shadow-utils-4.16.0-7.fc42

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:24:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.gr_name)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
#   22|   #define XCALLOC(n, type)  ((type *) xcalloc(n, sizeof(type)))
#   23|   #define MALLOC(n, type)   ((type *) mallocarray(n, sizeof(type)))
#   24|-> #define XMALLOC(n, type)  ((type *) xmallocarray(n, sizeof(type)))
#   25|   
#   26|   #define REALLOC(ptr, n, type)                                                 \

Error: GCC_ANALYZER_WARNING (CWE-401): [#def2]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:24:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.gr_passwd)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
#   22|   #define XCALLOC(n, type)  ((type *) xcalloc(n, sizeof(type)))
#   23|   #define MALLOC(n, type)   ((type *) mallocarray(n, sizeof(type)))
#   24|-> #define XMALLOC(n, type)  ((type *) xmallocarray(n, sizeof(type)))
#   25|   
#   26|   #define REALLOC(ptr, n, type)                                                 \

Error: GCC_ANALYZER_WARNING (CWE-401): [#def3]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:24:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.pw_dir)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
#   22|   #define XCALLOC(n, type)  ((type *) xcalloc(n, sizeof(type)))
#   23|   #define MALLOC(n, type)   ((type *) mallocarray(n, sizeof(type)))
#   24|-> #define XMALLOC(n, type)  ((type *) xmallocarray(n, sizeof(type)))
#   25|   
#   26|   #define REALLOC(ptr, n, type)                                                 \

Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:24:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.pw_gecos)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
#   22|   #define XCALLOC(n, type)  ((type *) xcalloc(n, sizeof(type)))
#   23|   #define MALLOC(n, type)   ((type *) mallocarray(n, sizeof(type)))
#   24|-> #define XMALLOC(n, type)  ((type *) xmallocarray(n, sizeof(type)))
#   25|   
#   26|   #define REALLOC(ptr, n, type)                                                 \

Error: GCC_ANALYZER_WARNING (CWE-401): [#def5]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:24:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.pw_name)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
#   22|   #define XCALLOC(n, type)  ((type *) xcalloc(n, sizeof(type)))
#   23|   #define MALLOC(n, type)   ((type *) mallocarray(n, sizeof(type)))
#   24|-> #define XMALLOC(n, type)  ((type *) xmallocarray(n, sizeof(type)))
#   25|   
#   26|   #define REALLOC(ptr, n, type)                                                 \

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:24:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.pw_passwd)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
#   22|   #define XCALLOC(n, type)  ((type *) xcalloc(n, sizeof(type)))
#   23|   #define MALLOC(n, type)   ((type *) mallocarray(n, sizeof(type)))
#   24|-> #define XMALLOC(n, type)  ((type *) xmallocarray(n, sizeof(type)))
#   25|   
#   26|   #define REALLOC(ptr, n, type)                                                 \

Error: GCC_ANALYZER_WARNING (CWE-401): [#def7]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:24:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.pw_shell)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
#   22|   #define XCALLOC(n, type)  ((type *) xcalloc(n, sizeof(type)))
#   23|   #define MALLOC(n, type)   ((type *) mallocarray(n, sizeof(type)))
#   24|-> #define XMALLOC(n, type)  ((type *) xmallocarray(n, sizeof(type)))
#   25|   
#   26|   #define REALLOC(ptr, n, type)                                                 \

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:24:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.sg_name)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
#   22|   #define XCALLOC(n, type)  ((type *) xcalloc(n, sizeof(type)))
#   23|   #define MALLOC(n, type)   ((type *) mallocarray(n, sizeof(type)))
#   24|-> #define XMALLOC(n, type)  ((type *) xmallocarray(n, sizeof(type)))
#   25|   
#   26|   #define REALLOC(ptr, n, type)                                                 \

Error: GCC_ANALYZER_WARNING (CWE-401): [#def9]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:24:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.sg_passwd)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
#   22|   #define XCALLOC(n, type)  ((type *) xcalloc(n, sizeof(type)))
#   23|   #define MALLOC(n, type)   ((type *) mallocarray(n, sizeof(type)))
#   24|-> #define XMALLOC(n, type)  ((type *) xmallocarray(n, sizeof(type)))
#   25|   
#   26|   #define REALLOC(ptr, n, type)                                                 \

Error: GCC_ANALYZER_WARNING (CWE-401): [#def10]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:24:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.sp_pwdp)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
#   22|   #define XCALLOC(n, type)  ((type *) xcalloc(n, sizeof(type)))
#   23|   #define MALLOC(n, type)   ((type *) mallocarray(n, sizeof(type)))
#   24|-> #define XMALLOC(n, type)  ((type *) xmallocarray(n, sizeof(type)))
#   25|   
#   26|   #define REALLOC(ptr, n, type)                                                 \

Error: GCC_ANALYZER_WARNING (CWE-401): [#def11]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:24:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*sp.sp_namp)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
#   22|   #define XCALLOC(n, type)  ((type *) xcalloc(n, sizeof(type)))
#   23|   #define MALLOC(n, type)   ((type *) mallocarray(n, sizeof(type)))
#   24|-> #define XMALLOC(n, type)  ((type *) xmallocarray(n, sizeof(type)))
#   25|   
#   26|   #define REALLOC(ptr, n, type)                                                 \

Error: GCC_ANALYZER_WARNING (CWE-401): [#def12]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:24:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(group)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
#   22|   #define XCALLOC(n, type)  ((type *) xcalloc(n, sizeof(type)))
#   23|   #define MALLOC(n, type)   ((type *) mallocarray(n, sizeof(type)))
#   24|-> #define XMALLOC(n, type)  ((type *) xmallocarray(n, sizeof(type)))
#   25|   
#   26|   #define REALLOC(ptr, n, type)                                                 \

Error: GCC_ANALYZER_WARNING (CWE-401): [#def13]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:24:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(new)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
#   22|   #define XCALLOC(n, type)  ((type *) xcalloc(n, sizeof(type)))
#   23|   #define MALLOC(n, type)   ((type *) mallocarray(n, sizeof(type)))
#   24|-> #define XMALLOC(n, type)  ((type *) xmallocarray(n, sizeof(type)))
#   25|   
#   26|   #define REALLOC(ptr, n, type)                                                 \

Error: GCC_ANALYZER_WARNING (CWE-401): [#def14]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:24:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(old)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
#   22|   #define XCALLOC(n, type)  ((type *) xcalloc(n, sizeof(type)))
#   23|   #define MALLOC(n, type)   ((type *) mallocarray(n, sizeof(type)))
#   24|-> #define XMALLOC(n, type)  ((type *) xmallocarray(n, sizeof(type)))
#   25|   
#   26|   #define REALLOC(ptr, n, type)                                                 \

Error: GCC_ANALYZER_WARNING (CWE-401): [#def15]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:24:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(pwent.pw_name)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
#   22|   #define XCALLOC(n, type)  ((type *) xcalloc(n, sizeof(type)))
#   23|   #define MALLOC(n, type)   ((type *) mallocarray(n, sizeof(type)))
#   24|-> #define XMALLOC(n, type)  ((type *) xmallocarray(n, sizeof(type)))
#   25|   
#   26|   #define REALLOC(ptr, n, type)                                                 \

Error: GCC_ANALYZER_WARNING (CWE-401): [#def16]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:24:37: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(string)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
#   22|   #define XCALLOC(n, type)  ((type *) xcalloc(n, sizeof(type)))
#   23|   #define MALLOC(n, type)   ((type *) mallocarray(n, sizeof(type)))
#   24|-> #define XMALLOC(n, type)  ((type *) xmallocarray(n, sizeof(type)))
#   25|   
#   26|   #define REALLOC(ptr, n, type)                                                 \

Error: GCC_ANALYZER_WARNING (CWE-401): [#def17]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/sgetgrent.c:19: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h: scope_hint: In function ‘reallocarrayf’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:88:15: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarrayf(members,  i + 100, 8)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/sgetgrent.c:47:35: note: in expansion of macro ‘REALLOCF’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/sgetgrent.c:47:35: note: in expansion of macro ‘REALLOCF’
#   86|   
#   87|   	/* realloc(p, 0) is equivalent to free(p);  avoid double free.  */
#   88|-> 	if (q == NULL && nmemb != 0 && size != 0)
#   89|   		free(p);
#   90|   	return q;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def18]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.c:24: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h: scope_hint: In function ‘reallocarrayf’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:88:15: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarrayf(p,  nmemb,  size)’
#   86|   
#   87|   	/* realloc(p, 0) is equivalent to free(p);  avoid double free.  */
#   88|-> 	if (q == NULL && nmemb != 0 && size != 0)
#   89|   		free(p);
#   90|   	return q;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def19]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.c:24: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h: scope_hint: In function ‘reallocarrayf’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:88:15: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarrayf.localalias(p,  nmemb,  size)’
#   86|   
#   87|   	/* realloc(p, 0) is equivalent to free(p);  avoid double free.  */
#   88|-> 	if (q == NULL && nmemb != 0 && size != 0)
#   89|   		free(p);
#   90|   	return q;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def20]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h: scope_hint: In function ‘xreallocarray’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:88:15: warning[-Wanalyzer-malloc-leak]: leak of ‘xreallocarray(0, 1, size)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.c: scope_hint: In function ‘xreallocarray’
#   86|   
#   87|   	/* realloc(p, 0) is equivalent to free(p);  avoid double free.  */
#   88|-> 	if (q == NULL && nmemb != 0 && size != 0)
#   89|   		free(p);
#   90|   	return q;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def21]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:88:15: warning[-Wanalyzer-malloc-leak]: leak of ‘xreallocarray(0, nmemb,  size)’
#   86|   
#   87|   	/* realloc(p, 0) is equivalent to free(p);  avoid double free.  */
#   88|-> 	if (q == NULL && nmemb != 0 && size != 0)
#   89|   		free(p);
#   90|   	return q;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def22]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:88:15: warning[-Wanalyzer-malloc-leak]: leak of ‘xreallocarray(0, strlen(str) + 1, 1)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.c: scope_hint: In function ‘xreallocarray’
#   86|   
#   87|   	/* realloc(p, 0) is equivalent to free(p);  avoid double free.  */
#   88|-> 	if (q == NULL && nmemb != 0 && size != 0)
#   89|   		free(p);
#   90|   	return q;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def23]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup("/")’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/defines.h:16: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:18: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/setupenv.c:205:30: note: in expansion of macro ‘_’
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def24]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup("/bin/sh")’
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def25]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(&crypt_passwd)’
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def26]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>)’
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def27]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.pw_name)’
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def28]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*list)’
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def29]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*sp.sp_pwdp)’
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def30]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(ccp)’
shadow-utils-4.16.0-build/shadow-4.16.0/src/useradd.c:389:26: note: in expansion of macro ‘MATCH’
shadow-utils-4.16.0-build/shadow-4.16.0/src/useradd.c:396:26: note: in expansion of macro ‘MATCH’
shadow-utils-4.16.0-build/shadow-4.16.0/src/useradd.c:403:26: note: in expansion of macro ‘MATCH’
shadow-utils-4.16.0-build/shadow-4.16.0/src/useradd.c:419:26: note: in expansion of macro ‘MATCH’
shadow-utils-4.16.0-build/shadow-4.16.0/src/useradd.c:426:26: note: in expansion of macro ‘MATCH’
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def31]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(comma)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:11: included_from: Included from here.
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def32]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(cp)’
shadow-utils-4.16.0-build/shadow-4.16.0/src/useradd.c:389:26: note: in expansion of macro ‘MATCH’
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def33]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(getdef_str("MOTD_FILE"))’
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def34]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(getlogin())’
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def35]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(member)’
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def36]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(new)’
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def37]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(old)’
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def38]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(optarg)’
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def39]
shadow-utils-4.16.0-build/shadow-4.16.0/src/login.c:28: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h: scope_hint: In function ‘xstrdup’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(ptr_user)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/must_be.h:13: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/sizeof.h:15: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/memzero.h:18: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/src/login.c:35: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/src/login.c:398:9: note: in expansion of macro ‘PAM_FAIL_CHECK’
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def40]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(pwent.pw_passwd)’
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def41]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(shellname)’
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def42]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(string)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/must_be.h:13: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/sizeof.h:15: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/string/sprintf.h:19: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/env.c:23: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/env.c:168:32: note: in expansion of macro ‘SNPRINTF’
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def43]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(tty)’
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def44]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(users)’
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def45]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/env.c:19: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h: scope_hint: In function ‘xstrdup’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:16: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(0, strlen(str) + 1, 1)’ where non-null expected
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h: scope_hint: In function ‘xstrdup’
<built-in>: note: argument 1 of ‘__builtin_strcpy’ must be non-null
#   95|   xstrdup(const char *str)
#   96|   {
#   97|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   98|   }
#   99|   

Error: COMPILER_WARNING (CWE-252): [#def46]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/audit_help.c: scope_hint: In function ‘audit_logger’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/audit_help.c:66:17: warning[-Wunused-result]: ignoring return value of ‘audit_log_acct_message’ declared with attribute ‘warn_unused_result’
#   66 |                 audit_log_acct_message (audit_fd, type, NULL, op, name, id,
#      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   67 |                                         NULL, NULL, NULL, result);
#      |                                         ~~~~~~~~~~~~~~~~~~~~~~~~~
#   64|   		return;
#   65|   	} else {
#   66|-> 		audit_log_acct_message (audit_fd, type, NULL, op, name, id,
#   67|   		                        NULL, NULL, NULL, result);
#   68|   	}

Error: COMPILER_WARNING (CWE-252): [#def47]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/audit_help.c: scope_hint: In function ‘audit_logger_with_group’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/audit_help.c:100:9: warning[-Wunused-result]: ignoring return value of ‘audit_log_acct_message’ declared with attribute ‘warn_unused_result’
#  100 |         audit_log_acct_message (audit_fd, type, NULL, buf, name, id,
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  101 |                                         NULL, NULL, NULL, (int) result);
#      |                                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   98|   		snprintf(buf, sizeof(buf), "%s grp=\"%s\"", op, grp);
#   99|   	}
#  100|-> 	audit_log_acct_message (audit_fd, type, NULL, buf, name, id,
#  101|   		                        NULL, NULL, NULL, (int) result);
#  102|   }

Error: COMPILER_WARNING (CWE-252): [#def48]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/audit_help.c: scope_hint: In function ‘audit_logger_message’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/audit_help.c:109:17: warning[-Wunused-result]: ignoring return value of ‘audit_log_user_message’ declared with attribute ‘warn_unused_result’
#  109 |                 audit_log_user_message (audit_fd,
#      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  110 |                                         AUDIT_USYS_CONFIG,
#      |                                         ~~~~~~~~~~~~~~~~~~
#  111 |                                         message,
#      |                                         ~~~~~~~~
#  112 |                                         NULL, /* hostname */
#      |                                         ~~~~~~~~~~~~~~~~~~~~
#  113 |                                         NULL, /* addr */
#      |                                         ~~~~~~~~~~~~~~~~
#  114 |                                         NULL, /* tty */
#      |                                         ~~~~~~~~~~~~~~~
#  115 |                                         result);
#      |                                         ~~~~~~~
#  107|   		return;
#  108|   	} else {
#  109|-> 		audit_log_user_message (audit_fd,
#  110|   		                        AUDIT_USYS_CONFIG,
#  111|   		                        message,

Error: GCC_ANALYZER_WARNING (CWE-476): [#def49]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/commonio.c: scope_hint: In function ‘commonio_sort_wrt’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/commonio.c:858:28: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘*shadow.head’
#  856|   	}
#  857|   
#  858|-> 	shadow->head->prev = NULL;
#  859|   	shadow->changed = true;
#  860|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def50]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/copydir.c: scope_hint: In function ‘check_link’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/copydir.c:230:20: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, 1, 40)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:12: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/copydir.c:21: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/copydir.c:15: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/must_be.h:13: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/sizeof.h:15: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/string/sprintf.h:19: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/copydir.c:39: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/copydir.c:229:14: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/copydir.c: scope_hint: In function ‘check_link’
#  228|   
#  229|   	lp = XMALLOC(1, struct link_name);
#  230|-> 	lp->ln_dev = sb->st_dev;
#  231|   	lp->ln_ino = sb->st_ino;
#  232|   	lp->ln_count = sb->st_nlink;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def51]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/fd.c: scope_hint: In function ‘check_fd.part.0’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/fd.c:39:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
#   37|   
#   38|   	devnull = open("/dev/null", O_RDWR);
#   39|-> 	if (devnull != fd)
#   40|   		abort();
#   41|   }

Error: GCC_ANALYZER_WARNING (CWE-122): [#def52]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/find_new_gid.c: scope_hint: In function ‘check_gid.part.0’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/find_new_gid.c:125:43: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:11: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/find_new_gid.c:15: included_from: Included from here.
#  123|   	 * using the gr_next() loop
#  124|   	 */
#  125|-> 	if (used_gids != NULL && used_gids[gid]) {
#  126|   		return EEXIST;
#  127|   	}

Error: GCC_ANALYZER_WARNING (CWE-122): [#def53]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/find_new_uid.c: scope_hint: In function ‘check_uid.part.0’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/find_new_uid.c:125:43: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:11: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/find_new_uid.c:15: included_from: Included from here.
#  123|   	 * using the pw_next() loop
#  124|   	 */
#  125|-> 	if (used_uids != NULL && used_uids[uid]) {
#  126|   		return EEXIST;
#  127|   	}

Error: GCC_ANALYZER_WARNING (CWE-457): [#def54]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/getdate.c: scope_hint: In function ‘gd_parse’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/getdate.c:671:7: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyss’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/getdate.c:656:9: note: in expansion of macro ‘YYCOPY’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/getdate.c:1220:9: note: in expansion of macro ‘YYSTACK_RELOCATE’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/getdate.c:656:9: note: in expansion of macro ‘YYCOPY’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/getdate.c:1220:9: note: in expansion of macro ‘YYSTACK_RELOCATE’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/getdate.c:656:9: note: in expansion of macro ‘YYCOPY’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/getdate.c:1220:9: note: in expansion of macro ‘YYSTACK_RELOCATE’
#  669|   #  if defined __GNUC__ && 1 < __GNUC__
#  670|   #   define YYCOPY(Dst, Src, Count) \
#  671|->       __builtin_memcpy (Dst, Src, YY_CAST (YYSIZE_T, (Count)) * sizeof (*(Src)))
#  672|   #  else
#  673|   #   define YYCOPY(Dst, Src, Count)              \

Error: GCC_ANALYZER_WARNING (CWE-457): [#def55]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/getdate.c:1347:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*(unsigned int *)<unknown>’
# 1345|        unconditionally makes the parser a bit smaller, and it avoids a
# 1346|        GCC warning that YYVAL may be used uninitialized.  */
# 1347|->   yyval = yyvsp[1-yylen];
# 1348|   
# 1349|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def56]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/getdef.c: scope_hint: In function ‘putdef_str’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/getdef.c:395:18: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
#  393|   
#  394|   	free (d->value);
#  395|-> 	d->value = cp;
#  396|   	return 0;
#  397|   }

Error: COMPILER_WARNING (CWE-477): [#def57]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/getdef.c: scope_hint: In function ‘def_load’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/getdef.c:485:9: warning[-Wdeprecated-declarations]: ‘econf_readDirs’ is deprecated: Use the econf_readConfig/econf_readConfigWithCallback instead
shadow-utils-4.16.0-build/shadow-4.16.0/lib/getdef.c:22: included_from: Included from here.
/usr/include/libeconf.h:497:1: note: declared here
#  483|   	def_loaded = true;
#  484|   
#  485|-> 	error = econf_readDirs (&defs_file, vendordir, sysconfdir, "login", "defs", " \t", "#");
#  486|   	if (error) {
#  487|   		if (error == ECONF_NOFILE)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def58]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c: scope_hint: In function ‘add_list’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c:59:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)(i + 2), 8)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c:50:15: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c: scope_hint: In function ‘add_list’
#   57|   
#   58|   	for (i = 0; list[i] != NULL; i++) {
#   59|-> 		tmp[i] = list[i];
#   60|   	}
#   61|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def59]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c:62:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)(i + 2), 8)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c:50:15: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c: scope_hint: In function ‘add_list’
#   60|   	}
#   61|   
#   62|-> 	tmp[i] = xstrdup (member);
#   63|   	tmp[i+1] = NULL;
#   64|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def60]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c: scope_hint: In function ‘del_list’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c:115:32: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)(j + 1), 8)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:24:50: note: in definition of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c:105:15: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c: scope_hint: In function ‘del_list’
#  113|   	for (i = j = 0; list[i] != NULL; i++) {
#  114|   		if (strcmp (list[i], member) != 0) {
#  115|-> 			tmp[j] = list[i];
#  116|   			j++;
#  117|   		}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def61]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c:120:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)(j + 1), 8)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:24:50: note: in definition of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c:105:15: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c: scope_hint: In function ‘del_list’
#  118|   	}
#  119|   
#  120|-> 	tmp[j] = NULL;
#  121|   
#  122|   	return tmp;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def62]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c: scope_hint: In function ‘dup_list’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c:145:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)(i + 1), 8)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c:141:15: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c: scope_hint: In function ‘dup_list’
#  143|   	i = 0;
#  144|   	while (NULL != *list) {
#  145|-> 		tmp[i] = xstrdup (*list);
#  146|   		i++;
#  147|   		list++;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def63]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c:150:16: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)(i + 1), 8)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c:141:15: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c: scope_hint: In function ‘dup_list’
#  148|   	}
#  149|   
#  150|-> 	tmp[i] = NULL;
#  151|   	return tmp;
#  152|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def64]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c: scope_hint: In function ‘comma_to_list’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c:225:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)i, 8)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c:218:17: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c: scope_hint: In function ‘comma_to_list’
#  223|   
#  224|   	if ('\0' == *members) {
#  225|-> 		*array = NULL;
#  226|   		free (members);
#  227|   		return array;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def65]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c:236:26: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)i, 8)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c:218:17: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/list.c: scope_hint: In function ‘comma_to_list’
#  234|   
#  235|   	for (cp = members, i = 0; cp != NULL; i++)
#  236|-> 		array[i] = strsep(&cp, ",");
#  237|   	array[i] = NULL;
#  238|   

Error: COMPILER_WARNING: [#def66]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/sizeof.h:15: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:26: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/must_be.h:53:17: warning: anonymous struct declared inside parameter list will not be visible outside of this definition or declaration
shadow-utils-4.16.0-build/shadow-4.16.0/lib/must_be.h:96:31: note: in expansion of macro ‘must_be’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/sizeof.h:20:43: note: in expansion of macro ‘must_be_array’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/sizeof.h:21:31: note: in expansion of macro ‘SIZEOF_ARRAY’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:34:23: note: in expansion of macro ‘NITEMS’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:41:26: note: in expansion of macro ‘UTX_LINESIZE’
#   51|   (                                                                             \
#   52|   	0 * (int) sizeof(                                                     \
#   53|-> 		struct {                                                      \
#   54|   			static_assert(e, "");                                 \
#   55|   			int ISO_C_forbids_a_struct_with_no_members_;          \

Error: COMPILER_WARNING (CWE-563): [#def67]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/commonio.c:27: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/commonio.c: scope_hint: In function ‘dec_lock_count’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/nscd.h:10:35: warning[-Wunused-value]: statement with no effect
#   10 | #define nscd_flush_cache(service) (0)
#      |                                   ^
shadow-utils-4.16.0-build/shadow-4.16.0/lib/commonio.c:456:33: note: in expansion of macro ‘nscd_flush_cache’
#  456 |                                 nscd_flush_cache ("passwd");
#      |                                 ^~~~~~~~~~~~~~~~
#    8|   extern int nscd_flush_cache (const char *service);
#    9|   #else
#   10|-> #define nscd_flush_cache(service) (0)
#   11|   #endif
#   12|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def68]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/obscure.c: scope_hint: In function ‘password_check.part.0’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/obscure.c:103:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(0, strlen(str_lower(xstrdup(old))) * 2 + 1, 1)’ where non-null expected
shadow-utils-4.16.0-build/shadow-4.16.0/lib/obscure.c:102:19: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/obscure.c: scope_hint: In function ‘password_check.part.0’
<built-in>: note: argument 1 of ‘__builtin_strcpy’ must be non-null
#  101|   	oldmono = str_lower (xstrdup (old));
#  102|   	wrapped = XMALLOC(strlen(oldmono) * 2 + 1, char);
#  103|-> 	strcpy (wrapped, oldmono);
#  104|   	strcat (wrapped, oldmono);
#  105|   

Error: COMPILER_WARNING (CWE-563): [#def69]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/prefix_flag.c:40:14: warning[-Wunused-variable]: ‘def_conf_file’ defined but not used
#   40 | static char *def_conf_file = NULL;
#      |              ^~~~~~~~~~~~~
#   38|   static char *suid_db_file = NULL;
#   39|   static char *sgid_db_file = NULL;
#   40|-> static char *def_conf_file = NULL;
#   41|   static FILE* fp_pwent = NULL;
#   42|   static FILE* fp_grent = NULL;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def70]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/readpassphrase.c: scope_hint: In function ‘readpassphrase’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/readpassphrase.c:93:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 2)’
#   91|   	 * generate SIGTTOU, so do it *before* installing the signal handlers.
#   92|   	 */
#   93|-> 	if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
#   94|   		memcpy(&term, &oterm, sizeof(term));
#   95|   		if (!(flags & RPP_ECHO_ON))

Error: COMPILER_WARNING (CWE-252): [#def71]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/readpassphrase.c: scope_hint: In function ‘readpassphrase’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/readpassphrase.c:128:23: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  128 |                 (void)write(output, prompt, strlen(prompt));
#      |                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  126|   
#  127|   	if (!(flags & RPP_STDIN))
#  128|-> 		(void)write(output, prompt, strlen(prompt));
#  129|   	end = buf + bufsiz - 1;
#  130|   	p = buf;

Error: COMPILER_WARNING (CWE-252): [#def72]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/readpassphrase.c:147:23: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  147 |                 (void)write(output, "\n", 1);
#      |                       ^~~~~~~~~~~~~~~~~~~~~~
#  145|   	save_errno = errno;
#  146|   	if (!(term.c_lflag & ECHO))
#  147|-> 		(void)write(output, "\n", 1);
#  148|   
#  149|   	/* Restore old terminal settings and signals. */

Error: COMPILER_WARNING (CWE-563): [#def73]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/commonio.c:28: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/sssd.h:13:35: warning[-Wunused-value]: statement with no effect
#   13 | #define sssd_flush_cache(service) (0)
#      |                                   ^
shadow-utils-4.16.0-build/shadow-4.16.0/lib/commonio.c:458:33: note: in expansion of macro ‘sssd_flush_cache’
#  458 |                                 sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
#      |                                 ^~~~~~~~~~~~~~~~
#   11|   extern int sssd_flush_cache (int dbflags);
#   12|   #else
#   13|-> #define sssd_flush_cache(service) (0)
#   14|   #endif
#   15|   

Error: COMPILER_WARNING: [#def74]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/log.c:22: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/log.c: scope_hint: In function ‘dolastlog’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/string/strncpy.h:18:28: warning[-Wstringop-truncation]: ‘strncpy’ specified bound 256 equals destination size
#   18 | #define STRNCPY(dst, src)  strncpy(dst, src, NITEMS(dst))
#      |                            ^~~~~~~
#   16|   
#   17|   
#   18|-> #define STRNCPY(dst, src)  strncpy(dst, src, NITEMS(dst))
#   19|   
#   20|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def75]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:29: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c: scope_hint: In function ‘get_session_host’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/string/zustr2stp.h:54:16: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(0, 257, 1)’ where non-null expected
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:191:17: note: in expansion of macro ‘ZUSTR2STP’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:168:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c: scope_hint: In function ‘get_session_host’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:190:28: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c: scope_hint: In function ‘get_session_host’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:191:17: note: in expansion of macro ‘ZUSTR2STP’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/defines.h:30: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:12: included_from: Included from here.
/usr/include/string.h:400:14: note: argument 1 of ‘mempcpy’ must be non-null
#   52|   	static_assert(!is_array(dst) || sizeof(dst) > SIZEOF_ARRAY(src), ""); \
#   53|                                                                                 \
#   54|-> 	stpcpy(mempcpy(dst, src, strnlen(src, NITEMS(src))), "");             \
#   55|   })
#   56|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def76]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/sulog.c: scope_hint: In function ‘sulog’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/sulog.c:59:27: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(getdef_str("SULOG_FILE"), "a+")’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/prototypes.h:35: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/sulog.c:18: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/sulog.c:35:17: note: in expansion of macro ‘SYSLOG’
#   57|   	fp = fopen (sulog_file, "a+");
#   58|   	(void) umask (oldmask);
#   59|-> 	if ((oldgid != 0) && (setgid (oldgid) != 0)) {
#   60|   		perror ("setgid");
#   61|   		SYSLOG ((LOG_ERR,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def77]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/sulog.c:59:27: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(getdef_str("SULOG_FILE"), "a+")’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/sulog.c:35:17: note: in expansion of macro ‘SYSLOG’
#   57|   	fp = fopen (sulog_file, "a+");
#   58|   	(void) umask (oldmask);
#   59|-> 	if ((oldgid != 0) && (setgid (oldgid) != 0)) {
#   60|   		perror ("setgid");
#   61|   		SYSLOG ((LOG_ERR,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def78]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c: scope_hint: In function ‘get_session_host’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:155:27: warning[-Wanalyzer-malloc-leak]: leak of ‘get_current_utmp()’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:25: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:168:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c: scope_hint: In function ‘get_session_host’
#  153|   	/* First, try to find a valid utmp entry for this process.  */
#  154|   	while ((ut = getutxent()) != NULL) {
#  155|-> 		if (   (ut->ut_pid == getpid ())
#  156|   		    && ('\0' != ut->ut_id[0])
#  157|   		    && (   (LOGIN_PROCESS == ut->ut_type)

Error: GCC_ANALYZER_WARNING (CWE-688): [#def79]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c: scope_hint: In function ‘get_current_utmp’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:169:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(0, 1, 384)’ where non-null expected
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:168:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c: scope_hint: In function ‘get_current_utmp’
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
#  167|   	if (NULL != ut) {
#  168|   		ret = XMALLOC(1, struct utmpx);
#  169|-> 		memcpy (ret, ut, sizeof (*ret));
#  170|   	}
#  171|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def80]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c: scope_hint: In function ‘prepare_utmp’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:260:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(0, strlen(host) + 1, 1)’ where non-null expected
shadow-utils-4.16.0-build/shadow-4.16.0/lib/string/zustr2stp.h:11: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:24:50: note: in definition of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:259:28: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c: scope_hint: In function ‘prepare_utmp’
<built-in>: note: argument 1 of ‘__builtin_strcpy’ must be non-null
#  258|   	    && ('\0' != host[0])) {
#  259|   		hostname = XMALLOC(strlen(host) + 1, char);
#  260|-> 		strcpy (hostname, host);
#  261|   #if defined(HAVE_STRUCT_UTMPX_UT_HOST)
#  262|   	} else if (   (NULL != ut)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def81]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:277:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xcalloc(1, 384)’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/utmp.c:274:17: note: in expansion of macro ‘XCALLOC’
#  275|   
#  276|   
#  277|-> 	utent->ut_type = USER_PROCESS;
#  278|   	utent->ut_pid = getpid ();
#  279|   	STRNCPY(utent->ut_line, line);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def82]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetpwnam.c:40: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c: scope_hint: In function ‘xgetpwnam’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetpwnam.c:34:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(buffer,  length, 1)’ where non-null expected
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c:43:25: note: in definition of macro ‘APPEND_R1’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c:41:24: note: in expansion of macro ‘APPEND_R’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c:41:34: note: in expansion of macro ‘FUNCTION_NAME’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c:64:26: note: in expansion of macro ‘REENTRANT_NAME’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c:34: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c:63:26: note: in expansion of macro ‘XREALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c:43:25: note: in definition of macro ‘APPEND_R1’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c:41:24: note: in expansion of macro ‘APPEND_R’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c:41:34: note: in expansion of macro ‘FUNCTION_NAME’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c:64:26: note: in expansion of macro ‘REENTRANT_NAME’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/pwio.h:16: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetpwnam.c:31: included_from: Included from here.
/usr/include/pwd.h:153:12: note: argument 3 of ‘getpwnam_r’ must be non-null
#   32|   
#   33|   #define LOOKUP_TYPE	struct passwd
#   34|-> #define FUNCTION_NAME	getpwnam
#   35|   #define ARG_TYPE	const char *
#   36|   #define ARG_NAME	name

Error: GCC_ANALYZER_WARNING (CWE-688): [#def83]
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetpwuid.c:40: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c: scope_hint: In function ‘xgetpwuid’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetpwuid.c:34:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(buffer,  length, 1)’ where non-null expected
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c:43:25: note: in definition of macro ‘APPEND_R1’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c:41:24: note: in expansion of macro ‘APPEND_R’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c:41:34: note: in expansion of macro ‘FUNCTION_NAME’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c:64:26: note: in expansion of macro ‘REENTRANT_NAME’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c:34: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c:63:26: note: in expansion of macro ‘XREALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c:43:25: note: in definition of macro ‘APPEND_R1’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c:41:24: note: in expansion of macro ‘APPEND_R’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c:41:34: note: in expansion of macro ‘FUNCTION_NAME’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetXXbyYY.c:64:26: note: in expansion of macro ‘REENTRANT_NAME’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/pwio.h:16: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/lib/xgetpwuid.c:31: included_from: Included from here.
/usr/include/pwd.h:146:12: note: argument 3 of ‘getpwuid_r’ must be non-null
#   32|   
#   33|   #define LOOKUP_TYPE	struct passwd
#   34|-> #define FUNCTION_NAME	getpwuid
#   35|   #define ARG_TYPE	uid_t
#   36|   #define ARG_NAME	uid

Error: GCC_ANALYZER_WARNING (CWE-401): [#def84]
shadow-utils-4.16.0-build/shadow-4.16.0/libsubid/api.c: scope_hint: In function ‘subid_init’
shadow-utils-4.16.0-build/shadow-4.16.0/libsubid/api.c:33:17: warning[-Wanalyzer-malloc-leak]: leak of ‘progname’
#   31|   
#   32|   	if (logfd) {
#   33|-> 		log_set_logfd(logfd);
#   34|   		return true;
#   35|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def85]
shadow-utils-4.16.0-build/shadow-4.16.0/libsubid/api.c:38:17: warning[-Wanalyzer-malloc-leak]: leak of ‘progname’
#   36|   	shadow_logfd = fopen("/dev/null", "w");
#   37|   	if (!shadow_logfd) {
#   38|-> 		log_set_logfd(stderr);
#   39|   		return false;
#   40|   	}

Error: CPPCHECK_WARNING (CWE-908): [#def86]
shadow-utils-4.16.0-build/shadow-4.16.0/src/faillog.c:681: error[useClosedFile]: Used file that is not opened.
#  679|   			         _("%s: Failed to write %s: %s\n"),
#  680|   			         Prog, FAILLOG_FILE, strerror (errno));
#  681|-> 			(void) fclose (fail);
#  682|   			errors = true;
#  683|   		}

Error: COMPILER_WARNING (CWE-252): [#def87]
shadow-utils-4.16.0-build/shadow-4.16.0/src/gpasswd.c: scope_hint: In function ‘catch_signals’
shadow-utils-4.16.0-build/shadow-4.16.0/src/gpasswd.c:160:24: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  160 |                 (void) write (STDOUT_FILENO, "\n", 1);
#      |                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  158|   
#  159|   	if (0 != killed) {
#  160|-> 		(void) write (STDOUT_FILENO, "\n", 1);
#  161|   		_exit (killed);
#  162|   	}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def88]
shadow-utils-4.16.0-build/shadow-4.16.0/src/gpasswd.c: scope_hint: In function ‘get_group’
shadow-utils-4.16.0-build/shadow-4.16.0/src/gpasswd.c:793:47: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, 2, 8)’
shadow-utils-4.16.0-build/shadow-4.16.0/src/gpasswd.c:785:38: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/src/gpasswd.c: scope_hint: In function ‘get_group’
#  791|   #endif
#  792|   			{
#  793|-> 				sg->sg_adm[0] = NULL;
#  794|   			}
#  795|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def89]
shadow-utils-4.16.0-build/shadow-4.16.0/src/groupmems.c: scope_hint: In function ‘process_flags’
shadow-utils-4.16.0-build/shadow-4.16.0/src/groupmems.c:391:25: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h: scope_hint: In function ‘process_flags’
#  389|   		case 'a':
#  390|   			adduser = xstrdup (optarg);
#  391|-> 			++exclusive;
#  392|   			break;
#  393|   		case 'd':

Error: GCC_ANALYZER_WARNING (CWE-401): [#def90]
shadow-utils-4.16.0-build/shadow-4.16.0/src/groups.c: scope_hint: In function ‘main’
shadow-utils-4.16.0-build/shadow-4.16.0/src/groups.c:103:12: warning[-Wanalyzer-malloc-leak]: leak of ‘xreallocarray(0, (long unsigned int)sys_ngroups, 4)’
shadow-utils-4.16.0-build/shadow-4.16.0/src/groups.c:18: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/src/groups.c:94:18: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/src/groups.c: scope_hint: In function ‘main’
#  101|   	log_set_logfd(stderr);
#  102|   
#  103|-> 	if (argc == 1) {
#  104|   
#  105|   		/*

Error: GCC_ANALYZER_WARNING (CWE-401): [#def91]
shadow-utils-4.16.0-build/shadow-4.16.0/src/id.c: scope_hint: In function ‘main’
shadow-utils-4.16.0-build/shadow-4.16.0/src/id.c:78:20: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarray(0, (long unsigned int)sys_ngroups, 4)’
shadow-utils-4.16.0-build/shadow-4.16.0/src/id.c:27: included_from: Included from here.
shadow-utils-4.16.0-build/shadow-4.16.0/src/id.c:70:18: note: in expansion of macro ‘MALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/src/id.c: scope_hint: In function ‘main’
#   76|   
#   77|   	if (argc > 1) {
#   78|-> 		if (argc > 2 || strcmp(argv[1], "-a") != 0)
#   79|   			usage();
#   80|   		else

Error: GCC_ANALYZER_WARNING (CWE-401): [#def92]
shadow-utils-4.16.0-build/shadow-4.16.0/src/id.c:78:33: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarray(0, (long unsigned int)sys_ngroups, 4)’
shadow-utils-4.16.0-build/shadow-4.16.0/src/id.c:70:18: note: in expansion of macro ‘MALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/src/id.c: scope_hint: In function ‘main’
#   76|   
#   77|   	if (argc > 1) {
#   78|-> 		if (argc > 2 || strcmp(argv[1], "-a") != 0)
#   79|   			usage();
#   80|   		else

Error: COMPILER_WARNING (CWE-563): [#def93]
shadow-utils-4.16.0-build/shadow-4.16.0/src/login.c: scope_hint: In function ‘main’
shadow-utils-4.16.0-build/shadow-4.16.0/src/login.c:452:24: warning[-Wunused-but-set-variable]: variable ‘subroot’ set but not used
#  452 |         bool           subroot = false;
#      |                        ^~~~~~~
#  450|   {
#  451|   	int            err;
#  452|-> 	bool           subroot = false;
#  453|   	char           **envp = environ;
#  454|   	char           *host = NULL;

Error: COMPILER_WARNING (CWE-252): [#def94]
shadow-utils-4.16.0-build/shadow-4.16.0/src/login.c:720:25: warning[-Wunused-result]: ignoring return value of ‘audit_log_acct_message’ declared with attribute ‘warn_unused_result’
#  720 |                         audit_log_acct_message (audit_fd,
#      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  721 |                                                 AUDIT_USER_LOGIN,
#      |                                                 ~~~~~~~~~~~~~~~~~
#  722 |                                                 NULL,    /* Prog. name */
#      |                                                 ~~~~~~~~~~~~~~~~~~~~~~~~~
#  723 |                                                 "login",
#      |                                                 ~~~~~~~~
#  724 |                                                 failent_user,
#      |                                                 ~~~~~~~~~~~~~
#  725 |                                                 AUDIT_NO_ID,
#      |                                                 ~~~~~~~~~~~~
#  726 |                                                 hostname,
#      |                                                 ~~~~~~~~~
#  727 |                                                 NULL,    /* addr */
#      |                                                 ~~~~~~~~~~~~~~~~~~~
#  728 |                                                 tty,
#      |                                                 ~~~~
#  729 |                                                 0);      /* result */
#      |                                                 ~~
#  718|   #ifdef WITH_AUDIT
#  719|   			audit_fd = audit_open ();
#  720|-> 			audit_log_acct_message (audit_fd,
#  721|   			                        AUDIT_USER_LOGIN,
#  722|   			                        NULL,    /* Prog. name */

Error: COMPILER_WARNING (CWE-252): [#def95]
shadow-utils-4.16.0-build/shadow-4.16.0/src/login.c:1036:9: warning[-Wunused-result]: ignoring return value of ‘audit_log_acct_message’ declared with attribute ‘warn_unused_result’
# 1036 |         audit_log_acct_message (audit_fd,
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1037 |                                 AUDIT_USER_LOGIN,
#      |                                 ~~~~~~~~~~~~~~~~~
# 1038 |                                 NULL,    /* Prog. name */
#      |                                 ~~~~~~~~~~~~~~~~~~~~~~~~~
# 1039 |                                 "login",
#      |                                 ~~~~~~~~
# 1040 |                                 username,
#      |                                 ~~~~~~~~~
# 1041 |                                 AUDIT_NO_ID,
#      |                                 ~~~~~~~~~~~~
# 1042 |                                 hostname,
#      |                                 ~~~~~~~~~
# 1043 |                                 NULL,    /* addr */
#      |                                 ~~~~~~~~~~~~~~~~~~~
# 1044 |                                 tty,
#      |                                 ~~~~
# 1045 |                                 1);      /* result */
#      |                                 ~~
# 1034|   #ifdef WITH_AUDIT
# 1035|   	audit_fd = audit_open ();
# 1036|-> 	audit_log_acct_message (audit_fd,
# 1037|   	                        AUDIT_USER_LOGIN,
# 1038|   	                        NULL,    /* Prog. name */

Error: GCC_ANALYZER_WARNING (CWE-688): [#def96]
shadow-utils-4.16.0-build/shadow-4.16.0/src/passwd.c: scope_hint: In function ‘update_crypt_pw’
shadow-utils-4.16.0-build/shadow-4.16.0/src/passwd.c:536:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(0, strlen(cp) + 2, 1)’ where non-null expected
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:24:50: note: in definition of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/src/passwd.c:534:31: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/src/passwd.c: scope_hint: In function ‘update_crypt_pw’
<built-in>: note: argument 1 of ‘__builtin_memcpy’ must be non-null
#  534|   		char *newpw = XMALLOC(strlen(cp) + 2, char);
#  535|   
#  536|-> 		strcpy (newpw, "!");
#  537|   		strcat (newpw, cp);
#  538|   		if (!use_pam)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def97]
shadow-utils-4.16.0-build/shadow-4.16.0/src/passwd.c:546:16: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h: scope_hint: In function ‘update_crypt_pw’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:24:50: note: in definition of macro ‘XMALLOC’
#  544|   		cp = newpw;
#  545|   	}
#  546|-> 	return cp;
#  547|   }
#  548|   

Error: COMPILER_WARNING (CWE-252): [#def98]
shadow-utils-4.16.0-build/shadow-4.16.0/src/su.c: scope_hint: In function ‘su_failure’
shadow-utils-4.16.0-build/shadow-4.16.0/src/su.c:211:9: warning[-Wunused-result]: ignoring return value of ‘audit_log_acct_message’ declared with attribute ‘warn_unused_result’
#  211 |         audit_log_acct_message (audit_fd,
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  212 |                                 AUDIT_USER_ROLE_CHANGE,
#      |                                 ~~~~~~~~~~~~~~~~~~~~~~~
#  213 |                                 NULL,    /* Prog. name */
#      |                                 ~~~~~~~~~~~~~~~~~~~~~~~~~
#  214 |                                 "su",
#      |                                 ~~~~~
#  215 |                                 ('\0' != caller_name[0]) ? caller_name : "???",
#      |                                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  216 |                                 AUDIT_NO_ID,
#      |                                 ~~~~~~~~~~~~
#  217 |                                 "localhost",
#      |                                 ~~~~~~~~~~~~
#  218 |                                 NULL,    /* addr */
#      |                                 ~~~~~~~~~~~~~~~~~~~
#  219 |                                 tty,
#      |                                 ~~~~
#  220 |                                 0);      /* result */
#      |                                 ~~
#  209|   #ifdef WITH_AUDIT
#  210|   	audit_fd = audit_open ();
#  211|-> 	audit_log_acct_message (audit_fd,
#  212|   				AUDIT_USER_ROLE_CHANGE,
#  213|   				NULL,    /* Prog. name */

Error: GCC_ANALYZER_WARNING (CWE-476): [#def99]
shadow-utils-4.16.0-build/shadow-4.16.0/src/su.c: scope_hint: In function ‘execve_shell’
shadow-utils-4.16.0-build/shadow-4.16.0/src/su.c:250:26: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, n_args + 3, 8)’
shadow-utils-4.16.0-build/shadow-4.16.0/src/su.c:249:25: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/src/su.c: scope_hint: In function ‘execve_shell’
#  248|   		}
#  249|   		targs = XMALLOC(n_args + 3, char *);
#  250|-> 		targs[0] = "sh";
#  251|   		targs[1] = "-";
#  252|   		targs[2] = xstrdup (shellname);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def100]
shadow-utils-4.16.0-build/shadow-4.16.0/src/su.c:259:24: warning[-Wanalyzer-malloc-leak]: leak of ‘xreallocarray(0, n_args + 3, 8)’
shadow-utils-4.16.0-build/shadow-4.16.0/src/su.c:249:25: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/src/su.c: scope_hint: In function ‘execve_shell’
#  257|   		}
#  258|   
#  259|-> 		(void) execve (SHELL, targs, envp);
#  260|   	} else {
#  261|   		errno = err;

Error: COMPILER_WARNING (CWE-252): [#def101]
shadow-utils-4.16.0-build/shadow-4.16.0/src/su.c: scope_hint: In function ‘main’
shadow-utils-4.16.0-build/shadow-4.16.0/src/su.c:1136:9: warning[-Wunused-result]: ignoring return value of ‘audit_log_acct_message’ declared with attribute ‘warn_unused_result’
# 1136 |         audit_log_acct_message (audit_fd,
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1137 |                                 AUDIT_USER_ROLE_CHANGE,
#      |                                 ~~~~~~~~~~~~~~~~~~~~~~~
# 1138 |                                 NULL,    /* Prog. name */
#      |                                 ~~~~~~~~~~~~~~~~~~~~~~~~~
# 1139 |                                 "su",
#      |                                 ~~~~~
# 1140 |                                 ('\0' != caller_name[0]) ? caller_name : "???",
#      |                                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1141 |                                 AUDIT_NO_ID,
#      |                                 ~~~~~~~~~~~~
# 1142 |                                 "localhost",
#      |                                 ~~~~~~~~~~~~
# 1143 |                                 NULL,    /* addr */
#      |                                 ~~~~~~~~~~~~~~~~~~~
# 1144 |                                 caller_tty,
#      |                                 ~~~~~~~~~~~
# 1145 |                                 1);      /* result */
#      |                                 ~~
# 1134|   #ifdef WITH_AUDIT
# 1135|   	audit_fd = audit_open ();
# 1136|-> 	audit_log_acct_message (audit_fd,
# 1137|   				AUDIT_USER_ROLE_CHANGE,
# 1138|   				NULL,    /* Prog. name */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def102]
shadow-utils-4.16.0-build/shadow-4.16.0/src/sulogin.c: scope_hint: In function ‘main’
shadow-utils-4.16.0-build/shadow-4.16.0/src/sulogin.c:87:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(argv[1], 2)’
#   85|   		close(2);
#   86|   
#   87|-> 		if (open(argv[1], O_RDWR) == -1)
#   88|   			exit(1);
#   89|   		dup(0);

Error: GCC_ANALYZER_WARNING (CWE-910): [#def103]
shadow-utils-4.16.0-build/shadow-4.16.0/src/sulogin.c:89:17: warning[-Wanalyzer-fd-use-after-close]: ‘dup’ on closed file descriptor ‘0’
#   87|   		if (open(argv[1], O_RDWR) == -1)
#   88|   			exit(1);
#   89|-> 		dup(0);
#   90|   		dup(0);
#   91|   	}

Error: COMPILER_WARNING (CWE-252): [#def104]
shadow-utils-4.16.0-build/shadow-4.16.0/src/sulogin.c: scope_hint: In function ‘main’
shadow-utils-4.16.0-build/shadow-4.16.0/src/sulogin.c:89:17: warning[-Wunused-result]: ignoring return value of ‘dup’ declared with attribute ‘warn_unused_result’
#   89 |                 dup(0);
#      |                 ^~~~~~
#   87|   		if (open(argv[1], O_RDWR) == -1)
#   88|   			exit(1);
#   89|-> 		dup(0);
#   90|   		dup(0);
#   91|   	}

Error: GCC_ANALYZER_WARNING (CWE-910): [#def105]
shadow-utils-4.16.0-build/shadow-4.16.0/src/sulogin.c:90:17: warning[-Wanalyzer-fd-use-after-close]: ‘dup’ on closed file descriptor ‘0’
#   88|   			exit(1);
#   89|   		dup(0);
#   90|-> 		dup(0);
#   91|   	}
#   92|   	if (access (PASSWD_FILE, F_OK) == -1) {	/* must be a password file! */

Error: COMPILER_WARNING (CWE-252): [#def106]
shadow-utils-4.16.0-build/shadow-4.16.0/src/sulogin.c:90:17: warning[-Wunused-result]: ignoring return value of ‘dup’ declared with attribute ‘warn_unused_result’
#   90 |                 dup(0);
#      |                 ^~~~~~
#   88|   			exit(1);
#   89|   		dup(0);
#   90|-> 		dup(0);
#   91|   	}
#   92|   	if (access (PASSWD_FILE, F_OK) == -1) {	/* must be a password file! */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def107]
shadow-utils-4.16.0-build/shadow-4.16.0/src/useradd.c: scope_hint: In function ‘get_defaults’
shadow-utils-4.16.0-build/shadow-4.16.0/src/useradd.c:390:34: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h:97:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/lib/alloc.h: scope_hint: In function ‘get_defaults’
#  388|   		 */
#  389|   		else if (MATCH (buf, DHOME)) {
#  390|-> 			def_home = xstrdup(ccp);
#  391|   		}
#  392|   

Error: COMPILER_WARNING (CWE-252): [#def108]
shadow-utils-4.16.0-build/shadow-4.16.0/src/useradd.c: scope_hint: In function ‘create_home’
shadow-utils-4.16.0-build/shadow-4.16.0/src/useradd.c:2276:16: warning[-Wunused-result]: ignoring return value of ‘chown’ declared with attribute ‘warn_unused_result’
# 2276 |         (void) chown(prefix_user_home, user_id, user_gid);
#      |                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 2274|   	free(bhome);
# 2275|   
# 2276|-> 	(void) chown(prefix_user_home, user_id, user_gid);
# 2277|   	mode = getdef_num("HOME_MODE",
# 2278|   			  0777 & ~getdef_num("UMASK", GETDEF_DEFAULT_UMASK));

Error: GCC_ANALYZER_WARNING (CWE-476): [#def109]
shadow-utils-4.16.0-build/shadow-4.16.0/src/useradd.c: scope_hint: In function ‘main’
shadow-utils-4.16.0-build/shadow-4.16.0/src/useradd.c:2442:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘user_groups’
shadow-utils-4.16.0-build/shadow-4.16.0/src/useradd.c:2438:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/src/useradd.c: scope_hint: In function ‘main’
# 2440|   	 * Initialize the list to be empty
# 2441|   	 */
# 2442|-> 	user_groups[0] = NULL;
# 2443|   
# 2444|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def110]
shadow-utils-4.16.0-build/shadow-4.16.0/src/usermod.c: scope_hint: In function ‘main’
shadow-utils-4.16.0-build/shadow-4.16.0/src/usermod.c:2172:24: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘user_groups’
shadow-utils-4.16.0-build/shadow-4.16.0/src/usermod.c:2171:23: note: in expansion of macro ‘XMALLOC’
shadow-utils-4.16.0-build/shadow-4.16.0/src/usermod.c: scope_hint: In function ‘main’
# 2170|   	sys_ngroups = sysconf (_SC_NGROUPS_MAX);
# 2171|   	user_groups = XMALLOC(sys_ngroups + 1, char *);
# 2172|-> 	user_groups[0] = NULL;
# 2173|   
# 2174|   	is_shadow_pwd = spw_file_present ();

Error: GCC_ANALYZER_WARNING (CWE-775): [#def111]
shadow-utils-4.16.0-build/shadow-4.16.0/src/vipw.c: scope_hint: In function ‘vipwedit’
shadow-utils-4.16.0-build/shadow-4.16.0/src/vipw.c:277:12: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(file, "r")’
#  275|   		vipwexit (_("failed to gain privileges"), errno, 1);
#  276|   #endif				/* WITH_TCB */
#  277|-> 	if (create_backup_file (f, fileedit, &st1) != 0) {
#  278|   		vipwexit (_("Couldn't make backup"), errno, 1);
#  279|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def112]
shadow-utils-4.16.0-build/shadow-4.16.0/src/vipw.c:277:12: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(file, "r")’
#  275|   		vipwexit (_("failed to gain privileges"), errno, 1);
#  276|   #endif				/* WITH_TCB */
#  277|-> 	if (create_backup_file (f, fileedit, &st1) != 0) {
#  278|   		vipwexit (_("Couldn't make backup"), errno, 1);
#  279|   	}

Error: COMPILER_WARNING (CWE-252): [#def113]
shadow-utils-4.16.0-build/shadow-4.16.0/src/vipw.c: scope_hint: In function ‘vipwedit’
shadow-utils-4.16.0-build/shadow-4.16.0/src/vipw.c:439:9: warning[-Wunused-result]: ignoring return value of ‘link’ declared with attribute ‘warn_unused_result’
#  439 |         link (file, filebackup);
#      |         ^~~~~~~~~~~~~~~~~~~~~~~
#  437|   #endif				/* WITH_TCB */
#  438|   	unlink (filebackup);
#  439|-> 	link (file, filebackup);
#  440|   	if (rename (to_rename, file) == -1) {
#  441|   		fprintf (stderr,
Scan Properties

analyzer-version-clippy	1.82.0
analyzer-version-cppcheck	2.16.0
analyzer-version-gcc	14.2.1
analyzer-version-gcc-analyzer	15.0.0
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-218.us-west-2.compute.internal
mock-config	fedora-rawhide-gcc-latest-x86_64
project-name	shadow-utils-4.16.0-7.fc42
store-results-to	/tmp/tmpfq3nx0vz/shadow-utils-4.16.0-7.fc42.tar.xz
time-created	2024-11-13 03:14:34
time-finished	2024-11-13 03:18:10
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpfq3nx0vz/shadow-utils-4.16.0-7.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpfq3nx0vz/shadow-utils-4.16.0-7.fc42.src.rpm'
tool-version	csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9