criu-4.1-2.fc43

List of Findings

Error: CPPCHECK_WARNING (CWE-476): [#def1]
criu-4.1/compel/plugins/std/infect.c:106: error[nullPointer]: Null pointer dereference: (volatile unsigned long*)NULL
#  104|   	return fini_sigreturn(new_sp);
#  105|   
#  106|-> 	BUG();
#  107|   
#  108|   	return -1;

Error: CPPCHECK_WARNING (CWE-476): [#def2]
criu-4.1/compel/src/lib/infect.c:430: error[nullPointer]: Null pointer dereference: (struct sockaddr_un*)0
#  428|   
#  429|   	saddr->sun_family = AF_UNIX;
#  430|-> 	snprintf(saddr->sun_path, UNIX_PATH_MAX, "X/crtools-pr-%d-%s", key, compel_run_id);
#  431|   
#  432|   	sun_len = SUN_LEN(saddr);

Error: CPPCHECK_WARNING (CWE-476): [#def3]
criu-4.1/compel/src/lib/infect.c:710: error[nullPointer]: Null pointer dereference: (volatile unsigned long*)NULL
#  708|   		goto err;
#  709|   
#  710|-> 	futex_wait_while_eq(&args->daemon_connected, 0);
#  711|   	if (futex_get(&args->daemon_connected) != 1) {
#  712|   		errno = -(int)futex_get(&args->daemon_connected);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def4]
criu-4.1/compel/src/lib/infect.c:710:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/compel/src/lib/infect.c:680:12: enter_function: entry to ‘parasite_init_daemon’
criu-4.1/compel/src/lib/infect.c:699:13: call_function: calling ‘prepare_tsock’ from ‘parasite_init_daemon’
criu-4.1/compel/src/lib/infect.c:699:13: return_function: returning to ‘parasite_init_daemon’ from ‘prepare_tsock’
criu-4.1/compel/src/lib/infect.c:699:12: branch_false: following ‘false’ branch...
criu-4.1/compel/src/lib/infect.c:703:13: branch_false: ...to here
criu-4.1/compel/src/lib/infect.c:703:12: branch_false: following ‘false’ branch...
criu-4.1/compel/src/lib/infect.c:706:9: branch_false: ...to here
criu-4.1/compel/src/lib/infect.c:707:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/compel/src/lib/infect.c:710:9: branch_false: following ‘false’ branch...
criu-4.1/compel/src/lib/infect.c:710:9: branch_false: ...to here
criu-4.1/compel/src/lib/infect.c:710:9: danger: dereference of NULL ‘0’
#  708|   		goto err;
#  709|   
#  710|-> 	futex_wait_while_eq(&args->daemon_connected, 0);
#  711|   	if (futex_get(&args->daemon_connected) != 1) {
#  712|   		errno = -(int)futex_get(&args->daemon_connected);

Error: CPPCHECK_WARNING (CWE-476): [#def5]
criu-4.1/compel/src/lib/infect.c:931: error[nullPointer]: Null pointer dereference: (volatile unsigned long*)NULL
#  929|   			*where = elf_relocs[i].value + elf_relocs[i].addend + (unsigned long)vbase;
#  930|   		} else
#  931|-> 			BUG();
#  932|   	}
#  933|   #endif

Error: GCC_ANALYZER_WARNING (CWE-476): [#def6]
criu-4.1/compel/src/lib/infect.c:931:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/compel/src/lib/infect.c:911:28: branch_true: following ‘true’ branch (when ‘i < nr_relocs’)...
criu-4.1/compel/src/lib/infect.c:912:31: branch_true: ...to here
criu-4.1/compel/src/lib/infect.c:912:20: branch_false: following ‘false’ branch...
criu-4.1/compel/src/lib/infect.c:927:28: branch_false: ...to here
criu-4.1/compel/src/lib/infect.c:927:27: branch_false: following ‘false’ branch...
criu-4.1/compel/src/lib/infect.c:931:25: branch_false: ...to here
criu-4.1/compel/src/lib/infect.c:931:25: danger: dereference of NULL ‘0’
#  929|   			*where = elf_relocs[i].value + elf_relocs[i].addend + (unsigned long)vbase;
#  930|   		} else
#  931|-> 			BUG();
#  932|   	}
#  933|   #endif

Error: GCC_ANALYZER_WARNING (CWE-775): [#def7]
criu-4.1/compel/src/lib/infect.c:1202:21: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(&aux, "r")’
criu-4.1/compel/src/lib/infect.c:1190:13: acquire_resource: opened here
criu-4.1/compel/src/lib/infect.c:1191:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/compel/src/lib/infect.c:1194:16: branch_true: following ‘true’ branch...
criu-4.1/compel/src/lib/infect.c:1198:25: branch_true: ...to here
criu-4.1/compel/src/lib/infect.c:1202:21: danger: ‘fopen(&aux, "r")’ leaks here; was opened at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
# 1200|   
# 1201|   		/* f now points at " rwx" (yes, with space) part */
# 1202|-> 		if (f[3] == 'x') {
# 1203|   			BUG_ON(end - start < PARASITE_START_AREA_MIN);
# 1204|   			ret = start;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
criu-4.1/compel/src/lib/infect.c:1202:21: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(&aux, "r")’
criu-4.1/compel/src/lib/infect.c:1190:13: acquire_memory: allocated here
criu-4.1/compel/src/lib/infect.c:1191:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/compel/src/lib/infect.c:1194:16: branch_true: following ‘true’ branch...
criu-4.1/compel/src/lib/infect.c:1198:25: branch_true: ...to here
criu-4.1/compel/src/lib/infect.c:1202:21: danger: ‘fopen(&aux, "r")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
# 1200|   
# 1201|   		/* f now points at " rwx" (yes, with space) part */
# 1202|-> 		if (f[3] == 'x') {
# 1203|   			BUG_ON(end - start < PARASITE_START_AREA_MIN);
# 1204|   			ret = start;

Error: CPPCHECK_WARNING (CWE-476): [#def9]
criu-4.1/compel/src/lib/infect.c:1203: error[nullPointer]: Null pointer dereference: (volatile unsigned long*)NULL
# 1201|   		/* f now points at " rwx" (yes, with space) part */
# 1202|   		if (f[3] == 'x') {
# 1203|-> 			BUG_ON(end - start < PARASITE_START_AREA_MIN);
# 1204|   			ret = start;
# 1205|   			break;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def10]
criu-4.1/compel/src/lib/infect.c:1203:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/compel/src/lib/infect.c:1191:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/compel/src/lib/infect.c:1194:16: branch_true: following ‘true’ branch...
criu-4.1/compel/src/lib/infect.c:1198:25: branch_true: ...to here
criu-4.1/compel/src/lib/infect.c:1203:25: branch_true: following ‘true’ branch...
criu-4.1/compel/src/lib/infect.c:1203:25: branch_true: ...to here
criu-4.1/compel/src/lib/infect.c:1203:25: danger: dereference of NULL ‘0’
# 1201|   		/* f now points at " rwx" (yes, with space) part */
# 1202|   		if (f[3] == 'x') {
# 1203|-> 			BUG_ON(end - start < PARASITE_START_AREA_MIN);
# 1204|   			ret = start;
# 1205|   			break;

Error: CPPCHECK_WARNING (CWE-476): [#def11]
criu-4.1/compel/src/lib/infect.c:1529: error[nullPointer]: Null pointer dereference: (volatile unsigned long*)NULL
# 1527|   void *compel_parasite_args_s(struct parasite_ctl *ctl, unsigned long args_size)
# 1528|   {
# 1529|-> 	BUG_ON(args_size > ctl->args_size);
# 1530|   	return compel_parasite_args_p(ctl);
# 1531|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def12]
criu-4.1/compel/src/lib/infect.c:1529:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/compel/src/lib/infect.c:1529:9: branch_true: following ‘true’ branch...
criu-4.1/compel/src/lib/infect.c:1529:9: branch_true: ...to here
criu-4.1/compel/src/lib/infect.c:1529:9: danger: dereference of NULL ‘0’
# 1527|   void *compel_parasite_args_s(struct parasite_ctl *ctl, unsigned long args_size)
# 1528|   {
# 1529|-> 	BUG_ON(args_size > ctl->args_size);
# 1530|   	return compel_parasite_args_p(ctl);
# 1531|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def13]
criu-4.1/compel/src/main-host.c:280:23: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘p’
criu-4.1/compel/src/main-host.c:253:12: branch_false: following ‘false’ branch (when ‘len != 0’)...
criu-4.1/compel/src/main-host.c:258:18: branch_false: ...to here
criu-4.1/compel/src/main-host.c:267:12: branch_true: following ‘true’ branch (when ‘p1’ is NULL)...
 branch_true: ...to here
criu-4.1/compel/src/main-host.c:269:12: branch_true: following ‘true’ branch (when ‘p2’ is NULL)...
criu-4.1/compel/src/main-host.c:270:17: branch_true: ...to here
criu-4.1/compel/src/main-host.c:273:12: branch_false: following ‘false’ branch (when ‘len != 0’)...
criu-4.1/compel/src/main-host.c:276:15: branch_false: ...to here
criu-4.1/compel/src/main-host.c:276:15: acquire_memory: this call could return NULL
criu-4.1/compel/src/main-host.c:280:23: danger: ‘p’ could be NULL: unchecked value from [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#  278|   	// Now, check if we got a valid C identifier. We don't need to care
#  279|   	// about C reserved keywords, as this is only used as a prefix.
#  280|-> 	for (p = ret; *p != '\0'; p++) {
#  281|   		if (isalpha(*p))
#  282|   			continue;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def14]
criu-4.1/criu/action-scripts.c:152:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  150|   		break;
#  151|   	default:
#  152|-> 		BUG();
#  153|   	}
#  154|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def15]
criu-4.1/criu/arch/x86/crtools.c:107:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/arch/x86/crtools.c:94:12: branch_false: following ‘false’ branch (when ‘fpregs’ is non-NULL)...
criu-4.1/criu/arch/x86/crtools.c:97:9: branch_false: ...to here
criu-4.1/criu/arch/x86/crtools.c:107:9: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:107:9: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:107:9: danger: dereference of NULL ‘0’
#  105|   
#  106|   	/* Make sure we have enough space */
#  107|-> 	BUG_ON(core->thread_info->fpregs->n_st_space != ARRAY_SIZE(fpregs->i387.st_space));
#  108|   	BUG_ON(core->thread_info->fpregs->n_xmm_space != ARRAY_SIZE(fpregs->i387.xmm_space));
#  109|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def16]
criu-4.1/criu/arch/x86/crtools.c:108:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/arch/x86/crtools.c:94:12: branch_false: following ‘false’ branch (when ‘fpregs’ is non-NULL)...
criu-4.1/criu/arch/x86/crtools.c:97:9: branch_false: ...to here
criu-4.1/criu/arch/x86/crtools.c:107:9: branch_false: following ‘false’ branch...
criu-4.1/criu/arch/x86/crtools.c:108:9: branch_false: ...to here
criu-4.1/criu/arch/x86/crtools.c:108:9: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:108:9: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:108:9: danger: dereference of NULL ‘0’
#  106|   	/* Make sure we have enough space */
#  107|   	BUG_ON(core->thread_info->fpregs->n_st_space != ARRAY_SIZE(fpregs->i387.st_space));
#  108|-> 	BUG_ON(core->thread_info->fpregs->n_xmm_space != ARRAY_SIZE(fpregs->i387.xmm_space));
#  109|   
#  110|   	assign_array(core->thread_info->fpregs, fpregs->i387, st_space);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def17]
criu-4.1/criu/arch/x86/crtools.c:512:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/arch/x86/crtools.c:436:12: branch_false: following ‘false’ branch...
criu-4.1/criu/arch/x86/crtools.c:441:14: branch_false: ...to here
criu-4.1/criu/arch/x86/crtools.c:441:12: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:444:9: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:491:12: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:503:21: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:503:20: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:512:25: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:512:25: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:512:25: danger: dereference of NULL ‘0’
#  510|   			 * inside memory layout (xstate_size calculation).
#  511|   			 */
#  512|-> 			assign_xsave(XFEATURE_YMM, xsave, ymmh_space, extended_state_area);
#  513|   			assign_xsave(XFEATURE_BNDREGS, xsave, bndreg_state, extended_state_area);
#  514|   			assign_xsave(XFEATURE_BNDCSR, xsave, bndcsr_state, extended_state_area);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def18]
criu-4.1/criu/arch/x86/crtools.c:513:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/arch/x86/crtools.c:436:12: branch_false: following ‘false’ branch...
criu-4.1/criu/arch/x86/crtools.c:441:14: branch_false: ...to here
criu-4.1/criu/arch/x86/crtools.c:441:12: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:444:9: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:491:12: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:503:21: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:503:20: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:512:25: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:513:25: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:513:25: danger: dereference of NULL ‘0’
#  511|   			 */
#  512|   			assign_xsave(XFEATURE_YMM, xsave, ymmh_space, extended_state_area);
#  513|-> 			assign_xsave(XFEATURE_BNDREGS, xsave, bndreg_state, extended_state_area);
#  514|   			assign_xsave(XFEATURE_BNDCSR, xsave, bndcsr_state, extended_state_area);
#  515|   			assign_xsave(XFEATURE_OPMASK, xsave, opmask_reg, extended_state_area);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def19]
criu-4.1/criu/arch/x86/crtools.c:514:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/arch/x86/crtools.c:436:12: branch_false: following ‘false’ branch...
criu-4.1/criu/arch/x86/crtools.c:441:14: branch_false: ...to here
criu-4.1/criu/arch/x86/crtools.c:441:12: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:444:9: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:491:12: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:503:21: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:503:20: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:512:25: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:514:25: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:514:25: danger: dereference of NULL ‘0’
#  512|   			assign_xsave(XFEATURE_YMM, xsave, ymmh_space, extended_state_area);
#  513|   			assign_xsave(XFEATURE_BNDREGS, xsave, bndreg_state, extended_state_area);
#  514|-> 			assign_xsave(XFEATURE_BNDCSR, xsave, bndcsr_state, extended_state_area);
#  515|   			assign_xsave(XFEATURE_OPMASK, xsave, opmask_reg, extended_state_area);
#  516|   			assign_xsave(XFEATURE_ZMM_Hi256, xsave, zmm_upper, extended_state_area);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def20]
criu-4.1/criu/arch/x86/crtools.c:515:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/arch/x86/crtools.c:436:12: branch_false: following ‘false’ branch...
criu-4.1/criu/arch/x86/crtools.c:441:14: branch_false: ...to here
criu-4.1/criu/arch/x86/crtools.c:441:12: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:444:9: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:491:12: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:503:21: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:503:20: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:512:25: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:515:25: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:515:25: danger: dereference of NULL ‘0’
#  513|   			assign_xsave(XFEATURE_BNDREGS, xsave, bndreg_state, extended_state_area);
#  514|   			assign_xsave(XFEATURE_BNDCSR, xsave, bndcsr_state, extended_state_area);
#  515|-> 			assign_xsave(XFEATURE_OPMASK, xsave, opmask_reg, extended_state_area);
#  516|   			assign_xsave(XFEATURE_ZMM_Hi256, xsave, zmm_upper, extended_state_area);
#  517|   			assign_xsave(XFEATURE_Hi16_ZMM, xsave, hi16_zmm, extended_state_area);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def21]
criu-4.1/criu/arch/x86/crtools.c:516:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/arch/x86/crtools.c:436:12: branch_false: following ‘false’ branch...
criu-4.1/criu/arch/x86/crtools.c:441:14: branch_false: ...to here
criu-4.1/criu/arch/x86/crtools.c:441:12: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:444:9: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:491:12: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:503:21: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:503:20: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:512:25: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:516:25: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:516:25: danger: dereference of NULL ‘0’
#  514|   			assign_xsave(XFEATURE_BNDCSR, xsave, bndcsr_state, extended_state_area);
#  515|   			assign_xsave(XFEATURE_OPMASK, xsave, opmask_reg, extended_state_area);
#  516|-> 			assign_xsave(XFEATURE_ZMM_Hi256, xsave, zmm_upper, extended_state_area);
#  517|   			assign_xsave(XFEATURE_Hi16_ZMM, xsave, hi16_zmm, extended_state_area);
#  518|   			assign_xsave(XFEATURE_PKRU, xsave, pkru, extended_state_area);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def22]
criu-4.1/criu/arch/x86/crtools.c:517:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/arch/x86/crtools.c:436:12: branch_false: following ‘false’ branch...
criu-4.1/criu/arch/x86/crtools.c:441:14: branch_false: ...to here
criu-4.1/criu/arch/x86/crtools.c:441:12: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:444:9: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:491:12: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:503:21: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:503:20: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:512:25: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:517:25: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:517:25: danger: dereference of NULL ‘0’
#  515|   			assign_xsave(XFEATURE_OPMASK, xsave, opmask_reg, extended_state_area);
#  516|   			assign_xsave(XFEATURE_ZMM_Hi256, xsave, zmm_upper, extended_state_area);
#  517|-> 			assign_xsave(XFEATURE_Hi16_ZMM, xsave, hi16_zmm, extended_state_area);
#  518|   			assign_xsave(XFEATURE_PKRU, xsave, pkru, extended_state_area);
#  519|   		}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def23]
criu-4.1/criu/arch/x86/crtools.c:518:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/arch/x86/crtools.c:436:12: branch_false: following ‘false’ branch...
criu-4.1/criu/arch/x86/crtools.c:441:14: branch_false: ...to here
criu-4.1/criu/arch/x86/crtools.c:441:12: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:444:9: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:491:12: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:503:21: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:503:20: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:512:25: branch_true: ...to here
criu-4.1/criu/arch/x86/crtools.c:518:25: branch_true: following ‘true’ branch...
criu-4.1/criu/arch/x86/crtools.c:518:25: danger: dereference of NULL ‘0’
#  516|   			assign_xsave(XFEATURE_ZMM_Hi256, xsave, zmm_upper, extended_state_area);
#  517|   			assign_xsave(XFEATURE_Hi16_ZMM, xsave, hi16_zmm, extended_state_area);
#  518|-> 			assign_xsave(XFEATURE_PKRU, xsave, pkru, extended_state_area);
#  519|   		}
#  520|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def24]
criu-4.1/criu/arch/x86/shstk.c:108:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/arch/x86/shstk.c:108:9: branch_false: following ‘false’ branch...
criu-4.1/criu/arch/x86/shstk.c:108:9: branch_false: ...to here
criu-4.1/criu/arch/x86/shstk.c:108:9: danger: dereference of NULL ‘0’
#  106|   		return 0;
#  107|   
#  108|-> 	futex_wait_until(&rsti(item)->shstk_enable, 1);
#  109|   
#  110|   	if (ptrace(PTRACE_SEIZE, pid, 0, 0)) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def25]
criu-4.1/criu/arch/x86/shstk.c:151:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/arch/x86/shstk.c:145:13: enter_function: entry to ‘shstk_sync_unlock’
criu-4.1/criu/arch/x86/shstk.c:148:9: call_function: calling ‘futex_set_and_wake’ from ‘shstk_sync_unlock’
criu-4.1/criu/arch/x86/shstk.c:148:9: return_function: returning to ‘shstk_sync_unlock’ from ‘futex_set_and_wake’
criu-4.1/criu/arch/x86/shstk.c:151:9: branch_false: following ‘false’ branch...
criu-4.1/criu/arch/x86/shstk.c:151:9: branch_false: ...to here
criu-4.1/criu/arch/x86/shstk.c:151:9: danger: dereference of NULL ‘0’
#  149|   
#  150|   	/* ... and wait until it unlocks its features with ptrace */
#  151|-> 	futex_wait_until(&rsti(item)->shstk_unlock, 1);
#  152|   }
#  153|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def26]
criu-4.1/criu/autofs.c:949:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/autofs.c:949:9: branch_true: following ‘true’ branch (when ‘master’ is NULL)...
criu-4.1/criu/autofs.c:949:9: branch_true: ...to here
criu-4.1/criu/autofs.c:949:9: danger: dereference of NULL ‘0’
#  947|   	else
#  948|   		master = pstree_item_by_virt(entry->pgrp);
#  949|-> 	BUG_ON(!master);
#  950|   
#  951|   	ple = autofs_pipe_le(master, entry);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def27]
criu-4.1/criu/bfd.c:330:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/bfd.c:310:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/bfd.c:313:16: branch_true: following ‘true’ branch (when ‘more == 1’)...
criu-4.1/criu/bfd.c:316:17: branch_true: ...to here
criu-4.1/criu/bfd.c:320:20: branch_false: following ‘false’ branch (when ‘chunk == 0’)...
criu-4.1/criu/bfd.c:327:20: branch_false: ...to here
criu-4.1/criu/bfd.c:330:25: branch_true: following ‘true’ branch (when ‘filled > size’)...
criu-4.1/criu/bfd.c:330:25: branch_true: ...to here
criu-4.1/criu/bfd.c:330:25: danger: dereference of NULL ‘0’
#  328|   			more = brefill(bfd);
#  329|   		else {
#  330|-> 			BUG_ON(filled > size);
#  331|   			more = 0;
#  332|   		}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def28]
criu-4.1/criu/clone-noasan.c:41:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/clone-noasan.c:41:9: branch_true: following ‘true’ branch...
criu-4.1/criu/clone-noasan.c:41:9: danger: dereference of NULL ‘0’
#   39|   	void *stack_ptr = (void *)round_down((unsigned long)&stack_ptr - 1024, 16);
#   40|   
#   41|-> 	BUG_ON((flags & CLONE_VM) && !(flags & CLONE_VFORK));
#   42|   	/*
#   43|   	 * Reserve some bytes for clone() internal needs

Error: GCC_ANALYZER_WARNING (CWE-476): [#def29]
criu-4.1/criu/clone-noasan.c:53:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/clone-noasan.c:53:9: branch_true: following ‘true’ branch...
criu-4.1/criu/clone-noasan.c:53:9: branch_true: ...to here
criu-4.1/criu/clone-noasan.c:53:9: danger: dereference of NULL ‘0’
#   51|   	struct _clone_args c_args = {};
#   52|   
#   53|-> 	BUG_ON(flags & CLONE_VM);
#   54|   
#   55|   	/*

Error: GCC_ANALYZER_WARNING (CWE-476): [#def30]
criu-4.1/criu/clone-noasan.c:59:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/clone-noasan.c:53:9: branch_false: following ‘false’ branch...
criu-4.1/criu/clone-noasan.c:59:9: branch_false: ...to here
criu-4.1/criu/clone-noasan.c:59:9: branch_true: following ‘true’ branch...
criu-4.1/criu/clone-noasan.c:59:9: branch_true: ...to here
criu-4.1/criu/clone-noasan.c:59:9: danger: dereference of NULL ‘0’
#   57|   	 * exit_signal for that.
#   58|   	 */
#   59|-> 	BUG_ON(flags & 0xff);
#   60|   
#   61|   	pr_debug("Creating process using clone3()\n");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def31]
criu-4.1/criu/cr-check.c:1413:16: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen("/proc/self/maps", "r")’
criu-4.1/criu/cr-check.c:1407:16: acquire_resource: opened here
criu-4.1/criu/cr-check.c:1408:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/cr-check.c:1413:16: danger: ‘fopen("/proc/self/maps", "r")’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
# 1411|   	}
# 1412|   
# 1413|-> 	while (fgets(buf, sizeof(buf), mapf)) {
# 1414|   		unsigned long start, end;
# 1415|   		uint32_t maj, min;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def32]
criu-4.1/criu/cr-check.c:1413:16: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen("/proc/self/maps", "r")’
criu-4.1/criu/cr-check.c:1407:16: acquire_memory: allocated here
criu-4.1/criu/cr-check.c:1408:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/cr-check.c:1413:16: danger: ‘fopen("/proc/self/maps", "r")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
# 1411|   	}
# 1412|   
# 1413|-> 	while (fgets(buf, sizeof(buf), mapf)) {
# 1414|   		unsigned long start, end;
# 1415|   		uint32_t maj, min;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def33]
criu-4.1/criu/cr-check.c:1418:20: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen("/proc/self/maps", "r")’
criu-4.1/criu/cr-check.c:1407:16: acquire_resource: opened here
criu-4.1/criu/cr-check.c:1408:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/cr-check.c:1413:16: branch_true: following ‘true’ branch...
criu-4.1/criu/cr-check.c:1418:21: branch_true: ...to here
criu-4.1/criu/cr-check.c:1418:20: danger: ‘fopen("/proc/self/maps", "r")’ leaks here; was opened at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
# 1416|   		__u64 ino;
# 1417|   
# 1418|-> 		if (sscanf(buf, "%lx-%lx %*s %*s %x:%x %llu",
# 1419|   			   &start, &end, &maj, &min, &ino) != 5) {
# 1420|   			pr_perror("Unable to parse: %s", buf);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def34]
criu-4.1/criu/cr-check.c:1418:20: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen("/proc/self/maps", "r")’
criu-4.1/criu/cr-check.c:1407:16: acquire_memory: allocated here
criu-4.1/criu/cr-check.c:1408:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/cr-check.c:1413:16: branch_true: following ‘true’ branch...
criu-4.1/criu/cr-check.c:1418:21: branch_true: ...to here
criu-4.1/criu/cr-check.c:1418:20: danger: ‘fopen("/proc/self/maps", "r")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
# 1416|   		__u64 ino;
# 1417|   
# 1418|-> 		if (sscanf(buf, "%lx-%lx %*s %*s %x:%x %llu",
# 1419|   			   &start, &end, &maj, &min, &ino) != 5) {
# 1420|   			pr_perror("Unable to parse: %s", buf);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def35]
criu-4.1/criu/cr-check.c:1423:21: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen("/proc/self/maps", "r")’
criu-4.1/criu/cr-check.c:1407:16: acquire_resource: opened here
criu-4.1/criu/cr-check.c:1408:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/cr-check.c:1413:16: branch_true: following ‘true’ branch...
criu-4.1/criu/cr-check.c:1418:21: branch_true: ...to here
criu-4.1/criu/cr-check.c:1418:20: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-check.c:1423:21: branch_false: ...to here
criu-4.1/criu/cr-check.c:1423:21: danger: ‘fopen("/proc/self/maps", "r")’ leaks here; was opened at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
# 1421|   			return -1;
# 1422|   		}
# 1423|-> 		if (start == (unsigned long)addr) {
# 1424|   			stx->stx_dev_major = maj;
# 1425|   			stx->stx_dev_minor = min;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def36]
criu-4.1/criu/cr-check.c:1423:21: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen("/proc/self/maps", "r")’
criu-4.1/criu/cr-check.c:1407:16: acquire_memory: allocated here
criu-4.1/criu/cr-check.c:1408:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/cr-check.c:1413:16: branch_true: following ‘true’ branch...
criu-4.1/criu/cr-check.c:1418:21: branch_true: ...to here
criu-4.1/criu/cr-check.c:1418:20: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-check.c:1423:21: branch_false: ...to here
criu-4.1/criu/cr-check.c:1423:21: danger: ‘fopen("/proc/self/maps", "r")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
# 1421|   			return -1;
# 1422|   		}
# 1423|-> 		if (start == (unsigned long)addr) {
# 1424|   			stx->stx_dev_major = maj;
# 1425|   			stx->stx_dev_minor = min;

Error: GCC_ANALYZER_WARNING (CWE-126): [#def37]
criu-4.1/criu/cr-dump.c:113:22: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
criu-4.1/criu/cr-dump.c:2119:5: enter_function: entry to ‘cr_dump_tasks’
criu-4.1/criu/cr-dump.c:2139:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2141:9: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2144:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2148:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2148:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2151:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2151:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2154:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2154:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2157:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2157:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2160:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2160:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2163:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2163:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2166:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2166:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2169:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2169:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2172:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2172:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2175:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2180:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2183:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2183:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2192:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2192:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2195:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2195:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2198:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2198:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2201:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2201:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2204:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2204:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2207:13: call_function: inlined call to ‘collect_file_locks’ from ‘cr_dump_tasks’
criu-4.1/criu/cr-dump.c:2207:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2210:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2210:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2213:23: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2214:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2217:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2217:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2221:21: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2223:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2226:9: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2226:9: branch_true: following ‘true’ branch (when ‘item’ is non-NULL)...
criu-4.1/criu/cr-dump.c:2227:21: branch_true: ...to here
criu-4.1/criu/cr-dump.c:2227:21: call_function: calling ‘dump_one_task’ from ‘cr_dump_tasks’
#  111|   
#  112|   	list_for_each_entry_safe(vma_area, p, &vma_area_list->h, list) {
#  113|-> 		if (!vma_area->file_borrowed)
#  114|   			free(vma_area->vmst);
#  115|   		free(vma_area);

Error: GCC_ANALYZER_WARNING (CWE-126): [#def38]
criu-4.1/criu/cr-dump.c:114:30: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
criu-4.1/criu/cr-dump.c:2119:5: enter_function: entry to ‘cr_dump_tasks’
criu-4.1/criu/cr-dump.c:2139:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2141:9: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2144:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2148:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2148:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2151:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2151:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2154:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2154:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2157:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2157:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2160:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2160:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2163:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2163:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2166:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2166:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2169:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2169:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2172:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2172:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2175:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2180:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2183:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2183:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2192:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2192:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2195:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2195:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2198:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2198:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2201:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2201:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2204:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2204:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2207:13: call_function: inlined call to ‘collect_file_locks’ from ‘cr_dump_tasks’
criu-4.1/criu/cr-dump.c:2207:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2210:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2210:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2213:23: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2214:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2217:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2217:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2221:21: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2223:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2226:9: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2226:9: branch_true: following ‘true’ branch (when ‘item’ is non-NULL)...
criu-4.1/criu/cr-dump.c:2227:21: branch_true: ...to here
criu-4.1/criu/cr-dump.c:2227:21: call_function: calling ‘dump_one_task’ from ‘cr_dump_tasks’
#  112|   	list_for_each_entry_safe(vma_area, p, &vma_area_list->h, list) {
#  113|   		if (!vma_area->file_borrowed)
#  114|-> 			free(vma_area->vmst);
#  115|   		free(vma_area);
#  116|   	}

Error: GCC_ANALYZER_WARNING (CWE-590): [#def39]
criu-4.1/criu/cr-dump.c:115:17: warning[-Wanalyzer-free-of-non-heap]: ‘free’ of ‘vma_area’ which points to memory on the stack
criu-4.1/criu/cr-dump.c:2119:5: enter_function: entry to ‘cr_dump_tasks’
criu-4.1/criu/cr-dump.c:2139:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2141:9: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2144:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2148:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2148:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2151:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2151:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2154:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2154:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2157:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2157:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2160:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2160:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2163:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2163:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2166:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2166:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2169:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2169:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2172:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2172:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2175:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2180:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2183:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2183:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2192:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2192:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2195:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2195:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2198:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2198:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2201:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2201:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2204:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2204:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2207:13: call_function: inlined call to ‘collect_file_locks’ from ‘cr_dump_tasks’
criu-4.1/criu/cr-dump.c:2207:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2210:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2210:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2213:23: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2214:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2217:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2217:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2221:21: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2223:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2226:9: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2226:9: branch_true: following ‘true’ branch (when ‘item’ is non-NULL)...
criu-4.1/criu/cr-dump.c:2227:21: branch_true: ...to here
criu-4.1/criu/cr-dump.c:2227:21: call_function: calling ‘dump_one_task’ from ‘cr_dump_tasks’
#  113|   		if (!vma_area->file_borrowed)
#  114|   			free(vma_area->vmst);
#  115|-> 		free(vma_area);
#  116|   	}
#  117|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def40]
criu-4.1/criu/cr-dump.c:1399:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/cr-dump.c:2119:5: enter_function: entry to ‘cr_dump_tasks’
criu-4.1/criu/cr-dump.c:2139:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2141:9: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2144:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2148:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2148:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2151:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2151:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2154:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2154:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2157:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2157:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2160:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2160:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2163:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2163:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2166:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2166:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2169:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2169:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2172:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2172:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2175:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2180:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2183:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2183:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2192:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2192:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2195:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2195:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2198:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2198:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2201:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2201:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2204:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2204:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2207:13: call_function: inlined call to ‘collect_file_locks’ from ‘cr_dump_tasks’
criu-4.1/criu/cr-dump.c:2207:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2210:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2210:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2213:23: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2214:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2217:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2217:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2221:21: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2223:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2226:9: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2242:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2246:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2246:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2249:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2249:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2252:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2252:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-dump.c:2255:13: branch_false: ...to here
criu-4.1/criu/cr-dump.c:2255:13: call_function: calling ‘dump_zombies’ from ‘cr_dump_tasks’
# 1397|   		item->pgid = pps_buf.pgid;
# 1398|   
# 1399|-> 		BUG_ON(!list_empty(&item->children));
# 1400|   
# 1401|   		if (!item->sid) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def41]
criu-4.1/criu/cr-dump.c:1798:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 1796|   	}
# 1797|   	pr_err("FATAL: Unable to interrupt the current operation\n");
# 1798|-> 	BUG();
# 1799|   }
# 1800|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def42]
criu-4.1/criu/cr-restore.c:153:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  151|   	}
#  152|   
#  153|-> 	BUG();
#  154|   	return -1;
#  155|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def43]
criu-4.1/criu/cr-restore.c:173:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/cr-restore.c:3116:12: enter_function: entry to ‘sigreturn_restore’
criu-4.1/criu/cr-restore.c:3153:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:3156:20: branch_false: ...to here
criu-4.1/criu/cr-restore.c:3156:12: branch_true: following ‘true’ branch...
criu-4.1/criu/cr-restore.c:3158:21: branch_true: ...to here
criu-4.1/criu/cr-restore.c:3158:21: call_function: calling ‘restore_wait_other_tasks’ from ‘sigreturn_restore’
#  171|   	}
#  172|   
#  173|-> 	BUG();
#  174|   	return -1;
#  175|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def44]
criu-4.1/criu/cr-restore.c:182:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/cr-restore.c:3116:12: enter_function: entry to ‘sigreturn_restore’
criu-4.1/criu/cr-restore.c:3153:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:3156:20: branch_false: ...to here
criu-4.1/criu/cr-restore.c:3156:12: branch_true: following ‘true’ branch...
criu-4.1/criu/cr-restore.c:3158:21: branch_true: ...to here
criu-4.1/criu/cr-restore.c:3158:21: call_function: calling ‘restore_wait_other_tasks’ from ‘sigreturn_restore’
#  180|   	futex_t *np = &task_entries->nr_in_progress;
#  181|   
#  182|-> 	futex_wait_while_gt(np, participants);
#  183|   	ret = (int)futex_get(np);
#  184|   	if (ret < 0) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def45]
criu-4.1/criu/cr-restore.c:1174:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/cr-restore.c:1997:12: enter_function: entry to ‘restore_root_task’
criu-4.1/criu/cr-restore.c:2004:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:2009:14: branch_false: ...to here
criu-4.1/criu/cr-restore.c:2010:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:2015:15: branch_false: ...to here
criu-4.1/criu/cr-restore.c:2016:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:2026:13: branch_false: ...to here
criu-4.1/criu/cr-restore.c:2026:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:2029:13: branch_false: ...to here
criu-4.1/criu/cr-restore.c:2029:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:2032:13: call_function: inlined call to ‘vpid’ from ‘restore_root_task’
criu-4.1/criu/cr-restore.c:2033:20: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:2054:9: branch_false: ...to here
criu-4.1/criu/cr-restore.c:2054:9: call_function: calling ‘__restore_switch_stage_nw’ from ‘restore_root_task’
criu-4.1/criu/cr-restore.c:2054:9: return_function: returning to ‘restore_root_task’ from ‘__restore_switch_stage_nw’
criu-4.1/criu/cr-restore.c:2056:15: call_function: calling ‘fork_with_pid’ from ‘restore_root_task’
# 1172|   	ca.clone_flags = rsti(item)->clone_flags;
# 1173|   
# 1174|-> 	BUG_ON(ca.clone_flags & CLONE_VM);
# 1175|   
# 1176|   	pr_info("Forking task with %d pid (flags 0x%lx)\n", pid, ca.clone_flags);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def46]
criu-4.1/criu/cr-restore.c:1486:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/cr-restore.c:1509:12: enter_function: entry to ‘__restore_task_with_children’
criu-4.1/criu/cr-restore.c:1538:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:1544:13: branch_false: ...to here
criu-4.1/criu/cr-restore.c:1544:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:1547:20: branch_false: ...to here
criu-4.1/criu/cr-restore.c:1596:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:1600:20: branch_false: ...to here
criu-4.1/criu/cr-restore.c:1635:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:1638:13: branch_false: ...to here
criu-4.1/criu/cr-restore.c:1638:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:1641:13: branch_false: ...to here
criu-4.1/criu/cr-restore.c:1641:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:1644:13: branch_false: ...to here
criu-4.1/criu/cr-restore.c:1644:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:1647:13: branch_false: ...to here
criu-4.1/criu/cr-restore.c:1652:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:1655:9: branch_false: ...to here
criu-4.1/criu/cr-restore.c:1657:13: call_function: calling ‘create_children_and_session’ from ‘__restore_task_with_children’
# 1484|   			continue;
# 1485|   
# 1486|-> 		BUG_ON(child->born_sid != -1 && getsid(0) != child->born_sid);
# 1487|   
# 1488|   		ret = fork_with_pid(child);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def47]
criu-4.1/criu/cr-restore.c:3177:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/cr-restore.c:3153:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:3156:20: branch_false: ...to here
criu-4.1/criu/cr-restore.c:3171:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:3174:24: branch_false: ...to here
criu-4.1/criu/cr-restore.c:3177:9: branch_true: following ‘true’ branch...
criu-4.1/criu/cr-restore.c:3177:9: branch_true: ...to here
criu-4.1/criu/cr-restore.c:3177:9: danger: dereference of NULL ‘0’
# 3175|   	memzone_size = round_up(sizeof(struct restore_mem_zone) * current->nr_threads, page_size());
# 3176|   	task_args->bootstrap_len = restorer_len + memzone_size + alen + rst_mem_size;
# 3177|-> 	BUG_ON(task_args->bootstrap_len & (PAGE_SIZE - 1));
# 3178|   	pr_info("%d threads require %ldK of memory\n", current->nr_threads, KBYTES(task_args->bootstrap_len));
# 3179|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def48]
criu-4.1/criu/cr-restore.c:3314:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/cr-restore.c:3153:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:3156:20: branch_false: ...to here
criu-4.1/criu/cr-restore.c:3171:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:3174:24: branch_false: ...to here
criu-4.1/criu/cr-restore.c:3177:9: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:3178:9: branch_false: ...to here
criu-4.1/criu/cr-restore.c:3207:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:3212:9: branch_false: ...to here
criu-4.1/criu/cr-restore.c:3215:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:3222:39: branch_false: ...to here
criu-4.1/criu/cr-restore.c:3230:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:3235:9: branch_false: ...to here
criu-4.1/criu/cr-restore.c:3241:12: branch_false: following ‘false’ branch (when ‘mem == task_args’)...
criu-4.1/criu/cr-restore.c:3246:9: branch_false: ...to here
criu-4.1/criu/cr-restore.c:3255:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:3270:30: branch_false: ...to here
criu-4.1/criu/cr-restore.c:3271:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:3276:34: branch_false: ...to here
criu-4.1/criu/cr-restore.c:3282:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-restore.c:3287:35: branch_false: ...to here
criu-4.1/criu/cr-restore.c:3314:9: branch_true: following ‘true’ branch...
criu-4.1/criu/cr-restore.c:3314:9: branch_true: ...to here
criu-4.1/criu/cr-restore.c:3314:9: danger: dereference of NULL ‘0’
# 3312|   	 */
# 3313|   
# 3314|-> 	BUG_ON(core->mtype != CORE_ENTRY__MARCH);
# 3315|   
# 3316|   	task_args->logfd = log_get_fd();

Error: GCC_ANALYZER_WARNING (CWE-476): [#def49]
criu-4.1/criu/cr-service.c:312:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/cr-service.c:1445:5: enter_function: entry to ‘cr_service’
criu-4.1/criu/cr-service.c:1458:20: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-service.c:1463:17: branch_false: ...to here
criu-4.1/criu/cr-service.c:1479:20: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-service.c:1484:17: branch_false: ...to here
criu-4.1/criu/cr-service.c:1487:20: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-service.c:1492:21: branch_false: ...to here
criu-4.1/criu/cr-service.c:1492:20: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-service.c:1498:12: branch_false: ...to here
criu-4.1/criu/cr-service.c:1512:13: call_function: calling ‘setup_sigchld_handler’ from ‘cr_service’
criu-4.1/criu/cr-service.c:1512:13: return_function: returning to ‘cr_service’ from ‘setup_sigchld_handler’
criu-4.1/criu/cr-service.c:1512:12: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-service.c:1515:13: branch_false: ...to here
criu-4.1/criu/cr-service.c:1515:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/cr-service.c:1524:20: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-service.c:1529:17: branch_false: ...to here
criu-4.1/criu/cr-service.c:1534:29: call_function: calling ‘restore_sigchld_handler’ from ‘cr_service’
criu-4.1/criu/cr-service.c:1534:29: return_function: returning to ‘cr_service’ from ‘restore_sigchld_handler’
criu-4.1/criu/cr-service.c:1534:28: branch_false: following ‘false’ branch...
criu-4.1/criu/cr-service.c:1537:25: branch_false: ...to here
criu-4.1/criu/cr-service.c:1539:31: call_function: calling ‘cr_service_work’ from ‘cr_service’
#  310|   	}
#  311|   
#  312|-> 	BUG_ON(st.st_ino == -1);
#  313|   	service_sk_ino = st.st_ino;
#  314|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def50]
criu-4.1/criu/crtools.c:122:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/crtools.c:122:9: branch_true: following ‘true’ branch...
criu-4.1/criu/crtools.c:122:9: branch_true: ...to here
criu-4.1/criu/crtools.c:122:9: danger: dereference of NULL ‘0’
#  120|   	BUILD_BUG_ON(__CTL_STR != SYSCTL_TYPE__CTL_STR);
#  121|   	/* We use it for fd overlap handling in clone_service_fd() */
#  122|-> 	BUG_ON(get_service_fd(SERVICE_FD_MIN + 1) < get_service_fd(SERVICE_FD_MAX - 1));
#  123|   
#  124|   	if (fault_injection_init()) {

Error: GCC_ANALYZER_WARNING (CWE-416): [#def51]
criu-4.1/criu/eventpoll.c:112:25: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘((struct eventpoll_dinfo)*((struct list_head *)dinfo)).e’
criu-4.1/criu/eventpoll.c:125:5: enter_function: entry to ‘flush_eventpoll_dinfo_queue’
criu-4.1/criu/eventpoll.c:130:9: branch_true: following ‘true’ branch...
criu-4.1/criu/eventpoll.c:131:37: branch_true: ...to here
criu-4.1/criu/eventpoll.c:166:21: call_function: calling ‘img_from_set’ from ‘flush_eventpoll_dinfo_queue’
criu-4.1/criu/eventpoll.c:166:21: return_function: returning to ‘flush_eventpoll_dinfo_queue’ from ‘img_from_set’
criu-4.1/criu/eventpoll.c:166:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/eventpoll.c:172:17: call_function: calling ‘dequeue_dinfo’ from ‘flush_eventpoll_dinfo_queue’
criu-4.1/criu/eventpoll.c:172:17: return_function: returning to ‘flush_eventpoll_dinfo_queue’ from ‘dequeue_dinfo’
criu-4.1/criu/eventpoll.c:130:9: branch_true: following ‘true’ branch...
criu-4.1/criu/eventpoll.c:131:37: branch_true: ...to here
criu-4.1/criu/eventpoll.c:178:9: branch_true: following ‘true’ branch...
criu-4.1/criu/eventpoll.c:179:17: branch_true: ...to here
criu-4.1/criu/eventpoll.c:179:17: call_function: calling ‘dequeue_dinfo’ from ‘flush_eventpoll_dinfo_queue’
#  110|   	ssize_t i;
#  111|   
#  112|-> 	for (i = 0; i < dinfo->e->n_tfd; i++)
#  113|   		eventpoll_tfd_entry__free_unpacked(dinfo->e->tfd[i], NULL);
#  114|   

Error: GCC_ANALYZER_WARNING (CWE-416): [#def52]
criu-4.1/criu/eventpoll.c:112:25: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘dinfo’
criu-4.1/criu/eventpoll.c:125:5: enter_function: entry to ‘flush_eventpoll_dinfo_queue’
criu-4.1/criu/eventpoll.c:130:9: branch_true: following ‘true’ branch...
criu-4.1/criu/eventpoll.c:131:37: branch_true: ...to here
criu-4.1/criu/eventpoll.c:166:21: call_function: calling ‘img_from_set’ from ‘flush_eventpoll_dinfo_queue’
criu-4.1/criu/eventpoll.c:166:21: return_function: returning to ‘flush_eventpoll_dinfo_queue’ from ‘img_from_set’
criu-4.1/criu/eventpoll.c:166:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/eventpoll.c:172:17: call_function: calling ‘dequeue_dinfo’ from ‘flush_eventpoll_dinfo_queue’
criu-4.1/criu/eventpoll.c:172:17: return_function: returning to ‘flush_eventpoll_dinfo_queue’ from ‘dequeue_dinfo’
criu-4.1/criu/eventpoll.c:130:9: branch_true: following ‘true’ branch...
criu-4.1/criu/eventpoll.c:131:37: branch_true: ...to here
criu-4.1/criu/eventpoll.c:178:9: branch_true: following ‘true’ branch...
criu-4.1/criu/eventpoll.c:179:17: branch_true: ...to here
criu-4.1/criu/eventpoll.c:179:17: call_function: calling ‘dequeue_dinfo’ from ‘flush_eventpoll_dinfo_queue’
#  110|   	ssize_t i;
#  111|   
#  112|-> 	for (i = 0; i < dinfo->e->n_tfd; i++)
#  113|   		eventpoll_tfd_entry__free_unpacked(dinfo->e->tfd[i], NULL);
#  114|   

Error: GCC_ANALYZER_WARNING (CWE-415): [#def53]
criu-4.1/criu/eventpoll.c:115:9: warning[-Wanalyzer-double-free]: double-‘free’ of ‘((struct eventpoll_dinfo)*((struct list_head *)dinfo)).fe’
criu-4.1/criu/eventpoll.c:125:5: enter_function: entry to ‘flush_eventpoll_dinfo_queue’
criu-4.1/criu/eventpoll.c:130:9: branch_true: following ‘true’ branch...
criu-4.1/criu/eventpoll.c:131:37: branch_true: ...to here
criu-4.1/criu/eventpoll.c:166:21: call_function: calling ‘img_from_set’ from ‘flush_eventpoll_dinfo_queue’
criu-4.1/criu/eventpoll.c:166:21: return_function: returning to ‘flush_eventpoll_dinfo_queue’ from ‘img_from_set’
criu-4.1/criu/eventpoll.c:166:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/eventpoll.c:172:17: call_function: calling ‘dequeue_dinfo’ from ‘flush_eventpoll_dinfo_queue’
criu-4.1/criu/eventpoll.c:172:17: return_function: returning to ‘flush_eventpoll_dinfo_queue’ from ‘dequeue_dinfo’
criu-4.1/criu/eventpoll.c:130:9: branch_true: following ‘true’ branch...
criu-4.1/criu/eventpoll.c:131:37: branch_true: ...to here
criu-4.1/criu/eventpoll.c:178:9: branch_true: following ‘true’ branch...
criu-4.1/criu/eventpoll.c:179:17: branch_true: ...to here
criu-4.1/criu/eventpoll.c:179:17: call_function: calling ‘dequeue_dinfo’ from ‘flush_eventpoll_dinfo_queue’
#  113|   		eventpoll_tfd_entry__free_unpacked(dinfo->e->tfd[i], NULL);
#  114|   
#  115|-> 	xfree(dinfo->fe);
#  116|   	xfree(dinfo->e->tfd);
#  117|   	xfree(dinfo->e);

Error: GCC_ANALYZER_WARNING (CWE-415): [#def54]
criu-4.1/criu/eventpoll.c:116:9: warning[-Wanalyzer-double-free]: double-‘free’ of ‘*((struct eventpoll_dinfo)*((struct list_head *)dinfo)).e.tfd’
criu-4.1/criu/eventpoll.c:125:5: enter_function: entry to ‘flush_eventpoll_dinfo_queue’
criu-4.1/criu/eventpoll.c:130:9: branch_true: following ‘true’ branch...
criu-4.1/criu/eventpoll.c:131:37: branch_true: ...to here
criu-4.1/criu/eventpoll.c:166:21: call_function: calling ‘img_from_set’ from ‘flush_eventpoll_dinfo_queue’
criu-4.1/criu/eventpoll.c:166:21: return_function: returning to ‘flush_eventpoll_dinfo_queue’ from ‘img_from_set’
criu-4.1/criu/eventpoll.c:166:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/eventpoll.c:172:17: call_function: calling ‘dequeue_dinfo’ from ‘flush_eventpoll_dinfo_queue’
criu-4.1/criu/eventpoll.c:172:17: return_function: returning to ‘flush_eventpoll_dinfo_queue’ from ‘dequeue_dinfo’
criu-4.1/criu/eventpoll.c:130:9: branch_true: following ‘true’ branch...
criu-4.1/criu/eventpoll.c:131:37: branch_true: ...to here
criu-4.1/criu/eventpoll.c:178:9: branch_true: following ‘true’ branch...
criu-4.1/criu/eventpoll.c:179:17: branch_true: ...to here
criu-4.1/criu/eventpoll.c:179:17: call_function: calling ‘dequeue_dinfo’ from ‘flush_eventpoll_dinfo_queue’
#  114|   
#  115|   	xfree(dinfo->fe);
#  116|-> 	xfree(dinfo->e->tfd);
#  117|   	xfree(dinfo->e);
#  118|   	xfree(dinfo->toff);

Error: GCC_ANALYZER_WARNING (CWE-415): [#def55]
criu-4.1/criu/eventpoll.c:118:9: warning[-Wanalyzer-double-free]: double-‘free’ of ‘((struct eventpoll_dinfo)*((struct list_head *)dinfo)).toff’
criu-4.1/criu/eventpoll.c:125:5: enter_function: entry to ‘flush_eventpoll_dinfo_queue’
criu-4.1/criu/eventpoll.c:130:9: branch_true: following ‘true’ branch...
criu-4.1/criu/eventpoll.c:131:37: branch_true: ...to here
criu-4.1/criu/eventpoll.c:166:21: call_function: calling ‘img_from_set’ from ‘flush_eventpoll_dinfo_queue’
criu-4.1/criu/eventpoll.c:166:21: return_function: returning to ‘flush_eventpoll_dinfo_queue’ from ‘img_from_set’
criu-4.1/criu/eventpoll.c:166:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/eventpoll.c:172:17: call_function: calling ‘dequeue_dinfo’ from ‘flush_eventpoll_dinfo_queue’
criu-4.1/criu/eventpoll.c:172:17: return_function: returning to ‘flush_eventpoll_dinfo_queue’ from ‘dequeue_dinfo’
criu-4.1/criu/eventpoll.c:130:9: branch_true: following ‘true’ branch...
criu-4.1/criu/eventpoll.c:131:37: branch_true: ...to here
criu-4.1/criu/eventpoll.c:178:9: branch_true: following ‘true’ branch...
criu-4.1/criu/eventpoll.c:179:17: branch_true: ...to here
criu-4.1/criu/eventpoll.c:179:17: call_function: calling ‘dequeue_dinfo’ from ‘flush_eventpoll_dinfo_queue’
#  116|   	xfree(dinfo->e->tfd);
#  117|   	xfree(dinfo->e);
#  118|-> 	xfree(dinfo->toff);
#  119|   
#  120|   	list_del(&dinfo->list);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def56]
criu-4.1/criu/file-lock.c:174:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/file-lock.c:162:12: branch_false: following ‘false’ branch...
criu-4.1/criu/file-lock.c:169:13: branch_false: ...to here
criu-4.1/criu/file-lock.c:169:12: branch_true: following ‘true’ branch...
criu-4.1/criu/file-lock.c:170:21: branch_true: ...to here
criu-4.1/criu/file-lock.c:170:20: branch_true: following ‘true’ branch...
criu-4.1/criu/file-lock.c:173:29: branch_true: ...to here
criu-4.1/criu/file-lock.c:174:25: branch_true: following ‘true’ branch...
criu-4.1/criu/file-lock.c:174:25: branch_true: ...to here
criu-4.1/criu/file-lock.c:174:25: danger: dereference of NULL ‘0’
#  172|   
#  173|   			m = lookup_mnt_id(p->mnt_id);
#  174|-> 			BUG_ON(m == NULL);
#  175|   			dev = kdev_to_odev(m->s_dev);
#  176|   		} else /* old kernel */

Error: GCC_ANALYZER_WARNING (CWE-476): [#def57]
criu-4.1/criu/files-reg.c:1858:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/files-reg.c:2051:12: enter_function: entry to ‘rfi_remap’
criu-4.1/criu/files-reg.c:2058:12: branch_false: following ‘false’ branch...
criu-4.1/criu/files-reg.c:2066:14: branch_false: ...to here
criu-4.1/criu/files-reg.c:2067:12: branch_false: following ‘false’ branch...
criu-4.1/criu/files-reg.c:2070:13: branch_false: ...to here
criu-4.1/criu/files-reg.c:2070:12: branch_false: following ‘false’ branch...
criu-4.1/criu/files-reg.c:2078:15: branch_false: ...to here
criu-4.1/criu/files-reg.c:2079:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/files-reg.c:2090:9: branch_false: following ‘false’ branch...
criu-4.1/criu/files-reg.c:2091:9: branch_false: ...to here
criu-4.1/criu/files-reg.c:2091:9: branch_false: following ‘false’ branch...
criu-4.1/criu/files-reg.c:2094:9: branch_false: ...to here
criu-4.1/criu/files-reg.c:2094:9: call_function: calling ‘convert_path_from_another_mp’ from ‘rfi_remap’
# 1856|   	 */
# 1857|   	off = strlen(smi->ns_mountpoint + 1);
# 1858|-> 	BUG_ON(strlen(smi->root) < strlen(dmi->root));
# 1859|   
# 1860|   	/*

Error: GCC_ANALYZER_WARNING (CWE-476): [#def58]
criu-4.1/criu/files-reg.c:1967:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/files-reg.c:2051:12: enter_function: entry to ‘rfi_remap’
criu-4.1/criu/files-reg.c:2058:12: branch_true: following ‘true’ branch...
criu-4.1/criu/files-reg.c:2060:30: branch_true: ...to here
criu-4.1/criu/files-reg.c:2106:18: call_function: calling ‘make_parent_dirs_if_need’ from ‘rfi_remap’
# 1965|   		if (p) {
# 1966|   			/* We don't handle "//" in path */
# 1967|-> 			BUG_ON(prev && (prev - p == 1));
# 1968|   			*p = '\0';
# 1969|   		} else {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def59]
criu-4.1/criu/files-reg.c:2090:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/files-reg.c:2058:12: branch_false: following ‘false’ branch...
criu-4.1/criu/files-reg.c:2066:14: branch_false: ...to here
criu-4.1/criu/files-reg.c:2067:12: branch_false: following ‘false’ branch...
criu-4.1/criu/files-reg.c:2070:13: branch_false: ...to here
criu-4.1/criu/files-reg.c:2070:12: branch_false: following ‘false’ branch...
criu-4.1/criu/files-reg.c:2078:15: branch_false: ...to here
criu-4.1/criu/files-reg.c:2079:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/files-reg.c:2090:9: branch_true: following ‘true’ branch...
criu-4.1/criu/files-reg.c:2090:9: branch_true: ...to here
criu-4.1/criu/files-reg.c:2090:9: danger: dereference of NULL ‘0’
# 2088|   		;
# 2089|   
# 2090|-> 	BUG_ON(tmi->s_dev != rmi->s_dev);
# 2091|   	BUG_ON(tmi->s_dev != mi->s_dev);
# 2092|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def60]
criu-4.1/criu/files-reg.c:2091:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/files-reg.c:2058:12: branch_false: following ‘false’ branch...
criu-4.1/criu/files-reg.c:2066:14: branch_false: ...to here
criu-4.1/criu/files-reg.c:2067:12: branch_false: following ‘false’ branch...
criu-4.1/criu/files-reg.c:2070:13: branch_false: ...to here
criu-4.1/criu/files-reg.c:2070:12: branch_false: following ‘false’ branch...
criu-4.1/criu/files-reg.c:2078:15: branch_false: ...to here
criu-4.1/criu/files-reg.c:2079:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/files-reg.c:2090:9: branch_false: following ‘false’ branch...
criu-4.1/criu/files-reg.c:2091:9: branch_false: ...to here
criu-4.1/criu/files-reg.c:2091:9: branch_true: following ‘true’ branch...
criu-4.1/criu/files-reg.c:2091:9: branch_true: ...to here
criu-4.1/criu/files-reg.c:2091:9: danger: dereference of NULL ‘0’
# 2089|   
# 2090|   	BUG_ON(tmi->s_dev != rmi->s_dev);
# 2091|-> 	BUG_ON(tmi->s_dev != mi->s_dev);
# 2092|   
# 2093|   	/* Calculate paths on the device (root mount) */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def61]
criu-4.1/criu/files-reg.c:2135:24: warning[-Wanalyzer-malloc-leak]: leak of ‘build_id’
criu-4.1/criu/files-reg.c:2191:5: enter_function: entry to ‘open_path’
criu-4.1/criu/files-reg.c:2200:12: branch_false: following ‘false’ branch...
criu-4.1/criu/files-reg.c:2205:13: branch_false: ...to here
criu-4.1/criu/files-reg.c:2266:12: branch_false: following ‘false’ branch...
criu-4.1/criu/files-reg.c:2271:9: branch_false: ...to here
criu-4.1/criu/files-reg.c:2273:13: branch_false: following ‘false’ branch...
criu-4.1/criu/files-reg.c:2276:21: branch_false: ...to here
criu-4.1/criu/files-reg.c:2276:20: branch_false: following ‘false’ branch...
criu-4.1/criu/files-reg.c:2281:22: branch_false: ...to here
criu-4.1/criu/files-reg.c:2281:22: call_function: calling ‘validate_file’ from ‘open_path’
# 2133|   
# 2134|   	if (!rfi->rfe->has_size)
# 2135|-> 		return 1;
# 2136|   
# 2137|   	if (!rfi->rfe->n_build_id)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def62]
criu-4.1/criu/files-reg.c:2478:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 2476|   	 */
# 2477|   
# 2478|-> 	BUG_ON((vma->vmfd == NULL) || !vma->e->has_fdflags);
# 2479|   	flags = vma->e->fdflags;
# 2480|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def63]
criu-4.1/criu/files.c:205:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  203|   
#  204|   	item = pstree_item_by_virt(virt);
#  205|-> 	BUG_ON(!item);
#  206|   
#  207|   	is_set = !!test_and_set_bit_le(FDS_EVENT_BIT, &item->task_st_le_bits);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def64]
criu-4.1/criu/files.c:225:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/files.c:225:9: branch_false: following ‘false’ branch...
criu-4.1/criu/files.c:225:9: danger: dereference of NULL ‘0’
#  223|   
#  224|   	value = htole32(FDS_EVENT);
#  225|-> 	futex_wait_if_cond(f, value, &);
#  226|   	clear_fds_event();
#  227|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def65]
criu-4.1/criu/files.c:244:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  242|   	if (!fle) {
#  243|   		pr_err("Empty list on file desc id %#x(%d)\n", d->id, d->ops ? d->ops->type : -1);
#  244|-> 		BUG();
#  245|   	}
#  246|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def66]
criu-4.1/criu/files.c:998:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/files.c:998:9: branch_true: following ‘true’ branch...
criu-4.1/criu/files.c:998:9: branch_true: ...to here
criu-4.1/criu/files.c:998:9: danger: dereference of NULL ‘0’
#  996|   static int plant_fd(struct fdinfo_list_entry *fle, int fd)
#  997|   {
#  998|-> 	BUG_ON(fle->received);
#  999|   	fle->received = 1;
# 1000|   	return reopen_fd_as(fle->fe->fd, fd);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def67]
criu-4.1/criu/files.c:1072:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/files.c:1069:12: branch_false: following ‘false’ branch (when ‘dfd != fd’)...
criu-4.1/criu/files.c:1072:9: branch_false: ...to here
criu-4.1/criu/files.c:1072:9: branch_true: following ‘true’ branch...
criu-4.1/criu/files.c:1072:9: branch_true: ...to here
criu-4.1/criu/files.c:1072:9: danger: dereference of NULL ‘0’
# 1070|   		return 0;
# 1071|   
# 1072|-> 	BUG_ON(dfd == get_service_fd(TRANSPORT_FD_OFF));
# 1073|   
# 1074|   	pr_info("\t\t\tGoing to dup %d into %d\n", fd, dfd);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def68]
criu-4.1/criu/files.c:1075:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(fd,  dfd)’
criu-4.1/criu/files.c:1069:12: branch_false: following ‘false’ branch (when ‘dfd != fd’)...
criu-4.1/criu/files.c:1072:9: branch_false: ...to here
criu-4.1/criu/files.c:1072:9: branch_false: following ‘false’ branch...
criu-4.1/criu/files.c:1074:9: branch_false: ...to here
criu-4.1/criu/files.c:1075:13: acquire_resource: opened here
criu-4.1/criu/files.c:1075:12: danger: ‘dup2(fd,  dfd)’ leaks here; was opened at [(5)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/4)
# 1073|   
# 1074|   	pr_info("\t\t\tGoing to dup %d into %d\n", fd, dfd);
# 1075|-> 	if (dup2(fd, dfd) != dfd) {
# 1076|   		pr_perror("Can't dup local fd %d -> %d", fd, dfd);
# 1077|   		return -1;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def69]
criu-4.1/criu/files.c:1127:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/files.c:1119:12: branch_false: following ‘false’ branch...
criu-4.1/criu/files.c:1122:41: branch_false: ...to here
criu-4.1/criu/files.c:1122:12: branch_false: following ‘false’ branch...
criu-4.1/criu/files.c:1127:9: branch_false: ...to here
criu-4.1/criu/files.c:1127:9: branch_true: following ‘true’ branch...
criu-4.1/criu/files.c:1127:9: branch_true: ...to here
criu-4.1/criu/files.c:1127:9: danger: dereference of NULL ‘0’
# 1125|   	}
# 1126|   
# 1127|-> 	BUG_ON(fle->stage != FLE_INITIALIZED);
# 1128|   	fle->stage = FLE_OPEN;
# 1129|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def70]
criu-4.1/criu/files.c:1143:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/files.c:1135:12: enter_function: entry to ‘open_fd’
criu-4.1/criu/files.c:1141:17: call_function: calling ‘file_master’ from ‘open_fd’
criu-4.1/criu/files.c:1141:17: return_function: returning to ‘open_fd’ from ‘file_master’
criu-4.1/criu/files.c:1142:12: branch_true: following ‘true’ branch...
criu-4.1/criu/files.c:1143:17: branch_true: ...to here
criu-4.1/criu/files.c:1143:17: branch_true: following ‘true’ branch...
criu-4.1/criu/files.c:1143:17: branch_true: ...to here
criu-4.1/criu/files.c:1143:17: danger: dereference of NULL ‘0’
# 1141|   	fle_m = file_master(d);
# 1142|   	if (fle != fle_m) {
# 1143|-> 		BUG_ON(fle->stage != FLE_INITIALIZED);
# 1144|   		ret = receive_fd(fle);
# 1145|   		if (ret != 0)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def71]
criu-4.1/criu/files.c:1218:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/files.c:1216:17: branch_true: following ‘true’ branch...
criu-4.1/criu/files.c:1217:30: branch_true: ...to here
criu-4.1/criu/files.c:1218:25: branch_true: following ‘true’ branch...
criu-4.1/criu/files.c:1218:25: branch_true: ...to here
criu-4.1/criu/files.c:1218:25: danger: dereference of NULL ‘0’
# 1216|   		list_for_each_entry_safe(fle, tmp, list, ps_list) {
# 1217|   			st = fle->stage;
# 1218|-> 			BUG_ON(st == FLE_RESTORED);
# 1219|   			ret = open_fd(fle);
# 1220|   			if (ret == -1) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def72]
criu-4.1/criu/files.c:1323:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/files.c:1298:5: enter_function: entry to ‘prepare_fds’
criu-4.1/criu/files.c:1314:12: branch_true: following ‘true’ branch...
criu-4.1/criu/files.c:1322:17: branch_true: ...to here
criu-4.1/criu/files.c:1322:17: call_function: calling ‘futex_inc_and_wake’ from ‘prepare_fds’
criu-4.1/criu/files.c:1322:17: return_function: returning to ‘prepare_fds’ from ‘futex_inc_and_wake’
criu-4.1/criu/files.c:1323:17: branch_false: following ‘false’ branch...
criu-4.1/criu/files.c:1323:17: danger: dereference of NULL ‘0’
# 1321|   		 */
# 1322|   		futex_inc_and_wake(&fdt->fdt_lock);
# 1323|-> 		futex_wait_while_lt(&fdt->fdt_lock, fdt->nr);
# 1324|   
# 1325|   		if (fdt->pid != vpid(me)) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def73]
criu-4.1/criu/files.c:1327:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/files.c:1298:5: enter_function: entry to ‘prepare_fds’
criu-4.1/criu/files.c:1314:12: branch_true: following ‘true’ branch...
criu-4.1/criu/files.c:1322:17: branch_true: ...to here
criu-4.1/criu/files.c:1322:17: call_function: calling ‘futex_inc_and_wake’ from ‘prepare_fds’
criu-4.1/criu/files.c:1322:17: return_function: returning to ‘prepare_fds’ from ‘futex_inc_and_wake’
criu-4.1/criu/files.c:1325:20: branch_true: following ‘true’ branch...
criu-4.1/criu/files.c:1326:25: branch_true: ...to here
criu-4.1/criu/files.c:1327:25: branch_false: following ‘false’ branch...
criu-4.1/criu/files.c:1327:25: danger: dereference of NULL ‘0’
# 1325|   		if (fdt->pid != vpid(me)) {
# 1326|   			pr_info("File descriptor table is shared with %d\n", fdt->pid);
# 1327|-> 			futex_wait_until(&fdt->fdt_lock, fdt->nr + 1);
# 1328|   			goto out;
# 1329|   		}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def74]
criu-4.1/criu/files.c:1332:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/files.c:1332:9: branch_true: following ‘true’ branch...
criu-4.1/criu/files.c:1332:9: branch_true: ...to here
criu-4.1/criu/files.c:1332:9: danger: dereference of NULL ‘0’
# 1330|   	}
# 1331|   
# 1332|-> 	BUG_ON(current->pid->state == TASK_HELPER);
# 1333|   	ret = open_fdinfos(me);
# 1334|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def75]
criu-4.1/criu/fsnotify.c:94:24: warning[-Wanalyzer-malloc-leak]: leak of ‘alloc_openable(s_dev,  i_ino,  f_handle)’
criu-4.1/criu/fsnotify.c:381:12: enter_function: entry to ‘check_one_mark’
criu-4.1/criu/fsnotify.c:383:12: branch_true: following ‘true’ branch...
criu-4.1/criu/fsnotify.c:384:17: branch_true: ...to here
criu-4.1/criu/fsnotify.c:384:17: branch_false: following ‘false’ branch...
criu-4.1/criu/fsnotify.c:386:17: branch_false: ...to here
criu-4.1/criu/fsnotify.c:392:21: call_function: calling ‘check_open_handle’ from ‘check_one_mark’
#   92|   	memzero(handle, sizeof(*handle));
#   93|   
#   94|-> 	handle->type = img->type;
#   95|   	handle->bytes = img->bytes;
#   96|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def76]
criu-4.1/criu/fsnotify.c:130:21: warning[-Wanalyzer-malloc-leak]: leak of ‘alloc_openable(s_dev,  i_ino,  f_handle)’
criu-4.1/criu/fsnotify.c:416:12: enter_function: entry to ‘dump_one_fanotify’
criu-4.1/criu/fsnotify.c:423:12: branch_false: following ‘false’ branch...
criu-4.1/criu/fsnotify.c:425:17: branch_false: ...to here
criu-4.1/criu/fsnotify.c:433:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/fsnotify.c:436:21: branch_true: following ‘true’ branch...
criu-4.1/criu/fsnotify.c:437:36: branch_true: ...to here
criu-4.1/criu/fsnotify.c:437:21: call_function: calling ‘check_one_mark’ from ‘dump_one_fanotify’
#  128|   		struct stat st;
#  129|   
#  130|-> 		if (m->s_dev != s_dev)
#  131|   			continue;
#  132|   		if (!mnt_is_dir(m))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def77]
criu-4.1/criu/fsnotify.c:384:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/fsnotify.c:383:12: branch_true: following ‘true’ branch...
criu-4.1/criu/fsnotify.c:384:17: branch_true: ...to here
criu-4.1/criu/fsnotify.c:384:17: branch_true: following ‘true’ branch...
criu-4.1/criu/fsnotify.c:384:17: branch_true: ...to here
criu-4.1/criu/fsnotify.c:384:17: danger: dereference of NULL ‘0’
#  382|   {
#  383|   	if (fme->type == MARK_TYPE__INODE) {
#  384|-> 		BUG_ON(!fme->ie);
#  385|   
#  386|   		pr_info("mark: s_dev %#08x i_ino %#016" PRIx64 " mask %#08x\n", fme->s_dev, fme->ie->i_ino, fme->mask);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def78]
criu-4.1/criu/fsnotify.c:399:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/fsnotify.c:416:12: enter_function: entry to ‘dump_one_fanotify’
criu-4.1/criu/fsnotify.c:423:12: branch_false: following ‘false’ branch...
criu-4.1/criu/fsnotify.c:425:17: branch_false: ...to here
criu-4.1/criu/fsnotify.c:433:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/fsnotify.c:436:21: branch_true: following ‘true’ branch...
criu-4.1/criu/fsnotify.c:437:36: branch_true: ...to here
criu-4.1/criu/fsnotify.c:437:21: call_function: calling ‘check_one_mark’ from ‘dump_one_fanotify’
#  397|   		struct mount_info *m;
#  398|   
#  399|-> 		BUG_ON(!fme->me);
#  400|   
#  401|   		m = lookup_mnt_id(fme->me->mnt_id);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def79]
criu-4.1/criu/image.c:798:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/image.c:798:9: branch_true: following ‘true’ branch...
criu-4.1/criu/image.c:798:9: branch_true: ...to here
criu-4.1/criu/image.c:798:9: danger: dereference of NULL ‘0’
#  796|   	 */
#  797|   
#  798|-> 	BUG_ON(page_ids != 1);
#  799|   	page_ids += 0x10000;
#  800|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def80]
criu-4.1/criu/img-streamer.c:41:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#   39|   		return IMG_STREAMER_SERVE_SOCKET_NAME;
#   40|   	default:
#   41|-> 		BUG();
#   42|   		return NULL;
#   43|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def81]
criu-4.1/criu/img-streamer.c:183:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fds[0]’
criu-4.1/criu/img-streamer.c:181:12: branch_false: following ‘false’ branch...
criu-4.1/criu/img-streamer.c:186:13: branch_false: ...to here
criu-4.1/criu/img-streamer.c:183:24: danger: ‘fds[0]’ leaks here
#  181|   	if (pipe(fds) < 0) {
#  182|   		pr_perror("Unable to create pipe");
#  183|-> 		return -1;
#  184|   	}
#  185|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def82]
criu-4.1/criu/img-streamer.c:183:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fds[1]’
criu-4.1/criu/img-streamer.c:181:12: branch_false: following ‘false’ branch...
criu-4.1/criu/img-streamer.c:186:13: branch_false: ...to here
criu-4.1/criu/img-streamer.c:183:24: danger: ‘fds[1]’ leaks here
#  181|   	if (pipe(fds) < 0) {
#  182|   		pr_perror("Unable to create pipe");
#  183|-> 		return -1;
#  184|   	}
#  185|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def83]
criu-4.1/criu/img-streamer.c:234:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/img-streamer.c:234:9: branch_true: following ‘true’ branch...
criu-4.1/criu/img-streamer.c:234:9: branch_true: ...to here
criu-4.1/criu/img-streamer.c:234:9: danger: dereference of NULL ‘0’
#  232|   	int ret;
#  233|   
#  234|-> 	BUG_ON(flags != img_streamer_mode);
#  235|   
#  236|   	mutex_lock(img_streamer_fd_lock);

Error: CPPCHECK_WARNING (CWE-476): [#def84]
criu-4.1/criu/include/image.h:146: error[nullPointer]: Null pointer dereference: (volatile unsigned long*)NULL
#  144|   		return -1;
#  145|   
#  146|-> 	BUG_ON(bfd_buffered(&img->_x));
#  147|   	return img->_x.fd;
#  148|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def85]
criu-4.1/criu/include/image.h:146:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  144|   		return -1;
#  145|   
#  146|-> 	BUG_ON(bfd_buffered(&img->_x));
#  147|   	return img->_x.fd;
#  148|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def86]
criu-4.1/criu/include/imgset.h:20:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/apparmor.c:643:5: enter_function: entry to ‘dump_aa_namespaces’
criu-4.1/criu/apparmor.c:648:12: branch_false: following ‘false’ branch...
criu-4.1/criu/apparmor.c:651:14: branch_false: ...to here
criu-4.1/criu/apparmor.c:651:14: branch_false: following ‘false’ branch (when ‘___p’ is non-NULL)...
criu-4.1/criu/apparmor.c:654:9: branch_false: ...to here
criu-4.1/criu/apparmor.c:659:15: call_function: calling ‘img_from_set’ from ‘dump_aa_namespaces’
#   18|   
#   19|   	idx = type - imgset->fd_off;
#   20|-> 	BUG_ON(idx > imgset->fd_nr);
#   21|   
#   22|   	return imgset->_imgs[idx];

Error: GCC_ANALYZER_WARNING (CWE-476): [#def87]
criu-4.1/criu/kcmp-ids.c:76:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/kcmp-ids.c:68:13: branch_false: following ‘false’ branch (when ‘___p’ is non-NULL)...
criu-4.1/criu/kcmp-ids.c:72:20: branch_false: ...to here
criu-4.1/criu/kcmp-ids.c:76:9: branch_true: following ‘true’ branch...
criu-4.1/criu/kcmp-ids.c:76:9: branch_true: ...to here
criu-4.1/criu/kcmp-ids.c:76:9: danger: dereference of NULL ‘0’
#   74|   
#   75|   	/* Make sure no overflow here */
#   76|-> 	BUG_ON(!e->subid);
#   77|   
#   78|   	rb_init_node(&e->node);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def88]
criu-4.1/criu/kcmp-ids.c:94:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/kcmp-ids.c:94:9: branch_true: following ‘true’ branch (when ‘node’ is NULL)...
criu-4.1/criu/kcmp-ids.c:94:9: branch_true: ...to here
criu-4.1/criu/kcmp-ids.c:94:9: danger: dereference of NULL ‘0’
#   92|   	struct rb_node *parent = NULL;
#   93|   
#   94|-> 	BUG_ON(!node);
#   95|   
#   96|   	while (node) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def89]
criu-4.1/criu/kcmp-ids.c:158:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/kcmp-ids.c:158:9: branch_true: following ‘true’ branch (when ‘node’ is NULL)...
criu-4.1/criu/kcmp-ids.c:158:9: branch_true: ...to here
criu-4.1/criu/kcmp-ids.c:158:9: danger: dereference of NULL ‘0’
#  156|   	struct rb_node **new = &e->subtree_root.rb_node;
#  157|   
#  158|-> 	BUG_ON(!node);
#  159|   
#  160|   	while (node) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def90]
criu-4.1/criu/kerndat.c:395:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/kerndat.c:365:12: branch_false: following ‘false’ branch (when ‘which <= 2’)...
criu-4.1/criu/kerndat.c:370:13: branch_false: ...to here
criu-4.1/criu/kerndat.c:370:12: branch_true: following ‘true’ branch...
criu-4.1/criu/kerndat.c:374:21: branch_true: ...to here
criu-4.1/criu/kerndat.c:374:20: branch_false: following ‘false’ branch...
criu-4.1/criu/kerndat.c:385:21: branch_false: ...to here
criu-4.1/criu/kerndat.c:385:20: branch_false: following ‘false’ branch...
criu-4.1/criu/kerndat.c:390:26: branch_false: ...to here
criu-4.1/criu/kerndat.c:390:20: branch_false: following ‘false’ branch...
criu-4.1/criu/kerndat.c:395:17: branch_false: ...to here
criu-4.1/criu/kerndat.c:395:17: branch_true: following ‘true’ branch...
criu-4.1/criu/kerndat.c:395:17: branch_true: ...to here
criu-4.1/criu/kerndat.c:395:17: danger: dereference of NULL ‘0’
#  393|   		}
#  394|   
#  395|-> 		BUG_ON(st.st_dev == 0);
#  396|   		kstat[which].fs_dev = st.st_dev;
#  397|   	}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def91]
criu-4.1/criu/kerndat.c:489:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/kerndat.c:477:12: branch_false: following ‘false’ branch...
criu-4.1/criu/kerndat.c:482:16: branch_false: ...to here
criu-4.1/criu/kerndat.c:483:12: branch_false: following ‘false’ branch (when ‘addr != 18446744073709551615’)...
criu-4.1/criu/kerndat.c:488:13: branch_false: ...to here
criu-4.1/criu/kerndat.c:488:12: branch_true: following ‘true’ branch...
criu-4.1/criu/kerndat.c:489:17: branch_true: ...to here
criu-4.1/criu/kerndat.c:489:17: danger: dereference of NULL ‘0’
#  487|   
#  488|   	if (*((int *)addr) != 0) {
#  489|-> 		BUG();
#  490|   		return -1;
#  491|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def92]
criu-4.1/criu/kerndat.c:1226:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(kdat_file, 0)’
criu-4.1/criu/kerndat.c:1223:12: branch_false: following ‘false’ branch...
criu-4.1/criu/kerndat.c:1226:14: branch_false: ...to here
criu-4.1/criu/kerndat.c:1226:14: acquire_resource: opened here
criu-4.1/criu/kerndat.c:1226:14: danger: ‘open(kdat_file, 0)’ leaks here; was opened at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
# 1224|   		return ret;
# 1225|   
# 1226|-> 	fd = open(kdat_file, O_RDONLY);
# 1227|   	if (fd < 0) {
# 1228|   		if (ENOENT == errno)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def93]
criu-4.1/criu/kerndat.c:1235:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(kdat_file, 0)’
criu-4.1/criu/kerndat.c:1223:12: branch_false: following ‘false’ branch...
criu-4.1/criu/kerndat.c:1226:14: branch_false: ...to here
criu-4.1/criu/kerndat.c:1226:14: acquire_resource: opened here
criu-4.1/criu/kerndat.c:1227:12: branch_false: following ‘false’ branch...
criu-4.1/criu/kerndat.c:1235:15: branch_false: ...to here
criu-4.1/criu/kerndat.c:1235:15: danger: ‘open(kdat_file, 0)’ leaks here; was opened at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
# 1233|   	}
# 1234|   
# 1235|-> 	ret = read(fd, &kdat, sizeof(kdat));
# 1236|   	if (ret < 0) {
# 1237|   		pr_perror("Can't read kdat cache");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def94]
criu-4.1/criu/kerndat.c:1237:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(kdat_file, 0)’
criu-4.1/criu/kerndat.c:1223:12: branch_false: following ‘false’ branch...
criu-4.1/criu/kerndat.c:1226:14: branch_false: ...to here
criu-4.1/criu/kerndat.c:1226:14: acquire_resource: opened here
criu-4.1/criu/kerndat.c:1227:12: branch_false: following ‘false’ branch...
criu-4.1/criu/kerndat.c:1235:15: branch_false: ...to here
criu-4.1/criu/kerndat.c:1236:12: branch_true: following ‘true’ branch (when ‘ret < 0’)...
criu-4.1/criu/kerndat.c:1237:17: branch_true: ...to here
criu-4.1/criu/kerndat.c:1237:17: danger: ‘open(kdat_file, 0)’ leaks here; was opened at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
# 1235|   	ret = read(fd, &kdat, sizeof(kdat));
# 1236|   	if (ret < 0) {
# 1237|-> 		pr_perror("Can't read kdat cache");
# 1238|   		close(fd);
# 1239|   		return -1;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def95]
criu-4.1/criu/lsm.c:282:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  280|   #endif
#  281|   	default:
#  282|-> 		BUG();
#  283|   		ret = -1;
#  284|   		break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def96]
criu-4.1/criu/mem.c:927:25: warning[-Wanalyzer-malloc-leak]: leak of ‘___p’
criu-4.1/criu/mem.c:1302:5: enter_function: entry to ‘prepare_mappings’
criu-4.1/criu/mem.c:1313:12: branch_false: following ‘false’ branch...
criu-4.1/criu/mem.c:1317:27: branch_false: ...to here
criu-4.1/criu/mem.c:1318:12: branch_false: following ‘false’ branch...
criu-4.1/criu/mem.c:1324:9: branch_false: ...to here
criu-4.1/criu/mem.c:1330:12: branch_false: following ‘false’ branch...
criu-4.1/criu/mem.c:1333:13: branch_false: ...to here
criu-4.1/criu/mem.c:1333:12: branch_false: following ‘false’ branch...
criu-4.1/criu/mem.c:1336:9: branch_false: ...to here
criu-4.1/criu/mem.c:1338:15: call_function: calling ‘premap_priv_vmas’ from ‘prepare_mappings’
#  925|   
#  926|   		if (addr == MAP_FAILED) {
#  927|-> 			pr_perror("Unable to map ANON_VMA");
#  928|   			return -1;
#  929|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def97]
criu-4.1/criu/mem.c:946:25: warning[-Wanalyzer-malloc-leak]: leak of ‘___p’
criu-4.1/criu/mem.c:1019:12: enter_function: entry to ‘premap_priv_vmas’
criu-4.1/criu/mem.c:1028:9: branch_true: following ‘true’ branch (when ‘vma != vmas’)...
criu-4.1/criu/mem.c:1033:30: branch_true: ...to here
criu-4.1/criu/mem.c:1033:20: branch_false: following ‘false’ branch...
criu-4.1/criu/mem.c:1040:22: branch_false: ...to here
criu-4.1/criu/mem.c:1040:20: branch_true: following ‘true’ branch...
criu-4.1/criu/mem.c:1043:21: branch_true: ...to here
criu-4.1/criu/mem.c:1043:20: branch_false: following ‘false’ branch...
criu-4.1/criu/mem.c:1047:21: branch_false: ...to here
criu-4.1/criu/mem.c:1047:20: branch_false: following ‘false’ branch...
criu-4.1/criu/mem.c:1050:21: branch_false: ...to here
criu-4.1/criu/mem.c:1068:23: call_function: calling ‘premap_private_vma’ from ‘premap_priv_vmas’
#  944|   		addr = mremap(paddr, size, size, MREMAP_FIXED | MREMAP_MAYMOVE, *tgt_addr);
#  945|   		if (addr != *tgt_addr) {
#  946|-> 			pr_perror("Unable to remap a private vma");
#  947|   			return -1;
#  948|   		}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def98]
criu-4.1/criu/mem.c:1154:41: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/mem.c:1104:20: branch_false: following ‘false’ branch...
criu-4.1/criu/mem.c:1107:52: branch_false: ...to here
criu-4.1/criu/mem.c:1141:28: branch_false: following ‘false’ branch...
criu-4.1/criu/mem.c:1143:34: branch_false: ...to here
criu-4.1/criu/mem.c:1143:33: branch_false: following ‘false’ branch...
criu-4.1/criu/mem.c:1148:30: branch_false: ...to here
criu-4.1/criu/mem.c:1148:28: branch_true: following ‘true’ branch...
criu-4.1/criu/mem.c:1149:53: branch_true: ...to here
criu-4.1/criu/mem.c:1151:36: branch_true: following ‘true’ branch...
criu-4.1/criu/mem.c:1152:41: branch_true: ...to here
criu-4.1/criu/mem.c:1154:41: danger: dereference of NULL ‘0’
# 1152|   					pr_debug("VMA 0x%" PRIx64 ":0x%" PRIx64 " RO %#lx:%lu IO\n", vma->e->start,
# 1153|   						 vma->e->end, va, nr_pages);
# 1154|-> 					BUG();
# 1155|   				}
# 1156|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def99]
criu-4.1/criu/mount-v2.c:491:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/mount-v2.c:491:9: branch_true: following ‘true’ branch...
criu-4.1/criu/mount-v2.c:491:9: branch_true: ...to here
criu-4.1/criu/mount-v2.c:491:9: branch_false: following ‘false’ branch...
criu-4.1/criu/mount-v2.c:491:9: branch_false: ...to here
criu-4.1/criu/mount-v2.c:491:9: danger: dereference of NULL ‘0’
#  489|   
#  490|   	/* Parent should be mounted already, that's how mnt_tree_for_each works */
#  491|-> 	BUG_ON(mi->parent && !mi->parent->mounted);
#  492|   
#  493|   	/* Root mounts can be mounted at any moment */

Error: GCC_ANALYZER_WARNING (CWE-476): [#def100]
criu-4.1/criu/mount-v2.c:643:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/mount-v2.c:643:9: branch_true: following ‘true’ branch...
criu-4.1/criu/mount-v2.c:643:9: branch_true: ...to here
criu-4.1/criu/mount-v2.c:643:9: danger: dereference of NULL ‘0’
#  641|   static int create_plain_mountpoint(struct mount_info *mi)
#  642|   {
#  643|-> 	BUG_ON(mi->is_dir == -1);
#  644|   
#  645|   	pr_debug("Create plain mountpoint %s for %d\n", mi->plain_mountpoint, mi->mnt_id);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def101]
criu-4.1/criu/mount-v2.c:861:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/mount-v2.c:859:12: branch_true: following ‘true’ branch...
criu-4.1/criu/mount-v2.c:860:26: branch_true: ...to here
criu-4.1/criu/mount-v2.c:861:17: branch_true: following ‘true’ branch...
criu-4.1/criu/mount-v2.c:861:17: branch_true: ...to here
criu-4.1/criu/mount-v2.c:861:17: danger: dereference of NULL ‘0’
#  859|   	if (sga->src_id != -1) {
#  860|   		src_fd = fdstore_get(sga->src_id);
#  861|-> 		BUG_ON(src_fd < 0);
#  862|   	} else {
#  863|   		char *source_mp;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def102]
criu-4.1/criu/mount-v2.c:865:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/mount-v2.c:859:12: branch_false: following ‘false’ branch...
criu-4.1/criu/mount-v2.c:865:17: branch_false: ...to here
criu-4.1/criu/mount-v2.c:865:17: branch_true: following ‘true’ branch...
criu-4.1/criu/mount-v2.c:865:17: branch_true: ...to here
criu-4.1/criu/mount-v2.c:865:17: danger: dereference of NULL ‘0’
#  863|   		char *source_mp;
#  864|   
#  865|-> 		BUG_ON(sga->source[0] == '\0');
#  866|   		/*
#  867|   		 * Source path should not always be a mountpoint as we

Error: GCC_ANALYZER_WARNING (CWE-476): [#def103]
criu-4.1/criu/mount-v2.c:886:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/mount-v2.c:859:12: branch_true: following ‘true’ branch...
criu-4.1/criu/mount-v2.c:860:26: branch_true: ...to here
criu-4.1/criu/mount-v2.c:861:17: branch_false: following ‘false’ branch...
criu-4.1/criu/mount-v2.c:885:18: branch_false: ...to here
criu-4.1/criu/mount-v2.c:886:9: branch_true: following ‘true’ branch...
criu-4.1/criu/mount-v2.c:886:9: branch_true: ...to here
criu-4.1/criu/mount-v2.c:886:9: danger: dereference of NULL ‘0’
#  884|   
#  885|   	dst_fd = fdstore_get(sga->dst_id);
#  886|-> 	BUG_ON(dst_fd < 0);
#  887|   
#  888|   	/* Copy shared_id of the source */

Error: GCC_ANALYZER_WARNING (CWE-476): [#def104]
criu-4.1/criu/mount-v2.c:934:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/mount-v2.c:934:9: branch_true: following ‘true’ branch...
criu-4.1/criu/mount-v2.c:934:9: branch_true: ...to here
criu-4.1/criu/mount-v2.c:934:9: danger: dereference of NULL ‘0’
#  932|   
#  933|   	target_fd = fdstore_get(target->mnt_fd_id);
#  934|-> 	BUG_ON(target_fd < 0);
#  935|   	snprintf(target_path, sizeof(target_path), "/proc/self/fd/%d", target_fd);
#  936|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def105]
criu-4.1/criu/mount-v2.c:1073:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 1071|   	char *cut_root, path[PATH_MAX], *root;
# 1072|   
# 1073|-> 	BUG_ON(!mi->deleted || !mi->bind);
# 1074|   
# 1075|   	cut_root = get_relative_path(mi->root, mi->bind->root);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def106]
criu-4.1/criu/mount.c:48:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#   46|   {
#   47|   	if (!opts.mntns_compat_mode && opts.mode == CR_RESTORE) {
#   48|-> 		BUG_ON(!mi->plain_mountpoint);
#   49|   		return mi->plain_mountpoint;
#   50|   	}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def107]
criu-4.1/criu/mount.c:520:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/mount.c:3970:5: enter_function: entry to ‘collect_mnt_namespaces’
criu-4.1/criu/mount.c:3979:12: branch_false: following ‘false’ branch...
criu-4.1/criu/mount.c:3982:9: branch_false: ...to here
criu-4.1/criu/mount.c:4007:15: call_function: calling ‘resolve_external_mounts’ from ‘collect_mnt_namespaces’
#  518|   			snprintf(source, len, "dev[%s]", val);
#  519|   			info->fstype = fstype_auto();
#  520|-> 			BUG_ON(info->fstype->code != FSTYPE__AUTO);
#  521|   			info->source = source;
#  522|   			return 1;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def108]
criu-4.1/criu/mount.c:925:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/mount.c:3692:5: enter_function: entry to ‘prepare_mnt_ns’
criu-4.1/criu/mount.c:3698:12: branch_false: following ‘false’ branch...
criu-4.1/criu/mount.c:3701:9: branch_false: ...to here
criu-4.1/criu/mount.c:3728:12: branch_false: following ‘false’ branch...
criu-4.1/criu/mount.c:3731:15: branch_false: ...to here
criu-4.1/criu/mount.c:3731:15: call_function: calling ‘populate_mnt_ns’ from ‘prepare_mnt_ns’
#  923|   		return -1;
#  924|   
#  925|-> 	BUG_ON(len <= 0);
#  926|   	if (buf[len - 1] == '/')
#  927|   		tail_slash = true;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def109]
criu-4.1/criu/mount.c:933:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/mount.c:3692:5: enter_function: entry to ‘prepare_mnt_ns’
criu-4.1/criu/mount.c:3698:12: branch_false: following ‘false’ branch...
criu-4.1/criu/mount.c:3701:9: branch_false: ...to here
criu-4.1/criu/mount.c:3728:12: branch_false: following ‘false’ branch...
criu-4.1/criu/mount.c:3731:15: branch_false: ...to here
criu-4.1/criu/mount.c:3731:15: call_function: calling ‘populate_mnt_ns’ from ‘prepare_mnt_ns’
#  931|   
#  932|   	len = m_len - p_len;
#  933|-> 	BUG_ON(len < 0);
#  934|   	if (len) {
#  935|   		if (m->ns_mountpoint[p_len] == '/')

Error: GCC_ANALYZER_WARNING (CWE-476): [#def110]
criu-4.1/criu/mount.c:1028:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/mount.c:4025:5: enter_function: entry to ‘dump_mnt_namespaces’
criu-4.1/criu/mount.c:4029:12: branch_false: following ‘false’ branch...
criu-4.1/criu/mount.c:4032:14: branch_false: ...to here
criu-4.1/criu/mount.c:4032:29: branch_true: following ‘true’ branch (when ‘nsid’ is non-NULL)...
criu-4.1/criu/mount.c:4033:21: branch_true: ...to here
criu-4.1/criu/mount.c:4033:20: branch_false: following ‘false’ branch...
criu-4.1/criu/mount.c:4042:21: call_function: calling ‘dump_mnt_ns’ from ‘dump_mnt_namespaces’
# 1026|   	 * Shouldn't use mnt_bind list before it was populated in search_bindmounts
# 1027|   	 */
# 1028|-> 	BUG_ON(!mi->mnt_bind_is_populated);
# 1029|   
# 1030|   	list_for_each_entry(bind, &mi->mnt_bind, mnt_bind)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def111]
criu-4.1/criu/mount.c:2330:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/mount.c:2715:12: enter_function: entry to ‘do_mount_one’
criu-4.1/criu/mount.c:2772:19: branch_true: following ‘true’ branch...
criu-4.1/criu/mount.c:2772:34: branch_true: ...to here
criu-4.1/criu/mount.c:2772:20: branch_false: following ‘false’ branch...
criu-4.1/criu/mount.c:2773:23: call_function: calling ‘do_new_mount’ from ‘do_mount_one’
# 2328|   	 * Look at can_mount_now() for details.
# 2329|   	 */
# 2330|-> 	BUG_ON(mi->master_id);
# 2331|   	if (restore_shared_options(mi, !mi->shared_id, mi->shared_id, 0))
# 2332|   		return -1;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def112]
criu-4.1/criu/mount.c:2853:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/mount.c:3692:5: enter_function: entry to ‘prepare_mnt_ns’
criu-4.1/criu/mount.c:3698:12: branch_false: following ‘false’ branch...
criu-4.1/criu/mount.c:3701:9: branch_false: ...to here
criu-4.1/criu/mount.c:3728:12: branch_false: following ‘false’ branch...
criu-4.1/criu/mount.c:3731:15: branch_false: ...to here
criu-4.1/criu/mount.c:3731:15: call_function: calling ‘populate_mnt_ns’ from ‘prepare_mnt_ns’
# 2851|   		return 0;
# 2852|   
# 2853|-> 	BUG_ON(!m->parent);
# 2854|   
# 2855|   	r = xmalloc(sizeof(struct mnt_remap_entry));

Error: GCC_ANALYZER_WARNING (CWE-476): [#def113]
criu-4.1/criu/mount.c:3942:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/mount.c:3940:12: branch_true: following ‘true’ branch...
criu-4.1/criu/mount.c:3941:25: branch_true: ...to here
criu-4.1/criu/mount.c:3942:17: branch_true: following ‘true’ branch...
criu-4.1/criu/mount.c:3942:17: branch_true: ...to here
criu-4.1/criu/mount.c:3942:17: danger: dereference of NULL ‘0’
# 3940|   	if (root_ns_mask & CLONE_NEWNS) {
# 3941|   		mntns = lookup_nsid_by_mnt_id(mnt_id);
# 3942|-> 		BUG_ON(mntns == NULL);
# 3943|   	}
# 3944|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def114]
criu-4.1/criu/mount.c:4141:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/mount.c:4134:12: branch_false: following ‘false’ branch...
criu-4.1/criu/mount.c:4137:12: branch_false: ...to here
criu-4.1/criu/mount.c:4141:9: branch_true: following ‘true’ branch...
criu-4.1/criu/mount.c:4141:9: branch_true: ...to here
criu-4.1/criu/mount.c:4141:9: danger: dereference of NULL ‘0’
# 4139|   
# 4140|   	/* All mounts in mntinfo list should have it on restore */
# 4141|-> 	BUG_ON(mi->rmi == NULL);
# 4142|   
# 4143|   	if (mi->flags & MS_RDONLY && !(mi->rmi->remounted_rw & remounted)) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def115]
criu-4.1/criu/namespaces.c:1262:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 1260|   		m->h.msg_controllen += CMSG_SPACE(sizeof(int));
# 1261|   		ch = CMSG_NXTHDR(&m->h, ch);
# 1262|-> 		BUG_ON(!ch);
# 1263|   		ch->cmsg_len = CMSG_LEN(sizeof(int));
# 1264|   		ch->cmsg_level = SOL_SOCKET;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def116]
criu-4.1/criu/namespaces.c:1276:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/namespaces.c:1838:5: enter_function: entry to ‘prepare_namespace_before_tasks’
criu-4.1/criu/namespaces.c:1840:13: call_function: calling ‘start_usernsd’ from ‘prepare_namespace_before_tasks’
# 1274|   
# 1275|   	ch = CMSG_FIRSTHDR(&um->h);
# 1276|-> 	BUG_ON(!ch);
# 1277|   	BUG_ON(ch->cmsg_len != CMSG_LEN(sizeof(struct ucred)));
# 1278|   	BUG_ON(ch->cmsg_level != SOL_SOCKET);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def117]
criu-4.1/criu/namespaces.c:1277:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/namespaces.c:1838:5: enter_function: entry to ‘prepare_namespace_before_tasks’
criu-4.1/criu/namespaces.c:1840:13: call_function: calling ‘start_usernsd’ from ‘prepare_namespace_before_tasks’
# 1275|   	ch = CMSG_FIRSTHDR(&um->h);
# 1276|   	BUG_ON(!ch);
# 1277|-> 	BUG_ON(ch->cmsg_len != CMSG_LEN(sizeof(struct ucred)));
# 1278|   	BUG_ON(ch->cmsg_level != SOL_SOCKET);
# 1279|   	BUG_ON(ch->cmsg_type != SCM_CREDENTIALS);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def118]
criu-4.1/criu/namespaces.c:1278:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/namespaces.c:1838:5: enter_function: entry to ‘prepare_namespace_before_tasks’
criu-4.1/criu/namespaces.c:1840:13: call_function: calling ‘start_usernsd’ from ‘prepare_namespace_before_tasks’
# 1276|   	BUG_ON(!ch);
# 1277|   	BUG_ON(ch->cmsg_len != CMSG_LEN(sizeof(struct ucred)));
# 1278|-> 	BUG_ON(ch->cmsg_level != SOL_SOCKET);
# 1279|   	BUG_ON(ch->cmsg_type != SCM_CREDENTIALS);
# 1280|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def119]
criu-4.1/criu/namespaces.c:1279:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/namespaces.c:1838:5: enter_function: entry to ‘prepare_namespace_before_tasks’
criu-4.1/criu/namespaces.c:1840:13: call_function: calling ‘start_usernsd’ from ‘prepare_namespace_before_tasks’
# 1277|   	BUG_ON(ch->cmsg_len != CMSG_LEN(sizeof(struct ucred)));
# 1278|   	BUG_ON(ch->cmsg_level != SOL_SOCKET);
# 1279|-> 	BUG_ON(ch->cmsg_type != SCM_CREDENTIALS);
# 1280|   
# 1281|   	if (pid) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def120]
criu-4.1/criu/namespaces.c:1289:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/namespaces.c:1838:5: enter_function: entry to ‘prepare_namespace_before_tasks’
criu-4.1/criu/namespaces.c:1840:13: call_function: calling ‘start_usernsd’ from ‘prepare_namespace_before_tasks’
# 1287|   
# 1288|   	if (ch && ch->cmsg_len == CMSG_LEN(sizeof(int))) {
# 1289|-> 		BUG_ON(ch->cmsg_level != SOL_SOCKET);
# 1290|   		BUG_ON(ch->cmsg_type != SCM_RIGHTS);
# 1291|   		*fd = *((int *)CMSG_DATA(ch));

Error: GCC_ANALYZER_WARNING (CWE-476): [#def121]
criu-4.1/criu/namespaces.c:1290:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/namespaces.c:1838:5: enter_function: entry to ‘prepare_namespace_before_tasks’
criu-4.1/criu/namespaces.c:1840:13: call_function: calling ‘start_usernsd’ from ‘prepare_namespace_before_tasks’
# 1288|   	if (ch && ch->cmsg_len == CMSG_LEN(sizeof(int))) {
# 1289|   		BUG_ON(ch->cmsg_level != SOL_SOCKET);
# 1290|-> 		BUG_ON(ch->cmsg_type != SCM_RIGHTS);
# 1291|   		*fd = *((int *)CMSG_DATA(ch));
# 1292|   	} else {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def122]
criu-4.1/criu/net.c:1512:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/net.c:3003:12: enter_function: entry to ‘__prepare_net_namespaces’
criu-4.1/criu/net.c:3008:12: branch_false: following ‘false’ branch...
criu-4.1/criu/net.c:3011:19: branch_false: ...to here
criu-4.1/criu/net.c:3011:19: branch_false: following ‘false’ branch...
criu-4.1/criu/net.c:3016:14: branch_false: ...to here
criu-4.1/criu/net.c:3045:13: call_function: calling ‘restore_links’ from ‘__prepare_net_namespaces’
# 1510|   	struct rtattr *venet_data;
# 1511|   
# 1512|-> 	BUG_ON(ns_fd < 0);
# 1513|   
# 1514|   	venet_data = NLMSG_TAIL(&req->h);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def123]
criu-4.1/criu/net.c:2706:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/net.c:2706:9: branch_true: following ‘true’ branch...
criu-4.1/criu/net.c:2706:9: branch_true: ...to here
criu-4.1/criu/net.c:2706:9: danger: dereference of NULL ‘0’
# 2704|   	char sys_mount[] = "crtools-sys.XXXXXX";
# 2705|   
# 2706|-> 	BUG_ON(ns_sysfs_fd != -1);
# 2707|   
# 2708|   	if (kdat.has_fsopen) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def124]
criu-4.1/criu/net.c:3109:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/net.c:3099:12: branch_true: following ‘true’ branch...
criu-4.1/criu/net.c:3104:20: branch_false: following ‘false’ branch...
criu-4.1/criu/net.c:3109:17: branch_false: ...to here
criu-4.1/criu/net.c:3109:17: branch_true: following ‘true’ branch...
criu-4.1/criu/net.c:3109:17: branch_true: ...to here
criu-4.1/criu/net.c:3109:17: danger: dereference of NULL ‘0’
# 3107|   		}
# 3108|   
# 3109|-> 		BUG_ON(nsid->type == NS_CRIU);
# 3110|   
# 3111|   		if (do_restore_task_net_ns(nsid, current))

Error: GCC_ANALYZER_WARNING (CWE-775): [#def125]
criu-4.1/criu/net.c:3552:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor
criu-4.1/criu/net.c:3498:12: branch_true: following ‘true’ branch (when ‘for_dump != 0’)...
criu-4.1/criu/net.c:3499:38: branch_true: ...to here
criu-4.1/criu/net.c:3499:38: acquire_resource: socket created here
criu-4.1/criu/net.c:3500:20: branch_false: following ‘false’ branch...
criu-4.1/criu/net.c:3536:13: branch_false: ...to here
criu-4.1/criu/net.c:3536:12: branch_false: following ‘false’ branch...
criu-4.1/criu/net.c:3552:31: branch_false: ...to here
criu-4.1/criu/net.c:3552:15: danger: leaks here
# 3550|   #endif
# 3551|   
# 3552|-> 	ret = ns->net.seqsk = socket(PF_UNIX, SOCK_SEQPACKET | SOCK_NONBLOCK, 0);
# 3553|   	if (ret < 0) {
# 3554|   		pr_perror("Can't create seqsk for parasite");

Error: CPPCHECK_WARNING (CWE-476): [#def126]
criu-4.1/criu/page-pipe.c:41: error[nullPointer]: Null pointer dereference: (volatile unsigned long*)NULL
#   39|   
#   40|   	ret /= PAGE_SIZE;
#   41|-> 	BUG_ON(ret < ppb->pipe_size);
#   42|   
#   43|   	pr_debug("Grow pipe %x -> %x\n", ppb->pipe_size, ret);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def127]
criu-4.1/criu/page-pipe.c:41:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/page-pipe.c:37:12: branch_false: following ‘false’ branch...
criu-4.1/criu/page-pipe.c:40:13: branch_false: ...to here
criu-4.1/criu/page-pipe.c:41:9: branch_true: following ‘true’ branch...
criu-4.1/criu/page-pipe.c:41:9: branch_true: ...to here
criu-4.1/criu/page-pipe.c:41:9: danger: dereference of NULL ‘0’
#   39|   
#   40|   	ret /= PAGE_SIZE;
#   41|-> 	BUG_ON(ret < ppb->pipe_size);
#   42|   
#   43|   	pr_debug("Grow pipe %x -> %x\n", ppb->pipe_size, ret);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def128]
criu-4.1/criu/page-pipe.c:126:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor
criu-4.1/criu/page-pipe.c:104:15: branch_false: following ‘false’ branch (when ‘___p’ is non-NULL)...
criu-4.1/criu/page-pipe.c:107:9: branch_false: ...to here
criu-4.1/criu/page-pipe.c:109:12: branch_false: following ‘false’ branch...
criu-4.1/criu/page-pipe.c:116:26: branch_false: ...to here
criu-4.1/criu/page-pipe.c:116:20: branch_false: following ‘false’ branch...
criu-4.1/criu/page-pipe.c:121:17: branch_false: ...to here
criu-4.1/criu/page-pipe.c:125:20: branch_true: following ‘true’ branch...
criu-4.1/criu/page-pipe.c:126:25: branch_true: ...to here
criu-4.1/criu/page-pipe.c:126:25: danger: leaks here
#  124|   		ppb_size = fcntl(ppb->p[0], F_GETPIPE_SZ, 0);
#  125|   		if (ppb_size < 0) {
#  126|-> 			xfree(ppb);
#  127|   			pr_perror("Can't get pipe size");
#  128|   			return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def129]
criu-4.1/criu/page-pipe.c:219:9: warning[-Wanalyzer-malloc-leak]: leak of ‘___p’
criu-4.1/criu/page-pipe.c:187:19: enter_function: entry to ‘create_page_pipe’
criu-4.1/criu/page-pipe.c:193:14: branch_false: following ‘false’ branch (when ‘___p’ is non-NULL)...
criu-4.1/criu/page-pipe.c:197:9: branch_false: ...to here
criu-4.1/criu/page-pipe.c:202:12: branch_true: following ‘true’ branch (when ‘iovs’ is NULL)...
criu-4.1/criu/page-pipe.c:203:24: branch_true: ...to here
criu-4.1/criu/page-pipe.c:203:24: acquire_memory: allocated here
criu-4.1/criu/page-pipe.c:203:24: branch_false: following ‘false’ branch (when ‘___p’ is non-NULL)...
criu-4.1/criu/page-pipe.c:206:27: branch_false: ...to here
criu-4.1/criu/page-pipe.c:210:13: call_function: calling ‘page_pipe_grow’ from ‘create_page_pipe’
criu-4.1/criu/page-pipe.c:210:13: return_function: returning to ‘create_page_pipe’ from ‘page_pipe_grow’
criu-4.1/criu/page-pipe.c:210:12: branch_true: following ‘true’ branch...
criu-4.1/criu/page-pipe.c:211:17: branch_true: ...to here
criu-4.1/criu/page-pipe.c:216:12: branch_false: following ‘false’ branch...
criu-4.1/criu/page-pipe.c:218:1: branch_false: ...to here
criu-4.1/criu/page-pipe.c:219:9: danger: ‘___p’ leaks here; was allocated at [(6)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/5)
#  217|   		xfree(iovs);
#  218|   err_free_pp:
#  219|-> 	xfree(pp);
#  220|   	return NULL;
#  221|   }

Error: CPPCHECK_WARNING (CWE-476): [#def130]
criu-4.1/criu/page-pipe.c:242: error[nullPointer]: Null pointer dereference: (volatile unsigned long*)NULL
#  240|   	struct page_pipe_buf *ppb, *n;
#  241|   
#  242|-> 	BUG_ON(!(pp->flags & PP_CHUNK_MODE));
#  243|   
#  244|   	pr_debug("Clean up page pipe\n");

Error: GCC_ANALYZER_WARNING (CWE-476): [#def131]
criu-4.1/criu/page-pipe.c:242:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/page-pipe.c:242:9: branch_true: following ‘true’ branch...
criu-4.1/criu/page-pipe.c:242:9: branch_true: ...to here
criu-4.1/criu/page-pipe.c:242:9: danger: dereference of NULL ‘0’
#  240|   	struct page_pipe_buf *ppb, *n;
#  241|   
#  242|-> 	BUG_ON(!(pp->flags & PP_CHUNK_MODE));
#  243|   
#  244|   	pr_debug("Clean up page pipe\n");

Error: CPPCHECK_WARNING (CWE-476): [#def132]
criu-4.1/criu/page-pipe.c:252: error[nullPointer]: Null pointer dereference: (volatile unsigned long*)NULL
#  250|   
#  251|   	if (page_pipe_grow(pp, 0))
#  252|-> 		BUG(); /* It can't fail, because ppb is in free_bufs */
#  253|   }
#  254|   

Error: CPPCHECK_WARNING (CWE-476): [#def133]
criu-4.1/criu/page-pipe.c:270: error[nullPointer]: Null pointer dereference: (volatile unsigned long*)NULL
#  268|   	iov_init(&ppb->iov[ppb->nr_segs++], addr);
#  269|   	pp->free_iov++;
#  270|-> 	BUG_ON(pp->free_iov > pp->nr_iovs);
#  271|   out:
#  272|   	ppb->pages_in++;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def134]
criu-4.1/criu/page-pipe.c:270:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/page-pipe.c:258:12: branch_false: following ‘false’ branch...
criu-4.1/criu/page-pipe.c:261:13: branch_false: ...to here
criu-4.1/criu/page-pipe.c:261:12: branch_false: following ‘false’ branch...
criu-4.1/criu/page-pipe.c:264:13: branch_false: ...to here
criu-4.1/criu/page-pipe.c:270:9: branch_true: following ‘true’ branch...
criu-4.1/criu/page-pipe.c:270:9: branch_true: ...to here
criu-4.1/criu/page-pipe.c:270:9: danger: dereference of NULL ‘0’
#  268|   	iov_init(&ppb->iov[ppb->nr_segs++], addr);
#  269|   	pp->free_iov++;
#  270|-> 	BUG_ON(pp->free_iov > pp->nr_iovs);
#  271|   out:
#  272|   	ppb->pages_in++;

Error: CPPCHECK_WARNING (CWE-476): [#def135]
criu-4.1/criu/page-pipe.c:278: error[nullPointer]: Null pointer dereference: (volatile unsigned long*)NULL
#  276|   static inline int try_add_page(struct page_pipe *pp, unsigned long addr, unsigned int flags)
#  277|   {
#  278|-> 	BUG_ON(list_empty(&pp->bufs));
#  279|   	return try_add_page_to(pp, list_entry(pp->bufs.prev, struct page_pipe_buf, l), addr, flags);
#  280|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def136]
criu-4.1/criu/page-pipe.c:278:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  276|   static inline int try_add_page(struct page_pipe *pp, unsigned long addr, unsigned int flags)
#  277|   {
#  278|-> 	BUG_ON(list_empty(&pp->bufs));
#  279|   	return try_add_page_to(pp, list_entry(pp->bufs.prev, struct page_pipe_buf, l), addr, flags);
#  280|   }

Error: CPPCHECK_WARNING (CWE-476): [#def137]
criu-4.1/criu/page-pipe.c:295: error[nullPointer]: Null pointer dereference: (volatile unsigned long*)NULL
#  293|   
#  294|   	ret = try_add_page(pp, addr, flags);
#  295|-> 	BUG_ON(ret > 0);
#  296|   	return ret;
#  297|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def138]
criu-4.1/criu/page-pipe.c:295:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/page-pipe.c:282:5: enter_function: entry to ‘page_pipe_add_page’
criu-4.1/criu/page-pipe.c:286:15: call_function: calling ‘try_add_page’ from ‘page_pipe_add_page’
criu-4.1/criu/page-pipe.c:286:15: return_function: returning to ‘page_pipe_add_page’ from ‘try_add_page’
criu-4.1/criu/page-pipe.c:287:12: branch_false: following ‘false’ branch...
criu-4.1/criu/page-pipe.c:290:15: branch_false: ...to here
criu-4.1/criu/page-pipe.c:291:12: branch_false: following ‘false’ branch...
criu-4.1/criu/page-pipe.c:294:15: branch_false: ...to here
criu-4.1/criu/page-pipe.c:294:15: call_function: calling ‘try_add_page’ from ‘page_pipe_add_page’
criu-4.1/criu/page-pipe.c:294:15: return_function: returning to ‘page_pipe_add_page’ from ‘try_add_page’
criu-4.1/criu/page-pipe.c:295:9: branch_true: following ‘true’ branch...
criu-4.1/criu/page-pipe.c:295:9: branch_true: ...to here
criu-4.1/criu/page-pipe.c:295:9: danger: dereference of NULL ‘0’
#  293|   
#  294|   	ret = try_add_page(pp, addr, flags);
#  295|-> 	BUG_ON(ret > 0);
#  296|   	return ret;
#  297|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def139]
criu-4.1/criu/page-xfer.c:77:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#   75|   		type = PS_TYPE_SHMEM;
#   76|   	else {
#   77|-> 		BUG();
#   78|   		return 0;
#   79|   	}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def140]
criu-4.1/criu/page-xfer.c:1626:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/page-xfer.c:1620:12: branch_false: following ‘false’ branch...
criu-4.1/criu/page-xfer.c:1626:9: branch_false: ...to here
criu-4.1/criu/page-xfer.c:1626:9: branch_true: following ‘true’ branch...
criu-4.1/criu/page-xfer.c:1626:9: branch_true: ...to here
criu-4.1/criu/page-xfer.c:1626:9: danger: dereference of NULL ‘0’
# 1624|   	 * IO complete -- notify the caller and drop the request
# 1625|   	 */
# 1626|-> 	BUG_ON(ar->rb > ar->goal);
# 1627|   	return ar->complete((int)ar->pi.dst_id, (unsigned long)ar->pi.vaddr, (int)ar->pi.nr_pages, ar->priv);
# 1628|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def141]
criu-4.1/criu/page-xfer.c:1635:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 1633|   	int ret;
# 1634|   
# 1635|-> 	BUG_ON(list_empty(&async_reads));
# 1636|   	ar = list_first_entry(&async_reads, struct ps_async_read, l);
# 1637|   	ret = page_server_read(ar, MSG_DONTWAIT);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def142]
criu-4.1/criu/pagemap-cache.c:52:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/pagemap-cache.c:52:9: branch_true: following ‘true’ branch (when ‘vma_head’ is NULL)...
criu-4.1/criu/pagemap-cache.c:52:9: branch_true: ...to here
criu-4.1/criu/pagemap-cache.c:52:9: danger: dereference of NULL ‘0’
#   50|   	pmc_reset(pmc);
#   51|   
#   52|-> 	BUG_ON(!vma_head);
#   53|   
#   54|   	pmc->pid = pid;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def143]
criu-4.1/criu/pagemap-cache.c:143:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/pagemap-cache.c:132:12: branch_false: following ‘false’ branch...
criu-4.1/criu/pagemap-cache.c:132:13: branch_false: ...to here
criu-4.1/criu/pagemap-cache.c:132:13: branch_true: following ‘true’ branch...
criu-4.1/criu/pagemap-cache.c:139:17: branch_true: following ‘true’ branch...
criu-4.1/criu/pagemap-cache.c:140:29: branch_true: ...to here
criu-4.1/criu/pagemap-cache.c:140:28: branch_false: following ‘false’ branch...
criu-4.1/criu/pagemap-cache.c:143:25: branch_true: following ‘true’ branch...
criu-4.1/criu/pagemap-cache.c:143:25: branch_true: ...to here
criu-4.1/criu/pagemap-cache.c:143:25: danger: dereference of NULL ‘0’
#  141|   				break;
#  142|   
#  143|-> 			BUG_ON(vma->e->start < low);
#  144|   			size_cov += vma_area_len(vma);
#  145|   			nr_vmas++;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def144]
criu-4.1/criu/pagemap-cache.c:174:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/pagemap-cache.c:174:9: branch_true: following ‘true’ branch...
criu-4.1/criu/pagemap-cache.c:174:9: branch_true: ...to here
criu-4.1/criu/pagemap-cache.c:174:9: danger: dereference of NULL ‘0’
#  172|   
#  173|   	size_map = PAGEMAP_LEN(pmc->end - pmc->start);
#  174|-> 	BUG_ON(pmc->map_len < size_map);
#  175|   	BUG_ON(pmc->fd < 0);
#  176|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def145]
criu-4.1/criu/pagemap-cache.c:175:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/pagemap-cache.c:174:9: branch_false: following ‘false’ branch...
criu-4.1/criu/pagemap-cache.c:175:9: branch_false: ...to here
criu-4.1/criu/pagemap-cache.c:175:9: branch_true: following ‘true’ branch...
criu-4.1/criu/pagemap-cache.c:175:9: branch_true: ...to here
criu-4.1/criu/pagemap-cache.c:175:9: danger: dereference of NULL ‘0’
#  173|   	size_map = PAGEMAP_LEN(pmc->end - pmc->start);
#  174|   	BUG_ON(pmc->map_len < size_map);
#  175|-> 	BUG_ON(pmc->fd < 0);
#  176|   
#  177|   	if (pmc->regs) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def146]
criu-4.1/criu/pagemap.c:596:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/pagemap.c:849:5: enter_function: entry to ‘open_page_read’
criu-4.1/criu/pagemap.c:851:16: call_function: calling ‘open_page_read_at’ from ‘open_page_read’
#  594|   	int ret;
#  595|   
#  596|-> 	BUG_ON(!list_empty(&pr->async));
#  597|   
#  598|   	if (pr->bunch.iov_len > 0) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def147]
criu-4.1/criu/pagemap.c:782:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/pagemap.c:849:5: enter_function: entry to ‘open_page_read’
criu-4.1/criu/pagemap.c:851:16: call_function: calling ‘open_page_read_at’ from ‘open_page_read’
#  780|   		break;
#  781|   	default:
#  782|-> 		BUG();
#  783|   		return -1;
#  784|   	}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def148]
criu-4.1/criu/parasite-syscall.c:108:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/parasite-syscall.c:108:9: branch_true: following ‘true’ branch...
criu-4.1/criu/parasite-syscall.c:108:9: branch_true: ...to here
criu-4.1/criu/parasite-syscall.c:108:9: danger: dereference of NULL ‘0’
#  106|   	BUILD_BUG_ON(sizeof(ce->cap_amb[0]) != sizeof(c->cap_amb[0]));
#  107|   
#  108|-> 	BUG_ON(ce->n_cap_inh != CR_CAP_SIZE);
#  109|   	BUG_ON(ce->n_cap_prm != CR_CAP_SIZE);
#  110|   	BUG_ON(ce->n_cap_eff != CR_CAP_SIZE);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def149]
criu-4.1/criu/parasite-syscall.c:109:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/parasite-syscall.c:108:9: branch_false: following ‘false’ branch...
criu-4.1/criu/parasite-syscall.c:109:9: branch_false: ...to here
criu-4.1/criu/parasite-syscall.c:109:9: branch_true: following ‘true’ branch...
criu-4.1/criu/parasite-syscall.c:109:9: branch_true: ...to here
criu-4.1/criu/parasite-syscall.c:109:9: danger: dereference of NULL ‘0’
#  107|   
#  108|   	BUG_ON(ce->n_cap_inh != CR_CAP_SIZE);
#  109|-> 	BUG_ON(ce->n_cap_prm != CR_CAP_SIZE);
#  110|   	BUG_ON(ce->n_cap_eff != CR_CAP_SIZE);
#  111|   	BUG_ON(ce->n_cap_bnd != CR_CAP_SIZE);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def150]
criu-4.1/criu/parasite-syscall.c:110:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/parasite-syscall.c:108:9: branch_false: following ‘false’ branch...
criu-4.1/criu/parasite-syscall.c:109:9: branch_false: ...to here
criu-4.1/criu/parasite-syscall.c:109:9: branch_false: following ‘false’ branch...
criu-4.1/criu/parasite-syscall.c:110:9: branch_false: ...to here
criu-4.1/criu/parasite-syscall.c:110:9: branch_true: following ‘true’ branch...
criu-4.1/criu/parasite-syscall.c:110:9: branch_true: ...to here
criu-4.1/criu/parasite-syscall.c:110:9: danger: dereference of NULL ‘0’
#  108|   	BUG_ON(ce->n_cap_inh != CR_CAP_SIZE);
#  109|   	BUG_ON(ce->n_cap_prm != CR_CAP_SIZE);
#  110|-> 	BUG_ON(ce->n_cap_eff != CR_CAP_SIZE);
#  111|   	BUG_ON(ce->n_cap_bnd != CR_CAP_SIZE);
#  112|   	BUG_ON(ce->n_cap_amb != CR_CAP_SIZE);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def151]
criu-4.1/criu/parasite-syscall.c:111:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/parasite-syscall.c:108:9: branch_false: following ‘false’ branch...
criu-4.1/criu/parasite-syscall.c:109:9: branch_false: ...to here
criu-4.1/criu/parasite-syscall.c:109:9: branch_false: following ‘false’ branch...
criu-4.1/criu/parasite-syscall.c:110:9: branch_false: ...to here
criu-4.1/criu/parasite-syscall.c:110:9: branch_false: following ‘false’ branch...
criu-4.1/criu/parasite-syscall.c:111:9: branch_false: ...to here
criu-4.1/criu/parasite-syscall.c:111:9: branch_true: following ‘true’ branch...
criu-4.1/criu/parasite-syscall.c:111:9: branch_true: ...to here
criu-4.1/criu/parasite-syscall.c:111:9: danger: dereference of NULL ‘0’
#  109|   	BUG_ON(ce->n_cap_prm != CR_CAP_SIZE);
#  110|   	BUG_ON(ce->n_cap_eff != CR_CAP_SIZE);
#  111|-> 	BUG_ON(ce->n_cap_bnd != CR_CAP_SIZE);
#  112|   	BUG_ON(ce->n_cap_amb != CR_CAP_SIZE);
#  113|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def152]
criu-4.1/criu/parasite-syscall.c:112:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/parasite-syscall.c:108:9: branch_false: following ‘false’ branch...
criu-4.1/criu/parasite-syscall.c:109:9: branch_false: ...to here
criu-4.1/criu/parasite-syscall.c:109:9: branch_false: following ‘false’ branch...
criu-4.1/criu/parasite-syscall.c:110:9: branch_false: ...to here
criu-4.1/criu/parasite-syscall.c:110:9: branch_false: following ‘false’ branch...
criu-4.1/criu/parasite-syscall.c:111:9: branch_false: ...to here
criu-4.1/criu/parasite-syscall.c:111:9: branch_false: following ‘false’ branch...
criu-4.1/criu/parasite-syscall.c:112:9: branch_false: ...to here
criu-4.1/criu/parasite-syscall.c:112:9: branch_true: following ‘true’ branch...
criu-4.1/criu/parasite-syscall.c:112:9: branch_true: ...to here
criu-4.1/criu/parasite-syscall.c:112:9: danger: dereference of NULL ‘0’
#  110|   	BUG_ON(ce->n_cap_eff != CR_CAP_SIZE);
#  111|   	BUG_ON(ce->n_cap_bnd != CR_CAP_SIZE);
#  112|-> 	BUG_ON(ce->n_cap_amb != CR_CAP_SIZE);
#  113|   
#  114|   	memcpy(ce->cap_inh, c->cap_inh, sizeof(c->cap_inh[0]) * CR_CAP_SIZE);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def153]
criu-4.1/criu/parasite-syscall.c:187:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/parasite-syscall.c:187:9: branch_true: following ‘true’ branch (when ‘id == 0’)...
criu-4.1/criu/parasite-syscall.c:187:9: branch_true: ...to here
criu-4.1/criu/parasite-syscall.c:187:9: danger: dereference of NULL ‘0’
#  185|   	int ret;
#  186|   
#  187|-> 	BUG_ON(id == 0); /* Leader is dumped in dump_task_core_all */
#  188|   
#  189|   	args = compel_parasite_args(ctl, struct parasite_dump_thread);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def154]
criu-4.1/criu/parasite-syscall.c:388:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/parasite-syscall.c:388:9: branch_true: following ‘true’ branch...
criu-4.1/criu/parasite-syscall.c:388:9: branch_true: ...to here
criu-4.1/criu/parasite-syscall.c:388:9: danger: dereference of NULL ‘0’
#  386|   	int ret;
#  387|   
#  388|-> 	BUG_ON(item->threads[0].real != pid);
#  389|   
#  390|   	p = get_exec_start(vma_area_list);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def155]
criu-4.1/criu/pidfd.c:205:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/pidfd.c:187:12: enter_function: entry to ‘open_one_pidfd’
criu-4.1/criu/pidfd.c:195:12: branch_false: following ‘false’ branch...
criu-4.1/criu/pidfd.c:204:34: branch_false: ...to here
criu-4.1/criu/pidfd.c:204:16: call_function: calling ‘lookup_dead_pidfd’ from ‘open_one_pidfd’
criu-4.1/criu/pidfd.c:204:16: return_function: returning to ‘open_one_pidfd’ from ‘lookup_dead_pidfd’
criu-4.1/criu/pidfd.c:205:9: branch_true: following ‘true’ branch...
criu-4.1/criu/pidfd.c:205:9: branch_true: ...to here
criu-4.1/criu/pidfd.c:205:9: danger: dereference of NULL ‘0’
#  203|   
#  204|   	dead = lookup_dead_pidfd(info->pidfe->ino);
#  205|-> 	BUG_ON(!dead);
#  206|   
#  207|   	if (info->dead && info->dead->creator_id != info->pidfe->id) {

Error: GCC_ANALYZER_WARNING (CWE-465): [#def156]
criu-4.1/criu/pie-util-vdso-elf32.c:153:28: warning[-Wanalyzer-deref-before-check]: check of ‘addr’ for NULL after already dereferencing it
criu-4.1/criu/pie-util-vdso-elf32.c:430:5: enter_function: entry to ‘vdso_fill_symtable_compat’
criu-4.1/criu/pie-util-vdso-elf32.c:449:15: call_function: calling ‘parse_elf_phdr’ from ‘vdso_fill_symtable_compat’
#  151|   		switch (phdr->p_type) {
#  152|   		case PT_DYNAMIC:
#  153|-> 			if (*dynamic) {
#  154|   				pr_err("Second PT_DYNAMIC header\n");
#  155|   				return -EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-465): [#def157]
criu-4.1/criu/pie-util-vdso-elf32.c:160:28: warning[-Wanalyzer-deref-before-check]: check of ‘addr’ for NULL after already dereferencing it
criu-4.1/criu/pie-util-vdso-elf32.c:430:5: enter_function: entry to ‘vdso_fill_symtable_compat’
criu-4.1/criu/pie-util-vdso-elf32.c:449:15: call_function: calling ‘parse_elf_phdr’ from ‘vdso_fill_symtable_compat’
#  158|   			break;
#  159|   		case PT_LOAD:
#  160|-> 			if (*load) {
#  161|   				pr_err("Second PT_LOAD header\n");
#  162|   				return -EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-465): [#def158]
criu-4.1/criu/pie-util-vdso.c:153:28: warning[-Wanalyzer-deref-before-check]: check of ‘addr’ for NULL after already dereferencing it
criu-4.1/criu/pie-util-vdso.c:430:5: enter_function: entry to ‘vdso_fill_symtable’
criu-4.1/criu/pie-util-vdso.c:449:15: call_function: calling ‘parse_elf_phdr’ from ‘vdso_fill_symtable’
#  151|   		switch (phdr->p_type) {
#  152|   		case PT_DYNAMIC:
#  153|-> 			if (*dynamic) {
#  154|   				pr_err("Second PT_DYNAMIC header\n");
#  155|   				return -EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-465): [#def159]
criu-4.1/criu/pie-util-vdso.c:160:28: warning[-Wanalyzer-deref-before-check]: check of ‘addr’ for NULL after already dereferencing it
criu-4.1/criu/pie-util-vdso.c:430:5: enter_function: entry to ‘vdso_fill_symtable’
criu-4.1/criu/pie-util-vdso.c:449:15: call_function: calling ‘parse_elf_phdr’ from ‘vdso_fill_symtable’
#  158|   			break;
#  159|   		case PT_LOAD:
#  160|-> 			if (*load) {
#  161|   				pr_err("Second PT_LOAD header\n");
#  162|   				return -EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def160]
criu-4.1/criu/pie/parasite-vdso.c:132:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/pie/parasite-vdso.c:131:12: branch_true: following ‘true’ branch...
criu-4.1/criu/pie/parasite-vdso.c:132:17: branch_true: ...to here
criu-4.1/criu/pie/parasite-vdso.c:132:17: branch_true: following ‘true’ branch (when ‘vdso_size < space’)...
criu-4.1/criu/pie/parasite-vdso.c:132:17: branch_true: ...to here
criu-4.1/criu/pie/parasite-vdso.c:132:17: danger: dereference of NULL ‘0’
#  130|   
#  131|   	if (rt->vvar_start == VVAR_BAD_ADDR) {
#  132|-> 		BUG_ON(vdso_size < space);
#  133|   		return park_at(rt, addr, 0);
#  134|   	}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def161]
criu-4.1/criu/pie/parasite-vdso.c:136:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/pie/parasite-vdso.c:131:12: branch_false: following ‘false’ branch...
criu-4.1/criu/pie/parasite-vdso.c:136:9: branch_false: ...to here
criu-4.1/criu/pie/parasite-vdso.c:136:9: branch_true: following ‘true’ branch...
criu-4.1/criu/pie/parasite-vdso.c:136:9: branch_true: ...to here
criu-4.1/criu/pie/parasite-vdso.c:136:9: danger: dereference of NULL ‘0’
#  134|   	}
#  135|   
#  136|-> 	BUG_ON((vdso_size + vvar_size) < space);
#  137|   
#  138|   	if (rt->sym.vdso_before_vvar)

Error: GCC_ANALYZER_WARNING (CWE-457): [#def162]
criu-4.1/criu/pie/restorer.c:1217:59: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘ts.tv_sec’
criu-4.1/criu/pie/restorer.c:1197:21: branch_true: following ‘true’ branch...
criu-4.1/criu/pie/restorer.c:1198:46: branch_true: ...to here
criu-4.1/criu/pie/restorer.c:1203:20: branch_true: following ‘true’ branch...
criu-4.1/criu/pie/restorer.c:1212:47: branch_true: ...to here
criu-4.1/criu/pie/restorer.c:1212:28: branch_false: following ‘false’ branch...
criu-4.1/criu/pie/restorer.c:1217:25: branch_false: ...to here
criu-4.1/criu/pie/restorer.c:1217:59: danger: use of uninitialized value ‘ts.tv_sec’ here
# 1215|   			}
# 1216|   
# 1217|-> 			t->val.it_value.tv_sec += (time_t)ts.tv_sec;
# 1218|   
# 1219|   			pr_debug("Adjust id %x it_value(%llu, %llu) -> it_value(%llu, %llu)\n", t->id,

Error: GCC_ANALYZER_WARNING (CWE-476): [#def163]
criu-4.1/criu/pie/restorer.c:1406:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/pie/restorer.c:1395:21: branch_true: following ‘true’ branch...
criu-4.1/criu/pie/restorer.c:1398:63: branch_true: ...to here
criu-4.1/criu/pie/restorer.c:1401:20: branch_true: following ‘true’ branch (when ‘ret == -10’)...
 branch_true: ...to here
criu-4.1/criu/pie/restorer.c:1406:25: branch_false: following ‘false’ branch...
criu-4.1/criu/pie/restorer.c:1406:25: branch_false: ...to here
criu-4.1/criu/pie/restorer.c:1406:25: danger: dereference of NULL ‘0’
# 1404|   			 * and try again.
# 1405|   			 */
# 1406|-> 			futex_wait_while_eq(&task_entries_local->nr_in_progress, nr_in_progress);
# 1407|   			i--;
# 1408|   			continue;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def164]
criu-4.1/criu/pie/restorer.c:2266:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 2264|   	pr_err("Restorer stack smash detected %ld\n", sys_getpid());
# 2265|   	sys_exit_group(1);
# 2266|-> 	BUG();
# 2267|   }

Error: GCC_ANALYZER_WARNING (CWE-465): [#def165]
criu-4.1/criu/pie/util-vdso-elf32.c:153:28: warning[-Wanalyzer-deref-before-check]: check of ‘addr’ for NULL after already dereferencing it
criu-4.1/criu/pie/util-vdso-elf32.c:430:5: enter_function: entry to ‘vdso_fill_symtable_compat’
criu-4.1/criu/pie/util-vdso-elf32.c:449:15: call_function: calling ‘parse_elf_phdr’ from ‘vdso_fill_symtable_compat’
#  151|   		switch (phdr->p_type) {
#  152|   		case PT_DYNAMIC:
#  153|-> 			if (*dynamic) {
#  154|   				pr_err("Second PT_DYNAMIC header\n");
#  155|   				return -EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-465): [#def166]
criu-4.1/criu/pie/util-vdso-elf32.c:160:28: warning[-Wanalyzer-deref-before-check]: check of ‘addr’ for NULL after already dereferencing it
criu-4.1/criu/pie/util-vdso-elf32.c:430:5: enter_function: entry to ‘vdso_fill_symtable_compat’
criu-4.1/criu/pie/util-vdso-elf32.c:449:15: call_function: calling ‘parse_elf_phdr’ from ‘vdso_fill_symtable_compat’
#  158|   			break;
#  159|   		case PT_LOAD:
#  160|-> 			if (*load) {
#  161|   				pr_err("Second PT_LOAD header\n");
#  162|   				return -EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-465): [#def167]
criu-4.1/criu/pie/util-vdso.c:153:28: warning[-Wanalyzer-deref-before-check]: check of ‘addr’ for NULL after already dereferencing it
criu-4.1/criu/pie/util-vdso.c:430:5: enter_function: entry to ‘vdso_fill_symtable’
criu-4.1/criu/pie/util-vdso.c:449:15: call_function: calling ‘parse_elf_phdr’ from ‘vdso_fill_symtable’
#  151|   		switch (phdr->p_type) {
#  152|   		case PT_DYNAMIC:
#  153|-> 			if (*dynamic) {
#  154|   				pr_err("Second PT_DYNAMIC header\n");
#  155|   				return -EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-465): [#def168]
criu-4.1/criu/pie/util-vdso.c:160:28: warning[-Wanalyzer-deref-before-check]: check of ‘addr’ for NULL after already dereferencing it
criu-4.1/criu/pie/util-vdso.c:430:5: enter_function: entry to ‘vdso_fill_symtable’
criu-4.1/criu/pie/util-vdso.c:449:15: call_function: calling ‘parse_elf_phdr’ from ‘vdso_fill_symtable’
#  158|   			break;
#  159|   		case PT_LOAD:
#  160|-> 			if (*load) {
#  161|   				pr_err("Second PT_LOAD header\n");
#  162|   				return -EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def169]
criu-4.1/criu/pipes.c:294:32: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pfd[0]’
criu-4.1/criu/pipes.c:284:5: enter_function: entry to ‘open_pipe’
criu-4.1/criu/pipes.c:292:12: branch_false: following ‘false’ branch...
criu-4.1/criu/pipes.c:300:13: branch_false: ...to here
criu-4.1/criu/pipes.c:300:12: branch_false: following ‘false’ branch...
criu-4.1/criu/pipes.c:303:13: branch_false: ...to here
criu-4.1/criu/pipes.c:303:12: branch_false: following ‘false’ branch...
criu-4.1/criu/pipes.c:308:59: branch_false: ...to here
criu-4.1/criu/pipes.c:308:15: call_function: calling ‘restore_pipe_data’ from ‘open_pipe’
criu-4.1/criu/pipes.c:308:15: return_function: returning to ‘open_pipe’ from ‘restore_pipe_data’
criu-4.1/criu/pipes.c:312:9: branch_true: following ‘true’ branch...
criu-4.1/criu/pipes.c:313:30: branch_true: ...to here
criu-4.1/criu/pipes.c:294:32: danger: ‘pfd[0]’ leaks here
#  292|   	if (inherited_fd(d, &tmp)) {
#  293|   		if (tmp < 0)
#  294|-> 			return tmp;
#  295|   
#  296|   		pi->reopen = 1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def170]
criu-4.1/criu/pipes.c:294:32: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pfd[1]’
criu-4.1/criu/pipes.c:284:5: enter_function: entry to ‘open_pipe’
criu-4.1/criu/pipes.c:292:12: branch_false: following ‘false’ branch...
criu-4.1/criu/pipes.c:300:13: branch_false: ...to here
criu-4.1/criu/pipes.c:300:12: branch_false: following ‘false’ branch...
criu-4.1/criu/pipes.c:303:13: branch_false: ...to here
criu-4.1/criu/pipes.c:303:12: branch_false: following ‘false’ branch...
criu-4.1/criu/pipes.c:308:59: branch_false: ...to here
criu-4.1/criu/pipes.c:308:15: call_function: calling ‘restore_pipe_data’ from ‘open_pipe’
criu-4.1/criu/pipes.c:308:15: return_function: returning to ‘open_pipe’ from ‘restore_pipe_data’
criu-4.1/criu/pipes.c:312:9: branch_true: following ‘true’ branch...
criu-4.1/criu/pipes.c:313:30: branch_true: ...to here
criu-4.1/criu/pipes.c:294:32: danger: ‘pfd[1]’ leaks here
#  292|   	if (inherited_fd(d, &tmp)) {
#  293|   		if (tmp < 0)
#  294|-> 			return tmp;
#  295|   
#  296|   		pi->reopen = 1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def171]
criu-4.1/criu/plugin.c:175:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
criu-4.1/criu/plugin.c:202:5: enter_function: entry to ‘cr_plugin_init’
criu-4.1/criu/plugin.c:210:21: branch_true: following ‘true’ branch (when ‘i != 12’)...
criu-4.1/criu/plugin.c:211:17: branch_true: ...to here
criu-4.1/criu/plugin.c:226:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/plugin.c:238:20: branch_false: following ‘false’ branch...
criu-4.1/criu/plugin.c:245:30: branch_false: ...to here
criu-4.1/criu/plugin.c:250:20: branch_false: following ‘false’ branch...
criu-4.1/criu/plugin.c:255:21: branch_false: ...to here
criu-4.1/criu/plugin.c:255:21: call_function: calling ‘cr_lib_load’ from ‘cr_plugin_init’
#  173|   	dlclose(h);
#  174|   	if (allocated)
#  175|-> 		xfree(d);
#  176|   	return -1;
#  177|   }

Error: GCC_ANALYZER_WARNING (CWE-457): [#def172]
criu-4.1/criu/proc_parse.c:2467:29: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘tidpid[0]’
criu-4.1/criu/proc_parse.c:2408:5: enter_function: entry to ‘parse_posix_timers’
criu-4.1/criu/proc_parse.c:2425:12: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2428:13: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2428:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/proc_parse.c:2435:20: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2437:21: call_function: inlined call to ‘IS_ERR’ from ‘parse_posix_timers’
criu-4.1/criu/proc_parse.c:2437:20: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2440:25: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2442:33: branch_false: following ‘false’ branch (when ‘___p’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2446:29: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2446:28: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2489:17: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2435:20: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2437:21: call_function: inlined call to ‘IS_ERR’ from ‘parse_posix_timers’
criu-4.1/criu/proc_parse.c:2437:20: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2440:25: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2450:28: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/proc_parse.c:2435:20: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2437:21: call_function: inlined call to ‘IS_ERR’ from ‘parse_posix_timers’
criu-4.1/criu/proc_parse.c:2437:20: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2440:25: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2458:28: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2461:25: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2467:29: danger: use of uninitialized value ‘tidpid[0]’ here
# 2465|   			}
# 2466|   
# 2467|-> 			if (tidpid[0] == 't') {
# 2468|   				timer->spt.it_sigev_notify = SIGEV_THREAD_ID;
# 2469|   				timer->spt.notify_thread_id = pid_t;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def173]
criu-4.1/criu/proc_parse.c:2545:17: warning[-Wanalyzer-malloc-leak]: leak of ‘___p’
criu-4.1/criu/proc_parse.c:2513:15: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2514:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/proc_parse.c:2517:16: branch_true: following ‘true’ branch...
criu-4.1/criu/proc_parse.c:2521:21: branch_true: ...to here
criu-4.1/criu/proc_parse.c:2521:20: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2524:21: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2524:20: branch_true: following ‘true’ branch...
criu-4.1/criu/proc_parse.c:2525:31: branch_true: ...to here
criu-4.1/criu/proc_parse.c:2525:31: branch_false: following ‘false’ branch (when ‘___p’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2532:26: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2517:16: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2539:9: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2541:12: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2545:17: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2545:17: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/proc_parse.c:2545:17: danger: ‘___p’ leaks here; was allocated at [(11)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/10)
# 2543|   		*_n = nr - 1;
# 2544|   	} else
# 2545|-> 		BUG_ON(nr - 1 != *_n);
# 2546|   
# 2547|   	return 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def174]
criu-4.1/criu/proc_parse.c:2545:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/proc_parse.c:2513:15: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2514:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/proc_parse.c:2541:12: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2545:17: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2545:17: branch_true: following ‘true’ branch...
criu-4.1/criu/proc_parse.c:2545:17: branch_true: ...to here
criu-4.1/criu/proc_parse.c:2545:17: danger: dereference of NULL ‘0’
# 2543|   		*_n = nr - 1;
# 2544|   	} else
# 2545|-> 		BUG_ON(nr - 1 != *_n);
# 2546|   
# 2547|   	return 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def175]
criu-4.1/criu/proc_parse.c:2552:16: warning[-Wanalyzer-malloc-leak]: leak of ‘___p’
criu-4.1/criu/proc_parse.c:2621:5: enter_function: entry to ‘parse_thread_cgroup’
criu-4.1/criu/proc_parse.c:2630:13: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2636:12: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2643:12: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2643:12: branch_false: following ‘false’ branch (when ‘args’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2646:45: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2647:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2652:15: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2652:15: call_function: calling ‘parse_cgroup_file’ from ‘parse_thread_cgroup’
# 2550|   int parse_cgroup_file(FILE *f, struct list_head *retl, unsigned int *n)
# 2551|   {
# 2552|-> 	while (fgets(buf, BUF_SIZE, f)) {
# 2553|   		struct cg_ctl *ncc, *cc;
# 2554|   		char *name, *path = NULL, *e;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def176]
criu-4.1/criu/proc_parse.c:2556:23: warning[-Wanalyzer-malloc-leak]: leak of ‘___p’
criu-4.1/criu/proc_parse.c:2621:5: enter_function: entry to ‘parse_thread_cgroup’
criu-4.1/criu/proc_parse.c:2630:13: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2636:12: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2643:12: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2643:12: branch_false: following ‘false’ branch (when ‘args’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2646:45: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2647:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2652:15: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2652:15: call_function: calling ‘parse_cgroup_file’ from ‘parse_thread_cgroup’
# 2554|   		char *name, *path = NULL, *e;
# 2555|   
# 2556|-> 		ncc = xmalloc(sizeof(*cc));
# 2557|   		if (!ncc)
# 2558|   			goto err;

Error: GCC_ANALYZER_WARNING (CWE-126): [#def177]
criu-4.1/criu/proc_parse.c:2607:36: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
criu-4.1/criu/proc_parse.c:2621:5: enter_function: entry to ‘parse_thread_cgroup’
criu-4.1/criu/proc_parse.c:2630:13: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2636:12: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2643:12: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2643:12: branch_false: following ‘false’ branch (when ‘args’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2646:45: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2647:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2652:15: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2652:15: call_function: calling ‘parse_cgroup_file’ from ‘parse_thread_cgroup’
# 2605|   
# 2606|   		list_for_each_entry(cc, retl, l)
# 2607|-> 			if (strcmp(cc->name, name) >= 0)
# 2608|   				break;
# 2609|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def178]
criu-4.1/criu/proc_parse.c:2708:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*n.l.next’
criu-4.1/criu/proc_parse.c:2621:5: enter_function: entry to ‘parse_thread_cgroup’
criu-4.1/criu/proc_parse.c:2630:13: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2636:12: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2643:12: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2643:12: branch_false: following ‘false’ branch (when ‘args’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2646:45: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2647:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2652:15: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2652:15: call_function: calling ‘parse_cgroup_file’ from ‘parse_thread_cgroup’
# 2706|   	struct cg_ctl *c, *n;
# 2707|   
# 2708|-> 	list_for_each_entry_safe(c, n, l, l) {
# 2709|   		xfree(c->name);
# 2710|   		xfree(c->path);

Error: GCC_ANALYZER_WARNING (CWE-415): [#def179]
criu-4.1/criu/proc_parse.c:2709:17: warning[-Wanalyzer-double-free]: double-‘free’ of ‘*c.name’
criu-4.1/criu/proc_parse.c:2621:5: enter_function: entry to ‘parse_thread_cgroup’
criu-4.1/criu/proc_parse.c:2630:13: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2636:12: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2643:12: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2643:12: branch_false: following ‘false’ branch (when ‘args’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2646:45: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2647:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2652:15: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2652:15: call_function: calling ‘parse_cgroup_file’ from ‘parse_thread_cgroup’
# 2707|   
# 2708|   	list_for_each_entry_safe(c, n, l, l) {
# 2709|-> 		xfree(c->name);
# 2710|   		xfree(c->path);
# 2711|   		xfree(c);

Error: GCC_ANALYZER_WARNING (CWE-126): [#def180]
criu-4.1/criu/proc_parse.c:2709:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
criu-4.1/criu/proc_parse.c:2621:5: enter_function: entry to ‘parse_thread_cgroup’
criu-4.1/criu/proc_parse.c:2630:13: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2636:12: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2643:12: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2643:12: branch_false: following ‘false’ branch (when ‘args’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2646:45: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2647:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2652:15: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2652:15: call_function: calling ‘parse_cgroup_file’ from ‘parse_thread_cgroup’
# 2707|   
# 2708|   	list_for_each_entry_safe(c, n, l, l) {
# 2709|-> 		xfree(c->name);
# 2710|   		xfree(c->path);
# 2711|   		xfree(c);

Error: GCC_ANALYZER_WARNING (CWE-416): [#def181]
criu-4.1/criu/proc_parse.c:2709:17: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘c’
criu-4.1/criu/proc_parse.c:2621:5: enter_function: entry to ‘parse_thread_cgroup’
criu-4.1/criu/proc_parse.c:2630:13: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2636:12: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2643:12: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2643:12: branch_false: following ‘false’ branch (when ‘args’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2646:45: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2647:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2652:15: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2652:15: call_function: calling ‘parse_cgroup_file’ from ‘parse_thread_cgroup’
# 2707|   
# 2708|   	list_for_each_entry_safe(c, n, l, l) {
# 2709|-> 		xfree(c->name);
# 2710|   		xfree(c->path);
# 2711|   		xfree(c);

Error: GCC_ANALYZER_WARNING (CWE-415): [#def182]
criu-4.1/criu/proc_parse.c:2710:17: warning[-Wanalyzer-double-free]: double-‘free’ of ‘*c.path’
criu-4.1/criu/proc_parse.c:2621:5: enter_function: entry to ‘parse_thread_cgroup’
criu-4.1/criu/proc_parse.c:2630:13: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2636:12: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2643:12: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2643:12: branch_false: following ‘false’ branch (when ‘args’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2646:45: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2647:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2652:15: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2652:15: call_function: calling ‘parse_cgroup_file’ from ‘parse_thread_cgroup’
# 2708|   	list_for_each_entry_safe(c, n, l, l) {
# 2709|   		xfree(c->name);
# 2710|-> 		xfree(c->path);
# 2711|   		xfree(c);
# 2712|   	}

Error: GCC_ANALYZER_WARNING (CWE-126): [#def183]
criu-4.1/criu/proc_parse.c:2710:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
criu-4.1/criu/proc_parse.c:2621:5: enter_function: entry to ‘parse_thread_cgroup’
criu-4.1/criu/proc_parse.c:2630:13: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2636:12: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2643:12: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2643:12: branch_false: following ‘false’ branch (when ‘args’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2646:45: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2647:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2652:15: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2652:15: call_function: calling ‘parse_cgroup_file’ from ‘parse_thread_cgroup’
# 2708|   	list_for_each_entry_safe(c, n, l, l) {
# 2709|   		xfree(c->name);
# 2710|-> 		xfree(c->path);
# 2711|   		xfree(c);
# 2712|   	}

Error: GCC_ANALYZER_WARNING (CWE-590): [#def184]
criu-4.1/criu/proc_parse.c:2711:17: warning[-Wanalyzer-free-of-non-heap]: ‘free’ of ‘c’ which points to memory on the stack
criu-4.1/criu/proc_parse.c:2621:5: enter_function: entry to ‘parse_thread_cgroup’
criu-4.1/criu/proc_parse.c:2630:13: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2636:12: branch_false: following ‘false’ branch...
criu-4.1/criu/proc_parse.c:2643:12: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2643:12: branch_false: following ‘false’ branch (when ‘args’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2646:45: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2647:12: branch_false: following ‘false’ branch (when ‘f’ is non-NULL)...
criu-4.1/criu/proc_parse.c:2652:15: branch_false: ...to here
criu-4.1/criu/proc_parse.c:2652:15: call_function: calling ‘parse_cgroup_file’ from ‘parse_thread_cgroup’
# 2709|   		xfree(c->name);
# 2710|   		xfree(c->path);
# 2711|-> 		xfree(c);
# 2712|   	}
# 2713|   	INIT_LIST_HEAD(l);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def185]
criu-4.1/criu/pstree.c:238:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  236|   int init_pstree_helper(struct pstree_item *ret)
#  237|   {
#  238|-> 	BUG_ON(!ret->parent);
#  239|   	ret->pid->state = TASK_HELPER;
#  240|   	rsti(ret)->clone_flags = CLONE_FILES | CLONE_FS;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def186]
criu-4.1/criu/pstree.c:490:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  488|   	if (!node)
#  489|   		return NULL;
#  490|-> 	BUG_ON(node->state == TASK_THREAD);
#  491|   
#  492|   	return node->item;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def187]
criu-4.1/criu/pstree.c:560:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/pstree.c:1071:5: enter_function: entry to ‘prepare_dummy_pstree’
criu-4.1/criu/pstree.c:1075:12: branch_false: following ‘false’ branch...
criu-4.1/criu/pstree.c:1078:13: branch_false: ...to here
criu-4.1/criu/pstree.c:1078:12: branch_false: following ‘false’ branch...
criu-4.1/criu/pstree.c:1081:13: branch_false: ...to here
criu-4.1/criu/pstree.c:1081:13: call_function: calling ‘read_pstree_image’ from ‘prepare_dummy_pstree’
#  558|   	if (pi == NULL)
#  559|   		goto err;
#  560|-> 	BUG_ON(pi->pid->state != TASK_UNDEF);
#  561|   
#  562|   	/*

Error: GCC_ANALYZER_WARNING (CWE-476): [#def188]
criu-4.1/criu/pstree.c:1104:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 1102|   	if (pid == NULL)
# 1103|   		return NULL;
# 1104|-> 	BUG_ON(pid->state == TASK_THREAD);
# 1105|   
# 1106|   	return pid->item;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def189]
criu-4.1/criu/rst-malloc.c:150:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  148|   {
#  149|   	struct rst_mem_type_s *t = &rst_mems[type];
#  150|-> 	BUG_ON(!t->remapable || !t->enabled);
#  151|   
#  152|   	rst_mem_align(type);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def190]
criu-4.1/criu/rst-malloc.c:160:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/rst-malloc.c:160:9: branch_false: following ‘false’ branch...
criu-4.1/criu/rst-malloc.c:160:9: branch_false: ...to here
criu-4.1/criu/rst-malloc.c:160:9: danger: dereference of NULL ‘0’
#  158|   {
#  159|   	struct rst_mem_type_s *t = &rst_mems[type];
#  160|-> 	BUG_ON(!t->remapable);
#  161|   	return t->buf + pos;
#  162|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def191]
criu-4.1/criu/rst-malloc.c:169:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/rst-malloc.c:169:9: branch_false: following ‘false’ branch...
criu-4.1/criu/rst-malloc.c:169:9: branch_false: ...to here
criu-4.1/criu/rst-malloc.c:169:9: danger: dereference of NULL ‘0’
#  167|   	void *ret;
#  168|   
#  169|-> 	BUG_ON(!t->enabled);
#  170|   
#  171|   	if ((t->free_bytes < size) && t->grow(t, size)) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def192]
criu-4.1/criu/rst-malloc.c:188:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  186|   	struct rst_mem_type_s *t = &rst_mems[type];
#  187|   
#  188|-> 	BUG_ON(!t->enabled);
#  189|   
#  190|   	t->free_mem -= t->last;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def193]
criu-4.1/criu/rst-malloc.c:211:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  209|   	void *aux;
#  210|   
#  211|-> 	BUG_ON(!t->remapable || t->enabled);
#  212|   
#  213|   	if (!t->buf)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def194]
criu-4.1/criu/seccomp.c:222:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/seccomp.c:211:13: enter_function: entry to ‘try_use_tsync’
criu-4.1/criu/seccomp.c:217:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/seccomp.c:220:21: branch_true: following ‘true’ branch...
criu-4.1/criu/seccomp.c:221:25: branch_true: ...to here
criu-4.1/criu/seccomp.c:221:25: call_function: calling ‘seccomp_lookup’ from ‘try_use_tsync’
criu-4.1/criu/seccomp.c:221:25: return_function: returning to ‘try_use_tsync’ from ‘seccomp_lookup’
criu-4.1/criu/seccomp.c:222:17: branch_true: following ‘true’ branch...
criu-4.1/criu/seccomp.c:222:17: branch_true: ...to here
criu-4.1/criu/seccomp.c:222:17: danger: dereference of NULL ‘0’
#  220|   	for (i = 0; i < item->nr_threads; i++) {
#  221|   		entry = seccomp_find_entry(item->threads[i].real);
#  222|-> 		BUG_ON(!entry);
#  223|   
#  224|   		if (entry == leader)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def195]
criu-4.1/criu/seccomp.c:234:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/seccomp.c:211:13: enter_function: entry to ‘try_use_tsync’
criu-4.1/criu/seccomp.c:217:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/seccomp.c:220:21: branch_true: following ‘true’ branch...
criu-4.1/criu/seccomp.c:221:25: branch_true: ...to here
criu-4.1/criu/seccomp.c:221:25: call_function: calling ‘seccomp_lookup’ from ‘try_use_tsync’
criu-4.1/criu/seccomp.c:221:25: return_function: returning to ‘try_use_tsync’ from ‘seccomp_lookup’
criu-4.1/criu/seccomp.c:222:17: branch_false: following ‘false’ branch...
criu-4.1/criu/seccomp.c:224:20: branch_false: ...to here
criu-4.1/criu/seccomp.c:224:20: branch_false: following ‘false’ branch...
criu-4.1/criu/seccomp.c:227:21: branch_false: ...to here
criu-4.1/criu/seccomp.c:227:20: branch_false: following ‘false’ branch...
criu-4.1/criu/seccomp.c:233:29: branch_true: following ‘true’ branch...
criu-4.1/criu/seccomp.c:234:25: branch_true: ...to here
criu-4.1/criu/seccomp.c:234:25: danger: dereference of NULL ‘0’
#  232|   
#  233|   		for (j = 0; j < leader->nr_chains; j++) {
#  234|-> 			BUG_ON((!chain_a || !chain_b));
#  235|   
#  236|   			if (chain_a->filter.filter.len != chain_b->filter.filter.len)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def196]
criu-4.1/criu/seccomp.c:256:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/seccomp.c:268:12: enter_function: entry to ‘collect_filters’
criu-4.1/criu/seccomp.c:273:12: branch_false: following ‘false’ branch...
criu-4.1/criu/seccomp.c:276:18: branch_false: ...to here
criu-4.1/criu/seccomp.c:276:18: call_function: calling ‘seccomp_lookup’ from ‘collect_filters’
criu-4.1/criu/seccomp.c:276:18: return_function: returning to ‘collect_filters’ from ‘seccomp_lookup’
criu-4.1/criu/seccomp.c:277:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
criu-4.1/criu/seccomp.c:293:9: call_function: calling ‘try_use_tsync’ from ‘collect_filters’
#  254|   	for (i = 0; i < item->nr_threads; i++) {
#  255|   		entry = seccomp_find_entry(item->threads[i].real);
#  256|-> 		BUG_ON(!entry);
#  257|   
#  258|   		if (entry == leader)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def197]
criu-4.1/criu/seccomp.c:380:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/seccomp.c:372:12: branch_false: following ‘false’ branch...
criu-4.1/criu/seccomp.c:375:15: branch_false: ...to here
criu-4.1/criu/seccomp.c:377:12: branch_false: following ‘false’ branch...
criu-4.1/criu/seccomp.c:380:9: branch_false: ...to here
criu-4.1/criu/seccomp.c:380:9: branch_true: following ‘true’ branch...
criu-4.1/criu/seccomp.c:380:9: branch_true: ...to here
criu-4.1/criu/seccomp.c:380:9: danger: dereference of NULL ‘0’
#  378|   		return 0; /* there were no filters */
#  379|   
#  380|-> 	BUG_ON(!seccomp_img_entry);
#  381|   
#  382|   	return 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def198]
criu-4.1/criu/servicefd.c:106:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  104|   int get_service_fd(enum sfd_type type)
#  105|   {
#  106|-> 	BUG_ON((int)type <= SERVICE_FD_MIN || (int)type >= SERVICE_FD_MAX);
#  107|   
#  108|   	if (!test_bit(type, sfd_map))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def199]
criu-4.1/criu/servicefd.c:150:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  148|   	pr_err("Service fd %s is being modified in protected context\n", sfd_type_name(type));
#  149|   	print_stack_trace(current ? vpid(current) : 0);
#  150|-> 	BUG();
#  151|   }
#  152|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def200]
criu-4.1/criu/servicefd.c:158:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/servicefd.c:158:9: branch_true: following ‘true’ branch...
criu-4.1/criu/servicefd.c:158:9: branch_true: ...to here
criu-4.1/criu/servicefd.c:158:9: danger: dereference of NULL ‘0’
#  156|   	int tmp;
#  157|   
#  158|-> 	BUG_ON((int)type <= SERVICE_FD_MIN || (int)type >= SERVICE_FD_MAX);
#  159|   	if (sfds_protected && !test_bit(type, sfd_map))
#  160|   		sfds_protection_bug(type);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def201]
criu-4.1/criu/servicefd.c:186:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘tmp’
criu-4.1/criu/servicefd.c:153:5: enter_function: entry to ‘install_service_fd’
criu-4.1/criu/servicefd.c:158:9: branch_false: following ‘false’ branch...
criu-4.1/criu/servicefd.c:159:13: branch_false: ...to here
criu-4.1/criu/servicefd.c:162:12: branch_false: following ‘false’ branch...
criu-4.1/criu/servicefd.c:170:14: branch_false: ...to here
criu-4.1/criu/servicefd.c:170:12: branch_true: following ‘true’ branch (when ‘oldbit != 0’)...
criu-4.1/criu/servicefd.c:173:23: branch_true: ...to here
criu-4.1/criu/servicefd.c:173:23: acquire_resource: opened here
criu-4.1/criu/servicefd.c:174:12: branch_false: following ‘false’ branch (when ‘tmp >= 0’)...
criu-4.1/criu/servicefd.c:178:19: branch_false: ...to here
criu-4.1/criu/servicefd.c:178:19: branch_false: following ‘false’ branch...
criu-4.1/criu/servicefd.c:185:9: call_function: inlined call to ‘set_bit’ from ‘install_service_fd’
criu-4.1/criu/servicefd.c:186:9: danger: ‘tmp’ leaks here; was opened at [(8)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/7)
#  184|   
#  185|   	set_bit(type, sfd_map);
#  186|-> 	close(fd);
#  187|   	return sfd;
#  188|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def202]
criu-4.1/criu/servicefd.c:236:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘ret’
criu-4.1/criu/servicefd.c:217:12: enter_function: entry to ‘move_service_fd’
criu-4.1/criu/servicefd.c:219:19: call_function: calling ‘get_service_fd’ from ‘move_service_fd’
criu-4.1/criu/servicefd.c:219:19: return_function: returning to ‘move_service_fd’ from ‘get_service_fd’
criu-4.1/criu/servicefd.c:223:12: branch_false: following ‘false’ branch...
criu-4.1/criu/servicefd.c:226:14: branch_false: ...to here
criu-4.1/criu/servicefd.c:226:12: branch_true: following ‘true’ branch (when ‘oldbit != 0’)...
criu-4.1/criu/servicefd.c:229:23: branch_true: ...to here
criu-4.1/criu/servicefd.c:229:23: acquire_resource: opened here
criu-4.1/criu/servicefd.c:230:12: branch_false: following ‘false’ branch (when ‘ret != -1’)...
criu-4.1/criu/servicefd.c:233:19: branch_false: ...to here
criu-4.1/criu/servicefd.c:236:19: danger: ‘ret’ leaks here; was opened at [(11)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/10)
#  234|   		pr_err("%s busy target %d -> %d\n", sfd_type_name(type), old, new);
#  235|   		return -1;
#  236|-> 	} else if (!(rsti(me)->clone_flags & CLONE_FILES))
#  237|   		close(old);
#  238|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def203]
criu-4.1/criu/servicefd.c:237:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘ret’
criu-4.1/criu/servicefd.c:217:12: enter_function: entry to ‘move_service_fd’
criu-4.1/criu/servicefd.c:219:19: call_function: calling ‘get_service_fd’ from ‘move_service_fd’
criu-4.1/criu/servicefd.c:219:19: return_function: returning to ‘move_service_fd’ from ‘get_service_fd’
criu-4.1/criu/servicefd.c:223:12: branch_false: following ‘false’ branch...
criu-4.1/criu/servicefd.c:226:14: branch_false: ...to here
criu-4.1/criu/servicefd.c:226:12: branch_true: following ‘true’ branch (when ‘oldbit != 0’)...
criu-4.1/criu/servicefd.c:229:23: branch_true: ...to here
criu-4.1/criu/servicefd.c:229:23: acquire_resource: opened here
criu-4.1/criu/servicefd.c:230:12: branch_false: following ‘false’ branch (when ‘ret != -1’)...
criu-4.1/criu/servicefd.c:233:19: branch_false: ...to here
criu-4.1/criu/servicefd.c:233:19: branch_false: following ‘false’ branch (when ‘ret == new’)...
criu-4.1/criu/servicefd.c:236:22: branch_false: ...to here
criu-4.1/criu/servicefd.c:236:19: branch_true: following ‘true’ branch...
criu-4.1/criu/servicefd.c:237:17: branch_true: ...to here
criu-4.1/criu/servicefd.c:237:17: danger: ‘ret’ leaks here; was opened at [(15)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/14)
#  235|   		return -1;
#  236|   	} else if (!(rsti(me)->clone_flags & CLONE_FILES))
#  237|-> 		close(old);
#  238|   
#  239|   	return 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def204]
criu-4.1/criu/shmem.c:201:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/shmem.c:656:5: enter_function: entry to ‘add_shmem_area’
criu-4.1/criu/shmem.c:664:14: call_function: calling ‘shmem_find’ from ‘add_shmem_area’
criu-4.1/criu/shmem.c:664:14: return_function: returning to ‘add_shmem_area’ from ‘shmem_find’
criu-4.1/criu/shmem.c:665:12: branch_true: following ‘true’ branch...
criu-4.1/criu/shmem.c:666:21: branch_true: ...to here
criu-4.1/criu/shmem.c:666:20: branch_true: following ‘true’ branch...
criu-4.1/criu/shmem.c:667:29: branch_true: ...to here
criu-4.1/criu/shmem.c:667:29: call_function: calling ‘expand_shmem’ from ‘add_shmem_area’
#  199|   	new_map_size = nr_new_map_items * sizeof(*si->pstate_map);
#  200|   
#  201|-> 	BUG_ON(new_map_size < map_size);
#  202|   
#  203|   	if (xrealloc_safe(&si->pstate_map, new_map_size))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def205]
criu-4.1/criu/sigact.c:196:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/sigact.c:251:5: enter_function: entry to ‘prepare_sigactions’
criu-4.1/criu/sigact.c:255:12: branch_true: following ‘true’ branch...
criu-4.1/criu/sigact.c:258:13: branch_true: ...to here
criu-4.1/criu/sigact.c:258:12: branch_false: following ‘false’ branch...
criu-4.1/criu/sigact.c:261:23: branch_false: ...to here
criu-4.1/criu/sigact.c:261:23: call_function: calling ‘prepare_sigactions_from_image’ from ‘prepare_sigactions’
#  194|   	int ret = 0;
#  195|   
#  196|-> 	BUG_ON(sig == SIGKILL || sig == SIGSTOP);
#  197|   
#  198|   	ret = pb_read_one_eof(img, &e, PB_SIGACT);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def206]
criu-4.1/criu/sk-inet.c:139:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/sk-inet.c:641:12: enter_function: entry to ‘dump_one_inet6_fd’
criu-4.1/criu/sk-inet.c:643:16: call_function: calling ‘do_dump_one_inet_fd’ from ‘dump_one_inet6_fd’
#  137|   static int can_dump_inet_sk(const struct inet_sk_desc *sk)
#  138|   {
#  139|-> 	BUG_ON((sk->sd.family != AF_INET) && (sk->sd.family != AF_INET6));
#  140|   
#  141|   	if (sk->type == SOCK_DGRAM) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def207]
criu-4.1/criu/sk-inet.c:505:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/sk-inet.c:641:12: enter_function: entry to ‘dump_one_inet6_fd’
criu-4.1/criu/sk-inet.c:643:16: call_function: calling ‘do_dump_one_inet_fd’ from ‘dump_one_inet6_fd’
#  503|   		goto err;
#  504|   
#  505|-> 	BUG_ON(sk->sd.already_dumped);
#  506|   
#  507|   	ie.id = id;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def208]
criu-4.1/criu/sk-inet.c:767:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/sk-inet.c:754:12: enter_function: entry to ‘post_open_inet_sk’
criu-4.1/criu/sk-inet.c:767:17: branch_true: following ‘true’ branch...
criu-4.1/criu/sk-inet.c:767:17: branch_true: ...to here
criu-4.1/criu/sk-inet.c:767:17: danger: dereference of NULL ‘0’
#  765|   	if (tcp_connection(ii->ie)) {
#  766|   		pr_debug("Schedule %d socket for repair off\n", sk);
#  767|-> 		BUG_ON(ii->sk_fd != -1);
#  768|   		ii->sk_fd = sk;
#  769|   		return 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def209]
criu-4.1/criu/sk-inet.c:1007:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
# 1005|   	}
# 1006|   
# 1007|-> 	BUG();
# 1008|   	return -1;
# 1009|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def210]
criu-4.1/criu/sk-netlink.c:100:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/sk-netlink.c:90:12: branch_false: following ‘false’ branch...
criu-4.1/criu/sk-netlink.c:93:9: branch_false: ...to here
criu-4.1/criu/sk-netlink.c:96:12: branch_true: following ‘true’ branch...
criu-4.1/criu/sk-netlink.c:99:12: branch_true: ...to here
criu-4.1/criu/sk-netlink.c:99:12: branch_true: following ‘true’ branch...
criu-4.1/criu/sk-netlink.c:100:17: branch_true: ...to here
criu-4.1/criu/sk-netlink.c:100:17: branch_true: following ‘true’ branch...
criu-4.1/criu/sk-netlink.c:100:17: branch_true: ...to here
criu-4.1/criu/sk-netlink.c:100:17: danger: dereference of NULL ‘0’
#   98|   
#   99|   	if (sk) {
#  100|-> 		BUG_ON(sk->sd.already_dumped);
#  101|   
#  102|   		ne.ns_id = sk->sd.sk_ns->id;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def211]
criu-4.1/criu/sk-packet.c:165:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/sk-packet.c:150:12: enter_function: entry to ‘dump_one_packet_fd’
criu-4.1/criu/sk-packet.c:165:9: branch_true: following ‘true’ branch...
criu-4.1/criu/sk-packet.c:165:9: branch_true: ...to here
criu-4.1/criu/sk-packet.c:165:9: danger: dereference of NULL ‘0’
#  163|   
#  164|   	pr_info("Dumping packet socket fd %d id %#x\n", lfd, id);
#  165|-> 	BUG_ON(sd->sd.already_dumped);
#  166|   	sd->sd.already_dumped = 1;
#  167|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def212]
criu-4.1/criu/sk-packet.c:213:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
criu-4.1/criu/sk-packet.c:150:12: enter_function: entry to ‘dump_one_packet_fd’
criu-4.1/criu/sk-packet.c:165:9: branch_false: following ‘false’ branch...
criu-4.1/criu/sk-packet.c:166:9: branch_false: ...to here
criu-4.1/criu/sk-packet.c:176:12: branch_false: following ‘false’ branch...
criu-4.1/criu/sk-packet.c:179:24: branch_false: ...to here
criu-4.1/criu/sk-packet.c:190:15: call_function: calling ‘dump_mreqs’ from ‘dump_one_packet_fd’
criu-4.1/criu/sk-packet.c:190:15: return_function: returning to ‘dump_one_packet_fd’ from ‘dump_mreqs’
criu-4.1/criu/sk-packet.c:191:12: branch_true: following ‘true’ branch...
criu-4.1/criu/sk-packet.c:192:17: branch_true: ...to here
criu-4.1/criu/sk-packet.c:212:21: branch_true: following ‘true’ branch...
criu-4.1/criu/sk-packet.c:213:17: branch_true: ...to here
criu-4.1/criu/sk-packet.c:213:17: danger: use of uninitialized value ‘*<unknown>’ here
#  211|   	xfree(psk.tx_ring);
#  212|   	for (i = 0; i < psk.n_mclist; i++)
#  213|-> 		xfree(psk.mclist[i]->addr.data);
#  214|   	xfree(psk.mclist);
#  215|   	return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def213]
criu-4.1/criu/sk-packet.c:312:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
criu-4.1/criu/sk-packet.c:255:5: enter_function: entry to ‘packet_receive_one’
criu-4.1/criu/sk-packet.c:265:12: branch_false: following ‘false’ branch...
criu-4.1/criu/sk-packet.c:270:14: branch_false: ...to here
criu-4.1/criu/sk-packet.c:270:12: branch_false: following ‘false’ branch...
criu-4.1/criu/sk-packet.c:275:14: branch_false: ...to here
criu-4.1/criu/sk-packet.c:275:14: branch_false: following ‘false’ branch (when ‘___p’ is non-NULL)...
criu-4.1/criu/sk-packet.c:279:9: branch_false: ...to here
criu-4.1/criu/sk-packet.c:286:13: call_function: calling ‘packet_save_mreqs’ from ‘packet_receive_one’
criu-4.1/criu/sk-packet.c:286:13: return_function: returning to ‘packet_receive_one’ from ‘packet_save_mreqs’
criu-4.1/criu/sk-packet.c:286:12: branch_false: following ‘false’ branch...
criu-4.1/criu/sk-packet.c:289:13: branch_false: ...to here
criu-4.1/criu/sk-packet.c:294:12: branch_true: following ‘true’ branch...
criu-4.1/criu/sk-packet.c:295:26: branch_true: ...to here
criu-4.1/criu/sk-packet.c:295:26: branch_true: following ‘true’ branch (when ‘___p’ is NULL)...
criu-4.1/criu/sk-packet.c:295:26: branch_true: ...to here
criu-4.1/criu/sk-packet.c:296:20: branch_true: following ‘true’ branch (when ‘___p’ is NULL)...
criu-4.1/criu/sk-packet.c:297:25: branch_true: ...to here
criu-4.1/criu/sk-packet.c:312:9: danger: ‘<unknown>’ leaks here; was allocated at [(10)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/9)
#  310|   	xfree(sd->tx);
#  311|   	xfree(sd->rx);
#  312|-> 	xfree(sd);
#  313|   	return -1;
#  314|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def214]
criu-4.1/criu/sk-packet.c:343:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
criu-4.1/criu/sk-packet.c:324:12: branch_false: following ‘false’ branch...
criu-4.1/criu/sk-packet.c:329:9: branch_false: ...to here
criu-4.1/criu/sk-packet.c:329:9: branch_true: following ‘true’ branch...
criu-4.1/criu/sk-packet.c:330:21: branch_true: ...to here
criu-4.1/criu/sk-packet.c:337:30: acquire_resource: opened here
criu-4.1/criu/sk-packet.c:338:28: branch_false: following ‘false’ branch (when ‘fd >= 0’)...
criu-4.1/criu/sk-packet.c:343:25: branch_false: ...to here
criu-4.1/criu/sk-packet.c:343:25: danger: ‘fd’ leaks here; was opened at [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4)
#  341|   			}
#  342|   
#  343|-> 			vma->fd = fd;
#  344|   			return 0;
#  345|   		}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def215]
criu-4.1/criu/sk-unix.c:1351:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/sk-unix.c:1796:12: enter_function: entry to ‘open_unixsk_standalone’
criu-4.1/criu/sk-unix.c:1822:12: branch_true: following ‘true’ branch...
criu-4.1/criu/sk-unix.c:1823:53: branch_true: ...to here
criu-4.1/criu/sk-unix.c:1823:24: call_function: calling ‘post_open_standalone’ from ‘open_unixsk_standalone’
# 1349|   
# 1350|   	ui = container_of(d, struct unix_sk_info, d);
# 1351|-> 	BUG_ON((ui->flags & (USK_PAIR_MASTER | USK_PAIR_SLAVE)) || (ui->ue->uflags & (USK_CALLBACK | USK_INHERIT)));
# 1352|   
# 1353|   	if (chk_restored_scms(ui))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def216]
criu-4.1/criu/sk-unix.c:1674:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/sk-unix.c:1960:12: enter_function: entry to ‘open_unix_sk’
criu-4.1/criu/sk-unix.c:1967:12: branch_false: following ‘false’ branch...
criu-4.1/criu/sk-unix.c:1970:20: branch_false: ...to here
criu-4.1/criu/sk-unix.c:1970:19: branch_true: following ‘true’ branch...
criu-4.1/criu/sk-unix.c:1971:23: branch_true: ...to here
criu-4.1/criu/sk-unix.c:1971:23: call_function: calling ‘open_unixsk_pair_master’ from ‘open_unix_sk’
# 1672|   	fle = file_master(&ui->d);
# 1673|   	fle_peer = file_master(&peer->d);
# 1674|-> 	BUG_ON(fle->task != fle_peer->task); /* See interconnected_pair() */
# 1675|   
# 1676|   	if (chk_restored_scms(ui) || chk_restored_scms(peer))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def217]
criu-4.1/criu/sk-unix.c:1713:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/sk-unix.c:1960:12: enter_function: entry to ‘open_unix_sk’
criu-4.1/criu/sk-unix.c:1967:12: branch_false: following ‘false’ branch...
criu-4.1/criu/sk-unix.c:1970:20: branch_false: ...to here
criu-4.1/criu/sk-unix.c:1970:19: branch_true: following ‘true’ branch...
criu-4.1/criu/sk-unix.c:1971:23: branch_true: ...to here
criu-4.1/criu/sk-unix.c:1971:23: call_function: calling ‘open_unixsk_pair_master’ from ‘open_unix_sk’
# 1711|   	fle_peer = file_master(&peer->d);
# 1712|   
# 1713|-> 	BUG_ON(fle->task != fle_peer->task); /* See interconnected_pair() */
# 1714|   
# 1715|   	if (set_netns(ui->ue->ns_id))

Error: GCC_ANALYZER_WARNING (CWE-666): [#def218]
criu-4.1/criu/sk-unix.c:1931:21: warning[-Wanalyzer-fd-phase-mismatch]: ‘listen’ on file descriptor ‘sk’ in wrong phase
criu-4.1/criu/sk-unix.c:1960:12: enter_function: entry to ‘open_unix_sk’
criu-4.1/criu/sk-unix.c:1967:12: branch_false: following ‘false’ branch...
criu-4.1/criu/sk-unix.c:1970:20: branch_false: ...to here
criu-4.1/criu/sk-unix.c:1970:19: branch_false: following ‘false’ branch...
criu-4.1/criu/sk-unix.c:1972:18: branch_false: ...to here
criu-4.1/criu/sk-unix.c:1972:17: branch_false: following ‘false’ branch...
criu-4.1/criu/sk-unix.c:1975:23: branch_false: ...to here
criu-4.1/criu/sk-unix.c:1975:23: call_function: calling ‘open_unixsk_standalone’ from ‘open_unix_sk’
# 1929|   	if (ui->ue->state == TCP_LISTEN) {
# 1930|   		pr_info("\tPutting %u into listen state\n", ui->ue->ino);
# 1931|-> 		if (listen(sk, ui->ue->backlog) < 0) {
# 1932|   			pr_perror("Can't make usk listen");
# 1933|   			close(sk);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def219]
criu-4.1/criu/sk-unix.c:2135:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘uname’
criu-4.1/criu/sk-unix.c:2124:12: enter_function: entry to ‘collect_one_unixsk’
criu-4.1/criu/sk-unix.c:2130:13: call_function: calling ‘init_unix_sk_info’ from ‘collect_one_unixsk’
criu-4.1/criu/sk-unix.c:2130:13: return_function: returning to ‘collect_one_unixsk’ from ‘init_unix_sk_info’
criu-4.1/criu/sk-unix.c:2130:12: branch_false: following ‘false’ branch...
criu-4.1/criu/sk-unix.c:2133:9: branch_false: ...to here
criu-4.1/criu/sk-unix.c:2133:9: release_memory: ‘uname’ is NULL
criu-4.1/criu/sk-unix.c:2135:12: branch_true: following ‘true’ branch (when ‘ulen > 0’)...
criu-4.1/criu/sk-unix.c:2135:25: branch_true: ...to here
criu-4.1/criu/sk-unix.c:2135:25: danger: dereference of NULL ‘uname’
# 2133|   	uname = ui->name;
# 2134|   	ulen = ui->ue->name.len;
# 2135|-> 	if (ulen > 0 && uname[0] == 0) {
# 2136|   		prefix = "@";
# 2137|   		uname++;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def220]
criu-4.1/criu/sk-unix.c:2306:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/sk-unix.c:2303:12: branch_false: following ‘false’ branch...
criu-4.1/criu/sk-unix.c:2306:9: branch_false: ...to here
criu-4.1/criu/sk-unix.c:2306:9: branch_true: following ‘true’ branch...
criu-4.1/criu/sk-unix.c:2306:9: branch_true: ...to here
criu-4.1/criu/sk-unix.c:2306:9: danger: dereference of NULL ‘0’
# 2304|   		return;
# 2305|   
# 2306|-> 	BUG_ON(!ui->ue->peer);
# 2307|   
# 2308|   	if (ui->ue->peer == ui->ue->ino) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def221]
criu-4.1/criu/sockets.c:177:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  175|   
#  176|   	pr_err("Unknown pair family %d proto %d\n", family, proto);
#  177|-> 	BUG();
#  178|   	return -1;
#  179|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def222]
criu-4.1/criu/sockets.c:425:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  423|   	for (sd = sockets[ino % SK_HASH_SIZE]; sd; sd = sd->next) {
#  424|   		if (sd->ino == ino) {
#  425|-> 			BUG_ON(sd->family != family);
#  426|   			return sd;
#  427|   		}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def223]
criu-4.1/criu/sockets.c:777:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
#  775|   		break;
#  776|   	default:
#  777|-> 		BUG_ON(1);
#  778|   		return -1;
#  779|   	}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def224]
criu-4.1/criu/stats.c:35:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/stats.c:34:12: branch_true: following ‘true’ branch...
criu-4.1/criu/stats.c:35:17: branch_true: ...to here
criu-4.1/criu/stats.c:35:17: branch_true: following ‘true’ branch (when ‘c > 8’)...
criu-4.1/criu/stats.c:35:17: branch_true: ...to here
criu-4.1/criu/stats.c:35:17: danger: dereference of NULL ‘0’
#   33|   {
#   34|   	if (dstats != NULL) {
#   35|-> 		BUG_ON(c >= DUMP_CNT_NR_STATS);
#   36|   		dstats->counts[c] += val;
#   37|   	} else if (rstats != NULL) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def225]
criu-4.1/criu/stats.c:38:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/stats.c:34:12: branch_false: following ‘false’ branch...
criu-4.1/criu/stats.c:37:20: branch_false: ...to here
criu-4.1/criu/stats.c:37:19: branch_true: following ‘true’ branch...
criu-4.1/criu/stats.c:38:17: branch_true: ...to here
criu-4.1/criu/stats.c:38:17: branch_true: following ‘true’ branch (when ‘c > 2’)...
criu-4.1/criu/stats.c:38:17: branch_true: ...to here
criu-4.1/criu/stats.c:38:17: danger: dereference of NULL ‘0’
#   36|   		dstats->counts[c] += val;
#   37|   	} else if (rstats != NULL) {
#   38|-> 		BUG_ON(c >= RESTORE_CNT_NR_STATS);
#   39|   		atomic_add(val, &rstats->counts[c]);
#   40|   	} else

Error: GCC_ANALYZER_WARNING (CWE-476): [#def226]
criu-4.1/criu/stats.c:41:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/stats.c:34:12: branch_false: following ‘false’ branch...
criu-4.1/criu/stats.c:37:20: branch_false: ...to here
criu-4.1/criu/stats.c:37:19: branch_false: following ‘false’ branch...
criu-4.1/criu/stats.c:41:17: branch_false: ...to here
criu-4.1/criu/stats.c:41:17: danger: dereference of NULL ‘0’
#   39|   		atomic_add(val, &rstats->counts[c]);
#   40|   	} else
#   41|-> 		BUG();
#   42|   }
#   43|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def227]
criu-4.1/criu/stats.c:47:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/stats.c:46:12: branch_true: following ‘true’ branch...
criu-4.1/criu/stats.c:47:17: branch_true: ...to here
criu-4.1/criu/stats.c:47:17: branch_true: following ‘true’ branch (when ‘c > 8’)...
criu-4.1/criu/stats.c:47:17: branch_true: ...to here
criu-4.1/criu/stats.c:47:17: danger: dereference of NULL ‘0’
#   45|   {
#   46|   	if (dstats != NULL) {
#   47|-> 		BUG_ON(c >= DUMP_CNT_NR_STATS);
#   48|   		dstats->counts[c] -= val;
#   49|   	} else if (rstats != NULL) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def228]
criu-4.1/criu/stats.c:50:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/stats.c:46:12: branch_false: following ‘false’ branch...
criu-4.1/criu/stats.c:49:20: branch_false: ...to here
criu-4.1/criu/stats.c:49:19: branch_true: following ‘true’ branch...
criu-4.1/criu/stats.c:50:17: branch_true: ...to here
criu-4.1/criu/stats.c:50:17: branch_true: following ‘true’ branch (when ‘c > 2’)...
criu-4.1/criu/stats.c:50:17: branch_true: ...to here
criu-4.1/criu/stats.c:50:17: danger: dereference of NULL ‘0’
#   48|   		dstats->counts[c] -= val;
#   49|   	} else if (rstats != NULL) {
#   50|-> 		BUG_ON(c >= RESTORE_CNT_NR_STATS);
#   51|   		atomic_add(-val, &rstats->counts[c]);
#   52|   	} else

Error: GCC_ANALYZER_WARNING (CWE-476): [#def229]
criu-4.1/criu/stats.c:53:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/stats.c:46:12: branch_false: following ‘false’ branch...
criu-4.1/criu/stats.c:49:20: branch_false: ...to here
criu-4.1/criu/stats.c:49:19: branch_false: following ‘false’ branch...
criu-4.1/criu/stats.c:53:17: branch_false: ...to here
criu-4.1/criu/stats.c:53:17: danger: dereference of NULL ‘0’
#   51|   		atomic_add(-val, &rstats->counts[c]);
#   52|   	} else
#   53|-> 		BUG();
#   54|   }
#   55|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def230]
criu-4.1/criu/stats.c:76:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/stats.c:75:12: branch_true: following ‘true’ branch...
criu-4.1/criu/stats.c:76:17: branch_true: ...to here
criu-4.1/criu/stats.c:76:17: branch_true: following ‘true’ branch (when ‘t > 4’)...
criu-4.1/criu/stats.c:76:17: branch_true: ...to here
criu-4.1/criu/stats.c:76:17: danger: dereference of NULL ‘0’
#   74|   {
#   75|   	if (dstats != NULL) {
#   76|-> 		BUG_ON(t >= DUMP_TIME_NR_STATS);
#   77|   		return &dstats->timings[t];
#   78|   	} else if (rstats != NULL) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def231]
criu-4.1/criu/stats.c:83:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/stats.c:78:19: branch_true: following ‘true’ branch...
criu-4.1/criu/stats.c:83:17: branch_true: ...to here
criu-4.1/criu/stats.c:83:17: branch_true: following ‘true’ branch (when ‘t > 1’)...
criu-4.1/criu/stats.c:83:17: branch_true: ...to here
criu-4.1/criu/stats.c:83:17: danger: dereference of NULL ‘0’
#   81|   		 * from different tasks.
#   82|   		 */
#   83|-> 		BUG_ON(t >= RESTORE_TIME_NS_STATS);
#   84|   		return &rstats->timings[t];
#   85|   	}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def232]
criu-4.1/criu/stats.c:87:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/stats.c:78:19: branch_false: following ‘false’ branch...
criu-4.1/criu/stats.c:87:9: branch_false: ...to here
criu-4.1/criu/stats.c:87:9: danger: dereference of NULL ‘0’
#   85|   	}
#   86|   
#   87|-> 	BUG();
#   88|   	return NULL;
#   89|   }

Error: GCC_ANALYZER_WARNING (CWE-457): [#def233]
criu-4.1/criu/tls.c:195:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘packet’
criu-4.1/criu/tls.c:171:16: branch_false: following ‘false’ branch (when ‘len == 0’)...
criu-4.1/criu/tls.c:194:1: branch_false: ...to here
criu-4.1/criu/tls.c:195:9: danger: use of uninitialized value ‘packet’ here
#  193|   	}
#  194|   err:
#  195|-> 	gnutls_packet_deinit(packet);
#  196|   	return (len > 0);
#  197|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def234]
criu-4.1/criu/util.c:230:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘tmp’
criu-4.1/criu/util.c:1709:12: enter_function: entry to ‘is_iptables_nft’
criu-4.1/criu/util.c:1715:12: branch_false: following ‘false’ branch...
criu-4.1/criu/util.c:1720:15: branch_false: ...to here
criu-4.1/criu/util.c:1720:15: call_function: inlined call to ‘cr_system’ from ‘is_iptables_nft’
#  228|   	}
#  229|   
#  230|-> 	return ret;
#  231|   }
#  232|   

Error: GCC_ANALYZER_WARNING: [#def235]
criu-4.1/criu/util.c:241:31: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘new_fd’
criu-4.1/criu/util.c:1709:12: enter_function: entry to ‘is_iptables_nft’
criu-4.1/criu/util.c:1715:12: branch_false: following ‘false’ branch...
criu-4.1/criu/util.c:1720:15: branch_false: ...to here
criu-4.1/criu/util.c:1720:15: call_function: inlined call to ‘cr_system’ from ‘is_iptables_nft’
#  239|   			tmp = fcntl(old_fd, F_DUPFD, new_fd);
#  240|   		else
#  241|-> 			tmp = dup2(old_fd, new_fd);
#  242|   		if (tmp < 0) {
#  243|   			pr_perror("Dup %d -> %d failed (called at %s:%d)", old_fd, new_fd, file, line);

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def236]
criu-4.1/criu/util.c:621:25: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘0’
criu-4.1/criu/util.c:1709:12: enter_function: entry to ‘is_iptables_nft’
criu-4.1/criu/util.c:1715:12: branch_false: following ‘false’ branch...
criu-4.1/criu/util.c:1720:15: branch_false: ...to here
criu-4.1/criu/util.c:1720:15: call_function: inlined call to ‘cr_system’ from ‘is_iptables_nft’
#  619|   
#  620|   		if (in < 0) {
#  621|-> 			close(STDIN_FILENO);
#  622|   		} else {
#  623|   			if (reopen_fd_as_nocheck(STDIN_FILENO, in))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def237]
criu-4.1/criu/util.c:672:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/util.c:1709:12: enter_function: entry to ‘is_iptables_nft’
criu-4.1/criu/util.c:1715:12: branch_false: following ‘false’ branch...
criu-4.1/criu/util.c:1720:15: branch_false: ...to here
criu-4.1/criu/util.c:1720:15: call_function: inlined call to ‘cr_system’ from ‘is_iptables_nft’
#  670|   	if (sigprocmask(SIG_SETMASK, &oldmask, NULL) == -1) {
#  671|   		pr_perror("Can not unset mask of blocked signals");
#  672|-> 		BUG();
#  673|   	}
#  674|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def238]
criu-4.1/criu/util.c:1745:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pfd[0]’
criu-4.1/criu/util.c:1709:12: enter_function: entry to ‘is_iptables_nft’
criu-4.1/criu/util.c:1715:12: branch_false: following ‘false’ branch...
criu-4.1/criu/util.c:1720:15: branch_false: ...to here
criu-4.1/criu/util.c:1743:9: call_function: calling ‘close_safe’ from ‘is_iptables_nft’
criu-4.1/criu/util.c:1743:9: return_function: returning to ‘is_iptables_nft’ from ‘close_safe’
criu-4.1/criu/util.c:1744:9: call_function: calling ‘close_safe’ from ‘is_iptables_nft’
criu-4.1/criu/util.c:1744:9: return_function: returning to ‘is_iptables_nft’ from ‘close_safe’
criu-4.1/criu/util.c:1745:16: danger: ‘pfd[0]’ leaks here
# 1743|   	close_safe(&pfd[1]);
# 1744|   	close_safe(&pfd[0]);
# 1745|-> 	return ret;
# 1746|   }
# 1747|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def239]
criu-4.1/criu/util.c:1745:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pfd[1]’
criu-4.1/criu/util.c:1709:12: enter_function: entry to ‘is_iptables_nft’
criu-4.1/criu/util.c:1715:12: branch_false: following ‘false’ branch...
criu-4.1/criu/util.c:1720:15: branch_false: ...to here
criu-4.1/criu/util.c:1743:9: call_function: calling ‘close_safe’ from ‘is_iptables_nft’
criu-4.1/criu/util.c:1743:9: return_function: returning to ‘is_iptables_nft’ from ‘close_safe’
criu-4.1/criu/util.c:1744:9: call_function: calling ‘close_safe’ from ‘is_iptables_nft’
criu-4.1/criu/util.c:1744:9: return_function: returning to ‘is_iptables_nft’ from ‘close_safe’
criu-4.1/criu/util.c:1745:16: danger: ‘pfd[1]’ leaks here
# 1743|   	close_safe(&pfd[1]);
# 1744|   	close_safe(&pfd[0]);
# 1745|-> 	return ret;
# 1746|   }
# 1747|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def240]
criu-4.1/criu/vdso.c:155:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/vdso.c:132:12: branch_false: following ‘false’ branch (when ‘rt_vdso_marked’ is non-NULL)...
criu-4.1/criu/vdso.c:139:9: branch_false: ...to here
criu-4.1/criu/vdso.c:147:9: branch_true: following ‘true’ branch (when ‘vma != vma_area_list’)...
criu-4.1/criu/vdso.c:148:21: branch_true: ...to here
criu-4.1/criu/vdso.c:155:25: branch_false: following ‘false’ branch (when ‘rt_vvar_marked’ is NULL)...
criu-4.1/criu/vdso.c:156:29: branch_false: ...to here
criu-4.1/criu/vdso.c:147:9: branch_true: following ‘true’ branch (when ‘vma != vma_area_list’)...
criu-4.1/criu/vdso.c:148:21: branch_true: ...to here
criu-4.1/criu/vdso.c:155:25: danger: dereference of NULL ‘0’
#  153|   			pr_debug("vdso: Restore orig VVAR status at %lx\n", (long)vma->e->start);
#  154|   		} else if (addr->rt_vvar != VVAR_BAD_ADDR && addr->rt_vvar == vma->e->start) {
#  155|-> 			BUG_ON(rt_vvar_marked);
#  156|   			if (not_vvar_or_vdso(vma)) {
#  157|   				pr_warn("Mark in rt-vdso points to vma, that doesn't look like vvar - skipping unmap\n");

Error: GCC_ANALYZER_WARNING (CWE-476): [#def241]
criu-4.1/criu/vdso.c:272:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/vdso.c:267:12: branch_false: following ‘false’ branch...
criu-4.1/criu/vdso.c:270:18: branch_false: ...to here
criu-4.1/criu/vdso.c:271:12: branch_true: following ‘true’ branch...
criu-4.1/criu/vdso.c:272:17: branch_true: ...to here
criu-4.1/criu/vdso.c:272:17: branch_true: following ‘true’ branch...
criu-4.1/criu/vdso.c:272:17: branch_true: ...to here
criu-4.1/criu/vdso.c:272:17: danger: dereference of NULL ‘0’
#  270|   	vcheck = get_vdso_check_type(ctl);
#  271|   	if (vcheck == VDSO_CHECK_PFN) {
#  272|-> 		BUG_ON(vdso_pfn == VDSO_BAD_PFN);
#  273|   		fd = open_proc(pid, "pagemap");
#  274|   		if (fd < 0)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def242]
criu-4.1/criu/vdso.c:445:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/vdso.c:431:12: branch_false: following ‘false’ branch...
criu-4.1/criu/vdso.c:436:15: branch_false: ...to here
criu-4.1/criu/vdso.c:437:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
criu-4.1/criu/vdso.c:438:21: branch_true: ...to here
criu-4.1/criu/vdso.c:445:17: danger: dereference of NULL ‘0’
#  443|   		compat_vdso_helper(native, fds[0], log_get_fd(), vdso_buf, buf_size);
#  444|   
#  445|-> 		BUG();
#  446|   	}
#  447|   

Error: CPPCHECK_WARNING (CWE-476): [#def243]
criu-4.1/include/common/lock.h:82: error[nullPointer]: Null pointer dereference: (volatile unsigned long*)NULL
#   80|   {
#   81|   	atomic_set(&f->raw, (int)v);
#   82|-> 	LOCK_BUG_ON(sys_futex((uint32_t *)&f->raw.counter, FUTEX_WAKE, INT_MAX, NULL, NULL, 0) < 0);
#   83|   }
#   84|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def244]
criu-4.1/include/common/lock.h:82:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/include/common/lock.h:82:9: branch_true: following ‘true’ branch...
criu-4.1/include/common/lock.h:82:9: branch_true: ...to here
criu-4.1/include/common/lock.h:82:9: danger: dereference of NULL ‘0’
#   80|   {
#   81|   	atomic_set(&f->raw, (int)v);
#   82|-> 	LOCK_BUG_ON(sys_futex((uint32_t *)&f->raw.counter, FUTEX_WAKE, INT_MAX, NULL, NULL, 0) < 0);
#   83|   }
#   84|   

Error: CPPCHECK_WARNING (CWE-476): [#def245]
criu-4.1/include/common/lock.h:88: error[nullPointer]: Null pointer dereference: (volatile unsigned long*)NULL
#   86|   static inline void futex_wake(futex_t *f)
#   87|   {
#   88|-> 	LOCK_BUG_ON(sys_futex((uint32_t *)&f->raw.counter, FUTEX_WAKE, INT_MAX, NULL, NULL, 0) < 0);
#   89|   }
#   90|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def246]
criu-4.1/include/common/lock.h:88:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/files.c:199:5: enter_function: entry to ‘set_fds_event’
criu-4.1/criu/files.c:205:9: branch_false: following ‘false’ branch...
criu-4.1/criu/files.c:207:55: branch_false: ...to here
criu-4.1/criu/files.c:209:12: branch_false: following ‘false’ branch (when ‘oldbit == 0’)...
criu-4.1/criu/files.c:210:17: branch_false: ...to here
criu-4.1/criu/files.c:210:17: call_function: calling ‘futex_wake’ from ‘set_fds_event’
#   86|   static inline void futex_wake(futex_t *f)
#   87|   {
#   88|-> 	LOCK_BUG_ON(sys_futex((uint32_t *)&f->raw.counter, FUTEX_WAKE, INT_MAX, NULL, NULL, 0) < 0);
#   89|   }
#   90|   

Error: CPPCHECK_WARNING (CWE-476): [#def247]
criu-4.1/include/common/lock.h:102: error[nullPointer]: Null pointer dereference: (volatile unsigned long*)NULL
#  100|   {
#  101|   	atomic_dec(&f->raw);
#  102|-> 	LOCK_BUG_ON(sys_futex((uint32_t *)&f->raw.counter, FUTEX_WAKE, INT_MAX, NULL, NULL, 0) < 0);
#  103|   }
#  104|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def248]
criu-4.1/include/common/lock.h:102:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/include/common/lock.h:102:9: branch_true: following ‘true’ branch...
criu-4.1/include/common/lock.h:102:9: branch_true: ...to here
criu-4.1/include/common/lock.h:102:9: danger: dereference of NULL ‘0’
#  100|   {
#  101|   	atomic_dec(&f->raw);
#  102|-> 	LOCK_BUG_ON(sys_futex((uint32_t *)&f->raw.counter, FUTEX_WAKE, INT_MAX, NULL, NULL, 0) < 0);
#  103|   }
#  104|   

Error: CPPCHECK_WARNING (CWE-476): [#def249]
criu-4.1/include/common/lock.h:109: error[nullPointer]: Null pointer dereference: (volatile unsigned long*)NULL
#  107|   {
#  108|   	atomic_inc(&f->raw);
#  109|-> 	LOCK_BUG_ON(sys_futex((uint32_t *)&f->raw.counter, FUTEX_WAKE, INT_MAX, NULL, NULL, 0) < 0);
#  110|   }
#  111|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def250]
criu-4.1/include/common/lock.h:109:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/criu/files.c:1298:5: enter_function: entry to ‘prepare_fds’
criu-4.1/criu/files.c:1314:12: branch_true: following ‘true’ branch...
criu-4.1/criu/files.c:1322:17: branch_true: ...to here
criu-4.1/criu/files.c:1322:17: call_function: calling ‘futex_inc_and_wake’ from ‘prepare_fds’
#  107|   {
#  108|   	atomic_inc(&f->raw);
#  109|-> 	LOCK_BUG_ON(sys_futex((uint32_t *)&f->raw.counter, FUTEX_WAKE, INT_MAX, NULL, NULL, 0) < 0);
#  110|   }
#  111|   

Error: CPPCHECK_WARNING (CWE-476): [#def251]
criu-4.1/include/common/lock.h:141: error[nullPointer]: Null pointer dereference: (volatile unsigned long*)NULL
#  139|   	while ((uint32_t)atomic_read(&f->raw) == v) {
#  140|   		int ret = sys_futex((uint32_t *)&f->raw.counter, FUTEX_WAIT, v, NULL, NULL, 0);
#  141|-> 		LOCK_BUG_ON(ret < 0 && ret != -EWOULDBLOCK);
#  142|   	}
#  143|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def252]
criu-4.1/include/common/lock.h:141:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/include/common/lock.h:139:16: branch_true: following ‘true’ branch...
criu-4.1/include/common/lock.h:140:49: branch_true: ...to here
criu-4.1/include/common/lock.h:141:17: danger: dereference of NULL ‘0’
#  139|   	while ((uint32_t)atomic_read(&f->raw) == v) {
#  140|   		int ret = sys_futex((uint32_t *)&f->raw.counter, FUTEX_WAIT, v, NULL, NULL, 0);
#  141|-> 		LOCK_BUG_ON(ret < 0 && ret != -EWOULDBLOCK);
#  142|   	}
#  143|   }

Error: CPPCHECK_WARNING (CWE-476): [#def253]
criu-4.1/include/common/lock.h:162: error[nullPointer]: Null pointer dereference: (volatile unsigned long*)NULL
#  160|   	while ((c = (uint32_t)atomic_inc_return(&m->raw)) != 1) {
#  161|   		ret = sys_futex((uint32_t *)&m->raw.counter, FUTEX_WAIT, c, NULL, NULL, 0);
#  162|-> 		LOCK_BUG_ON(ret < 0 && ret != -EWOULDBLOCK);
#  163|   	}
#  164|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def254]
criu-4.1/include/common/lock.h:162:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/include/common/lock.h:160:16: branch_true: following ‘true’ branch (when ‘c != 1’)...
criu-4.1/include/common/lock.h:161:45: branch_true: ...to here
criu-4.1/include/common/lock.h:162:17: danger: dereference of NULL ‘0’
#  160|   	while ((c = (uint32_t)atomic_inc_return(&m->raw)) != 1) {
#  161|   		ret = sys_futex((uint32_t *)&m->raw.counter, FUTEX_WAIT, c, NULL, NULL, 0);
#  162|-> 		LOCK_BUG_ON(ret < 0 && ret != -EWOULDBLOCK);
#  163|   	}
#  164|   }

Error: CPPCHECK_WARNING (CWE-476): [#def255]
criu-4.1/include/common/lock.h:175: error[nullPointer]: Null pointer dereference: (volatile unsigned long*)NULL
#  173|   	uint32_t c = 0;
#  174|   	atomic_set(&m->raw, (int)c);
#  175|-> 	LOCK_BUG_ON(sys_futex((uint32_t *)&m->raw.counter, FUTEX_WAKE, 1, NULL, NULL, 0) < 0);
#  176|   }
#  177|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def256]
criu-4.1/include/common/lock.h:175:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/include/common/lock.h:175:9: branch_true: following ‘true’ branch...
criu-4.1/include/common/lock.h:175:9: branch_true: ...to here
criu-4.1/include/common/lock.h:175:9: danger: dereference of NULL ‘0’
#  173|   	uint32_t c = 0;
#  174|   	atomic_set(&m->raw, (int)c);
#  175|-> 	LOCK_BUG_ON(sys_futex((uint32_t *)&m->raw.counter, FUTEX_WAKE, 1, NULL, NULL, 0) < 0);
#  176|   }
#  177|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def257]
criu-4.1/include/common/scm-code.c:13:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘cmsg’
criu-4.1/include/common/scm-code.c:48:5: enter_function: entry to ‘send_fds’
criu-4.1/include/common/scm-code.c:56:21: branch_true: following ‘true’ branch (when ‘i < nr_fds’)...
criu-4.1/include/common/scm-code.c:57:26: branch_true: ...to here
criu-4.1/include/common/scm-code.c:58:17: call_function: inlined call to ‘scm_fdset_init_chunk’ from ‘send_fds’
#   11|   
#   12|   	cmsg = CMSG_FIRSTHDR(&fdset->hdr);
#   13|-> 	cmsg->cmsg_len = fdset->hdr.msg_controllen;
#   14|   
#   15|   	if (data) {

Error: CPPCHECK_WARNING (CWE-476): [#def258]
criu-4.1/include/common/scm-code.c:106: error[nullPointer]: Null pointer dereference: (volatile unsigned long*)NULL
#  104|   		 * sys_write_ helpers. Meawhile opencoded BUG_ON here.
#  105|   		 */
#  106|-> 		BUG_ON(min_fd > CR_SCM_MAX_FD);
#  107|   
#  108|   		if (unlikely(min_fd <= 0))

Error: GCC_ANALYZER_WARNING (CWE-476): [#def259]
criu-4.1/include/common/scm-code.c:106:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
criu-4.1/include/common/scm-code.c:82:21: branch_true: following ‘true’ branch (when ‘i < nr_fds’)...
criu-4.1/include/common/scm-code.c:83:26: branch_true: ...to here
criu-4.1/include/common/scm-code.c:87:20: branch_false: following ‘false’ branch (when ‘ret > 0’)...
criu-4.1/include/common/scm-code.c:90:24: branch_false: ...to here
criu-4.1/include/common/scm-code.c:90:24: branch_true: following ‘true’ branch...
criu-4.1/include/common/scm-code.c:90:17: branch_true: ...to here
criu-4.1/include/common/scm-code.c:91:20: branch_false: following ‘false’ branch...
criu-4.1/include/common/scm-code.c:93:20: branch_false: following ‘false’ branch...
criu-4.1/include/common/scm-code.c:96:27: branch_false: ...to here
criu-4.1/include/common/scm-code.c:106:17: danger: dereference of NULL ‘0’
#  104|   		 * sys_write_ helpers. Meawhile opencoded BUG_ON here.
#  105|   		 */
#  106|-> 		BUG_ON(min_fd > CR_SCM_MAX_FD);
#  107|   
#  108|   		if (unlikely(min_fd <= 0))

Error: COMPILER_WARNING: [#def260]
criu-4.1/plugins/cuda/cuda_plugin.c:1:10: warning[fatal error]: criu-log.h: No such file or directory
#    1|-> #include "criu-log.h"
#    2|   #include "plugin.h"
#    3|   #include "util.h"

Scan Properties