xz-5.6.3-2.fc42

List of Findings

Error: SHELLCHECK_WARNING (CWE-758): [#def1]
/etc/profile.d/colorxzgrep.sh:1:1: error[SC2148]: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
#    1|-> /usr/libexec/grepconf.sh -c || return
#    2|   alias xzgrep='xzgrep --color=auto' 2>/dev/null
#    3|   alias xzegrep='xzegrep --color=auto' 2>/dev/null

Error: SHELLCHECK_WARNING (CWE-569): [#def2]
/usr/bin/xzdiff:66:25: warning[SC2188]: This redirection doesn't have a command. Move to its command (or use 'true' as no-op).
#   64|   
#   65|   for file; do
#   66|->   test "X$file" = X- || <"$file" || exit 2
#   67|   done
#   68|   

Error: SHELLCHECK_WARNING (CWE-563): [#def3]
/usr/bin/xzdiff:103:7: warning[SC2034]: FILE appears unused. Verify use (or export if used externally).
#  101|         FILE=`expr "X$1" : 'X\(.*[-.]t\)zo$'`ar;;
#  102|       *.tzst)
#  103|->       FILE=`expr "X$1" : 'X\(.*[-.]t\)zst$'`ar;;
#  104|     esac
#  105|     xz_status=$(

Error: SHELLCHECK_WARNING (CWE-569): [#def4]
/usr/bin/xzless:48:30: warning[SC2089]: Quotes/backslashes will be treated literally. Rewrite using set/"$@" or functions.
#   46|   	nl='
#   47|   '
#   48|-> 	LESSMETACHARS="$space$tab$nl'"';*?"()<>[|&^`#\$%=~'
#   49|   fi
#   50|   

Error: SHELLCHECK_WARNING (CWE-569): [#def5]
/usr/bin/xzless:72:8: warning[SC2090]: Quotes/backslashes in this variable will not be respected.
#   70|   fi
#   71|   
#   72|-> export LESSMETACHARS LESSOPEN
#   73|   
#   74|   exec less $SHOW_PREPROC_ERRORS "$@"

Error: SHELLCHECK_WARNING (CWE-398): [#def6]
/usr/bin/xzmore:47:46: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names.
#   45|   fi
#   46|   if test $? -eq 0 && test -n "$oldtty"; then
#   47|-> 	trap 'stty $oldtty 2>/dev/null; exit' 0 2 3 5 10 13 15
#   48|   else
#   49|   	trap 'stty $ncb echo 2>/dev/null; exit' 0 2 3 5 10 13 15

Error: SHELLCHECK_WARNING (CWE-398): [#def7]
/usr/bin/xzmore:47:48: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names.
#   45|   fi
#   46|   if test $? -eq 0 && test -n "$oldtty"; then
#   47|-> 	trap 'stty $oldtty 2>/dev/null; exit' 0 2 3 5 10 13 15
#   48|   else
#   49|   	trap 'stty $ncb echo 2>/dev/null; exit' 0 2 3 5 10 13 15

Error: SHELLCHECK_WARNING (CWE-398): [#def8]
/usr/bin/xzmore:47:51: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names.
#   45|   fi
#   46|   if test $? -eq 0 && test -n "$oldtty"; then
#   47|-> 	trap 'stty $oldtty 2>/dev/null; exit' 0 2 3 5 10 13 15
#   48|   else
#   49|   	trap 'stty $ncb echo 2>/dev/null; exit' 0 2 3 5 10 13 15

Error: SHELLCHECK_WARNING (CWE-398): [#def9]
/usr/bin/xzmore:49:48: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names.
#   47|   	trap 'stty $oldtty 2>/dev/null; exit' 0 2 3 5 10 13 15
#   48|   else
#   49|-> 	trap 'stty $ncb echo 2>/dev/null; exit' 0 2 3 5 10 13 15
#   50|   fi
#   51|   

Error: SHELLCHECK_WARNING (CWE-398): [#def10]
/usr/bin/xzmore:49:50: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names.
#   47|   	trap 'stty $oldtty 2>/dev/null; exit' 0 2 3 5 10 13 15
#   48|   else
#   49|-> 	trap 'stty $ncb echo 2>/dev/null; exit' 0 2 3 5 10 13 15
#   50|   fi
#   51|   

Error: SHELLCHECK_WARNING (CWE-398): [#def11]
/usr/bin/xzmore:49:53: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names.
#   47|   	trap 'stty $oldtty 2>/dev/null; exit' 0 2 3 5 10 13 15
#   48|   else
#   49|-> 	trap 'stty $ncb echo 2>/dev/null; exit' 0 2 3 5 10 13 15
#   50|   fi
#   51|   

Error: SHELLCHECK_WARNING (CWE-569): [#def12]
/usr/bin/xzmore:61:3: warning[SC2188]: This redirection doesn't have a command. Move to its command (or use 'true' as no-op).
#   59|   	FIRST=1
#   60|   	for FILE; do
#   61|-> 		< "$FILE" || continue
#   62|   		if test $FIRST -eq 0; then
#   63|   			printf "%s--More--(Next file: %s)" "" "$FILE"

Error: GCC_ANALYZER_WARNING (CWE-775): [#def13]
xz-5.6.3-build/xz-5.6.3/src/common/tuklib_open_stdxxx.c: scope_hint: In function ‘tuklib_open_stdxxx’
xz-5.6.3-build/xz-5.6.3/src/common/tuklib_open_stdxxx.c:40:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", <unknown>)’
#   38|   					| (i == 0 ? O_WRONLY : O_RDONLY));
#   39|   
#   40|-> 			if (fd != i) {
#   41|   				if (fd != -1)
#   42|   					(void)close(fd);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def14]
xz-5.6.3-build/xz-5.6.3/src/liblzma/common/index.c:318:32: warning[-Wanalyzer-null-dereference]: dereference of NULL 'result'
xz-5.6.3-build/xz-5.6.3/src/liblzma/common/index.c: scope_hint: In function 'lzma_index_iter_locate'
xz-5.6.3-build/xz-5.6.3/src/liblzma/common/index.c: scope_hint: In function 'lzma_index_iter_locate'
#  316|   {
#  317|   	const index_tree_node *result = NULL;
#  318|-> 	const index_tree_node *node = tree->root;
#  319|   
#  320|   	assert(tree->leftmost == NULL

Error: GCC_ANALYZER_WARNING (CWE-476): [#def15]
xz-5.6.3-build/xz-5.6.3/src/liblzma/common/index.c: scope_hint: In function 'lzma_index_iter_locate'
xz-5.6.3-build/xz-5.6.3/src/liblzma/common/index.c:1251:16: warning[-Wanalyzer-null-dereference]: dereference of NULL 'result'
xz-5.6.3-build/xz-5.6.3/src/liblzma/common/index.c: scope_hint: In function 'lzma_index_iter_locate'
# 1249|   	// we don't want to return them.
# 1250|   	size_t left = 0;
# 1251|-> 	size_t right = group->last;
# 1252|   
# 1253|   	while (left < right) {

Error: CPPCHECK_WARNING (CWE-457): [#def16]
xz-5.6.3-build/xz-5.6.3/src/liblzma/common/stream_decoder.c:218: error[uninitvar]: Uninitialized variable: filters
#  216|   
#  217|   		// Check the memory usage limit.
#  218|-> 		const uint64_t memusage = lzma_raw_decoder_memusage(filters);
#  219|   		lzma_ret ret;
#  220|   

Error: CPPCHECK_WARNING (CWE-562): [#def17]
xz-5.6.3-build/xz-5.6.3/src/xzdec/xzdec.c:197: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
#  195|   
#  196|   	strm->avail_in = 0;
#  197|-> 	strm->next_out = out_buf;
#  198|   	strm->avail_out = BUFSIZ;
#  199|   

Error: CPPCHECK_WARNING (CWE-562): [#def18]
xz-5.6.3-build/xz-5.6.3/src/xzdec/xzdec.c:204: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
#  202|   	while (true) {
#  203|   		if (strm->avail_in == 0) {
#  204|-> 			strm->next_in = in_buf;
#  205|   			strm->avail_in = fread(in_buf, 1, BUFSIZ, file);
#  206|   

Error: CPPCHECK_WARNING (CWE-562): [#def19]
xz-5.6.3-build/xz-5.6.3/src/xzdec/xzdec.c:242: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
#  240|   			}
#  241|   
#  242|-> 			strm->next_out = out_buf;
#  243|   			strm->avail_out = BUFSIZ;
#  244|   		}

Scan Properties

analyzer-version-clippy	1.82.0
analyzer-version-cppcheck	2.16.0
analyzer-version-gcc	14.2.1
analyzer-version-gcc-analyzer	15.0.0
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-30.us-west-2.compute.internal
mock-config	fedora-rawhide-gcc-latest-x86_64
project-name	xz-5.6.3-2.fc42
store-results-to	/tmp/tmpzvm9ds0p/xz-5.6.3-2.fc42.tar.xz
time-created	2024-11-13 03:41:14
time-finished	2024-11-13 03:43:05
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'clippy,cppcheck,gcc,unicontrol,shellcheck' '-o' '/tmp/tmpzvm9ds0p/xz-5.6.3-2.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpzvm9ds0p/xz-5.6.3-2.fc42.src.rpm'
tool-version	csmock-3.7.1.20241107.094801.gb3f0f26.pr_192-1.el9