sqlite-3.47.0-1.fc42

List of Findings

Error: COMPILER_WARNING: [#def1]
sqlite-3.47.0-build/sqlite-src-3470000/shell.c: scope_hint: In function 'shell_exec'
sqlite-3.47.0-build/sqlite-src-3470000/shell.c:24266:31: warning[-Wformat-overflow=]: '%s' directive argument is null
#24266 |         sqlite3_fprintf(out, "%s\n", zCand);
#      |                               ^~
#24264|           const char *zCand = sqlite3_expert_report(p,0,EXPERT_REPORT_CANDIDATES);
#24265|           sqlite3_fputs("-- Candidates -----------------------------\n", out);
#24266|->         sqlite3_fprintf(out, "%s\n", zCand);
#24267|         }
#24268|         for(i=0; i<nQuery; i++){

Error: COMPILER_WARNING (CWE-1164): [#def2]
sqlite-3.47.0-build/sqlite-src-3470000/sqlite3_analyzer.c:186406:21: warning[-Wunused-function]: 'sqlite3ConnectionBlocked' defined but not used
#186406 | SQLITE_PRIVATE void sqlite3ConnectionBlocked(sqlite3 *db, sqlite3 *pBlocker){
#       |                     ^~~~~~~~~~~~~~~~~~~~~~~~
#186404|   ** until connection pBlocker concludes its current transaction.
#186405|   */
#186406|-> SQLITE_PRIVATE void sqlite3ConnectionBlocked(sqlite3 *db, sqlite3 *pBlocker){
#186407|     enterMutex();
#186408|     if( db->pBlockingConnection==0 && db->pUnlockConnection==0 ){

Error: CPPCHECK_WARNING (CWE-401): [#def3]
sqlite-3.47.0-build/sqlite-src-3470000/src/tclsqlite.c:1262: error[memleakOnRealloc]: Common realloc mistake: 'zLine' nulled but not freed upon failure
# 1260|       if( n+100>nLine ){
# 1261|         nLine = nLine*2 + 100;
# 1262|->       zLine = realloc(zLine, nLine);
# 1263|         if( zLine==0 ) return 0;
# 1264|       }

Error: CPPCHECK_WARNING (CWE-401): [#def4]
sqlite-3.47.0-build/sqlite-src-3470000/src/tclsqlite.c:1280: error[memleakOnRealloc]: Common realloc mistake: 'zLine' nulled but not freed upon failure
# 1278|       }
# 1279|     }
# 1280|->   zLine = realloc( zLine, n+1 );
# 1281|     return zLine;
# 1282|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def5]
sqlite-3.47.0-build/sqlite-src-3470000/src/tclsqlite.c: scope_hint: In function ‘DbHookCmd’
sqlite-3.47.0-build/sqlite-src-3470000/src/tclsqlite.c:1957:7: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ppHook’
/usr/include/tcl.h:2424: included_from: Included from here.
sqlite-3.47.0-build/sqlite-src-3470000/src/tclsqlite.c:42: included_from: Included from here.
# 1955|     sqlite3 *db = pDb->db;
# 1956|   
# 1957|->   if( *ppHook ){
# 1958|       Tcl_SetObjResult(interp, *ppHook);
# 1959|       if( pArg ){

Error: GCC_ANALYZER_WARNING (CWE-686): [#def6]
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘lemon_vsprintf’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c:188:13: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘int’ but received ‘char *’ for variadic argument 1 of ‘ap’
#  186|         }
#  187|         if( c=='d' ){
#  188|->         int v = va_arg(ap, int);
#  189|           if( v<0 ){
#  190|             lemon_addtext(str, &nUsed, "-", 1, iWidth);

Error: GCC_ANALYZER_WARNING (CWE-686): [#def7]
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c:188:13: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘int’ but received ‘char *’ for variadic argument 2 of ‘ap’
#  186|         }
#  187|         if( c=='d' ){
#  188|->         int v = va_arg(ap, int);
#  189|           if( v<0 ){
#  190|             lemon_addtext(str, &nUsed, "-", 1, iWidth);

Error: GCC_ANALYZER_WARNING (CWE-686): [#def8]
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c:203:11: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘const char *’ but received ‘int’ for variadic argument 1 of ‘ap’
#  201|           lemon_addtext(str, &nUsed, &zTemp[sizeof(zTemp)-k], k, iWidth);
#  202|         }else if( c=='s' ){
#  203|->         z = va_arg(ap, const char*);
#  204|           lemon_addtext(str, &nUsed, z, -1, iWidth);
#  205|         }else if( c=='.' && memcmp(&zFormat[i], ".*s", 3)==0 ){

Error: GCC_ANALYZER_WARNING (CWE-686): [#def9]
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c:207:11: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘int’ but received ‘char *’ for variadic argument 1 of ‘ap’
#  205|         }else if( c=='.' && memcmp(&zFormat[i], ".*s", 3)==0 ){
#  206|           i += 2;
#  207|->         k = va_arg(ap, int);
#  208|           z = va_arg(ap, const char*);
#  209|           lemon_addtext(str, &nUsed, z, k, iWidth);

Error: GCC_ANALYZER_WARNING (CWE-686): [#def10]
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c:207:11: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘int’ but received ‘char *’ for variadic argument 2 of ‘ap’
#  205|         }else if( c=='.' && memcmp(&zFormat[i], ".*s", 3)==0 ){
#  206|           i += 2;
#  207|->         k = va_arg(ap, int);
#  208|           z = va_arg(ap, const char*);
#  209|           lemon_addtext(str, &nUsed, z, k, iWidth);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def11]
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘OptInit.part.0’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c:2215:5: warning[-Wanalyzer-null-argument]: use of NULL ‘err’ where non-null expected
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c:14: included_from: Included from here.
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c:9: included_from: Included from here.
/usr/include/stdio.h:357:12: note: argument 1 of ‘fprintf’ must be non-null
# 2213|     }
# 2214|     if( errcnt>0 ){
# 2215|->     fprintf(err,"Valid command line options for \"%s\" are:\n",*a);
# 2216|       OptPrint();
# 2217|       exit(1);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def12]
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘tplt_open’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c:3793:8: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*tpltname’
/usr/include/stdio.h:264:14: note: argument 1 of ‘fopen’ must be a pointer to a null-terminated string
# 3791|       return 0;
# 3792|     }
# 3793|->   in = fopen(tpltname,"rb");
# 3794|     if( in==0 ){
# 3795|       fprintf(stderr,"Can't open the template file \"%s\".\n",tpltname);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def13]
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c:12: included_from: Included from here.
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Symbol_new’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c:5536:24: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘x’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c:5536:16: note: in expansion of macro ‘ISUPPER’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c:5536:16: note: in expansion of macro ‘ISUPPER’
# 5534|       MemoryCheck(sp);
# 5535|       sp->name = Strsafe(x);
# 5536|->     sp->type = ISUPPER(*x) ? TERMINAL : NONTERMINAL;
# 5537|       sp->rule = 0;
# 5538|       sp->fallback = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def14]
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Configtable_insert’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c:5989:29: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Configtable_insert’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Configtable_insert’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Configtable_insert’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Configtable_insert’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Configtable_insert’
# 5987|       array.ht = (x4node**)&(array.tbl[arrSize]);
# 5988|       for(i=0; i<arrSize; i++) array.ht[i] = 0;
# 5989|->     for(i=0; i<x4a->count; i++){
# 5990|         x4node *oldnp, *newnp;
# 5991|         oldnp = &(x4a->tbl[i]);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def15]
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c:5994:43: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Configtable_insert’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Configtable_insert’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Configtable_insert’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Configtable_insert’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Configtable_insert’
# 5992|         h = confighash(oldnp->data) & (arrSize-1);
# 5993|         newnp = &(array.tbl[i]);
# 5994|->       if( array.ht[h] ) array.ht[h]->from = &(newnp->next);
# 5995|         newnp->next = array.ht[h];
# 5996|         newnp->data = oldnp->data;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def16]
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c:6006:37: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Configtable_insert’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Configtable_insert’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Configtable_insert’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Configtable_insert’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Configtable_insert’
# 6004|     np = &(x4a->tbl[x4a->count++]);
# 6005|     np->data = data;
# 6006|->   if( x4a->ht[h] ) x4a->ht[h]->from = &(np->next);
# 6007|     np->next = x4a->ht[h];
# 6008|     x4a->ht[h] = np;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def17]
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c:6009:19: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Configtable_insert’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Configtable_insert’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Configtable_insert’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Configtable_insert’
sqlite-3.47.0-build/sqlite-src-3470000/tool/lemon.c: scope_hint: In function ‘Configtable_insert’
# 6007|     np->next = x4a->ht[h];
# 6008|     x4a->ht[h] = np;
# 6009|->   np->from = &(x4a->ht[h]);
# 6010|     return 1;
# 6011|   }

Error: COMPILER_WARNING (CWE-563): [#def18]
sqlite-3.47.0-build/sqlite-src-3470000/tool/sqldiff.c: scope_hint: In function 'all_tables_sql'
sqlite-3.47.0-build/sqlite-src-3470000/tool/sqldiff.c:1823:9: warning[-Wunused-but-set-variable]: variable 'rc' set but not used
# 1823 |     int rc;
#      |         ^~
# 1821|   const char *all_tables_sql(){
# 1822|     if( g.bHandleVtab ){
# 1823|->     int rc;
# 1824|     
# 1825|       rc = sqlite3_exec(g.db,
Scan Properties

analyzer-version-clippy	1.82.0
analyzer-version-cppcheck	2.16.0
analyzer-version-gcc	14.2.1
analyzer-version-gcc-analyzer	15.0.0
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-12.us-west-2.compute.internal
mock-config	fedora-rawhide-gcc-latest-x86_64
project-name	sqlite-3.47.0-1.fc42
store-results-to	/tmp/tmp78my4ja4/sqlite-3.47.0-1.fc42.tar.xz
time-created	2024-11-13 03:30:29
time-finished	2024-11-13 03:41:04
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmp78my4ja4/sqlite-3.47.0-1.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmp78my4ja4/sqlite-3.47.0-1.fc42.src.rpm'
tool-version	csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9