
#  575|-> 		if (dup(pi[0]) < 0)
#  576|   			Panic(errno, "printpipe dup");
#  577|   		closeallfiles(0);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def10]
screen-5.0.0-build/screen-5.0.0/help.c: scope_hint: In function ‘add_key_to_buf’
screen-5.0.0-build/screen-5.0.0/help.c:329:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
screen-5.0.0-build/screen-5.0.0/help.c:329:17: note: write of 1 byte to beyond the end of ‘Esc_buf’
screen-5.0.0-build/screen-5.0.0/help.c:329:17: note: valid subscripts for ‘Esc_buf’ are ‘[0]’ to ‘[4]’
#  327|   	buf += strlen(buf);
#  328|   	if (key < 0)
#  329|-> 		strncpy(buf, "unset", 6);
#  330|   	else if (key == ' ')
#  331|   		strncpy(buf, "sp", 3);

Error: COMPILER_WARNING: [#def11]
screen-5.0.0-build/screen-5.0.0/list_license.c: scope_hint: In function ‘gl_License_row’
screen-5.0.0-build/screen-5.0.0/list_license.c:99:36: warning[-Wcalloc-transposed-args]: ‘calloc’ sizes specified with ‘sizeof’ in the earlier argument and not in the later argument
#   99 |         char *line = calloc(sizeof(char), flayer->l_width + 1);
#      |                                    ^~~~
screen-5.0.0-build/screen-5.0.0/list_license.c:99:36: note: earlier argument should specify number of elements, later size of each element
#   97|   	(void)ldata; /* unused */
#   98|   
#   99|-> 	char *line = calloc(sizeof(char), flayer->l_width + 1);
#  100|   	char *start = (char *)lrow->data;
#  101|   	char *lastspace = start;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def12]
screen-5.0.0-build/screen-5.0.0/logfile.c:222:50: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fileno(*l.fp)’
#  220|   	if (!l)
#  221|   		for (l = logroot; l; l = l->next) {
#  222|-> 			if (stolen_logfile(l) && logfile_reopen(l->name, fileno(l->fp), l))
#  223|   				return -1;
#  224|   			r |= fflush(l->fp);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def13]
screen-5.0.0-build/screen-5.0.0/resize.c: scope_hint: In function ‘AllocMline’
screen-5.0.0-build/screen-5.0.0/resize.c:322:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ml’
screen-5.0.0-build/screen-5.0.0/resize.c: scope_hint: In function ‘AllocMline’
screen-5.0.0-build/screen-5.0.0/resize.c:496:30: note: in expansion of macro ‘w_width’
screen-5.0.0-build/screen-5.0.0/resize.c:521:16: note: in expansion of macro ‘w_width’
#  320|   static int AllocMline(struct mline *ml, int w)
#  321|   {
#  322|-> 	ml->image = malloc(w * 4);
#  323|   	ml->attr = null;
#  324|   	ml->font = null;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def14]
screen-5.0.0-build/screen-5.0.0/resize.c:593:32: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘mlt’
screen-5.0.0-build/screen-5.0.0/resize.c: scope_hint: In function ‘ChangeWindowSize’
screen-5.0.0-build/screen-5.0.0/resize.c:496:30: note: in expansion of macro ‘w_width’
screen-5.0.0-build/screen-5.0.0/resize.c:521:16: note: in expansion of macro ‘w_width’
screen-5.0.0-build/screen-5.0.0/resize.c:560:24: note: in expansion of macro ‘w_width’
screen-5.0.0-build/screen-5.0.0/resize.c:575:30: note: in expansion of macro ‘w_y’
#  591|   		while (l > 0 && fy >= 0 && ty >= 0) {
#  592|   			lx = lt > lf ? lf : lt;
#  593|-> 			if (mlt->image == NULL) {
#  594|   				if (AllocMline(mlt, wi + 1))
#  595|   					goto nomem;

Error: CPPCHECK_WARNING (CWE-401): [#def15]
screen-5.0.0-build/screen-5.0.0/sched.c:78: error[memleakOnRealloc]: Common realloc mistake: 'pfd' nulled but not freed upon failure
#   76|   	if (i > pfd_cnt) {
#   77|   		pfd_cnt = i;
#   78|-> 		pfd = realloc(pfd, pfd_cnt * sizeof(struct pollfd));
#   79|   	}
#   80|   }

Error: COMPILER_WARNING: [#def16]
screen-5.0.0-build/screen-5.0.0/screen.c: scope_hint: In function ‘main’
screen-5.0.0-build/screen-5.0.0/screen.c:955:102: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 4096 bytes into a region of size 4095
#  955 |                 snprintf(SocketPath + strlen(SocketPath), sizeof(SocketPath) - strlen(SocketPath), "/%s", socknamebuf);
#      |                                                                                                      ^~   ~~~~~~~~~~~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 2 and 4098 bytes into a destination of size 4096
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  953|   		if (strlen(socknamebuf) > FILENAME_MAX)
#  954|   			socknamebuf[FILENAME_MAX - 1] = 0;
#  955|-> 		snprintf(SocketPath + strlen(SocketPath), sizeof(SocketPath) - strlen(SocketPath), "/%s", socknamebuf);
#  956|   		SET_GUID();
#  957|   		Attacher();

Error: COMPILER_WARNING: [#def17]
screen-5.0.0-build/screen-5.0.0/screen.c: scope_hint: In function ‘main’
screen-5.0.0-build/screen-5.0.0/screen.c:1020:94: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 4096 bytes into a region of size 4095
# 1020 |         snprintf(SocketPath + strlen(SocketPath), sizeof(SocketPath) - strlen(SocketPath), "/%s", socknamebuf);
#      |                                                                                              ^~   ~~~~~~~~~~~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 2 and 4098 bytes into a destination of size 4096
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
# 1018|   		socknamebuf[FILENAME_MAX] = 0;
# 1019|   	}
# 1020|-> 	snprintf(SocketPath + strlen(SocketPath), sizeof(SocketPath) - strlen(SocketPath), "/%s", socknamebuf);
# 1021|   
# 1022|   	ServerSocket = MakeServerSocket();

Error: GCC_ANALYZER_WARNING (CWE-476): [#def18]
screen-5.0.0-build/screen-5.0.0/socket.c: scope_hint: In function ‘ReceiveMsg’
screen-5.0.0-build/screen-5.0.0/socket.c:845:29: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  843|   	case MSG_ERROR:
#  844|   		{
#  845|-> 			int blocked = D_blocked;
#  846|   			if (D_blocked == 4)	/* allow error messages while in blanker mode */
#  847|   				D_blocked = 0;	/* likely they're from failed blanker */

Error: COMPILER_WARNING: [#def19]
screen-5.0.0-build/screen-5.0.0/socket.c: scope_hint: In function ‘ReceiveMsg’
screen-5.0.0-build/screen-5.0.0/socket.c:870:25: warning[-Wstringop-truncation]: ‘strncpy’ specified bound 4096 equals destination size
#  870 |                         strncpy(SocketPath, oldSocketPath, ARRAY_SIZE(SocketPath));
#      |                         ^
#  868|   			strncpy(SocketPath, m.m.command.writeback, ARRAY_SIZE(SocketPath));
#  869|   			int s = MakeClientSocket(0);
#  870|-> 			strncpy(SocketPath, oldSocketPath, ARRAY_SIZE(SocketPath));
#  871|   			Free(oldSocketPath);
#  872|   			if (s >= 0) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def20]
screen-5.0.0-build/screen-5.0.0/socket.c: scope_hint: In function ‘CheckPassword’
screen-5.0.0-build/screen-5.0.0/socket.c:1169:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘reply’
# 1167|   	reply = (struct pam_response *)malloc(sizeof(struct pam_response));  
# 1168|   
# 1169|-> 	reply[0].resp = strdup(password);  
# 1170|   	reply[0].resp_retcode = 0;  
# 1171|   

Error: COMPILER_WARNING (CWE-252): [#def21]
screen-5.0.0-build/screen-5.0.0/window.c: scope_hint: In function ‘CloseDevice’
screen-5.0.0-build/screen-5.0.0/window.c:808:23: warning[-Wunused-result]: ignoring return value of ‘chown’ declared with attribute ‘warn_unused_result’
#  808 |                 (void)chown(window->w_tty, 0, 0);
#      |                       ^~~~~~~~~~~~~~~~~~~~~~~~~~
#  806|   		/* pty 4 SALE */
#  807|   		(void)chmod(window->w_tty, 0666);
#  808|-> 		(void)chown(window->w_tty, 0, 0);
#  809|   		ClosePTY(window->w_ptyfd);
#  810|   		break;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def22]
screen-5.0.0-build/screen-5.0.0/window.c: scope_hint: In function ‘ForkWindow’
screen-5.0.0-build/screen-5.0.0/window.c:1075:27: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup(slave)’
# 1073|   		if (slave != -1) {
# 1074|   			close(0);
# 1075|-> 			if(dup(slave) < 0)
# 1076|   				Panic(errno, "Cannot duplicate file descriptor");
# 1077|   			close(slave);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def23]
screen-5.0.0-build/screen-5.0.0/window.c:1112:35: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup(*win.w_ptyfd)’
# 1110|   					Msg(errno, "fgtty");
# 1111|   			} else {
# 1112|-> 				if(dup(win->w_ptyfd) < 0)
# 1113|   					Panic(errno, "Cannot duplicate file descriptor");
# 1114|   				wfdused = 1;

Error: COMPILER_WARNING (CWE-252): [#def24]
screen-5.0.0-build/screen-5.0.0/window.c: scope_hint: In function ‘win_writeev_fn’
screen-5.0.0-build/screen-5.0.0/window.c:1574:41: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 1574 |                                         write(win->w_ptyfd, p->w_inbuf, p->w_inlen);
#      |                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1572|   			for (Window *win = mru_window; win; win = win->w_prev_mru) {
# 1573|   				if (win != p && win->w_miflag)
# 1574|-> 					write(win->w_ptyfd, p->w_inbuf, p->w_inlen);
# 1575|   			}
# 1576|   		}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def25]
screen-5.0.0-build/screen-5.0.0/window.c: scope_hint: In function ‘SwapWindows’
screen-5.0.0-build/screen-5.0.0/window.c:1853:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 1851|   
# 1852|   	remove_window_from_list(win_a);
# 1853|-> 	win_a->w_number = dest;
# 1854|   	if (win_b) {
# 1855|   		remove_window_from_list(win_b);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def26]
screen-5.0.0-build/screen-5.0.0/window.c: scope_hint: In function ‘GetWindowByNumber’
screen-5.0.0-build/screen-5.0.0/window.c:2008:22: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘w’
# 2006|   				w = w->w_prev;
# 2007|   		}
# 2008|-> 		if (w->w_number == n)
# 2009|   			return w;
# 2010|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def27]
screen-5.0.0-build/screen-5.0.0/winmsgbuf.c: scope_hint: In function ‘wmb_expand’
screen-5.0.0-build/screen-5.0.0/winmsgbuf.c:77:19: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
screen-5.0.0-build/screen-5.0.0/winmsgbuf.c: scope_hint: In function ‘wmb_expand’
screen-5.0.0-build/screen-5.0.0/winmsgbuf.c:29: included_from: Included from here.
screen-5.0.0-build/screen-5.0.0/winmsgbuf.c: scope_hint: In function ‘wmb_expand’
#   75|   	/* realloc already handled the free for us */
#   76|   	wmb->buf = p;
#   77|-> 	wmb->size = size;
#   78|   	return size;
#   79|   }

Scan Properties

analyzer-version-clippy	1.82.0
analyzer-version-cppcheck	2.16.0
analyzer-version-gcc	14.2.1
analyzer-version-gcc-analyzer	15.0.0
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.82.0
diffbase-analyzer-version-cppcheck	2.16.0
diffbase-analyzer-version-gcc	14.2.1
diffbase-analyzer-version-gcc-analyzer	15.0.0
diffbase-analyzer-version-shellcheck	0.10.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-190.us-west-2.compute.internal
diffbase-mock-config	fedora-rawhide-gcc-latest-x86_64
diffbase-project-name	screen-4.9.1-2.fc41
diffbase-store-results-to	/tmp/tmps0lvoqjq/screen-4.9.1-2.fc41.tar.xz
diffbase-time-created	2024-11-13 03:22:03
diffbase-time-finished	2024-11-13 03:25:22
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmps0lvoqjq/screen-4.9.1-2.fc41.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmps0lvoqjq/screen-4.9.1-2.fc41.src.rpm'
diffbase-tool-version	csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-190.us-west-2.compute.internal
mock-config	fedora-rawhide-gcc-latest-x86_64
project-name	screen-5.0.0-1.fc42
store-results-to	/tmp/tmpjm8p_uwq/screen-5.0.0-1.fc42.tar.xz
time-created	2024-11-13 03:25:49
time-finished	2024-11-13 03:28:25
title	Newly introduced findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpjm8p_uwq/screen-5.0.0-1.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpjm8p_uwq/screen-5.0.0-1.fc42.src.rpm'
tool-version	csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9