Error: GCC_ANALYZER_WARNING (CWE-401): [#def1] crun-1.21/src/libcrun/cgroup-utils.c:308:13: warning[-Wanalyzer-malloc-leak]: leak of 'fdopendir(dfd)' crun-1.21/src/libcrun/cgroup-utils.c:992:1: enter_function: entry to 'libcrun_migrate_all_pids_to_cgroup' crun-1.21/src/libcrun/cgroup-utils.c:1002:6: branch_false: following 'false' branch... crun-1.21/src/libcrun/cgroup-utils.c:1005:9: branch_false: ...to here crun-1.21/src/libcrun/cgroup-utils.c:1005:9: call_function: calling 'libcrun_cgroup_pause_unpause_path' from 'libcrun_migrate_all_pids_to_cgroup' crun-1.21/src/libcrun/cgroup-utils.c:1005:9: return_function: returning to 'libcrun_migrate_all_pids_to_cgroup' from 'libcrun_cgroup_pause_unpause_path' crun-1.21/src/libcrun/cgroup-utils.c:1006:6: branch_false: following 'false' branch... crun-1.21/src/libcrun/cgroup-utils.c:1009:9: branch_false: ...to here crun-1.21/src/libcrun/cgroup-utils.c:1009:9: call_function: calling 'libcrun_cgroup_read_pids_from_path' from 'libcrun_migrate_all_pids_to_cgroup' # 306| struct dirent *de; # 307| # 308|-> dir = fdopendir (dfd); # 309| if (UNLIKELY (dir == NULL)) # 310| return crun_make_error (err, errno, "open cgroup sub-directory"); Error: GCC_ANALYZER_WARNING (CWE-775): [#def2] crun-1.21/src/libcrun/cgroup-utils.c:444:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(cgroup_path, 589824)' crun-1.21/src/libcrun/cgroup-utils.c:992:1: enter_function: entry to 'libcrun_migrate_all_pids_to_cgroup' crun-1.21/src/libcrun/cgroup-utils.c:1002:6: branch_false: following 'false' branch... crun-1.21/src/libcrun/cgroup-utils.c:1005:9: branch_false: ...to here crun-1.21/src/libcrun/cgroup-utils.c:1005:9: call_function: calling 'libcrun_cgroup_pause_unpause_path' from 'libcrun_migrate_all_pids_to_cgroup' crun-1.21/src/libcrun/cgroup-utils.c:1005:9: return_function: returning to 'libcrun_migrate_all_pids_to_cgroup' from 'libcrun_cgroup_pause_unpause_path' crun-1.21/src/libcrun/cgroup-utils.c:1006:6: branch_false: following 'false' branch... crun-1.21/src/libcrun/cgroup-utils.c:1009:9: branch_false: ...to here crun-1.21/src/libcrun/cgroup-utils.c:1009:9: call_function: calling 'libcrun_cgroup_read_pids_from_path' from 'libcrun_migrate_all_pids_to_cgroup' # 442| } # 443| # 444|-> dirfd = open (cgroup_path, O_DIRECTORY | O_CLOEXEC); # 445| if (dirfd < 0) # 446| return crun_make_error (err, errno, "open `%s`", cgroup_path); Error: GCC_ANALYZER_WARNING (CWE-401): [#def3] crun-1.21/src/libcrun/utils.h:83:7: warning[-Wanalyzer-malloc-leak]: leak of 'xrealloc(*pids, (*n_pids + n_new_pids + 1) * 4)' crun-1.21/src/libcrun/cgroup-utils.c:992:1: enter_function: entry to 'libcrun_migrate_all_pids_to_cgroup' crun-1.21/src/libcrun/cgroup-utils.c:1002:6: branch_false: following 'false' branch... crun-1.21/src/libcrun/cgroup-utils.c:1005:9: branch_false: ...to here crun-1.21/src/libcrun/cgroup-utils.c:1005:9: call_function: calling 'libcrun_cgroup_pause_unpause_path' from 'libcrun_migrate_all_pids_to_cgroup' crun-1.21/src/libcrun/cgroup-utils.c:1005:9: return_function: returning to 'libcrun_migrate_all_pids_to_cgroup' from 'libcrun_cgroup_pause_unpause_path' crun-1.21/src/libcrun/cgroup-utils.c:1006:6: branch_false: following 'false' branch... crun-1.21/src/libcrun/cgroup-utils.c:1009:9: branch_false: ...to here crun-1.21/src/libcrun/cgroup-utils.c:1009:9: call_function: calling 'libcrun_cgroup_read_pids_from_path' from 'libcrun_migrate_all_pids_to_cgroup' # 81| { # 82| void *res = realloc (ptr, size); # 83|-> if (UNLIKELY (res == NULL)) # 84| OOM (); # 85| return res; Error: GCC_ANALYZER_WARNING (CWE-1341): [#def4] crun-1.21/src/libcrun/utils.h:108:5: warning[-Wanalyzer-fd-double-close]: double 'close' of file descriptor 'tasksfd' crun-1.21/src/libcrun/cgroup-utils.c:992:1: enter_function: entry to 'libcrun_migrate_all_pids_to_cgroup' crun-1.21/src/libcrun/cgroup-utils.c:1002:6: branch_false: following 'false' branch... crun-1.21/src/libcrun/cgroup-utils.c:1005:9: branch_false: ...to here crun-1.21/src/libcrun/cgroup-utils.c:1005:9: call_function: calling 'libcrun_cgroup_pause_unpause_path' from 'libcrun_migrate_all_pids_to_cgroup' crun-1.21/src/libcrun/cgroup-utils.c:1005:9: return_function: returning to 'libcrun_migrate_all_pids_to_cgroup' from 'libcrun_cgroup_pause_unpause_path' crun-1.21/src/libcrun/cgroup-utils.c:1006:6: branch_false: following 'false' branch... crun-1.21/src/libcrun/cgroup-utils.c:1009:9: branch_false: ...to here crun-1.21/src/libcrun/cgroup-utils.c:1009:9: call_function: calling 'libcrun_cgroup_read_pids_from_path' from 'libcrun_migrate_all_pids_to_cgroup' # 106| int *pp = (int *) p; # 107| if (*pp >= 0) # 108|-> TEMP_FAILURE_RETRY (close (*pp)); # 109| } # 110| Error: GCC_ANALYZER_WARNING (CWE-1341): [#def5] crun-1.21/src/libcrun/utils.h:210:13: warning[-Wanalyzer-fd-double-close]: double 'close' of file descriptor '*fd' crun-1.21/src/libcrun/container.c:4272:1: enter_function: entry to 'restore_proxy_process' crun-1.21/src/libcrun/container.c:4282:6: branch_false: following 'false' branch... crun-1.21/src/libcrun/container.c:4285:3: branch_false: ...to here crun-1.21/src/libcrun/container.c:4285:3: call_function: calling 'close_and_reset' from 'restore_proxy_process' # 208| if (*fd >= 0) # 209| { # 210|-> ret = TEMP_FAILURE_RETRY (close (*fd)); # 211| if (LIKELY (ret == 0)) # 212| *fd = -1; Error: GCC_ANALYZER_WARNING (CWE-401): [#def6] crun-1.21/src/libcrun/utils.h:225:6: warning[-Wanalyzer-malloc-leak]: leak of 'xstrdup(*process_199(D)->args)' crun-1.21/src/libcrun/container.c:3374:1: enter_function: entry to 'exec_process_entrypoint' crun-1.21/src/libcrun/container.c:3407:6: branch_false: following 'false' branch... crun-1.21/src/libcrun/container.c:3410:9: branch_false: ...to here crun-1.21/src/libcrun/container.c:3411:6: branch_false: following 'false' branch... crun-1.21/src/libcrun/container.c:3414:7: branch_false: ...to here crun-1.21/src/libcrun/container.c:3443:6: branch_false: following 'false' branch... crun-1.21/src/libcrun/container.c:3446:9: branch_false: ...to here crun-1.21/src/libcrun/container.c:3447:6: branch_false: following 'false' branch... crun-1.21/src/libcrun/container.c:3450:7: branch_false: ...to here crun-1.21/src/libcrun/container.c:3450:6: branch_true: following 'true' branch... crun-1.21/src/libcrun/container.c:3477:6: branch_false: following 'false' branch... crun-1.21/src/libcrun/container.c:3480:9: branch_false: ...to here crun-1.21/src/libcrun/container.c:3502:6: branch_false: following 'false' branch... crun-1.21/src/libcrun/container.c:3505:9: branch_false: ...to here crun-1.21/src/libcrun/container.c:3505:9: call_function: calling 'maybe_chown_std_streams' from 'exec_process_entrypoint' crun-1.21/src/libcrun/container.c:3505:9: return_function: returning to 'exec_process_entrypoint' from 'maybe_chown_std_streams' crun-1.21/src/libcrun/container.c:3506:6: branch_false: following 'false' branch... crun-1.21/src/libcrun/container.c:3509:7: branch_false: ...to here crun-1.21/src/libcrun/container.c:3515:6: branch_false: following 'false' branch... crun-1.21/src/libcrun/container.c:3518:7: branch_false: ...to here crun-1.21/src/libcrun/container.c:3518:6: branch_true: following 'true' branch... crun-1.21/src/libcrun/container.c:3520:60: branch_true: ...to here crun-1.21/src/libcrun/container.c:3521:10: branch_true: following 'true' branch... crun-1.21/src/libcrun/container.c:3523:14: branch_true: ...to here crun-1.21/src/libcrun/container.c:3523:14: branch_false: following 'false' branch (when 'custom_handler' is non-NULL)... crun-1.21/src/libcrun/container.c:3523:58: branch_false: ...to here crun-1.21/src/libcrun/container.c:3528:23: call_function: calling 'xstrdup' from 'exec_process_entrypoint' crun-1.21/src/libcrun/container.c:3528:23: return_function: returning to 'exec_process_entrypoint' from 'xstrdup' crun-1.21/src/libcrun/utils.h:225:6: danger: 'xstrdup(*process_199(D)->args)' leaks here; was allocated at [(41)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/40) # 223| # 224| ret = strdup (str); # 225|-> if (ret == NULL) # 226| OOM (); # 227| Error: GCC_ANALYZER_WARNING (CWE-401): [#def7] crun-1.21/src/libcrun/utils.h:225:6: warning[-Wanalyzer-malloc-leak]: leak of 'xstrdup(cgroup_path + 14)' crun-1.21/src/libcrun/cgroup-utils.c:1044:1: enter_function: entry to 'get_cgroup_dirfd_path' crun-1.21/src/libcrun/cgroup-utils.c:1050:3: call_function: inlined call to 'get_proc_self_fd_path' from 'get_cgroup_dirfd_path' crun-1.21/src/libcrun/cgroup-utils.c:1050:3: call_function: inlined call to 'get_proc_self_fd_path' from 'get_cgroup_dirfd_path' crun-1.21/src/libcrun/cgroup-utils.c:1053:6: branch_false: following 'false' branch... crun-1.21/src/libcrun/cgroup-utils.c:1056:7: branch_false: ...to here crun-1.21/src/libcrun/cgroup-utils.c:1056:6: branch_true: following 'true' branch... crun-1.21/src/libcrun/cgroup-utils.c:1058:24: branch_true: ...to here crun-1.21/src/libcrun/cgroup-utils.c:1058:15: call_function: calling 'xstrdup' from 'get_cgroup_dirfd_path' crun-1.21/src/libcrun/cgroup-utils.c:1058:15: return_function: returning to 'get_cgroup_dirfd_path' from 'xstrdup' crun-1.21/src/libcrun/utils.h:225:6: danger: 'xstrdup(cgroup_path + 14)' leaks here; was allocated at [(19)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/18) # 223| # 224| ret = strdup (str); # 225|-> if (ret == NULL) # 226| OOM (); # 227| Error: GCC_ANALYZER_WARNING (CWE-401): [#def8] crun-1.21/src/libcrun/utils.h:225:6: warning[-Wanalyzer-malloc-leak]: leak of 'xstrdup(own_cgroup)' crun-1.21/src/libcrun/container.c:4272:1: enter_function: entry to 'restore_proxy_process' crun-1.21/src/libcrun/container.c:4282:6: branch_false: following 'false' branch... crun-1.21/src/libcrun/container.c:4285:3: branch_false: ...to here crun-1.21/src/libcrun/container.c:4299:6: branch_false: following 'false' branch... crun-1.21/src/libcrun/container.c:4302:21: branch_false: ...to here crun-1.21/src/libcrun/container.c:4302:21: call_function: calling 'xstrdup' from 'restore_proxy_process' crun-1.21/src/libcrun/container.c:4302:21: return_function: returning to 'restore_proxy_process' from 'xstrdup' crun-1.21/src/libcrun/utils.h:225:6: danger: 'xstrdup(own_cgroup)' leaks here; was allocated at [(10)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/9) # 223| # 224| ret = strdup (str); # 225|-> if (ret == NULL) # 226| OOM (); # 227|
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.86.0 |
| diffbase-analyzer-version-cppcheck | 2.17.1 |
| diffbase-analyzer-version-gcc | 15.0.1 |
| diffbase-analyzer-version-gcc-analyzer | 15.0.1 |
| diffbase-analyzer-version-shellcheck | 0.10.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-199.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | crun-1.20-2.fc42 |
| diffbase-store-results-to | /tmp/tmp70cigg6s/crun-1.20-2.fc42.tar.xz |
| diffbase-time-created | 2025-04-25 12:14:23 |
| diffbase-time-finished | 2025-04-25 12:17:40 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmp70cigg6s/crun-1.20-2.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp70cigg6s/crun-1.20-2.fc42.src.rpm' |
| diffbase-tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-199.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | crun-1.21-1.fc43 |
| store-results-to | /tmp/tmpm9xjdw6e/crun-1.21-1.fc43.tar.xz |
| time-created | 2025-04-25 12:18:09 |
| time-finished | 2025-04-25 12:20:55 |
| title | Newly introduced findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpm9xjdw6e/crun-1.21-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpm9xjdw6e/crun-1.21-1.fc43.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |