389-ds-base-3.1.2-5.fc43

List of Findings

Error: SHELLCHECK_WARNING (CWE-563): [#def1]
/usr/lib64/dirsrv/bin/jemalloc-config:27:1: warning[SC2034]: prefix appears unused. Verify use (or export if used externally).
#   25|   }
#   26|   
#   27|-> prefix="/usr"
#   28|   exec_prefix="/usr"
#   29|   

Error: SHELLCHECK_WARNING (CWE-563): [#def2]
/usr/lib64/dirsrv/bin/jemalloc-config:28:1: warning[SC2034]: exec_prefix appears unused. Verify use (or export if used externally).
#   26|   
#   27|   prefix="/usr"
#   28|-> exec_prefix="/usr"
#   29|   
#   30|   case "$1" in

Error: SHELLCHECK_WARNING (CWE-563): [#def3]
/usr/lib64/dirsrv/bin/jemalloc.sh:3:1: warning[SC2034]: prefix appears unused. Verify use (or export if used externally).
#    1|   #!/usr/bin/sh
#    2|   
#    3|-> prefix=/usr
#    4|   exec_prefix=/usr
#    5|   libdir=/usr/lib64/dirsrv/lib

Error: SHELLCHECK_WARNING (CWE-563): [#def4]
/usr/lib64/dirsrv/bin/jemalloc.sh:4:1: warning[SC2034]: exec_prefix appears unused. Verify use (or export if used externally).
#    2|   
#    3|   prefix=/usr
#    4|-> exec_prefix=/usr
#    5|   libdir=/usr/lib64/dirsrv/lib
#    6|   

Error: CPPCHECK_WARNING (CWE-457): [#def5]
389-ds-base-3.1.2/ldap/servers/plugins/deref/deref.c:645: warning[uninitvar]: Uninitialized variable: sv
#  643|                               idx = slapi_valueset_first_value(results, &sv);
#  644|                           }
#  645|->                         for (; results && sv; idx = slapi_valueset_next_value(results, idx, &sv)) {
#  646|                               const struct berval *bv = slapi_value_get_berval(sv);
#  647|                               if (needattrvals) {

Error: CPPCHECK_WARNING (CWE-457): [#def6]
389-ds-base-3.1.2/ldap/servers/plugins/deref/deref.c:747: warning[uninitvar]: Uninitialized variable: sv
#  745|               idx = slapi_valueset_first_value(results, &sv);
#  746|           }
#  747|->         for (; results && sv; idx = slapi_valueset_next_value(results, idx, &sv)) {
#  748|               const char *derefdn = slapi_value_get_string(sv);
#  749|   

Error: CPPCHECK_WARNING (CWE-476): [#def7]
389-ds-base-3.1.2/ldap/servers/plugins/replication/repl5_ruv.c:1025: warning[nullPointer]: Possible null pointer dereference: bv
# 1023|                       ruvelem->csn == NULL ? "" : csn_as_string(ruvelem->csn, PR_FALSE, csnStr2));
# 1024|       } else {
# 1025|->         bv->bv_val = slapi_ch_smprintf(fmtstr,
# 1026|                                          prefix_ruvcsn, ruvelem->rid,
# 1027|                                          ruvelem->replica_purl == NULL ? "" : " ",

Error: CPPCHECK_WARNING (CWE-476): [#def8]
389-ds-base-3.1.2/ldap/servers/plugins/replication/repl5_ruv.c:1033: warning[nullPointer]: Possible null pointer dereference: bv
# 1031|                                          ruvelem->csn == NULL ? "" : " ",
# 1032|                                          ruvelem->csn == NULL ? "" : csn_as_string(ruvelem->csn, PR_FALSE, csnStr2));
# 1033|->         bv->bv_len = strlen(bv->bv_val);
# 1034|       }
# 1035|   }

Error: COMPILER_WARNING: [#def9]
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/cache.c:539:20: warning[-Wstringop-overflow=]: writing 1 byte into a region of size 0
#  539 |         *(char*)23 = 1;   /* abort() somehow corrupt gdb stack backtrace so lets generate a SIGSEGV */
#      |                    ^
lto1: note: destination object is likely at address zero
#  537|   #pragma GCC diagnostic ignored "-Warray-bounds="
#  538|   #pragma GCC diagnostic ignored "-Wstringop-overflow="
#  539|->         *(char*)23 = 1;   /* abort() somehow corrupt gdb stack backtrace so lets generate a SIGSEGV */
#  540|   #pragma GCC diagnostic pop
#  541|           abort();

Error: CPPCHECK_WARNING (CWE-476): [#def10]
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_ldif2db.c:428: error[ctunullpointer]: Null pointer dereference: include
#  426|       slapi_sdn_init(&sdn);
#  427|       /* for each subtree spec... */
#  428|->     for (i = 0; include[i]; i++) {
#  429|           IDList *idl = NULL;
#  430|           const char *suffix = slapi_sdn_get_ndn(slapi_be_getsuffix(be, 0));

Error: CPPCHECK_WARNING (CWE-476): [#def11]
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_ldif2db.c:428: warning[nullPointer]: Possible null pointer dereference: include
#  426|       slapi_sdn_init(&sdn);
#  427|       /* for each subtree spec... */
#  428|->     for (i = 0; include[i]; i++) {
#  429|           IDList *idl = NULL;
#  430|           const char *suffix = slapi_sdn_get_ndn(slapi_be_getsuffix(be, 0));

Error: GCC_ANALYZER_WARNING (CWE-121): [#def12]
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:89:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:158:1: enter_function: entry to 'bdb_verify'
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:178:8: branch_false: following 'false' branch...
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:184:5: branch_false: ...to here
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:185:8: branch_true: following 'true' branch...
 branch_true: ...to here
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:188:36: branch_true: following 'true' branch...
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:189:20: branch_true: ...to here
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:190:16: branch_true: following 'true' branch...
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:191:21: branch_true: ...to here
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:196:30: call_function: calling 'bdb_dbverify_ext' from 'bdb_verify'
#   87|                                                           it must have it */
#   88|               if (p)
#   89|->                 *p = '\0';
#   90|               ainfo_get(inst->inst_be, filep + 1, &ai);
#   91|               if (p)

Error: GCC_ANALYZER_WARNING (CWE-121): [#def13]
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:92:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:158:1: enter_function: entry to 'bdb_verify'
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:178:8: branch_false: following 'false' branch...
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:184:5: branch_false: ...to here
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:185:8: branch_true: following 'true' branch...
 branch_true: ...to here
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:188:36: branch_true: following 'true' branch...
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:189:20: branch_true: ...to here
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:190:16: branch_true: following 'true' branch...
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:191:21: branch_true: ...to here
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:196:30: call_function: calling 'bdb_dbverify_ext' from 'bdb_verify'
#   90|               ainfo_get(inst->inst_be, filep + 1, &ai);
#   91|               if (p)
#   92|->                 *p = '.';
#   93|               if (ai->ai_key_cmp_fn) {
#   94|                   dbp->app_private = (void *)ai->ai_key_cmp_fn;

Error: GCC_ANALYZER_WARNING (CWE-121): [#def14]
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:150:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:158:1: enter_function: entry to 'bdb_verify'
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:178:8: branch_false: following 'false' branch...
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:184:5: branch_false: ...to here
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:185:8: branch_true: following 'true' branch...
 branch_true: ...to here
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:188:36: branch_true: following 'true' branch...
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:189:20: branch_true: ...to here
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:190:16: branch_true: following 'true' branch...
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:191:21: branch_true: ...to here
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/db-bdb/bdb_verify.c:196:30: call_function: calling 'bdb_dbverify_ext' from 'bdb_verify'
#  148|           }
#  149|           rval_main |= rval;
#  150|->         *filep = '\0';
#  151|       }
#  152|       PR_CloseDir(dirhandle);

Error: GCC_ANALYZER_WARNING (CWE-835): [#def15]
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/index.c:845:12: warning[-Wanalyzer-infinite-loop]: infinite loop
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/index.c:2043:1: enter_function: entry to 'index_addordel_values_ext_sv'
#  843|       unsigned char *endptin = ptin+data->bv_len;
#  844|   
#  845|->     while (ptin < endptin) {
#  846|           if (ptout >= endbuff) {
#  847|               /*

Error: COMPILER_WARNING (CWE-457): [#def16]
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/ldbm_delete.c: scope_hint: In function 'ldbm_back_delete'
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/ldbm_delete.c:1535:16: warning[-Wmaybe-uninitialized]: 'is_internal' may be used uninitialized
# 1535 |             if (!is_internal) {
#      |                ^
389-ds-base-3.1.2/ldap/servers/slapd/back-ldbm/ldbm_delete.c:60:9: note: 'is_internal' was declared here
#   60 |     int is_internal;
#      |         ^~~~~~~~~~~
# 1533|               int deferred;
# 1534|   
# 1535|->             if (!is_internal) {
# 1536|                   slapi_pblock_get(pb, SLAPI_DEFERRED_MEMBEROF, &deferred);
# 1537|                   if (deferred) {

Error: CPPCHECK_WARNING (CWE-476): [#def17]
389-ds-base-3.1.2/ldap/servers/slapd/dn.c:310: warning[nullPointer]: Possible null pointer dereference: L
#  308|                           } /* if ( SEPARATOR( R[1] )) */
#  309|                       }     /* for */
#  310|->                     memmove(value, L, d - L + escape_skips);
#  311|                       *d++ = '"'; /* closing quote */
#  312|                   }               /* if (value_separator == dn) */

Error: CPPCHECK_WARNING (CWE-457): [#def18]
389-ds-base-3.1.2/ldap/servers/slapd/plugin.c:3142: warning[uninitvar]: Uninitialized variable: output
# 3140|       }
# 3141|   
# 3142|->     return slapi_ch_strdup(output);
# 3143|   }
# 3144|   

Error: CPPCHECK_WARNING (CWE-401): [#def19]
389-ds-base-3.1.2/ldap/servers/slapd/tools/dbscan.c:787: error[memleakOnRealloc]: Common realloc mistake: 'buf' nulled but not freed upon failure
#  785|       if (buflen < tmpbuflen) {
#  786|           buflen = tmpbuflen;
#  787|->         buf = (unsigned char *)realloc(buf, buflen);
#  788|       }
#  789|       if (!buf) {

Error: CPPCHECK_WARNING (CWE-476): [#def20]
389-ds-base-3.1.2/ldap/servers/slapd/tools/ldclt/ldapfct.c:1204: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: p
# 1202|           ldcltExit(EXIT_RESSOURCE); /*JLS 18-12-00*/
# 1203|       }                              /*JLS 06-03-00*/
# 1204|->     p[0] = str1;
# 1205|       p[1] = NULL;
# 1206|       return (p);

Error: CPPCHECK_WARNING (CWE-476): [#def21]
389-ds-base-3.1.2/ldap/servers/slapd/tools/ldclt/ldapfct.c:1205: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: p
# 1203|       }                              /*JLS 06-03-00*/
# 1204|       p[0] = str1;
# 1205|->     p[1] = NULL;
# 1206|       return (p);
# 1207|   }

Error: CPPCHECK_WARNING (CWE-119): [#def22]
389-ds-base-3.1.2/ldap/servers/slapd/uuid.c:814: error[bufferAccessOutOfBounds]: Buffer is accessed out of bounds: hash
#  812|       * plus a few constants. */
#  813|   
#  814|->     memcpy(uuid, hash, sizeof(guid_t));
#  815|   
#  816|       /* when migrating, we skip the ntohl in order to read in old,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def23]
389-ds-base-3.1.2/ldap/servers/snmp/ldap-agent.c:206:9: warning[-Wanalyzer-malloc-leak]: leak of ‘stats_table_create_row((long unsigned int)*serv_p.port)’
389-ds-base-3.1.2/ldap/servers/snmp/ldap-agent.c:47:1: enter_function: entry to ‘init_ldap_agent’
389-ds-base-3.1.2/ldap/servers/snmp/ldap-agent.c:56:32: branch_true: following ‘true’ branch (when ‘serv_p’ is non-NULL)...
389-ds-base-3.1.2/ldap/servers/snmp/ldap-agent.c:58:34: branch_true: ...to here
389-ds-base-3.1.2/ldap/servers/snmp/ldap-agent.c:62:28: call_function: calling ‘stats_table_create_row’ from ‘init_ldap_agent’
389-ds-base-3.1.2/ldap/servers/snmp/ldap-agent.c:62:28: return_function: returning to ‘init_ldap_agent’ from ‘stats_table_create_row’
389-ds-base-3.1.2/ldap/servers/snmp/ldap-agent.c:62:16: branch_true: following ‘true’ branch...
389-ds-base-3.1.2/ldap/servers/snmp/ldap-agent.c:64:17: branch_true: ...to here
389-ds-base-3.1.2/ldap/servers/snmp/ldap-agent.c:206:9: danger: ‘stats_table_create_row((long unsigned int)*serv_p.port)’ leaks here; was allocated at [(6)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/5)
#  204|       oid *index_oid = (oid *)malloc(sizeof(oid) * MAX_OID_LEN);
#  205|   
#  206|->     if (!ctx || !index_oid) {
#  207|           /* Error during malloc */
#  208|           snmp_log(LOG_ERR, "malloc failed in stats_table_create_row\n");

Error: CPPCHECK_WARNING (CWE-682): [#def24]
389-ds-base-3.1.2/lib/ldaputil/dbconf.c:655: error[nullPointerArithmeticOutOfMemory]: If memory allocation fail: pointer addition with NULL pointer.
#  653|   
#  654|       dbnames = (char **)malloc(32 * 1024);
#  655|->     heap = (char *)dbnames + 2 * 1024;
#  656|   
#  657|       if (!dbnames) {

Error: CPPCHECK_WARNING (CWE-457): [#def25]
389-ds-base-3.1.2/lib/libaccess/acleval.cpp:95: warning[uninitvar]: Uninitialized variable: rv
#   93|   
#   94|       /* One more possibility if nothing found yet... */
#   95|->     if (rv) {
#   96|   	rv = symTableFindSym(table, "*", 0, (void **)&sym);
#   97|       }

Error: CPPCHECK_WARNING (CWE-476): [#def26]
389-ds-base-3.1.2/lib/libsi18n/reshash.c:51: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: pvalue
#   49|       }
#   50|       pvalue = (ValueNode *)malloc(sizeof(ValueNode));
#   51|->     memset(pvalue, 0, sizeof(ValueNode));
#   52|   
#   53|       prev->next = pvalue;

Error: CPPCHECK_WARNING (CWE-476): [#def27]
389-ds-base-3.1.2/lib/libsi18n/reshash.c:55: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: pvalue
#   53|       prev->next = pvalue;
#   54|   
#   55|->     pvalue->language = strdup(language);
#   56|       pvalue->value = strdup(value);
#   57|       return 0;

Error: CPPCHECK_WARNING (CWE-476): [#def28]
389-ds-base-3.1.2/lib/libsi18n/reshash.c:56: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: pvalue
#   54|   
#   55|       pvalue->language = strdup(language);
#   56|->     pvalue->value = strdup(value);
#   57|       return 0;
#   58|   }

Error: CPPCHECK_WARNING (CWE-476): [#def29]
389-ds-base-3.1.2/lib/libsi18n/reshash.c:152: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: node
#  150|                */
#  151|               node = (TreeNode *)malloc(sizeof(TreeNode));
#  152|->             memset(node, 0, sizeof(TreeNode));
#  153|               vnode = (ValueNode *)malloc(sizeof(ValueNode));
#  154|               memset(vnode, 0, sizeof(ValueNode));

Error: CPPCHECK_WARNING (CWE-476): [#def30]
389-ds-base-3.1.2/lib/libsi18n/reshash.c:154: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: vnode
#  152|               memset(node, 0, sizeof(TreeNode));
#  153|               vnode = (ValueNode *)malloc(sizeof(ValueNode));
#  154|->             memset(vnode, 0, sizeof(ValueNode));
#  155|               node->vlist = vnode;
#  156|   

Error: CPPCHECK_WARNING (CWE-476): [#def31]
389-ds-base-3.1.2/lib/libsi18n/reshash.c:155: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: node
#  153|               vnode = (ValueNode *)malloc(sizeof(ValueNode));
#  154|               memset(vnode, 0, sizeof(ValueNode));
#  155|->             node->vlist = vnode;
#  156|   
#  157|               res->right = node;

Error: CPPCHECK_WARNING (CWE-476): [#def32]
389-ds-base-3.1.2/lib/libsi18n/reshash.c:160: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: node
#  158|   
#  159|               /* assign value to node */
#  160|->             node->key = strdup(key);
#  161|               if (language == NULL)
#  162|                   node->value = strdup(value);

Error: CPPCHECK_WARNING (CWE-476): [#def33]
389-ds-base-3.1.2/lib/libsi18n/reshash.c:162: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: node
#  160|               node->key = strdup(key);
#  161|               if (language == NULL)
#  162|->                 node->value = strdup(value);
#  163|               else
#  164|                   ValueAddLanguageItem(node->vlist, value, language);

Error: CPPCHECK_WARNING (CWE-476): [#def34]
389-ds-base-3.1.2/lib/libsi18n/reshash.c:164: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: node
#  162|                   node->value = strdup(value);
#  163|               else
#  164|->                 ValueAddLanguageItem(node->vlist, value, language);
#  165|           } else {
#  166|               return TreeAddItem(res->right, key, value, language);

Error: CPPCHECK_WARNING (CWE-476): [#def35]
389-ds-base-3.1.2/lib/libsi18n/reshash.c:171: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: node
#  169|           if (res->left == NULL) {
#  170|               node = (TreeNode *)malloc(sizeof(TreeNode));
#  171|->             memset(node, 0, sizeof(TreeNode));
#  172|               vnode = (ValueNode *)malloc(sizeof(ValueNode));
#  173|               memset(vnode, 0, sizeof(ValueNode));

Error: CPPCHECK_WARNING (CWE-476): [#def36]
389-ds-base-3.1.2/lib/libsi18n/reshash.c:173: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: vnode
#  171|               memset(node, 0, sizeof(TreeNode));
#  172|               vnode = (ValueNode *)malloc(sizeof(ValueNode));
#  173|->             memset(vnode, 0, sizeof(ValueNode));
#  174|               node->vlist = vnode;
#  175|   

Error: CPPCHECK_WARNING (CWE-476): [#def37]
389-ds-base-3.1.2/lib/libsi18n/reshash.c:174: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: node
#  172|               vnode = (ValueNode *)malloc(sizeof(ValueNode));
#  173|               memset(vnode, 0, sizeof(ValueNode));
#  174|->             node->vlist = vnode;
#  175|   
#  176|               res->left = node;

Error: CPPCHECK_WARNING (CWE-476): [#def38]
389-ds-base-3.1.2/lib/libsi18n/reshash.c:179: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: node
#  177|   
#  178|               /* assign value to node */
#  179|->             node->key = strdup(key);
#  180|               if (language == NULL)
#  181|                   node->value = strdup(value);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def39]
jemalloc-5.3.0/include/jemalloc/internal/arena_inlines_a.h:6:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
jemalloc-5.3.0/src/tcache.c:978:1: enter_function: entry to ‘tcaches_destroy’
jemalloc-5.3.0/src/tcache.c:981:28: call_function: inlined call to ‘tcaches_elm_remove’ from ‘tcaches_destroy’
jemalloc-5.3.0/src/tcache.c:982:9: branch_false: ...to here
jemalloc-5.3.0/src/tcache.c:985:12: branch_true: following ‘true’ branch...
jemalloc-5.3.0/src/tcache.c:986:17: branch_true: ...to here
jemalloc-5.3.0/src/tcache.c:986:17: call_function: calling ‘tcache_destroy’ from ‘tcaches_destroy’
#    4|   static inline unsigned
#    5|   arena_ind_get(const arena_t *arena) {
#    6|-> 	return arena->ind;
#    7|   }
#    8|   

Error: CPPCHECK_WARNING (CWE-786): [#def40]
jemalloc-5.3.0/include/jemalloc/internal/rtree.h:404: error[negativeIndex]: Array 'rtree_ctx->l2_cache[8]' accessed at index -1, which is out of bounds.
#  402|   } while (0)
#  403|   	/* Check the first cache entry. */
#  404|-> 	RTREE_CACHE_CHECK_L2(0);
#  405|   	/* Search the remaining cache elements. */
#  406|   	for (unsigned i = 1; i < RTREE_CTX_NCACHE_L2; i++) {

Error: GCC_ANALYZER_WARNING (CWE-457): [#def41]
jemalloc-5.3.0/src/ctl.c:3905:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘&t_old’
jemalloc-5.3.0/src/ctl.c:3905:9: branch_true: following ‘true’ branch...
jemalloc-5.3.0/src/ctl.c:3905:9: danger: use of uninitialized value ‘&t_old’ here
# 3903|   
# 3904|   	activity_callback_thunk_t t_old = tsd_activity_callback_thunk_get(tsd);
# 3905|-> 	READ(t_old, activity_callback_thunk_t);
# 3906|   
# 3907|   	if (newp != NULL) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def42]
jemalloc-5.3.0/src/extent.c:869:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘coalesced’
jemalloc-5.3.0/src/extent.c:1028:1: enter_function: entry to ‘extent_dalloc_wrapper’
jemalloc-5.3.0/src/extent.c:1076:9: call_function: calling ‘extent_record’ from ‘extent_dalloc_wrapper’
#  867|   
#  868|   	if (ecache->delay_coalesce) {
#  869|-> 		*coalesced = false;
#  870|   	}
#  871|   	return edata;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def43]
jemalloc-5.3.0/src/hook.c:15:1: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘buf[i]’
jemalloc-5.3.0/src/hook.c:73:1: enter_function: entry to ‘hook_remove’
jemalloc-5.3.0/src/hook.c:82:9: call_function: calling ‘hook_remove_locked’ from ‘hook_remove’
#   13|   };
#   14|   
#   15|-> seq_define(hooks_internal_t, hooks)
#   16|   
#   17|   static atomic_u_t nhooks = ATOMIC_INIT(0);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def44]
jemalloc-5.3.0/src/hook.c:34:22: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘hooks_internal.in_use’
jemalloc-5.3.0/src/hook.c:48:1: enter_function: entry to ‘hook_install’
jemalloc-5.3.0/src/hook.c:49:9: call_function: calling ‘malloc_mutex_lock’ from ‘hook_install’
jemalloc-5.3.0/src/hook.c:49:9: return_function: returning to ‘hook_install’ from ‘malloc_mutex_lock’
jemalloc-5.3.0/src/hook.c:50:21: call_function: calling ‘hook_install_locked’ from ‘hook_install’
#   32|   		/* We hold mu; no concurrent access. */
#   33|   		assert(success);
#   34|-> 		if (!hooks_internal.in_use) {
#   35|   			hooks_internal.hooks = *to_install;
#   36|   			hooks_internal.in_use = true;

Error: GCC_ANALYZER_WARNING (CWE-126): [#def45]
jemalloc-5.3.0/src/log.c:16:35: warning[-Wanalyzer-out-of-bounds]: buffer over-read
jemalloc-5.3.0/src/log.c:44:1: enter_function: entry to ‘log_var_update_state’
jemalloc-5.3.0/src/log.c:55:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
jemalloc-5.3.0/src/log.c:60:43: call_function: inlined call to ‘log_var_extract_segment’ from ‘log_var_update_state’
jemalloc-5.3.0/src/log.c:63:21: branch_false: ...to here
jemalloc-5.3.0/src/log.c:63:21: call_function: calling ‘log_var_matches_segment’ from ‘log_var_update_state’
jemalloc-5.3.0/src/log.c:63:21: return_function: returning to ‘log_var_update_state’ from ‘log_var_matches_segment’
jemalloc-5.3.0/src/log.c:63:20: branch_false: following ‘false’ branch...
jemalloc-5.3.0/src/log.c:69:20: branch_false: ...to here
jemalloc-5.3.0/src/log.c:69:20: branch_false: following ‘false’ branch...
jemalloc-5.3.0/src/log.c:76:17: branch_false: ...to here
jemalloc-5.3.0/src/log.c:60:43: call_function: inlined call to ‘log_var_extract_segment’ from ‘log_var_update_state’
#   14|   log_var_extract_segment(const char* segment_begin) {
#   15|   	const char *end;
#   16|-> 	for (end = segment_begin; *end != '\0' && *end != '|'; end++) {
#   17|   	}
#   18|   	return end;

Error: GCC_ANALYZER_WARNING (CWE-126): [#def46]
jemalloc-5.3.0/src/log.c:30:33: warning[-Wanalyzer-out-of-bounds]: buffer over-read
jemalloc-5.3.0/src/log.c:44:1: enter_function: entry to ‘log_var_update_state’
jemalloc-5.3.0/src/log.c:55:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
jemalloc-5.3.0/src/log.c:60:43: call_function: inlined call to ‘log_var_extract_segment’ from ‘log_var_update_state’
jemalloc-5.3.0/src/log.c:63:21: branch_false: ...to here
jemalloc-5.3.0/src/log.c:63:21: call_function: calling ‘log_var_matches_segment’ from ‘log_var_update_state’
jemalloc-5.3.0/src/log.c:63:21: return_function: returning to ‘log_var_update_state’ from ‘log_var_matches_segment’
jemalloc-5.3.0/src/log.c:63:20: branch_false: following ‘false’ branch...
jemalloc-5.3.0/src/log.c:69:20: branch_false: ...to here
jemalloc-5.3.0/src/log.c:69:20: branch_false: following ‘false’ branch...
jemalloc-5.3.0/src/log.c:76:17: branch_false: ...to here
jemalloc-5.3.0/src/log.c:60:43: call_function: inlined call to ‘log_var_extract_segment’ from ‘log_var_update_state’
jemalloc-5.3.0/src/log.c:63:21: branch_false: ...to here
jemalloc-5.3.0/src/log.c:63:21: call_function: calling ‘log_var_matches_segment’ from ‘log_var_update_state’
#   28|   	ptrdiff_t log_var_len = log_var_end - log_var_begin;
#   29|   	/* The special '.' segment matches everything. */
#   30|-> 	if (segment_len == 1 && *segment_begin == '.') {
#   31|   		return true;
#   32|   	}

Error: CPPCHECK_WARNING (CWE-476): [#def47]
jemalloc-5.3.0/src/prof_data.c:70: error[ctunullpointer]: Null pointer dereference: a
#   68|   static int
#   69|   prof_tctx_comp(const prof_tctx_t *a, const prof_tctx_t *b) {
#   70|-> 	uint64_t a_thr_uid = a->thr_uid;
#   71|   	uint64_t b_thr_uid = b->thr_uid;
#   72|   	int ret = (a_thr_uid > b_thr_uid) - (a_thr_uid < b_thr_uid);

Error: CPPCHECK_WARNING (CWE-476): [#def48]
jemalloc-5.3.0/src/prof_data.c:88: error[ctunullpointer]: Null pointer dereference: node
#   86|   }
#   87|   
#   88|-> rb_gen(static UNUSED, tctx_tree_, prof_tctx_tree_t, prof_tctx_t,
#   89|       tctx_link, prof_tctx_comp)
#   90|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def49]
jemalloc-5.3.0/src/prof_data.c:88:1: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘nodep’
jemalloc-5.3.0/src/prof_data.c:1346:1: enter_function: entry to ‘prof_tctx_destroy’
jemalloc-5.3.0/src/prof_data.c:1389:17: call_function: calling ‘tctx_tree_remove’ from ‘prof_tctx_destroy’
#   86|   }
#   87|   
#   88|-> rb_gen(static UNUSED, tctx_tree_, prof_tctx_tree_t, prof_tctx_t,
#   89|       tctx_link, prof_tctx_comp)
#   90|   

Error: GCC_ANALYZER_WARNING (CWE-127): [#def50]
jemalloc-5.3.0/src/prof_data.c:88:1: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
jemalloc-5.3.0/src/prof_data.c:1346:1: enter_function: entry to ‘prof_tctx_destroy’
jemalloc-5.3.0/src/prof_data.c:1389:17: call_function: calling ‘tctx_tree_remove’ from ‘prof_tctx_destroy’
#   86|   }
#   87|   
#   88|-> rb_gen(static UNUSED, tctx_tree_, prof_tctx_tree_t, prof_tctx_t,
#   89|       tctx_link, prof_tctx_comp)
#   90|   

Error: GCC_ANALYZER_WARNING (CWE-124): [#def51]
jemalloc-5.3.0/src/prof_data.c:88:1: warning[-Wanalyzer-out-of-bounds]: stack-based buffer underwrite
jemalloc-5.3.0/src/prof_data.c:1346:1: enter_function: entry to ‘prof_tctx_destroy’
jemalloc-5.3.0/src/prof_data.c:1389:17: call_function: calling ‘tctx_tree_remove’ from ‘prof_tctx_destroy’
#   86|   }
#   87|   
#   88|-> rb_gen(static UNUSED, tctx_tree_, prof_tctx_tree_t, prof_tctx_t,
#   89|       tctx_link, prof_tctx_comp)
#   90|   

Error: CPPCHECK_WARNING (CWE-476): [#def52]
jemalloc-5.3.0/src/prof_data.c:93: error[ctunullpointer]: Null pointer dereference: a
#   91|   static int
#   92|   prof_gctx_comp(const prof_gctx_t *a, const prof_gctx_t *b) {
#   93|-> 	unsigned a_len = a->bt.len;
#   94|   	unsigned b_len = b->bt.len;
#   95|   	unsigned comp_len = (a_len < b_len) ? a_len : b_len;

Error: CPPCHECK_WARNING (CWE-476): [#def53]
jemalloc-5.3.0/src/prof_data.c:103: error[ctunullpointer]: Null pointer dereference: node
#  101|   }
#  102|   
#  103|-> rb_gen(static UNUSED, gctx_tree_, prof_gctx_tree_t, prof_gctx_t, dump_link,
#  104|       prof_gctx_comp)
#  105|   

Error: CPPCHECK_WARNING (CWE-476): [#def54]
jemalloc-5.3.0/src/prof_data.c:109: error[ctunullpointer]: Null pointer dereference: a
#  107|   prof_tdata_comp(const prof_tdata_t *a, const prof_tdata_t *b) {
#  108|   	int ret;
#  109|-> 	uint64_t a_uid = a->thr_uid;
#  110|   	uint64_t b_uid = b->thr_uid;
#  111|   

Error: CPPCHECK_WARNING (CWE-476): [#def55]
jemalloc-5.3.0/src/prof_data.c:122: error[ctunullpointer]: Null pointer dereference: node
#  120|   }
#  121|   
#  122|-> rb_gen(static UNUSED, tdata_tree_, prof_tdata_tree_t, prof_tdata_t, tdata_link,
#  123|       prof_tdata_comp)
#  124|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def56]
jemalloc-5.3.0/src/prof_data.c:122:1: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘nodep’
jemalloc-5.3.0/src/prof_data.c:1243:1: enter_function: entry to ‘prof_tdata_destroy’
jemalloc-5.3.0/src/prof_data.c:1244:9: call_function: calling ‘malloc_mutex_lock’ from ‘prof_tdata_destroy’
jemalloc-5.3.0/src/prof_data.c:1244:9: return_function: returning to ‘prof_tdata_destroy’ from ‘malloc_mutex_lock’
jemalloc-5.3.0/src/prof_data.c:1245:9: call_function: calling ‘prof_tdata_destroy_locked’ from ‘prof_tdata_destroy’
#  120|   }
#  121|   
#  122|-> rb_gen(static UNUSED, tdata_tree_, prof_tdata_tree_t, prof_tdata_t, tdata_link,
#  123|       prof_tdata_comp)
#  124|   

Error: GCC_ANALYZER_WARNING (CWE-127): [#def57]
jemalloc-5.3.0/src/prof_data.c:122:1: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
jemalloc-5.3.0/src/prof_data.c:1243:1: enter_function: entry to ‘prof_tdata_destroy’
jemalloc-5.3.0/src/prof_data.c:1244:9: call_function: calling ‘malloc_mutex_lock’ from ‘prof_tdata_destroy’
jemalloc-5.3.0/src/prof_data.c:1244:9: return_function: returning to ‘prof_tdata_destroy’ from ‘malloc_mutex_lock’
jemalloc-5.3.0/src/prof_data.c:1245:9: call_function: calling ‘prof_tdata_destroy_locked’ from ‘prof_tdata_destroy’
#  120|   }
#  121|   
#  122|-> rb_gen(static UNUSED, tdata_tree_, prof_tdata_tree_t, prof_tdata_t, tdata_link,
#  123|       prof_tdata_comp)
#  124|   

Error: GCC_ANALYZER_WARNING (CWE-124): [#def58]
jemalloc-5.3.0/src/prof_data.c:122:1: warning[-Wanalyzer-out-of-bounds]: stack-based buffer underwrite
jemalloc-5.3.0/src/prof_data.c:1243:1: enter_function: entry to ‘prof_tdata_destroy’
jemalloc-5.3.0/src/prof_data.c:1244:9: call_function: calling ‘malloc_mutex_lock’ from ‘prof_tdata_destroy’
jemalloc-5.3.0/src/prof_data.c:1244:9: return_function: returning to ‘prof_tdata_destroy’ from ‘malloc_mutex_lock’
jemalloc-5.3.0/src/prof_data.c:1245:9: call_function: calling ‘prof_tdata_destroy_locked’ from ‘prof_tdata_destroy’
#  120|   }
#  121|   
#  122|-> rb_gen(static UNUSED, tdata_tree_, prof_tdata_tree_t, prof_tdata_t, tdata_link,
#  123|       prof_tdata_comp)
#  124|   

Scan Properties