bluez-5.81-2.fc43

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1]
bluez-5.81/./src/shared/util.h:241:16: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*(struct <anonymous> *)(&mic[0]).__v’
bluez-5.81/tools/mesh-gatt/crypto.c:1054:6: enter_function: entry to ‘mesh_crypto_packet_decode’
bluez-5.81/tools/mesh-gatt/crypto.c:1065:12: branch_false: following ‘false’ branch (when ‘packet_len > 13’)...
bluez-5.81/tools/mesh-gatt/crypto.c:1068:9: call_function: inlined call to ‘put_be32’ from ‘mesh_crypto_packet_decode’
bluez-5.81/tools/mesh-gatt/crypto.c:1071:14: call_function: calling ‘aes_ecb_one’ from ‘mesh_crypto_packet_decode’
bluez-5.81/tools/mesh-gatt/crypto.c:1071:14: return_function: returning to ‘mesh_crypto_packet_decode’ from ‘aes_ecb_one’
bluez-5.81/tools/mesh-gatt/crypto.c:1071:12: branch_true: following ‘true’ branch...
bluez-5.81/tools/mesh-gatt/crypto.c:1074:9: branch_true: ...to here
bluez-5.81/tools/mesh-gatt/crypto.c:1075:21: branch_true: following ‘true’ branch (when ‘i != 6’)...
bluez-5.81/tools/mesh-gatt/crypto.c:1076:17: branch_true: ...to here
bluez-5.81/tools/mesh-gatt/crypto.c:1075:21: branch_true: following ‘true’ branch (when ‘i != 6’)...
bluez-5.81/tools/mesh-gatt/crypto.c:1076:17: branch_true: ...to here
bluez-5.81/tools/mesh-gatt/crypto.c:1081:12: branch_false: following ‘false’ branch...
bluez-5.81/tools/mesh-gatt/crypto.c:1085:14: branch_false: ...to here
bluez-5.81/tools/mesh-gatt/crypto.c:1108:12: branch_false: following ‘false’ branch...
bluez-5.81/tools/mesh-gatt/crypto.c:1124:22: branch_false: ...to here
bluez-5.81/tools/mesh-gatt/crypto.c:1124:22: call_function: calling ‘mesh_crypto_aes_ccm_decrypt’ from ‘mesh_crypto_packet_decode’
#  239|   static inline uint32_t get_be32(const void *ptr)
#  240|   {
#  241|-> 	return be32_to_cpu(get_unaligned((const uint32_t *) ptr));
#  242|   }
#  243|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def2]
bluez-5.81/./src/shared/util.h:251:16: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*(struct <anonymous> *)(&mic[0]).__v’
bluez-5.81/tools/mesh-gatt/crypto.c:1054:6: enter_function: entry to ‘mesh_crypto_packet_decode’
bluez-5.81/tools/mesh-gatt/crypto.c:1065:12: branch_false: following ‘false’ branch (when ‘packet_len > 13’)...
bluez-5.81/tools/mesh-gatt/crypto.c:1068:9: call_function: inlined call to ‘put_be32’ from ‘mesh_crypto_packet_decode’
bluez-5.81/tools/mesh-gatt/crypto.c:1071:14: call_function: calling ‘aes_ecb_one’ from ‘mesh_crypto_packet_decode’
bluez-5.81/tools/mesh-gatt/crypto.c:1071:14: return_function: returning to ‘mesh_crypto_packet_decode’ from ‘aes_ecb_one’
bluez-5.81/tools/mesh-gatt/crypto.c:1071:12: branch_true: following ‘true’ branch...
bluez-5.81/tools/mesh-gatt/crypto.c:1074:9: branch_true: ...to here
bluez-5.81/tools/mesh-gatt/crypto.c:1075:21: branch_true: following ‘true’ branch (when ‘i != 6’)...
bluez-5.81/tools/mesh-gatt/crypto.c:1076:17: branch_true: ...to here
bluez-5.81/tools/mesh-gatt/crypto.c:1075:21: branch_true: following ‘true’ branch (when ‘i != 6’)...
bluez-5.81/tools/mesh-gatt/crypto.c:1076:17: branch_true: ...to here
bluez-5.81/tools/mesh-gatt/crypto.c:1081:12: branch_false: following ‘false’ branch...
bluez-5.81/tools/mesh-gatt/crypto.c:1085:14: branch_false: ...to here
bluez-5.81/tools/mesh-gatt/crypto.c:1108:12: branch_true: following ‘true’ branch...
bluez-5.81/tools/mesh-gatt/crypto.c:1111:22: branch_true: ...to here
bluez-5.81/tools/mesh-gatt/crypto.c:1111:22: call_function: calling ‘mesh_crypto_aes_ccm_decrypt’ from ‘mesh_crypto_packet_decode’
#  249|   static inline uint64_t get_be64(const void *ptr)
#  250|   {
#  251|-> 	return be64_to_cpu(get_unaligned((const uint64_t *) ptr));
#  252|   }
#  253|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def3]
bluez-5.81/./src/shared/util.h:261:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'data'
bluez-5.81/src/shared/gatt-db.c:407:24: acquire_memory: this call could return NULL
bluez-5.81/src/shared/gatt-db.c:408:17: call_function: inlined call to 'put_le16' from 'gen_hash_m'
#  259|   static inline void put_le16(uint16_t val, void *dst)
#  260|   {
#  261|-> 	put_unaligned(cpu_to_le16(val), (uint16_t *) dst);
#  262|   }
#  263|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def4]
bluez-5.81/./src/shared/util.h:266:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘pElem’
bluez-5.81/src/sdpd-request.c:1118:6: enter_function: entry to ‘handle_request’
bluez-5.81/src/sdpd-request.c:1125:12: branch_false: following ‘false’ branch...
bluez-5.81/src/sdpd-request.c:1130:13: branch_false: ...to here
bluez-5.81/src/sdpd-request.c:1130:12: branch_true: following ‘true’ branch...
bluez-5.81/src/sdpd-request.c:1133:17: branch_true: ...to here
bluez-5.81/src/sdpd-request.c:1136:20: branch_false: following ‘false’ branch...
bluez-5.81/src/sdpd-request.c:1141:17: call_function: inlined call to ‘bacpy’ from ‘handle_request’
bluez-5.81/src/sdpd-request.c:1147:20: branch_false: following ‘false’ branch...
bluez-5.81/src/sdpd-request.c:1152:17: call_function: inlined call to ‘bacpy’ from ‘handle_request’
bluez-5.81/src/sdpd-request.c:1164:9: call_function: calling ‘process_request’ from ‘handle_request’
#  264|   static inline void put_be16(uint16_t val, const void *ptr)
#  265|   {
#  266|-> 	put_unaligned(cpu_to_be16(val), (uint16_t *) ptr);
#  267|   }
#  268|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def5]
bluez-5.81/./src/shared/util.h:288:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘pElem’
bluez-5.81/src/sdpd-request.c:1118:6: enter_function: entry to ‘handle_request’
bluez-5.81/src/sdpd-request.c:1125:12: branch_false: following ‘false’ branch...
bluez-5.81/src/sdpd-request.c:1130:13: branch_false: ...to here
bluez-5.81/src/sdpd-request.c:1130:12: branch_true: following ‘true’ branch...
bluez-5.81/src/sdpd-request.c:1133:17: branch_true: ...to here
bluez-5.81/src/sdpd-request.c:1136:20: branch_false: following ‘false’ branch...
bluez-5.81/src/sdpd-request.c:1141:17: call_function: inlined call to ‘bacpy’ from ‘handle_request’
bluez-5.81/src/sdpd-request.c:1147:20: branch_false: following ‘false’ branch...
bluez-5.81/src/sdpd-request.c:1152:17: call_function: inlined call to ‘bacpy’ from ‘handle_request’
bluez-5.81/src/sdpd-request.c:1164:9: call_function: calling ‘process_request’ from ‘handle_request’
#  286|   static inline void put_be32(uint32_t val, void *dst)
#  287|   {
#  288|-> 	put_unaligned(cpu_to_be32(val), (uint32_t *) dst);
#  289|   }
#  290|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def6]
bluez-5.81/attrib/gattrib.c:207:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘pdu’
bluez-5.81/attrib/gattrib.c:348:13: enter_function: entry to ‘client_notify_cb’
bluez-5.81/attrib/gattrib.c:355:12: branch_false: following ‘false’ branch (when ‘length == 0’)...
bluez-5.81/attrib/gattrib.c:358:9: branch_false: ...to here
bluez-5.81/attrib/gattrib.c:358:9: call_function: calling ‘attrib_callback_notify’ from ‘client_notify_cb’
#  205|   
#  206|   	if (pdu && length)
#  207|-> 		memcpy(buf + 1, pdu, length);
#  208|   
#  209|   	return buf;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def7]
bluez-5.81/btio/btio.c:256:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘g_io_channel_unix_get_fd(io)’
#  254|   
#  255|   	cli_sock = accept(srv_sock, NULL, NULL);
#  256|-> 	if (cli_sock < 0)
#  257|   		return TRUE;
#  258|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def8]
bluez-5.81/btio/btio.c:2055:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘g_io_channel_unix_get_fd(create_io(0, &opts,  gerr))’
bluez-5.81/btio/btio.c:2021:13: enter_function: entry to ‘bt_io_connect’
bluez-5.81/btio/btio.c:2036:12: branch_false: following ‘false’ branch...
bluez-5.81/btio/btio.c:2039:14: branch_false: ...to here
bluez-5.81/btio/btio.c:2039:14: call_function: calling ‘create_io’ from ‘bt_io_connect’
bluez-5.81/btio/btio.c:2039:14: return_function: returning to ‘bt_io_connect’ from ‘create_io’
bluez-5.81/btio/btio.c:2040:12: branch_false: following ‘false’ branch...
bluez-5.81/btio/btio.c:2043:16: branch_false: ...to here
bluez-5.81/btio/btio.c:2064:23: call_function: calling ‘sco_connect’ from ‘bt_io_connect’
# 2053|   	}
# 2054|   
# 2055|-> 	switch (opts.type) {
# 2056|   	case BT_IO_L2CAP:
# 2057|   		err = l2cap_connect(sock, &opts.dst, opts.dst_type,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def9]
bluez-5.81/btio/btio.c:2120:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘g_io_channel_unix_get_fd(create_io(1, &opts,  err))’
bluez-5.81/btio/btio.c:2090:13: enter_function: entry to ‘bt_io_listen’
bluez-5.81/btio/btio.c:2104:12: branch_false: following ‘false’ branch...
bluez-5.81/btio/btio.c:2107:14: branch_false: ...to here
bluez-5.81/btio/btio.c:2107:14: call_function: calling ‘create_io’ from ‘bt_io_listen’
bluez-5.81/btio/btio.c:2107:14: return_function: returning to ‘bt_io_listen’ from ‘create_io’
bluez-5.81/btio/btio.c:2108:12: branch_false: following ‘false’ branch...
bluez-5.81/btio/btio.c:2111:16: branch_false: ...to here
bluez-5.81/btio/btio.c:2120:12: danger: ‘g_io_channel_unix_get_fd(create_io(1, &opts,  err))’ leaks here
# 2118|   		}
# 2119|   
# 2120|-> 	if (listen(sock, 5) < 0) {
# 2121|   		ERROR_FAILED(err, "listen", errno);
# 2122|   		g_io_channel_unref(io);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def10]
bluez-5.81/client/advertising.c:708:14: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
bluez-5.81/client/advertising.c:698:6: enter_function: entry to ‘ad_register’
bluez-5.81/client/advertising.c:700:12: branch_false: following ‘false’ branch...
bluez-5.81/client/advertising.c:705:16: branch_false: ...to here
bluez-5.81/client/advertising.c:706:9: release_memory: ‘0’ is NULL
bluez-5.81/client/advertising.c:708:14: danger: argument 1 (‘<unknown>’) NULL where non-null expected
#  706|   	ad.type = g_strdup(type);
#  707|   
#  708|-> 	if (!strcasecmp(ad.type, "Broadcast"))
#  709|   		ad.discoverable = false;
#  710|   

Error: CPPCHECK_WARNING (CWE-457): [#def11]
bluez-5.81/client/assistant.c:181: warning[uninitvar]: Uninitialized variable: value
#  179|   	*val_len = i;
#  180|   
#  181|-> 	return util_memdup(value, i);
#  182|   }
#  183|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def12]
bluez-5.81/client/display.c:53:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘saved_line’
bluez-5.81/client/display.c:39:12: branch_false: following ‘false’ branch...
bluez-5.81/client/display.c:47:9: branch_false: ...to here
bluez-5.81/client/display.c:51:12: branch_true: following ‘true’ branch...
bluez-5.81/client/display.c:52:17: branch_true: ...to here
bluez-5.81/client/display.c:53:17: danger: use of uninitialized value ‘saved_line’ here
#   51|   	if (save_input) {
#   52|   		rl_restore_prompt();
#   53|-> 		rl_replace_line(saved_line, 0);
#   54|   		rl_point = saved_point;
#   55|   		rl_forced_update_display();

Error: CPPCHECK_WARNING (CWE-457): [#def13]
bluez-5.81/client/gatt.c:730: warning[uninitvar]: Uninitialized variable: value
#  728|   	*val_len = i;
#  729|   
#  730|-> 	return util_memdup(value, i);
#  731|   }
#  732|   

Error: CPPCHECK_WARNING (CWE-457): [#def14]
bluez-5.81/client/hci.c:102: warning[uninitvar]: Uninitialized variable: value
#  100|   	*val_len = i;
#  101|   
#  102|-> 	return util_memdup(value, i);
#  103|   }
#  104|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def15]
bluez-5.81/client/mgmt.c:4748:9: warning[-Wanalyzer-malloc-leak]: leak of ‘adv_data’
bluez-5.81/client/mgmt.c:4768:13: enter_function: entry to ‘cmd_add_adv’
bluez-5.81/client/mgmt.c:4786:16: branch_true: following ‘true’ branch (when ‘opt != -1’)...
bluez-5.81/client/mgmt.c:4788:17: branch_true: ...to here
bluez-5.81/client/mgmt.c:4826:28: branch_false: following ‘false’ branch...
bluez-5.81/client/mgmt.c:4831:30: branch_false: ...to here
bluez-5.81/client/mgmt.c:4831:30: call_function: calling ‘parse_bytes’ from ‘cmd_add_adv’
bluez-5.81/client/mgmt.c:4831:30: return_function: returning to ‘cmd_add_adv’ from ‘parse_bytes’
bluez-5.81/client/mgmt.c:4831:28: branch_true: following ‘true’ branch...
 branch_true: ...to here
bluez-5.81/client/mgmt.c:4786:16: branch_true: following ‘true’ branch (when ‘opt != -1’)...
bluez-5.81/client/mgmt.c:4788:17: branch_true: ...to here
bluez-5.81/client/mgmt.c:4826:28: branch_false: following ‘false’ branch...
bluez-5.81/client/mgmt.c:4831:30: branch_false: ...to here
bluez-5.81/client/mgmt.c:4831:30: call_function: calling ‘parse_bytes’ from ‘cmd_add_adv’
# 4746|   	}
# 4747|   
# 4748|-> 	*bytes = malloc(*len);
# 4749|   	if (!*bytes) {
# 4750|   		error("Failed to allocate memory");

Error: GCC_ANALYZER_WARNING (CWE-457): [#def16]
bluez-5.81/client/mgmt.c:4927:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘adv_data’
bluez-5.81/client/mgmt.c:4768:13: enter_function: entry to ‘cmd_add_adv’
bluez-5.81/client/mgmt.c:4786:16: branch_true: following ‘true’ branch (when ‘opt != -1’)...
bluez-5.81/client/mgmt.c:4788:17: branch_true: ...to here
bluez-5.81/client/mgmt.c:4826:28: branch_false: following ‘false’ branch...
bluez-5.81/client/mgmt.c:4831:30: branch_false: ...to here
bluez-5.81/client/mgmt.c:4831:30: call_function: calling ‘parse_bytes’ from ‘cmd_add_adv’
bluez-5.81/client/mgmt.c:4831:30: return_function: returning to ‘cmd_add_adv’ from ‘parse_bytes’
bluez-5.81/client/mgmt.c:4831:28: branch_true: following ‘true’ branch...
 branch_true: ...to here
bluez-5.81/client/mgmt.c:4786:16: branch_false: following ‘false’ branch (when ‘opt == -1’)...
bluez-5.81/client/mgmt.c:4890:14: branch_false: ...to here
bluez-5.81/client/mgmt.c:4894:12: branch_false: following ‘false’ branch (when ‘argc == 1’)...
bluez-5.81/client/mgmt.c:4899:12: branch_false: ...to here
bluez-5.81/client/mgmt.c:4899:12: branch_false: following ‘false’ branch (when ‘uuid_bytes == 0’)...
bluez-5.81/client/mgmt.c:4902:20: branch_false: ...to here
bluez-5.81/client/mgmt.c:4910:12: branch_false: following ‘false’ branch (when ‘cp’ is non-NULL)...
bluez-5.81/client/mgmt.c:4913:9: branch_false: ...to here
bluez-5.81/client/mgmt.c:4920:12: branch_false: following ‘false’ branch (when ‘uuid_bytes == 0’)...
bluez-5.81/client/mgmt.c:4926:12: branch_false: ...to here
bluez-5.81/client/mgmt.c:4926:12: branch_true: following ‘true’ branch...
bluez-5.81/client/mgmt.c:4927:17: branch_true: ...to here
bluez-5.81/client/mgmt.c:4927:17: danger: use of uninitialized value ‘adv_data’ here
# 4925|   
# 4926|   	if (adv_len)
# 4927|-> 		memcpy(cp->data + uuid_bytes, adv_data, adv_len);
# 4928|   
# 4929|   	if (scan_rsp_len)

Error: GCC_ANALYZER_WARNING (CWE-457): [#def17]
bluez-5.81/client/mgmt.c:5351:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘adv_data’
bluez-5.81/client/mgmt.c:5234:13: enter_function: entry to ‘cmd_add_ext_adv_data’
bluez-5.81/client/mgmt.c:5250:16: branch_true: following ‘true’ branch (when ‘opt != -1’)...
bluez-5.81/client/mgmt.c:5252:17: branch_true: ...to here
bluez-5.81/client/mgmt.c:5290:28: branch_false: following ‘false’ branch...
bluez-5.81/client/mgmt.c:5295:30: branch_false: ...to here
bluez-5.81/client/mgmt.c:5295:30: call_function: calling ‘parse_bytes’ from ‘cmd_add_ext_adv_data’
bluez-5.81/client/mgmt.c:5295:30: return_function: returning to ‘cmd_add_ext_adv_data’ from ‘parse_bytes’
bluez-5.81/client/mgmt.c:5295:28: branch_true: following ‘true’ branch...
 branch_true: ...to here
bluez-5.81/client/mgmt.c:5250:16: branch_false: following ‘false’ branch (when ‘opt == -1’)...
bluez-5.81/client/mgmt.c:5317:14: branch_false: ...to here
bluez-5.81/client/mgmt.c:5321:12: branch_false: following ‘false’ branch (when ‘argc == 1’)...
bluez-5.81/client/mgmt.c:5326:12: branch_false: ...to here
bluez-5.81/client/mgmt.c:5326:12: branch_false: following ‘false’ branch (when ‘uuid_bytes == 0’)...
bluez-5.81/client/mgmt.c:5329:20: branch_false: ...to here
bluez-5.81/client/mgmt.c:5337:12: branch_false: following ‘false’ branch (when ‘cp’ is non-NULL)...
bluez-5.81/client/mgmt.c:5340:9: branch_false: ...to here
bluez-5.81/client/mgmt.c:5344:12: branch_false: following ‘false’ branch (when ‘uuid_bytes == 0’)...
bluez-5.81/client/mgmt.c:5350:12: branch_false: ...to here
bluez-5.81/client/mgmt.c:5350:12: branch_true: following ‘true’ branch...
bluez-5.81/client/mgmt.c:5351:17: branch_true: ...to here
bluez-5.81/client/mgmt.c:5351:17: danger: use of uninitialized value ‘adv_data’ here
# 5349|   
# 5350|   	if (adv_len)
# 5351|-> 		memcpy(cp->data + uuid_bytes, adv_data, adv_len);
# 5352|   
# 5353|   	if (scan_rsp_len)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def18]
bluez-5.81/client/player.c:3506:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘preset’
bluez-5.81/client/player.c:3495:29: enter_function: entry to ‘codec_preset_add’
bluez-5.81/client/player.c:3500:17: call_function: calling ‘preset_find_name’ from ‘codec_preset_add’
bluez-5.81/client/player.c:3500:17: return_function: returning to ‘codec_preset_add’ from ‘preset_find_name’
bluez-5.81/client/player.c:3501:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
 call_function: calling ‘codec_preset_add’ from ‘codec_preset_add’
# 3504|   	codec = codec_preset_new(name);
# 3505|   
# 3506|-> 	if (!preset->custom)
# 3507|   		preset->custom = queue_new();
# 3508|   

Error: GCC_ANALYZER_WARNING: [#def19]
bluez-5.81/client/player.c:5550:23: warning[-Wanalyzer-fd-use-without-check]: ‘read’ on possibly invalid file descriptor ‘fd’
bluez-5.81/client/player.c:5684:13: enter_function: entry to ‘cmd_send_transport’
bluez-5.81/client/player.c:5693:21: branch_true: following ‘true’ branch (when ‘i < argc’)...
bluez-5.81/client/player.c:5694:67: branch_true: ...to here
bluez-5.81/client/player.c:5696:20: branch_false: following ‘false’ branch...
bluez-5.81/client/player.c:5701:29: call_function: inlined call to ‘find_transport’ from ‘cmd_send_transport’
bluez-5.81/client/player.c:5702:20: branch_false: following ‘false’ branch...
bluez-5.81/client/player.c:5707:21: branch_false: ...to here
bluez-5.81/client/player.c:5707:20: branch_false: following ‘false’ branch...
bluez-5.81/client/player.c:5712:21: branch_false: ...to here
bluez-5.81/client/player.c:5712:20: branch_false: following ‘false’ branch...
bluez-5.81/client/player.c:5719:17: branch_false: ...to here
bluez-5.81/client/player.c:5724:20: branch_true: following ‘true’ branch...
bluez-5.81/client/player.c:5727:66: branch_true: ...to here
bluez-5.81/client/player.c:5728:31: call_function: calling ‘transport_send’ from ‘cmd_send_transport’
# 5548|   		off_t offset;
# 5549|   
# 5550|-> 		ret = read(fd, buf, transport->mtu[1]);
# 5551|   		if (ret <= 0) {
# 5552|   			if (ret < 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def20]
bluez-5.81/client/player.c:5698:32: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
bluez-5.81/client/player.c:5684:13: enter_function: entry to ‘cmd_send_transport’
bluez-5.81/client/player.c:5693:21: branch_true: following ‘true’ branch (when ‘i < argc’)...
bluez-5.81/client/player.c:5694:67: branch_true: ...to here
bluez-5.81/client/player.c:5696:20: branch_false: following ‘false’ branch...
bluez-5.81/client/player.c:5701:29: call_function: inlined call to ‘find_transport’ from ‘cmd_send_transport’
bluez-5.81/client/player.c:5702:20: branch_false: following ‘false’ branch...
bluez-5.81/client/player.c:5707:21: branch_false: ...to here
bluez-5.81/client/player.c:5707:20: branch_false: following ‘false’ branch...
bluez-5.81/client/player.c:5712:21: branch_false: ...to here
bluez-5.81/client/player.c:5713:30: call_function: calling ‘open_file’ from ‘cmd_send_transport’
bluez-5.81/client/player.c:5713:30: return_function: returning to ‘cmd_send_transport’ from ‘open_file’
bluez-5.81/client/player.c:5714:28: branch_false: following ‘false’ branch...
bluez-5.81/client/player.c:5719:17: branch_false: ...to here
bluez-5.81/client/player.c:5745:20: branch_false: following ‘false’ branch (when ‘err >= 0’)...
bluez-5.81/client/player.c:5693:31: branch_false: ...to here
bluez-5.81/client/player.c:5698:32: danger: ‘fd’ leaks here; was opened at [(15)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/14)
# 5696|   		if (!proxy) {
# 5697|   			bt_shell_printf("Transport %s not found\n", argv[i]);
# 5698|-> 			return bt_shell_noninteractive_quit(EXIT_FAILURE);
# 5699|   		}
# 5700|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def21]
bluez-5.81/emulator/b1ee.c:267:28: warning[-Wanalyzer-malloc-leak]: leak of ‘server_port’
bluez-5.81/emulator/b1ee.c:249:5: enter_function: entry to ‘main’
bluez-5.81/emulator/b1ee.c:261:20: branch_false: following ‘false’ branch (when ‘opt >= 0’)...
bluez-5.81/emulator/b1ee.c:264:17: branch_false: ...to here
bluez-5.81/emulator/b1ee.c:266:39: call_function: calling ‘set_port’ from ‘main’
bluez-5.81/emulator/b1ee.c:266:39: return_function: returning to ‘main’ from ‘set_port’
bluez-5.81/emulator/b1ee.c:267:28: branch_false: following ‘false’ branch...
 branch_false: ...to here
bluez-5.81/emulator/b1ee.c:261:20: branch_false: following ‘false’ branch (when ‘opt >= 0’)...
bluez-5.81/emulator/b1ee.c:264:17: branch_false: ...to here
bluez-5.81/emulator/b1ee.c:266:39: call_function: calling ‘set_port’ from ‘main’
bluez-5.81/emulator/b1ee.c:266:39: return_function: returning to ‘main’ from ‘set_port’
bluez-5.81/emulator/b1ee.c:267:28: branch_false: following ‘false’ branch...
 branch_false: ...to here
bluez-5.81/emulator/b1ee.c:267:28: danger: ‘server_port’ leaks here; was allocated at [(14)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/13)
#  265|   		case 'p':
#  266|   			server_port = set_port(optarg);
#  267|-> 			if (server_port == NULL)
#  268|   				goto usage;
#  269|   

Error: GCC_ANALYZER_WARNING (CWE-910): [#def22]
bluez-5.81/emulator/b1ee.c:300:19: warning[-Wanalyzer-fd-use-after-close]: ‘write’ on closed file descriptor ‘sniffer_fd’
bluez-5.81/emulator/b1ee.c:249:5: enter_function: entry to ‘main’
bluez-5.81/emulator/b1ee.c:261:20: branch_true: following ‘true’ branch (when ‘opt < 0’)...
bluez-5.81/emulator/b1ee.c:289:16: branch_true: ...to here
bluez-5.81/emulator/b1ee.c:293:12: branch_false: following ‘false’ branch...
bluez-5.81/emulator/b1ee.c:296:21: branch_false: following ‘false’ branch (when ‘server_port’ is NULL)...
 branch_false: ...to here
bluez-5.81/emulator/b1ee.c:296:21: call_function: calling ‘do_connect’ from ‘main’
bluez-5.81/emulator/b1ee.c:296:21: return_function: returning to ‘main’ from ‘do_connect’
bluez-5.81/emulator/b1ee.c:297:22: branch_false: following ‘false’ branch (when ‘sniffer_port’ is NULL)...
 branch_false: ...to here
bluez-5.81/emulator/b1ee.c:297:22: call_function: calling ‘do_connect’ from ‘main’
bluez-5.81/emulator/b1ee.c:297:22: return_function: returning to ‘main’ from ‘do_connect’
bluez-5.81/emulator/b1ee.c:300:19: danger: ‘write’ on closed file descriptor ‘sniffer_fd’; ‘close’ was at [(29)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/28)
#  298|   				sniffer_port ? : DEFAULT_SNIFFER_PORT);
#  299|   
#  300|-> 	written = write(sniffer_fd, sniff_cmd, sizeof(sniff_cmd));
#  301|   	if (written < 0)
#  302|   		perror("Failed to enable sniffer");

Error: GCC_ANALYZER_WARNING: [#def23]
bluez-5.81/emulator/b1ee.c:300:19: warning[-Wanalyzer-fd-use-without-check]: ‘write’ on possibly invalid file descriptor ‘-1’
bluez-5.81/emulator/b1ee.c:249:5: enter_function: entry to ‘main’
bluez-5.81/emulator/b1ee.c:261:20: branch_true: following ‘true’ branch (when ‘opt < 0’)...
bluez-5.81/emulator/b1ee.c:289:16: branch_true: ...to here
bluez-5.81/emulator/b1ee.c:293:12: branch_false: following ‘false’ branch...
bluez-5.81/emulator/b1ee.c:296:21: branch_false: following ‘false’ branch (when ‘server_port’ is NULL)...
 branch_false: ...to here
bluez-5.81/emulator/b1ee.c:296:21: call_function: calling ‘do_connect’ from ‘main’
bluez-5.81/emulator/b1ee.c:296:21: return_function: returning to ‘main’ from ‘do_connect’
bluez-5.81/emulator/b1ee.c:297:22: branch_false: following ‘false’ branch (when ‘sniffer_port’ is NULL)...
 branch_false: ...to here
bluez-5.81/emulator/b1ee.c:297:22: call_function: calling ‘do_connect’ from ‘main’
bluez-5.81/emulator/b1ee.c:297:22: return_function: returning to ‘main’ from ‘do_connect’
bluez-5.81/emulator/b1ee.c:300:19: danger: ‘-1’ could be invalid
#  298|   				sniffer_port ? : DEFAULT_SNIFFER_PORT);
#  299|   
#  300|-> 	written = write(sniffer_fd, sniff_cmd, sizeof(sniff_cmd));
#  301|   	if (written < 0)
#  302|   		perror("Failed to enable sniffer");

Error: GCC_ANALYZER_WARNING (CWE-457): [#def24]
bluez-5.81/emulator/btdev.c:3794:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘data’
bluez-5.81/emulator/btdev.c:6524:12: enter_function: entry to ‘cmd_big_create_sync_complete’
bluez-5.81/emulator/btdev.c:6541:13: branch_false: following ‘false’ branch...
bluez-5.81/emulator/btdev.c:6545:49: branch_false: ...to here
bluez-5.81/emulator/btdev.c:6544:18: call_function: calling ‘find_btdev_by_bdaddr_type’ from ‘cmd_big_create_sync_complete’
bluez-5.81/emulator/btdev.c:6544:18: return_function: returning to ‘cmd_big_create_sync_complete’ from ‘find_btdev_by_bdaddr_type’
bluez-5.81/emulator/btdev.c:6546:12: branch_false: following ‘false’ branch...
bluez-5.81/emulator/btdev.c:6549:31: branch_false: ...to here
bluez-5.81/emulator/btdev.c:6549:15: call_function: calling ‘le_big_new’ from ‘cmd_big_create_sync_complete’
bluez-5.81/emulator/btdev.c:6549:15: return_function: returning to ‘cmd_big_create_sync_complete’ from ‘le_big_new’
bluez-5.81/emulator/btdev.c:6550:12: branch_false: following ‘false’ branch...
bluez-5.81/emulator/btdev.c:6557:9: branch_false: ...to here
bluez-5.81/emulator/btdev.c:6559:21: branch_true: following ‘true’ branch...
bluez-5.81/emulator/btdev.c:6560:24: branch_true: ...to here
bluez-5.81/emulator/btdev.c:6560:24: call_function: calling ‘conn_link_bis’ from ‘cmd_big_create_sync_complete’
bluez-5.81/emulator/btdev.c:6560:24: return_function: returning to ‘cmd_big_create_sync_complete’ from ‘conn_link_bis’
bluez-5.81/emulator/btdev.c:6561:20: branch_false: following ‘false’ branch...
bluez-5.81/emulator/btdev.c:6564:30: branch_false: ...to here
bluez-5.81/emulator/btdev.c:6559:21: branch_false: following ‘false’ branch...
bluez-5.81/emulator/btdev.c:6569:18: branch_false: ...to here
bluez-5.81/emulator/btdev.c:6569:12: branch_false: following ‘false’ branch...
bluez-5.81/emulator/btdev.c:6578:12: branch_false: following ‘false’ branch...
bluez-5.81/emulator/btdev.c:6585:25: branch_false: ...to here
bluez-5.81/emulator/btdev.c:6595:9: call_function: calling ‘le_meta_event’ from ‘cmd_big_create_sync_complete’
# 3792|   
# 3793|   	if (len > 0)
# 3794|-> 		memcpy(pkt_data + 1, data, len);
# 3795|   
# 3796|   	send_event(btdev, BT_HCI_EVT_LE_META_EVENT, pkt_data, 1 + len);

Error: GCC_ANALYZER_WARNING (CWE-126): [#def25]
bluez-5.81/emulator/bthost.c:589:46: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
bluez-5.81/emulator/bthost.c:3417:13: enter_function: entry to ‘set_pa_data’
bluez-5.81/emulator/bthost.c:3431:12: branch_false: following ‘false’ branch...
bluez-5.81/emulator/bthost.c:3439:17: branch_false: ...to here
bluez-5.81/emulator/bthost.c:3450:9: call_function: calling ‘send_command’ from ‘set_pa_data’
#  587|   
#  588|   	for (i = 0; i < iovlen; i++) {
#  589|-> 		memcpy(cmd->data + cmd->len, iov[i].iov_base, iov[i].iov_len);
#  590|   		cmd->len += iov[i].iov_len;
#  591|   	}

Error: GCC_ANALYZER_WARNING (CWE-126): [#def26]
bluez-5.81/emulator/bthost.c:589:63: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
bluez-5.81/emulator/bthost.c:3417:13: enter_function: entry to ‘set_pa_data’
bluez-5.81/emulator/bthost.c:3431:12: branch_false: following ‘false’ branch...
bluez-5.81/emulator/bthost.c:3439:17: branch_false: ...to here
bluez-5.81/emulator/bthost.c:3450:9: call_function: calling ‘send_command’ from ‘set_pa_data’
#  587|   
#  588|   	for (i = 0; i < iovlen; i++) {
#  589|-> 		memcpy(cmd->data + cmd->len, iov[i].iov_base, iov[i].iov_len);
#  590|   		cmd->len += iov[i].iov_len;
#  591|   	}

Error: CPPCHECK_WARNING (CWE-476): [#def27]
bluez-5.81/emulator/bthost.c:3537: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cp
# 3535|   
# 3536|   	cp = malloc(sizeof(*cp) + sizeof(*cp->cis));
# 3537|-> 	memset(cp, 0, sizeof(*cp) + sizeof(*cp->cis));
# 3538|   	cp->cig_id = cig_id;
# 3539|   	put_le24(qos->ucast.in.interval ? qos->ucast.in.interval :

Error: CPPCHECK_WARNING (CWE-476): [#def28]
bluez-5.81/emulator/bthost.c:3538: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cp
# 3536|   	cp = malloc(sizeof(*cp) + sizeof(*cp->cis));
# 3537|   	memset(cp, 0, sizeof(*cp) + sizeof(*cp->cis));
# 3538|-> 	cp->cig_id = cig_id;
# 3539|   	put_le24(qos->ucast.in.interval ? qos->ucast.in.interval :
# 3540|   				qos->ucast.out.interval, cp->c_interval);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def29]
bluez-5.81/emulator/bthost.c:3538:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘cp’
bluez-5.81/emulator/bthost.c:3536:14: acquire_memory: this call could return NULL
bluez-5.81/emulator/bthost.c:3538:9: danger: ‘cp’ could be NULL: unchecked value from [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
# 3536|   	cp = malloc(sizeof(*cp) + sizeof(*cp->cis));
# 3537|   	memset(cp, 0, sizeof(*cp) + sizeof(*cp->cis));
# 3538|-> 	cp->cig_id = cig_id;
# 3539|   	put_le24(qos->ucast.in.interval ? qos->ucast.in.interval :
# 3540|   				qos->ucast.out.interval, cp->c_interval);

Error: CPPCHECK_WARNING (CWE-476): [#def30]
bluez-5.81/emulator/bthost.c:3540: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cp
# 3538|   	cp->cig_id = cig_id;
# 3539|   	put_le24(qos->ucast.in.interval ? qos->ucast.in.interval :
# 3540|-> 				qos->ucast.out.interval, cp->c_interval);
# 3541|   	put_le24(qos->ucast.out.interval ? qos->ucast.out.interval :
# 3542|   				qos->ucast.in.interval, cp->p_interval);

Error: CPPCHECK_WARNING (CWE-476): [#def31]
bluez-5.81/emulator/bthost.c:3542: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cp
# 3540|   				qos->ucast.out.interval, cp->c_interval);
# 3541|   	put_le24(qos->ucast.out.interval ? qos->ucast.out.interval :
# 3542|-> 				qos->ucast.in.interval, cp->p_interval);
# 3543|   	cp->c_latency = cpu_to_le16(qos->ucast.in.latency ?
# 3544|   				qos->ucast.in.latency : qos->ucast.out.latency);

Error: CPPCHECK_WARNING (CWE-476): [#def32]
bluez-5.81/emulator/bthost.c:3543: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cp
# 3541|   	put_le24(qos->ucast.out.interval ? qos->ucast.out.interval :
# 3542|   				qos->ucast.in.interval, cp->p_interval);
# 3543|-> 	cp->c_latency = cpu_to_le16(qos->ucast.in.latency ?
# 3544|   				qos->ucast.in.latency : qos->ucast.out.latency);
# 3545|   	cp->p_latency = cpu_to_le16(qos->ucast.out.latency ?

Error: CPPCHECK_WARNING (CWE-476): [#def33]
bluez-5.81/emulator/bthost.c:3545: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cp
# 3543|   	cp->c_latency = cpu_to_le16(qos->ucast.in.latency ?
# 3544|   				qos->ucast.in.latency : qos->ucast.out.latency);
# 3545|-> 	cp->p_latency = cpu_to_le16(qos->ucast.out.latency ?
# 3546|   				qos->ucast.out.latency : qos->ucast.in.latency);
# 3547|   	cp->num_cis = 0x01;

Error: CPPCHECK_WARNING (CWE-476): [#def34]
bluez-5.81/emulator/bthost.c:3547: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cp
# 3545|   	cp->p_latency = cpu_to_le16(qos->ucast.out.latency ?
# 3546|   				qos->ucast.out.latency : qos->ucast.in.latency);
# 3547|-> 	cp->num_cis = 0x01;
# 3548|   	cp->cis[0].cis_id = cis_id;
# 3549|   	cp->cis[0].c_sdu = qos->ucast.in.sdu;

Error: CPPCHECK_WARNING (CWE-476): [#def35]
bluez-5.81/emulator/bthost.c:3548: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cp
# 3546|   				qos->ucast.out.latency : qos->ucast.in.latency);
# 3547|   	cp->num_cis = 0x01;
# 3548|-> 	cp->cis[0].cis_id = cis_id;
# 3549|   	cp->cis[0].c_sdu = qos->ucast.in.sdu;
# 3550|   	cp->cis[0].p_sdu = qos->ucast.out.sdu;

Error: CPPCHECK_WARNING (CWE-476): [#def36]
bluez-5.81/emulator/bthost.c:3549: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cp
# 3547|   	cp->num_cis = 0x01;
# 3548|   	cp->cis[0].cis_id = cis_id;
# 3549|-> 	cp->cis[0].c_sdu = qos->ucast.in.sdu;
# 3550|   	cp->cis[0].p_sdu = qos->ucast.out.sdu;
# 3551|   	cp->cis[0].c_phy = qos->ucast.in.phy ? qos->ucast.in.phy :

Error: CPPCHECK_WARNING (CWE-476): [#def37]
bluez-5.81/emulator/bthost.c:3550: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cp
# 3548|   	cp->cis[0].cis_id = cis_id;
# 3549|   	cp->cis[0].c_sdu = qos->ucast.in.sdu;
# 3550|-> 	cp->cis[0].p_sdu = qos->ucast.out.sdu;
# 3551|   	cp->cis[0].c_phy = qos->ucast.in.phy ? qos->ucast.in.phy :
# 3552|   							qos->ucast.out.phy;

Error: CPPCHECK_WARNING (CWE-476): [#def38]
bluez-5.81/emulator/bthost.c:3551: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cp
# 3549|   	cp->cis[0].c_sdu = qos->ucast.in.sdu;
# 3550|   	cp->cis[0].p_sdu = qos->ucast.out.sdu;
# 3551|-> 	cp->cis[0].c_phy = qos->ucast.in.phy ? qos->ucast.in.phy :
# 3552|   							qos->ucast.out.phy;
# 3553|   	cp->cis[0].p_phy = qos->ucast.out.phy ? qos->ucast.out.phy :

Error: CPPCHECK_WARNING (CWE-476): [#def39]
bluez-5.81/emulator/bthost.c:3553: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cp
# 3551|   	cp->cis[0].c_phy = qos->ucast.in.phy ? qos->ucast.in.phy :
# 3552|   							qos->ucast.out.phy;
# 3553|-> 	cp->cis[0].p_phy = qos->ucast.out.phy ? qos->ucast.out.phy :
# 3554|   							qos->ucast.in.phy;
# 3555|   	cp->cis[0].c_rtn = qos->ucast.in.rtn;

Error: CPPCHECK_WARNING (CWE-476): [#def40]
bluez-5.81/emulator/bthost.c:3555: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cp
# 3553|   	cp->cis[0].p_phy = qos->ucast.out.phy ? qos->ucast.out.phy :
# 3554|   							qos->ucast.in.phy;
# 3555|-> 	cp->cis[0].c_rtn = qos->ucast.in.rtn;
# 3556|   	cp->cis[0].p_rtn = qos->ucast.out.rtn;
# 3557|   

Error: CPPCHECK_WARNING (CWE-476): [#def41]
bluez-5.81/emulator/bthost.c:3556: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cp
# 3554|   							qos->ucast.in.phy;
# 3555|   	cp->cis[0].c_rtn = qos->ucast.in.rtn;
# 3556|-> 	cp->cis[0].p_rtn = qos->ucast.out.rtn;
# 3557|   
# 3558|   	send_command(bthost, BT_HCI_CMD_LE_SET_CIG_PARAMS, cp,

Error: CPPCHECK_WARNING (CWE-476): [#def42]
bluez-5.81/emulator/bthost.c:3569: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cp
# 3567|   
# 3568|   	cp = malloc(sizeof(*cp) + sizeof(*cp->cis));
# 3569|-> 	memset(cp, 0, sizeof(*cp) + sizeof(*cp->cis));
# 3570|   	cp->num_cis = 0x01;
# 3571|   	cp->cis[0].cis_handle = cpu_to_le16(cis_handle);

Error: CPPCHECK_WARNING (CWE-476): [#def43]
bluez-5.81/emulator/bthost.c:3570: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cp
# 3568|   	cp = malloc(sizeof(*cp) + sizeof(*cp->cis));
# 3569|   	memset(cp, 0, sizeof(*cp) + sizeof(*cp->cis));
# 3570|-> 	cp->num_cis = 0x01;
# 3571|   	cp->cis[0].cis_handle = cpu_to_le16(cis_handle);
# 3572|   	cp->cis[0].acl_handle = cpu_to_le16(acl_handle);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def44]
bluez-5.81/emulator/bthost.c:3570:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘cp’
bluez-5.81/emulator/bthost.c:3568:14: acquire_memory: this call could return NULL
bluez-5.81/emulator/bthost.c:3570:9: danger: ‘cp’ could be NULL: unchecked value from [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
# 3568|   	cp = malloc(sizeof(*cp) + sizeof(*cp->cis));
# 3569|   	memset(cp, 0, sizeof(*cp) + sizeof(*cp->cis));
# 3570|-> 	cp->num_cis = 0x01;
# 3571|   	cp->cis[0].cis_handle = cpu_to_le16(cis_handle);
# 3572|   	cp->cis[0].acl_handle = cpu_to_le16(acl_handle);

Error: CPPCHECK_WARNING (CWE-476): [#def45]
bluez-5.81/emulator/bthost.c:3571: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cp
# 3569|   	memset(cp, 0, sizeof(*cp) + sizeof(*cp->cis));
# 3570|   	cp->num_cis = 0x01;
# 3571|-> 	cp->cis[0].cis_handle = cpu_to_le16(cis_handle);
# 3572|   	cp->cis[0].acl_handle = cpu_to_le16(acl_handle);
# 3573|   

Error: CPPCHECK_WARNING (CWE-476): [#def46]
bluez-5.81/emulator/bthost.c:3572: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cp
# 3570|   	cp->num_cis = 0x01;
# 3571|   	cp->cis[0].cis_handle = cpu_to_le16(cis_handle);
# 3572|-> 	cp->cis[0].acl_handle = cpu_to_le16(acl_handle);
# 3573|   
# 3574|   	send_command(bthost, BT_HCI_CMD_LE_CREATE_CIS, cp,

Error: CPPCHECK_WARNING (CWE-457): [#def47]
bluez-5.81/emulator/serial.c:150: error[legacyUninitvar]: Uninitialized variable: type
#  148|   static void open_pty(struct serial *serial)
#  149|   {
#  150|-> 	enum btdev_type uninitialized_var(type);
#  151|   
#  152|   	serial->fd = posix_openpt(O_RDWR | O_NOCTTY);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def48]
bluez-5.81/emulator/serial.c:191:25: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘type’
bluez-5.81/emulator/serial.c:153:12: branch_false: following ‘false’ branch...
bluez-5.81/emulator/serial.c:158:13: branch_false: ...to here
bluez-5.81/emulator/serial.c:158:12: branch_false: following ‘false’ branch...
bluez-5.81/emulator/serial.c:165:13: branch_false: ...to here
bluez-5.81/emulator/serial.c:165:12: branch_false: following ‘false’ branch...
bluez-5.81/emulator/serial.c:172:31: branch_false: ...to here
 branch_false: following ‘false’ branch...
bluez-5.81/emulator/serial.c:191:44: branch_false: ...to here
bluez-5.81/emulator/serial.c:191:25: danger: use of uninitialized value ‘type’ here
#  189|   	}
#  190|   
#  191|-> 	serial->btdev = btdev_create(type, serial->id);
#  192|   	if (!serial->btdev) {
#  193|   		close(serial->fd);

Error: CPPCHECK_WARNING (CWE-457): [#def49]
bluez-5.81/emulator/serial.c:213: error[legacyUninitvar]: Uninitialized variable: dev_type
#  211|   {
#  212|   	struct serial *serial;
#  213|-> 	enum btdev_type uninitialized_var(dev_type);
#  214|   
#  215|   	serial = malloc(sizeof(*serial));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def50]
bluez-5.81/emulator/server.c:182:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘((struct server)*(void *)user_data).fd’
bluez-5.81/emulator/server.c:196:13: enter_function: entry to ‘server_accept_callback’
bluez-5.81/emulator/server.c:202:12: branch_false: following ‘false’ branch...
bluez-5.81/emulator/server.c:207:18: branch_false: ...to here
bluez-5.81/emulator/server.c:208:12: branch_false: following ‘false’ branch (when ‘client’ is non-NULL)...
bluez-5.81/emulator/server.c:211:9: branch_false: ...to here
bluez-5.81/emulator/server.c:213:22: call_function: calling ‘accept_client’ from ‘server_accept_callback’
#  180|   	if (getsockname(fd, (struct sockaddr *) &addr, &len) < 0) {
#  181|   		perror("Failed to get socket name");
#  182|-> 		return -1;
#  183|   	}
#  184|   

Error: CPPCHECK_WARNING (CWE-457): [#def51]
bluez-5.81/emulator/server.c:200: error[legacyUninitvar]: Uninitialized variable: type
#  198|   	struct server *server = user_data;
#  199|   	struct client *client;
#  200|-> 	enum btdev_type uninitialized_var(type);
#  201|   
#  202|   	if (events & (EPOLLERR | EPOLLHUP)) {

Error: GCC_ANALYZER_WARNING (CWE-688): [#def52]
bluez-5.81/gdbus/client.c:493:21: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
bluez-5.81/gdbus/client.c:1204:13: enter_function: entry to 'parse_interfaces'
bluez-5.81/gdbus/client.c:1214:16: branch_true: following 'true' branch...
bluez-5.81/gdbus/client.c:1218:17: branch_true: ...to here
bluez-5.81/gdbus/client.c:1220:20: branch_false: following 'false' branch...
bluez-5.81/gdbus/client.c:1223:17: branch_false: ...to here
bluez-5.81/gdbus/client.c:1226:17: call_function: calling 'parse_properties' from 'parse_interfaces'
#  491|   			(*index)++;
#  492|   
#  493|-> 		if (g_str_equal(proxy_iface, interface) == TRUE &&
#  494|   			g_str_equal(proxy_path, path) == TRUE)
#  495|   			return proxy;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def53]
bluez-5.81/gdbus/object.c:778:17: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
bluez-5.81/gdbus/object.c:1971:10: enter_function: entry to 'g_dbus_detach_object_manager'
bluez-5.81/gdbus/object.c:1973:14: call_function: calling 'g_dbus_unregister_interface' from 'g_dbus_detach_object_manager'
#  776|   
#  777|   	parent_path = g_strdup(child_path);
#  778|-> 	slash = strrchr(parent_path, '/');
#  779|   	if (slash == NULL)
#  780|   		goto done;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def54]
bluez-5.81/gdbus/object.c:813:13: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/gdbus/object.c:1955:10: enter_function: entry to 'g_dbus_attach_object_manager'
bluez-5.81/gdbus/object.c:1959:16: call_function: calling 'object_path_ref' from 'g_dbus_attach_object_manager'
#  811|   		goto done;
#  812|   
#  813|-> 	if (g_slist_find(parent->objects, child))
#  814|   		goto done;
#  815|   

Error: GCC_ANALYZER_WARNING (CWE-131): [#def55]
bluez-5.81/gobex/gobex-apparam.c:43:15: warning[-Wanalyzer-allocation-size]: allocated buffer size is not a multiple of the pointee's size
bluez-5.81/gobex/gobex-apparam.c:182:15: enter_function: entry to ‘g_obex_apparam_set_uint16’
bluez-5.81/gobex/gobex-apparam.c:189:16: call_function: calling ‘g_obex_apparam_set_bytes’ from ‘g_obex_apparam_set_uint16’
#   41|   	struct apparam_tag *tag;
#   42|   
#   43|-> 	tag = g_malloc0(2 + len);
#   44|   	tag->id = id;
#   45|   	tag->len = len;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def56]
bluez-5.81/gobex/gobex-header.c:563:31: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘hdr’
bluez-5.81/gobex/gobex-header.c:523:9: enter_function: entry to ‘g_obex_header_create_list’
bluez-5.81/gobex/gobex-header.c:533:16: branch_true: following ‘true’ branch (when ‘id != 0’)...
bluez-5.81/gobex/gobex-header.c:540:25: branch_true: ...to here
bluez-5.81/gobex/gobex-header.c:543:31: call_function: calling ‘g_obex_header_new_unicode’ from ‘g_obex_header_create_list’
bluez-5.81/gobex/gobex-header.c:543:31: return_function: returning to ‘g_obex_header_create_list’ from ‘g_obex_header_new_unicode’
bluez-5.81/gobex/gobex-header.c:563:31: danger: dereference of NULL ‘hdr’
#  561|   
#  562|   		l = g_slist_append(l, hdr);
#  563|-> 		*total_len += hdr->hlen;
#  564|   		id = va_arg(args, int);
#  565|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def57]
bluez-5.81/lib/sdp.c:4674:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'socket(1, 524289, 0)'
bluez-5.81/lib/sdp.c:4666:25: acquire_resource: socket created here
bluez-5.81/lib/sdp.c:4667:12: branch_false: following 'false' branch...
bluez-5.81/lib/sdp.c:4669:9: branch_false: ...to here
bluez-5.81/lib/sdp.c:4674:16: danger: 'socket(1, 524289, 0)' leaks here
# 4672|   	strcpy(sa.sun_path, SDP_UNIX_PATH);
# 4673|   
# 4674|-> 	return connect(session->sock, (struct sockaddr *) &sa, sizeof(sa));
# 4675|   }
# 4676|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def58]
bluez-5.81/lib/sdp.c:4722:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'socket(31, sockflags, 0)'
bluez-5.81/lib/sdp.c:4708:25: acquire_resource: socket created here
bluez-5.81/lib/sdp.c:4709:12: branch_false: following 'false' branch...
bluez-5.81/lib/sdp.c:4711:9: branch_false: ...to here
bluez-5.81/lib/sdp.c:4720:12: branch_true: following 'true' branch...
bluez-5.81/lib/sdp.c:4721:17: branch_true: ...to here
bluez-5.81/lib/sdp.c:4722:20: danger: 'socket(31, sockflags, 0)' leaks here
# 4720|   	if (bacmp(src, BDADDR_ANY)) {
# 4721|   		sa.l2_bdaddr = *src;
# 4722|-> 		if (bind(sk, (struct sockaddr *) &sa, sizeof(sa)) < 0)
# 4723|   			return -1;
# 4724|   	}

Error: GCC_ANALYZER_WARNING (CWE-666): [#def59]
bluez-5.81/lib/sdp.c:4740:27: warning[-Wanalyzer-fd-phase-mismatch]: 'connect' on file descriptor '*session.sock' in wrong phase
bluez-5.81/lib/sdp.c:4708:25: acquire_resource: socket created here
bluez-5.81/lib/sdp.c:4709:12: branch_false: following 'false' branch...
bluez-5.81/lib/sdp.c:4711:9: branch_false: ...to here
bluez-5.81/lib/sdp.c:4720:12: branch_true: following 'true' branch...
bluez-5.81/lib/sdp.c:4721:17: branch_true: ...to here
bluez-5.81/lib/sdp.c:4722:20: branch_false: following 'false' branch...
bluez-5.81/lib/sdp.c:4726:12: branch_false: ...to here
bluez-5.81/lib/sdp.c:4726:12: branch_false: following 'false' branch...
bluez-5.81/lib/sdp.c:4732:12: branch_false: ...to here
bluez-5.81/lib/sdp.c:4732:12: branch_false: following 'false' branch...
bluez-5.81/lib/sdp.c:4736:9: branch_false: ...to here
bluez-5.81/lib/sdp.c:4740:27: danger: 'connect' expects a new socket file descriptor but '*session.sock' is bound
# 4738|   
# 4739|   	do {
# 4740|-> 		int ret = connect(sk, (struct sockaddr *) &sa, sizeof(sa));
# 4741|   		if (!ret)
# 4742|   			return 0;

Error: GCC_ANALYZER_WARNING (CWE-666): [#def60]
bluez-5.81/lib/sdp.c:4740:27: warning[-Wanalyzer-fd-phase-mismatch]: 'connect' on file descriptor 'socket(31, sockflags, 0)' in wrong phase
bluez-5.81/lib/sdp.c:4708:25: acquire_resource: socket created here
bluez-5.81/lib/sdp.c:4709:12: branch_false: following 'false' branch...
bluez-5.81/lib/sdp.c:4711:9: branch_false: ...to here
bluez-5.81/lib/sdp.c:4720:12: branch_true: following 'true' branch...
bluez-5.81/lib/sdp.c:4721:17: branch_true: ...to here
bluez-5.81/lib/sdp.c:4722:20: branch_false: following 'false' branch...
bluez-5.81/lib/sdp.c:4726:12: branch_false: ...to here
bluez-5.81/lib/sdp.c:4726:12: branch_false: following 'false' branch...
bluez-5.81/lib/sdp.c:4732:12: branch_false: ...to here
bluez-5.81/lib/sdp.c:4732:12: branch_false: following 'false' branch...
bluez-5.81/lib/sdp.c:4736:9: branch_false: ...to here
bluez-5.81/lib/sdp.c:4741:20: branch_false: following 'false' branch...
bluez-5.81/lib/sdp.c:4743:20: branch_false: ...to here
bluez-5.81/lib/sdp.c:4743:20: branch_true: following 'true' branch...
bluez-5.81/lib/sdp.c:4743:21: branch_true: ...to here
bluez-5.81/lib/sdp.c:4746:18: branch_true: following 'true' branch...
bluez-5.81/lib/sdp.c:4740:27: danger: 'connect' expects a new socket file descriptor but 'socket(31, sockflags, 0)' is bound
# 4738|   
# 4739|   	do {
# 4740|-> 		int ret = connect(sk, (struct sockaddr *) &sa, sizeof(sa));
# 4741|   		if (!ret)
# 4742|   			return 0;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def61]
bluez-5.81/mesh/mesh-io-unit.c:239:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*(struct mesh_io_private *)<unknown>.fd’
bluez-5.81/mesh/mesh-io-unit.c:220:12: branch_false: following ‘false’ branch...
bluez-5.81/mesh/mesh-io-unit.c:232:12: branch_false: following ‘false’ branch...
bluez-5.81/mesh/mesh-io-unit.c:235:9: branch_false: ...to here
bluez-5.81/mesh/mesh-io-unit.c:239:12: danger: ‘*(struct mesh_io_private *)<unknown>.fd’ leaks here
#  237|   						strlen(pvt->addr.sun_path);
#  238|   
#  239|-> 	if (bind(pvt->fd, (struct sockaddr *) &pvt->addr, size) < 0)
#  240|   		goto fail;
#  241|   

Error: GCC_ANALYZER_WARNING (CWE-126): [#def62]
bluez-5.81/mesh/net.c:1350:25: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
bluez-5.81/mesh/net.c:3805:13: enter_function: entry to ‘hb_pub_timeout_func’
bluez-5.81/mesh/net.c:3810:9: call_function: calling ‘send_hb_publication’ from ‘hb_pub_timeout_func’
# 1348|   
# 1349|   		for (i = 0; i <= seg_max; i++) {
# 1350|-> 			memcpy(frnd_msg->u.s12[i].data, data, 12);
# 1351|   			frnd_msg->u.s12[i].hdr = hdr;
# 1352|   			frnd_msg->u.s12[i].seq = seqAuth + i;

Error: CPPCHECK_WARNING (CWE-457): [#def63]
bluez-5.81/mesh/net.c:2215: error[uninitvar]: Uninitialized variable: msg
# 2213|   		mesh_net_transport_send(net, 0, 0, mesh_net_get_iv_index(net),
# 2214|   					rsp_ttl, 0, dst & 0x8000 ? 0 : dst,
# 2215|-> 					src, msg, n);
# 2216|   
# 2217|   	return true;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def64]
bluez-5.81/mesh/node.c:1550:33: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
bluez-5.81/mesh/node.c:1550:12: branch_true: following ‘true’ branch...
bluez-5.81/mesh/node.c:1550:33: branch_true: ...to here
bluez-5.81/mesh/node.c:1550:33: danger: argument 1 (‘node_get_comp(node, 0, & node_len)’) NULL where non-null expected
# 1548|   	node_del_comp(node, 128);
# 1549|   
# 1550|-> 	if (len == node_len && !memcmp(node_comp, comp, len))
# 1551|   		return true;
# 1552|   

Error: CPPCHECK_WARNING (CWE-457): [#def65]
bluez-5.81/mesh/node.c:2153: error[uninitvar]: Uninitialized variable: data
# 2151|   
# 2152|   	if (!update) {
# 2153|-> 		l_put_be16(OP_NETKEY_ADD, data);
# 2154|   
# 2155|   		if (key.phase != KEY_REFRESH_PHASE_TWO)

Error: GCC_ANALYZER_WARNING (CWE-465): [#def66]
bluez-5.81/mesh/prov-acceptor.c:687:12: warning[-Wanalyzer-deref-before-check]: check of ‘prov’ for NULL after already dereferencing it
bluez-5.81/mesh/prov-acceptor.c:439:12: branch_false: following ‘false’ branch...
bluez-5.81/mesh/prov-acceptor.c:439:33: branch_false: ...to here
bluez-5.81/mesh/prov-acceptor.c:439:13: branch_false: following ‘false’ branch...
bluez-5.81/mesh/prov-acceptor.c:442:9: branch_false: ...to here
bluez-5.81/mesh/prov-acceptor.c:445:12: branch_false: following ‘false’ branch (when ‘type <= 9’)...
bluez-5.81/mesh/prov-acceptor.c:451:13: branch_false: ...to here
bluez-5.81/mesh/prov-acceptor.c:451:12: branch_false: following ‘false’ branch...
bluez-5.81/mesh/prov-acceptor.c:454:20: branch_false: ...to here
bluez-5.81/mesh/prov-acceptor.c:454:19: branch_false: following ‘false’ branch...
bluez-5.81/mesh/prov-acceptor.c:461:12: branch_false: following ‘false’ branch...
bluez-5.81/mesh/prov-acceptor.c:468:9: branch_false: ...to here
bluez-5.81/mesh/prov-acceptor.c:687:12: danger: pointer ‘prov’ is checked for NULL here but it was already dereferenced at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  685|   	}
#  686|   
#  687|-> 	if (prov)
#  688|   		prov->previous = type;
#  689|   	return;

Error: GCC_ANALYZER_WARNING (CWE-465): [#def67]
bluez-5.81/mesh/prov-initiator.c:839:12: warning[-Wanalyzer-deref-before-check]: check of ‘prov’ for NULL after already dereferencing it
bluez-5.81/mesh/prov-initiator.c:663:12: branch_false: following ‘false’ branch...
bluez-5.81/mesh/prov-initiator.c:663:33: branch_false: ...to here
bluez-5.81/mesh/prov-initiator.c:663:13: branch_false: following ‘false’ branch...
bluez-5.81/mesh/prov-initiator.c:666:9: branch_false: ...to here
bluez-5.81/mesh/prov-initiator.c:669:12: branch_false: following ‘false’ branch...
bluez-5.81/mesh/prov-initiator.c:672:27: branch_false: ...to here
bluez-5.81/mesh/prov-initiator.c:672:19: branch_false: following ‘false’ branch...
bluez-5.81/mesh/prov-initiator.c:678:12: branch_false: following ‘false’ branch (when ‘type <= 9’)...
bluez-5.81/mesh/prov-initiator.c:684:20: branch_false: ...to here
bluez-5.81/mesh/prov-initiator.c:684:12: branch_false: following ‘false’ branch...
bluez-5.81/mesh/prov-initiator.c:691:9: branch_false: ...to here
bluez-5.81/mesh/prov-initiator.c:839:12: danger: pointer ‘prov’ is checked for NULL here but it was already dereferenced at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  837|   	}
#  838|   
#  839|-> 	if (prov)
#  840|   		prov->previous = type;
#  841|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def68]
bluez-5.81/monitor/bnep.c:62:62: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘addr[5]’
bluez-5.81/monitor/bnep.c:212:13: enter_function: entry to ‘filter_multaddr_req’
bluez-5.81/monitor/bnep.c:219:14: call_function: calling ‘l2cap_frame_get_be16’ from ‘filter_multaddr_req’
bluez-5.81/monitor/bnep.c:219:14: return_function: returning to ‘filter_multaddr_req’ from ‘l2cap_frame_get_be16’
bluez-5.81/monitor/bnep.c:219:12: branch_true: following ‘true’ branch...
bluez-5.81/monitor/bnep.c:222:9: branch_true: ...to here
bluez-5.81/monitor/bnep.c:224:21: branch_true: following ‘true’ branch...
bluez-5.81/monitor/bnep.c:226:22: branch_true: ...to here
bluez-5.81/monitor/bnep.c:226:22: call_function: calling ‘get_macaddr’ from ‘filter_multaddr_req’
#   60|   
#   61|   	sprintf(str, "%02x:%02x:%02x:%02x:%02x:%02x",
#   62|-> 		addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]);
#   63|   
#   64|   	return true;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def69]
bluez-5.81/monitor/display.c:107:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd[0]’
bluez-5.81/monitor/display.c:106:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:109:17: branch_false: ...to here
bluez-5.81/monitor/display.c:115:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:118:9: branch_false: ...to here
bluez-5.81/monitor/display.c:120:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:125:22: branch_false: ...to here
bluez-5.81/monitor/display.c:134:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:158:13: branch_false: ...to here
bluez-5.81/monitor/display.c:158:12: branch_true: following ‘true’ branch...
bluez-5.81/monitor/display.c:159:17: branch_true: ...to here
bluez-5.81/monitor/display.c:107:17: danger: ‘fd[0]’ leaks here
#  105|   
#  106|   	if (pager_pid > 0)
#  107|-> 		return;
#  108|   
#  109|   	pager = getenv("PAGER");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def70]
bluez-5.81/monitor/display.c:107:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd[1]’
bluez-5.81/monitor/display.c:106:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:109:17: branch_false: ...to here
bluez-5.81/monitor/display.c:115:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:118:9: branch_false: ...to here
bluez-5.81/monitor/display.c:120:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:125:22: branch_false: ...to here
bluez-5.81/monitor/display.c:134:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:158:13: branch_false: ...to here
bluez-5.81/monitor/display.c:158:12: branch_true: following ‘true’ branch...
bluez-5.81/monitor/display.c:159:17: branch_true: ...to here
bluez-5.81/monitor/display.c:107:17: danger: ‘fd[1]’ leaks here
#  105|   
#  106|   	if (pager_pid > 0)
#  107|-> 		return;
#  108|   
#  109|   	pager = getenv("PAGER");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def71]
bluez-5.81/monitor/display.c:158:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(fd[1], 1)’
bluez-5.81/monitor/display.c:106:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:109:17: branch_false: ...to here
bluez-5.81/monitor/display.c:115:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:118:9: branch_false: ...to here
bluez-5.81/monitor/display.c:120:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:125:22: branch_false: ...to here
bluez-5.81/monitor/display.c:128:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:134:12: branch_false: ...to here
bluez-5.81/monitor/display.c:134:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:158:13: branch_false: ...to here
bluez-5.81/monitor/display.c:158:13: acquire_resource: opened here
bluez-5.81/monitor/display.c:158:12: danger: ‘dup2(fd[1], 1)’ leaks here; was opened at [(13)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/12)
#  156|   	}
#  157|   
#  158|-> 	if (dup2(fd[1], STDOUT_FILENO) < 0) {
#  159|   		perror("Failed to duplicate pager pipe");
#  160|   		return;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def72]
bluez-5.81/monitor/display.c:164:1: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd[0]’
bluez-5.81/monitor/display.c:100:6: enter_function: entry to ‘open_pager’
bluez-5.81/monitor/display.c:106:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:109:17: branch_false: ...to here
bluez-5.81/monitor/display.c:115:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:118:9: branch_false: ...to here
bluez-5.81/monitor/display.c:120:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:125:22: branch_false: ...to here
bluez-5.81/monitor/display.c:128:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:134:12: branch_false: ...to here
bluez-5.81/monitor/display.c:134:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:158:13: branch_false: ...to here
bluez-5.81/monitor/display.c:158:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:163:9: branch_false: ...to here
bluez-5.81/monitor/display.c:163:9: call_function: calling ‘close_pipe’ from ‘open_pager’
bluez-5.81/monitor/display.c:163:9: return_function: returning to ‘open_pager’ from ‘close_pipe’
bluez-5.81/monitor/display.c:164:1: danger: ‘fd[0]’ leaks here
#  162|   
#  163|   	close_pipe(fd);
#  164|-> }
#  165|   
#  166|   void close_pager(void)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def73]
bluez-5.81/monitor/display.c:164:1: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd[1]’
bluez-5.81/monitor/display.c:100:6: enter_function: entry to ‘open_pager’
bluez-5.81/monitor/display.c:106:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:109:17: branch_false: ...to here
bluez-5.81/monitor/display.c:115:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:118:9: branch_false: ...to here
bluez-5.81/monitor/display.c:120:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:125:22: branch_false: ...to here
bluez-5.81/monitor/display.c:128:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:134:12: branch_false: ...to here
bluez-5.81/monitor/display.c:134:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:158:13: branch_false: ...to here
bluez-5.81/monitor/display.c:158:12: branch_false: following ‘false’ branch...
bluez-5.81/monitor/display.c:163:9: branch_false: ...to here
bluez-5.81/monitor/display.c:163:9: call_function: calling ‘close_pipe’ from ‘open_pager’
bluez-5.81/monitor/display.c:163:9: return_function: returning to ‘open_pager’ from ‘close_pipe’
bluez-5.81/monitor/display.c:164:1: danger: ‘fd[1]’ leaks here
#  162|   
#  163|   	close_pipe(fd);
#  164|-> }
#  165|   
#  166|   void close_pager(void)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def74]
bluez-5.81/monitor/jlink.c:207:13: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘tok’
bluez-5.81/monitor/jlink.c:203:12: branch_false: following ‘false’ branch (when ‘cfg’ is non-NULL)...
bluez-5.81/monitor/jlink.c:206:15: branch_false: ...to here
bluez-5.81/monitor/jlink.c:207:13: danger: dereference of NULL ‘tok’
#  205|   
#  206|   	tok = strtok(cfg, ",");
#  207|-> 	if (strlen(tok)) {
#  208|   		address = strtol(tok, NULL, 0);
#  209|   		area_size = 0x1000;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def75]
bluez-5.81/obexd/client/bip.c:266:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*maxsize’
bluez-5.81/obexd/client/bip.c:280:21: enter_function: entry to ‘get_image’
bluez-5.81/obexd/client/bip.c:295:14: call_function: calling ‘parse_get_image_dict’ from ‘get_image’
#  264|   		*encoding = strdup("");
#  265|   
#  266|-> 	DBG("pixel: '%s' encoding: '%s' maxsize: '%lu' transform: '%s'",
#  267|   			*pixel, *encoding, *maxsize, *transform
#  268|   	);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def76]
bluez-5.81/obexd/plugins/messages-dummy.c:165:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘cur’
bluez-5.81/obexd/plugins/messages-dummy.c:176:17: enter_function: entry to ‘get_folder_listing’
bluez-5.81/obexd/plugins/messages-dummy.c:180:17: release_memory: ‘list’ is NULL
bluez-5.81/obexd/plugins/messages-dummy.c:182:13: call_function: calling ‘get_subdirs’ from ‘get_folder_listing’
bluez-5.81/obexd/plugins/messages-dummy.c:182:13: return_function: returning to ‘get_folder_listing’ from ‘get_subdirs’
bluez-5.81/obexd/plugins/messages-dummy.c:184:12: branch_false: following ‘false’ branch...
bluez-5.81/obexd/plugins/messages-dummy.c:189:13: branch_false: ...to here
bluez-5.81/obexd/plugins/messages-dummy.c:189:12: branch_false: following ‘false’ branch...
bluez-5.81/obexd/plugins/messages-dummy.c:194:9: branch_false: ...to here
bluez-5.81/obexd/plugins/messages-dummy.c:194:9: release_memory: ‘list’ is NULL
bluez-5.81/obexd/plugins/messages-dummy.c:194:9: call_function: calling ‘return_folder_listing’ from ‘get_folder_listing’
#  163|   
#  164|   	for (cur = list; offs < fld->offset; offs++) {
#  165|-> 		cur = cur->next;
#  166|   		if (cur == NULL)
#  167|   			break;

Error: CPPCHECK_WARNING (CWE-570): [#def77]
bluez-5.81/obexd/src/log.c:85: error[comparePointers]: Comparing pointers that point to different objects
#   83|   	struct obex_debug_desc *desc;
#   84|   
#   85|-> 	for (desc = __start___debug; desc < __stop___debug; desc++)
#   86|   		desc->flags |= OBEX_DEBUG_FLAG_PRINT;
#   87|   }

Error: CPPCHECK_WARNING (CWE-570): [#def78]
bluez-5.81/obexd/src/log.c:98: error[comparePointers]: Comparing pointers that point to different objects
#   96|   		enabled = g_strsplit_set(debug, ":, ", 0);
#   97|   
#   98|-> 	for (desc = __start___debug; desc < __stop___debug; desc++) {
#   99|   		if (file != NULL || name != NULL) {
#  100|   			if (g_strcmp0(desc->file, file) == 0) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def79]
bluez-5.81/profiles/audio/a2dp.c:2812:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘*setup.rsep’
bluez-5.81/profiles/audio/a2dp.c:2791:13: enter_function: entry to ‘select_cb’
bluez-5.81/profiles/audio/a2dp.c:2797:12: branch_false: following ‘false’ branch...
bluez-5.81/profiles/audio/a2dp.c:2800:12: branch_false: ...to here
bluez-5.81/profiles/audio/a2dp.c:2800:12: branch_false: following ‘false’ branch (when ‘size < 0’)...
bluez-5.81/profiles/audio/a2dp.c:2805:22: branch_false: ...to here
bluez-5.81/profiles/audio/a2dp.c:2806:12: branch_false: following ‘false’ branch...
bluez-5.81/profiles/audio/a2dp.c:2811:23: branch_false: ...to here
bluez-5.81/profiles/audio/a2dp.c:2811:23: call_function: calling ‘find_remote_sep’ from ‘select_cb’
bluez-5.81/profiles/audio/a2dp.c:2811:23: return_function: returning to ‘select_cb’ from ‘find_remote_sep’
bluez-5.81/profiles/audio/a2dp.c:2811:9: release_memory: ‘*setup.rsep’ is NULL
bluez-5.81/profiles/audio/a2dp.c:2812:19: danger: dereference of NULL ‘find_remote_sep(*setup.chan,  queue_pop_head(*setup.eps))’
# 2810|   
# 2811|   	setup->rsep = find_remote_sep(setup->chan, setup->sep);
# 2812|-> 	service = avdtp_get_codec(setup->rsep->sep);
# 2813|   	codec = (struct avdtp_media_codec_capability *) service->data;
# 2814|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def80]
bluez-5.81/profiles/audio/a2dp.c:2858:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
bluez-5.81/profiles/audio/a2dp.c:2828:22: enter_function: entry to ‘a2dp_find_eps’
bluez-5.81/profiles/audio/a2dp.c:2831:37: call_function: calling ‘find_channel’ from ‘a2dp_find_eps’
bluez-5.81/profiles/audio/a2dp.c:2831:37: return_function: returning to ‘a2dp_find_eps’ from ‘find_channel’
bluez-5.81/profiles/audio/a2dp.c:2834:16: branch_true: following ‘true’ branch (when ‘list’ is non-NULL)...
bluez-5.81/profiles/audio/a2dp.c:2835:34: branch_true: ...to here
bluez-5.81/profiles/audio/a2dp.c:2851:20: branch_false: following ‘false’ branch...
bluez-5.81/profiles/audio/a2dp.c:2854:20: branch_false: ...to here
bluez-5.81/profiles/audio/a2dp.c:2854:20: branch_true: following ‘true’ branch (when ‘seps’ is NULL)...
bluez-5.81/profiles/audio/a2dp.c:2855:32: branch_true: ...to here
bluez-5.81/profiles/audio/a2dp.c:2858:21: danger: dereference of NULL ‘find_channel(session)’
# 2856|   
# 2857|   		/* Prepend last used so it is preferred over others */
# 2858|-> 		if (chan->last_used && (chan->last_used->lsep == sep &&
# 2859|   					chan->last_used->rsep->sep == rsep))
# 2860|   			queue_push_head(seps, sep);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def81]
bluez-5.81/profiles/audio/avrcp.c:742:14: warning[-Wanalyzer-null-argument]: use of NULL ‘status’ where non-null expected
bluez-5.81/profiles/audio/avrcp.c:4572:6: enter_function: entry to ‘avrcp_unregister_player’
bluez-5.81/profiles/audio/avrcp.c:4580:36: branch_true: following ‘true’ branch (when ‘l’ is non-NULL)...
bluez-5.81/profiles/audio/avrcp.c:4581:31: branch_true: ...to here
bluez-5.81/profiles/audio/avrcp.c:4595:25: call_function: calling ‘notify_addressed_player_changed’ from ‘avrcp_unregister_player’
#  740|   static int play_status_to_val(const char *status)
#  741|   {
#  742|-> 	if (!strcasecmp(status, "stopped"))
#  743|   		return AVRCP_PLAY_STATUS_STOPPED;
#  744|   	else if (!strcasecmp(status, "playing"))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def82]
bluez-5.81/profiles/audio/avrcp.c:825:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘data’
bluez-5.81/profiles/audio/avrcp.c:4572:6: enter_function: entry to ‘avrcp_unregister_player’
bluez-5.81/profiles/audio/avrcp.c:4580:36: branch_true: following ‘true’ branch (when ‘l’ is non-NULL)...
bluez-5.81/profiles/audio/avrcp.c:4581:31: branch_true: ...to here
bluez-5.81/profiles/audio/avrcp.c:4595:25: call_function: calling ‘notify_addressed_player_changed’ from ‘avrcp_unregister_player’
#  823|   	case AVRCP_EVENT_TRACK_CHANGED:
#  824|   		size = 9;
#  825|-> 		memcpy(&pdu->params[1], data, sizeof(uint64_t));
#  826|   
#  827|   		break;

Error: CPPCHECK_WARNING (CWE-457): [#def83]
bluez-5.81/profiles/audio/avrcp.c:2377: warning[uninitvar]: Uninitialized variable: attrs
# 2375|   	pdu->params[0] = count;
# 2376|   
# 2377|-> 	memcpy(pdu->params + 1, attrs, count);
# 2378|   
# 2379|   	avctp_send_vendordep_req(session->conn, AVC_CTYPE_STATUS,

Error: GCC_ANALYZER_WARNING (CWE-688): [#def84]
bluez-5.81/profiles/audio/player.c:1384:13: warning[-Wanalyzer-null-argument]: use of NULL ‘value’ where non-null expected
bluez-5.81/profiles/audio/player.c:1353:6: enter_function: entry to ‘media_player_set_setting’
bluez-5.81/profiles/audio/player.c:1361:12: branch_false: following ‘false’ branch...
bluez-5.81/profiles/audio/player.c:1371:18: branch_false: ...to here
bluez-5.81/profiles/audio/player.c:1372:12: branch_false: following ‘false’ branch...
bluez-5.81/profiles/audio/player.c:1375:59: call_function: inlined call to ‘g_strdup_inline’ from ‘media_player_set_setting’
bluez-5.81/profiles/audio/player.c:1380:13: call_function: calling ‘find_pending’ from ‘media_player_set_setting’
bluez-5.81/profiles/audio/player.c:1380:13: return_function: returning to ‘media_player_set_setting’ from ‘find_pending’
bluez-5.81/profiles/audio/player.c:1381:12: branch_false: following ‘false’ branch...
bluez-5.81/profiles/audio/player.c:1384:13: branch_false: ...to here
bluez-5.81/profiles/audio/player.c:1384:13: danger: argument 1 (‘value’) NULL where non-null expected
# 1382|   		return;
# 1383|   
# 1384|-> 	if (strcasecmp(value, p->value) == 0)
# 1385|   		g_dbus_pending_property_success(p->id);
# 1386|   	else

Error: GCC_ANALYZER_WARNING (CWE-666): [#def85]
bluez-5.81/profiles/cups/hcrp.c:213:13: warning[-Wanalyzer-fd-phase-mismatch]: ‘connect’ on file descriptor ‘ctrl_sk’ in wrong phase
bluez-5.81/profiles/cups/hcrp.c:187:24: acquire_resource: socket created here
bluez-5.81/profiles/cups/hcrp.c:187:12: branch_false: following ‘false’ branch (when ‘ctrl_sk >= 0’)...
bluez-5.81/profiles/cups/hcrp.c:195:9: branch_false: ...to here
bluez-5.81/profiles/cups/hcrp.c:199:12: branch_false: following ‘false’ branch...
bluez-5.81/profiles/cups/hcrp.c:208:9: branch_false: ...to here
bluez-5.81/profiles/cups/hcrp.c:213:13: danger: ‘connect’ expects a new socket file descriptor but ‘ctrl_sk’ is bound
#  211|   	addr.l2_psm = htobs(ctrl_psm);
#  212|   
#  213|-> 	if (connect(ctrl_sk, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
#  214|   		perror("ERROR: Can't connect to device");
#  215|   		close(ctrl_sk);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def86]
bluez-5.81/profiles/cups/main.c:768:55: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘b[5]’
bluez-5.81/profiles/cups/main.c:718:12: branch_false: following ‘false’ branch (when ‘argc != 1’)...
bluez-5.81/profiles/cups/main.c:723:19: branch_false: ...to here
bluez-5.81/profiles/cups/main.c:734:12: branch_false: following ‘false’ branch...
bluez-5.81/profiles/cups/main.c:741:12: branch_false: ...to here
bluez-5.81/profiles/cups/main.c:741:12: branch_false: following ‘false’ branch (when ‘argc != 6’)...
bluez-5.81/profiles/cups/main.c:745:27: branch_false: ...to here
bluez-5.81/profiles/cups/main.c:745:20: branch_false: following ‘false’ branch...
bluez-5.81/profiles/cups/main.c:749:26: branch_false: ...to here
bluez-5.81/profiles/cups/main.c:756:12: branch_false: following ‘false’ branch...
bluez-5.81/profiles/cups/main.c:761:15: branch_false: ...to here
bluez-5.81/profiles/cups/main.c:762:21: branch_true: following ‘true’ branch (when ‘i != 6’)...
bluez-5.81/profiles/cups/main.c:763:17: branch_true: ...to here
bluez-5.81/profiles/cups/main.c:762:21: branch_false: following ‘false’ branch (when ‘i == 6’)...
bluez-5.81/profiles/cups/main.c:768:55: branch_false: ...to here
bluez-5.81/profiles/cups/main.c:768:55: danger: use of uninitialized value ‘b[5]’ here
#  766|   	}
#  767|   	sprintf(device, "%2.2X:%2.2X:%2.2X:%2.2X:%2.2X:%2.2X",
#  768|-> 			b[0], b[1], b[2], b[3], b[4], b[5]);
#  769|   
#  770|   	str2ba(device, &bdaddr);

Error: GCC_ANALYZER_WARNING (CWE-666): [#def87]
bluez-5.81/profiles/cups/spp.c:59:13: warning[-Wanalyzer-fd-phase-mismatch]: ‘connect’ on file descriptor ‘sk’ in wrong phase
bluez-5.81/profiles/cups/spp.c:34:19: acquire_resource: stream socket created here
bluez-5.81/profiles/cups/spp.c:34:12: branch_false: following ‘false’ branch (when ‘sk >= 0’)...
bluez-5.81/profiles/cups/spp.c:42:9: branch_false: ...to here
bluez-5.81/profiles/cups/spp.c:46:12: branch_false: following ‘false’ branch...
bluez-5.81/profiles/cups/spp.c:55:9: branch_false: ...to here
bluez-5.81/profiles/cups/spp.c:59:13: danger: ‘connect’ expects a new socket file descriptor but ‘sk’ is bound
#   57|   	addr.rc_channel = channel;
#   58|   
#   59|-> 	if (connect(sk, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
#   60|   		perror("ERROR: Can't connect to device");
#   61|   		close(sk);

Error: CPPCHECK_WARNING (CWE-476): [#def88]
bluez-5.81/src/adv_monitor.c:976: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: monitor->merged_pattern
#  974|   
#  975|   	monitor->merged_pattern = malloc0(sizeof(*monitor->merged_pattern));
#  976|-> 	monitor->merged_pattern->current_state = MERGED_PATTERN_STATE_STABLE;
#  977|   	monitor->merged_pattern->next_state = MERGED_PATTERN_STATE_STABLE;
#  978|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def89]
bluez-5.81/src/adv_monitor.c:976:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*monitor.merged_pattern’
bluez-5.81/src/adv_monitor.c:975:35: acquire_memory: this call could return NULL
bluez-5.81/src/adv_monitor.c:976:9: danger: ‘calloc(1, 56)’ could be NULL: unchecked value from [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  974|   
#  975|   	monitor->merged_pattern = malloc0(sizeof(*monitor->merged_pattern));
#  976|-> 	monitor->merged_pattern->current_state = MERGED_PATTERN_STATE_STABLE;
#  977|   	monitor->merged_pattern->next_state = MERGED_PATTERN_STATE_STABLE;
#  978|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def90]
bluez-5.81/src/adv_monitor.c:976:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘calloc(1, 56)’
bluez-5.81/src/adv_monitor.c:1192:13: enter_function: entry to ‘monitor_proxy_added_cb’
bluez-5.81/src/adv_monitor.c:1202:12: branch_false: following ‘false’ branch (when the strings are equal)...
bluez-5.81/src/adv_monitor.c:1203:18: branch_false: ...to here
bluez-5.81/src/adv_monitor.c:1202:13: branch_false: following ‘false’ branch...
bluez-5.81/src/adv_monitor.c:1207:13: branch_false: ...to here
bluez-5.81/src/adv_monitor.c:1207:12: branch_false: following ‘false’ branch...
bluez-5.81/src/adv_monitor.c:1214:19: branch_false: ...to here
bluez-5.81/src/adv_monitor.c:1214:19: call_function: calling ‘monitor_new’ from ‘monitor_proxy_added_cb’
bluez-5.81/src/adv_monitor.c:1214:19: return_function: returning to ‘monitor_proxy_added_cb’ from ‘monitor_new’
bluez-5.81/src/adv_monitor.c:1215:12: branch_false: following ‘false’ branch...
bluez-5.81/src/adv_monitor.c:1222:14: branch_false: ...to here
bluez-5.81/src/adv_monitor.c:1222:14: call_function: calling ‘monitor_process’ from ‘monitor_proxy_added_cb’
#  974|   
#  975|   	monitor->merged_pattern = malloc0(sizeof(*monitor->merged_pattern));
#  976|-> 	monitor->merged_pattern->current_state = MERGED_PATTERN_STATE_STABLE;
#  977|   	monitor->merged_pattern->next_state = MERGED_PATTERN_STATE_STABLE;
#  978|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def91]
bluez-5.81/src/battery.c:222:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘battery’
bluez-5.81/src/battery.c:279:13: enter_function: entry to ‘provided_battery_added_cb’
bluez-5.81/src/battery.c:290:12: branch_false: following ‘false’ branch (when the strings are equal)...
bluez-5.81/src/battery.c:294:13: branch_false: ...to here
bluez-5.81/src/battery.c:294:12: branch_false: following ‘false’ branch...
bluez-5.81/src/battery.c:299:9: branch_false: ...to here
bluez-5.81/src/battery.c:303:12: branch_false: following ‘false’ branch...
bluez-5.81/src/battery.c:309:12: branch_false: following ‘false’ branch...
bluez-5.81/src/battery.c:315:9: branch_false: ...to here
bluez-5.81/src/battery.c:318:12: branch_false: following ‘false’ branch...
bluez-5.81/src/battery.c:321:61: branch_false: ...to here
bluez-5.81/src/battery.c:328:12: branch_false: following ‘false’ branch...
bluez-5.81/src/battery.c:331:9: branch_false: ...to here
bluez-5.81/src/battery.c:333:9: call_function: calling ‘btd_battery_update’ from ‘provided_battery_added_cb’
#  220|   bool btd_battery_update(struct btd_battery *battery, uint8_t percentage)
#  221|   {
#  222|-> 	DBG("path = %s", battery->path);
#  223|   
#  224|   	if (!queue_find(batteries, NULL, battery)) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def92]
bluez-5.81/src/battery.c:234:13: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘battery’
bluez-5.81/src/battery.c:279:13: enter_function: entry to ‘provided_battery_added_cb’
bluez-5.81/src/battery.c:290:12: branch_false: following ‘false’ branch (when the strings are equal)...
bluez-5.81/src/battery.c:294:13: branch_false: ...to here
bluez-5.81/src/battery.c:294:12: branch_false: following ‘false’ branch...
bluez-5.81/src/battery.c:299:9: branch_false: ...to here
bluez-5.81/src/battery.c:303:12: branch_false: following ‘false’ branch...
bluez-5.81/src/battery.c:309:12: branch_false: following ‘false’ branch...
bluez-5.81/src/battery.c:315:9: branch_false: ...to here
bluez-5.81/src/battery.c:318:12: branch_false: following ‘false’ branch...
bluez-5.81/src/battery.c:321:61: branch_false: ...to here
bluez-5.81/src/battery.c:328:12: branch_false: following ‘false’ branch...
bluez-5.81/src/battery.c:331:9: branch_false: ...to here
bluez-5.81/src/battery.c:333:9: call_function: calling ‘btd_battery_update’ from ‘provided_battery_added_cb’
#  232|   	}
#  233|   
#  234|-> 	if (battery->percentage == percentage)
#  235|   		return true;
#  236|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def93]
bluez-5.81/src/device.c:6865:29: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘data’
bluez-5.81/src/device.c:6861:17: enter_function: entry to ‘device_bonding_retry’
bluez-5.81/src/device.c:6864:39: call_function: inlined call to ‘device_get_adapter’ from ‘device_bonding_retry’
bluez-5.81/src/device.c:6865:29: branch_true: ...to here
bluez-5.81/src/device.c:6865:29: danger: dereference of NULL ‘data’
# 6863|   	struct btd_device *device = data;
# 6864|   	struct btd_adapter *adapter = device_get_adapter(device);
# 6865|-> 	struct bonding_req *bonding = device->bonding;
# 6866|   	uint8_t io_cap;
# 6867|   	int err;

Error: CPPCHECK_WARNING (CWE-570): [#def94]
bluez-5.81/src/log.c:159: error[comparePointers]: Comparing pointers that point to different objects
#  157|   	struct btd_debug_desc *desc;
#  158|   
#  159|-> 	for (desc = __start___debug; desc < __stop___debug; desc++)
#  160|   		desc->flags |= BTD_DEBUG_FLAG_PRINT;
#  161|   }

Error: GCC_ANALYZER_WARNING (CWE-688): [#def95]
bluez-5.81/src/profile.c:2286:21: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
bluez-5.81/src/profile.c:2356:28: enter_function: entry to ‘create_ext’
bluez-5.81/src/profile.c:2366:12: branch_false: following ‘false’ branch...
bluez-5.81/src/profile.c:2371:22: call_function: inlined call to ‘g_strdup_inline’ from ‘create_ext’
bluez-5.81/src/profile.c:2371:9: release_memory: ‘0’ is NULL
bluez-5.81/src/profile.c:2374:9: call_function: calling ‘ext_set_defaults’ from ‘create_ext’
bluez-5.81/src/profile.c:2374:9: return_function: returning to ‘create_ext’ from ‘ext_set_defaults’
bluez-5.81/src/profile.c:2376:16: branch_true: following ‘true’ branch...
bluez-5.81/src/profile.c:2380:17: branch_true: ...to here
bluez-5.81/src/profile.c:2386:21: call_function: calling ‘parse_ext_opt’ from ‘create_ext’
# 2284|   		ext->role = g_strdup(str);
# 2285|   
# 2286|-> 		if (g_str_equal(ext->role, "client")) {
# 2287|   			ext->enable_server = false;
# 2288|   			ext->enable_client = true;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def96]
bluez-5.81/src/profile.c:2286:21: warning[-Wanalyzer-null-argument]: use of NULL ‘*ext.role’ where non-null expected
bluez-5.81/src/profile.c:2233:12: enter_function: entry to ‘parse_ext_opt’
bluez-5.81/src/profile.c:2241:12: branch_false: following ‘false’ branch...
bluez-5.81/src/profile.c:2247:20: branch_false: ...to here
bluez-5.81/src/profile.c:2247:19: branch_false: following ‘false’ branch...
bluez-5.81/src/profile.c:2252:20: branch_false: ...to here
bluez-5.81/src/profile.c:2252:19: branch_false: following ‘false’ branch...
bluez-5.81/src/profile.c:2257:20: branch_false: ...to here
bluez-5.81/src/profile.c:2257:19: branch_false: following ‘false’ branch...
bluez-5.81/src/profile.c:2265:20: branch_false: ...to here
bluez-5.81/src/profile.c:2265:19: branch_false: following ‘false’ branch...
bluez-5.81/src/profile.c:2274:20: branch_false: ...to here
bluez-5.81/src/profile.c:2274:19: branch_false: following ‘false’ branch...
bluez-5.81/src/profile.c:2279:20: branch_false: ...to here
bluez-5.81/src/profile.c:2279:19: branch_true: following ‘true’ branch...
bluez-5.81/src/profile.c:2280:20: branch_true: ...to here
bluez-5.81/src/profile.c:2280:20: branch_false: following ‘false’ branch...
bluez-5.81/src/profile.c:2282:17: branch_false: ...to here
bluez-5.81/src/profile.c:2284:17: release_memory: ‘*ext.role’ is NULL
bluez-5.81/src/profile.c:2286:21: danger: argument 1 (‘<unknown>’) NULL where non-null expected
# 2284|   		ext->role = g_strdup(str);
# 2285|   
# 2286|-> 		if (g_str_equal(ext->role, "client")) {
# 2287|   			ext->enable_server = false;
# 2288|   			ext->enable_client = true;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def97]
bluez-5.81/src/sdp-client.c:353:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
bluez-5.81/src/sdp-client.c:382:5: enter_function: entry to ‘bt_search_service’
bluez-5.81/src/sdp-client.c:386:32: release_memory: ‘ctxt’ is NULL
bluez-5.81/src/sdp-client.c:389:12: branch_false: following ‘false’ branch (when ‘cb’ is non-NULL)...
bluez-5.81/src/sdp-client.c:393:15: call_function: inlined call to ‘create_search_context_full’ from ‘bt_search_service’
bluez-5.81/src/sdp-client.c:393:15: call_function: inlined call to ‘create_search_context_full’ from ‘bt_search_service’
#  351|   		return err;
#  352|   
#  353|-> 	(*ctxt)->cb = cb;
#  354|   	(*ctxt)->destroy = destroy;
#  355|   	(*ctxt)->user_data = user_data;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def98]
bluez-5.81/src/sdp-xml.c:461:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
bluez-5.81/src/sdp-xml.c:447:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
bluez-5.81/src/sdp-xml.c:459:13: branch_false: ...to here
bluez-5.81/src/sdp-xml.c:459:12: branch_true: following ‘true’ branch...
bluez-5.81/src/sdp-xml.c:460:48: branch_true: ...to here
bluez-5.81/src/sdp-xml.c:462:17: release_memory: ‘0’ is NULL
bluez-5.81/src/sdp-xml.c:461:17: danger: dereference of NULL ‘sdp_xml_data_alloc()’
#  459|   	if (ctx_data->stack_head) {
#  460|   		struct sdp_xml_data *newelem = sdp_xml_data_alloc();
#  461|-> 		newelem->next = ctx_data->stack_head;
#  462|   		ctx_data->stack_head = newelem;
#  463|   	} else {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def99]
bluez-5.81/src/sdp-xml.c:465:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
bluez-5.81/src/sdp-xml.c:447:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
bluez-5.81/src/sdp-xml.c:459:13: branch_false: ...to here
bluez-5.81/src/sdp-xml.c:459:12: branch_false: following ‘false’ branch...
bluez-5.81/src/sdp-xml.c:464:40: branch_false: ...to here
bluez-5.81/src/sdp-xml.c:465:17: release_memory: ‘0’ is NULL
bluez-5.81/src/sdp-xml.c:465:17: release_memory: ‘0’ is NULL
bluez-5.81/src/sdp-xml.c:465:17: danger: dereference of NULL ‘sdp_xml_data_alloc()’
#  463|   	} else {
#  464|   		ctx_data->stack_head = sdp_xml_data_alloc();
#  465|-> 		ctx_data->stack_head->next = NULL;
#  466|   	}
#  467|   

Error: CPPCHECK_WARNING (CWE-476): [#def100]
bluez-5.81/src/sdpd-request.c:105: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: data
#  103|   	uint8_t *data = malloc(buf->data_size);
#  104|   
#  105|-> 	memcpy(data, buf->data, buf->data_size);
#  106|   	memset(cinfo, 0, sizeof(sdp_cont_info_t));
#  107|   	cinfo->buf.data = data;

Error: CPPCHECK_WARNING (CWE-476): [#def101]
bluez-5.81/src/sdpd-request.c:106: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cinfo
#  104|   
#  105|   	memcpy(data, buf->data, buf->data_size);
#  106|-> 	memset(cinfo, 0, sizeof(sdp_cont_info_t));
#  107|   	cinfo->buf.data = data;
#  108|   	cinfo->buf.data_size = buf->data_size;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def102]
bluez-5.81/src/sdpd-request.c:106:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘cinfo’ where non-null expected
bluez-5.81/src/sdpd-request.c:1118:6: enter_function: entry to ‘handle_request’
bluez-5.81/src/sdpd-request.c:1125:12: branch_false: following ‘false’ branch...
bluez-5.81/src/sdpd-request.c:1130:13: branch_false: ...to here
bluez-5.81/src/sdpd-request.c:1130:12: branch_true: following ‘true’ branch...
bluez-5.81/src/sdpd-request.c:1133:17: branch_true: ...to here
bluez-5.81/src/sdpd-request.c:1136:20: branch_false: following ‘false’ branch...
bluez-5.81/src/sdpd-request.c:1141:17: call_function: inlined call to ‘bacpy’ from ‘handle_request’
bluez-5.81/src/sdpd-request.c:1147:20: branch_false: following ‘false’ branch...
bluez-5.81/src/sdpd-request.c:1152:17: call_function: inlined call to ‘bacpy’ from ‘handle_request’
bluez-5.81/src/sdpd-request.c:1164:9: call_function: calling ‘process_request’ from ‘handle_request’
#argument 1 of ‘__builtin_memset’ must be non-null
#  104|   
#  105|   	memcpy(data, buf->data, buf->data_size);
#  106|-> 	memset(cinfo, 0, sizeof(sdp_cont_info_t));
#  107|   	cinfo->buf.data = data;
#  108|   	cinfo->buf.data_size = buf->data_size;

Error: CPPCHECK_WARNING (CWE-476): [#def103]
bluez-5.81/src/sdpd-request.c:107: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cinfo
#  105|   	memcpy(data, buf->data, buf->data_size);
#  106|   	memset(cinfo, 0, sizeof(sdp_cont_info_t));
#  107|-> 	cinfo->buf.data = data;
#  108|   	cinfo->buf.data_size = buf->data_size;
#  109|   	cinfo->buf.buf_size = buf->data_size;

Error: CPPCHECK_WARNING (CWE-476): [#def104]
bluez-5.81/src/sdpd-request.c:108: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cinfo
#  106|   	memset(cinfo, 0, sizeof(sdp_cont_info_t));
#  107|   	cinfo->buf.data = data;
#  108|-> 	cinfo->buf.data_size = buf->data_size;
#  109|   	cinfo->buf.buf_size = buf->data_size;
#  110|   	cinfo->timestamp = sdp_get_time();

Error: CPPCHECK_WARNING (CWE-476): [#def105]
bluez-5.81/src/sdpd-request.c:109: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cinfo
#  107|   	cinfo->buf.data = data;
#  108|   	cinfo->buf.data_size = buf->data_size;
#  109|-> 	cinfo->buf.buf_size = buf->data_size;
#  110|   	cinfo->timestamp = sdp_get_time();
#  111|   	cinfo->sock = req->sock;

Error: CPPCHECK_WARNING (CWE-476): [#def106]
bluez-5.81/src/sdpd-request.c:110: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cinfo
#  108|   	cinfo->buf.data_size = buf->data_size;
#  109|   	cinfo->buf.buf_size = buf->data_size;
#  110|-> 	cinfo->timestamp = sdp_get_time();
#  111|   	cinfo->sock = req->sock;
#  112|   	cinfo->opcode = req->opcode;

Error: CPPCHECK_WARNING (CWE-476): [#def107]
bluez-5.81/src/sdpd-request.c:111: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cinfo
#  109|   	cinfo->buf.buf_size = buf->data_size;
#  110|   	cinfo->timestamp = sdp_get_time();
#  111|-> 	cinfo->sock = req->sock;
#  112|   	cinfo->opcode = req->opcode;
#  113|   

Error: CPPCHECK_WARNING (CWE-476): [#def108]
bluez-5.81/src/sdpd-request.c:112: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cinfo
#  110|   	cinfo->timestamp = sdp_get_time();
#  111|   	cinfo->sock = req->sock;
#  112|-> 	cinfo->opcode = req->opcode;
#  113|   
#  114|   	cstates = sdp_list_append(cstates, cinfo);

Error: CPPCHECK_WARNING (CWE-476): [#def109]
bluez-5.81/src/sdpd-request.c:116: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cinfo
#  114|   	cstates = sdp_list_append(cstates, cinfo);
#  115|   
#  116|-> 	return cinfo->timestamp;
#  117|   }
#  118|   

Error: CPPCHECK_WARNING (CWE-476): [#def110]
bluez-5.81/src/sdpd-request.c:203: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: aid
#  201|   				struct attrid *aid;
#  202|   				aid = malloc(sizeof(struct attrid));
#  203|-> 				aid->dtd = dataType;
#  204|   				aid->uint16 = get_be16(p);
#  205|   				pElem = (char *) aid;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def111]
bluez-5.81/src/sdpd-request.c:203:33: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘aid’
bluez-5.81/src/sdpd-request.c:1118:6: enter_function: entry to ‘handle_request’
bluez-5.81/src/sdpd-request.c:1125:12: branch_false: following ‘false’ branch...
bluez-5.81/src/sdpd-request.c:1130:13: branch_false: ...to here
bluez-5.81/src/sdpd-request.c:1130:12: branch_true: following ‘true’ branch...
bluez-5.81/src/sdpd-request.c:1133:17: branch_true: ...to here
bluez-5.81/src/sdpd-request.c:1136:20: branch_false: following ‘false’ branch...
bluez-5.81/src/sdpd-request.c:1141:17: call_function: inlined call to ‘bacpy’ from ‘handle_request’
bluez-5.81/src/sdpd-request.c:1147:20: branch_false: following ‘false’ branch...
bluez-5.81/src/sdpd-request.c:1152:17: call_function: inlined call to ‘bacpy’ from ‘handle_request’
bluez-5.81/src/sdpd-request.c:1164:9: call_function: calling ‘process_request’ from ‘handle_request’
#  201|   				struct attrid *aid;
#  202|   				aid = malloc(sizeof(struct attrid));
#  203|-> 				aid->dtd = dataType;
#  204|   				aid->uint16 = get_be16(p);
#  205|   				pElem = (char *) aid;

Error: CPPCHECK_WARNING (CWE-476): [#def112]
bluez-5.81/src/sdpd-request.c:204: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: aid
#  202|   				aid = malloc(sizeof(struct attrid));
#  203|   				aid->dtd = dataType;
#  204|-> 				aid->uint16 = get_be16(p);
#  205|   				pElem = (char *) aid;
#  206|   			} else {

Error: CPPCHECK_WARNING (CWE-476): [#def113]
bluez-5.81/src/sdpd-request.c:230: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: aid
#  228|   				struct attrid *aid;
#  229|   				aid = malloc(sizeof(struct attrid));
#  230|-> 				aid->dtd = dataType;
#  231|   				aid->uint32 = get_be32(p);
#  232|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def114]
bluez-5.81/src/sdpd-request.c:230:33: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘aid’
bluez-5.81/src/sdpd-request.c:1118:6: enter_function: entry to ‘handle_request’
bluez-5.81/src/sdpd-request.c:1125:12: branch_false: following ‘false’ branch...
bluez-5.81/src/sdpd-request.c:1130:13: branch_false: ...to here
bluez-5.81/src/sdpd-request.c:1130:12: branch_true: following ‘true’ branch...
bluez-5.81/src/sdpd-request.c:1133:17: branch_true: ...to here
bluez-5.81/src/sdpd-request.c:1136:20: branch_false: following ‘false’ branch...
bluez-5.81/src/sdpd-request.c:1141:17: call_function: inlined call to ‘bacpy’ from ‘handle_request’
bluez-5.81/src/sdpd-request.c:1147:20: branch_false: following ‘false’ branch...
bluez-5.81/src/sdpd-request.c:1152:17: call_function: inlined call to ‘bacpy’ from ‘handle_request’
bluez-5.81/src/sdpd-request.c:1164:9: call_function: calling ‘process_request’ from ‘handle_request’
#  228|   				struct attrid *aid;
#  229|   				aid = malloc(sizeof(struct attrid));
#  230|-> 				aid->dtd = dataType;
#  231|   				aid->uint32 = get_be32(p);
#  232|   

Error: CPPCHECK_WARNING (CWE-476): [#def115]
bluez-5.81/src/sdpd-request.c:231: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: aid
#  229|   				aid = malloc(sizeof(struct attrid));
#  230|   				aid->dtd = dataType;
#  231|-> 				aid->uint32 = get_be32(p);
#  232|   
#  233|   				pElem = (char *) aid;

Error: CPPCHECK_WARNING (CWE-476): [#def116]
bluez-5.81/src/sdpd-request.c:1017: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: buf
# 1015|   	int status = SDP_INVALID_SYNTAX;
# 1016|   
# 1017|-> 	memset(buf, 0, USHRT_MAX);
# 1018|   	rsp.data = buf + sizeof(sdp_pdu_hdr_t);
# 1019|   	rsp.data_size = 0;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def117]
bluez-5.81/src/sdpd-request.c:1017:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘buf’ where non-null expected
bluez-5.81/src/sdpd-request.c:1118:6: enter_function: entry to ‘handle_request’
bluez-5.81/src/sdpd-request.c:1125:12: branch_false: following ‘false’ branch...
bluez-5.81/src/sdpd-request.c:1130:13: branch_false: ...to here
bluez-5.81/src/sdpd-request.c:1130:12: branch_true: following ‘true’ branch...
bluez-5.81/src/sdpd-request.c:1133:17: branch_true: ...to here
bluez-5.81/src/sdpd-request.c:1136:20: branch_false: following ‘false’ branch...
bluez-5.81/src/sdpd-request.c:1141:17: call_function: inlined call to ‘bacpy’ from ‘handle_request’
bluez-5.81/src/sdpd-request.c:1147:20: branch_false: following ‘false’ branch...
bluez-5.81/src/sdpd-request.c:1152:17: call_function: inlined call to ‘bacpy’ from ‘handle_request’
bluez-5.81/src/sdpd-request.c:1164:9: call_function: calling ‘process_request’ from ‘handle_request’
#argument 1 of ‘__builtin_memset’ must be non-null
# 1015|   	int status = SDP_INVALID_SYNTAX;
# 1016|   
# 1017|-> 	memset(buf, 0, USHRT_MAX);
# 1018|   	rsp.data = buf + sizeof(sdp_pdu_hdr_t);
# 1019|   	rsp.data_size = 0;

Error: CPPCHECK_WARNING (CWE-682): [#def118]
bluez-5.81/src/sdpd-request.c:1018: error[nullPointerArithmeticOutOfMemory]: If memory allocation fail: pointer addition with NULL pointer.
# 1016|   
# 1017|   	memset(buf, 0, USHRT_MAX);
# 1018|-> 	rsp.data = buf + sizeof(sdp_pdu_hdr_t);
# 1019|   	rsp.data_size = 0;
# 1020|   	rsp.buf_size = USHRT_MAX - sizeof(sdp_pdu_hdr_t);

Error: CPPCHECK_WARNING (CWE-476): [#def119]
bluez-5.81/src/sdpd-service.c:378: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: version
#  376|   	for (i = 0; i < sdpServerVnumEntries; i++) {
#  377|   		uint16_t *version = malloc(sizeof(uint16_t));
#  378|-> 		*version = sdpVnumArray[i].major;
#  379|   		*version = (*version << 8);
#  380|   		*version |= sdpVnumArray[i].minor;

Error: CPPCHECK_WARNING (CWE-476): [#def120]
bluez-5.81/src/sdpd-service.c:379: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: version
#  377|   		uint16_t *version = malloc(sizeof(uint16_t));
#  378|   		*version = sdpVnumArray[i].major;
#  379|-> 		*version = (*version << 8);
#  380|   		*version |= sdpVnumArray[i].minor;
#  381|   		versions[i] = version;

Error: CPPCHECK_WARNING (CWE-476): [#def121]
bluez-5.81/src/sdpd-service.c:380: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: version
#  378|   		*version = sdpVnumArray[i].major;
#  379|   		*version = (*version << 8);
#  380|-> 		*version |= sdpVnumArray[i].minor;
#  381|   		versions[i] = version;
#  382|   		versionDTDs[i] = &dtd;

Error: CPPCHECK_WARNING (CWE-476): [#def122]
bluez-5.81/src/sdpd-service.c:381: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: versions
#  379|   		*version = (*version << 8);
#  380|   		*version |= sdpVnumArray[i].minor;
#  381|-> 		versions[i] = version;
#  382|   		versionDTDs[i] = &dtd;
#  383|   	}

Error: CPPCHECK_WARNING (CWE-476): [#def123]
bluez-5.81/src/sdpd-service.c:382: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: versionDTDs
#  380|   		*version |= sdpVnumArray[i].minor;
#  381|   		versions[i] = version;
#  382|-> 		versionDTDs[i] = &dtd;
#  383|   	}
#  384|   	pData = sdp_seq_alloc(versionDTDs, versions, sdpServerVnumEntries);

Error: CPPCHECK_WARNING (CWE-476): [#def124]
bluez-5.81/src/sdpd-service.c:386: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: versions
#  384|   	pData = sdp_seq_alloc(versionDTDs, versions, sdpServerVnumEntries);
#  385|   	for (i = 0; i < sdpServerVnumEntries; i++)
#  386|-> 		free(versions[i]);
#  387|   	free(versions);
#  388|   	free(versionDTDs);

Error: CPPCHECK_WARNING (CWE-476): [#def125]
bluez-5.81/src/shared/bap.c:1006: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: status
# 1004|   	status = malloc(len);
# 1005|   
# 1006|-> 	memset(status, 0, len);
# 1007|   	status->id = ep->id;
# 1008|   	status->state = ep->state;

Error: CPPCHECK_WARNING (CWE-476): [#def126]
bluez-5.81/src/shared/bap.c:1007: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: status
# 1005|   
# 1006|   	memset(status, 0, len);
# 1007|-> 	status->id = ep->id;
# 1008|   	status->state = ep->state;
# 1009|   

Error: CPPCHECK_WARNING (CWE-476): [#def127]
bluez-5.81/src/shared/bap.c:1008: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: status
# 1006|   	memset(status, 0, len);
# 1007|   	status->id = ep->id;
# 1008|-> 	status->state = ep->state;
# 1009|   
# 1010|   	/* Initialize preffered settings if not set */

Error: CPPCHECK_WARNING (CWE-476): [#def128]
bluez-5.81/src/shared/bap.c:1070: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: status
# 1068|   	status = malloc(len);
# 1069|   
# 1070|-> 	memset(status, 0, len);
# 1071|   	status->id = ep->id;
# 1072|   	status->state = ep->state;

Error: CPPCHECK_WARNING (CWE-476): [#def129]
bluez-5.81/src/shared/bap.c:1071: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: status
# 1069|   
# 1070|   	memset(status, 0, len);
# 1071|-> 	status->id = ep->id;
# 1072|   	status->state = ep->state;
# 1073|   

Error: CPPCHECK_WARNING (CWE-476): [#def130]
bluez-5.81/src/shared/bap.c:1072: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: status
# 1070|   	memset(status, 0, len);
# 1071|   	status->id = ep->id;
# 1072|-> 	status->state = ep->state;
# 1073|   
# 1074|   	qos = (void *)status->params;

Error: CPPCHECK_WARNING (CWE-476): [#def131]
bluez-5.81/src/shared/bap.c:1074: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: status
# 1072|   	status->state = ep->state;
# 1073|   
# 1074|-> 	qos = (void *)status->params;
# 1075|   	qos->cis_id = stream->qos.ucast.cis_id;
# 1076|   	qos->cig_id = stream->qos.ucast.cig_id;

Error: CPPCHECK_WARNING (CWE-476): [#def132]
bluez-5.81/src/shared/bap.c:1107: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: status
# 1105|   	status = malloc(len);
# 1106|   
# 1107|-> 	memset(status, 0, len);
# 1108|   	status->id = ep->id;
# 1109|   	status->state = ep->state;

Error: CPPCHECK_WARNING (CWE-476): [#def133]
bluez-5.81/src/shared/bap.c:1108: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: status
# 1106|   
# 1107|   	memset(status, 0, len);
# 1108|-> 	status->id = ep->id;
# 1109|   	status->state = ep->state;
# 1110|   

Error: CPPCHECK_WARNING (CWE-476): [#def134]
bluez-5.81/src/shared/bap.c:1109: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: status
# 1107|   	memset(status, 0, len);
# 1108|   	status->id = ep->id;
# 1109|-> 	status->state = ep->state;
# 1110|   
# 1111|   	meta = (void *)status->params;

Error: CPPCHECK_WARNING (CWE-476): [#def135]
bluez-5.81/src/shared/bap.c:1111: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: status
# 1109|   	status->state = ep->state;
# 1110|   
# 1111|-> 	meta = (void *)status->params;
# 1112|   	meta->cis_id = stream->qos.ucast.cis_id;
# 1113|   	meta->cig_id = stream->qos.ucast.cig_id;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def136]
bluez-5.81/src/shared/bap.c:1613:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/bap.c:5192:13: enter_function: entry to 'bap_cp_notify'
bluez-5.81/src/shared/bap.c:5201:12: branch_false: following 'false' branch...
bluez-5.81/src/shared/bap.c:5205:9: branch_false: ...to here
bluez-5.81/src/shared/bap.c:5237:9: call_function: calling 'bap_req_complete' from 'bap_cp_notify'
bluez-5.81/src/shared/bap.c:5237:9: return_function: returning to 'bap_cp_notify' from 'bap_req_complete'
bluez-5.81/src/shared/bap.c:5238:9: call_function: calling 'bap_process_queue' from 'bap_cp_notify'
# 1611|   	}
# 1612|   
# 1613|-> 	if (!gatt_db_attribute_get_char_data(ascs->ase_cp, NULL, &handle,
# 1614|   						NULL, NULL, NULL)) {
# 1615|   		DBG(bap, "Unable to find Control Point");

Error: GCC_ANALYZER_WARNING (CWE-476): [#def137]
bluez-5.81/src/shared/bap.c:5246:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/bap.c:5241:13: enter_function: entry to 'bap_cp_attach'
bluez-5.81/src/shared/bap.c:5244:32: call_function: calling 'bap_get_ascs' from 'bap_cp_attach'
bluez-5.81/src/shared/bap.c:5244:32: return_function: returning to 'bap_cp_attach' from 'bap_get_ascs'
bluez-5.81/src/shared/bap.c:5246:46: danger: dereference of NULL 'bap_get_ascs(bap)'
# 5244|   	struct bt_ascs *ascs = bap_get_ascs(bap);
# 5245|   
# 5246|-> 	if (!gatt_db_attribute_get_char_data(ascs->ase_cp, NULL,
# 5247|   						&value_handle,
# 5248|   						NULL, NULL, NULL))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def138]
bluez-5.81/src/shared/bap.c:5311:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/bap.c:5305:13: enter_function: entry to 'foreach_ascs_service'
bluez-5.81/src/shared/bap.c:5309:32: call_function: calling 'bap_get_ascs' from 'foreach_ascs_service'
bluez-5.81/src/shared/bap.c:5309:32: return_function: returning to 'foreach_ascs_service' from 'bap_get_ascs'
bluez-5.81/src/shared/bap.c:5311:9: danger: dereference of NULL 'bap_get_ascs(user_data)'
# 5309|   	struct bt_ascs *ascs = bap_get_ascs(bap);
# 5310|   
# 5311|-> 	ascs->service = attr;
# 5312|   
# 5313|   	gatt_db_service_set_claimed(attr, true);

Error: GCC_ANALYZER_WARNING (CWE-465): [#def139]
bluez-5.81/src/shared/bap.c:6067:20: warning[-Wanalyzer-deref-before-check]: check of 'lpac' for NULL after already dereferencing it
bluez-5.81/src/shared/bap.c:6049:30: enter_function: entry to 'bap_bcast_stream_new'
bluez-5.81/src/shared/bap.c:6058:12: branch_false: following 'false' branch (when 'bap' is non-NULL)...
bluez-5.81/src/shared/bap.c:6061:13: branch_false: ...to here
bluez-5.81/src/shared/bap.c:6061:12: branch_true: following 'true' branch...
bluez-5.81/src/shared/bap.c:6062:17: branch_true: ...to here
bluez-5.81/src/shared/bap.c:6066:17: call_function: calling 'bt_bap_foreach_pac' from 'bap_bcast_stream_new'
bluez-5.81/src/shared/bap.c:6066:17: return_function: returning to 'bap_bcast_stream_new' from 'bt_bap_foreach_pac'
bluez-5.81/src/shared/bap.c:6067:20: danger: pointer 'lpac' is checked for NULL here but it was already dereferenced at [(4)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/3)
# 6065|   
# 6066|   		bt_bap_foreach_pac(bap, BT_BAP_BCAST_SINK, match_pac, &match);
# 6067|-> 		if ((!match.lpac) || (!lpac))
# 6068|   			return NULL;
# 6069|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def140]
bluez-5.81/src/shared/bass.c:420:17: warning[-Wanalyzer-null-dereference]: dereference of NULL 'bad_code'
bluez-5.81/src/shared/bass.c:1280:13: enter_function: entry to 'read_bcast_recv_state'
bluez-5.81/src/shared/bass.c:1299:13: call_function: calling 'bass_build_bcast_src' from 'read_bcast_recv_state'
#  418|   
#  419|   	if (enc == BT_BASS_BIG_ENC_STATE_BAD_CODE)
#  420|-> 		memcpy(bcast_src->bad_code, bad_code, BT_BASS_BCAST_CODE_SIZE);
#  421|   	else
#  422|   		memset(bcast_src->bad_code, 0, BT_BASS_BCAST_CODE_SIZE);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def141]
bluez-5.81/src/shared/bass.c:705:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/bass.c:691:24: enter_function: entry to 'bass_get_session'
bluez-5.81/src/shared/bass.c:704:16: call_function: calling 'bt_bass_new' from 'bass_get_session'
bluez-5.81/src/shared/bass.c:704:16: return_function: returning to 'bass_get_session' from 'bt_bass_new'
bluez-5.81/src/shared/bass.c:705:9: danger: dereference of NULL 'bt_bass_new(db, 0,  adapter_bdaddr)'
#  703|   
#  704|   	bass = bt_bass_new(db, NULL, adapter_bdaddr);
#  705|-> 	bass->att = att;
#  706|   
#  707|   	bt_bass_attach(bass, NULL);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def142]
bluez-5.81/src/shared/ccp.c:661:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/ccp.c:654:13: enter_function: entry to 'bt_ccp_incom_call_attach'
bluez-5.81/src/shared/ccp.c:657:30: call_function: calling 'ccp_get_ccs' from 'bt_ccp_incom_call_attach'
bluez-5.81/src/shared/ccp.c:657:30: return_function: returning to 'bt_ccp_incom_call_attach' from 'ccp_get_ccs'
bluez-5.81/src/shared/ccp.c:659:9: call_function: calling 'ccp_debug' from 'bt_ccp_incom_call_attach'
bluez-5.81/src/shared/ccp.c:659:9: return_function: returning to 'bt_ccp_incom_call_attach' from 'ccp_debug'
bluez-5.81/src/shared/ccp.c:661:46: danger: dereference of NULL 'ccp_get_ccs(ccp)'
#  659|   	DBG(ccp, "");
#  660|   
#  661|-> 	if (!gatt_db_attribute_get_char_data(ccs->incoming_call, NULL,
#  662|   					     &value_handle,
#  663|   					     NULL, NULL, NULL))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def143]
bluez-5.81/src/shared/ccp.c:683:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/ccp.c:676:13: enter_function: entry to 'bt_ccp_call_state_attach'
bluez-5.81/src/shared/ccp.c:679:30: call_function: calling 'ccp_get_ccs' from 'bt_ccp_call_state_attach'
bluez-5.81/src/shared/ccp.c:679:30: return_function: returning to 'bt_ccp_call_state_attach' from 'ccp_get_ccs'
bluez-5.81/src/shared/ccp.c:681:9: call_function: calling 'ccp_debug' from 'bt_ccp_call_state_attach'
bluez-5.81/src/shared/ccp.c:681:9: return_function: returning to 'bt_ccp_call_state_attach' from 'ccp_debug'
bluez-5.81/src/shared/ccp.c:683:46: danger: dereference of NULL 'ccp_get_ccs(ccp)'
#  681|   	DBG(ccp, "");
#  682|   
#  683|-> 	if (!gatt_db_attribute_get_char_data(ccs->call_state, NULL,
#  684|   					     &value_handle,
#  685|   					     NULL, NULL, NULL))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def144]
bluez-5.81/src/shared/ccp.c:705:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/ccp.c:698:13: enter_function: entry to 'bt_ccp_call_list_attach'
bluez-5.81/src/shared/ccp.c:701:30: call_function: calling 'ccp_get_ccs' from 'bt_ccp_call_list_attach'
bluez-5.81/src/shared/ccp.c:701:30: return_function: returning to 'bt_ccp_call_list_attach' from 'ccp_get_ccs'
bluez-5.81/src/shared/ccp.c:703:9: call_function: calling 'ccp_debug' from 'bt_ccp_call_list_attach'
bluez-5.81/src/shared/ccp.c:703:9: return_function: returning to 'bt_ccp_call_list_attach' from 'ccp_debug'
bluez-5.81/src/shared/ccp.c:705:46: danger: dereference of NULL 'ccp_get_ccs(ccp)'
#  703|   	DBG(ccp, "");
#  704|   
#  705|-> 	if (!gatt_db_attribute_get_char_data(ccs->current_call_list, NULL,
#  706|   					     &value_handle,
#  707|   					     NULL, NULL, NULL))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def145]
bluez-5.81/src/shared/ccp.c:727:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/ccp.c:720:13: enter_function: entry to 'bt_ccp_name_attach'
bluez-5.81/src/shared/ccp.c:723:30: call_function: calling 'ccp_get_ccs' from 'bt_ccp_name_attach'
bluez-5.81/src/shared/ccp.c:723:30: return_function: returning to 'bt_ccp_name_attach' from 'ccp_get_ccs'
bluez-5.81/src/shared/ccp.c:725:9: call_function: calling 'ccp_debug' from 'bt_ccp_name_attach'
bluez-5.81/src/shared/ccp.c:725:9: return_function: returning to 'bt_ccp_name_attach' from 'ccp_debug'
bluez-5.81/src/shared/ccp.c:727:46: danger: dereference of NULL 'ccp_get_ccs(ccp)'
#  725|   	DBG(ccp, "");
#  726|   
#  727|-> 	if (!gatt_db_attribute_get_char_data(ccs->bearer_name, NULL,
#  728|   					     &value_handle,
#  729|   					     NULL, NULL, NULL))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def146]
bluez-5.81/src/shared/ccp.c:749:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/ccp.c:742:13: enter_function: entry to 'bt_ccp_term_reason_attach'
bluez-5.81/src/shared/ccp.c:745:30: call_function: calling 'ccp_get_ccs' from 'bt_ccp_term_reason_attach'
bluez-5.81/src/shared/ccp.c:745:30: return_function: returning to 'bt_ccp_term_reason_attach' from 'ccp_get_ccs'
bluez-5.81/src/shared/ccp.c:747:9: call_function: calling 'ccp_debug' from 'bt_ccp_term_reason_attach'
bluez-5.81/src/shared/ccp.c:747:9: return_function: returning to 'bt_ccp_term_reason_attach' from 'ccp_debug'
bluez-5.81/src/shared/ccp.c:749:46: danger: dereference of NULL 'ccp_get_ccs(ccp)'
#  747|   	DBG(ccp, "");
#  748|   
#  749|-> 	if (!gatt_db_attribute_get_char_data(ccs->termination_reason, NULL,
#  750|   					     &value_handle, NULL, NULL, NULL))
#  751|   		return;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def147]
bluez-5.81/src/shared/ccp.c:770:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/ccp.c:763:13: enter_function: entry to 'bt_ccp_status_attach'
bluez-5.81/src/shared/ccp.c:766:30: call_function: calling 'ccp_get_ccs' from 'bt_ccp_status_attach'
bluez-5.81/src/shared/ccp.c:766:30: return_function: returning to 'bt_ccp_status_attach' from 'ccp_get_ccs'
bluez-5.81/src/shared/ccp.c:768:9: call_function: calling 'ccp_debug' from 'bt_ccp_status_attach'
bluez-5.81/src/shared/ccp.c:768:9: return_function: returning to 'bt_ccp_status_attach' from 'ccp_debug'
bluez-5.81/src/shared/ccp.c:770:46: danger: dereference of NULL 'ccp_get_ccs(ccp)'
#  768|   	DBG(ccp, "");
#  769|   
#  770|-> 	if (!gatt_db_attribute_get_char_data(ccs->status_flag, NULL,
#  771|   					     &value_handle,
#  772|   					     NULL, NULL, NULL))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def148]
bluez-5.81/src/shared/ccp.c:792:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/ccp.c:785:13: enter_function: entry to 'bt_ccp_uci_attach'
bluez-5.81/src/shared/ccp.c:788:30: call_function: calling 'ccp_get_ccs' from 'bt_ccp_uci_attach'
bluez-5.81/src/shared/ccp.c:788:30: return_function: returning to 'bt_ccp_uci_attach' from 'ccp_get_ccs'
bluez-5.81/src/shared/ccp.c:790:9: call_function: calling 'ccp_debug' from 'bt_ccp_uci_attach'
bluez-5.81/src/shared/ccp.c:790:9: return_function: returning to 'bt_ccp_uci_attach' from 'ccp_debug'
bluez-5.81/src/shared/ccp.c:792:46: danger: dereference of NULL 'ccp_get_ccs(ccp)'
#  790|   	DBG(ccp, "");
#  791|   
#  792|-> 	if (!gatt_db_attribute_get_char_data(ccs->bearer_uci, NULL,
#  793|   					     &value_handle,
#  794|   					     NULL, NULL, NULL))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def149]
bluez-5.81/src/shared/ccp.c:813:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/ccp.c:806:13: enter_function: entry to 'bt_ccp_technology_attach'
bluez-5.81/src/shared/ccp.c:809:30: call_function: calling 'ccp_get_ccs' from 'bt_ccp_technology_attach'
bluez-5.81/src/shared/ccp.c:809:30: return_function: returning to 'bt_ccp_technology_attach' from 'ccp_get_ccs'
bluez-5.81/src/shared/ccp.c:811:9: call_function: calling 'ccp_debug' from 'bt_ccp_technology_attach'
bluez-5.81/src/shared/ccp.c:811:9: return_function: returning to 'bt_ccp_technology_attach' from 'ccp_debug'
bluez-5.81/src/shared/ccp.c:813:46: danger: dereference of NULL 'ccp_get_ccs(ccp)'
#  811|   	DBG(ccp, "");
#  812|   
#  813|-> 	if (!gatt_db_attribute_get_char_data(ccs->bearer_technology, NULL,
#  814|   					     &value_handle,
#  815|   					     NULL, NULL, NULL))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def150]
bluez-5.81/src/shared/ccp.c:833:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/ccp.c:826:13: enter_function: entry to 'bt_ccp_strength_attach'
bluez-5.81/src/shared/ccp.c:829:30: call_function: calling 'ccp_get_ccs' from 'bt_ccp_strength_attach'
bluez-5.81/src/shared/ccp.c:829:30: return_function: returning to 'bt_ccp_strength_attach' from 'ccp_get_ccs'
bluez-5.81/src/shared/ccp.c:831:9: call_function: calling 'ccp_debug' from 'bt_ccp_strength_attach'
bluez-5.81/src/shared/ccp.c:831:9: return_function: returning to 'bt_ccp_strength_attach' from 'ccp_debug'
bluez-5.81/src/shared/ccp.c:833:46: danger: dereference of NULL 'ccp_get_ccs(ccp)'
#  831|   	DBG(ccp, "");
#  832|   
#  833|-> 	if (!gatt_db_attribute_get_char_data(ccs->signal_strength, NULL,
#  834|   					     &value_handle,
#  835|   					     NULL, NULL, NULL))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def151]
bluez-5.81/src/shared/ccp.c:853:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/ccp.c:846:13: enter_function: entry to 'bt_ccp_ccid_attach'
bluez-5.81/src/shared/ccp.c:849:30: call_function: calling 'ccp_get_ccs' from 'bt_ccp_ccid_attach'
bluez-5.81/src/shared/ccp.c:849:30: return_function: returning to 'bt_ccp_ccid_attach' from 'ccp_get_ccs'
bluez-5.81/src/shared/ccp.c:851:9: call_function: calling 'ccp_debug' from 'bt_ccp_ccid_attach'
bluez-5.81/src/shared/ccp.c:851:9: return_function: returning to 'bt_ccp_ccid_attach' from 'ccp_debug'
bluez-5.81/src/shared/ccp.c:853:46: danger: dereference of NULL 'ccp_get_ccs(ccp)'
#  851|   	DBG(ccp, "");
#  852|   
#  853|-> 	if (!gatt_db_attribute_get_char_data(ccs->ccid, NULL, &value_handle,
#  854|   					     NULL, NULL, NULL))
#  855|   		return;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def152]
bluez-5.81/src/shared/ccp.c:872:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/ccp.c:865:13: enter_function: entry to 'bt_ccp_tar_uri_attach'
bluez-5.81/src/shared/ccp.c:868:30: call_function: calling 'ccp_get_ccs' from 'bt_ccp_tar_uri_attach'
bluez-5.81/src/shared/ccp.c:868:30: return_function: returning to 'bt_ccp_tar_uri_attach' from 'ccp_get_ccs'
bluez-5.81/src/shared/ccp.c:870:9: call_function: calling 'ccp_debug' from 'bt_ccp_tar_uri_attach'
bluez-5.81/src/shared/ccp.c:870:9: return_function: returning to 'bt_ccp_tar_uri_attach' from 'ccp_debug'
bluez-5.81/src/shared/ccp.c:872:46: danger: dereference of NULL 'ccp_get_ccs(ccp)'
#  870|   	DBG(ccp, "");
#  871|   
#  872|-> 	if (!gatt_db_attribute_get_char_data(ccs->target_bearer_uri, NULL,
#  873|   					     &value_handle,
#  874|   					     NULL, NULL, NULL))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def153]
bluez-5.81/src/shared/ccp.c:893:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/ccp.c:886:13: enter_function: entry to 'bt_ccp_ctrl_point_attach'
bluez-5.81/src/shared/ccp.c:889:30: call_function: calling 'ccp_get_ccs' from 'bt_ccp_ctrl_point_attach'
bluez-5.81/src/shared/ccp.c:889:30: return_function: returning to 'bt_ccp_ctrl_point_attach' from 'ccp_get_ccs'
bluez-5.81/src/shared/ccp.c:891:9: call_function: calling 'ccp_debug' from 'bt_ccp_ctrl_point_attach'
bluez-5.81/src/shared/ccp.c:891:9: return_function: returning to 'bt_ccp_ctrl_point_attach' from 'ccp_debug'
bluez-5.81/src/shared/ccp.c:893:46: danger: dereference of NULL 'ccp_get_ccs(ccp)'
#  891|   	DBG(ccp, "");
#  892|   
#  893|-> 	if (!gatt_db_attribute_get_char_data(ccs->call_ctrl_point, NULL,
#  894|   					     &value_handle,
#  895|   					     NULL, NULL, NULL))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def154]
bluez-5.81/src/shared/ccp.c:913:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/ccp.c:906:13: enter_function: entry to 'bt_ccp_ctrl_opcode_attach'
bluez-5.81/src/shared/ccp.c:909:30: call_function: calling 'ccp_get_ccs' from 'bt_ccp_ctrl_opcode_attach'
bluez-5.81/src/shared/ccp.c:909:30: return_function: returning to 'bt_ccp_ctrl_opcode_attach' from 'ccp_get_ccs'
bluez-5.81/src/shared/ccp.c:911:9: call_function: calling 'ccp_debug' from 'bt_ccp_ctrl_opcode_attach'
bluez-5.81/src/shared/ccp.c:911:9: return_function: returning to 'bt_ccp_ctrl_opcode_attach' from 'ccp_debug'
bluez-5.81/src/shared/ccp.c:913:46: danger: dereference of NULL 'ccp_get_ccs(ccp)'
#  911|   	DBG(ccp, "");
#  912|   
#  913|-> 	if (!gatt_db_attribute_get_char_data(ccs->call_ctrl_opt_opcode, NULL,
#  914|   					     &value_handle,
#  915|   					     NULL, NULL, NULL))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def155]
bluez-5.81/src/shared/ccp.c:933:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/ccp.c:926:13: enter_function: entry to 'bt_ccp_friendly_name_attach'
bluez-5.81/src/shared/ccp.c:929:30: call_function: calling 'ccp_get_ccs' from 'bt_ccp_friendly_name_attach'
bluez-5.81/src/shared/ccp.c:929:30: return_function: returning to 'bt_ccp_friendly_name_attach' from 'ccp_get_ccs'
bluez-5.81/src/shared/ccp.c:931:9: call_function: calling 'ccp_debug' from 'bt_ccp_friendly_name_attach'
bluez-5.81/src/shared/ccp.c:931:9: return_function: returning to 'bt_ccp_friendly_name_attach' from 'ccp_debug'
bluez-5.81/src/shared/ccp.c:933:46: danger: dereference of NULL 'ccp_get_ccs(ccp)'
#  931|   	DBG(ccp, "");
#  932|   
#  933|-> 	if (!gatt_db_attribute_get_char_data(ccs->friendly_name, NULL,
#  934|   					     &value_handle,
#  935|   					     NULL, NULL, NULL))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def156]
bluez-5.81/src/shared/ccp.c:953:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/ccp.c:946:13: enter_function: entry to 'bt_ccp_signal_intrvl_attach'
bluez-5.81/src/shared/ccp.c:949:30: call_function: calling 'ccp_get_ccs' from 'bt_ccp_signal_intrvl_attach'
bluez-5.81/src/shared/ccp.c:949:30: return_function: returning to 'bt_ccp_signal_intrvl_attach' from 'ccp_get_ccs'
bluez-5.81/src/shared/ccp.c:951:9: call_function: calling 'ccp_debug' from 'bt_ccp_signal_intrvl_attach'
bluez-5.81/src/shared/ccp.c:951:9: return_function: returning to 'bt_ccp_signal_intrvl_attach' from 'ccp_debug'
bluez-5.81/src/shared/ccp.c:953:46: danger: dereference of NULL 'ccp_get_ccs(ccp)'
#  951|   	DBG(ccp, "");
#  952|   
#  953|-> 	if (!gatt_db_attribute_get_char_data(ccs->signal_reporting_intrvl, NULL,
#  954|   					     &value_handle,
#  955|   					     NULL, NULL, NULL))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def157]
bluez-5.81/src/shared/ccp.c:973:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/ccp.c:966:13: enter_function: entry to 'bt_ccp_uri_list_attach'
bluez-5.81/src/shared/ccp.c:969:30: call_function: calling 'ccp_get_ccs' from 'bt_ccp_uri_list_attach'
bluez-5.81/src/shared/ccp.c:969:30: return_function: returning to 'bt_ccp_uri_list_attach' from 'ccp_get_ccs'
bluez-5.81/src/shared/ccp.c:971:9: call_function: calling 'ccp_debug' from 'bt_ccp_uri_list_attach'
bluez-5.81/src/shared/ccp.c:971:9: return_function: returning to 'bt_ccp_uri_list_attach' from 'ccp_debug'
bluez-5.81/src/shared/ccp.c:973:46: danger: dereference of NULL 'ccp_get_ccs(ccp)'
#  971|   	DBG(ccp, "");
#  972|   
#  973|-> 	if (!gatt_db_attribute_get_char_data(ccs->bearer_uri_schemes_list, NULL,
#  974|   					     &value_handle,
#  975|   					     NULL, NULL, NULL))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def158]
bluez-5.81/src/shared/ccp.c:1129:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/ccp.c:1123:13: enter_function: entry to 'foreach_ccs_service'
bluez-5.81/src/shared/ccp.c:1127:30: call_function: calling 'ccp_get_ccs' from 'foreach_ccs_service'
bluez-5.81/src/shared/ccp.c:1127:30: return_function: returning to 'foreach_ccs_service' from 'ccp_get_ccs'
bluez-5.81/src/shared/ccp.c:1129:9: danger: dereference of NULL 'ccp_get_ccs(user_data)'
# 1127|   	struct bt_ccs *ccs = ccp_get_ccs(ccp);
# 1128|   
# 1129|-> 	ccs->service = attr;
# 1130|   
# 1131|   	gatt_db_service_foreach_char(attr, foreach_ccs_char, ccp);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def159]
bluez-5.81/src/shared/crypto.c:212:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor '*crypto.cmac_aes'
bluez-5.81/src/shared/crypto.c:724:6: enter_function: entry to 'bt_crypto_gatt_hash'
bluez-5.81/src/shared/crypto.c:731:12: branch_false: following 'false' branch (when 'crypto' is non-NULL)...
bluez-5.81/src/shared/crypto.c:734:14: branch_false: ...to here
bluez-5.81/src/shared/crypto.c:734:14: call_function: calling 'alg_new' from 'bt_crypto_gatt_hash'
#  210|   
#  211|   	/* FIXME: This should use accept4() with SOCK_CLOEXEC */
#  212|-> 	return accept(fd, NULL, 0);
#  213|   }
#  214|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def160]
bluez-5.81/src/shared/crypto.c:212:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor '*crypto.ecb_aes'
bluez-5.81/src/shared/crypto.c:785:6: enter_function: entry to 'bt_crypto_sih'
bluez-5.81/src/shared/crypto.c:788:16: call_function: calling 'bt_crypto_ah' from 'bt_crypto_sih'
#  210|   
#  211|   	/* FIXME: This should use accept4() with SOCK_CLOEXEC */
#  212|-> 	return accept(fd, NULL, 0);
#  213|   }
#  214|   

Error: GCC_ANALYZER_WARNING (CWE-416): [#def161]
bluez-5.81/src/shared/gatt-client.c:199:32: warning[-Wanalyzer-use-after-free]: use after 'free' of 'data'
bluez-5.81/src/shared/gatt-client.c:3247:13: enter_function: entry to 'start_next_long_write'
bluez-5.81/src/shared/gatt-client.c:3257:12: branch_false: following 'false' branch...
bluez-5.81/src/shared/gatt-client.c:3260:9: branch_false: ...to here
bluez-5.81/src/shared/gatt-client.c:3260:9: call_function: calling 'handle_next_prep_write' from 'start_next_long_write'
bluez-5.81/src/shared/gatt-client.c:3260:9: return_function: returning to 'start_next_long_write' from 'handle_next_prep_write'
bluez-5.81/src/shared/gatt-client.c:3266:9: call_function: calling 'request_unref' from 'start_next_long_write'
#  197|   {
#  198|   	struct request *req = data;
#  199|-> 	struct bt_gatt_client *client = req->client;
#  200|   
#  201|   	if (__sync_sub_and_fetch(&req->ref_count, 1))

Error: GCC_ANALYZER_WARNING (CWE-416): [#def162]
bluez-5.81/src/shared/gatt-client.c:3297:31: warning[-Wanalyzer-use-after-free]: use after 'free' of 'req'
bluez-5.81/src/shared/gatt-client.c:3247:13: enter_function: entry to 'start_next_long_write'
bluez-5.81/src/shared/gatt-client.c:3257:12: branch_false: following 'false' branch...
bluez-5.81/src/shared/gatt-client.c:3260:9: branch_false: ...to here
bluez-5.81/src/shared/gatt-client.c:3260:9: call_function: calling 'handle_next_prep_write' from 'start_next_long_write'
# 3295|   					uint8_t att_ecode, bool reliable_error)
# 3296|   {
# 3297|-> 	struct long_write_op *op = req->data;
# 3298|   	uint8_t pdu;
# 3299|   	int err;

Error: CPPCHECK_WARNING (CWE-682): [#def163]
bluez-5.81/src/shared/gatt-db.c:397: error[nullPointerArithmeticOutOfMemory]: If memory allocation fail: pointer addition with NULL pointer.
#  395|   		data = malloc(2 + 2 + attr->value_len);
#  396|   		put_le16(attr->handle, data);
#  397|-> 		bt_uuid_to_le(&attr->uuid, data + 2);
#  398|   		memcpy(data + 4, attr->value, attr->value_len);
#  399|   		break;

Error: CPPCHECK_WARNING (CWE-682): [#def164]
bluez-5.81/src/shared/gatt-db.c:398: error[nullPointerArithmeticOutOfMemory]: If memory allocation fail: pointer addition with NULL pointer.
#  396|   		put_le16(attr->handle, data);
#  397|   		bt_uuid_to_le(&attr->uuid, data + 2);
#  398|-> 		memcpy(data + 4, attr->value, attr->value_len);
#  399|   		break;
#  400|   	case GATT_CHARAC_USER_DESC_UUID:

Error: CPPCHECK_WARNING (CWE-682): [#def165]
bluez-5.81/src/shared/gatt-db.c:409: error[nullPointerArithmeticOutOfMemory]: If memory allocation fail: pointer addition with NULL pointer.
#  407|   		data = malloc(2 + 2 + attr->value_len);
#  408|   		put_le16(attr->handle, data);
#  409|-> 		bt_uuid_to_le(&attr->uuid, data + 2);
#  410|   		break;
#  411|   	default:

Error: GCC_ANALYZER_WARNING (CWE-476): [#def166]
bluez-5.81/src/shared/gatt-db.c:1920:32: warning[-Wanalyzer-null-dereference]: dereference of NULL 'value'
bluez-5.81/src/shared/gatt-db.c:1923:13: enter_function: entry to 'read_ext_prop'
bluez-5.81/src/shared/gatt-db.c:1938:9: call_function: calling 'gatt_db_attribute_read' from 'read_ext_prop'
# 1918|   		return;
# 1919|   
# 1920|-> 	*ext_prop = (uint16_t) value[0];
# 1921|   }
# 1922|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def167]
bluez-5.81/src/shared/gatt-server.c:322:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'type'
bluez-5.81/src/shared/gatt-server.c:270:13: enter_function: entry to 'read_by_grp_type_cb'
bluez-5.81/src/shared/gatt-server.c:284:12: branch_false: following 'false' branch...
bluez-5.81/src/shared/gatt-server.c:289:13: branch_false: ...to here
bluez-5.81/src/shared/gatt-server.c:293:9: call_function: calling 'get_uuid_le' from 'read_by_grp_type_cb'
bluez-5.81/src/shared/gatt-server.c:293:9: return_function: returning to 'read_by_grp_type_cb' from 'get_uuid_le'
bluez-5.81/src/shared/gatt-server.c:297:12: branch_false: following 'false' branch...
bluez-5.81/src/shared/gatt-server.c:304:12: branch_false: ...to here
bluez-5.81/src/shared/gatt-server.c:304:12: branch_false: following 'false' branch...
bluez-5.81/src/shared/gatt-server.c:315:9: branch_false: ...to here
bluez-5.81/src/shared/gatt-server.c:322:9: danger: use of uninitialized value 'type' here
#  320|   	}
#  321|   
#  322|-> 	gatt_db_read_by_group_type(server->db, start, end, type, q);
#  323|   
#  324|   	if (queue_isempty(q)) {

Error: GCC_ANALYZER_WARNING (CWE-457): [#def168]
bluez-5.81/src/shared/gatt-server.c:528:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'type'
bluez-5.81/src/shared/gatt-server.c:491:13: enter_function: entry to 'read_by_type_cb'
bluez-5.81/src/shared/gatt-server.c:503:12: branch_false: following 'false' branch...
bluez-5.81/src/shared/gatt-server.c:508:13: branch_false: ...to here
bluez-5.81/src/shared/gatt-server.c:512:9: call_function: calling 'get_uuid_le' from 'read_by_type_cb'
bluez-5.81/src/shared/gatt-server.c:512:9: return_function: returning to 'read_by_type_cb' from 'get_uuid_le'
bluez-5.81/src/shared/gatt-server.c:516:12: branch_false: following 'false' branch...
bluez-5.81/src/shared/gatt-server.c:523:12: branch_false: ...to here
bluez-5.81/src/shared/gatt-server.c:523:12: branch_false: following 'false' branch...
bluez-5.81/src/shared/gatt-server.c:528:9: branch_false: ...to here
bluez-5.81/src/shared/gatt-server.c:528:9: danger: use of uninitialized value 'type' here
#  526|   	}
#  527|   
#  528|-> 	gatt_db_read_by_type(server->db, start, end, type, q);
#  529|   
#  530|   	if (queue_isempty(q)) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def169]
bluez-5.81/src/shared/mcp.c:586:14: warning[-Wanalyzer-null-dereference]: dereference of NULL 'mcp'
bluez-5.81/src/shared/mcp.c:578:21: enter_function: entry to 'mcp_send'
bluez-5.81/src/shared/mcp.c:580:30: call_function: calling 'mcp_get_mcs' from 'mcp_send'
bluez-5.81/src/shared/mcp.c:580:30: return_function: returning to 'mcp_send' from 'mcp_get_mcs'
bluez-5.81/src/shared/mcp.c:584:9: call_function: calling 'mcp_debug' from 'mcp_send'
bluez-5.81/src/shared/mcp.c:584:9: return_function: returning to 'mcp_send' from 'mcp_debug'
bluez-5.81/src/shared/mcp.c:586:14: danger: dereference of NULL 'mcp'
#  584|   	DBG(mcp, "mcs %p", mcs);
#  585|   
#  586|-> 	if (!mcp->client)
#  587|   		return -1;
#  588|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def170]
bluez-5.81/src/shared/mcp.c:1068:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/mcp.c:1063:13: enter_function: entry to 'bt_mcp_mp_name_attach'
bluez-5.81/src/shared/mcp.c:1066:30: call_function: calling 'mcp_get_mcs' from 'bt_mcp_mp_name_attach'
bluez-5.81/src/shared/mcp.c:1066:30: return_function: returning to 'bt_mcp_mp_name_attach' from 'mcp_get_mcs'
bluez-5.81/src/shared/mcp.c:1068:46: danger: dereference of NULL 'mcp_get_mcs(mcp)'
# 1066|   	struct bt_mcs *mcs = mcp_get_mcs(mcp);
# 1067|   
# 1068|-> 	if (!gatt_db_attribute_get_char_data(mcs->mp_name, NULL, &value_handle,
# 1069|   						NULL, NULL, NULL))
# 1070|   		return;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def171]
bluez-5.81/src/shared/mcp.c:1086:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/mcp.c:1081:13: enter_function: entry to 'bt_mcp_track_changed_attach'
bluez-5.81/src/shared/mcp.c:1084:30: call_function: calling 'mcp_get_mcs' from 'bt_mcp_track_changed_attach'
bluez-5.81/src/shared/mcp.c:1084:30: return_function: returning to 'bt_mcp_track_changed_attach' from 'mcp_get_mcs'
bluez-5.81/src/shared/mcp.c:1086:46: danger: dereference of NULL 'mcp_get_mcs(mcp)'
# 1084|   	struct bt_mcs *mcs = mcp_get_mcs(mcp);
# 1085|   
# 1086|-> 	if (!gatt_db_attribute_get_char_data(mcs->track_changed, NULL,
# 1087|   				&value_handle, NULL, NULL, NULL))
# 1088|   		return;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def172]
bluez-5.81/src/shared/mcp.c:1102:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/mcp.c:1097:13: enter_function: entry to 'bt_mcp_track_title_attach'
bluez-5.81/src/shared/mcp.c:1100:30: call_function: calling 'mcp_get_mcs' from 'bt_mcp_track_title_attach'
bluez-5.81/src/shared/mcp.c:1100:30: return_function: returning to 'bt_mcp_track_title_attach' from 'mcp_get_mcs'
bluez-5.81/src/shared/mcp.c:1102:46: danger: dereference of NULL 'mcp_get_mcs(mcp)'
# 1100|   	struct bt_mcs *mcs = mcp_get_mcs(mcp);
# 1101|   
# 1102|-> 	if (!gatt_db_attribute_get_char_data(mcs->track_title, NULL,
# 1103|   				&value_handle, NULL, NULL, NULL))
# 1104|   		return;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def173]
bluez-5.81/src/shared/mcp.c:1120:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/mcp.c:1115:13: enter_function: entry to 'bt_mcp_track_duration_attach'
bluez-5.81/src/shared/mcp.c:1118:30: call_function: calling 'mcp_get_mcs' from 'bt_mcp_track_duration_attach'
bluez-5.81/src/shared/mcp.c:1118:30: return_function: returning to 'bt_mcp_track_duration_attach' from 'mcp_get_mcs'
bluez-5.81/src/shared/mcp.c:1120:46: danger: dereference of NULL 'mcp_get_mcs(mcp)'
# 1118|   	struct bt_mcs *mcs = mcp_get_mcs(mcp);
# 1119|   
# 1120|-> 	if (!gatt_db_attribute_get_char_data(mcs->track_duration, NULL,
# 1121|   				&value_handle, NULL, NULL, NULL))
# 1122|   		return;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def174]
bluez-5.81/src/shared/mcp.c:1138:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/mcp.c:1133:13: enter_function: entry to 'bt_mcp_track_position_attach'
bluez-5.81/src/shared/mcp.c:1136:30: call_function: calling 'mcp_get_mcs' from 'bt_mcp_track_position_attach'
bluez-5.81/src/shared/mcp.c:1136:30: return_function: returning to 'bt_mcp_track_position_attach' from 'mcp_get_mcs'
bluez-5.81/src/shared/mcp.c:1138:46: danger: dereference of NULL 'mcp_get_mcs(mcp)'
# 1136|   	struct bt_mcs *mcs = mcp_get_mcs(mcp);
# 1137|   
# 1138|-> 	if (!gatt_db_attribute_get_char_data(mcs->track_position, NULL,
# 1139|   				&value_handle, NULL, NULL, NULL))
# 1140|   		return;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def175]
bluez-5.81/src/shared/mcp.c:1156:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/mcp.c:1151:13: enter_function: entry to 'bt_mcp_media_state_attach'
bluez-5.81/src/shared/mcp.c:1154:30: call_function: calling 'mcp_get_mcs' from 'bt_mcp_media_state_attach'
bluez-5.81/src/shared/mcp.c:1154:30: return_function: returning to 'bt_mcp_media_state_attach' from 'mcp_get_mcs'
bluez-5.81/src/shared/mcp.c:1156:46: danger: dereference of NULL 'mcp_get_mcs(mcp)'
# 1154|   	struct bt_mcs *mcs = mcp_get_mcs(mcp);
# 1155|   
# 1156|-> 	if (!gatt_db_attribute_get_char_data(mcs->media_state, NULL,
# 1157|   				&value_handle, NULL, NULL, NULL))
# 1158|   		return;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def176]
bluez-5.81/src/shared/mcp.c:1174:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/mcp.c:1169:13: enter_function: entry to 'bt_mcp_media_cp_attach'
bluez-5.81/src/shared/mcp.c:1172:30: call_function: calling 'mcp_get_mcs' from 'bt_mcp_media_cp_attach'
bluez-5.81/src/shared/mcp.c:1172:30: return_function: returning to 'bt_mcp_media_cp_attach' from 'mcp_get_mcs'
bluez-5.81/src/shared/mcp.c:1174:46: danger: dereference of NULL 'mcp_get_mcs(mcp)'
# 1172|   	struct bt_mcs *mcs = mcp_get_mcs(mcp);
# 1173|   
# 1174|-> 	if (!gatt_db_attribute_get_char_data(mcs->media_cp, NULL,
# 1175|   				&value_handle, NULL, NULL, NULL))
# 1176|   		return;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def177]
bluez-5.81/src/shared/mcp.c:1190:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/mcp.c:1185:13: enter_function: entry to 'bt_mcp_media_cp_op_supported_attach'
bluez-5.81/src/shared/mcp.c:1188:30: call_function: calling 'mcp_get_mcs' from 'bt_mcp_media_cp_op_supported_attach'
bluez-5.81/src/shared/mcp.c:1188:30: return_function: returning to 'bt_mcp_media_cp_op_supported_attach' from 'mcp_get_mcs'
bluez-5.81/src/shared/mcp.c:1190:46: danger: dereference of NULL 'mcp_get_mcs(mcp)'
# 1188|   	struct bt_mcs *mcs = mcp_get_mcs(mcp);
# 1189|   
# 1190|-> 	if (!gatt_db_attribute_get_char_data(mcs->media_cp_op_supportd, NULL,
# 1191|   				&value_handle, NULL, NULL, NULL))
# 1192|   		return;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def178]
bluez-5.81/src/shared/mcp.c:1209:46: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/mcp.c:1204:13: enter_function: entry to 'bt_mcp_content_control_id_supported_attach'
bluez-5.81/src/shared/mcp.c:1207:30: call_function: calling 'mcp_get_mcs' from 'bt_mcp_content_control_id_supported_attach'
bluez-5.81/src/shared/mcp.c:1207:30: return_function: returning to 'bt_mcp_content_control_id_supported_attach' from 'mcp_get_mcs'
bluez-5.81/src/shared/mcp.c:1209:46: danger: dereference of NULL 'mcp_get_mcs(mcp)'
# 1207|   	struct bt_mcs *mcs = mcp_get_mcs(mcp);
# 1208|   
# 1209|-> 	if (!gatt_db_attribute_get_char_data(mcs->content_control_id, NULL,
# 1210|   				&value_handle, NULL, NULL, NULL))
# 1211|   		return;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def179]
bluez-5.81/src/shared/mcp.c:1376:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/mcp.c:1368:13: enter_function: entry to 'foreach_mcs_service'
bluez-5.81/src/shared/mcp.c:1372:30: call_function: calling 'mcp_get_mcs' from 'foreach_mcs_service'
bluez-5.81/src/shared/mcp.c:1372:30: return_function: returning to 'foreach_mcs_service' from 'mcp_get_mcs'
bluez-5.81/src/shared/mcp.c:1374:9: call_function: calling 'mcp_debug' from 'foreach_mcs_service'
bluez-5.81/src/shared/mcp.c:1374:9: return_function: returning to 'foreach_mcs_service' from 'mcp_debug'
bluez-5.81/src/shared/mcp.c:1376:9: danger: dereference of NULL 'mcp_get_mcs(user_data)'
# 1374|   	DBG(mcp, "");
# 1375|   
# 1376|-> 	mcs->service = attr;
# 1377|   
# 1378|   	gatt_db_service_foreach_char(attr, foreach_mcs_char, mcp);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def180]
bluez-5.81/src/shared/micp.c:271:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/micp.c:258:24: enter_function: entry to 'micp_get_session'
bluez-5.81/src/shared/micp.c:270:16: call_function: calling 'bt_micp_new' from 'micp_get_session'
bluez-5.81/src/shared/micp.c:270:16: return_function: returning to 'micp_get_session' from 'bt_micp_new'
bluez-5.81/src/shared/micp.c:271:9: danger: dereference of NULL 'bt_micp_new(db, 0)'
#  269|   
#  270|   	micp = bt_micp_new(db, NULL);
#  271|-> 	micp->att = att;
#  272|   
#  273|   	bt_att_register_disconnect(att, micp_disconnected, micp, NULL);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def181]
bluez-5.81/src/shared/micp.c:339:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/micp.c:323:16: enter_function: entry to 'mics_muted'
bluez-5.81/src/shared/micp.c:331:15: call_function: inlined call to 'micp_get_mdb' from 'mics_muted'
bluez-5.81/src/shared/micp.c:332:12: branch_false: following 'false' branch...
bluez-5.81/src/shared/micp.c:337:22: call_function: inlined call to 'mdb_get_mute_state' from 'mics_muted'
bluez-5.81/src/shared/micp.c:339:9: branch_true: ...to here
bluez-5.81/src/shared/micp.c:339:9: danger: dereference of NULL '<unknown>'
#  337|   	mute_state = mdb_get_mute_state(mdb);
#  338|   
#  339|-> 	*mute_state = MICS_MUTED;
#  340|   
#  341|   	gatt_db_attribute_notify(mdb->mics->ms, (void *)mute_state,

Error: GCC_ANALYZER_WARNING (CWE-476): [#def182]
bluez-5.81/src/shared/micp.c:421:13: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/micp.c:368:13: enter_function: entry to 'mics_mute_write'
bluez-5.81/src/shared/micp.c:375:32: call_function: calling 'micp_get_session' from 'mics_mute_write'
bluez-5.81/src/shared/micp.c:375:32: return_function: returning to 'mics_mute_write' from 'micp_get_session'
bluez-5.81/src/shared/micp.c:387:12: branch_false: following 'false' branch (when 'offset == 0')...
bluez-5.81/src/shared/micp.c:393:12: branch_false: ...to here
bluez-5.81/src/shared/micp.c:393:12: branch_false: following 'false' branch (when 'len != 0')...
bluez-5.81/src/shared/micp.c:400:19: call_function: inlined call to 'iov_pull_mem' from 'mics_mute_write'
bluez-5.81/src/shared/micp.c:401:12: branch_false: following 'false' branch (when 'data' is non-NULL)...
bluez-5.81/src/shared/micp.c:406:14: branch_false: ...to here
bluez-5.81/src/shared/micp.c:406:12: branch_false: following 'false' branch...
bluez-5.81/src/shared/micp.c:414:15: call_function: inlined call to 'micp_get_mdb' from 'mics_mute_write'
bluez-5.81/src/shared/micp.c:415:12: branch_false: following 'false' branch...
bluez-5.81/src/shared/micp.c:420:22: call_function: inlined call to 'mdb_get_mute_state' from 'mics_mute_write'
bluez-5.81/src/shared/micp.c:421:13: branch_true: ...to here
bluez-5.81/src/shared/micp.c:421:13: danger: dereference of NULL '<unknown>'
#  419|   
#  420|   	mute_state = mdb_get_mute_state(mdb);
#  421|-> 	if (*mute_state == MICS_DISABLED) {
#  422|   		DBG(micp, "state: MICS DISABLED , can not write value: %d",
#  423|   				*micp_op);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def183]
bluez-5.81/src/shared/micp.c:786:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/micp.c:780:13: enter_function: entry to 'foreach_mics_service'
bluez-5.81/src/shared/micp.c:784:32: call_function: calling 'micp_get_mics' from 'foreach_mics_service'
bluez-5.81/src/shared/micp.c:784:32: return_function: returning to 'foreach_mics_service' from 'micp_get_mics'
bluez-5.81/src/shared/micp.c:786:9: danger: dereference of NULL 'micp_get_mics(user_data)'
#  784|   	struct bt_mics *mics = micp_get_mics(micp);
#  785|   
#  786|-> 	mics->service = attr;
#  787|   
#  788|   	gatt_db_service_set_claimed(attr, true);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def184]
bluez-5.81/src/shared/shell.c:742:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'saved_line'
bluez-5.81/src/shared/shell.c:233:13: enter_function: entry to 'cmd_back'
bluez-5.81/src/shared/shell.c:236:17: call_function: calling 'bt_shell_printf' from 'cmd_back'
#  740|   		if (!data.saved_prompt)
#  741|   			rl_restore_prompt();
#  742|-> 		rl_replace_line(saved_line, 0);
#  743|   		rl_point = saved_point;
#  744|   		rl_redisplay();

Error: COMPILER_WARNING: [#def185]
bluez-5.81/src/shared/shell.c: scope_hint: In function 'rl_cleanup'
bluez-5.81/src/shared/shell.c:1429:20: warning[-Wformat-zero-length]: zero-length gnu_printf format string
# 1429 |         rl_message("");
#      |                    ^~
# 1427|   		write_history(data.history);
# 1428|   
# 1429|-> 	rl_message("");
# 1430|   	rl_callback_handler_remove();
# 1431|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def186]
bluez-5.81/src/shared/tester.c:1041:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/tester.c:1029:12: enter_function: entry to 'tester_setup_io'
bluez-5.81/src/shared/tester.c:1031:34: call_function: inlined call to 'tester_get_test' from 'tester_setup_io'
bluez-5.81/src/shared/tester.c:1033:14: branch_true: ...to here
bluez-5.81/src/shared/tester.c:1041:9: danger: dereference of NULL '<unknown>'
# 1039|   	}
# 1040|   
# 1041|-> 	test->iov = iov;
# 1042|   	test->iovcnt = iovcnt;
# 1043|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def187]
bluez-5.81/src/shared/tester.c:1051:13: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/tester.c:1047:6: enter_function: entry to 'tester_io_send'
bluez-5.81/src/shared/tester.c:1049:34: call_function: inlined call to 'tester_get_test' from 'tester_io_send'
bluez-5.81/src/shared/tester.c:1051:13: branch_true: ...to here
bluez-5.81/src/shared/tester.c:1051:13: danger: dereference of NULL '<unknown>'
# 1049|   	struct test_case *test = tester_get_test();
# 1050|   
# 1051|-> 	if (test->iovcnt)
# 1052|   		io_set_write_handler(ios[1], test_io_send, NULL, NULL);
# 1053|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def188]
bluez-5.81/src/shared/tester.c:1059:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/tester.c:1055:6: enter_function: entry to 'tester_io_set_complete_func'
bluez-5.81/src/shared/tester.c:1057:34: call_function: inlined call to 'tester_get_test' from 'tester_io_set_complete_func'
bluez-5.81/src/shared/tester.c:1059:9: branch_true: ...to here
bluez-5.81/src/shared/tester.c:1059:9: danger: dereference of NULL '<unknown>'
# 1057|   	struct test_case *test = tester_get_test();
# 1058|   
# 1059|-> 	test->io_complete_func = func;
# 1060|   }
# 1061|   

Error: CPPCHECK_WARNING (CWE-476): [#def189]
bluez-5.81/src/shared/util.c:1852: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: dup
# 1850|   
# 1851|   	dup = strdup(str);
# 1852|-> 	if (dup[0] == '\0')
# 1853|   		return dup;
# 1854|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def190]
bluez-5.81/src/shared/util.c:1852:13: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'dup'
bluez-5.81/src/shared/util.c:1848:12: branch_false: following 'false' branch (when 'str' is non-NULL)...
bluez-5.81/src/shared/util.c:1851:15: branch_false: ...to here
bluez-5.81/src/shared/util.c:1851:15: acquire_memory: this call could return NULL
bluez-5.81/src/shared/util.c:1852:13: danger: 'dup' could be NULL: unchecked value from [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
# 1850|   
# 1851|   	dup = strdup(str);
# 1852|-> 	if (dup[0] == '\0')
# 1853|   		return dup;
# 1854|   

Error: CPPCHECK_WARNING (CWE-476): [#def191]
bluez-5.81/src/shared/util.h:261: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: __p
#  259|   static inline void put_le16(uint16_t val, void *dst)
#  260|   {
#  261|-> 	put_unaligned(cpu_to_le16(val), (uint16_t *) dst);
#  262|   }
#  263|   

Error: CPPCHECK_WARNING (CWE-476): [#def192]
bluez-5.81/src/shared/util.h:266: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: __p
#  264|   static inline void put_be16(uint16_t val, const void *ptr)
#  265|   {
#  266|-> 	put_unaligned(cpu_to_be16(val), (uint16_t *) ptr);
#  267|   }
#  268|   

Error: CPPCHECK_WARNING (CWE-476): [#def193]
bluez-5.81/src/shared/util.h:288: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: __p
#  286|   static inline void put_be32(uint32_t val, void *dst)
#  287|   {
#  288|-> 	put_unaligned(cpu_to_be32(val), (uint32_t *) dst);
#  289|   }
#  290|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def194]
bluez-5.81/src/shared/vcp.c:545:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/vcp.c:531:23: enter_function: entry to 'vcp_get_session'
bluez-5.81/src/shared/vcp.c:544:15: call_function: calling 'bt_vcp_new' from 'vcp_get_session'
bluez-5.81/src/shared/vcp.c:544:15: return_function: returning to 'vcp_get_session' from 'bt_vcp_new'
bluez-5.81/src/shared/vcp.c:545:9: danger: dereference of NULL 'bt_vcp_new(db, 0)'
#  543|   	/* called only when this device is acting a a server */
#  544|   	vcp = bt_vcp_new(db, NULL);
#  545|-> 	vcp->att = att;
#  546|   
#  547|   	queue_foreach(vcp_cbs, vcp_remote_client_attached, vcp);

Error: CPPCHECK_WARNING (CWE-476): [#def195]
bluez-5.81/src/shared/vcp.c:1801: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: ip_descr
# 1799|   	aics_gain_settng_prop = new0(struct gain_setting_prop, 1);
# 1800|   	ip_descr = malloc(256);
# 1801|-> 	memset(ip_descr, 0, 256);
# 1802|   
# 1803|   	aics_aud_ip_st->mute = AICS_NOT_MUTED;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def196]
bluez-5.81/src/shared/vcp.c:1801:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'ip_descr' where non-null expected
bluez-5.81/src/shared/vcp.c:1793:12: branch_false: following 'false' branch (when 'db' is non-NULL)...
bluez-5.81/src/shared/vcp.c:1796:16: branch_false: ...to here
bluez-5.81/src/shared/vcp.c:1800:20: acquire_memory: this call could return NULL
bluez-5.81/src/shared/vcp.c:1801:9: danger: argument 1 ('ip_descr') from [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2) could be NULL where non-null expected
#argument 1 of '__builtin_memset' must be non-null
# 1799|   	aics_gain_settng_prop = new0(struct gain_setting_prop, 1);
# 1800|   	ip_descr = malloc(256);
# 1801|-> 	memset(ip_descr, 0, 256);
# 1802|   
# 1803|   	aics_aud_ip_st->mute = AICS_NOT_MUTED;

Error: CPPCHECK_WARNING (CWE-476): [#def197]
bluez-5.81/src/shared/vcp.c:1813: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: ip_descr
# 1811|   	aics->aud_input_type =	AICS_AUD_IP_TYPE_BLUETOOTH;
# 1812|   	aics->aud_input_status = AICS_AUD_IP_STATUS_ACTIVE;
# 1813|-> 	memcpy(ip_descr, ip_descr_str, strlen(ip_descr_str));
# 1814|   	aics->aud_input_descr = ip_descr;
# 1815|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def198]
bluez-5.81/src/shared/vcp.c:2156:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/vcp.c:2151:13: enter_function: entry to 'vcp_set_volume_server'
bluez-5.81/src/shared/vcp.c:2153:33: call_function: inlined call to 'vcp_get_vdb' from 'vcp_set_volume_server'
bluez-5.81/src/shared/vcp.c:2156:9: branch_true: ...to here
bluez-5.81/src/shared/vcp.c:2156:9: danger: dereference of NULL '0'
# 2154|   	struct vol_state *vstate;
# 2155|   
# 2156|-> 	vcp->volume = volume;
# 2157|   
# 2158|   	if (!vdb) {

Error: CPPCHECK_WARNING (CWE-476): [#def199]
bluez-5.81/src/shared/vcp.c:2206: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: vocs_audio_loc_n
# 2204|   {
# 2205|   	uint32_t *vocs_audio_loc_n = malloc(sizeof(uint32_t));
# 2206|-> 	*vocs_audio_loc_n = 0;
# 2207|   
# 2208|   	if (value != NULL)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def200]
bluez-5.81/src/shared/vcp.c:2206:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'vocs_audio_loc_n'
bluez-5.81/src/shared/vcp.c:2205:38: acquire_memory: this call could return NULL
bluez-5.81/src/shared/vcp.c:2206:9: danger: 'vocs_audio_loc_n' could be NULL: unchecked value from [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
# 2204|   {
# 2205|   	uint32_t *vocs_audio_loc_n = malloc(sizeof(uint32_t));
# 2206|-> 	*vocs_audio_loc_n = 0;
# 2207|   
# 2208|   	if (value != NULL)

Error: CPPCHECK_WARNING (CWE-476): [#def201]
bluez-5.81/src/shared/vcp.c:2211: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: vocs_audio_loc_n
# 2209|   		memcpy(vocs_audio_loc_n, value, sizeof(uint32_t));
# 2210|   
# 2211|-> 	DBG(vcp, "VOCS Audio Location 0x%x", *vocs_audio_loc_n);
# 2212|   
# 2213|   	free(vocs_audio_loc_n);

Error: CPPCHECK_WARNING (CWE-476): [#def202]
bluez-5.81/src/shared/vcp.c:2783: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: aud_ip_desr
# 2781|   
# 2782|   	aud_ip_desr = malloc(length+1);
# 2783|-> 	memset(aud_ip_desr, 0, length+1);
# 2784|   	memcpy(aud_ip_desr, value, length);
# 2785|   

Error: CPPCHECK_WARNING (CWE-476): [#def203]
bluez-5.81/src/shared/vcp.c:2784: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: aud_ip_desr
# 2782|   	aud_ip_desr = malloc(length+1);
# 2783|   	memset(aud_ip_desr, 0, length+1);
# 2784|-> 	memcpy(aud_ip_desr, value, length);
# 2785|   
# 2786|   	DBG(vcp, "Audio Input Description Notify, %s", aud_ip_desr);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def204]
bluez-5.81/src/shared/vcp.c:2919:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
bluez-5.81/src/shared/vcp.c:2913:13: enter_function: entry to 'foreach_vcs_service'
bluez-5.81/src/shared/vcp.c:2917:30: call_function: calling 'vcp_get_vcs' from 'foreach_vcs_service'
bluez-5.81/src/shared/vcp.c:2917:30: return_function: returning to 'foreach_vcs_service' from 'vcp_get_vcs'
bluez-5.81/src/shared/vcp.c:2919:9: danger: dereference of NULL 'vcp_get_vcs(user_data)'
# 2917|   	struct bt_vcs *vcs = vcp_get_vcs(vcp);
# 2918|   
# 2919|-> 	vcs->service = attr;
# 2920|   
# 2921|   	gatt_db_service_set_claimed(attr, true);

Error: GCC_ANALYZER_WARNING (CWE-666): [#def205]
bluez-5.81/tools/avinfo.c:880:13: warning[-Wanalyzer-fd-phase-mismatch]: ‘connect’ on file descriptor ‘sk’ in wrong phase
bluez-5.81/tools/avinfo.c:862:14: acquire_resource: socket created here
bluez-5.81/tools/avinfo.c:863:12: branch_false: following ‘false’ branch (when ‘sk >= 0’)...
bluez-5.81/tools/avinfo.c:869:13: branch_false: ...to here
bluez-5.81/tools/avinfo.c:869:12: branch_false: following ‘false’ branch...
bluez-5.81/tools/avinfo.c:875:9: branch_false: ...to here
bluez-5.81/tools/avinfo.c:880:13: danger: ‘connect’ expects a new socket file descriptor but ‘sk’ is bound
#  878|   	l2a.l2_psm = htobs(AVDTP_PSM);
#  879|   
#  880|-> 	if (connect(sk, (struct sockaddr *) &l2a, sizeof(l2a)) < 0) {
#  881|   		printf("Connect failed. %s(%d)\n", strerror(errno), errno);
#  882|   		close(sk);

Error: GCC_ANALYZER_WARNING (CWE-666): [#def206]
bluez-5.81/tools/avtest.c:550:15: warning[-Wanalyzer-fd-phase-mismatch]: ‘connect’ on file descriptor ‘sk’ in wrong phase
bluez-5.81/tools/avtest.c:787:5: enter_function: entry to ‘main’
bluez-5.81/tools/avtest.c:866:22: call_function: calling ‘do_connect’ from ‘main’
#  548|   	addr.l2_psm = htobs(avctp ? 23 : 25);
#  549|   
#  550|-> 	err = connect(sk, (struct sockaddr *) &addr, sizeof(addr));
#  551|   	if (err < 0) {
#  552|   		perror("Unable to connect");

Error: GCC_ANALYZER_WARNING (CWE-479): [#def207]
bluez-5.81/tools/bneptest.c:483:9: warning[-Wanalyzer-unsafe-call-within-signal-handler]: call to ‘printf’ from within signal handler
bluez-5.81/tools/bneptest.c:549:5: enter_function: entry to ‘main’
bluez-5.81/tools/bneptest.c:555:9: branch_false: following ‘false’ branch...
bluez-5.81/tools/bneptest.c:557:9: branch_false: ...to here
bluez-5.81/tools/bneptest.c:481:13: enter_function: entry to ‘exit_handler’
bluez-5.81/tools/bneptest.c:483:9: danger: call to ‘printf’ from within signal handler
#  481|   static void exit_handler(int sig)
#  482|   {
#  483|-> 	printf("got sig = %d, cleaning up...\n", sig);
#  484|   
#  485|   	if (cleanup() < 0)

Error: GCC_ANALYZER_WARNING (CWE-479): [#def208]
bluez-5.81/tools/bneptest.c:490:9: warning[-Wanalyzer-unsafe-call-within-signal-handler]: call to ‘exit’ from within signal handler
bluez-5.81/tools/bneptest.c:549:5: enter_function: entry to ‘main’
bluez-5.81/tools/bneptest.c:555:9: branch_false: following ‘false’ branch...
bluez-5.81/tools/bneptest.c:557:9: branch_false: ...to here
bluez-5.81/tools/bneptest.c:481:13: enter_function: entry to ‘exit_handler’
bluez-5.81/tools/bneptest.c:490:9: danger: call to ‘exit’ from within signal handler
#  488|   		printf("cleanup successful - exit\n");
#  489|   
#  490|-> 	exit(0);
#  491|   }
#  492|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def209]
bluez-5.81/tools/btsnoop.c:260:1: warning[-Wanalyzer-fd-leak]: leak of file descriptor
bluez-5.81/tools/btsnoop.c:119:13: enter_function: entry to ‘command_merge’
bluez-5.81/tools/btsnoop.c:129:12: branch_false: following ‘false’ branch (when ‘argc <= 8’)...
 branch_false: ...to here
bluez-5.81/tools/btsnoop.c:134:21: branch_true: following ‘true’ branch (when ‘num_input < argc’)...
bluez-5.81/tools/btsnoop.c:138:39: branch_true: ...to here
bluez-5.81/tools/btsnoop.c:138:22: call_function: calling ‘open_btsnoop’ from ‘command_merge’
bluez-5.81/tools/btsnoop.c:138:22: return_function: returning to ‘command_merge’ from ‘open_btsnoop’
bluez-5.81/tools/btsnoop.c:139:20: branch_false: following ‘false’ branch...
bluez-5.81/tools/btsnoop.c:142:21: branch_false: ...to here
bluez-5.81/tools/btsnoop.c:142:20: branch_false: following ‘false’ branch...
bluez-5.81/tools/btsnoop.c:149:26: branch_false: ...to here
bluez-5.81/tools/btsnoop.c:134:21: branch_true: following ‘true’ branch (when ‘num_input < argc’)...
bluez-5.81/tools/btsnoop.c:138:39: branch_true: ...to here
bluez-5.81/tools/btsnoop.c:138:22: call_function: calling ‘open_btsnoop’ from ‘command_merge’
bluez-5.81/tools/btsnoop.c:138:22: return_function: returning to ‘command_merge’ from ‘open_btsnoop’
bluez-5.81/tools/btsnoop.c:139:20: branch_false: following ‘false’ branch...
bluez-5.81/tools/btsnoop.c:142:21: branch_false: ...to here
bluez-5.81/tools/btsnoop.c:142:20: branch_false: following ‘false’ branch...
bluez-5.81/tools/btsnoop.c:149:26: branch_false: ...to here
bluez-5.81/tools/btsnoop.c:260:1: danger: leaks here; was opened at [(29)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/28)
#  258|   	for (i = 0; i < num_input; i++)
#  259|   		close(input_fd[i]);
#  260|-> }
#  261|   
#  262|   static void command_extract_eir(const char *input)

Error: GCC_ANALYZER_WARNING (CWE-666): [#def210]
bluez-5.81/tools/cltest.c:62:13: warning[-Wanalyzer-fd-phase-mismatch]: ‘connect’ on file descriptor ‘fd’ in wrong phase
bluez-5.81/tools/cltest.c:239:5: enter_function: entry to ‘main’
bluez-5.81/tools/cltest.c:246:14: call_function: calling ‘find_controllers’ from ‘main’
bluez-5.81/tools/cltest.c:246:14: return_function: returning to ‘main’ from ‘find_controllers’
bluez-5.81/tools/cltest.c:246:12: branch_true: following ‘true’ branch...
bluez-5.81/tools/cltest.c:249:33: branch_true: ...to here
bluez-5.81/tools/cltest.c:249:12: branch_false: following ‘false’ branch...
bluez-5.81/tools/cltest.c:250:53: branch_false: ...to here
bluez-5.81/tools/cltest.c:249:13: branch_false: following ‘false’ branch...
bluez-5.81/tools/cltest.c:255:9: branch_false: ...to here
bluez-5.81/tools/cltest.c:262:9: call_function: calling ‘create_receiver’ from ‘main’
bluez-5.81/tools/cltest.c:262:9: return_function: returning to ‘main’ from ‘create_receiver’
bluez-5.81/tools/cltest.c:263:9: call_function: calling ‘send_message’ from ‘main’
#   60|   	addr.l2_psm = htobs(psm);
#   61|   
#   62|-> 	if (connect(fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
#   63|   		perror("Failed to connect transmitter socket");
#   64|   		close(fd);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def211]
bluez-5.81/tools/create-image.c:108:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘fp’ where non-null expected
bluez-5.81/tools/create-image.c:142:5: enter_function: entry to ‘main’
bluez-5.81/tools/create-image.c:152:20: branch_false: following ‘false’ branch (when ‘opt >= 0’)...
bluez-5.81/tools/create-image.c:155:17: branch_false: ...to here
bluez-5.81/tools/create-image.c:170:12: branch_false: following ‘false’ branch...
bluez-5.81/tools/create-image.c:175:12: branch_false: ...to here
bluez-5.81/tools/create-image.c:175:12: branch_false: following ‘false’ branch (when ‘output_pathname’ is non-NULL)...
bluez-5.81/tools/create-image.c:180:14: branch_false: ...to here
bluez-5.81/tools/create-image.c:180:14: acquire_memory: this call could return NULL
bluez-5.81/tools/create-image.c:182:21: branch_true: following ‘true’ branch...
bluez-5.81/tools/create-image.c:184:52: branch_true: ...to here
bluez-5.81/tools/create-image.c:183:17: call_function: calling ‘write_block’ from ‘main’
#  106|   
#  107|   done:
#  108|-> 	fprintf(fp, HDR_FMT, HDR_MAGIC, ino, mode, 0, 0, 1, 0,
#  109|   		(uintmax_t) st.st_size, 0, 0, 0, 0, namelen + 1, 0, name);
#  110|   

Error: CPPCHECK_WARNING (CWE-476): [#def212]
bluez-5.81/tools/create-image.c:188: warning[nullPointerOutOfResources]: If resource allocation fails, then there is a possible null pointer dereference: fp
#  186|   	write_block(fp, NULL, ino_cnt++, 0, "TRAILER!!!");
#  187|   
#  188|-> 	fclose(fp);
#  189|   
#  190|   	return EXIT_SUCCESS;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def213]
bluez-5.81/tools/hciattach.c:1322:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘u’
bluez-5.81/tools/hciattach.c:1281:12: branch_false: following ‘false’ branch (when ‘n > 1’)...
 branch_false: ...to here
bluez-5.81/tools/hciattach.c:1286:21: branch_true: following ‘true’ branch...
bluez-5.81/tools/hciattach.c:1289:27: branch_true: ...to here
bluez-5.81/tools/hciattach.c:1297:28: branch_false: following ‘false’ branch...
bluez-5.81/tools/hciattach.c:1302:25: branch_false: ...to here
bluez-5.81/tools/hciattach.c:1286:21: branch_true: following ‘true’ branch...
bluez-5.81/tools/hciattach.c:1289:27: branch_true: ...to here
bluez-5.81/tools/hciattach.c:1322:25: danger: dereference of NULL ‘u’
# 1320|   
# 1321|   		case 2:
# 1322|-> 			u->speed = atoi(argv[optind]);
# 1323|   			break;
# 1324|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def214]
bluez-5.81/tools/hciattach.c:1327:33: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘u’
bluez-5.81/tools/hciattach.c:1281:12: branch_false: following ‘false’ branch (when ‘n > 1’)...
 branch_false: ...to here
bluez-5.81/tools/hciattach.c:1286:21: branch_true: following ‘true’ branch...
bluez-5.81/tools/hciattach.c:1289:27: branch_true: ...to here
bluez-5.81/tools/hciattach.c:1297:28: branch_false: following ‘false’ branch...
bluez-5.81/tools/hciattach.c:1302:25: branch_false: ...to here
bluez-5.81/tools/hciattach.c:1286:21: branch_true: following ‘true’ branch...
bluez-5.81/tools/hciattach.c:1289:27: branch_true: ...to here
bluez-5.81/tools/hciattach.c:1326:28: branch_true: following ‘true’ branch (when the strings are equal)...
bluez-5.81/tools/hciattach.c:1327:33: branch_true: ...to here
bluez-5.81/tools/hciattach.c:1327:33: danger: dereference of NULL ‘u’
# 1325|   		case 3:
# 1326|   			if (!strcmp("flow", argv[optind]))
# 1327|-> 				u->flags |=  FLOW_CTL;
# 1328|   			else
# 1329|   				u->flags &= ~FLOW_CTL;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def215]
bluez-5.81/tools/hciattach.c:1329:33: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘u’
bluez-5.81/tools/hciattach.c:1281:12: branch_false: following ‘false’ branch (when ‘n > 1’)...
 branch_false: ...to here
bluez-5.81/tools/hciattach.c:1286:21: branch_true: following ‘true’ branch...
bluez-5.81/tools/hciattach.c:1289:27: branch_true: ...to here
bluez-5.81/tools/hciattach.c:1297:28: branch_false: following ‘false’ branch...
bluez-5.81/tools/hciattach.c:1302:25: branch_false: ...to here
bluez-5.81/tools/hciattach.c:1286:21: branch_true: following ‘true’ branch...
bluez-5.81/tools/hciattach.c:1289:27: branch_true: ...to here
bluez-5.81/tools/hciattach.c:1326:28: branch_false: following ‘false’ branch (when the strings are non-equal)...
bluez-5.81/tools/hciattach.c:1329:33: branch_false: ...to here
bluez-5.81/tools/hciattach.c:1329:33: danger: dereference of NULL ‘u’
# 1327|   				u->flags |=  FLOW_CTL;
# 1328|   			else
# 1329|-> 				u->flags &= ~FLOW_CTL;
# 1330|   			break;
# 1331|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def216]
bluez-5.81/tools/hciattach.c:1334:33: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘u’
bluez-5.81/tools/hciattach.c:1281:12: branch_false: following ‘false’ branch (when ‘n > 1’)...
 branch_false: ...to here
bluez-5.81/tools/hciattach.c:1286:21: branch_true: following ‘true’ branch...
bluez-5.81/tools/hciattach.c:1289:27: branch_true: ...to here
bluez-5.81/tools/hciattach.c:1297:28: branch_false: following ‘false’ branch...
bluez-5.81/tools/hciattach.c:1302:25: branch_false: ...to here
bluez-5.81/tools/hciattach.c:1286:21: branch_true: following ‘true’ branch...
bluez-5.81/tools/hciattach.c:1289:27: branch_true: ...to here
bluez-5.81/tools/hciattach.c:1333:28: branch_true: following ‘true’ branch (when the strings are equal)...
bluez-5.81/tools/hciattach.c:1334:33: branch_true: ...to here
bluez-5.81/tools/hciattach.c:1334:33: danger: dereference of NULL ‘u’
# 1332|   		case 4:
# 1333|   			if (!strcmp("sleep", argv[optind]))
# 1334|-> 				u->pm = ENABLE_PM;
# 1335|   			else
# 1336|   				u->pm = DISABLE_PM;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def217]
bluez-5.81/tools/hciattach.c:1336:33: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘u’
bluez-5.81/tools/hciattach.c:1281:12: branch_false: following ‘false’ branch (when ‘n > 1’)...
 branch_false: ...to here
bluez-5.81/tools/hciattach.c:1286:21: branch_true: following ‘true’ branch...
bluez-5.81/tools/hciattach.c:1289:27: branch_true: ...to here
bluez-5.81/tools/hciattach.c:1297:28: branch_false: following ‘false’ branch...
bluez-5.81/tools/hciattach.c:1302:25: branch_false: ...to here
bluez-5.81/tools/hciattach.c:1286:21: branch_true: following ‘true’ branch...
bluez-5.81/tools/hciattach.c:1289:27: branch_true: ...to here
bluez-5.81/tools/hciattach.c:1333:28: branch_false: following ‘false’ branch (when the strings are non-equal)...
bluez-5.81/tools/hciattach.c:1336:33: branch_false: ...to here
bluez-5.81/tools/hciattach.c:1336:33: danger: dereference of NULL ‘u’
# 1334|   				u->pm = ENABLE_PM;
# 1335|   			else
# 1336|-> 				u->pm = DISABLE_PM;
# 1337|   			break;
# 1338|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def218]
bluez-5.81/tools/hciattach.c:1340:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘u’
bluez-5.81/tools/hciattach.c:1281:12: branch_false: following ‘false’ branch (when ‘n > 1’)...
 branch_false: ...to here
bluez-5.81/tools/hciattach.c:1286:21: branch_true: following ‘true’ branch...
bluez-5.81/tools/hciattach.c:1289:27: branch_true: ...to here
bluez-5.81/tools/hciattach.c:1297:28: branch_false: following ‘false’ branch...
bluez-5.81/tools/hciattach.c:1302:25: branch_false: ...to here
bluez-5.81/tools/hciattach.c:1286:21: branch_true: following ‘true’ branch...
bluez-5.81/tools/hciattach.c:1289:27: branch_true: ...to here
bluez-5.81/tools/hciattach.c:1340:25: danger: dereference of NULL ‘u’
# 1338|   
# 1339|   		case 5:
# 1340|-> 			u->bdaddr = argv[optind];
# 1341|   			break;
# 1342|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def219]
bluez-5.81/tools/hciattach_qualcomm.c:93:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(firmware, 0)’
bluez-5.81/tools/hciattach_qualcomm.c:91:18: acquire_resource: opened here
bluez-5.81/tools/hciattach_qualcomm.c:95:9: branch_false: following ‘false’ branch...
bluez-5.81/tools/hciattach_qualcomm.c:99:9: branch_false: ...to here
bluez-5.81/tools/hciattach_qualcomm.c:108:20: branch_false: following ‘false’ branch (when ‘nr != 0’)...
bluez-5.81/tools/hciattach_qualcomm.c:111:17: branch_false: ...to here
bluez-5.81/tools/hciattach_qualcomm.c:93:9: danger: ‘open(firmware, 0)’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   91|   	int fw = open(firmware, O_RDONLY);
#   92|   
#   93|-> 	fprintf(stdout, "Opening firmware file: %s\n", firmware);
#   94|   
#   95|   	FAILIF(fw < 0,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def220]
bluez-5.81/tools/hciattach_tialt.c:95:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(firmware, 0)’
bluez-5.81/tools/hciattach_tialt.c:93:18: acquire_resource: opened here
bluez-5.81/tools/hciattach_tialt.c:97:9: branch_false: following ‘false’ branch...
bluez-5.81/tools/hciattach_tialt.c:101:9: branch_false: ...to here
bluez-5.81/tools/hciattach_tialt.c:109:20: branch_false: following ‘false’ branch (when ‘nr != 0’)...
bluez-5.81/tools/hciattach_tialt.c:111:17: branch_false: ...to here
bluez-5.81/tools/hciattach_tialt.c:95:9: danger: ‘open(firmware, 0)’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   93|   	int fw = open(firmware, O_RDONLY);
#   94|   
#   95|-> 	fprintf(stdout, "Opening firmware file: %s\n", firmware);
#   96|   
#   97|   	FAILIF(fw < 0,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def221]
bluez-5.81/tools/hcidump.c:141:24: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
bluez-5.81/tools/hcidump.c:657:5: enter_function: entry to ‘main’
bluez-5.81/tools/hcidump.c:780:12: branch_false: following ‘false’ branch...
bluez-5.81/tools/hcidump.c:783:13: branch_false: ...to here
bluez-5.81/tools/hcidump.c:783:12: branch_false: following ‘false’ branch...
bluez-5.81/tools/hcidump.c:786:9: branch_false: ...to here
bluez-5.81/tools/hcidump.c:791:17: call_function: calling ‘open_socket’ from ‘main’
bluez-5.81/tools/hcidump.c:791:17: return_function: returning to ‘main’ from ‘open_socket’
bluez-5.81/tools/hcidump.c:791:17: call_function: calling ‘process_frames’ from ‘main’
#  139|   
#  140|   	if (sock < 0)
#  141|-> 		return -1;
#  142|   
#  143|   	if (snap_len < SNAP_LEN)

Error: CPPCHECK_WARNING (CWE-476): [#def222]
bluez-5.81/tools/iso-tester.c:2826: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: addr
# 2824|   	/* Bind to local address */
# 2825|   	addr = malloc(sizeof(*addr) + sizeof(*addr->iso_bc));
# 2826|-> 	memset(addr, 0, sizeof(*addr) + sizeof(*addr->iso_bc));
# 2827|   	addr->iso_family = AF_BLUETOOTH;
# 2828|   	bacpy(&addr->iso_bdaddr, (void *) src);

Error: CPPCHECK_WARNING (CWE-476): [#def223]
bluez-5.81/tools/iso-tester.c:2827: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: addr
# 2825|   	addr = malloc(sizeof(*addr) + sizeof(*addr->iso_bc));
# 2826|   	memset(addr, 0, sizeof(*addr) + sizeof(*addr->iso_bc));
# 2827|-> 	addr->iso_family = AF_BLUETOOTH;
# 2828|   	bacpy(&addr->iso_bdaddr, (void *) src);
# 2829|   	addr->iso_bdaddr_type = BDADDR_LE_PUBLIC;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def224]
bluez-5.81/tools/iso-tester.c:2827:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘addr’
bluez-5.81/tools/iso-tester.c:3407:13: enter_function: entry to ‘test_bcast_recv2’
bluez-5.81/tools/iso-tester.c:3413:9: call_function: calling ‘setup_listen_many’ from ‘test_bcast_recv2’
# 2825|   	addr = malloc(sizeof(*addr) + sizeof(*addr->iso_bc));
# 2826|   	memset(addr, 0, sizeof(*addr) + sizeof(*addr->iso_bc));
# 2827|-> 	addr->iso_family = AF_BLUETOOTH;
# 2828|   	bacpy(&addr->iso_bdaddr, (void *) src);
# 2829|   	addr->iso_bdaddr_type = BDADDR_LE_PUBLIC;

Error: CPPCHECK_WARNING (CWE-476): [#def225]
bluez-5.81/tools/iso-tester.c:2829: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: addr
# 2827|   	addr->iso_family = AF_BLUETOOTH;
# 2828|   	bacpy(&addr->iso_bdaddr, (void *) src);
# 2829|-> 	addr->iso_bdaddr_type = BDADDR_LE_PUBLIC;
# 2830|   
# 2831|   	if (isodata->bcast) {

Error: CPPCHECK_WARNING (CWE-476): [#def226]
bluez-5.81/tools/iso-tester.c:2966: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: addr
# 2964|   	if (isodata->pa_bind) {
# 2965|   		addr = malloc(sizeof(*addr) + sizeof(*addr->iso_bc));
# 2966|-> 		memset(addr, 0, sizeof(*addr) + sizeof(*addr->iso_bc));
# 2967|   		addr->iso_family = AF_BLUETOOTH;
# 2968|   

Error: CPPCHECK_WARNING (CWE-476): [#def227]
bluez-5.81/tools/iso-tester.c:2967: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: addr
# 2965|   		addr = malloc(sizeof(*addr) + sizeof(*addr->iso_bc));
# 2966|   		memset(addr, 0, sizeof(*addr) + sizeof(*addr->iso_bc));
# 2967|-> 		addr->iso_family = AF_BLUETOOTH;
# 2968|   
# 2969|   		addr->iso_bc->bc_num_bis = 1;

Error: CPPCHECK_WARNING (CWE-476): [#def228]
bluez-5.81/tools/iso-tester.c:2969: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: addr
# 2967|   		addr->iso_family = AF_BLUETOOTH;
# 2968|   
# 2969|-> 		addr->iso_bc->bc_num_bis = 1;
# 2970|   		addr->iso_bc->bc_bis[0] = 1;
# 2971|   

Error: CPPCHECK_WARNING (CWE-476): [#def229]
bluez-5.81/tools/iso-tester.c:2970: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: addr
# 2968|   
# 2969|   		addr->iso_bc->bc_num_bis = 1;
# 2970|-> 		addr->iso_bc->bc_bis[0] = 1;
# 2971|   
# 2972|   		if (bind(sk, (struct sockaddr *) addr, sizeof(*addr) +

Error: GCC_ANALYZER_WARNING (CWE-775): [#def230]
bluez-5.81/tools/iso-tester.c:3053:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘g_io_channel_unix_get_fd(io)’
bluez-5.81/tools/iso-tester.c:3108:17: enter_function: entry to ‘iso_accept_cb’
bluez-5.81/tools/iso-tester.c:3117:24: call_function: calling ‘iso_accept’ from ‘iso_accept_cb’
# 3051|   
# 3052|   	new_sk = accept(sk, NULL, NULL);
# 3053|-> 	if (new_sk < 0) {
# 3054|   		tester_test_failed();
# 3055|   		return false;

Error: CPPCHECK_WARNING (CWE-476): [#def231]
bluez-5.81/tools/isotest.c:518: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: addr
#  516|   	/* Bind to local address */
#  517|   	addr = malloc(sizeof(*addr) + sizeof(*addr->iso_bc));
#  518|-> 	memset(addr, 0, sizeof(*addr) + sizeof(*addr->iso_bc));
#  519|   	addr->iso_family = AF_BLUETOOTH;
#  520|   	bacpy(&addr->iso_bdaddr, mgmt_index != MGMT_INDEX_NONE ?

Error: CPPCHECK_WARNING (CWE-476): [#def232]
bluez-5.81/tools/isotest.c:519: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: addr
#  517|   	addr = malloc(sizeof(*addr) + sizeof(*addr->iso_bc));
#  518|   	memset(addr, 0, sizeof(*addr) + sizeof(*addr->iso_bc));
#  519|-> 	addr->iso_family = AF_BLUETOOTH;
#  520|   	bacpy(&addr->iso_bdaddr, mgmt_index != MGMT_INDEX_NONE ?
#  521|   					&bdaddr : BDADDR_ANY);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def233]
bluez-5.81/tools/isotest.c:519:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘addr’
bluez-5.81/tools/isotest.c:1202:5: enter_function: entry to ‘main’
bluez-5.81/tools/isotest.c:1420:12: branch_false: following ‘false’ branch...
bluez-5.81/tools/isotest.c:1425:9: branch_false: ...to here
bluez-5.81/tools/isotest.c:1432:12: branch_true: following ‘true’ branch...
bluez-5.81/tools/isotest.c:1433:17: branch_true: ...to here
bluez-5.81/tools/isotest.c:1435:25: call_function: calling ‘do_listen’ from ‘main’
#  517|   	addr = malloc(sizeof(*addr) + sizeof(*addr->iso_bc));
#  518|   	memset(addr, 0, sizeof(*addr) + sizeof(*addr->iso_bc));
#  519|-> 	addr->iso_family = AF_BLUETOOTH;
#  520|   	bacpy(&addr->iso_bdaddr, mgmt_index != MGMT_INDEX_NONE ?
#  521|   					&bdaddr : BDADDR_ANY);

Error: CPPCHECK_WARNING (CWE-476): [#def234]
bluez-5.81/tools/isotest.c:522: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: addr
#  520|   	bacpy(&addr->iso_bdaddr, mgmt_index != MGMT_INDEX_NONE ?
#  521|   					&bdaddr : BDADDR_ANY);
#  522|-> 	addr->iso_bdaddr_type = BDADDR_LE_PUBLIC;
#  523|   	optlen = sizeof(*addr);
#  524|   

Error: CPPCHECK_WARNING (CWE-476): [#def235]
bluez-5.81/tools/isotest.c:527: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: addr
#  525|   	if (peer) {
#  526|   		str2ba(peer, &addr->iso_bc->bc_bdaddr);
#  527|-> 		addr->iso_bc->bc_bdaddr_type = bdaddr_type;
#  528|   		addr->iso_bc->bc_num_bis = num_bis;
#  529|   

Error: CPPCHECK_WARNING (CWE-476): [#def236]
bluez-5.81/tools/isotest.c:528: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: addr
#  526|   		str2ba(peer, &addr->iso_bc->bc_bdaddr);
#  527|   		addr->iso_bc->bc_bdaddr_type = bdaddr_type;
#  528|-> 		addr->iso_bc->bc_num_bis = num_bis;
#  529|   
#  530|   		for (int i = 0; i < num_bis; i++)

Error: CPPCHECK_WARNING (CWE-476): [#def237]
bluez-5.81/tools/isotest.c:531: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: addr
#  529|   
#  530|   		for (int i = 0; i < num_bis; i++)
#  531|-> 			addr->iso_bc->bc_bis[i] = i + 1;
#  532|   
#  533|   		optlen += sizeof(*addr->iso_bc);

Error: CPPCHECK_WARNING (CWE-476): [#def238]
bluez-5.81/tools/isotest.c:1214: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: iso_qos
# 1212|   	iso_qos = malloc(sizeof(*iso_qos));
# 1213|   	/* Default to 16_2_1 */
# 1214|-> 	*iso_qos = presets[3].qos;
# 1215|   	inout = true;
# 1216|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def239]
bluez-5.81/tools/isotest.c:1214:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘iso_qos’
bluez-5.81/tools/isotest.c:1212:19: acquire_memory: this call could return NULL
bluez-5.81/tools/isotest.c:1214:9: danger: ‘malloc(60)’ could be NULL: unchecked value from [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
# 1212|   	iso_qos = malloc(sizeof(*iso_qos));
# 1213|   	/* Default to 16_2_1 */
# 1214|-> 	*iso_qos = presets[3].qos;
# 1215|   	inout = true;
# 1216|   

Error: GCC_ANALYZER_WARNING (CWE-666): [#def240]
bluez-5.81/tools/l2cap-tester.c:1636:15: warning[-Wanalyzer-fd-phase-mismatch]: ‘connect’ on file descriptor ‘sk’ in wrong phase
bluez-5.81/tools/l2cap-tester.c:1886:12: enter_function: entry to ‘connect_socket’
bluez-5.81/tools/l2cap-tester.c:1894:14: call_function: calling ‘create_l2cap_sock’ from ‘connect_socket’
bluez-5.81/tools/l2cap-tester.c:1894:14: return_function: returning to ‘connect_socket’ from ‘create_l2cap_sock’
bluez-5.81/tools/l2cap-tester.c:1896:12: branch_false: following ‘false’ branch...
bluez-5.81/tools/l2cap-tester.c:1905:12: branch_false: ...to here
bluez-5.81/tools/l2cap-tester.c:1905:12: branch_false: following ‘false’ branch (when ‘defer == 0’)...
bluez-5.81/tools/l2cap-tester.c:1918:45: branch_false: ...to here
bluez-5.81/tools/l2cap-tester.c:1917:13: call_function: calling ‘connect_l2cap_impl’ from ‘connect_socket’
# 1634|   	addr.l2_cid = htobs(cid);
# 1635|   
# 1636|-> 	err = connect(sk, (struct sockaddr *) &addr, sizeof(addr));
# 1637|   	if (err < 0 && !(errno == EAGAIN || errno == EINPROGRESS)) {
# 1638|   		err = -errno;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def241]
bluez-5.81/tools/l2cap-tester.c:2296:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘g_io_channel_unix_get_fd(io)’
# 2294|   
# 2295|   	new_sk = accept(sk, NULL, NULL);
# 2296|-> 	if (new_sk < 0) {
# 2297|   		tester_warn("accept failed: %s (%u)", strerror(errno), errno);
# 2298|   		tester_test_failed();

Error: GCC_ANALYZER_WARNING (CWE-457): [#def242]
bluez-5.81/tools/mesh-gatt/crypto.c:376:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘&mic’
bluez-5.81/tools/mesh-gatt/crypto.c:994:6: enter_function: entry to ‘mesh_crypto_packet_encode’
bluez-5.81/tools/mesh-gatt/crypto.c:1005:13: branch_false: following ‘false’ branch...
bluez-5.81/tools/mesh-gatt/crypto.c:1009:17: branch_false: ...to here
bluez-5.81/tools/mesh-gatt/crypto.c:1028:12: branch_true: following ‘true’ branch...
bluez-5.81/tools/mesh-gatt/crypto.c:1029:22: branch_true: ...to here
bluez-5.81/tools/mesh-gatt/crypto.c:1029:22: call_function: calling ‘mesh_crypto_aes_ccm_encrypt’ from ‘mesh_crypto_packet_encode’
#  374|   
#  375|   	if (out_msg)
#  376|-> 		memcpy(out_msg + msg_len, mic, mic_size);
#  377|   
#  378|   	if (out_mic) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def243]
bluez-5.81/tools/mesh-gatt/prov-db.c:56:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(filename, 0)’
bluez-5.81/tools/mesh-gatt/prov-db.c:1472:13: enter_function: entry to ‘read_json_db’
bluez-5.81/tools/mesh-gatt/prov-db.c:1489:15: call_function: calling ‘prov_file_read’ from ‘read_json_db’
#   54|   
#   55|   	fd = open(filename,O_RDONLY);
#   56|-> 	if (!fd)
#   57|   		return NULL;
#   58|   

Error: CPPCHECK_WARNING (CWE-457): [#def244]
bluez-5.81/tools/mesh/agent.c:94: error[uninitvar]: Uninitialized variable: buf
#   92|   		len = 0;
#   93|   
#   94|-> 	bt_put_be32(atoi(input), buf);
#   95|   
#   96|   	if (pending_request.cb)

Error: CPPCHECK_WARNING (CWE-457): [#def245]
bluez-5.81/tools/meshctl.c:762: warning[uninitvar]: Uninitialized variable: addr
#  760|   			dbus_message_iter_get_basic(&iter, &addr);
#  761|   
#  762|-> 	bt_shell_printf("Attempting to disconnect from %s\n", addr);
#  763|   }
#  764|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def246]
bluez-5.81/tools/mpris-proxy.c:1915:13: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘name’
bluez-5.81/tools/mpris-proxy.c:2343:13: enter_function: entry to ‘proxy_added’
bluez-5.81/tools/mpris-proxy.c:2351:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
bluez-5.81/tools/mpris-proxy.c:2358:21: branch_false: ...to here
bluez-5.81/tools/mpris-proxy.c:2358:19: branch_true: following ‘true’ branch (when the strings are equal)...
bluez-5.81/tools/mpris-proxy.c:2359:17: branch_true: ...to here
bluez-5.81/tools/mpris-proxy.c:2360:17: call_function: calling ‘register_player’ from ‘proxy_added’
# 1913|   static char *mpris_busname(char *name)
# 1914|   {
# 1915|-> 	if (g_ascii_isdigit(name[0]))
# 1916|   		return g_strconcat(MPRIS_BUS_NAME, "bt_",
# 1917|   				g_strcanon(name, A_Z a_z _0_9, '_'), NULL);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def247]
bluez-5.81/tools/obex-server-tool.c:133:20: warning[-Wanalyzer-null-argument]: use of NULL ‘name’ where non-null expected
bluez-5.81/tools/obex-server-tool.c:120:17: release_memory: ‘type’ is NULL
bluez-5.81/tools/obex-server-tool.c:123:12: branch_false: following ‘false’ branch...
bluez-5.81/tools/obex-server-tool.c:126:17: branch_false: ...to here
bluez-5.81/tools/obex-server-tool.c:126:17: release_memory: ‘name’ is NULL
bluez-5.81/tools/obex-server-tool.c:129:62: release_memory: ‘name’ is NULL
bluez-5.81/tools/obex-server-tool.c:128:9: branch_false: following ‘false’ branch...
bluez-5.81/tools/obex-server-tool.c:128:55: branch_false: ...to here
bluez-5.81/tools/obex-server-tool.c:133:20: release_memory: ‘name’ is NULL
bluez-5.81/tools/obex-server-tool.c:133:20: release_memory: ‘name’ is NULL
bluez-5.81/tools/obex-server-tool.c:133:20: release_memory: ‘name’ is NULL
bluez-5.81/tools/obex-server-tool.c:133:20: danger: argument 1 (‘name’) NULL where non-null expected
#  131|   	data = g_new0(struct transfer_data, 1);
#  132|   
#  133|-> 	data->fd = open(name, O_WRONLY | O_CREAT | O_NOCTTY, 0600);
#  134|   	if (data->fd < 0) {
#  135|   		g_printerr("open(%s): %s\n", name, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-688): [#def248]
bluez-5.81/tools/obex-server-tool.c:192:20: warning[-Wanalyzer-null-argument]: use of NULL ‘name’ where non-null expected
bluez-5.81/tools/obex-server-tool.c:179:17: release_memory: ‘type’ is NULL
bluez-5.81/tools/obex-server-tool.c:182:12: branch_false: following ‘false’ branch...
bluez-5.81/tools/obex-server-tool.c:185:17: branch_false: ...to here
bluez-5.81/tools/obex-server-tool.c:185:17: release_memory: ‘name’ is NULL
bluez-5.81/tools/obex-server-tool.c:188:62: release_memory: ‘name’ is NULL
bluez-5.81/tools/obex-server-tool.c:187:9: branch_false: following ‘false’ branch...
bluez-5.81/tools/obex-server-tool.c:187:55: branch_false: ...to here
bluez-5.81/tools/obex-server-tool.c:192:20: release_memory: ‘name’ is NULL
bluez-5.81/tools/obex-server-tool.c:192:20: release_memory: ‘name’ is NULL
bluez-5.81/tools/obex-server-tool.c:192:20: release_memory: ‘name’ is NULL
bluez-5.81/tools/obex-server-tool.c:192:20: danger: argument 1 (‘name’) NULL where non-null expected
#  190|   	data = g_new0(struct transfer_data, 1);
#  191|   
#  192|-> 	data->fd = open(name, O_RDONLY | O_NOCTTY, 0);
#  193|   	if (data->fd < 0) {
#  194|   		g_printerr("open(%s): %s\n", name, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-476): [#def249]
bluez-5.81/tools/parser/parser.h:129:32: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘f’
bluez-5.81/tools/parser/l2cap.c:1199:6: enter_function: entry to ‘l2cap_dump’
bluez-5.81/tools/parser/l2cap.c:1209:20: branch_false: following ‘false’ branch...
bluez-5.81/tools/parser/l2cap.c:1215:20: branch_false: ...to here
bluez-5.81/tools/parser/l2cap.c:1215:20: branch_true: following ‘true’ branch...
bluez-5.81/tools/parser/l2cap.c:1217:25: branch_true: ...to here
bluez-5.81/tools/parser/l2cap.c:1217:25: call_function: calling ‘l2cap_parse’ from ‘l2cap_dump’
#  127|   				printf("%8lu.%06lu ", f->ts.tv_sec, f->ts.tv_usec);
#  128|   		}
#  129|-> 		printf("%c ", (f->in ? '>' : '<'));
#  130|   		parser.state = 1;
#  131|   	} else 

Error: GCC_ANALYZER_WARNING: [#def250]
bluez-5.81/tools/rfcomm-tester.c:404:13: warning[-Wanalyzer-fd-use-without-check]: ‘bind’ on possibly invalid file descriptor ‘sk’
#  402|   	bacpy(&addr.rc_bdaddr, address);
#  403|   
#  404|-> 	if (bind(sk, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
#  405|   		close(sk);
#  406|   		return -1;

Error: GCC_ANALYZER_WARNING (CWE-666): [#def251]
bluez-5.81/tools/rfcomm-tester.c:422:15: warning[-Wanalyzer-fd-phase-mismatch]: ‘connect’ on file descriptor ‘sk’ in wrong phase
bluez-5.81/tools/rfcomm-tester.c:628:13: enter_function: entry to ‘test_connect’
bluez-5.81/tools/rfcomm-tester.c:644:14: call_function: calling ‘create_rfcomm_sock’ from ‘test_connect’
bluez-5.81/tools/rfcomm-tester.c:644:14: return_function: returning to ‘test_connect’ from ‘create_rfcomm_sock’
bluez-5.81/tools/rfcomm-tester.c:646:13: call_function: calling ‘connect_rfcomm_sock’ from ‘test_connect’
#  420|   	addr.rc_channel = htobs(channel);
#  421|   
#  422|-> 	err = connect(sk, (struct sockaddr *) &addr, sizeof(addr));
#  423|   	if (err < 0 && !(errno == EAGAIN || errno == EINPROGRESS))
#  424|   		return err;

Error: GCC_ANALYZER_WARNING: [#def252]
bluez-5.81/tools/rfcomm-tester.c:422:15: warning[-Wanalyzer-fd-use-without-check]: ‘connect’ on possibly invalid file descriptor ‘sk’
bluez-5.81/tools/rfcomm-tester.c:628:13: enter_function: entry to ‘test_connect’
bluez-5.81/tools/rfcomm-tester.c:644:14: call_function: calling ‘create_rfcomm_sock’ from ‘test_connect’
bluez-5.81/tools/rfcomm-tester.c:644:14: return_function: returning to ‘test_connect’ from ‘create_rfcomm_sock’
bluez-5.81/tools/rfcomm-tester.c:646:13: call_function: calling ‘connect_rfcomm_sock’ from ‘test_connect’
#  420|   	addr.rc_channel = htobs(channel);
#  421|   
#  422|-> 	err = connect(sk, (struct sockaddr *) &addr, sizeof(addr));
#  423|   	if (err < 0 && !(errno == EAGAIN || errno == EINPROGRESS))
#  424|   		return err;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def253]
bluez-5.81/tools/rfcomm-tester.c:707:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘g_io_channel_unix_get_fd(io)’
#  705|   
#  706|   	new_sk = accept(sk, NULL, NULL);
#  707|-> 	if (new_sk < 0) {
#  708|   		tester_test_failed();
#  709|   		return false;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def254]
bluez-5.81/tools/rfcomm.c:354:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&devname, 256)’
bluez-5.81/tools/rfcomm.c:283:12: branch_false: following ‘false’ branch (when ‘argc > 1’)...
bluez-5.81/tools/rfcomm.c:288:9: branch_false: ...to here
bluez-5.81/tools/rfcomm.c:297:12: branch_false: following ‘false’ branch (when ‘sk >= 0’)...
bluez-5.81/tools/rfcomm.c:302:13: branch_false: ...to here
bluez-5.81/tools/rfcomm.c:312:12: branch_false: following ‘false’ branch...
bluez-5.81/tools/rfcomm.c:318:13: branch_false: ...to here
bluez-5.81/tools/rfcomm.c:318:12: branch_false: following ‘false’ branch...
bluez-5.81/tools/rfcomm.c:324:9: branch_false: ...to here
bluez-5.81/tools/rfcomm.c:325:12: branch_false: following ‘false’ branch...
bluez-5.81/tools/rfcomm.c:331:9: branch_false: ...to here
bluez-5.81/tools/rfcomm.c:340:12: branch_false: following ‘false’ branch (when ‘dev >= 0’)...
bluez-5.81/tools/rfcomm.c:346:9: branch_false: ...to here
bluez-5.81/tools/rfcomm.c:347:16: branch_true: following ‘true’ branch...
bluez-5.81/tools/rfcomm.c:348:21: branch_true: ...to here
bluez-5.81/tools/rfcomm.c:348:20: branch_false: following ‘false’ branch...
bluez-5.81/tools/rfcomm.c:353:17: branch_false: ...to here
bluez-5.81/tools/rfcomm.c:354:27: acquire_resource: opened here
bluez-5.81/tools/rfcomm.c:354:20: danger: ‘open(&devname, 256)’ leaks here; was opened at [(18)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/17)
#  352|   
#  353|   		snprintf(devname, MAXPATHLEN - 1, "/dev/bluetooth/rfcomm/%d", dev);
#  354|-> 		if ((fd = open(devname, O_RDONLY | O_NOCTTY)) < 0) {
#  355|   			if (try--) {
#  356|   				snprintf(devname, MAXPATHLEN - 1, "/dev/rfcomm%d", dev);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def255]
bluez-5.81/tools/rfcomm.c:515:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&devname, 256)’
bluez-5.81/tools/rfcomm.c:438:12: branch_false: following ‘false’ branch (when ‘sk >= 0’)...
bluez-5.81/tools/rfcomm.c:443:9: branch_false: ...to here
bluez-5.81/tools/rfcomm.c:459:12: branch_false: following ‘false’ branch...
bluez-5.81/tools/rfcomm.c:465:58: branch_false: ...to here
bluez-5.81/tools/rfcomm.c:473:12: branch_false: following ‘false’ branch...
bluez-5.81/tools/rfcomm.c:480:13: branch_false: ...to here
bluez-5.81/tools/rfcomm.c:500:12: branch_false: following ‘false’ branch (when ‘dev >= 0’)...
bluez-5.81/tools/rfcomm.c:507:9: branch_false: ...to here
bluez-5.81/tools/rfcomm.c:508:16: branch_true: following ‘true’ branch...
bluez-5.81/tools/rfcomm.c:509:21: branch_true: ...to here
bluez-5.81/tools/rfcomm.c:509:20: branch_false: following ‘false’ branch...
bluez-5.81/tools/rfcomm.c:514:17: branch_false: ...to here
bluez-5.81/tools/rfcomm.c:515:27: acquire_resource: opened here
bluez-5.81/tools/rfcomm.c:515:20: danger: ‘open(&devname, 256)’ leaks here; was opened at [(15)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/14)
#  513|   
#  514|   		snprintf(devname, MAXPATHLEN - 1, "/dev/bluetooth/rfcomm/%d", dev);
#  515|-> 		if ((fd = open(devname, O_RDONLY | O_NOCTTY)) < 0) {
#  516|   			if (try--) {
#  517|   				snprintf(devname, MAXPATHLEN - 1, "/dev/rfcomm%d", dev);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def256]
bluez-5.81/tools/sco-tester.c:682:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sk’
bluez-5.81/tools/sco-tester.c:676:14: acquire_resource: socket created here
bluez-5.81/tools/sco-tester.c:678:12: branch_false: following ‘false’ branch (when ‘sk >= 0’)...
bluez-5.81/tools/sco-tester.c:685:26: branch_false: ...to here
bluez-5.81/tools/sco-tester.c:686:12: branch_true: following ‘true’ branch...
bluez-5.81/tools/sco-tester.c:687:17: branch_true: ...to here
bluez-5.81/tools/sco-tester.c:682:24: danger: ‘sk’ leaks here
#  680|   		tester_warn("Can't create socket: %s (%d)", strerror(errno),
#  681|   									errno);
#  682|-> 		return err;
#  683|   	}
#  684|   

Error: GCC_ANALYZER_WARNING (CWE-666): [#def257]
bluez-5.81/tools/sco-tester.c:722:15: warning[-Wanalyzer-fd-phase-mismatch]: ‘connect’ on file descriptor ‘sk’ in wrong phase
bluez-5.81/tools/sco-tester.c:847:13: enter_function: entry to ‘test_connect’
bluez-5.81/tools/sco-tester.c:853:14: call_function: calling ‘create_sco_sock’ from ‘test_connect’
bluez-5.81/tools/sco-tester.c:853:14: return_function: returning to ‘test_connect’ from ‘create_sco_sock’
bluez-5.81/tools/sco-tester.c:854:12: branch_false: following ‘false’ branch...
bluez-5.81/tools/sco-tester.c:859:13: branch_false: ...to here
bluez-5.81/tools/sco-tester.c:859:13: call_function: calling ‘connect_sco_sock’ from ‘test_connect’
#  720|   	bacpy(&addr.sco_bdaddr, (void *) client_bdaddr);
#  721|   
#  722|-> 	err = connect(sk, (struct sockaddr *) &addr, sizeof(addr));
#  723|   	if (err < 0 && !(errno == EAGAIN || errno == EINPROGRESS)) {
#  724|   		err = -errno;

Error: CPPCHECK_WARNING (CWE-457): [#def258]
bluez-5.81/tools/test-runner.c:954: warning[uninitvar]: Uninitialized variable: argv
#  952|   	envp[pos] = NULL;
#  953|   
#  954|-> 	printf("Running command %s\n", cmdname ? cmdname : argv[0]);
#  955|   
#  956|   	pid = fork();

Scan Properties