Newly introduced findings

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/sgetgrent.c:19: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h: scope_hint: In function ‘reallocarrayf’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:88:15: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarrayf(members,  i + 100, 8)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/sgetgrent.c:47:35: note: in expansion of macro ‘REALLOCF’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/sgetgrent.c:47:35: note: in expansion of macro ‘REALLOCF’
#   86|   
#   87|   	/* realloc(p, 0) is equivalent to free(p);  avoid double free.  */
#   88|-> 	if (q == NULL && nmemb != 0 && size != 0)
#   89|   		free(p);
#   90|   	return q;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def2]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/fd.c: scope_hint: In function ‘check_fd.part.0’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/fd.c:39:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
#   37|   
#   38|   	devnull = open("/dev/null", O_RDWR);
#   39|-> 	if (devnull != fd)
#   40|   		abort();
#   41|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def3]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c:236:26: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)i, 8)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c:218:17: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c: scope_hint: In function ‘comma_to_list’
#  234|   
#  235|   	for (cp = members, i = 0; cp != NULL; i++)
#  236|-> 		array[i] = strsep(&cp, ",");
#  237|   	array[i] = NULL;
#  238|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def4]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:29: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c: scope_hint: In function ‘get_session_host’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/string/zustr2stp.h:54:16: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(0, 257, 1)’ where non-null expected
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:191:17: note: in expansion of macro ‘ZUSTR2STP’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:168:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c: scope_hint: In function ‘get_session_host’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:190:28: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c: scope_hint: In function ‘get_session_host’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:191:17: note: in expansion of macro ‘ZUSTR2STP’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/defines.h:30: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:12: included_from: Included from here.
/usr/include/string.h:400:14: note: argument 1 of ‘mempcpy’ must be non-null
#   52|   	static_assert(!is_array(dst) || sizeof(dst) > SIZEOF_ARRAY(src), ""); \
#   53|                                                                                 \
#   54|-> 	stpcpy(mempcpy(dst, src, strnlen(src, NITEMS(src))), "");             \
#   55|   })
#   56|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def5]
shadow-utils-4.16.0-build/shadow-4.16.0/src/id.c: scope_hint: In function ‘main’
shadow-utils-4.16.0-build/shadow-4.16.0/src/id.c:78:20: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarray(0, (long unsigned int)sys_ngroups, 4)’
shadow-utils-4.16.0-build/shadow-4.16.0/src/id.c:27: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/src/id.c:70:18: note: in expansion of macro ‘MALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/src/id.c: scope_hint: In function ‘main’
#   76|   
#   77|   	if (argc > 1) {
#   78|-> 		if (argc > 2 || strcmp(argv[1], "-a") != 0)
#   79|   			usage();
#   80|   		else

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
shadow-utils-4.16.0-build/shadow-4.16.0/src/id.c:78:33: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarray(0, (long unsigned int)sys_ngroups, 4)’
shadow-utils-4.16.0-build/shadow-4.16.0/src/id.c:70:18: note: in expansion of macro ‘MALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/src/id.c: scope_hint: In function ‘main’
#   76|   
#   77|   	if (argc > 1) {
#   78|-> 		if (argc > 2 || strcmp(argv[1], "-a") != 0)
#   79|   			usage();
#   80|   		else

Error: GCC_ANALYZER_WARNING (CWE-775): [#def7]
shadow-utils-4.16.0-build/shadow-4.16.0/src/sulogin.c: scope_hint: In function ‘main’
shadow-utils-4.16.0-build/shadow-4.16.0/src/sulogin.c:87:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(argv[1], 2)’
#   85|   		close(2);
#   86|   
#   87|-> 		if (open(argv[1], O_RDWR) == -1)
#   88|   			exit(1);
#   89|   		dup(0);

Scan Properties

analyzer-version-clippy	1.82.0
analyzer-version-cppcheck	2.16.0
analyzer-version-gcc	14.2.1
analyzer-version-gcc-analyzer	15.0.0
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.82.0
diffbase-analyzer-version-cppcheck	2.16.0
diffbase-analyzer-version-gcc	14.2.1
diffbase-analyzer-version-gcc-analyzer	15.0.0
diffbase-analyzer-version-shellcheck	0.10.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-218.us-west-2.compute.internal
diffbase-mock-config	fedora-rawhide-gcc-latest-x86_64
diffbase-project-name	shadow-utils-4.15.1-12.fc41
diffbase-store-results-to	/tmp/tmpvdzqrobs/shadow-utils-4.15.1-12.fc41.tar.xz
diffbase-time-created	2024-11-13 03:10:07
diffbase-time-finished	2024-11-13 03:14:09
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpvdzqrobs/shadow-utils-4.15.1-12.fc41.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpvdzqrobs/shadow-utils-4.15.1-12.fc41.src.rpm'
diffbase-tool-version	csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-218.us-west-2.compute.internal
mock-config	fedora-rawhide-gcc-latest-x86_64
project-name	shadow-utils-4.16.0-7.fc42
store-results-to	/tmp/tmpfq3nx0vz/shadow-utils-4.16.0-7.fc42.tar.xz
time-created	2024-11-13 03:14:34
time-finished	2024-11-13 03:18:10
title	Newly introduced findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpfq3nx0vz/shadow-utils-4.16.0-7.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpfq3nx0vz/shadow-utils-4.16.0-7.fc42.src.rpm'
tool-version	csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9