Error: CPPCHECK_WARNING (CWE-758): [#def1] at-spi2-core-2.56.1/atk-adaptor/adaptors/collection-adaptor.c:644: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 642| for (j = 0; j < 32; j++) # 643| { # 644|-> if (array[i] & (1 << j)) # 645| { # 646| if (out_count == out_size - 2) Error: CPPCHECK_WARNING (CWE-758): [#def2] at-spi2-core-2.56.1/atk-adaptor/bridge.c:573: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 571| for (j = 0; j < 32; j++) # 572| { # 573|-> if (v & (1 << j)) # 574| { # 575| AtkState state = spi_atk_state_from_spi_state ((count << 5) + j); Error: COMPILER_WARNING (CWE-252): [#def3] at-spi2-core-2.56.1/bus/at-spi-bus-launcher.c: scope_hint: In function ‘sigterm_handler’ at-spi2-core-2.56.1/bus/at-spi-bus-launcher.c:866:3: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’ # 866 | write (sigterm_pipefd[1], "X", 1); # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 864| sigterm_handler (int signum) # 865| { # 866|-> write (sigterm_pipefd[1], "X", 1); # 867| } # 868| Error: CPPCHECK_WARNING (CWE-758): [#def4] at-spi2-core-2.56.1/dbind/dbind-any.c:131: error[missingReturn]: Found an exit path from function with non-void return type that has missing return statement # 129| case '\0': # 130| g_assert_not_reached (); # 131|-> break; # 132| default: # 133| return 1; Error: CPPCHECK_WARNING (CWE-664): [#def5] at-spi2-core-2.56.1/dbind/dbind.c:266: error[va_end_missing]: va_list 'args_demarshal' was opened but not closed by va_end(). # 264| msg = dbus_message_new_method_call (bus_name, path, interface, method); # 265| if (!msg) # 266|-> return FALSE; # 267| # 268| p = arg_types; Error: GCC_ANALYZER_WARNING (CWE-476): [#def6] at-spi2-core-2.56.1/redhat-linux-build/../atk-adaptor/adaptors/collection-adaptor.c:716:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘q’ at-spi2-core-2.56.1/redhat-linux-build/../atk-adaptor/adaptors/collection-adaptor.c:1214:1: enter_function: entry to ‘impl_GetMatches’ at-spi2-core-2.56.1/redhat-linux-build/../atk-adaptor/adaptors/collection-adaptor.c:1226:6: branch_false: following ‘false’ branch (when the strings are equal)... at-spi2-core-2.56.1/redhat-linux-build/../atk-adaptor/adaptors/collection-adaptor.c:1231:3: branch_false: ...to here at-spi2-core-2.56.1/redhat-linux-build/../atk-adaptor/adaptors/collection-adaptor.c:1232:8: call_function: calling ‘read_mr’ from ‘impl_GetMatches’ # 714| } # 715| mrp->attributes = g_slist_prepend (mrp->attributes, attr); # 716|-> if (*q == '\0') # 717| break; # 718| else Error: GCC_ANALYZER_WARNING (CWE-476): [#def7] at-spi2-core-2.56.1/redhat-linux-build/../atk-adaptor/bridge.c:205:24: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘evdata’ at-spi2-core-2.56.1/redhat-linux-build/../atk-adaptor/bridge.c:752:1: enter_function: entry to ‘handle_event_listener_registered’ at-spi2-core-2.56.1/redhat-linux-build/../atk-adaptor/bridge.c:765:3: call_function: calling ‘add_event_from_iter’ from ‘handle_event_listener_registered’ # 203| # 204| prop->name = g_strdup (property); # 205|-> evdata->properties = g_slist_append (evdata->properties, prop); # 206| } # 207| Error: GCC_ANALYZER_WARNING (CWE-126): [#def8] at-spi2-core-2.56.1/redhat-linux-build/../atk-adaptor/event.c:382:36: warning[-Wanalyzer-out-of-bounds]: buffer over-read at-spi2-core-2.56.1/redhat-linux-build/../atk-adaptor/event.c:1289:1: enter_function: entry to ‘generic_event_listener’ at-spi2-core-2.56.1/redhat-linux-build/../atk-adaptor/event.c:1310:3: call_function: calling ‘emit_event’ from ‘generic_event_listener’ # 380| ensure_proper_format (const char *name) # 381| { # 382|-> gchar *ret = (gchar *) g_malloc (strlen (name) * 2 + 2); # 383| gchar *p = ret; # 384| gboolean need_upper = TRUE; Error: GCC_ANALYZER_WARNING (CWE-688): [#def9] at-spi2-core-2.56.1/redhat-linux-build/../atk-adaptor/event.c:473:11: warning[-Wanalyzer-null-argument]: use of NULL ‘data[2]’ where non-null expected at-spi2-core-2.56.1/redhat-linux-build/../atk-adaptor/event.c:1289:1: enter_function: entry to ‘generic_event_listener’ at-spi2-core-2.56.1/redhat-linux-build/../atk-adaptor/event.c:1310:3: call_function: calling ‘emit_event’ from ‘generic_event_listener’ # 471| /* Hack: events such as "object::text-changed::insert:system" as # 472| generated by Gecko */ # 473|-> data[2][strcspn (data[2], ":")] = '\0'; # 474| # 475| for (list = spi_global_app_data->events; list; list = list->next) Error: GCC_ANALYZER_WARNING (CWE-688): [#def10] at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1057:12: warning[-Wanalyzer-null-argument]: use of NULL ‘category’ where non-null expected at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1033:1: enter_function: entry to ‘_atspi_send_event’ at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1047:8: call_function: calling ‘convert_event_type_to_dbus’ from ‘_atspi_send_event’ at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1047:8: return_function: returning to ‘_atspi_send_event’ from ‘convert_event_type_to_dbus’ at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1047:6: branch_false: following ‘false’ branch... at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1053:3: branch_false: ...to here at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1054:29: branch_true: following ‘true’ branch (when ‘l’ is non-NULL)... at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1056:27: branch_true: ...to here at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1057:12: release_memory: ‘category’ is NULL at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1057:12: release_memory: ‘category’ is NULL at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1057:12: release_memory: ‘category’ is NULL at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1057:12: danger: argument 1 (‘category’) NULL where non-null expected # 1055| { # 1056| EventListenerEntry *entry = l->data; # 1057|-> if (!strcmp (category, entry->category) && # 1058| (entry->name == NULL || !strcmp (name, entry->name)) && # 1059| detail_matches_listener (detail, entry->detail) && Error: GCC_ANALYZER_WARNING (CWE-688): [#def11] at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1058:36: warning[-Wanalyzer-null-argument]: use of NULL ‘name’ where non-null expected at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1033:1: enter_function: entry to ‘_atspi_send_event’ at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1047:8: call_function: calling ‘convert_event_type_to_dbus’ from ‘_atspi_send_event’ at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1047:8: return_function: returning to ‘_atspi_send_event’ from ‘convert_event_type_to_dbus’ at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1047:6: branch_false: following ‘false’ branch... at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1053:3: branch_false: ...to here at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1054:29: branch_true: following ‘true’ branch (when ‘l’ is non-NULL)... at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1056:27: branch_true: ...to here at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1057:10: branch_true: following ‘true’ branch (when the strings are equal)... at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1058:12: branch_true: ...to here at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1057:11: branch_false: following ‘false’ branch... at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1058:36: branch_false: ...to here at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1058:36: release_memory: ‘name’ is NULL at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-event-listener.c:1058:36: danger: argument 1 (‘name’) NULL where non-null expected # 1056| EventListenerEntry *entry = l->data; # 1057| if (!strcmp (category, entry->category) && # 1058|-> (entry->name == NULL || !strcmp (name, entry->name)) && # 1059| detail_matches_listener (detail, entry->detail) && # 1060| (entry->app == NULL || !strcmp (entry->app->parent.app->bus_name, Error: GCC_ANALYZER_WARNING (CWE-476): [#def12] at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-misc.c:452:12: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-misc.c:961:1: enter_function: entry to ‘process_deferred_messages’ at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-misc.c:969:10: branch_true: following ‘true’ branch... at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-misc.c:971:7: branch_true: ...to here at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-misc.c:971:7: call_function: calling ‘process_deferred_message’ from ‘process_deferred_messages’ # 450| if (!strcmp (ref->path, "/org/a11y/atspi/accessible/root")) # 451| { # 452|-> if (!app->root) # 453| { # 454| app->root = _atspi_accessible_new (app, atspi_path_root); Error: GCC_ANALYZER_WARNING (CWE-476): [#def13] at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-misc.c:461:7: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-misc.c:961:1: enter_function: entry to ‘process_deferred_messages’ at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-misc.c:969:10: branch_true: following ‘true’ branch... at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-misc.c:971:7: branch_true: ...to here at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-misc.c:971:7: call_function: calling ‘process_deferred_message’ from ‘process_deferred_messages’ # 459| } # 460| # 461|-> a = g_hash_table_lookup (app->hash, ref->path); # 462| if (a) # 463| { Error: GCC_ANALYZER_WARNING (CWE-476): [#def14] at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-misc.c:527:3: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-misc.c:961:1: enter_function: entry to ‘process_deferred_messages’ at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-misc.c:969:10: branch_true: following ‘true’ branch... at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-misc.c:971:7: branch_true: ...to here at-spi2-core-2.56.1/redhat-linux-build/../atspi/atspi-misc.c:971:7: call_function: calling ‘process_deferred_message’ from ‘process_deferred_messages’ # 525| return DBUS_HANDLER_RESULT_HANDLED; # 526| g_object_run_dispose (G_OBJECT (a)); # 527|-> g_hash_table_remove (app->hash, a->parent.path); # 528| g_object_unref (a); /* unref our own ref */ # 529| return DBUS_HANDLER_RESULT_HANDLED; Error: GCC_ANALYZER_WARNING (CWE-775): [#def15] at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:470:6: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘socket(1, 2049, 0)’ at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:457:6: branch_true: following ‘true’ branch... at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:459:7: branch_true: ...to here at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:467:24: acquire_resource: socket created here at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:467:6: branch_false: following ‘false’ branch... at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:470:7: branch_false: ...to here at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:470:6: danger: ‘socket(1, 2049, 0)’ leaks here # 468| g_error ("Failed to create listening socket: %s", strerror (errno)); # 469| # 470|-> if (bind (app->listenfd, (struct sockaddr *) &addr, addr_len) < 0) # 471| g_error ("Failed to bind listening socket: %s", strerror (errno)); # 472| Error: GCC_ANALYZER_WARNING (CWE-775): [#def16] at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:477:6: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*app.listenfd’ at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:457:6: branch_true: following ‘true’ branch... at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:459:7: branch_true: ...to here at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:467:24: acquire_resource: socket created here at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:467:6: branch_false: following ‘false’ branch... at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:470:7: branch_false: ...to here at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:470:6: branch_false: following ‘false’ branch... at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:473:8: branch_false: ...to here at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:473:6: branch_false: following ‘false’ branch... at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:477:7: branch_false: ...to here at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:477:6: danger: ‘*app.listenfd’ leaks here # 475| g_error ("Failed to get socket name for listening socket: %s", strerror (errno)); # 476| # 477|-> if (listen (app->listenfd, 1024) < 0) # 478| g_error ("Failed to listen on socket: %s", strerror (errno)); # 479| Error: GCC_ANALYZER_WARNING (CWE-775): [#def17] at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:480:3: warning[-Wanalyzer-fd-leak]: leak of file descriptor at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:838:1: enter_function: entry to ‘on_name_acquired’ at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:844:6: branch_true: following ‘true’ branch... at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:846:7: branch_true: ...to here at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:846:7: call_function: calling ‘ensure_a11y_bus’ from ‘on_name_acquired’ # 478| g_error ("Failed to listen on socket: %s", strerror (errno)); # 479| # 480|-> g_clear_pointer (&app->a11y_launch_error_message, g_free); # 481| # 482| if (!g_spawn_async (NULL, Error: GCC_ANALYZER_WARNING (CWE-775): [#def18] at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:480:3: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*app.listenfd’ at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:457:6: branch_true: following ‘true’ branch... at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:459:7: branch_true: ...to here at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:467:6: branch_false: following ‘false’ branch... at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:470:7: branch_false: ...to here at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:470:6: branch_false: following ‘false’ branch... at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:473:8: branch_false: ...to here at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:473:6: branch_true: following ‘true’ branch... at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:474:7: branch_true: ...to here at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:473:7: branch_false: following ‘false’ branch... at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:477:7: branch_false: ...to here at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:477:6: branch_false: following ‘false’ branch... at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:480:3: branch_false: ...to here at-spi2-core-2.56.1/redhat-linux-build/../bus/at-spi-bus-launcher.c:480:3: danger: ‘*app.listenfd’ leaks here # 478| g_error ("Failed to listen on socket: %s", strerror (errno)); # 479| # 480|-> g_clear_pointer (&app->a11y_launch_error_message, g_free); # 481| # 482| if (!g_spawn_async (NULL, Error: GCC_ANALYZER_WARNING (CWE-404): [#def19] at-spi2-core-2.56.1/redhat-linux-build/../dbind/dbind.c:266:12: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ at-spi2-core-2.56.1/redhat-linux-build/../dbind/dbind.c:262:3: acquire_resource: ‘va_copy’ called here at-spi2-core-2.56.1/redhat-linux-build/../dbind/dbind.c:265:6: branch_true: following ‘true’ branch... at-spi2-core-2.56.1/redhat-linux-build/../dbind/dbind.c:266:12: branch_true: ...to here at-spi2-core-2.56.1/redhat-linux-build/../dbind/dbind.c:266:12: danger: missing call to ‘va_end’ to match ‘va_copy’ at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0) # 264| msg = dbus_message_new_method_call (bus_name, path, interface, method); # 265| if (!msg) # 266|-> return FALSE; # 267| # 268| p = arg_types; Error: GCC_ANALYZER_WARNING (CWE-476): [#def20] at-spi2-core-2.56.1/redhat-linux-build/../tests/at-spi2-atk/dummyatk/my-atk-table.c:251:10: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ # 249| MyAtkTableCell *self = MY_ATK_TABLE_CELL (cell); # 250| # 251|-> return self->row_span; # 252| } # 253| Error: GCC_ANALYZER_WARNING (CWE-476): [#def21] at-spi2-core-2.56.1/redhat-linux-build/../tests/at-spi2-atk/dummyatk/my-atk-table.c:261:10: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ # 259| MyAtkTableCell *self = MY_ATK_TABLE_CELL (cell); # 260| # 261|-> return self->column_span; # 262| } # 263|
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-238.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | at-spi2-core-2.56.1-1.fc43 |
| store-results-to | /tmp/tmp1nkbye3e/at-spi2-core-2.56.1-1.fc43.tar.xz |
| time-created | 2025-04-25 12:05:01 |
| time-finished | 2025-04-25 12:07:02 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmp1nkbye3e/at-spi2-core-2.56.1-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp1nkbye3e/at-spi2-core-2.56.1-1.fc43.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |