Error: SHELLCHECK_WARNING: [#def1] /usr/bin/fsck.btrfs:25:2: warning[SC2220]: Invalid flags are not handled. Add a *) case. # 23| while getopts ":aApy" c # 24| do # 25|-> case $c in # 26| a|A|p|y) AUTO=true;; # 27| esac Error: SHELLCHECK_WARNING (CWE-569): [#def2] /usr/bin/fsck.btrfs:30:12: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it. # 28| done # 29| shift $(($OPTIND - 1)) # 30|-> eval DEV=\${$#} # 31| if [ ! -e $DEV ]; then # 32| echo "$0: $DEV does not exist" Error: SHELLCHECK_WARNING (CWE-569): [#def3] /usr/bin/fsck.btrfs:30:15: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it. # 28| done # 29| shift $(($OPTIND - 1)) # 30|-> eval DEV=\${$#} # 31| if [ ! -e $DEV ]; then # 32| echo "$0: $DEV does not exist" Error: GCC_ANALYZER_WARNING (CWE-401): [#def4] btrfs-progs-v6.14/./kernel-lib/list.h:120:9: warning[-Wanalyzer-malloc-leak]: leak of ‘e’ btrfs-progs-v6.14/cmds/inspect.c:553:12: enter_function: entry to ‘print_min_dev_size’ btrfs-progs-v6.14/cmds/inspect.c:588:20: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/inspect.c:594:21: branch_false: ...to here btrfs-progs-v6.14/cmds/inspect.c:594:20: branch_false: following ‘false’ branch... branch_false: ...to here btrfs-progs-v6.14/cmds/inspect.c:611:28: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/inspect.c:616:31: call_function: calling ‘add_dev_extent’ from ‘print_min_dev_size’ # 118| xnew->next = next; # 119| xnew->prev = prev; # 120|-> WRITE_ONCE(prev->next, xnew); # 121| } # 122| Error: GCC_ANALYZER_WARNING (CWE-476): [#def5] btrfs-progs-v6.14/./kernel-lib/list.h:133:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘*fs_info.fs_devices’ btrfs-progs-v6.14/kernel-shared/volumes.c:2401:12: enter_function: entry to ‘read_one_chunk’ btrfs-progs-v6.14/kernel-shared/volumes.c:2421:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2428:14: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2436:12: branch_false: following ‘false’ branch (when ‘map’ is non-NULL)... btrfs-progs-v6.14/kernel-shared/volumes.c:2439:9: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2449:21: branch_true: following ‘true’ branch (when ‘i < num_stripes’)... btrfs-progs-v6.14/kernel-shared/volumes.c:2451:25: call_function: inlined call to ‘btrfs_stripe_offset_nr’ from ‘read_one_chunk’ btrfs-progs-v6.14/kernel-shared/volumes.c:2456:39: call_function: calling ‘btrfs_find_device’ from ‘read_one_chunk’ btrfs-progs-v6.14/kernel-shared/volumes.c:2456:39: return_function: returning to ‘read_one_chunk’ from ‘btrfs_find_device’ btrfs-progs-v6.14/kernel-shared/volumes.c:2458:20: branch_true: following ‘true’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2459:47: branch_true: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2462:25: call_function: inlined call to ‘list_add’ from ‘read_one_chunk’ # 131| static inline void list_add(struct list_head *xnew, struct list_head *head) # 132| { # 133|-> __list_add(xnew, head, head->next); # 134| } # 135| Error: GCC_ANALYZER_WARNING (CWE-416): [#def6] btrfs-progs-v6.14/./kernel-lib/list.h:182:9: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘((const struct list_head *)((char *)bq + 8))[11].next’ btrfs-progs-v6.14/cmds/qgroup.c:2241:12: enter_function: entry to ‘cmd_qgroup_clear_stale’ btrfs-progs-v6.14/cmds/qgroup.c:2251:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/qgroup.c:2254:20: branch_false: ...to here btrfs-progs-v6.14/cmds/qgroup.c:2257:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/qgroup.c:2261:15: branch_false: ...to here btrfs-progs-v6.14/cmds/qgroup.c:2262:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/qgroup.c:2266:19: branch_false: ...to here btrfs-progs-v6.14/cmds/qgroup.c:2266:19: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/qgroup.c:2273:15: branch_false: ...to here btrfs-progs-v6.14/cmds/qgroup.c:2278:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/qgroup.c:2281:19: branch_false: ...to here btrfs-progs-v6.14/cmds/qgroup.c:2281:19: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/qgroup.c:2287:16: branch_false: ...to here btrfs-progs-v6.14/cmds/qgroup.c:2298:9: call_function: calling ‘__free_all_qgroups’ from ‘cmd_qgroup_clear_stale’ # 180| return; # 181| # 182|-> __list_del(entry->prev, entry->next); # 183| } # 184| Error: GCC_ANALYZER_WARNING (CWE-416): [#def7] btrfs-progs-v6.14/./kernel-lib/list.h:182:9: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘((const struct list_head *)((char *)recover + 8))[1].next’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:224:5: enter_function: entry to ‘btrfs_recover_superblocks’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:232:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/rescue-super-recover.c:236:9: call_function: inlined call to ‘init_recover_superblock’ from ‘btrfs_recover_superblocks’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:241:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/rescue-super-recover.c:246:13: branch_false: ...to here btrfs-progs-v6.14/cmds/rescue-super-recover.c:249:15: call_function: calling ‘read_fs_supers’ from ‘btrfs_recover_superblocks’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:249:15: return_function: returning to ‘btrfs_recover_superblocks’ from ‘read_fs_supers’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:250:12: branch_true: following ‘true’ branch... btrfs-progs-v6.14/cmds/rescue-super-recover.c:252:17: branch_true: ...to here btrfs-progs-v6.14/cmds/rescue-super-recover.c:288:9: call_function: calling ‘recover_err_str’ from ‘btrfs_recover_superblocks’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:288:9: return_function: returning to ‘btrfs_recover_superblocks’ from ‘recover_err_str’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:289:9: call_function: calling ‘free_recover_superblock’ from ‘btrfs_recover_superblocks’ # 180| return; # 181| # 182|-> __list_del(entry->prev, entry->next); # 183| } # 184| Error: GCC_ANALYZER_WARNING (CWE-416): [#def8] btrfs-progs-v6.14/./kernel-lib/list.h:182:9: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘*(const struct list_head *)((char *)recover + 8).next’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:224:5: enter_function: entry to ‘btrfs_recover_superblocks’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:232:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/rescue-super-recover.c:236:9: call_function: inlined call to ‘init_recover_superblock’ from ‘btrfs_recover_superblocks’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:241:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/rescue-super-recover.c:246:13: branch_false: ...to here btrfs-progs-v6.14/cmds/rescue-super-recover.c:249:15: call_function: calling ‘read_fs_supers’ from ‘btrfs_recover_superblocks’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:249:15: return_function: returning to ‘btrfs_recover_superblocks’ from ‘read_fs_supers’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:250:12: branch_true: following ‘true’ branch... btrfs-progs-v6.14/cmds/rescue-super-recover.c:252:17: branch_true: ...to here btrfs-progs-v6.14/cmds/rescue-super-recover.c:288:9: call_function: calling ‘recover_err_str’ from ‘btrfs_recover_superblocks’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:288:9: return_function: returning to ‘btrfs_recover_superblocks’ from ‘recover_err_str’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:289:9: call_function: calling ‘free_recover_superblock’ from ‘btrfs_recover_superblocks’ # 180| return; # 181| # 182|-> __list_del(entry->prev, entry->next); # 183| } # 184| Error: GCC_ANALYZER_WARNING (CWE-476): [#def9] btrfs-progs-v6.14/./kernel-shared/accessors.h:720:1: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘leaf’ btrfs-progs-v6.14/kernel-shared/ctree.c:2897:5: enter_function: entry to ‘btrfs_del_items’ btrfs-progs-v6.14/kernel-shared/ctree.c:2940:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/ctree.c:2951:28: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/ctree.c:2960:20: branch_true: following ‘true’ branch... btrfs-progs-v6.14/kernel-shared/ctree.c:2965:25: branch_true: ...to here btrfs-progs-v6.14/kernel-shared/ctree.c:2968:32: call_function: calling ‘push_leaf_left’ from ‘btrfs_del_items’ # 718| BTRFS_SETGET_HEADER_FUNCS(header_generation, struct btrfs_header, generation, 64); # 719| BTRFS_SETGET_HEADER_FUNCS(header_owner, struct btrfs_header, owner, 64); # 720|-> BTRFS_SETGET_HEADER_FUNCS(header_nritems, struct btrfs_header, nritems, 32); # 721| BTRFS_SETGET_HEADER_FUNCS(header_flags, struct btrfs_header, flags, 64); # 722| BTRFS_SETGET_HEADER_FUNCS(header_level, struct btrfs_header, level, 8); Error: GCC_ANALYZER_WARNING (CWE-457): [#def10] btrfs-progs-v6.14/check/mode-lowmem.c:596:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘key.offset’ btrfs-progs-v6.14/check/mode-lowmem.c:561:12: enter_function: entry to ‘delete_item’ btrfs-progs-v6.14/check/mode-lowmem.c:571:12: branch_true: following ‘true’ branch... btrfs-progs-v6.14/check/mode-lowmem.c:572:23: call_function: inlined call to ‘PTR_ERR’ from ‘delete_item’ btrfs-progs-v6.14/check/mode-lowmem.c:595:12: branch_true: following ‘true’ branch (when ‘ret != 0’)... btrfs-progs-v6.14/check/mode-lowmem.c:596:17: branch_true: ...to here btrfs-progs-v6.14/check/mode-lowmem.c:596:17: danger: use of uninitialized value ‘key.offset’ here # 594| btrfs_commit_transaction(trans, root); # 595| if (ret) # 596|-> error("failed to delete root %llu item[%llu, %u, %llu]", # 597| root->objectid, key.objectid, key.type, key.offset); # 598| else Error: GCC_ANALYZER_WARNING (CWE-457): [#def11] btrfs-progs-v6.14/check/mode-lowmem.c:599:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘key.offset’ btrfs-progs-v6.14/check/mode-lowmem.c:561:12: enter_function: entry to ‘delete_item’ btrfs-progs-v6.14/check/mode-lowmem.c:571:12: branch_true: following ‘true’ branch... btrfs-progs-v6.14/check/mode-lowmem.c:572:23: call_function: inlined call to ‘PTR_ERR’ from ‘delete_item’ btrfs-progs-v6.14/check/mode-lowmem.c:595:12: branch_false: following ‘false’ branch (when ‘ret == 0’)... btrfs-progs-v6.14/check/mode-lowmem.c:599:17: branch_false: ...to here btrfs-progs-v6.14/check/mode-lowmem.c:599:17: danger: use of uninitialized value ‘key.offset’ here # 597| root->objectid, key.objectid, key.type, key.offset); # 598| else # 599|-> printf("Deleted root %llu item[%llu, %u, %llu]\n", # 600| root->objectid, key.objectid, key.type, key.offset); # 601| return ret; Error: GCC_ANALYZER_WARNING (CWE-126): [#def12] btrfs-progs-v6.14/cmds/filesystem-du.c:357:37: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read btrfs-progs-v6.14/cmds/filesystem-du.c:576:12: enter_function: entry to ‘cmd_filesystem_du’ btrfs-progs-v6.14/cmds/filesystem-du.c:604:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/filesystem-du.c:607:26: branch_false: ...to here btrfs-progs-v6.14/cmds/filesystem-du.c:618:26: branch_true: following ‘true’ branch... btrfs-progs-v6.14/cmds/filesystem-du.c:619:39: branch_true: ...to here btrfs-progs-v6.14/cmds/filesystem-du.c:619:23: call_function: calling ‘du_add_file’ from ‘cmd_filesystem_du’ # 355| } # 356| # 357|-> fiemap->fm_start = (fm_ext[i - 1].fe_logical + # 358| fm_ext[i - 1].fe_length); # 359| } while (!last); Error: GCC_ANALYZER_WARNING (CWE-126): [#def13] btrfs-progs-v6.14/cmds/filesystem-du.c:358:37: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read btrfs-progs-v6.14/cmds/filesystem-du.c:576:12: enter_function: entry to ‘cmd_filesystem_du’ btrfs-progs-v6.14/cmds/filesystem-du.c:604:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/filesystem-du.c:607:26: branch_false: ...to here btrfs-progs-v6.14/cmds/filesystem-du.c:618:26: branch_true: following ‘true’ branch... btrfs-progs-v6.14/cmds/filesystem-du.c:619:39: branch_true: ...to here btrfs-progs-v6.14/cmds/filesystem-du.c:619:23: call_function: calling ‘du_add_file’ from ‘cmd_filesystem_du’ # 356| # 357| fiemap->fm_start = (fm_ext[i - 1].fe_logical + # 358|-> fm_ext[i - 1].fe_length); # 359| } while (!last); # 360| Error: GCC_ANALYZER_WARNING (CWE-688): [#def14] btrfs-progs-v6.14/cmds/filesystem-usage.c:220:9: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected btrfs-progs-v6.14/cmds/filesystem-usage.c:1203:12: enter_function: entry to ‘cmd_filesystem_usage’ btrfs-progs-v6.14/cmds/filesystem-usage.c:1231:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/filesystem-usage.c:1234:14: branch_false: ...to here btrfs-progs-v6.14/cmds/filesystem-usage.c:1234:26: branch_true: following ‘true’ branch... btrfs-progs-v6.14/cmds/filesystem-usage.c:1236:30: branch_true: ...to here btrfs-progs-v6.14/cmds/filesystem-usage.c:1240:20: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/filesystem-usage.c:1244:20: branch_false: ...to here btrfs-progs-v6.14/cmds/filesystem-usage.c:1244:20: branch_false: following ‘false’ branch (when ‘more_than_one == 0’)... btrfs-progs-v6.14/cmds/filesystem-usage.c:1247:23: branch_false: ...to here btrfs-progs-v6.14/cmds/filesystem-usage.c:1247:23: call_function: calling ‘load_chunk_and_device_info’ from ‘cmd_filesystem_usage’ # 218| } # 219| # 220|-> qsort(chunkinfos->data, chunkinfos->length, sizeof(struct chunk_info *), # 221| cmp_chunk_info); # 222| Error: GCC_ANALYZER_WARNING (CWE-688): [#def15] btrfs-progs-v6.14/cmds/filesystem-usage.c:836:9: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected btrfs-progs-v6.14/cmds/filesystem-usage.c:1203:12: enter_function: entry to ‘cmd_filesystem_usage’ btrfs-progs-v6.14/cmds/filesystem-usage.c:1231:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/filesystem-usage.c:1234:14: branch_false: ...to here btrfs-progs-v6.14/cmds/filesystem-usage.c:1234:26: branch_true: following ‘true’ branch... btrfs-progs-v6.14/cmds/filesystem-usage.c:1236:30: branch_true: ...to here btrfs-progs-v6.14/cmds/filesystem-usage.c:1240:20: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/filesystem-usage.c:1244:20: branch_false: ...to here btrfs-progs-v6.14/cmds/filesystem-usage.c:1244:20: branch_false: following ‘false’ branch (when ‘more_than_one == 0’)... btrfs-progs-v6.14/cmds/filesystem-usage.c:1247:23: branch_false: ...to here btrfs-progs-v6.14/cmds/filesystem-usage.c:1247:23: call_function: calling ‘load_chunk_and_device_info’ from ‘cmd_filesystem_usage’ # 834| } # 835| # 836|-> qsort(devinfos->data, devinfos->length, sizeof(struct device_info *), cmp_device_info); # 837| # 838| return 0; Error: GCC_ANALYZER_WARNING (CWE-401): [#def16] btrfs-progs-v6.14/cmds/filesystem.c:573:28: warning[-Wanalyzer-malloc-leak]: leak of ‘dev_copy’ btrfs-progs-v6.14/cmds/filesystem.c:592:12: enter_function: entry to ‘find_and_copy_seed’ btrfs-progs-v6.14/cmds/filesystem.c:597:9: branch_true: following ‘true’ branch... btrfs-progs-v6.14/cmds/filesystem.c:598:41: branch_true: ...to here btrfs-progs-v6.14/cmds/filesystem.c:598:20: branch_true: following ‘true’ branch... btrfs-progs-v6.14/cmds/filesystem.c:599:32: branch_true: ...to here btrfs-progs-v6.14/cmds/filesystem.c:599:32: call_function: calling ‘copy_fs_devices’ from ‘find_and_copy_seed’ # 571| # 572| list_for_each_entry(cur_dev, &src->devices, dev_list) { # 573|-> dev_copy = malloc(sizeof(*dev_copy)); # 574| if (!dev_copy) { # 575| ret = -ENOMEM; Error: GCC_ANALYZER_WARNING (CWE-401): [#def17] btrfs-progs-v6.14/cmds/filesystem.c:654:25: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ btrfs-progs-v6.14/cmds/filesystem.c:620:12: enter_function: entry to ‘search_umounted_fs_uuids’ btrfs-progs-v6.14/cmds/filesystem.c:633:9: branch_true: following ‘true’ branch... btrfs-progs-v6.14/cmds/filesystem.c:635:20: branch_true: ...to here btrfs-progs-v6.14/cmds/filesystem.c:643:20: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/filesystem.c:646:27: branch_false: ...to here btrfs-progs-v6.14/cmds/filesystem.c:647:20: branch_false: following ‘false’ branch (when ‘fs_copy’ is non-NULL)... btrfs-progs-v6.14/cmds/filesystem.c:652:23: branch_false: ...to here btrfs-progs-v6.14/cmds/filesystem.c:652:23: call_function: calling ‘copy_fs_devices’ from ‘search_umounted_fs_uuids’ btrfs-progs-v6.14/cmds/filesystem.c:652:23: return_function: returning to ‘search_umounted_fs_uuids’ from ‘copy_fs_devices’ btrfs-progs-v6.14/cmds/filesystem.c:653:20: branch_true: following ‘true’ branch... btrfs-progs-v6.14/cmds/filesystem.c:654:25: branch_true: ...to here btrfs-progs-v6.14/cmds/filesystem.c:654:25: danger: ‘<unknown>’ leaks here; was allocated at [(18)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/17) # 652| ret = copy_fs_devices(fs_copy, cur_fs); # 653| if (ret) { # 654|-> free(fs_copy); # 655| goto out; # 656| } Error: GCC_ANALYZER_WARNING (CWE-127): [#def18] btrfs-progs-v6.14/cmds/filesystem.c:680:26: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read btrfs-progs-v6.14/cmds/filesystem.c:744:12: enter_function: entry to ‘cmd_filesystem_show’ btrfs-progs-v6.14/cmds/filesystem.c:790:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/filesystem.c:793:13: branch_false: ...to here btrfs-progs-v6.14/cmds/filesystem.c:795:20: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/filesystem.c:797:24: branch_false: ...to here btrfs-progs-v6.14/cmds/filesystem.c:834:12: branch_true: following ‘true’ branch (when ‘where == 2’)... btrfs-progs-v6.14/cmds/filesystem.c:839:30: branch_true: ...to here btrfs-progs-v6.14/cmds/filesystem.c:862:12: branch_true: following ‘true’ branch (when ‘type == 4’)... btrfs-progs-v6.14/cmds/filesystem.c:863:24: branch_true: ...to here btrfs-progs-v6.14/cmds/filesystem.c:864:20: branch_true: following ‘true’ branch... btrfs-progs-v6.14/cmds/filesystem.c:882:15: branch_true: ...to here btrfs-progs-v6.14/cmds/filesystem.c:883:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/filesystem.c:888:15: branch_false: ...to here btrfs-progs-v6.14/cmds/filesystem.c:888:15: call_function: calling ‘map_seed_devices’ from ‘cmd_filesystem_show’ # 678| struct open_ctree_args oca = { 0 }; # 679| # 680|-> device = list_first_entry(&cur_fs->devices, # 681| struct btrfs_device, dev_list); # 682| if (!device) Error: GCC_ANALYZER_WARNING (CWE-401): [#def19] btrfs-progs-v6.14/cmds/inspect.c:1017:24: warning[-Wanalyzer-malloc-leak]: leak of ‘sortmode’ btrfs-progs-v6.14/cmds/inspect.c:1003:20: branch_false: following ‘false’ branch (when ‘c >= 0’)... btrfs-progs-v6.14/cmds/inspect.c:1006:17: branch_false: ...to here btrfs-progs-v6.14/cmds/inspect.c:1006:17: branch_true: following ‘true’ branch (when ‘c == 256’)... btrfs-progs-v6.14/cmds/inspect.c:1007:17: branch_true: ...to here btrfs-progs-v6.14/cmds/inspect.c:1009:36: acquire_memory: allocated here btrfs-progs-v6.14/cmds/inspect.c:1017:24: danger: ‘sortmode’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4) # 1015| # 1016| if (check_argc_exact(argc - optind, 1)) # 1017|-> return 1; # 1018| # 1019| ctx.stats = calloc(ctx.size, sizeof(ctx.stats[0])); Error: GCC_ANALYZER_WARNING (CWE-401): [#def20] btrfs-progs-v6.14/cmds/inspect.c:1097:41: warning[-Wanalyzer-malloc-leak]: leak of ‘lnumber’ btrfs-progs-v6.14/cmds/inspect.c:1003:20: branch_true: following ‘true’ branch (when ‘c < 0’)... btrfs-progs-v6.14/cmds/inspect.c:1016:13: branch_true: ...to here btrfs-progs-v6.14/cmds/inspect.c:1016:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/inspect.c:1019:21: branch_false: ...to here btrfs-progs-v6.14/cmds/inspect.c:1020:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/inspect.c:1026:20: branch_false: ...to here btrfs-progs-v6.14/cmds/inspect.c:1029:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/inspect.c:1034:9: branch_false: ...to here btrfs-progs-v6.14/cmds/inspect.c:1044:12: branch_false: following ‘false’ branch (when ‘lnumber’ is non-NULL)... branch_false: ...to here btrfs-progs-v6.14/cmds/inspect.c:1053:20: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/inspect.c:1057:21: branch_false: ...to here btrfs-progs-v6.14/cmds/inspect.c:1057:20: branch_false: following ‘false’ branch... branch_false: ...to here btrfs-progs-v6.14/cmds/inspect.c:1074:40: branch_true: following ‘true’ branch... btrfs-progs-v6.14/cmds/inspect.c:1078:38: branch_true: ...to here btrfs-progs-v6.14/cmds/inspect.c:1086:40: branch_true: following ‘true’ branch... btrfs-progs-v6.14/cmds/inspect.c:1090:41: branch_true: ...to here btrfs-progs-v6.14/cmds/inspect.c:1091:47: acquire_memory: allocated here btrfs-progs-v6.14/cmds/inspect.c:1092:44: branch_false: following ‘false’ branch (when ‘tmp’ is non-NULL)... btrfs-progs-v6.14/cmds/inspect.c:1097:62: branch_false: ...to here btrfs-progs-v6.14/cmds/inspect.c:1086:40: branch_true: following ‘true’ branch... btrfs-progs-v6.14/cmds/inspect.c:1090:41: branch_true: ...to here btrfs-progs-v6.14/cmds/inspect.c:1092:44: branch_false: following ‘false’ branch (when ‘tmp’ is non-NULL)... btrfs-progs-v6.14/cmds/inspect.c:1097:62: branch_false: ...to here btrfs-progs-v6.14/cmds/inspect.c:1097:41: danger: ‘lnumber’ leaks here; was allocated at [(19)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/18) # 1095| goto out; # 1096| } # 1097|-> memcpy(tmp, lnumber, sizeof(u64) * old_size); # 1098| lnumber = tmp; # 1099| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def21] btrfs-progs-v6.14/cmds/inspect.c:1230:28: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ btrfs-progs-v6.14/cmds/inspect.c:1453:12: enter_function: entry to ‘cmd_inspect_map_swapfile’ btrfs-progs-v6.14/cmds/inspect.c:1485:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/inspect.c:1488:23: branch_false: ...to here btrfs-progs-v6.14/cmds/inspect.c:1489:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/inspect.c:1496:15: branch_false: ...to here btrfs-progs-v6.14/cmds/inspect.c:1497:12: branch_false: following ‘false’ branch (when ‘ret != -1’)... btrfs-progs-v6.14/cmds/inspect.c:1502:13: branch_false: ...to here btrfs-progs-v6.14/cmds/inspect.c:1502:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/inspect.c:1508:15: branch_false: ...to here btrfs-progs-v6.14/cmds/inspect.c:1509:12: branch_false: following ‘false’ branch (when ‘ret != -1’)... btrfs-progs-v6.14/cmds/inspect.c:1514:14: branch_false: ...to here btrfs-progs-v6.14/cmds/inspect.c:1514:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/inspect.c:1519:13: branch_false: ...to here btrfs-progs-v6.14/cmds/inspect.c:1519:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/inspect.c:1525:15: branch_false: ...to here btrfs-progs-v6.14/cmds/inspect.c:1525:15: call_function: calling ‘read_chunk_tree’ from ‘cmd_inspect_map_swapfile’ # 1228| capacity *= 2; # 1229| tmp = realloc(*chunks, capacity * sizeof(**chunks)); # 1230|-> if (!tmp) { # 1231| perror("realloc"); # 1232| return -1; Error: GCC_ANALYZER_WARNING (CWE-688): [#def22] btrfs-progs-v6.14/cmds/property.c:276:22: warning[-Wanalyzer-null-argument]: use of NULL ‘arg’ where non-null expected btrfs-progs-v6.14/cmds/property.c:632:12: enter_function: entry to ‘cmd_property_set’ btrfs-progs-v6.14/cmds/property.c:636:15: release_memory: ‘object’ is NULL btrfs-progs-v6.14/cmds/property.c:637:15: release_memory: ‘object’ is NULL btrfs-progs-v6.14/cmds/property.c:638:15: release_memory: ‘object’ is NULL btrfs-progs-v6.14/cmds/property.c:642:13: call_function: calling ‘parse_args’ from ‘cmd_property_set’ btrfs-progs-v6.14/cmds/property.c:642:13: return_function: returning to ‘cmd_property_set’ from ‘parse_args’ btrfs-progs-v6.14/cmds/property.c:642:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/property.c:645:15: branch_false: ...to here btrfs-progs-v6.14/cmds/property.c:645:15: release_memory: ‘name’ is NULL btrfs-progs-v6.14/cmds/property.c:645:15: release_memory: ‘name’ is NULL btrfs-progs-v6.14/cmds/property.c:645:15: call_function: calling ‘setget_prop’ from ‘cmd_property_set’ # 274| # 275| for (; prop->name; prop++) { # 276|-> if (!strcmp(prop->name, arg)) { # 277| *prop_ret = prop; # 278| return 0; Error: GCC_ANALYZER_WARNING (CWE-476): [#def23] btrfs-progs-v6.14/cmds/property.c:563:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘name’ btrfs-progs-v6.14/cmds/property.c:662:12: enter_function: entry to ‘cmd_property_list’ btrfs-progs-v6.14/cmds/property.c:670:13: call_function: calling ‘parse_args’ from ‘cmd_property_list’ # 561| *object = argv[optind++]; # 562| if (optind < argc) # 563|-> *name = argv[optind++]; # 564| if (optind < argc) # 565| *value = argv[optind++]; Error: GCC_ANALYZER_WARNING (CWE-476): [#def24] btrfs-progs-v6.14/cmds/property.c:565:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘value’ btrfs-progs-v6.14/cmds/property.c:600:12: enter_function: entry to ‘cmd_property_get’ btrfs-progs-v6.14/cmds/property.c:609:13: call_function: calling ‘parse_args’ from ‘cmd_property_get’ # 563| *name = argv[optind++]; # 564| if (optind < argc) # 565|-> *value = argv[optind++]; # 566| # 567| if (!*types) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def25] btrfs-progs-v6.14/cmds/qgroup.c:844:40: warning[-Wanalyzer-malloc-leak]: leak of ‘bq’ btrfs-progs-v6.14/cmds/qgroup.c:823:14: acquire_memory: allocated here btrfs-progs-v6.14/cmds/qgroup.c:824:12: branch_false: following ‘false’ branch (when ‘bq’ is non-NULL)... btrfs-progs-v6.14/cmds/qgroup.c:829:9: branch_false: ...to here btrfs-progs-v6.14/cmds/qgroup.c:834:12: branch_true: following ‘true’ branch... btrfs-progs-v6.14/cmds/qgroup.c:838:24: branch_true: ...to here btrfs-progs-v6.14/cmds/qgroup.c:839:20: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/qgroup.c:841:25: branch_false: ...to here btrfs-progs-v6.14/cmds/qgroup.c:841:25: branch_true: following ‘true’ branch... btrfs-progs-v6.14/cmds/qgroup.c:842:25: branch_true: ...to here btrfs-progs-v6.14/cmds/qgroup.c:844:40: danger: ‘bq’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0) # 842| error("%s", btrfs_util_strerror(uret)); # 843| if (uret == BTRFS_UTIL_ERROR_NO_MEMORY) # 844|-> return ERR_PTR(-ENOMEM); # 845| else # 846| return ERR_PTR(-EIO); Error: GCC_ANALYZER_WARNING (CWE-415): [#def26] btrfs-progs-v6.14/cmds/qgroup.c:971:17: warning[-Wanalyzer-double-free]: double-‘free’ of ‘((const struct list_head *)((char *)bq + 8))[12].next + -16’ btrfs-progs-v6.14/cmds/qgroup.c:2241:12: enter_function: entry to ‘cmd_qgroup_clear_stale’ btrfs-progs-v6.14/cmds/qgroup.c:2251:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/qgroup.c:2254:20: branch_false: ...to here btrfs-progs-v6.14/cmds/qgroup.c:2257:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/qgroup.c:2261:15: branch_false: ...to here btrfs-progs-v6.14/cmds/qgroup.c:2262:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/qgroup.c:2266:19: branch_false: ...to here btrfs-progs-v6.14/cmds/qgroup.c:2266:19: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/qgroup.c:2273:15: branch_false: ...to here btrfs-progs-v6.14/cmds/qgroup.c:2278:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/qgroup.c:2281:19: branch_false: ...to here btrfs-progs-v6.14/cmds/qgroup.c:2281:19: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/qgroup.c:2287:16: branch_false: ...to here btrfs-progs-v6.14/cmds/qgroup.c:2298:9: call_function: calling ‘__free_all_qgroups’ from ‘cmd_qgroup_clear_stale’ # 969| list_del(&list->next_qgroup); # 970| list_del(&list->next_member); # 971|-> free(list); # 972| } # 973| if (bq->path) Error: GCC_ANALYZER_WARNING (CWE-775): [#def27] btrfs-progs-v6.14/cmds/receive.c:390:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor btrfs-progs-v6.14/cmds/receive.c:243:12: enter_function: entry to ‘process_snapshot’ btrfs-progs-v6.14/cmds/receive.c:257:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/receive.c:263:13: branch_false: ...to here btrfs-progs-v6.14/cmds/receive.c:263:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/receive.c:270:14: branch_false: ...to here btrfs-progs-v6.14/cmds/receive.c:275:20: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/receive.c:281:29: branch_false: ...to here btrfs-progs-v6.14/cmds/receive.c:282:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/receive.c:287:9: branch_false: ...to here btrfs-progs-v6.14/cmds/receive.c:307:13: call_function: inlined call to ‘IS_ERR_OR_NULL’ from ‘process_snapshot’ btrfs-progs-v6.14/cmds/receive.c:322:13: branch_false: ...to here btrfs-progs-v6.14/cmds/receive.c:358:12: branch_true: following ‘true’ branch... btrfs-progs-v6.14/cmds/receive.c:359:30: branch_true: ...to here btrfs-progs-v6.14/cmds/receive.c:359:30: acquire_resource: opened here btrfs-progs-v6.14/cmds/receive.c:363:12: branch_true: following ‘true’ branch... btrfs-progs-v6.14/cmds/receive.c:364:24: branch_true: ...to here btrfs-progs-v6.14/cmds/receive.c:365:20: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/receive.c:368:25: branch_false: ...to here btrfs-progs-v6.14/cmds/receive.c:390:16: danger: leaks here; was opened at [(18)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/17) # 388| free(parent_subvol); # 389| } # 390|-> return ret; # 391| } # 392| Error: GCC_ANALYZER_WARNING (CWE-401): [#def28] btrfs-progs-v6.14/cmds/reflink.c:126:33: warning[-Wanalyzer-malloc-leak]: leak of ‘range’ btrfs-progs-v6.14/cmds/reflink.c:105:12: enter_function: entry to ‘cmd_reflink_clone’ btrfs-progs-v6.14/cmds/reflink.c:118:20: branch_false: following ‘false’ branch (when ‘c >= 0’)... btrfs-progs-v6.14/cmds/reflink.c:121:17: branch_false: ...to here btrfs-progs-v6.14/cmds/reflink.c:126:33: acquire_memory: allocated here btrfs-progs-v6.14/cmds/reflink.c:127:28: branch_false: following ‘false’ branch (when ‘range’ is non-NULL)... btrfs-progs-v6.14/cmds/reflink.c:131:25: branch_false: ...to here btrfs-progs-v6.14/cmds/reflink.c:133:25: call_function: calling ‘parse_reflink_range’ from ‘cmd_reflink_clone’ btrfs-progs-v6.14/cmds/reflink.c:133:25: return_function: returning to ‘cmd_reflink_clone’ from ‘parse_reflink_range’ btrfs-progs-v6.14/cmds/reflink.c:118:20: branch_false: following ‘false’ branch (when ‘c >= 0’)... btrfs-progs-v6.14/cmds/reflink.c:121:17: branch_false: ...to here btrfs-progs-v6.14/cmds/reflink.c:126:33: danger: ‘range’ leaks here; was allocated at [(6)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/5) # 124| fallthrough; # 125| case 'r': # 126|-> range = malloc(sizeof(struct reflink_range)); # 127| if (!range) { # 128| error("not enough memory"); Error: GCC_ANALYZER_WARNING (CWE-401): [#def29] btrfs-progs-v6.14/cmds/reflink.c:129:40: warning[-Wanalyzer-malloc-leak]: leak of ‘range’ btrfs-progs-v6.14/cmds/reflink.c:105:12: enter_function: entry to ‘cmd_reflink_clone’ btrfs-progs-v6.14/cmds/reflink.c:118:20: branch_false: following ‘false’ branch (when ‘c >= 0’)... btrfs-progs-v6.14/cmds/reflink.c:121:17: branch_false: ...to here btrfs-progs-v6.14/cmds/reflink.c:126:33: acquire_memory: allocated here btrfs-progs-v6.14/cmds/reflink.c:127:28: branch_false: following ‘false’ branch (when ‘range’ is non-NULL)... btrfs-progs-v6.14/cmds/reflink.c:131:25: branch_false: ...to here btrfs-progs-v6.14/cmds/reflink.c:133:25: call_function: calling ‘parse_reflink_range’ from ‘cmd_reflink_clone’ btrfs-progs-v6.14/cmds/reflink.c:133:25: return_function: returning to ‘cmd_reflink_clone’ from ‘parse_reflink_range’ btrfs-progs-v6.14/cmds/reflink.c:118:20: branch_true: following ‘true’ branch (when ‘c < 0’)... btrfs-progs-v6.14/cmds/reflink.c:142:13: branch_true: ...to here btrfs-progs-v6.14/cmds/reflink.c:142:12: branch_true: following ‘true’ branch... btrfs-progs-v6.14/cmds/reflink.c:129:40: branch_true: ...to here btrfs-progs-v6.14/cmds/reflink.c:129:40: danger: ‘range’ leaks here; was allocated at [(6)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/5) # 127| if (!range) { # 128| error("not enough memory"); # 129|-> return 1; # 130| } # 131| INIT_LIST_HEAD(&range->list); Error: GCC_ANALYZER_WARNING (CWE-415): [#def30] btrfs-progs-v6.14/cmds/rescue-super-recover.c:75:17: warning[-Wanalyzer-double-free]: double-‘free’ of ‘*(struct super_block_record *)MEM[(const struct list_head *)recover_10(D) + 8B].next.device_name’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:224:5: enter_function: entry to ‘btrfs_recover_superblocks’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:232:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/rescue-super-recover.c:236:9: call_function: inlined call to ‘init_recover_superblock’ from ‘btrfs_recover_superblocks’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:241:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/rescue-super-recover.c:246:13: branch_false: ...to here btrfs-progs-v6.14/cmds/rescue-super-recover.c:249:15: call_function: calling ‘read_fs_supers’ from ‘btrfs_recover_superblocks’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:249:15: return_function: returning to ‘btrfs_recover_superblocks’ from ‘read_fs_supers’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:250:12: branch_true: following ‘true’ branch... btrfs-progs-v6.14/cmds/rescue-super-recover.c:252:17: branch_true: ...to here btrfs-progs-v6.14/cmds/rescue-super-recover.c:288:9: call_function: calling ‘recover_err_str’ from ‘btrfs_recover_superblocks’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:288:9: return_function: returning to ‘btrfs_recover_superblocks’ from ‘recover_err_str’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:289:9: call_function: calling ‘free_recover_superblock’ from ‘btrfs_recover_superblocks’ # 73| struct super_block_record, list); # 74| list_del_init(&record->list); # 75|-> free(record->device_name); # 76| free(record); # 77| } Error: GCC_ANALYZER_WARNING (CWE-415): [#def31] btrfs-progs-v6.14/cmds/rescue-super-recover.c:83:17: warning[-Wanalyzer-double-free]: double-‘free’ of ‘*(struct super_block_record *)MEM[(const struct list_head *)recover_10(D) + 24B].next.device_name’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:224:5: enter_function: entry to ‘btrfs_recover_superblocks’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:232:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/rescue-super-recover.c:236:9: call_function: inlined call to ‘init_recover_superblock’ from ‘btrfs_recover_superblocks’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:241:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/rescue-super-recover.c:246:13: branch_false: ...to here btrfs-progs-v6.14/cmds/rescue-super-recover.c:249:15: call_function: calling ‘read_fs_supers’ from ‘btrfs_recover_superblocks’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:249:15: return_function: returning to ‘btrfs_recover_superblocks’ from ‘read_fs_supers’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:250:12: branch_true: following ‘true’ branch... btrfs-progs-v6.14/cmds/rescue-super-recover.c:252:17: branch_true: ...to here btrfs-progs-v6.14/cmds/rescue-super-recover.c:288:9: call_function: calling ‘recover_err_str’ from ‘btrfs_recover_superblocks’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:288:9: return_function: returning to ‘btrfs_recover_superblocks’ from ‘recover_err_str’ btrfs-progs-v6.14/cmds/rescue-super-recover.c:289:9: call_function: calling ‘free_recover_superblock’ from ‘btrfs_recover_superblocks’ # 81| struct super_block_record, list); # 82| list_del_init(&record->list); # 83|-> free(record->device_name); # 84| free(record); # 85| } Error: GCC_ANALYZER_WARNING (CWE-126): [#def32] btrfs-progs-v6.14/cmds/scrub.c:459:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read btrfs-progs-v6.14/cmds/scrub.c:1844:12: enter_function: entry to ‘cmd_scrub_status’ btrfs-progs-v6.14/cmds/scrub.c:1883:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/scrub.c:1886:20: branch_false: ...to here btrfs-progs-v6.14/cmds/scrub.c:1889:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/scrub.c:1892:15: branch_false: ...to here btrfs-progs-v6.14/cmds/scrub.c:1893:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/scrub.c:1899:14: branch_false: ...to here btrfs-progs-v6.14/cmds/scrub.c:1899:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/scrub.c:1904:15: branch_false: ...to here btrfs-progs-v6.14/cmds/scrub.c:1905:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/cmds/scrub.c:1912:9: branch_false: ...to here btrfs-progs-v6.14/cmds/scrub.c:1915:12: branch_false: following ‘false’ branch (when ‘fdres != -1’)... btrfs-progs-v6.14/cmds/scrub.c:1920:9: branch_false: ...to here btrfs-progs-v6.14/cmds/scrub.c:1920:9: call_function: calling ‘scrub_datafile’ from ‘cmd_scrub_status’ # 457| # 458| datafile[ret] = '.'; # 459|-> strncpy(datafile + ret + 1, fn_local, end - ret - 1); # 460| ret = strlen(datafile); # 461| Error: GCC_ANALYZER_WARNING (CWE-688): [#def33] btrfs-progs-v6.14/common/path-utils.c:206:13: warning[-Wanalyzer-null-argument]: use of NULL ‘a’ where non-null expected btrfs-progs-v6.14/common/path-utils.c:231:5: enter_function: entry to ‘is_same_loop_file’ btrfs-progs-v6.14/common/path-utils.c:240:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/common/path-utils.c:244:19: branch_false: ...to here btrfs-progs-v6.14/common/path-utils.c:244:19: branch_true: following ‘true’ branch... btrfs-progs-v6.14/common/path-utils.c:245:23: branch_true: ...to here btrfs-progs-v6.14/common/path-utils.c:246:20: branch_true: following ‘true’ branch... btrfs-progs-v6.14/common/path-utils.c:247:29: branch_true: ...to here btrfs-progs-v6.14/common/path-utils.c:247:28: branch_false: following ‘false’ branch... btrfs-progs-v6.14/common/path-utils.c:257:20: branch_false: ...to here btrfs-progs-v6.14/common/path-utils.c:257:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/common/path-utils.c:261:19: branch_false: ...to here btrfs-progs-v6.14/common/path-utils.c:273:16: call_function: calling ‘is_same_blk_file’ from ‘is_same_loop_file’ # 204| return 1; # 205| # 206|-> if (stat(a, &st_buf_a) < 0 || stat(b, &st_buf_b) < 0) { # 207| if (errno == ENOENT) # 208| return 0; Error: GCC_ANALYZER_WARNING (CWE-688): [#def34] btrfs-progs-v6.14/common/path-utils.c:206:39: warning[-Wanalyzer-null-argument]: use of NULL ‘b’ where non-null expected btrfs-progs-v6.14/common/path-utils.c:231:5: enter_function: entry to ‘is_same_loop_file’ btrfs-progs-v6.14/common/path-utils.c:240:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/common/path-utils.c:244:19: branch_false: ...to here btrfs-progs-v6.14/common/path-utils.c:257:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/common/path-utils.c:261:19: branch_false: ...to here btrfs-progs-v6.14/common/path-utils.c:261:19: branch_true: following ‘true’ branch... btrfs-progs-v6.14/common/path-utils.c:262:23: branch_true: ...to here btrfs-progs-v6.14/common/path-utils.c:263:20: branch_true: following ‘true’ branch... btrfs-progs-v6.14/common/path-utils.c:264:29: branch_true: ...to here btrfs-progs-v6.14/common/path-utils.c:264:28: branch_false: following ‘false’ branch... btrfs-progs-v6.14/common/path-utils.c:273:16: branch_false: ...to here btrfs-progs-v6.14/common/path-utils.c:273:16: call_function: calling ‘is_same_blk_file’ from ‘is_same_loop_file’ # 204| return 1; # 205| # 206|-> if (stat(a, &st_buf_a) < 0 || stat(b, &st_buf_b) < 0) { # 207| if (errno == ENOENT) # 208| return 0; Error: GCC_ANALYZER_WARNING (CWE-457): [#def35] btrfs-progs-v6.14/image/common.c:103:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘__builtin_alloca_with_align((sizetype)btrfs_csum_type_size(0), 8)’ # 101| crc = crc32c(crc, buf + BTRFS_CSUM_SIZE, len - BTRFS_CSUM_SIZE); # 102| put_unaligned_le32(~crc, result); # 103|-> memcpy(buf, result, csum_size); # 104| } # 105| Error: GCC_ANALYZER_WARNING (CWE-476): [#def36] btrfs-progs-v6.14/image/image-restore.c:1140:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘item’ btrfs-progs-v6.14/image/image-restore.c:1765:5: enter_function: entry to ‘restore_metadump’ btrfs-progs-v6.14/image/image-restore.c:1777:12: branch_true: following ‘true’ branch (when the strings are equal)... btrfs-progs-v6.14/image/image-restore.c:1778:17: branch_true: ...to here btrfs-progs-v6.14/image/image-restore.c:1788:12: branch_false: following ‘false’ branch (when ‘fixup_offset == 0’)... btrfs-progs-v6.14/image/image-restore.c:1803:19: branch_false: ...to here btrfs-progs-v6.14/image/image-restore.c:1804:12: branch_false: following ‘false’ branch (when ‘cluster’ is non-NULL)... btrfs-progs-v6.14/image/image-restore.c:1810:15: branch_false: ...to here btrfs-progs-v6.14/image/image-restore.c:1810:15: call_function: calling ‘mdrestore_init’ from ‘restore_metadump’ btrfs-progs-v6.14/image/image-restore.c:1810:15: return_function: returning to ‘restore_metadump’ from ‘mdrestore_init’ btrfs-progs-v6.14/image/image-restore.c:1812:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/image/image-restore.c:1817:13: branch_false: ...to here btrfs-progs-v6.14/image/image-restore.c:1817:12: branch_true: following ‘true’ branch... btrfs-progs-v6.14/image/image-restore.c:1818:23: branch_true: ...to here btrfs-progs-v6.14/image/image-restore.c:1818:23: call_function: calling ‘build_chunk_tree’ from ‘restore_metadump’ # 1138| # 1139| if (!item || get_unaligned_le64(&item->bytenr) != BTRFS_SUPER_INFO_OFFSET) { # 1140|-> error("did not find superblock at %llu", get_unaligned_le64(&item->bytenr)); # 1141| return -EINVAL; # 1142| } Error: GCC_ANALYZER_WARNING (CWE-775): [#def37] btrfs-progs-v6.14/image/image-restore.c:1783:32: warning[-Wanalyzer-file-leak]: leak of FILE ‘in’ btrfs-progs-v6.14/image/image-restore.c:1777:12: branch_false: following ‘false’ branch (when the strings are non-equal)... btrfs-progs-v6.14/image/image-restore.c:1780:22: branch_false: ...to here btrfs-progs-v6.14/image/image-restore.c:1780:22: acquire_resource: opened here btrfs-progs-v6.14/image/image-restore.c:1781:20: branch_false: following ‘false’ branch... btrfs-progs-v6.14/image/image-restore.c:1788:12: branch_false: ...to here btrfs-progs-v6.14/image/image-restore.c:1930:12: branch_false: following ‘false’ branch... branch_false: ...to here btrfs-progs-v6.14/image/image-restore.c:1783:32: danger: ‘in’ leaks here; was opened at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2) # 1781| if (!in) { # 1782| error("unable to open metadump image: %m"); # 1783|-> return 1; # 1784| } # 1785| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def38] btrfs-progs-v6.14/image/image-restore.c:1783:32: warning[-Wanalyzer-malloc-leak]: leak of ‘in’ btrfs-progs-v6.14/image/image-restore.c:1777:12: branch_false: following ‘false’ branch (when the strings are non-equal)... btrfs-progs-v6.14/image/image-restore.c:1780:22: branch_false: ...to here btrfs-progs-v6.14/image/image-restore.c:1780:22: acquire_memory: allocated here btrfs-progs-v6.14/image/image-restore.c:1781:20: branch_false: following ‘false’ branch... btrfs-progs-v6.14/image/image-restore.c:1788:12: branch_false: ...to here btrfs-progs-v6.14/image/image-restore.c:1930:12: branch_false: following ‘false’ branch... branch_false: ...to here btrfs-progs-v6.14/image/image-restore.c:1783:32: danger: ‘in’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2) # 1781| if (!in) { # 1782| error("unable to open metadump image: %m"); # 1783|-> return 1; # 1784| } # 1785| } Error: GCC_ANALYZER_WARNING (CWE-122): [#def39] btrfs-progs-v6.14/image/sanitize.c:122:17: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow btrfs-progs-v6.14/image/sanitize.c:246:14: enter_function: entry to ‘find_collision’ btrfs-progs-v6.14/image/sanitize.c:265:12: branch_false: following ‘false’ branch (when ‘val’ is non-NULL)... btrfs-progs-v6.14/image/sanitize.c:271:9: branch_false: ...to here btrfs-progs-v6.14/image/sanitize.c:276:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/image/sanitize.c:283:17: branch_false: ...to here btrfs-progs-v6.14/image/sanitize.c:283:17: call_function: calling ‘find_collision_reverse_crc32c’ from ‘find_collision’ # 120| } # 121| for (i = 0; i < 4; i++) # 122|-> suffix[i] = (desired_crc >> i * 8) & 0xFF; # 123| } # 124| Error: GCC_ANALYZER_WARNING (CWE-122): [#def40] btrfs-progs-v6.14/image/sanitize.c:134:17: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read btrfs-progs-v6.14/image/sanitize.c:246:14: enter_function: entry to ‘find_collision’ btrfs-progs-v6.14/image/sanitize.c:265:12: branch_false: following ‘false’ branch (when ‘val’ is non-NULL)... btrfs-progs-v6.14/image/sanitize.c:271:9: branch_false: ...to here btrfs-progs-v6.14/image/sanitize.c:276:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/image/sanitize.c:283:17: branch_false: ...to here btrfs-progs-v6.14/image/sanitize.c:283:17: call_function: calling ‘find_collision_reverse_crc32c’ from ‘find_collision’ # 132| # 133| for (i = 0; i < 4; i++) { # 134|-> c = suffix[i]; # 135| if (c < ' ' || c > 126 || c == '/') # 136| return false; Error: GCC_ANALYZER_WARNING (CWE-401): [#def41] btrfs-progs-v6.14/image/sanitize.c:354:20: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ btrfs-progs-v6.14/image/sanitize.c:447:6: enter_function: entry to ‘sanitize_name’ btrfs-progs-v6.14/image/sanitize.c:455:14: call_function: calling ‘alloc_dummy_eb’ from ‘sanitize_name’ btrfs-progs-v6.14/image/sanitize.c:455:14: return_function: returning to ‘sanitize_name’ from ‘alloc_dummy_eb’ btrfs-progs-v6.14/image/sanitize.c:456:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/image/sanitize.c:461:9: branch_false: ...to here btrfs-progs-v6.14/image/sanitize.c:466:17: call_function: calling ‘sanitize_dir_item’ from ‘sanitize_name’ # 352| garbage = generate_garbage(name_len); # 353| } # 354|-> if (!garbage) { # 355| error_msg(ERROR_MSG_MEMORY, "sanitize name"); # 356| return; Error: GCC_ANALYZER_WARNING (CWE-126): [#def42] btrfs-progs-v6.14/kernel-shared/delayed-ref.c:77:21: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read btrfs-progs-v6.14/kernel-shared/delayed-ref.c:617:5: enter_function: entry to ‘btrfs_add_delayed_tree_ref’ btrfs-progs-v6.14/kernel-shared/delayed-ref.c:633:12: branch_false: following ‘false’ branch (when ‘ref’ is non-NULL)... btrfs-progs-v6.14/kernel-shared/delayed-ref.c:636:12: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/delayed-ref.c:647:12: branch_false: following ‘false’ branch (when ‘head_ref’ is non-NULL)... btrfs-progs-v6.14/kernel-shared/delayed-ref.c:650:9: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/delayed-ref.c:650:9: call_function: calling ‘init_delayed_ref_head’ from ‘btrfs_add_delayed_tree_ref’ btrfs-progs-v6.14/kernel-shared/delayed-ref.c:650:9: return_function: returning to ‘btrfs_add_delayed_tree_ref’ from ‘init_delayed_ref_head’ btrfs-progs-v6.14/kernel-shared/delayed-ref.c:656:20: call_function: calling ‘add_delayed_ref_head’ from ‘btrfs_add_delayed_tree_ref’ btrfs-progs-v6.14/kernel-shared/delayed-ref.c:656:20: return_function: returning to ‘btrfs_add_delayed_tree_ref’ from ‘add_delayed_ref_head’ btrfs-progs-v6.14/kernel-shared/delayed-ref.c:659:15: call_function: calling ‘insert_delayed_ref’ from ‘btrfs_add_delayed_tree_ref’ # 75| if (ref1->objectid > ref2->objectid) # 76| return 1; # 77|-> if (ref1->offset < ref2->offset) # 78| return -1; # 79| if (ref1->offset > ref2->offset) Error: GCC_ANALYZER_WARNING (CWE-476): [#def43] btrfs-progs-v6.14/kernel-shared/disk-io.c:1564:23: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘fs_devices’ btrfs-progs-v6.14/kernel-shared/disk-io.c:1720:20: enter_function: entry to ‘open_ctree_fd’ btrfs-progs-v6.14/kernel-shared/disk-io.c:1727:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/disk-io.c:1732:9: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/disk-io.c:1735:16: call_function: calling ‘__open_ctree_fd’ from ‘open_ctree_fd’ # 1562| disk_super = fs_info->super_copy; # 1563| if (flags & OPEN_CTREE_RECOVER_SUPER) # 1564|-> ret = btrfs_read_dev_super(fs_devices->latest_bdev, disk_super, # 1565| sb_bytenr, SBREAD_RECOVER); # 1566| else if (flags & OPEN_CTREE_USE_LATEST_BDEV) Error: GCC_ANALYZER_WARNING (CWE-476): [#def44] btrfs-progs-v6.14/kernel-shared/disk-io.c:1567:23: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘fs_devices’ btrfs-progs-v6.14/kernel-shared/disk-io.c:1720:20: enter_function: entry to ‘open_ctree_fd’ btrfs-progs-v6.14/kernel-shared/disk-io.c:1727:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/disk-io.c:1732:9: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/disk-io.c:1735:16: call_function: calling ‘__open_ctree_fd’ from ‘open_ctree_fd’ # 1565| sb_bytenr, SBREAD_RECOVER); # 1566| else if (flags & OPEN_CTREE_USE_LATEST_BDEV) # 1567|-> ret = btrfs_read_dev_super(fs_devices->latest_bdev, disk_super, # 1568| sb_bytenr, sbflags); # 1569| else Error: GCC_ANALYZER_WARNING (CWE-127): [#def45] btrfs-progs-v6.14/kernel-shared/extent_io.c:412:21: warning[-Wanalyzer-out-of-bounds]: heap-based buffer under-read btrfs-progs-v6.14/kernel-shared/extent_io.c:320:12: enter_function: entry to ‘read_raid56’ btrfs-progs-v6.14/kernel-shared/extent_io.c:342:12: branch_false: following ‘false’ branch (when ‘pointers’ is non-NULL)... branch_false: ...to here btrfs-progs-v6.14/kernel-shared/extent_io.c:346:21: branch_false: following ‘false’ branch (when ‘i >= num_stripes’)... btrfs-progs-v6.14/kernel-shared/extent_io.c:354:32: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/extent_io.c:355:12: branch_false: following ‘false’ branch... branch_false: ...to here btrfs-progs-v6.14/kernel-shared/extent_io.c:366:21: branch_false: following ‘false’ branch (when ‘i >= num_stripes’)... btrfs-progs-v6.14/kernel-shared/extent_io.c:380:17: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/extent_io.c:394:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/extent_io.c:399:9: call_function: inlined call to ‘find_next_bit’ from ‘read_raid56’ btrfs-progs-v6.14/kernel-shared/extent_io.c:399:9: call_function: inlined call to ‘find_next_bit’ from ‘read_raid56’ btrfs-progs-v6.14/kernel-shared/extent_io.c:399:9: branch_false: following ‘false’ branch (when ‘i >= num_stripes’)... btrfs-progs-v6.14/kernel-shared/extent_io.c:407:15: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/extent_io.c:412:21: danger: out-of-bounds read from byte -8 till byte -1 but region starts at byte 0 # 410| # 411| /* Now copy the data back to original buf */ # 412|-> memcpy(buf, pointers[failed_a] + (logical - full_stripe_start) % # 413| BTRFS_STRIPE_LEN, len); # 414| ret = 0; Error: GCC_ANALYZER_WARNING (CWE-476): [#def46] btrfs-progs-v6.14/kernel-shared/volumes.c:1956:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘buf’ btrfs-progs-v6.14/kernel-shared/volumes.c:1903:5: enter_function: entry to ‘btrfs_rmap_block’ btrfs-progs-v6.14/kernel-shared/volumes.c:1917:9: call_function: inlined call to ‘bugon_trace’ from ‘btrfs_rmap_block’ btrfs-progs-v6.14/kernel-shared/volumes.c:1920:9: branch_true: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:1931:15: acquire_memory: this call could return NULL btrfs-progs-v6.14/kernel-shared/volumes.c:1933:21: branch_true: following ‘true’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:1934:21: branch_true: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:1934:20: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:1935:21: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:1934:21: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:1938:29: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:1951:29: branch_false: following ‘false’ branch (when ‘j >= nr’)... btrfs-progs-v6.14/kernel-shared/volumes.c:1955:20: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:1955:20: branch_true: following ‘true’ branch (when ‘j == nr’)... btrfs-progs-v6.14/kernel-shared/volumes.c:1956:29: branch_true: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:1956:25: danger: ‘buf + (long unsigned int)nr * 8’ could be NULL: unchecked value from [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4) # 1954| } # 1955| if (j == nr) # 1956|-> buf[nr++] = bytenr; # 1957| } # 1958| Error: GCC_ANALYZER_WARNING (CWE-476): [#def47] btrfs-progs-v6.14/kernel-shared/volumes.c:2390:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘device’ btrfs-progs-v6.14/kernel-shared/volumes.c:2389:18: acquire_memory: this call could return NULL btrfs-progs-v6.14/kernel-shared/volumes.c:2390:9: danger: ‘device’ could be NULL: unchecked value from [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0) # 2388| # 2389| device = kzalloc(sizeof(*device), GFP_NOFS); # 2390|-> device->devid = devid; # 2391| memcpy(device->uuid, uuid, BTRFS_UUID_SIZE); # 2392| device->fd = -1; Error: GCC_ANALYZER_WARNING (CWE-457): [#def48] btrfs-progs-v6.14/kernel-shared/volumes.c:2862:29: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’ btrfs-progs-v6.14/kernel-shared/volumes.c:2832:5: enter_function: entry to ‘write_raid56_with_parity’ btrfs-progs-v6.14/kernel-shared/volumes.c:2845:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2851:13: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2851:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2854:15: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2854:15: call_function: calling ‘split_eb_for_raid56’ from ‘write_raid56_with_parity’ btrfs-progs-v6.14/kernel-shared/volumes.c:2854:15: return_function: returning to ‘write_raid56_with_parity’ from ‘split_eb_for_raid56’ btrfs-progs-v6.14/kernel-shared/volumes.c:2856:12: branch_false: following ‘false’ branch... branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2859:21: branch_true: following ‘true’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2861:29: branch_true: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2861:20: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2868:26: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2869:20: branch_false: following ‘false’ branch (when ‘new_eb’ is non-NULL)... btrfs-progs-v6.14/kernel-shared/volumes.c:2873:17: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2877:20: branch_true: following ‘true’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2859:45: branch_true: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2859:21: branch_true: following ‘true’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2861:29: branch_true: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2861:20: branch_true: following ‘true’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2862:32: branch_true: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2862:29: danger: use of uninitialized value ‘*<unknown>’ here # 2860| struct extent_buffer *new_eb; # 2861| if (raid_map[i] < BTRFS_RAID5_P_STRIPE) { # 2862|-> if (ebs[i]->start != raid_map[i]) { # 2863| ret = -EINVAL; # 2864| goto out_free_split; Error: GCC_ANALYZER_WARNING (CWE-401): [#def49] btrfs-progs-v6.14/kernel-shared/volumes.c:2868:26: warning[-Wanalyzer-malloc-leak]: leak of ‘new_eb’ btrfs-progs-v6.14/kernel-shared/volumes.c:2832:5: enter_function: entry to ‘write_raid56_with_parity’ btrfs-progs-v6.14/kernel-shared/volumes.c:2845:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2851:13: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2851:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2854:15: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2854:15: call_function: calling ‘split_eb_for_raid56’ from ‘write_raid56_with_parity’ btrfs-progs-v6.14/kernel-shared/volumes.c:2854:15: return_function: returning to ‘write_raid56_with_parity’ from ‘split_eb_for_raid56’ btrfs-progs-v6.14/kernel-shared/volumes.c:2856:12: branch_false: following ‘false’ branch... branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2859:21: branch_true: following ‘true’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2861:29: branch_true: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2861:20: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2868:26: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2868:26: acquire_memory: allocated here btrfs-progs-v6.14/kernel-shared/volumes.c:2869:20: branch_false: following ‘false’ branch (when ‘new_eb’ is non-NULL)... btrfs-progs-v6.14/kernel-shared/volumes.c:2873:17: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2877:20: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2879:25: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2879:25: branch_false: following ‘false’ branch... branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2859:21: branch_true: following ‘true’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2861:29: branch_true: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2861:20: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2868:26: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2868:26: danger: ‘new_eb’ leaks here; was allocated at [(19)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/18) # 2866| continue; # 2867| } # 2868|-> new_eb = kmalloc(sizeof(*eb) + alloc_size, GFP_KERNEL); # 2869| if (!new_eb) { # 2870| ret = -ENOMEM; Error: GCC_ANALYZER_WARNING (CWE-457): [#def50] btrfs-progs-v6.14/kernel-shared/volumes.c:2910:21: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’ btrfs-progs-v6.14/kernel-shared/volumes.c:2832:5: enter_function: entry to ‘write_raid56_with_parity’ btrfs-progs-v6.14/kernel-shared/volumes.c:2845:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2851:13: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2851:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2854:15: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2854:15: call_function: calling ‘split_eb_for_raid56’ from ‘write_raid56_with_parity’ btrfs-progs-v6.14/kernel-shared/volumes.c:2854:15: return_function: returning to ‘write_raid56_with_parity’ from ‘split_eb_for_raid56’ btrfs-progs-v6.14/kernel-shared/volumes.c:2856:12: branch_false: following ‘false’ branch... branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2859:21: branch_true: following ‘true’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2861:29: branch_true: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2861:20: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2868:26: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2909:21: branch_true: following ‘true’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2910:24: branch_true: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2910:21: danger: use of uninitialized value ‘*<unknown>’ here # 2908| out_free_split: # 2909| for (i = 0; i < multi->num_stripes; i++) { # 2910|-> if (ebs[i] != eb) # 2911| kfree(ebs[i]); # 2912| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def51] btrfs-progs-v6.14/kernel-shared/volumes.c:2915:9: warning[-Wanalyzer-malloc-leak]: leak of ‘new_eb’ btrfs-progs-v6.14/kernel-shared/volumes.c:2832:5: enter_function: entry to ‘write_raid56_with_parity’ btrfs-progs-v6.14/kernel-shared/volumes.c:2845:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2851:13: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2851:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2854:15: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2854:15: call_function: calling ‘split_eb_for_raid56’ from ‘write_raid56_with_parity’ btrfs-progs-v6.14/kernel-shared/volumes.c:2854:15: return_function: returning to ‘write_raid56_with_parity’ from ‘split_eb_for_raid56’ btrfs-progs-v6.14/kernel-shared/volumes.c:2856:12: branch_false: following ‘false’ branch... branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2859:21: branch_true: following ‘true’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2861:29: branch_true: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2861:20: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2868:26: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2868:26: acquire_memory: allocated here btrfs-progs-v6.14/kernel-shared/volumes.c:2869:20: branch_false: following ‘false’ branch (when ‘new_eb’ is non-NULL)... btrfs-progs-v6.14/kernel-shared/volumes.c:2873:17: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2877:20: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2879:25: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2879:25: branch_false: following ‘false’ branch... branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2882:12: branch_false: following ‘false’ branch (when ‘q_eb’ is NULL)... btrfs-progs-v6.14/kernel-shared/volumes.c:2891:21: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2892:29: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2894:23: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2909:21: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/volumes.c:2913:1: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/volumes.c:2915:9: danger: ‘new_eb’ leaks here; was allocated at [(19)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/18) # 2913| out: # 2914| kfree(ebs); # 2915|-> kfree(pointers); # 2916| # 2917| return ret; Error: GCC_ANALYZER_WARNING (CWE-127): [#def52] btrfs-progs-v6.14/kernel-shared/zoned.c:1067:36: warning[-Wanalyzer-out-of-bounds]: heap-based buffer under-read btrfs-progs-v6.14/kernel-shared/zoned.c:1165:5: enter_function: entry to ‘btrfs_load_block_group_zone_info’ btrfs-progs-v6.14/kernel-shared/zoned.c:1181:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/zoned.c:1185:12: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/zoned.c:1186:20: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/zoned.c:1197:14: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/zoned.c:1198:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/zoned.c:1204:28: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/zoned.c:1205:12: branch_false: following ‘false’ branch (when ‘zone_info’ is non-NULL)... btrfs-progs-v6.14/kernel-shared/zoned.c:1210:18: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/zoned.c:1211:12: branch_false: following ‘false’ branch... branch_false: ...to here btrfs-progs-v6.14/kernel-shared/zoned.c:1217:21: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/zoned.c:1226:12: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/zoned.c:1226:12: branch_false: following ‘false’ branch (when ‘num_conventional == 0’)... btrfs-progs-v6.14/kernel-shared/zoned.c:1241:51: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/zoned.c:1241:12: branch_true: following ‘true’ branch... btrfs-progs-v6.14/kernel-shared/zoned.c:1248:19: branch_true: ...to here btrfs-progs-v6.14/kernel-shared/zoned.c:1259:23: call_function: calling ‘btrfs_load_block_group_raid1’ from ‘btrfs_load_block_group_zone_info’ # 1065| bg->alloc_offset = zone_info[0].alloc_offset; # 1066| else # 1067|-> bg->alloc_offset = zone_info[i - 1].alloc_offset; # 1068| # 1069| return 0; Error: GCC_ANALYZER_WARNING (CWE-401): [#def53] btrfs-progs-v6.14/kernel-shared/zoned.c:1217:25: warning[-Wanalyzer-malloc-leak]: leak of ‘calloc((long unsigned int)(unsigned int)*(struct map_lookup *)<unknown>.num_stripes + 63 >> 6, 64)’ btrfs-progs-v6.14/kernel-shared/zoned.c:1165:5: enter_function: entry to ‘btrfs_load_block_group_zone_info’ btrfs-progs-v6.14/kernel-shared/zoned.c:1181:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/zoned.c:1185:12: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/zoned.c:1186:20: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/zoned.c:1197:14: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/zoned.c:1198:12: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/zoned.c:1204:28: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/zoned.c:1205:12: branch_false: following ‘false’ branch (when ‘zone_info’ is non-NULL)... btrfs-progs-v6.14/kernel-shared/zoned.c:1210:18: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/zoned.c:1210:18: call_function: inlined call to ‘bitmap_zalloc’ from ‘btrfs_load_block_group_zone_info’ btrfs-progs-v6.14/kernel-shared/zoned.c:1211:12: branch_false: following ‘false’ branch... branch_false: ...to here btrfs-progs-v6.14/kernel-shared/zoned.c:1217:21: branch_false: following ‘false’ branch... btrfs-progs-v6.14/kernel-shared/zoned.c:1226:12: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/zoned.c:1226:12: branch_false: following ‘false’ branch (when ‘num_conventional == 0’)... btrfs-progs-v6.14/kernel-shared/zoned.c:1241:51: branch_false: ...to here btrfs-progs-v6.14/kernel-shared/zoned.c:1217:25: danger: ‘calloc((long unsigned int)(unsigned int)*(struct map_lookup *)<unknown>.num_stripes + 63 >> 6, 64)’ leaks here; was allocated at [(11)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/10) # 1215| } # 1216| # 1217|-> for (i = 0; i < map->num_stripes; i++) { # 1218| ret = btrfs_load_zone_info(fs_info, i, &zone_info[i], active, map); # 1219| if (ret) Error: CPPCHECK_WARNING (CWE-476): [#def54] btrfs-progs-v6.14/libbtrfs/send-utils.c:390: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: si # 388| tree_insert(&s->path_subvols, si, subvol_search_by_path); # 389| # 390|-> cnt = count_bytes(si->uuid, BTRFS_UUID_SIZE, 0); # 391| if (cnt != BTRFS_UUID_SIZE) # 392| tree_insert(&s->local_subvols, si, subvol_search_by_uuid); Error: CPPCHECK_WARNING (CWE-476): [#def55] btrfs-progs-v6.14/libbtrfs/send-utils.c:393: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: si # 391| if (cnt != BTRFS_UUID_SIZE) # 392| tree_insert(&s->local_subvols, si, subvol_search_by_uuid); # 393|-> cnt = count_bytes(si->received_uuid, BTRFS_UUID_SIZE, 0); # 394| if (cnt != BTRFS_UUID_SIZE) # 395| tree_insert(&s->received_subvols, si, Error: CPPCHECK_WARNING (CWE-476): [#def56] btrfs-progs-v6.14/libbtrfs/send-utils.c:782: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: si # 780| # 781| si = calloc(1, sizeof(*si)); # 782|-> si->root_id = btrfs_search_header_objectid(sh); # 783| memcpy(si->uuid, root_item.uuid, # 784| BTRFS_UUID_SIZE); Error: CPPCHECK_WARNING (CWE-476): [#def57] btrfs-progs-v6.14/libbtrfs/send-utils.c:783: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: si # 781| si = calloc(1, sizeof(*si)); # 782| si->root_id = btrfs_search_header_objectid(sh); # 783|-> memcpy(si->uuid, root_item.uuid, # 784| BTRFS_UUID_SIZE); # 785| memcpy(si->parent_uuid, root_item.parent_uuid, Error: CPPCHECK_WARNING (CWE-476): [#def58] btrfs-progs-v6.14/libbtrfs/send-utils.c:785: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: si # 783| memcpy(si->uuid, root_item.uuid, # 784| BTRFS_UUID_SIZE); # 785|-> memcpy(si->parent_uuid, root_item.parent_uuid, # 786| BTRFS_UUID_SIZE); # 787| memcpy(si->received_uuid, Error: CPPCHECK_WARNING (CWE-476): [#def59] btrfs-progs-v6.14/libbtrfs/send-utils.c:787: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: si # 785| memcpy(si->parent_uuid, root_item.parent_uuid, # 786| BTRFS_UUID_SIZE); # 787|-> memcpy(si->received_uuid, # 788| root_item.received_uuid, # 789| BTRFS_UUID_SIZE); Error: CPPCHECK_WARNING (CWE-476): [#def60] btrfs-progs-v6.14/libbtrfs/send-utils.c:790: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: si # 788| root_item.received_uuid, # 789| BTRFS_UUID_SIZE); # 790|-> si->ctransid = btrfs_root_ctransid(&root_item); # 791| si->otransid = btrfs_root_otransid(&root_item); # 792| si->stransid = btrfs_root_stransid(&root_item); Error: CPPCHECK_WARNING (CWE-476): [#def61] btrfs-progs-v6.14/libbtrfs/send-utils.c:791: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: si # 789| BTRFS_UUID_SIZE); # 790| si->ctransid = btrfs_root_ctransid(&root_item); # 791|-> si->otransid = btrfs_root_otransid(&root_item); # 792| si->stransid = btrfs_root_stransid(&root_item); # 793| si->rtransid = btrfs_root_rtransid(&root_item); Error: CPPCHECK_WARNING (CWE-476): [#def62] btrfs-progs-v6.14/libbtrfs/send-utils.c:792: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: si # 790| si->ctransid = btrfs_root_ctransid(&root_item); # 791| si->otransid = btrfs_root_otransid(&root_item); # 792|-> si->stransid = btrfs_root_stransid(&root_item); # 793| si->rtransid = btrfs_root_rtransid(&root_item); # 794| si->path = path; Error: CPPCHECK_WARNING (CWE-476): [#def63] btrfs-progs-v6.14/libbtrfs/send-utils.c:793: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: si # 791| si->otransid = btrfs_root_otransid(&root_item); # 792| si->stransid = btrfs_root_stransid(&root_item); # 793|-> si->rtransid = btrfs_root_rtransid(&root_item); # 794| si->path = path; # 795| subvol_uuid_search_add(s, si); Error: CPPCHECK_WARNING (CWE-476): [#def64] btrfs-progs-v6.14/libbtrfs/send-utils.c:794: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: si # 792| si->stransid = btrfs_root_stransid(&root_item); # 793| si->rtransid = btrfs_root_rtransid(&root_item); # 794|-> si->path = path; # 795| subvol_uuid_search_add(s, si); # 796| root_item_valid = 0; Error: CPPCHECK_WARNING (CWE-401): [#def65] btrfs-progs-v6.14/libbtrfsutil/qgroup.c:64: error[memleakOnRealloc]: Common realloc mistake: 'tmp' nulled but not freed upon failure # 62| struct btrfs_qgroup_inherit *tmp = (struct btrfs_qgroup_inherit *)*inherit; # 63| # 64|-> tmp = realloc(tmp, sizeof(*tmp) + # 65| (tmp->num_qgroups + 1) * sizeof(tmp->qgroups[0])); # 66| if (!tmp) Error: GCC_ANALYZER_WARNING (CWE-415): [#def66] btrfs-progs-v6.14/mkfs/rootdir.c:177:9: warning[-Wanalyzer-double-free]: double-‘free’ of ‘current_path.inode_list.prev + -16’ btrfs-progs-v6.14/mkfs/rootdir.c:1367:12: enter_function: entry to ‘ftw_add_inode’ btrfs-progs-v6.14/mkfs/rootdir.c:1380:12: branch_false: following ‘false’ branch... branch_false: ...to here btrfs-progs-v6.14/mkfs/rootdir.c:1455:16: branch_true: following ‘true’ branch... btrfs-progs-v6.14/mkfs/rootdir.c:1456:17: branch_true: ...to here btrfs-progs-v6.14/mkfs/rootdir.c:1456:17: call_function: calling ‘rootdir_path_pop’ from ‘ftw_add_inode’ btrfs-progs-v6.14/mkfs/rootdir.c:1456:17: return_function: returning to ‘ftw_add_inode’ from ‘rootdir_path_pop’ btrfs-progs-v6.14/mkfs/rootdir.c:1455:16: branch_true: following ‘true’ branch... btrfs-progs-v6.14/mkfs/rootdir.c:1456:17: branch_true: ...to here btrfs-progs-v6.14/mkfs/rootdir.c:1456:17: call_function: calling ‘rootdir_path_pop’ from ‘ftw_add_inode’ # 175| list_del_init(&last->list); # 176| path->level--; # 177|-> free(last); # 178| } # 179|
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-55.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | btrfs-progs-6.14-1.fc43 |
| store-results-to | /tmp/tmp9sehqov9/btrfs-progs-6.14-1.fc43.tar.xz |
| time-created | 2025-04-25 12:10:51 |
| time-finished | 2025-04-25 12:13:22 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmp9sehqov9/btrfs-progs-6.14-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp9sehqov9/btrfs-progs-6.14-1.fc43.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |