conmon-2.1.13-1.fc43

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1]
conmon-2.1.13/src/cgroup.c:58:37: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(g_strdup_printf("/proc/%d/cgroup", pid), "re")’
conmon-2.1.13/src/cgroup.c:58:37: acquire_resource: opened here
conmon-2.1.13/src/cgroup.c:58:37: danger: ‘fopen(g_strdup_printf("/proc/%d/cgroup", pid), "re")’ leaks here; was opened at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   56|   {
#   57|   	_cleanup_free_ char *cgroups_file_path = g_strdup_printf("/proc/%d/cgroup", pid);
#   58|-> 	_cleanup_fclose_ FILE *fp = fopen(cgroups_file_path, "re");
#   59|   	if (fp == NULL) {
#   60|   		nwarnf("Failed to open cgroups file: %s", cgroups_file_path);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def2]
conmon-2.1.13/src/cgroup.c:58:37: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(g_strdup_printf("/proc/%d/cgroup", pid), "re")’
conmon-2.1.13/src/cgroup.c:58:37: acquire_memory: allocated here
conmon-2.1.13/src/cgroup.c:58:37: danger: ‘fopen(g_strdup_printf("/proc/%d/cgroup", pid), "re")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#   56|   {
#   57|   	_cleanup_free_ char *cgroups_file_path = g_strdup_printf("/proc/%d/cgroup", pid);
#   58|-> 	_cleanup_fclose_ FILE *fp = fopen(cgroups_file_path, "re");
#   59|   	if (fp == NULL) {
#   60|   		nwarnf("Failed to open cgroups file: %s", cgroups_file_path);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def3]
conmon-2.1.13/src/cgroup.c:148:35: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(g_build_filename(process_cgroup_subsystem_path(pid, 0, "memory"), "cgroup.event_control", 0), 524289)’
conmon-2.1.13/src/cgroup.c:137:13: enter_function: entry to ‘setup_oom_handling_cgroup_v1’
conmon-2.1.13/src/cgroup.c:140:51: call_function: calling ‘process_cgroup_subsystem_path’ from ‘setup_oom_handling_cgroup_v1’
conmon-2.1.13/src/cgroup.c:140:51: return_function: returning to ‘setup_oom_handling_cgroup_v1’ from ‘process_cgroup_subsystem_path’
conmon-2.1.13/src/cgroup.c:141:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/cgroup.c:147:41: branch_false: ...to here
conmon-2.1.13/src/cgroup.c:148:35: acquire_resource: opened here
conmon-2.1.13/src/cgroup.c:148:35: danger: ‘open(g_build_filename(process_cgroup_subsystem_path(pid, 0, "memory"), "cgroup.event_control", 0), 524289)’ leaks here; was opened at [(25)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/24)
#  146|   	/* this will be cleaned up in oom_cb_cgroup_v1 */
#  147|   	char *memory_cgroup_file_path = g_build_filename(memory_cgroup_path, "cgroup.event_control", NULL);
#  148|-> 	_cleanup_close_ int cfd = open(memory_cgroup_file_path, O_WRONLY | O_CLOEXEC);
#  149|   	if (cfd == -1) {
#  150|   		nwarnf("Failed to open %s", memory_cgroup_file_path);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def4]
conmon-2.1.13/src/cgroup.c:157:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(g_build_filename(process_cgroup_subsystem_path(pid, 0, "memory"), "memory.oom_control", 0), 524288)’
conmon-2.1.13/src/cgroup.c:137:13: enter_function: entry to ‘setup_oom_handling_cgroup_v1’
conmon-2.1.13/src/cgroup.c:140:51: call_function: calling ‘process_cgroup_subsystem_path’ from ‘setup_oom_handling_cgroup_v1’
conmon-2.1.13/src/cgroup.c:140:51: return_function: returning to ‘setup_oom_handling_cgroup_v1’ from ‘process_cgroup_subsystem_path’
conmon-2.1.13/src/cgroup.c:141:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/cgroup.c:147:41: branch_false: ...to here
conmon-2.1.13/src/cgroup.c:149:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/cgroup.c:155:60: branch_false: ...to here
conmon-2.1.13/src/cgroup.c:157:25: acquire_resource: opened here
conmon-2.1.13/src/cgroup.c:157:25: danger: ‘open(g_build_filename(process_cgroup_subsystem_path(pid, 0, "memory"), "memory.oom_control", 0), 524288)’ leaks here; was opened at [(27)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/26)
#  155|   	_cleanup_free_ char *memory_cgroup_file_oom_path = g_build_filename(memory_cgroup_path, "memory.oom_control", NULL);
#  156|   
#  157|-> 	oom_cgroup_fd = open(memory_cgroup_file_oom_path, O_RDONLY | O_CLOEXEC); /* Not closed */
#  158|   	if (oom_cgroup_fd == -1)
#  159|   		pexitf("Failed to open %s", memory_cgroup_file_oom_path);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def5]
conmon-2.1.13/src/cgroup.c:159:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(g_build_filename(process_cgroup_subsystem_path(pid, 0, "memory"), "cgroup.event_control", 0), 524289)’
conmon-2.1.13/src/cgroup.c:137:13: enter_function: entry to ‘setup_oom_handling_cgroup_v1’
conmon-2.1.13/src/cgroup.c:140:51: call_function: calling ‘process_cgroup_subsystem_path’ from ‘setup_oom_handling_cgroup_v1’
conmon-2.1.13/src/cgroup.c:140:51: return_function: returning to ‘setup_oom_handling_cgroup_v1’ from ‘process_cgroup_subsystem_path’
conmon-2.1.13/src/cgroup.c:141:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/cgroup.c:147:41: branch_false: ...to here
conmon-2.1.13/src/cgroup.c:148:35: acquire_resource: opened here
conmon-2.1.13/src/cgroup.c:149:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/cgroup.c:155:60: branch_false: ...to here
conmon-2.1.13/src/cgroup.c:158:12: branch_true: following ‘true’ branch...
conmon-2.1.13/src/cgroup.c:159:17: branch_true: ...to here
conmon-2.1.13/src/cgroup.c:159:17: danger: ‘open(g_build_filename(process_cgroup_subsystem_path(pid, 0, "memory"), "cgroup.event_control", 0), 524289)’ leaks here; was opened at [(25)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/24)
#  157|   	oom_cgroup_fd = open(memory_cgroup_file_oom_path, O_RDONLY | O_CLOEXEC); /* Not closed */
#  158|   	if (oom_cgroup_fd == -1)
#  159|-> 		pexitf("Failed to open %s", memory_cgroup_file_oom_path);
#  160|   
#  161|   	if ((oom_event_fd = eventfd(0, EFD_CLOEXEC)) == -1)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def6]
conmon-2.1.13/src/cgroup.c:162:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(g_build_filename(process_cgroup_subsystem_path(pid, 0, "memory"), "cgroup.event_control", 0), 524289)’
conmon-2.1.13/src/cgroup.c:137:13: enter_function: entry to ‘setup_oom_handling_cgroup_v1’
conmon-2.1.13/src/cgroup.c:140:51: call_function: calling ‘process_cgroup_subsystem_path’ from ‘setup_oom_handling_cgroup_v1’
conmon-2.1.13/src/cgroup.c:140:51: return_function: returning to ‘setup_oom_handling_cgroup_v1’ from ‘process_cgroup_subsystem_path’
conmon-2.1.13/src/cgroup.c:141:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/cgroup.c:147:41: branch_false: ...to here
conmon-2.1.13/src/cgroup.c:148:35: acquire_resource: opened here
conmon-2.1.13/src/cgroup.c:149:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/cgroup.c:155:60: branch_false: ...to here
conmon-2.1.13/src/cgroup.c:158:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/cgroup.c:161:29: branch_false: ...to here
conmon-2.1.13/src/cgroup.c:161:12: branch_true: following ‘true’ branch...
conmon-2.1.13/src/cgroup.c:162:17: branch_true: ...to here
conmon-2.1.13/src/cgroup.c:162:17: danger: ‘open(g_build_filename(process_cgroup_subsystem_path(pid, 0, "memory"), "cgroup.event_control", 0), 524289)’ leaks here; was opened at [(25)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/24)
#  160|   
#  161|   	if ((oom_event_fd = eventfd(0, EFD_CLOEXEC)) == -1)
#  162|-> 		pexit("Failed to create eventfd");
#  163|   
#  164|   	_cleanup_free_ char *data = g_strdup_printf("%d %d", oom_event_fd, oom_cgroup_fd);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def7]
conmon-2.1.13/src/cgroup.c:279:37: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(g_build_filename(cgroup2_path, "memory.events", 0), "re")’
conmon-2.1.13/src/cgroup.c:274:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/cgroup.c:277:56: branch_false: ...to here
conmon-2.1.13/src/cgroup.c:279:37: acquire_resource: opened here
conmon-2.1.13/src/cgroup.c:279:37: danger: ‘fopen(g_build_filename(cgroup2_path, "memory.events", 0), "re")’ leaks here; was opened at [(3)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/2)
#  277|   	_cleanup_free_ char *memory_events_file_path = g_build_filename(cgroup2_path, "memory.events", NULL);
#  278|   
#  279|-> 	_cleanup_fclose_ FILE *fp = fopen(memory_events_file_path, "re");
#  280|   	if (fp == NULL) {
#  281|   		nwarnf("Failed to open cgroups file: %s", memory_events_file_path);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
conmon-2.1.13/src/cgroup.c:279:37: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(g_build_filename(cgroup2_path, "memory.events", 0), "re")’
conmon-2.1.13/src/cgroup.c:274:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/cgroup.c:277:56: branch_false: ...to here
conmon-2.1.13/src/cgroup.c:279:37: acquire_memory: allocated here
conmon-2.1.13/src/cgroup.c:279:37: danger: ‘fopen(g_build_filename(cgroup2_path, "memory.events", 0), "re")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/2)
#  277|   	_cleanup_free_ char *memory_events_file_path = g_build_filename(cgroup2_path, "memory.events", NULL);
#  278|   
#  279|-> 	_cleanup_fclose_ FILE *fp = fopen(memory_events_file_path, "re");
#  280|   	if (fp == NULL) {
#  281|   		nwarnf("Failed to open cgroups file: %s", memory_events_file_path);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def9]
conmon-2.1.13/src/conmon.c:29:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(dev_null_r, 0)’
conmon-2.1.13/src/conmon.c:39:5: enter_function: entry to ‘main’
conmon-2.1.13/src/conmon.c:51:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:55:9: branch_false: ...to here
conmon-2.1.13/src/conmon.c:80:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:83:43: branch_false: ...to here
conmon-2.1.13/src/conmon.c:84:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:90:13: branch_false: ...to here
conmon-2.1.13/src/conmon.c:129:12: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:130:17: branch_true: ...to here
conmon-2.1.13/src/conmon.c:130:17: call_function: calling ‘disconnect_std_streams’ from ‘main’
#   27|   static void disconnect_std_streams(int dev_null_r, int dev_null_w)
#   28|   {
#   29|-> 	if (dup2(dev_null_r, STDIN_FILENO) < 0)
#   30|   		pexit("Failed to dup over stdin");
#   31|   	if (dup2(dev_null_w, STDOUT_FILENO) < 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def10]
conmon-2.1.13/src/conmon.c:31:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(dev_null_w, 1)’
conmon-2.1.13/src/conmon.c:39:5: enter_function: entry to ‘main’
conmon-2.1.13/src/conmon.c:51:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:55:9: branch_false: ...to here
conmon-2.1.13/src/conmon.c:80:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:83:43: branch_false: ...to here
conmon-2.1.13/src/conmon.c:84:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:90:13: branch_false: ...to here
conmon-2.1.13/src/conmon.c:129:12: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:130:17: branch_true: ...to here
conmon-2.1.13/src/conmon.c:130:17: call_function: calling ‘disconnect_std_streams’ from ‘main’
#   29|   	if (dup2(dev_null_r, STDIN_FILENO) < 0)
#   30|   		pexit("Failed to dup over stdin");
#   31|-> 	if (dup2(dev_null_w, STDOUT_FILENO) < 0)
#   32|   		pexit("Failed to dup over stdout");
#   33|   	if (dup2(dev_null_w, STDERR_FILENO) < 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def11]
conmon-2.1.13/src/conmon.c:33:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(dev_null_w, 2)’
conmon-2.1.13/src/conmon.c:39:5: enter_function: entry to ‘main’
conmon-2.1.13/src/conmon.c:51:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:55:9: branch_false: ...to here
conmon-2.1.13/src/conmon.c:80:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:83:43: branch_false: ...to here
conmon-2.1.13/src/conmon.c:84:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:90:13: branch_false: ...to here
conmon-2.1.13/src/conmon.c:129:12: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:130:17: branch_true: ...to here
conmon-2.1.13/src/conmon.c:130:17: call_function: calling ‘disconnect_std_streams’ from ‘main’
#   31|   	if (dup2(dev_null_w, STDOUT_FILENO) < 0)
#   32|   		pexit("Failed to dup over stdout");
#   33|-> 	if (dup2(dev_null_w, STDERR_FILENO) < 0)
#   34|   		pexit("Failed to dup over stderr");
#   35|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def12]
conmon-2.1.13/src/conmon.c:79:43: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 524288)’
conmon-2.1.13/src/conmon.c:51:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:55:9: branch_false: ...to here
conmon-2.1.13/src/conmon.c:79:43: acquire_resource: opened here
conmon-2.1.13/src/conmon.c:79:43: danger: ‘open("/dev/null", 524288)’ leaks here; was opened at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#   77|   	}
#   78|   
#   79|-> 	dev_null_r_cleanup = dev_null_r = open("/dev/null", O_RDONLY | O_CLOEXEC);
#   80|   	if (dev_null_r < 0)
#   81|   		pexit("Failed to open /dev/null");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def13]
conmon-2.1.13/src/conmon.c:83:43: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 524289)’
conmon-2.1.13/src/conmon.c:51:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:55:9: branch_false: ...to here
conmon-2.1.13/src/conmon.c:80:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:83:43: branch_false: ...to here
conmon-2.1.13/src/conmon.c:83:43: acquire_resource: opened here
conmon-2.1.13/src/conmon.c:83:43: danger: ‘open("/dev/null", 524289)’ leaks here; was opened at [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4)
#   81|   		pexit("Failed to open /dev/null");
#   82|   
#   83|-> 	dev_null_w_cleanup = dev_null_w = open("/dev/null", O_WRONLY | O_CLOEXEC);
#   84|   	if (dev_null_w < 0)
#   85|   		pexit("Failed to open /dev/null");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def14]
conmon-2.1.13/src/conmon.c:244:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(workerfd_stdin, 0)’
conmon-2.1.13/src/conmon.c:51:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:55:9: branch_false: ...to here
conmon-2.1.13/src/conmon.c:80:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:83:43: branch_false: ...to here
conmon-2.1.13/src/conmon.c:84:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:90:13: branch_false: ...to here
conmon-2.1.13/src/conmon.c:139:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:149:13: branch_false: ...to here
conmon-2.1.13/src/conmon.c:149:12: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:150:26: branch_true: ...to here
conmon-2.1.13/src/conmon.c:181:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:193:13: branch_false: ...to here
conmon-2.1.13/src/conmon.c:193:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:196:25: branch_false: ...to here
conmon-2.1.13/src/conmon.c:216:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:216:13: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:228:22: branch_false: ...to here
conmon-2.1.13/src/conmon.c:229:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:231:20: branch_false: ...to here
conmon-2.1.13/src/conmon.c:231:19: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:232:21: branch_true: ...to here
conmon-2.1.13/src/conmon.c:232:20: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:234:21: branch_false: ...to here
conmon-2.1.13/src/conmon.c:234:20: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:237:22: branch_false: ...to here
conmon-2.1.13/src/conmon.c:237:20: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:242:28: branch_true: ...to here
conmon-2.1.13/src/conmon.c:242:28: branch_true: following ‘true’ branch (when ‘workerfd_stdin < 0’)...
conmon-2.1.13/src/conmon.c:243:33: branch_true: ...to here
conmon-2.1.13/src/conmon.c:244:29: acquire_resource: opened here
conmon-2.1.13/src/conmon.c:244:28: danger: ‘dup2(workerfd_stdin, 0)’ leaks here; was opened at [(32)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/31)
#  242|   			if (workerfd_stdin < 0)
#  243|   				workerfd_stdin = dev_null_r;
#  244|-> 			if (dup2(workerfd_stdin, STDIN_FILENO) < 0)
#  245|   				_pexit("Failed to dup over stdin");
#  246|   			if (workerfd_stdin != dev_null_r && fchmod(STDIN_FILENO, 0777) < 0 && errno != EINVAL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def15]
conmon-2.1.13/src/conmon.c:251:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(workerfd_stdout, 1)’
conmon-2.1.13/src/conmon.c:51:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:55:9: branch_false: ...to here
conmon-2.1.13/src/conmon.c:80:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:83:43: branch_false: ...to here
conmon-2.1.13/src/conmon.c:84:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:90:13: branch_false: ...to here
conmon-2.1.13/src/conmon.c:139:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:149:13: branch_false: ...to here
conmon-2.1.13/src/conmon.c:149:12: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:150:26: branch_true: ...to here
conmon-2.1.13/src/conmon.c:181:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:193:13: branch_false: ...to here
conmon-2.1.13/src/conmon.c:193:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:196:25: branch_false: ...to here
conmon-2.1.13/src/conmon.c:216:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:216:13: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:228:22: branch_false: ...to here
conmon-2.1.13/src/conmon.c:229:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:231:20: branch_false: ...to here
conmon-2.1.13/src/conmon.c:231:19: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:232:21: branch_true: ...to here
conmon-2.1.13/src/conmon.c:232:20: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:234:21: branch_false: ...to here
conmon-2.1.13/src/conmon.c:234:20: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:237:22: branch_false: ...to here
conmon-2.1.13/src/conmon.c:237:20: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:242:28: branch_true: ...to here
conmon-2.1.13/src/conmon.c:242:28: branch_true: following ‘true’ branch (when ‘workerfd_stdin < 0’)...
conmon-2.1.13/src/conmon.c:243:33: branch_true: ...to here
conmon-2.1.13/src/conmon.c:244:28: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:246:29: branch_false: ...to here
conmon-2.1.13/src/conmon.c:246:28: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:249:28: branch_false: ...to here
conmon-2.1.13/src/conmon.c:249:28: branch_true: following ‘true’ branch (when ‘workerfd_stdout < 0’)...
conmon-2.1.13/src/conmon.c:250:33: branch_true: ...to here
conmon-2.1.13/src/conmon.c:251:29: acquire_resource: opened here
conmon-2.1.13/src/conmon.c:251:28: danger: ‘dup2(workerfd_stdout, 1)’ leaks here; was opened at [(38)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/37)
#  249|   			if (workerfd_stdout < 0)
#  250|   				workerfd_stdout = dev_null_w;
#  251|-> 			if (dup2(workerfd_stdout, STDOUT_FILENO) < 0)
#  252|   				_pexit("Failed to dup over stdout");
#  253|   			if (workerfd_stdout != dev_null_w && fchmod(STDOUT_FILENO, 0777) < 0 && errno != EINVAL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def16]
conmon-2.1.13/src/conmon.c:258:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(workerfd_stderr, 2)’
conmon-2.1.13/src/conmon.c:51:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:55:9: branch_false: ...to here
conmon-2.1.13/src/conmon.c:80:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:83:43: branch_false: ...to here
conmon-2.1.13/src/conmon.c:84:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:90:13: branch_false: ...to here
conmon-2.1.13/src/conmon.c:139:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:149:13: branch_false: ...to here
conmon-2.1.13/src/conmon.c:149:12: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:150:26: branch_true: ...to here
conmon-2.1.13/src/conmon.c:181:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:193:13: branch_false: ...to here
conmon-2.1.13/src/conmon.c:193:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:196:25: branch_false: ...to here
conmon-2.1.13/src/conmon.c:216:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:216:13: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:228:22: branch_false: ...to here
conmon-2.1.13/src/conmon.c:229:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:231:20: branch_false: ...to here
conmon-2.1.13/src/conmon.c:231:19: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:232:21: branch_true: ...to here
conmon-2.1.13/src/conmon.c:232:20: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:234:21: branch_false: ...to here
conmon-2.1.13/src/conmon.c:234:20: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:237:22: branch_false: ...to here
conmon-2.1.13/src/conmon.c:237:20: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:242:28: branch_true: ...to here
conmon-2.1.13/src/conmon.c:242:28: branch_true: following ‘true’ branch (when ‘workerfd_stdin < 0’)...
conmon-2.1.13/src/conmon.c:243:33: branch_true: ...to here
conmon-2.1.13/src/conmon.c:244:28: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:246:29: branch_false: ...to here
conmon-2.1.13/src/conmon.c:246:28: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:249:28: branch_false: ...to here
conmon-2.1.13/src/conmon.c:249:28: branch_true: following ‘true’ branch (when ‘workerfd_stdout < 0’)...
conmon-2.1.13/src/conmon.c:250:33: branch_true: ...to here
conmon-2.1.13/src/conmon.c:251:28: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:253:29: branch_false: ...to here
conmon-2.1.13/src/conmon.c:253:28: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:256:28: branch_false: ...to here
conmon-2.1.13/src/conmon.c:256:28: branch_false: following ‘false’ branch (when ‘workerfd_stderr >= 0’)...
conmon-2.1.13/src/conmon.c:258:29: branch_false: ...to here
conmon-2.1.13/src/conmon.c:258:29: acquire_resource: opened here
conmon-2.1.13/src/conmon.c:258:28: danger: ‘dup2(workerfd_stderr, 2)’ leaks here; was opened at [(44)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/43)
#  256|   			if (workerfd_stderr < 0)
#  257|   				workerfd_stderr = workerfd_stdout;
#  258|-> 			if (dup2(workerfd_stderr, STDERR_FILENO) < 0)
#  259|   				_pexit("Failed to dup over stderr");
#  260|   			if (workerfd_stderr != dev_null_w && fchmod(STDERR_FILENO, 0777) < 0 && errno != EINVAL)

Error: GCC_ANALYZER_WARNING (CWE-910): [#def17]
conmon-2.1.13/src/conmon.c:287:44: warning[-Wanalyzer-fd-use-after-close]: ‘read’ on closed file descriptor ‘get_pipe_fd_from_env("_OCI_STARTPIPE")’
conmon-2.1.13/src/conmon.c:51:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:55:9: branch_false: ...to here
conmon-2.1.13/src/conmon.c:65:12: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:69:28: branch_true: ...to here
conmon-2.1.13/src/conmon.c:70:20: branch_false: following ‘false’ branch (when ‘num_read >= 0’)...
conmon-2.1.13/src/conmon.c:75:21: branch_false: ...to here
conmon-2.1.13/src/conmon.c:75:20: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:76:25: branch_true: ...to here
conmon-2.1.13/src/conmon.c:76:25: release_resource: closed here
conmon-2.1.13/src/conmon.c:80:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:83:43: branch_false: ...to here
conmon-2.1.13/src/conmon.c:84:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:90:13: branch_false: ...to here
conmon-2.1.13/src/conmon.c:139:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:149:13: branch_false: ...to here
conmon-2.1.13/src/conmon.c:149:12: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:150:26: branch_true: ...to here
conmon-2.1.13/src/conmon.c:181:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:193:13: branch_false: ...to here
conmon-2.1.13/src/conmon.c:193:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:196:25: branch_false: ...to here
conmon-2.1.13/src/conmon.c:216:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:216:13: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:228:22: branch_false: ...to here
conmon-2.1.13/src/conmon.c:229:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:231:20: branch_false: ...to here
conmon-2.1.13/src/conmon.c:231:19: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:232:21: branch_true: ...to here
conmon-2.1.13/src/conmon.c:232:20: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:234:21: branch_false: ...to here
conmon-2.1.13/src/conmon.c:234:20: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:237:22: branch_false: ...to here
conmon-2.1.13/src/conmon.c:284:20: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:285:28: branch_true: ...to here
conmon-2.1.13/src/conmon.c:285:28: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:286:33: branch_true: ...to here
conmon-2.1.13/src/conmon.c:287:44: danger: ‘read’ on closed file descriptor ‘get_pipe_fd_from_env("_OCI_STARTPIPE")’; ‘close’ was at [(9)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/8)
#  285|   			if (start_pipe_fd > 0) {
#  286|   				ndebug("exec with attach is waiting for start message from parent");
#  287|-> 				num_read = read(start_pipe_fd, buf, BUF_SIZE);
#  288|   				ndebug("exec with attach got start message from parent");
#  289|   				if (num_read < 0) {

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def18]
conmon-2.1.13/src/conmon.c:292:33: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘get_pipe_fd_from_env("_OCI_STARTPIPE")’
conmon-2.1.13/src/conmon.c:51:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:55:9: branch_false: ...to here
conmon-2.1.13/src/conmon.c:65:12: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:69:28: branch_true: ...to here
conmon-2.1.13/src/conmon.c:70:20: branch_false: following ‘false’ branch (when ‘num_read >= 0’)...
conmon-2.1.13/src/conmon.c:75:21: branch_false: ...to here
conmon-2.1.13/src/conmon.c:75:20: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:76:25: branch_true: ...to here
conmon-2.1.13/src/conmon.c:76:25: release_resource: first ‘close’ here
conmon-2.1.13/src/conmon.c:80:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:83:43: branch_false: ...to here
conmon-2.1.13/src/conmon.c:84:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:90:13: branch_false: ...to here
conmon-2.1.13/src/conmon.c:139:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:149:13: branch_false: ...to here
conmon-2.1.13/src/conmon.c:149:12: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:150:26: branch_true: ...to here
conmon-2.1.13/src/conmon.c:181:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:193:13: branch_false: ...to here
conmon-2.1.13/src/conmon.c:193:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:196:25: branch_false: ...to here
conmon-2.1.13/src/conmon.c:216:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:216:13: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:228:22: branch_false: ...to here
conmon-2.1.13/src/conmon.c:229:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:231:20: branch_false: ...to here
conmon-2.1.13/src/conmon.c:231:19: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:232:21: branch_true: ...to here
conmon-2.1.13/src/conmon.c:232:20: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:234:21: branch_false: ...to here
conmon-2.1.13/src/conmon.c:234:20: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conmon.c:237:22: branch_false: ...to here
conmon-2.1.13/src/conmon.c:284:20: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:285:28: branch_true: ...to here
conmon-2.1.13/src/conmon.c:285:28: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conmon.c:286:33: branch_true: ...to here
conmon-2.1.13/src/conmon.c:289:36: branch_false: following ‘false’ branch (when ‘num_read >= 0’)...
conmon-2.1.13/src/conmon.c:292:33: branch_false: ...to here
conmon-2.1.13/src/conmon.c:292:33: danger: second ‘close’ here; first ‘close’ was at [(9)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/8)
#  290|   					_pexit("start-pipe read failed");
#  291|   				}
#  292|-> 				close(start_pipe_fd);
#  293|   			}
#  294|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def19]
conmon-2.1.13/src/conn_sock.c:175:25: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(path)’
conmon-2.1.13/src/conn_sock.c:166:12: branch_true: following ‘true’ branch (when ‘path’ is non-NULL)...
conmon-2.1.13/src/conn_sock.c:171:26: branch_true: ...to here
conmon-2.1.13/src/conn_sock.c:172:29: acquire_memory: allocated here
conmon-2.1.13/src/conn_sock.c:174:20: branch_true: following ‘true’ branch (when ‘csname’ is NULL)...
conmon-2.1.13/src/conn_sock.c:175:25: branch_true: ...to here
conmon-2.1.13/src/conn_sock.c:175:25: danger: ‘strdup(path)’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  173|   		bname_buf = strdup(path);
#  174|   		if (csname == NULL || dname_buf == NULL || bname_buf == NULL) {
#  175|-> 			pexit("Failed to allocate memory");
#  176|   			return NULL;
#  177|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def20]
conmon-2.1.13/src/conn_sock.c:180:25: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(path)’
conmon-2.1.13/src/conn_sock.c:166:12: branch_true: following ‘true’ branch (when ‘path’ is non-NULL)...
conmon-2.1.13/src/conn_sock.c:171:26: branch_true: ...to here
conmon-2.1.13/src/conn_sock.c:173:29: acquire_memory: allocated here
conmon-2.1.13/src/conn_sock.c:174:20: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conn_sock.c:174:21: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conn_sock.c:178:25: branch_false: ...to here
conmon-2.1.13/src/conn_sock.c:179:20: branch_true: following ‘true’ branch (when ‘dname’ is NULL)...
conmon-2.1.13/src/conn_sock.c:180:25: branch_true: ...to here
conmon-2.1.13/src/conn_sock.c:180:25: danger: ‘strdup(path)’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  178|   		dname = dirname(dname_buf);
#  179|   		if (dname == NULL)
#  180|-> 			pexitf("Cannot get dirname for %s", csname);
#  181|   
#  182|   		sfd = open(dname, O_CREAT | O_PATH | O_CLOEXEC, 0600);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def21]
conmon-2.1.13/src/conn_sock.c:184:25: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(path)’
conmon-2.1.13/src/conn_sock.c:166:12: branch_true: following ‘true’ branch (when ‘path’ is non-NULL)...
conmon-2.1.13/src/conn_sock.c:171:26: branch_true: ...to here
conmon-2.1.13/src/conn_sock.c:173:29: acquire_memory: allocated here
conmon-2.1.13/src/conn_sock.c:174:20: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conn_sock.c:174:21: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conn_sock.c:178:25: branch_false: ...to here
conmon-2.1.13/src/conn_sock.c:179:20: branch_false: following ‘false’ branch (when ‘dname’ is non-NULL)...
conmon-2.1.13/src/conn_sock.c:182:23: branch_false: ...to here
conmon-2.1.13/src/conn_sock.c:183:20: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conn_sock.c:184:25: branch_true: ...to here
conmon-2.1.13/src/conn_sock.c:184:25: danger: ‘strdup(path)’ leaks here; was allocated at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2)
#  182|   		sfd = open(dname, O_CREAT | O_PATH | O_CLOEXEC, 0600);
#  183|   		if (sfd < 0)
#  184|-> 			pexit("Failed to create file for console-socket");
#  185|   
#  186|   		bname = basename(bname_buf);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def22]
conmon-2.1.13/src/conn_sock.c:213:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*fd’
conmon-2.1.13/src/conn_sock.c:160:14: enter_function: entry to ‘setup_socket’
conmon-2.1.13/src/conn_sock.c:166:12: branch_false: following ‘false’ branch (when ‘path’ is NULL)...
conmon-2.1.13/src/conn_sock.c:190:53: branch_false: ...to here
conmon-2.1.13/src/conn_sock.c:198:20: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conn_sock.c:200:17: branch_false: ...to here
conmon-2.1.13/src/conn_sock.c:202:20: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conn_sock.c:190:44: call_function: inlined call to ‘freep’ from ‘setup_socket’
conmon-2.1.13/src/conn_sock.c:210:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conn_sock.c:212:9: branch_false: ...to here
conmon-2.1.13/src/conn_sock.c:212:9: call_function: calling ‘bind_relative_to_dir’ from ‘setup_socket’
conmon-2.1.13/src/conn_sock.c:212:9: return_function: returning to ‘setup_socket’ from ‘bind_relative_to_dir’
conmon-2.1.13/src/conn_sock.c:213:12: danger: ‘*fd’ leaks here
#  211|   		pexit("Failed to create socket");
#  212|   	bind_relative_to_dir(sfd, *fd, bname);
#  213|-> 	if (listen(*fd, 128) < 0)
#  214|   		pexit("Failed to listen on console-socket");
#  215|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def23]
conmon-2.1.13/src/conn_sock.c:274:45: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(socket_parent_dir(use_full_attach_path, 108), 2621440)’
conmon-2.1.13/src/conn_sock.c:260:14: enter_function: entry to ‘bind_unix_socket’
conmon-2.1.13/src/conn_sock.c:266:43: call_function: calling ‘socket_parent_dir’ from ‘bind_unix_socket’
conmon-2.1.13/src/conn_sock.c:266:43: return_function: returning to ‘bind_unix_socket’ from ‘socket_parent_dir’
conmon-2.1.13/src/conn_sock.c:274:45: acquire_resource: opened here
conmon-2.1.13/src/conn_sock.c:274:45: danger: ‘open(socket_parent_dir(use_full_attach_path, 108), 2621440)’ leaks here; was opened at [(7)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/6)
#  272|   	 * to actually refer to the file where the socket will be created below.
#  273|   	 */
#  274|-> 	_cleanup_close_ int parent_dir_fd = open(parent_dir, O_PATH | O_CLOEXEC);
#  275|   	if (parent_dir_fd < 0)
#  276|   		pexitf("failed to open socket path parent dir %s", parent_dir);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def24]
conmon-2.1.13/src/conn_sock.c:274:45: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘socket_parent_dir(use_full_attach_path, 108)’ where non-null expected
conmon-2.1.13/src/conn_sock.c:260:14: enter_function: entry to ‘bind_unix_socket’
conmon-2.1.13/src/conn_sock.c:266:43: call_function: calling ‘socket_parent_dir’ from ‘bind_unix_socket’
conmon-2.1.13/src/conn_sock.c:266:43: return_function: returning to ‘bind_unix_socket’ from ‘socket_parent_dir’
conmon-2.1.13/src/conn_sock.c:274:45: danger: argument 1 (‘socket_parent_dir(use_full_attach_path, 108)’) from [(6)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/5) could be NULL where non-null expected
#  272|   	 * to actually refer to the file where the socket will be created below.
#  273|   	 */
#  274|-> 	_cleanup_close_ int parent_dir_fd = open(parent_dir, O_PATH | O_CLOEXEC);
#  275|   	if (parent_dir_fd < 0)
#  276|   		pexitf("failed to open socket path parent dir %s", parent_dir);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def25]
conmon-2.1.13/src/conn_sock.c:291:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(socket_parent_dir(use_full_attach_path, 108), 2621440)’
conmon-2.1.13/src/conn_sock.c:260:14: enter_function: entry to ‘bind_unix_socket’
conmon-2.1.13/src/conn_sock.c:266:43: call_function: calling ‘socket_parent_dir’ from ‘bind_unix_socket’
conmon-2.1.13/src/conn_sock.c:266:43: return_function: returning to ‘bind_unix_socket’ from ‘socket_parent_dir’
conmon-2.1.13/src/conn_sock.c:274:45: acquire_resource: opened here
conmon-2.1.13/src/conn_sock.c:275:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conn_sock.c:282:31: branch_false: ...to here
conmon-2.1.13/src/conn_sock.c:290:12: branch_true: following ‘true’ branch (when ‘socket_fd == -1’)...
conmon-2.1.13/src/conn_sock.c:291:17: branch_true: ...to here
conmon-2.1.13/src/conn_sock.c:291:17: danger: ‘open(socket_parent_dir(use_full_attach_path, 108), 2621440)’ leaks here; was opened at [(7)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/6)
#  289|   	socket_fd = socket(AF_UNIX, sock_type, 0);
#  290|   	if (socket_fd == -1)
#  291|-> 		pexitf("Failed to create socket %s", sock_fullpath);
#  292|   
#  293|   	if (unlink(sock_fullpath) == -1 && errno != ENOENT)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def26]
conmon-2.1.13/src/conn_sock.c:294:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(socket_parent_dir(use_full_attach_path, 108), 2621440)’
conmon-2.1.13/src/conn_sock.c:260:14: enter_function: entry to ‘bind_unix_socket’
conmon-2.1.13/src/conn_sock.c:266:43: call_function: calling ‘socket_parent_dir’ from ‘bind_unix_socket’
conmon-2.1.13/src/conn_sock.c:266:43: return_function: returning to ‘bind_unix_socket’ from ‘socket_parent_dir’
conmon-2.1.13/src/conn_sock.c:274:45: acquire_resource: opened here
conmon-2.1.13/src/conn_sock.c:275:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/conn_sock.c:282:31: branch_false: ...to here
conmon-2.1.13/src/conn_sock.c:290:12: branch_false: following ‘false’ branch (when ‘socket_fd != -1’)...
conmon-2.1.13/src/conn_sock.c:293:13: branch_false: ...to here
conmon-2.1.13/src/conn_sock.c:293:12: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conn_sock.c:294:17: danger: ‘open(socket_parent_dir(use_full_attach_path, 108), 2621440)’ leaks here; was opened at [(7)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/6)
#  292|   
#  293|   	if (unlink(sock_fullpath) == -1 && errno != ENOENT)
#  294|-> 		pexitf("Failed to remove existing socket: %s", sock_fullpath);
#  295|   
#  296|   	bind_relative_to_dir(parent_dir_fd, socket_fd, socket_relative_name);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def27]
conmon-2.1.13/src/conn_sock.c:317:24: warning[-Wanalyzer-malloc-leak]: leak of ‘socket_parent_dir(use_full_attach_path, 108)’
conmon-2.1.13/src/conn_sock.c:260:14: enter_function: entry to ‘bind_unix_socket’
conmon-2.1.13/src/conn_sock.c:266:43: call_function: calling ‘socket_parent_dir’ from ‘bind_unix_socket’
conmon-2.1.13/src/conn_sock.c:266:43: return_function: returning to ‘bind_unix_socket’ from ‘socket_parent_dir’
conmon-2.1.13/src/conn_sock.c:275:12: branch_true: following ‘true’ branch...
conmon-2.1.13/src/conn_sock.c:276:17: branch_true: ...to here
conmon-2.1.13/src/conn_sock.c:317:24: danger: ‘socket_parent_dir(use_full_attach_path, 108)’ leaks here; was allocated at [(6)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/5)
#  315|   	/* if we're to use the full path, ignore the socket path and only use the bundle_path */
#  316|   	if (use_full_attach_path)
#  317|-> 		return strdup(opt_bundle_path);
#  318|   
#  319|   	char *base_path = g_build_filename(opt_socket_path, opt_cuuid, NULL);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def28]
conmon-2.1.13/src/ctrl.c:273:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(g_build_filename(opt_bundle_path,  filename, 0), 526336)’
conmon-2.1.13/src/ctrl.c:262:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/ctrl.c:265:13: branch_false: ...to here
conmon-2.1.13/src/ctrl.c:273:24: acquire_resource: opened here
conmon-2.1.13/src/ctrl.c:273:24: danger: ‘open(g_build_filename(opt_bundle_path,  filename, 0), 526336)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  271|   	}
#  272|   
#  273|-> 	if ((*fifo_r = open(fifo_path, O_RDONLY | O_NONBLOCK | O_CLOEXEC)) == -1)
#  274|   		pexitf("Failed to open %s read half", error_var_name);
#  275|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def29]
conmon-2.1.13/src/ctrl.c:276:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(g_build_filename(opt_bundle_path,  filename, 0), 524289)’
conmon-2.1.13/src/ctrl.c:262:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/ctrl.c:265:13: branch_false: ...to here
conmon-2.1.13/src/ctrl.c:273:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/ctrl.c:276:24: branch_false: ...to here
conmon-2.1.13/src/ctrl.c:276:24: acquire_resource: opened here
conmon-2.1.13/src/ctrl.c:276:24: danger: ‘open(g_build_filename(opt_bundle_path,  filename, 0), 524289)’ leaks here; was opened at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  274|   		pexitf("Failed to open %s read half", error_var_name);
#  275|   
#  276|-> 	if ((*fifo_w = open(fifo_path, O_WRONLY | O_CLOEXEC)) == -1)
#  277|   		pexitf("Failed to open %s write half", error_var_name);
#  278|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def30]
conmon-2.1.13/src/seccomp_notify.c:295:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xmalloc0((long unsigned int)*(struct seccomp_notify_context_s *)<unknown>.sizes.seccomp_notif)’
conmon-2.1.13/src/seccomp_notify.c:108:5: enter_function: entry to ‘seccomp_notify_plugins_load’
conmon-2.1.13/src/seccomp_notify.c:110:79: call_function: calling ‘xmalloc0’ from ‘seccomp_notify_plugins_load’
conmon-2.1.13/src/seccomp_notify.c:110:79: return_function: returning to ‘seccomp_notify_plugins_load’ from ‘xmalloc0’
conmon-2.1.13/src/seccomp_notify.c:115:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/seccomp_notify.c:119:30: branch_false: ...to here
conmon-2.1.13/src/seccomp_notify.c:119:21: call_function: calling ‘xmalloc0’ from ‘seccomp_notify_plugins_load’
conmon-2.1.13/src/seccomp_notify.c:119:21: return_function: returning to ‘seccomp_notify_plugins_load’ from ‘xmalloc0’
conmon-2.1.13/src/seccomp_notify.c:295:16: danger: ‘xmalloc0((long unsigned int)*(struct seccomp_notify_context_s *)<unknown>.sizes.seccomp_notif)’ leaks here; was allocated at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10)
#  293|   	if (res == NULL)
#  294|   		pexitf("calloc");
#  295|-> 	return res;
#  296|   }
#  297|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def31]
conmon-2.1.13/src/seccomp_notify.c:295:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xmalloc0((long unsigned int)*(struct seccomp_notify_context_s *)<unknown>.sizes.seccomp_notif_resp)’
conmon-2.1.13/src/seccomp_notify.c:108:5: enter_function: entry to ‘seccomp_notify_plugins_load’
conmon-2.1.13/src/seccomp_notify.c:110:79: call_function: calling ‘xmalloc0’ from ‘seccomp_notify_plugins_load’
conmon-2.1.13/src/seccomp_notify.c:110:79: return_function: returning to ‘seccomp_notify_plugins_load’ from ‘xmalloc0’
conmon-2.1.13/src/seccomp_notify.c:115:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/seccomp_notify.c:119:30: branch_false: ...to here
conmon-2.1.13/src/seccomp_notify.c:119:21: call_function: calling ‘xmalloc0’ from ‘seccomp_notify_plugins_load’
conmon-2.1.13/src/seccomp_notify.c:119:21: return_function: returning to ‘seccomp_notify_plugins_load’ from ‘xmalloc0’
conmon-2.1.13/src/seccomp_notify.c:120:22: call_function: calling ‘xmalloc0’ from ‘seccomp_notify_plugins_load’
conmon-2.1.13/src/seccomp_notify.c:120:22: return_function: returning to ‘seccomp_notify_plugins_load’ from ‘xmalloc0’
conmon-2.1.13/src/seccomp_notify.c:295:16: danger: ‘xmalloc0((long unsigned int)*(struct seccomp_notify_context_s *)<unknown>.sizes.seccomp_notif_resp)’ leaks here; was allocated at [(16)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/15)
#  293|   	if (res == NULL)
#  294|   		pexitf("calloc");
#  295|-> 	return res;
#  296|   }
#  297|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def32]
conmon-2.1.13/src/seccomp_notify.c:295:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xmalloc0(48)’
conmon-2.1.13/src/seccomp_notify.c:108:5: enter_function: entry to ‘seccomp_notify_plugins_load’
conmon-2.1.13/src/seccomp_notify.c:110:79: call_function: calling ‘xmalloc0’ from ‘seccomp_notify_plugins_load’
conmon-2.1.13/src/seccomp_notify.c:110:79: return_function: returning to ‘seccomp_notify_plugins_load’ from ‘xmalloc0’
conmon-2.1.13/src/seccomp_notify.c:115:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/seccomp_notify.c:119:30: branch_false: ...to here
conmon-2.1.13/src/seccomp_notify.c:119:21: call_function: calling ‘xmalloc0’ from ‘seccomp_notify_plugins_load’
conmon-2.1.13/src/seccomp_notify.c:119:21: return_function: returning to ‘seccomp_notify_plugins_load’ from ‘xmalloc0’
conmon-2.1.13/src/seccomp_notify.c:120:22: call_function: calling ‘xmalloc0’ from ‘seccomp_notify_plugins_load’
conmon-2.1.13/src/seccomp_notify.c:120:22: return_function: returning to ‘seccomp_notify_plugins_load’ from ‘xmalloc0’
conmon-2.1.13/src/seccomp_notify.c:126:24: call_function: calling ‘xmalloc0’ from ‘seccomp_notify_plugins_load’
conmon-2.1.13/src/seccomp_notify.c:126:24: return_function: returning to ‘seccomp_notify_plugins_load’ from ‘xmalloc0’
conmon-2.1.13/src/seccomp_notify.c:295:16: danger: ‘xmalloc0(48)’ leaks here; was allocated at [(21)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/20)
#  293|   	if (res == NULL)
#  294|   		pexitf("calloc");
#  295|-> 	return res;
#  296|   }
#  297|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def33]
conmon-2.1.13/src/utils.h:179:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(g_build_filename(process_cgroup_subsystem_path(pid, 0, "memory"), "cgroup.event_control", 0), 524289)’
conmon-2.1.13/src/cgroup.c:137:13: enter_function: entry to ‘setup_oom_handling_cgroup_v1’
conmon-2.1.13/src/cgroup.c:140:51: call_function: calling ‘process_cgroup_subsystem_path’ from ‘setup_oom_handling_cgroup_v1’
conmon-2.1.13/src/cgroup.c:140:51: return_function: returning to ‘setup_oom_handling_cgroup_v1’ from ‘process_cgroup_subsystem_path’
conmon-2.1.13/src/cgroup.c:141:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/cgroup.c:147:41: branch_false: ...to here
conmon-2.1.13/src/cgroup.c:148:35: acquire_resource: opened here
conmon-2.1.13/src/cgroup.c:149:12: branch_false: following ‘false’ branch...
conmon-2.1.13/src/cgroup.c:155:60: branch_false: ...to here
conmon-2.1.13/src/cgroup.c:148:29: call_function: inlined call to ‘closep’ from ‘setup_oom_handling_cgroup_v1’
#  177|   static inline void closep(int *fd)
#  178|   {
#  179|-> 	if (*fd >= 0)
#  180|   		close(*fd);
#  181|   	*fd = -1;
Scan Properties

analyzer-version-clippy	1.86.0
analyzer-version-cppcheck	2.17.1
analyzer-version-gcc	15.0.1
analyzer-version-gcc-analyzer	15.0.1
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-54.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	conmon-2.1.13-1.fc43
store-results-to	/tmp/tmpz942gyug/conmon-2.1.13-1.fc43.tar.xz
time-created	2025-04-25 12:11:04
time-finished	2025-04-25 12:12:18
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpz942gyug/conmon-2.1.13-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpz942gyug/conmon-2.1.13-1.fc43.src.rpm'
tool-version	csmock-3.8.1.20250422.172604.g26bc3d6-1.el9