cups-2.4.12-2.fc43

List of Findings

Error: SHELLCHECK_WARNING (CWE-563): [#def1]
/usr/bin/cups-config:17:1: warning[SC2034]: prefix appears unused. Verify use (or export if used externally).
#   15|   BUILD="cups-2.4.12"
#   16|   
#   17|-> prefix=/usr
#   18|   exec_prefix=/usr
#   19|   bindir=/usr/bin

Error: SHELLCHECK_WARNING (CWE-563): [#def2]
/usr/bin/cups-config:18:1: warning[SC2034]: exec_prefix appears unused. Verify use (or export if used externally).
#   16|   
#   17|   prefix=/usr
#   18|-> exec_prefix=/usr
#   19|   bindir=/usr/bin
#   20|   includedir=/usr/include

Error: SHELLCHECK_WARNING (CWE-563): [#def3]
/usr/bin/cups-config:19:1: warning[SC2034]: bindir appears unused. Verify use (or export if used externally).
#   17|   prefix=/usr
#   18|   exec_prefix=/usr
#   19|-> bindir=/usr/bin
#   20|   includedir=/usr/include
#   21|   # Fetch libdir from gnutls's pkg-config script.  This is a bit

Error: SHELLCHECK_WARNING (CWE-563): [#def4]
/usr/bin/cups-config:24:1: warning[SC2034]: datarootdir appears unused. Verify use (or export if used externally).
#   22|   # of a cheat, but the cups-devel package requires gnutls-devel anyway.
#   23|   libdir=`pkg-config --variable=libdir gnutls`
#   24|-> datarootdir=/usr/share
#   25|   datadir=/usr/share
#   26|   sysconfdir=/etc

Error: SHELLCHECK_WARNING (CWE-563): [#def5]
/usr/bin/cups-config:25:1: warning[SC2034]: datadir appears unused. Verify use (or export if used externally).
#   23|   libdir=`pkg-config --variable=libdir gnutls`
#   24|   datarootdir=/usr/share
#   25|-> datadir=/usr/share
#   26|   sysconfdir=/etc
#   27|   cups_datadir=/usr/share/cups

Error: SHELLCHECK_WARNING (CWE-563): [#def6]
/usr/bin/cups-config:26:1: warning[SC2034]: sysconfdir appears unused. Verify use (or export if used externally).
#   24|   datarootdir=/usr/share
#   25|   datadir=/usr/share
#   26|-> sysconfdir=/etc
#   27|   cups_datadir=/usr/share/cups
#   28|   cups_serverbin=/usr/lib/cups

Error: CPPCHECK_WARNING (CWE-401): [#def7]
cups-2.4.12/backend/dnssd.c:883: error[memleak]: Memory leak: device.fullName
#  881|         }
#  882|   
#  883|->       return (device);
#  884|       }
#  885|   

Error: CPPCHECK_WARNING (CWE-252): [#def8]
cups-2.4.12/backend/snmp.c:797: error[leakReturnValNotUsed]: Return value of allocation function 'add_array' is not stored.
#  795|   
#  796|     if (address)
#  797|->     add_array(Addresses, address);
#  798|   
#  799|     if ((debug = getenv("CUPS_DEBUG_LEVEL")) != NULL)

Error: CPPCHECK_WARNING (CWE-252): [#def9]
cups-2.4.12/backend/snmp.c:830: error[leakReturnValNotUsed]: Return value of allocation function 'add_array' is not stored.
#  828|         {
#  829|           if (!address)
#  830|->           add_array(Addresses, value);
#  831|         }
#  832|         else if (!_cups_strcasecmp(line, "Community"))

Error: CPPCHECK_WARNING (CWE-252): [#def10]
cups-2.4.12/backend/snmp.c:833: error[leakReturnValNotUsed]: Return value of allocation function 'add_array' is not stored.
#  831|         }
#  832|         else if (!_cups_strcasecmp(line, "Community"))
#  833|->         add_array(Communities, value);
#  834|         else if (!_cups_strcasecmp(line, "DebugLevel"))
#  835|           DebugLevel = atoi(value);

Error: CPPCHECK_WARNING (CWE-252): [#def11]
cups-2.4.12/backend/snmp.c:879: error[leakReturnValNotUsed]: Return value of allocation function 'add_array' is not stored.
#  877|     {
#  878|       fputs("INFO: Using default SNMP Community public\n", stderr);
#  879|->     add_array(Communities, "public");
#  880|     }
#  881|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def12]
cups-2.4.12/cgi-bin/help-index.c:1041:12: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘node’
cups-2.4.12/cgi-bin/help-index.c:838:1: enter_function: entry to ‘help_load_file’
cups-2.4.12/cgi-bin/help-index.c:858:6: branch_false: following ‘false’ branch...
cups-2.4.12/cgi-bin/help-index.c:864:3: branch_false: ...to here
cups-2.4.12/cgi-bin/help-index.c:866:10: branch_true: following ‘true’ branch...
cups-2.4.12/cgi-bin/help-index.c:872:16: branch_true: ...to here
cups-2.4.12/cgi-bin/help-index.c:872:8: branch_false: following ‘false’ branch (when ‘ptr’ is NULL)...
 branch_false: ...to here
cups-2.4.12/cgi-bin/help-index.c:895:22: branch_true: following ‘true’ branch (when ‘ptr’ is non-NULL)...
cups-2.4.12/cgi-bin/help-index.c:897:7: branch_true: ...to here
cups-2.4.12/cgi-bin/help-index.c:986:10: branch_false: following ‘false’ branch (when ‘node’ is NULL)...
cups-2.4.12/cgi-bin/help-index.c:989:12: branch_false: ...to here
cups-2.4.12/cgi-bin/help-index.c:989:10: branch_false: following ‘false’ branch...
cups-2.4.12/cgi-bin/help-index.c:995:19: branch_false: ...to here
cups-2.4.12/cgi-bin/help-index.c:995:10: branch_false: following ‘false’ branch...
cups-2.4.12/cgi-bin/help-index.c:1033:16: branch_false: ...to here
cups-2.4.12/cgi-bin/help-index.c:1033:16: call_function: calling ‘help_new_node’ from ‘help_load_file’
cups-2.4.12/cgi-bin/help-index.c:1033:16: return_function: returning to ‘help_load_file’ from ‘help_new_node’
cups-2.4.12/cgi-bin/help-index.c:1041:12: danger: dereference of NULL ‘node’
# 1039|         */
# 1040|   
# 1041|->       for (ptr = node->text, text = node->text; *ptr;)
# 1042|   	if (isspace(*ptr & 255))
# 1043|   	{

Error: GCC_ANALYZER_WARNING (CWE-476): [#def13]
cups-2.4.12/cgi-bin/help-index.c:1041:49: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ptr’
cups-2.4.12/cgi-bin/help-index.c:838:1: enter_function: entry to ‘help_load_file’
cups-2.4.12/cgi-bin/help-index.c:858:6: branch_false: following ‘false’ branch...
cups-2.4.12/cgi-bin/help-index.c:864:3: branch_false: ...to here
cups-2.4.12/cgi-bin/help-index.c:866:10: branch_true: following ‘true’ branch...
cups-2.4.12/cgi-bin/help-index.c:872:16: branch_true: ...to here
cups-2.4.12/cgi-bin/help-index.c:872:8: branch_false: following ‘false’ branch (when ‘ptr’ is NULL)...
 branch_false: ...to here
cups-2.4.12/cgi-bin/help-index.c:895:22: branch_true: following ‘true’ branch (when ‘ptr’ is non-NULL)...
cups-2.4.12/cgi-bin/help-index.c:897:7: branch_true: ...to here
cups-2.4.12/cgi-bin/help-index.c:986:10: branch_false: following ‘false’ branch (when ‘node’ is NULL)...
cups-2.4.12/cgi-bin/help-index.c:989:12: branch_false: ...to here
cups-2.4.12/cgi-bin/help-index.c:989:10: branch_false: following ‘false’ branch...
cups-2.4.12/cgi-bin/help-index.c:995:19: branch_false: ...to here
cups-2.4.12/cgi-bin/help-index.c:995:19: call_function: calling ‘helpFindNode’ from ‘help_load_file’
cups-2.4.12/cgi-bin/help-index.c:995:19: return_function: returning to ‘help_load_file’ from ‘helpFindNode’
cups-2.4.12/cgi-bin/help-index.c:995:10: branch_true: following ‘true’ branch...
cups-2.4.12/cgi-bin/help-index.c:1002:9: branch_true: ...to here
cups-2.4.12/cgi-bin/help-index.c:1010:12: branch_false: following ‘false’ branch...
cups-2.4.12/cgi-bin/help-index.c:1021:25: branch_false: ...to here
cups-2.4.12/cgi-bin/help-index.c:1021:25: branch_false: following ‘false’ branch...
cups-2.4.12/cgi-bin/help-index.c:1021:9: branch_false: ...to here
cups-2.4.12/cgi-bin/help-index.c:1022:25: acquire_memory: this call could return NULL
cups-2.4.12/cgi-bin/help-index.c:1041:49: danger: ‘ptr’ could be NULL: unchecked value from [(28)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/27)
# 1039|         */
# 1040|   
# 1041|->       for (ptr = node->text, text = node->text; *ptr;)
# 1042|   	if (isspace(*ptr & 255))
# 1043|   	{

Error: CPPCHECK_WARNING (CWE-457): [#def14]
cups-2.4.12/cgi-bin/help-index.c:1250: error[uninitvar]: Uninitialized variable: diff
# 1248|     else if (n1->section && n2->section &&
# 1249|              (diff = strcmp(n1->section, n2->section)) != 0)
# 1250|->     return (diff);
# 1251|   
# 1252|     return (_cups_strcasecmp(n1->text, n2->text));

Error: GCC_ANALYZER_WARNING (CWE-688): [#def15]
cups-2.4.12/cgi-bin/ipp-var.c:120:14: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘attrs[i]’ where non-null expected
cups-2.4.12/cgi-bin/ipp-var.c:1347:1: enter_function: entry to ‘cgiShowJobs’
cups-2.4.12/cgi-bin/ipp-var.c:1403:3: call_function: calling ‘cgiGetAttributes’ from ‘cgiShowJobs’
#  118|   
#  119|         for (i = 0; i < num_attrs; i ++)
#  120|->         if (!strcmp(attrs[i], name))
#  121|   	  break;
#  122|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def16]
cups-2.4.12/cgi-bin/var.c:642:7: warning[-Wanalyzer-malloc-leak]: leak of ‘temp_vars’
cups-2.4.12/cgi-bin/var.c:619:6: branch_true: following ‘true’ branch...
cups-2.4.12/cgi-bin/var.c:624:8: branch_true: ...to here
cups-2.4.12/cgi-bin/var.c:624:8: branch_false: following ‘false’ branch...
cups-2.4.12/cgi-bin/var.c:627:46: branch_false: ...to here
cups-2.4.12/cgi-bin/var.c:629:8: branch_false: following ‘false’ branch (when ‘temp_vars’ is non-NULL)...
cups-2.4.12/cgi-bin/var.c:632:21: branch_false: ...to here
cups-2.4.12/cgi-bin/var.c:634:8: branch_true: following ‘true’ branch...
cups-2.4.12/cgi-bin/var.c:640:10: branch_true: ...to here
cups-2.4.12/cgi-bin/var.c:640:10: branch_false: following ‘false’ branch...
cups-2.4.12/cgi-bin/var.c:642:7: branch_false: ...to here
cups-2.4.12/cgi-bin/var.c:642:7: danger: ‘temp_vars’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  640|         if (form_alloc == 0)
#  641|           free(temp_vars);
#  642|->       return;
#  643|       }
#  644|       form_vars = temp_vars;

Error: CPPCHECK_WARNING (CWE-457): [#def17]
cups-2.4.12/cgi-bin/var.c:691: warning[uninitvar]: Uninitialized variables: &key.nvalues, &key.avalues, &key.values
#  689|     key.name = (char *)name;
#  690|   
#  691|->   return ((_cgi_var_t *)bsearch(&key, form_vars, (size_t)form_count, sizeof(_cgi_var_t),
#  692|                              (int (*)(const void *, const void *))cgi_compare_variables));
#  693|   }

Error: CPPCHECK_WARNING (CWE-401): [#def18]
cups-2.4.12/cups/array.c:426: error[memleak]: Memory leak: da.elements
#  424|     */
#  425|   
#  426|->   return (da);
#  427|   }
#  428|   

Error: CPPCHECK_WARNING (CWE-401): [#def19]
cups-2.4.12/cups/array.c:772: error[memleak]: Memory leak: a.hash
#  770|     a->freefunc = ff;
#  771|   
#  772|->   return (a);
#  773|   }
#  774|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def20]
cups-2.4.12/cups/array.c:1218:19: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
cups-2.4.12/cups/array.c:1013:1: enter_function: entry to ‘cups_array_add’
cups-2.4.12/cups/array.c:1028:6: branch_true: following ‘true’ branch...
cups-2.4.12/cups/array.c:1040:8: branch_true: ...to here
cups-2.4.12/cups/array.c:1040:8: branch_true: following ‘true’ branch...
cups-2.4.12/cups/array.c:1043:15: branch_true: ...to here
cups-2.4.12/cups/array.c:1057:8: branch_false: following ‘false’ branch (when ‘temp’ is non-NULL)...
cups-2.4.12/cups/array.c:1063:5: branch_false: ...to here
cups-2.4.12/cups/array.c:1072:6: branch_false: following ‘false’ branch...
cups-2.4.12/cups/array.c:1089:15: call_function: calling ‘cups_array_find’ from ‘cups_array_add’
# 1216|         */
# 1217|   
# 1218|->       if ((diff = (*(a->compare))(e, a->elements[prev], a->data)) == 0 ||
# 1219|             (diff < 0 && prev == 0) ||
# 1220|   	  (diff > 0 && prev == (a->num_elements - 1)))

Error: GCC_ANALYZER_WARNING (CWE-457): [#def21]
cups-2.4.12/cups/array.c:1264:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
cups-2.4.12/cups/array.c:1013:1: enter_function: entry to ‘cups_array_add’
cups-2.4.12/cups/array.c:1028:6: branch_true: following ‘true’ branch...
cups-2.4.12/cups/array.c:1040:8: branch_true: ...to here
cups-2.4.12/cups/array.c:1040:8: branch_true: following ‘true’ branch...
cups-2.4.12/cups/array.c:1043:15: branch_true: ...to here
cups-2.4.12/cups/array.c:1057:8: branch_false: following ‘false’ branch (when ‘temp’ is non-NULL)...
cups-2.4.12/cups/array.c:1063:5: branch_false: ...to here
cups-2.4.12/cups/array.c:1072:6: branch_false: following ‘false’ branch...
cups-2.4.12/cups/array.c:1089:15: call_function: calling ‘cups_array_find’ from ‘cups_array_add’
# 1262|       {
# 1263|         current = (left + right) / 2;
# 1264|->       diff    = (*(a->compare))(e, a->elements[current], a->data);
# 1265|   
# 1266|         DEBUG_printf(("9cups_array_find: left=%d, right=%d, current=%d, diff=%d",

Error: GCC_ANALYZER_WARNING (CWE-122): [#def22]
cups-2.4.12/cups/dest.c:2602:41: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read
cups-2.4.12/cups/dest.c:4088:1: enter_function: entry to ‘cups_get_cb’
cups-2.4.12/cups/dest.c:4092:6: branch_false: following ‘false’ branch...
cups-2.4.12/cups/dest.c:4106:23: branch_false: ...to here
cups-2.4.12/cups/dest.c:4106:23: call_function: calling ‘cupsCopyDest’ from ‘cups_get_cb’
# 2600|   
# 2601|   
# 2602|->   if ((diff = _cups_strcasecmp(a->name, b->name)) != 0)
# 2603|       return (diff);
# 2604|     else if (a->instance && b->instance)

Error: CPPCHECK_WARNING (CWE-457): [#def23]
cups-2.4.12/cups/encode.c:894: error[uninitvar]: Uninitialized variables: &key.multivalue, &key.value_tag, &key.group_tag, &key.alt_group_tag, &key.operations
#  892|     key.name = name;
#  893|   
#  894|->   return ((_ipp_option_t *)bsearch(&key, ipp_options,
#  895|                                      sizeof(ipp_options) / sizeof(ipp_options[0]),
#  896|   				   sizeof(ipp_options[0]),

Error: GCC_ANALYZER_WARNING (CWE-465): [#def24]
cups-2.4.12/cups/ipp.c:6783:6: warning[-Wanalyzer-deref-before-check]: check of ‘temp’ for NULL after already dereferencing it
cups-2.4.12/cups/ipp.c:6758:6: branch_false: following ‘false’ branch (when ‘alloc_values <= element’)...
cups-2.4.12/cups/ipp.c:6771:6: branch_false: ...to here
cups-2.4.12/cups/ipp.c:6783:6: danger: pointer ‘temp’ is checked for NULL here but it was already dereferenced at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
# 6781|     */
# 6782|   
# 6783|->   if ((temp = realloc(temp, sizeof(ipp_attribute_t) + (size_t)(alloc_values - 1) * sizeof(_ipp_value_t))) == NULL)
# 6784|     {
# 6785|       _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unable to reallocate IPP attribute value."), 1);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def25]
cups-2.4.12/cups/ipp.c:6860:10: warning[-Wanalyzer-malloc-leak]: leak of ‘temp’
cups-2.4.12/cups/ipp.c:5952:1: enter_function: entry to ‘ipp_read_io’
cups-2.4.12/cups/ipp.c:5974:6: branch_false: following ‘false’ branch (when ‘depth <= 10’)...
cups-2.4.12/cups/ipp.c:5980:34: branch_false: ...to here
cups-2.4.12/cups/ipp.c:5980:6: branch_false: following ‘false’ branch...
cups-2.4.12/cups/ipp.c:5986:11: branch_false: ...to here
cups-2.4.12/cups/ipp.c:6035:14: branch_false: following ‘false’ branch...
cups-2.4.12/cups/ipp.c:6047:28: branch_false: ...to here
cups-2.4.12/cups/ipp.c:6074:14: branch_false: following ‘false’ branch (when ‘tag != 3’)...
cups-2.4.12/cups/ipp.c:6085:19: branch_false: ...to here
cups-2.4.12/cups/ipp.c:6085:19: branch_false: following ‘false’ branch (when ‘tag != 0’)...
cups-2.4.12/cups/ipp.c:6085:20: branch_false: ...to here
cups-2.4.12/cups/ipp.c:6091:19: branch_false: following ‘false’ branch (when ‘tag > 15’)...
cups-2.4.12/cups/ipp.c:6122:15: branch_false: ...to here
cups-2.4.12/cups/ipp.c:6122:14: branch_false: following ‘false’ branch...
cups-2.4.12/cups/ipp.c:6128:16: branch_false: ...to here
cups-2.4.12/cups/ipp.c:6130:14: branch_false: following ‘false’ branch (when ‘n <= 32768’)...
cups-2.4.12/cups/ipp.c:6139:15: branch_false: ...to here
cups-2.4.12/cups/ipp.c:6139:14: branch_false: following ‘false’ branch...
cups-2.4.12/cups/ipp.c:6145:20: branch_false: ...to here
cups-2.4.12/cups/ipp.c:6151:16: branch_false: following ‘false’ branch...
cups-2.4.12/cups/ipp.c:6158:13: branch_false: ...to here
cups-2.4.12/cups/ipp.c:6250:16: branch_false: following ‘false’ branch...
cups-2.4.12/cups/ipp.c:6322:15: branch_false: ...to here
cups-2.4.12/cups/ipp.c:6322:14: branch_false: following ‘false’ branch...
cups-2.4.12/cups/ipp.c:6328:16: branch_false: ...to here
cups-2.4.12/cups/ipp.c:6331:14: branch_false: following ‘false’ branch (when ‘n <= 32768’)...
cups-2.4.12/cups/ipp.c:6339:11: branch_false: ...to here
cups-2.4.12/cups/ipp.c:6569:20: branch_false: following ‘false’ branch (when ‘n == 0’)...
cups-2.4.12/cups/ipp.c:6578:21: branch_false: ...to here
cups-2.4.12/cups/ipp.c:6578:21: call_function: calling ‘ipp_read_io’ from ‘ipp_read_io’
# 6858|       temp->num_values = element + 1;
# 6859|   
# 6860|->   return (temp->values + element);
# 6861|   }
# 6862|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def26]
cups-2.4.12/cups/ppd-mark.c:922:23: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
cups-2.4.12/cups/ppd-mark.c:760:1: enter_function: entry to ‘ppd_mark_option’
cups-2.4.12/cups/ppd-mark.c:803:7: call_function: calling ‘ppdFindOption’ from ‘ppd_mark_option’
cups-2.4.12/cups/ppd-mark.c:803:7: return_function: returning to ‘ppd_mark_option’ from ‘ppdFindOption’
cups-2.4.12/cups/ppd-mark.c:807:6: branch_false: following ‘false’ branch...
cups-2.4.12/cups/ppd-mark.c:810:9: branch_false: ...to here
cups-2.4.12/cups/ppd-mark.c:812:6: branch_false: following ‘false’ branch...
cups-2.4.12/cups/ppd-mark.c:899:12: branch_false: ...to here
cups-2.4.12/cups/ppd-mark.c:899:11: branch_true: following ‘true’ branch...
cups-2.4.12/cups/ppd-mark.c:913:14: branch_true: ...to here
cups-2.4.12/cups/ppd-mark.c:913:14: call_function: calling ‘ppdFindChoice’ from ‘ppd_mark_option’
cups-2.4.12/cups/ppd-mark.c:913:14: return_function: returning to ‘ppd_mark_option’ from ‘ppdFindChoice’
cups-2.4.12/cups/ppd-mark.c:913:8: branch_false: following ‘false’ branch...
cups-2.4.12/cups/ppd-mark.c:916:20: branch_false: ...to here
cups-2.4.12/cups/ppd-mark.c:916:8: branch_true: following ‘true’ branch...
cups-2.4.12/cups/ppd-mark.c:918:18: branch_true: ...to here
cups-2.4.12/cups/ppd-mark.c:920:31: branch_true: following ‘true’ branch...
cups-2.4.12/cups/ppd-mark.c:922:51: branch_true: ...to here
cups-2.4.12/cups/ppd-mark.c:922:12: branch_false: following ‘false’ branch...
cups-2.4.12/cups/ppd-mark.c:925:17: branch_false: ...to here
cups-2.4.12/cups/ppd-mark.c:967:47: acquire_memory: allocated here
cups-2.4.12/cups/ppd-mark.c:920:31: branch_true: following ‘true’ branch...
cups-2.4.12/cups/ppd-mark.c:922:51: branch_true: ...to here
cups-2.4.12/cups/ppd-mark.c:922:23: danger: ‘<unknown>’ leaks here; was allocated at [(32)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/31)
#  920|         for (i = 0, val = vals; i < num_vals; i ++, val ++)
#  921|         {
#  922|->         if ((cparam = ppdFindCustomParam(coption, val->name)) == NULL)
#  923|   	  continue;
#  924|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def27]
cups-2.4.12/cups/ppd.c:375:7: warning[-Wanalyzer-malloc-leak]: leak of ‘_ppdGlobals()’
cups-2.4.12/cups/ppd.c:2317:1: enter_function: entry to ‘ppdOpenFile’
cups-2.4.12/cups/ppd.c:2319:10: call_function: calling ‘_ppdOpenFile’ from ‘ppdOpenFile’
#  373|   
#  374|       if ((pg = ppd_globals_alloc()) != NULL)
#  375|->       _cupsThreadSetData(ppd_globals_key, pg);
#  376|     }
#  377|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def28]
cups-2.4.12/cups/ppd.c:528:3: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
cups-2.4.12/cups/ppd.c:2317:1: enter_function: entry to ‘ppdOpenFile’
cups-2.4.12/cups/ppd.c:2319:10: call_function: calling ‘_ppdOpenFile’ from ‘ppdOpenFile’
#  526|     */
#  527|   
#  528|->   pg->ppd_status = PPD_OK;
#  529|     pg->ppd_line   = 0;
#  530|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def29]
cups-2.4.12/cups/ppd.c:2279:3: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
cups-2.4.12/cups/ppd.c:2317:1: enter_function: entry to ‘ppdOpenFile’
cups-2.4.12/cups/ppd.c:2319:10: call_function: calling ‘_ppdOpenFile’ from ‘ppdOpenFile’
# 2277|     */
# 2278|   
# 2279|->   pg->ppd_line = 0;
# 2280|   
# 2281|    /*

Error: GCC_ANALYZER_WARNING (CWE-476): [#def30]
cups-2.4.12/cups/ppd.c:2336:3: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
cups-2.4.12/cups/ppd.c:2330:1: enter_function: entry to ‘ppdSetConformance’
cups-2.4.12/cups/ppd.c:2332:31: call_function: calling ‘_ppdGlobals’ from ‘ppdSetConformance’
cups-2.4.12/cups/ppd.c:2332:31: return_function: returning to ‘ppdSetConformance’ from ‘_ppdGlobals’
cups-2.4.12/cups/ppd.c:2336:3: danger: dereference of NULL ‘_ppdGlobals()’
# 2334|   
# 2335|   
# 2336|->   pg->ppd_conform = c;
# 2337|   }
# 2338|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def31]
cups-2.4.12/cups/ppd.c:2337:1: warning[-Wanalyzer-malloc-leak]: leak of ‘_ppdGlobals()’
cups-2.4.12/cups/ppd.c:2330:1: enter_function: entry to ‘ppdSetConformance’
cups-2.4.12/cups/ppd.c:2332:31: call_function: calling ‘_ppdGlobals’ from ‘ppdSetConformance’
cups-2.4.12/cups/ppd.c:2332:31: return_function: returning to ‘ppdSetConformance’ from ‘_ppdGlobals’
cups-2.4.12/cups/ppd.c:2337:1: danger: ‘_ppdGlobals()’ leaks here; was allocated at [(9)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/8)
# 2335|   
# 2336|     pg->ppd_conform = c;
# 2337|-> }
# 2338|   
# 2339|   

Error: GCC_ANALYZER_WARNING (CWE-127): [#def32]
cups-2.4.12/cups/ppd.c:3196:35: warning[-Wanalyzer-out-of-bounds]: heap-based buffer under-read
cups-2.4.12/cups/ppd.c:2317:1: enter_function: entry to ‘ppdOpenFile’
cups-2.4.12/cups/ppd.c:2319:10: call_function: calling ‘_ppdOpenFile’ from ‘ppdOpenFile’
# 3194|       }
# 3195|   
# 3196|->     if (lineptr > line->buffer && lineptr[-1] == '\n')
# 3197|         lineptr --;
# 3198|   

Error: CPPCHECK_WARNING (CWE-457): [#def33]
cups-2.4.12/cups/pwg-media.c:415: warning[uninitvar]: Uninitialized variable: name
#  413|     */
#  414|   
#  415|->   snprintf(keyword, keysize, "%s_%s_%s", prefix, name, usize);
#  416|   
#  417|     return (1);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def34]
cups-2.4.12/cups/raster-stream.c:1515:14: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*r_62(D)->bufptr’
cups-2.4.12/cups/raster-stream.c:1415:6: branch_false: following ‘false’ branch...
cups-2.4.12/cups/raster-stream.c:1422:25: branch_false: ...to here
cups-2.4.12/cups/raster-stream.c:1423:6: branch_false: following ‘false’ branch...
cups-2.4.12/cups/raster-stream.c:1426:23: branch_false: ...to here
cups-2.4.12/cups/raster-stream.c:1426:6: branch_true: following ‘true’ branch...
cups-2.4.12/cups/raster-stream.c:1428:22: branch_true: ...to here
cups-2.4.12/cups/raster-stream.c:1433:8: branch_false: following ‘false’ branch...
cups-2.4.12/cups/raster-stream.c:1436:14: branch_false: ...to here
cups-2.4.12/cups/raster-stream.c:1438:8: branch_false: following ‘false’ branch (when ‘rptr’ is non-NULL)...
cups-2.4.12/cups/raster-stream.c:1441:5: branch_false: ...to here
cups-2.4.12/cups/raster-stream.c:1452:8: branch_true: following ‘true’ branch...
cups-2.4.12/cups/raster-stream.c:1455:5: branch_true: ...to here
cups-2.4.12/cups/raster-stream.c:1459:8: branch_false: following ‘false’ branch (when ‘remaining != 0’)...
cups-2.4.12/cups/raster-stream.c:1506:8: branch_false: ...to here
cups-2.4.12/cups/raster-stream.c:1509:8: branch_true: following ‘true’ branch...
cups-2.4.12/cups/raster-stream.c:1515:15: branch_true: ...to here
cups-2.4.12/cups/raster-stream.c:1515:14: danger: use of uninitialized value ‘*r_62(D)->bufptr’ here
# 1513|         */
# 1514|   
# 1515|->       *buf = *(r->bufptr)++;
# 1516|         remaining --;
# 1517|       }

Error: GCC_ANALYZER_WARNING (CWE-457): [#def35]
cups-2.4.12/cups/raster-stream.c:1531:18: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*bufptr’
cups-2.4.12/cups/raster-stream.c:1415:6: branch_false: following ‘false’ branch...
cups-2.4.12/cups/raster-stream.c:1422:25: branch_false: ...to here
cups-2.4.12/cups/raster-stream.c:1423:6: branch_false: following ‘false’ branch...
cups-2.4.12/cups/raster-stream.c:1426:23: branch_false: ...to here
cups-2.4.12/cups/raster-stream.c:1426:6: branch_true: following ‘true’ branch...
cups-2.4.12/cups/raster-stream.c:1428:22: branch_true: ...to here
cups-2.4.12/cups/raster-stream.c:1433:8: branch_false: following ‘false’ branch...
cups-2.4.12/cups/raster-stream.c:1436:14: branch_false: ...to here
cups-2.4.12/cups/raster-stream.c:1438:8: branch_false: following ‘false’ branch (when ‘rptr’ is non-NULL)...
cups-2.4.12/cups/raster-stream.c:1441:5: branch_false: ...to here
cups-2.4.12/cups/raster-stream.c:1452:8: branch_true: following ‘true’ branch...
cups-2.4.12/cups/raster-stream.c:1455:5: branch_true: ...to here
cups-2.4.12/cups/raster-stream.c:1459:8: branch_false: following ‘false’ branch (when ‘remaining != 0’)...
cups-2.4.12/cups/raster-stream.c:1506:8: branch_false: ...to here
cups-2.4.12/cups/raster-stream.c:1509:8: branch_false: following ‘false’ branch...
cups-2.4.12/cups/raster-stream.c:1518:13: branch_false: ...to here
cups-2.4.12/cups/raster-stream.c:1518:13: branch_true: following ‘true’ branch...
cups-2.4.12/cups/raster-stream.c:1528:7: branch_true: ...to here
cups-2.4.12/cups/raster-stream.c:1530:32: branch_true: following ‘true’ branch (when ‘count > 0’)...
cups-2.4.12/cups/raster-stream.c:1531:19: branch_true: ...to here
cups-2.4.12/cups/raster-stream.c:1531:18: danger: use of uninitialized value ‘*bufptr’ here
# 1529|   
# 1530|         for (bufptr = r->bufptr; count > 0; count --, total ++)
# 1531|-> 	*buf++ = *bufptr++;
# 1532|   
# 1533|         r->bufptr = bufptr;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def36]
cups-2.4.12/cups/raster-stream.c:1541:7: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*r.bufptr’
cups-2.4.12/cups/raster-stream.c:1415:6: branch_false: following ‘false’ branch...
cups-2.4.12/cups/raster-stream.c:1422:25: branch_false: ...to here
cups-2.4.12/cups/raster-stream.c:1423:6: branch_false: following ‘false’ branch...
cups-2.4.12/cups/raster-stream.c:1426:23: branch_false: ...to here
cups-2.4.12/cups/raster-stream.c:1426:6: branch_true: following ‘true’ branch...
cups-2.4.12/cups/raster-stream.c:1428:22: branch_true: ...to here
cups-2.4.12/cups/raster-stream.c:1433:8: branch_false: following ‘false’ branch...
cups-2.4.12/cups/raster-stream.c:1436:14: branch_false: ...to here
cups-2.4.12/cups/raster-stream.c:1438:8: branch_false: following ‘false’ branch (when ‘rptr’ is non-NULL)...
cups-2.4.12/cups/raster-stream.c:1441:5: branch_false: ...to here
cups-2.4.12/cups/raster-stream.c:1452:8: branch_true: following ‘true’ branch...
cups-2.4.12/cups/raster-stream.c:1455:5: branch_true: ...to here
cups-2.4.12/cups/raster-stream.c:1459:8: branch_false: following ‘false’ branch (when ‘remaining != 0’)...
cups-2.4.12/cups/raster-stream.c:1506:8: branch_false: ...to here
cups-2.4.12/cups/raster-stream.c:1509:8: branch_false: following ‘false’ branch...
cups-2.4.12/cups/raster-stream.c:1518:13: branch_false: ...to here
cups-2.4.12/cups/raster-stream.c:1518:13: branch_false: following ‘false’ branch...
cups-2.4.12/cups/raster-stream.c:1541:7: branch_false: ...to here
cups-2.4.12/cups/raster-stream.c:1541:7: danger: use of uninitialized value ‘*r.bufptr’ here
# 1539|         */
# 1540|   
# 1541|->       memcpy(buf, r->bufptr, (size_t)count);
# 1542|         r->bufptr += count;
# 1543|         remaining -= count;

Error: COMPILER_WARNING: [#def37]
cups-2.4.12/filter/common.c:17:9: warning: ‘_GNU_SOURCE’ redefined
#   17 | #define _GNU_SOURCE
#      |         ^~~~~~~~~~~
<command-line>: note: this is the location of the previous definition
#   15|   #include "config.h"
#   16|   #ifdef WITH_LSPP
#   17|-> #define _GNU_SOURCE
#   18|   #include <string.h>
#   19|   #endif /* WITH_LSPP */

Error: COMPILER_WARNING: [#def38]
cups-2.4.12/filter/common.c:17:9: warning[warning]: ‘_GNU_SOURCE’ redefined
#   15|   #include "config.h"
#   16|   #ifdef WITH_LSPP
#   17|-> #define _GNU_SOURCE
#   18|   #include <string.h>
#   19|   #endif /* WITH_LSPP */

Error: GCC_ANALYZER_WARNING: [#def39]
cups-2.4.12/filter/common.c:353:23: warning[-Wanalyzer-imprecise-fp-arithmetic]: use of floating-point arithmetic here might yield unexpected results
cups-2.4.12/filter/common.c:338:6: branch_true: following ‘true’ branch...
cups-2.4.12/filter/common.c:349:8: branch_true: following ‘true’ branch (when ‘max_width < label_len’)...
cups-2.4.12/filter/common.c:351:19: branch_true: ...to here
cups-2.4.12/filter/common.c:353:23: danger: operand ‘width’ is of type ‘float’
#  351|         lines = 1 + (int)(label_len / max_width);
#  352|         line_len = (int)(label_len / lines);
#  353|->       wrapped_label = malloc(sizeof(*wrapped_label) * lines);
#  354|         label_index = i = n = 0;
#  355|         while (classification[label_index])

Error: GCC_ANALYZER_WARNING (CWE-476): [#def40]
cups-2.4.12/filter/common.c:365:13: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘wrapped_label’
cups-2.4.12/filter/common.c:338:6: branch_true: following ‘true’ branch...
cups-2.4.12/filter/common.c:349:8: branch_true: following ‘true’ branch (when ‘max_width < label_len’)...
cups-2.4.12/filter/common.c:351:19: branch_true: ...to here
cups-2.4.12/filter/common.c:353:23: acquire_memory: this call could return NULL
cups-2.4.12/filter/common.c:355:14: branch_true: following ‘true’ branch...
cups-2.4.12/filter/common.c:357:13: branch_true: ...to here
cups-2.4.12/filter/common.c:357:12: branch_false: following ‘false’ branch...
cups-2.4.12/filter/common.c:359:32: branch_false: ...to here
cups-2.4.12/filter/common.c:365:13: danger: ‘wrapped_label + (long unsigned int)n * 8’ could be NULL: unchecked value from [(5)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/4)
#  363|             case '-':
#  364|               i++;
#  365|->             wrapped_label[n++] = strndup(&classification[label_index], (line_len + i));
#  366|               label_index += line_len + i;
#  367|               i = 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def41]
cups-2.4.12/filter/common.c:375:11: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘wrapped_label’
cups-2.4.12/filter/common.c:338:6: branch_true: following ‘true’ branch...
cups-2.4.12/filter/common.c:349:8: branch_true: following ‘true’ branch (when ‘max_width < label_len’)...
cups-2.4.12/filter/common.c:351:19: branch_true: ...to here
cups-2.4.12/filter/common.c:353:23: acquire_memory: this call could return NULL
cups-2.4.12/filter/common.c:355:14: branch_true: following ‘true’ branch...
cups-2.4.12/filter/common.c:357:13: branch_true: ...to here
cups-2.4.12/filter/common.c:357:12: branch_false: following ‘false’ branch...
cups-2.4.12/filter/common.c:359:32: branch_false: ...to here
cups-2.4.12/filter/common.c:375:11: danger: ‘wrapped_label + (long unsigned int)n * 8’ could be NULL: unchecked value from [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4)
#  373|           if ((i + line_len) == max_width)
#  374|           {
#  375|->           wrapped_label[n++] = strndup(&(classification[label_index]), (line_len + i));
#  376|             label_index = label_index + line_len + i;
#  377|             i = 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def42]
cups-2.4.12/filter/common.c:380:7: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘wrapped_label’
cups-2.4.12/filter/common.c:338:6: branch_true: following ‘true’ branch...
cups-2.4.12/filter/common.c:349:8: branch_true: following ‘true’ branch (when ‘max_width < label_len’)...
cups-2.4.12/filter/common.c:351:19: branch_true: ...to here
cups-2.4.12/filter/common.c:353:23: acquire_memory: this call could return NULL
cups-2.4.12/filter/common.c:380:7: danger: ‘wrapped_label + (long unsigned int)n * 8’ could be NULL: unchecked value from [(5)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/4)
#  378|           }
#  379|         }
#  380|->       wrapped_label[n] = strndup(&classification[label_index], label_len - label_index);
#  381|       }
#  382|       else

Error: CPPCHECK_WARNING (CWE-476): [#def43]
cups-2.4.12/filter/common.c:386: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: wrapped_label
#  384|         lines = 1;
#  385|         wrapped_label = malloc(sizeof(*wrapped_label));
#  386|->       wrapped_label[0] = (char*)classification;
#  387|       }
#  388|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def44]
cups-2.4.12/filter/common.c:386:7: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘wrapped_label’
cups-2.4.12/filter/common.c:338:6: branch_true: following ‘true’ branch...
cups-2.4.12/filter/common.c:349:8: branch_false: following ‘false’ branch (when ‘max_width >= label_len’)...
cups-2.4.12/filter/common.c:385:23: branch_false: ...to here
cups-2.4.12/filter/common.c:385:23: acquire_memory: this call could return NULL
cups-2.4.12/filter/common.c:386:7: danger: ‘wrapped_label’ could be NULL: unchecked value from [(5)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/4)
#  384|         lines = 1;
#  385|         wrapped_label = malloc(sizeof(*wrapped_label));
#  386|->       wrapped_label[0] = (char*)classification;
#  387|       }
#  388|   

Error: CPPCHECK_WARNING (CWE-476): [#def45]
cups-2.4.12/filter/common.c:392: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: wrapped_label
#  390|       {
#  391|         printf("userdict/ESPp%c(", ('a' + n));
#  392|->       for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++)
#  393|           if (*ptr < 32 || *ptr > 126)
#  394|             printf("\\%03o", *ptr);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def46]
cups-2.4.12/filter/common.c:392:12: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
cups-2.4.12/filter/common.c:338:6: branch_true: following ‘true’ branch...
cups-2.4.12/filter/common.c:349:8: branch_true: following ‘true’ branch (when ‘max_width < label_len’)...
cups-2.4.12/filter/common.c:351:19: branch_true: ...to here
cups-2.4.12/filter/common.c:389:17: branch_true: following ‘true’ branch (when ‘n < lines’)...
cups-2.4.12/filter/common.c:391:7: branch_true: ...to here
cups-2.4.12/filter/common.c:402:10: branch_false: following ‘false’ branch (when ‘i <= longest’)...
cups-2.4.12/filter/common.c:407:7: branch_false: ...to here
cups-2.4.12/filter/common.c:389:17: branch_true: following ‘true’ branch (when ‘n < lines’)...
cups-2.4.12/filter/common.c:391:7: branch_true: ...to here
cups-2.4.12/filter/common.c:392:12: danger: use of uninitialized value ‘*<unknown>’ here
#  390|       {
#  391|         printf("userdict/ESPp%c(", ('a' + n));
#  392|->       for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++)
#  393|           if (*ptr < 32 || *ptr > 126)
#  394|             printf("\\%03o", *ptr);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def47]
cups-2.4.12/filter/common.c:392:43: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ptr’
cups-2.4.12/filter/common.c:338:6: branch_true: following ‘true’ branch...
cups-2.4.12/filter/common.c:349:8: branch_true: following ‘true’ branch (when ‘max_width < label_len’)...
cups-2.4.12/filter/common.c:351:19: branch_true: ...to here
cups-2.4.12/filter/common.c:380:26: acquire_memory: this call could return NULL
cups-2.4.12/filter/common.c:389:17: branch_true: following ‘true’ branch (when ‘n < lines’)...
cups-2.4.12/filter/common.c:391:7: branch_true: ...to here
cups-2.4.12/filter/common.c:392:43: danger: ‘ptr’ could be NULL: unchecked value from [(5)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/4)
#  390|       {
#  391|         printf("userdict/ESPp%c(", ('a' + n));
#  392|->       for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++)
#  393|           if (*ptr < 32 || *ptr > 126)
#  394|             printf("\\%03o", *ptr);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def48]
cups-2.4.12/filter/common.c:452:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
cups-2.4.12/filter/common.c:338:6: branch_true: following ‘true’ branch...
cups-2.4.12/filter/common.c:349:8: branch_true: following ‘true’ branch (when ‘max_width < label_len’)...
cups-2.4.12/filter/common.c:351:19: branch_true: ...to here
cups-2.4.12/filter/common.c:380:26: acquire_memory: allocated here
cups-2.4.12/filter/common.c:389:17: branch_false: following ‘false’ branch (when ‘n >= lines’)...
cups-2.4.12/filter/common.c:414:5: branch_false: ...to here
cups-2.4.12/filter/common.c:425:17: branch_false: following ‘false’ branch (when ‘n >= lines’)...
cups-2.4.12/filter/common.c:428:5: branch_false: ...to here
cups-2.4.12/filter/common.c:439:17: branch_false: following ‘false’ branch (when ‘n >= lines’)...
cups-2.4.12/filter/common.c:446:5: branch_false: ...to here
cups-2.4.12/filter/common.c:452:5: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/4)
#  450|       * Do some clean up at the end of the LSPP special case
#  451|       */
#  452|->     free(wrapped_label);
#  453|   
#  454|     }

Error: GCC_ANALYZER_WARNING: [#def49]
cups-2.4.12/filter/pstops.c:3224:23: warning[-Wanalyzer-imprecise-fp-arithmetic]: use of floating-point arithmetic here might yield unexpected results
cups-2.4.12/filter/pstops.c:3209:6: branch_true: following ‘true’ branch...
cups-2.4.12/filter/pstops.c:3220:8: branch_true: following ‘true’ branch (when ‘max_width < label_len’)...
cups-2.4.12/filter/pstops.c:3222:19: branch_true: ...to here
cups-2.4.12/filter/pstops.c:3224:23: danger: operand ‘width’ is of type ‘float’
# 3222|         lines = 1 + (int)(label_len / max_width);
# 3223|         line_len = (int)(label_len / lines);
# 3224|->       wrapped_label = malloc(sizeof(*wrapped_label) * lines);
# 3225|         label_index = i = n = 0;
# 3226|         while (classification[label_index])

Error: GCC_ANALYZER_WARNING (CWE-476): [#def50]
cups-2.4.12/filter/pstops.c:3236:13: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘wrapped_label’
cups-2.4.12/filter/pstops.c:3209:6: branch_true: following ‘true’ branch...
cups-2.4.12/filter/pstops.c:3220:8: branch_true: following ‘true’ branch (when ‘max_width < label_len’)...
cups-2.4.12/filter/pstops.c:3222:19: branch_true: ...to here
cups-2.4.12/filter/pstops.c:3224:23: acquire_memory: this call could return NULL
cups-2.4.12/filter/pstops.c:3226:14: branch_true: following ‘true’ branch...
cups-2.4.12/filter/pstops.c:3228:13: branch_true: ...to here
cups-2.4.12/filter/pstops.c:3228:12: branch_false: following ‘false’ branch...
cups-2.4.12/filter/pstops.c:3230:32: branch_false: ...to here
cups-2.4.12/filter/pstops.c:3236:13: danger: ‘wrapped_label + (long unsigned int)n * 8’ could be NULL: unchecked value from [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
# 3234|             case '-':
# 3235|               i++;
# 3236|->             wrapped_label[n++] = strndup(&classification[label_index], (line_len + i));
# 3237|               label_index += line_len + i;
# 3238|               i = 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def51]
cups-2.4.12/filter/pstops.c:3246:11: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘wrapped_label’
cups-2.4.12/filter/pstops.c:3209:6: branch_true: following ‘true’ branch...
cups-2.4.12/filter/pstops.c:3220:8: branch_true: following ‘true’ branch (when ‘max_width < label_len’)...
cups-2.4.12/filter/pstops.c:3222:19: branch_true: ...to here
cups-2.4.12/filter/pstops.c:3224:23: acquire_memory: this call could return NULL
cups-2.4.12/filter/pstops.c:3226:14: branch_true: following ‘true’ branch...
cups-2.4.12/filter/pstops.c:3228:13: branch_true: ...to here
cups-2.4.12/filter/pstops.c:3228:12: branch_false: following ‘false’ branch...
cups-2.4.12/filter/pstops.c:3230:32: branch_false: ...to here
cups-2.4.12/filter/pstops.c:3246:11: danger: ‘wrapped_label + (long unsigned int)n * 8’ could be NULL: unchecked value from [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
# 3244|           if ((i + line_len) == max_width)
# 3245|           {
# 3246|->           wrapped_label[n++] = strndup(&(classification[label_index]), (line_len + i));
# 3247|             label_index = label_index + line_len + i;
# 3248|             i = 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def52]
cups-2.4.12/filter/pstops.c:3251:7: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘wrapped_label’
cups-2.4.12/filter/pstops.c:3209:6: branch_true: following ‘true’ branch...
cups-2.4.12/filter/pstops.c:3220:8: branch_true: following ‘true’ branch (when ‘max_width < label_len’)...
cups-2.4.12/filter/pstops.c:3222:19: branch_true: ...to here
cups-2.4.12/filter/pstops.c:3224:23: acquire_memory: this call could return NULL
cups-2.4.12/filter/pstops.c:3251:7: danger: ‘wrapped_label + (long unsigned int)n * 8’ could be NULL: unchecked value from [(5)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/4)
# 3249|           }
# 3250|         }
# 3251|->       wrapped_label[n] = strndup(&classification[label_index], label_len - label_index);
# 3252|       }
# 3253|       else

Error: CPPCHECK_WARNING (CWE-476): [#def53]
cups-2.4.12/filter/pstops.c:3257: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: wrapped_label
# 3255|         lines = 1;
# 3256|         wrapped_label = malloc(sizeof(*wrapped_label));
# 3257|->       wrapped_label[0] = (char*)classification;
# 3258|       }
# 3259|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def54]
cups-2.4.12/filter/pstops.c:3257:7: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘wrapped_label’
cups-2.4.12/filter/pstops.c:3209:6: branch_true: following ‘true’ branch...
cups-2.4.12/filter/pstops.c:3220:8: branch_false: following ‘false’ branch (when ‘max_width >= label_len’)...
cups-2.4.12/filter/pstops.c:3256:23: branch_false: ...to here
cups-2.4.12/filter/pstops.c:3256:23: acquire_memory: this call could return NULL
cups-2.4.12/filter/pstops.c:3257:7: danger: ‘wrapped_label’ could be NULL: unchecked value from [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4)
# 3255|         lines = 1;
# 3256|         wrapped_label = malloc(sizeof(*wrapped_label));
# 3257|->       wrapped_label[0] = (char*)classification;
# 3258|       }
# 3259|   

Error: CPPCHECK_WARNING (CWE-476): [#def55]
cups-2.4.12/filter/pstops.c:3263: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: wrapped_label
# 3261|       {
# 3262|         printf("userdict/ESPp%c(", ('a' + n));
# 3263|->       for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++)
# 3264|           if (*ptr < 32 || *ptr > 126)
# 3265|             printf("\\%03o", *ptr);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def56]
cups-2.4.12/filter/pstops.c:3263:12: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
cups-2.4.12/filter/pstops.c:3209:6: branch_true: following ‘true’ branch...
cups-2.4.12/filter/pstops.c:3220:8: branch_true: following ‘true’ branch (when ‘max_width < label_len’)...
cups-2.4.12/filter/pstops.c:3222:19: branch_true: ...to here
cups-2.4.12/filter/pstops.c:3260:17: branch_true: following ‘true’ branch (when ‘n < lines’)...
cups-2.4.12/filter/pstops.c:3262:7: branch_true: ...to here
cups-2.4.12/filter/pstops.c:3273:10: branch_false: following ‘false’ branch (when ‘i <= longest’)...
cups-2.4.12/filter/pstops.c:3278:7: branch_false: ...to here
cups-2.4.12/filter/pstops.c:3260:17: branch_true: following ‘true’ branch (when ‘n < lines’)...
cups-2.4.12/filter/pstops.c:3262:7: branch_true: ...to here
cups-2.4.12/filter/pstops.c:3263:12: danger: use of uninitialized value ‘*<unknown>’ here
# 3261|       {
# 3262|         printf("userdict/ESPp%c(", ('a' + n));
# 3263|->       for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++)
# 3264|           if (*ptr < 32 || *ptr > 126)
# 3265|             printf("\\%03o", *ptr);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def57]
cups-2.4.12/filter/pstops.c:3263:43: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ptr’
cups-2.4.12/filter/pstops.c:3209:6: branch_true: following ‘true’ branch...
cups-2.4.12/filter/pstops.c:3220:8: branch_true: following ‘true’ branch (when ‘max_width < label_len’)...
cups-2.4.12/filter/pstops.c:3222:19: branch_true: ...to here
cups-2.4.12/filter/pstops.c:3251:26: acquire_memory: this call could return NULL
cups-2.4.12/filter/pstops.c:3260:17: branch_true: following ‘true’ branch (when ‘n < lines’)...
cups-2.4.12/filter/pstops.c:3262:7: branch_true: ...to here
cups-2.4.12/filter/pstops.c:3263:43: danger: ‘ptr’ could be NULL: unchecked value from [(5)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/4)
# 3261|       {
# 3262|         printf("userdict/ESPp%c(", ('a' + n));
# 3263|->       for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++)
# 3264|           if (*ptr < 32 || *ptr > 126)
# 3265|             printf("\\%03o", *ptr);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def58]
cups-2.4.12/filter/pstops.c:3319:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
cups-2.4.12/filter/pstops.c:3209:6: branch_true: following ‘true’ branch...
cups-2.4.12/filter/pstops.c:3220:8: branch_true: following ‘true’ branch (when ‘max_width < label_len’)...
cups-2.4.12/filter/pstops.c:3222:19: branch_true: ...to here
cups-2.4.12/filter/pstops.c:3251:26: acquire_memory: allocated here
cups-2.4.12/filter/pstops.c:3260:17: branch_false: following ‘false’ branch (when ‘n >= lines’)...
cups-2.4.12/filter/pstops.c:3285:5: branch_false: ...to here
cups-2.4.12/filter/pstops.c:3295:17: branch_false: following ‘false’ branch (when ‘n >= lines’)...
cups-2.4.12/filter/pstops.c:3297:5: branch_false: ...to here
cups-2.4.12/filter/pstops.c:3307:17: branch_false: following ‘false’ branch (when ‘n >= lines’)...
cups-2.4.12/filter/pstops.c:3313:5: branch_false: ...to here
cups-2.4.12/filter/pstops.c:3319:5: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/4)
# 3317|       * Do some clean up at the end of the LSPP special case
# 3318|       */
# 3319|->     free(wrapped_label);
# 3320|   
# 3321|     }

Error: CPPCHECK_WARNING (CWE-476): [#def59]
cups-2.4.12/filter/rastertopwg.c:454: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: line
#  452|       line = malloc(linesize);
#  453|   
#  454|->     memset(line, white, linesize);
#  455|       for (y = page_top; y > 0; y --)
#  456|         if (!cupsRasterWritePixels(outras, line, outheader.cupsBytesPerLine))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def60]
cups-2.4.12/scheduler/auth.c:2323:11: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
cups-2.4.12/scheduler/auth.c:2289:6: branch_false: following ‘false’ branch (when ‘replies’ is non-NULL)...
 branch_false: ...to here
cups-2.4.12/scheduler/auth.c:2298:15: branch_true: following ‘true’ branch (when ‘i < num_msg’)...
cups-2.4.12/scheduler/auth.c:2300:16: branch_true: ...to here
cups-2.4.12/scheduler/auth.c:2309:37: acquire_memory: allocated here
cups-2.4.12/scheduler/auth.c:2298:15: branch_true: following ‘true’ branch (when ‘i < num_msg’)...
cups-2.4.12/scheduler/auth.c:2300:16: branch_true: ...to here
cups-2.4.12/scheduler/auth.c:2323:11: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
# 2321|   
# 2322|         default:
# 2323|->           free(replies);
# 2324|             return (PAM_CONV_ERR);
# 2325|       }

Error: GCC_ANALYZER_WARNING: [#def61]
cups-2.4.12/scheduler/cupsfilter.c:904:9: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘infd’
cups-2.4.12/scheduler/cupsfilter.c:889:6: branch_true: following ‘true’ branch (when ‘pid == 0’)...
cups-2.4.12/scheduler/cupsfilter.c:897:8: branch_true: ...to here
cups-2.4.12/scheduler/cupsfilter.c:897:8: branch_true: following ‘true’ branch (when ‘infd != 0’)...
cups-2.4.12/scheduler/cupsfilter.c:899:10: branch_true: ...to here
cups-2.4.12/scheduler/cupsfilter.c:899:10: branch_true: following ‘true’ branch (when ‘infd < 0’)...
cups-2.4.12/scheduler/cupsfilter.c:900:16: branch_true: ...to here
cups-2.4.12/scheduler/cupsfilter.c:900:16: acquire_resource: opened here
cups-2.4.12/scheduler/cupsfilter.c:902:10: branch_true: following ‘true’ branch (when ‘infd > 0’)...
cups-2.4.12/scheduler/cupsfilter.c:904:9: branch_true: ...to here
cups-2.4.12/scheduler/cupsfilter.c:904:9: danger: ‘infd’ could be invalid: unchecked value from [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  902|         if (infd > 0)
#  903|         {
#  904|->         dup2(infd, 0);
#  905|   	close(infd);
#  906|         }

Error: GCC_ANALYZER_WARNING: [#def62]
cups-2.4.12/scheduler/cupsfilter.c:916:9: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘outfd’
cups-2.4.12/scheduler/cupsfilter.c:889:6: branch_true: following ‘true’ branch (when ‘pid == 0’)...
cups-2.4.12/scheduler/cupsfilter.c:897:8: branch_true: ...to here
cups-2.4.12/scheduler/cupsfilter.c:909:8: branch_true: following ‘true’ branch (when ‘outfd != 1’)...
cups-2.4.12/scheduler/cupsfilter.c:911:10: branch_true: ...to here
cups-2.4.12/scheduler/cupsfilter.c:911:10: branch_true: following ‘true’ branch (when ‘outfd < 0’)...
cups-2.4.12/scheduler/cupsfilter.c:912:17: branch_true: ...to here
cups-2.4.12/scheduler/cupsfilter.c:912:17: acquire_resource: opened here
cups-2.4.12/scheduler/cupsfilter.c:914:10: branch_true: following ‘true’ branch (when ‘outfd > 1’)...
cups-2.4.12/scheduler/cupsfilter.c:916:9: branch_true: ...to here
cups-2.4.12/scheduler/cupsfilter.c:916:9: danger: ‘outfd’ could be invalid: unchecked value from [(7)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/6)
#  914|         if (outfd > 1)
#  915|         {
#  916|-> 	dup2(outfd, 1);
#  917|   	close(outfd);
#  918|         }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def63]
cups-2.4.12/scheduler/cupsfilter.c:921:8: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
cups-2.4.12/scheduler/cupsfilter.c:889:6: branch_true: following ‘true’ branch (when ‘pid == 0’)...
cups-2.4.12/scheduler/cupsfilter.c:897:8: branch_true: ...to here
cups-2.4.12/scheduler/cupsfilter.c:921:15: acquire_resource: opened here
cups-2.4.12/scheduler/cupsfilter.c:921:8: danger: ‘open("/dev/null", 2)’ leaks here; was opened at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  919|       }
#  920|   
#  921|->     if ((fd = open("/dev/null", O_RDWR)) > 3)
#  922|       {
#  923|         dup2(fd, 3);

Error: GCC_ANALYZER_WARNING: [#def64]
cups-2.4.12/scheduler/cupsfilter.c:923:7: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘open("/dev/null", 2)’
cups-2.4.12/scheduler/cupsfilter.c:889:6: branch_true: following ‘true’ branch (when ‘pid == 0’)...
cups-2.4.12/scheduler/cupsfilter.c:897:8: branch_true: ...to here
cups-2.4.12/scheduler/cupsfilter.c:921:15: acquire_resource: opened here
cups-2.4.12/scheduler/cupsfilter.c:921:8: branch_true: following ‘true’ branch...
cups-2.4.12/scheduler/cupsfilter.c:923:7: branch_true: ...to here
cups-2.4.12/scheduler/cupsfilter.c:923:7: danger: ‘open("/dev/null", 2)’ could be invalid: unchecked value from [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  921|       if ((fd = open("/dev/null", O_RDWR)) > 3)
#  922|       {
#  923|->       dup2(fd, 3);
#  924|         close(fd);
#  925|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def65]
cups-2.4.12/scheduler/cupsfilter.c:928:8: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
cups-2.4.12/scheduler/cupsfilter.c:889:6: branch_true: following ‘true’ branch (when ‘pid == 0’)...
cups-2.4.12/scheduler/cupsfilter.c:897:8: branch_true: ...to here
cups-2.4.12/scheduler/cupsfilter.c:928:15: acquire_resource: opened here
cups-2.4.12/scheduler/cupsfilter.c:928:8: danger: ‘open("/dev/null", 2)’ leaks here; was opened at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  926|       fcntl(3, F_SETFL, O_NDELAY);
#  927|   
#  928|->     if ((fd = open("/dev/null", O_RDWR)) > 4)
#  929|       {
#  930|         dup2(fd, 4);

Error: GCC_ANALYZER_WARNING: [#def66]
cups-2.4.12/scheduler/cupsfilter.c:930:7: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘open("/dev/null", 2)’
cups-2.4.12/scheduler/cupsfilter.c:889:6: branch_true: following ‘true’ branch (when ‘pid == 0’)...
cups-2.4.12/scheduler/cupsfilter.c:897:8: branch_true: ...to here
cups-2.4.12/scheduler/cupsfilter.c:928:15: acquire_resource: opened here
cups-2.4.12/scheduler/cupsfilter.c:928:8: branch_true: following ‘true’ branch...
cups-2.4.12/scheduler/cupsfilter.c:930:7: branch_true: ...to here
cups-2.4.12/scheduler/cupsfilter.c:930:7: danger: ‘open("/dev/null", 2)’ could be invalid: unchecked value from [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#  928|       if ((fd = open("/dev/null", O_RDWR)) > 4)
#  929|       {
#  930|->       dup2(fd, 4);
#  931|         close(fd);
#  932|       }

Error: GCC_ANALYZER_WARNING (CWE-479): [#def67]
cups-2.4.12/scheduler/cupsfilter.c:1522:3: warning[-Wanalyzer-unsafe-call-within-signal-handler]: call to ‘exit’ from within signal handler
cups-2.4.12/scheduler/cupsfilter.c:1289:1: enter_function: entry to ‘get_job_file’
cups-2.4.12/scheduler/cupsfilter.c:1316:6: branch_false: following ‘false’ branch...
cups-2.4.12/scheduler/cupsfilter.c:1322:7: branch_false: ...to here
cups-2.4.12/scheduler/cupsfilter.c:1322:6: branch_false: following ‘false’ branch...
cups-2.4.12/scheduler/cupsfilter.c:1333:15: branch_false: ...to here
cups-2.4.12/scheduler/cupsfilter.c:1333:6: branch_false: following ‘false’ branch...
cups-2.4.12/scheduler/cupsfilter.c:1341:13: branch_false: ...to here
cups-2.4.12/scheduler/cupsfilter.c:1349:6: branch_false: following ‘false’ branch...
cups-2.4.12/scheduler/cupsfilter.c:1356:3: branch_false: ...to here
cups-2.4.12/scheduler/cupsfilter.c:1509:1: enter_function: entry to ‘sighandler’
cups-2.4.12/scheduler/cupsfilter.c:1522:3: danger: call to ‘exit’ from within signal handler
# 1520|     */
# 1521|   
# 1522|->   exit(s);
# 1523|   }
# 1524|   

Error: CPPCHECK_WARNING (CWE-476): [#def68]
cups-2.4.12/scheduler/ipp.c:1878: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: userheader
# 1876|           userfooter = strdup(attr->values[1].string.text);
# 1877|   
# 1878|->       if (Classification != NULL && (strcmp(userheader, Classification) == 0)
# 1879|             && userfooter &&(strcmp(userfooter, Classification) == 0))
# 1880|         {

Error: CPPCHECK_WARNING (CWE-758): [#def69]
cups-2.4.12/scheduler/job.c:5913: warning[objectIndex]: The address of variable 'none' might be accessed at non-zero index.
# 5911|   
# 5912|       for (i = 0; i < num_reasons; i ++)
# 5913|->       if (strcmp(job->printer_reasons->values[i].string.text, reasons[i]))
# 5914|           break;
# 5915|   

Error: CPPCHECK_WARNING (CWE-758): [#def70]
cups-2.4.12/scheduler/job.c:5932: warning[objectIndex]: The address of variable 'none' might be accessed at non-zero index.
# 5930|   
# 5931|     for (i = 0; i < num_reasons; i ++)
# 5932|->     job->printer_reasons->values[i].string.text = _cupsStrAlloc(reasons[i]);
# 5933|   
# 5934|     job->dirty = 1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def71]
cups-2.4.12/scheduler/log.c:1307:5: warning[-Wanalyzer-malloc-leak]: leak of ‘log_line’
cups-2.4.12/scheduler/log.c:686:1: enter_function: entry to ‘cupsdLogMessage’
cups-2.4.12/scheduler/log.c:728:11: branch_false: following ‘false’ branch...
cups-2.4.12/scheduler/log.c:732:11: branch_false: following ‘false’ branch (when the strings are non-equal)...
cups-2.4.12/scheduler/log.c:745:3: branch_false: ...to here
cups-2.4.12/scheduler/log.c:750:14: call_function: calling ‘format_log_line’ from ‘cupsdLogMessage’
cups-2.4.12/scheduler/log.c:750:14: return_function: returning to ‘cupsdLogMessage’ from ‘format_log_line’
cups-2.4.12/scheduler/log.c:753:10: branch_true: following ‘true’ branch...
 branch_true: ...to here
cups-2.4.12/scheduler/log.c:750:14: call_function: calling ‘format_log_line’ from ‘cupsdLogMessage’
# 1305|     {
# 1306|       log_linesize = 8192;
# 1307|->     log_line     = malloc(log_linesize);
# 1308|   
# 1309|       if (!log_line)

Error: GCC_ANALYZER_WARNING (CWE-688): [#def72]
cups-2.4.12/scheduler/main.c:341:11: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘ConfigurationFile’ where non-null expected
cups-2.4.12/scheduler/main.c:103:1: enter_function: entry to ‘main’
cups-2.4.12/scheduler/main.c:149:6: branch_false: following ‘false’ branch...
cups-2.4.12/scheduler/main.c:162:8: branch_false: ...to here
cups-2.4.12/scheduler/main.c:332:6: branch_true: following ‘true’ branch...
cups-2.4.12/scheduler/main.c:333:5: branch_true: ...to here
cups-2.4.12/scheduler/main.c:333:5: call_function: calling ‘cupsdSetString’ from ‘main’
cups-2.4.12/scheduler/main.c:333:5: return_function: returning to ‘main’ from ‘cupsdSetString’
cups-2.4.12/scheduler/main.c:335:6: branch_true: following ‘true’ branch...
cups-2.4.12/scheduler/main.c:341:11: branch_true: ...to here
cups-2.4.12/scheduler/main.c:341:11: danger: argument 1 (‘ConfigurationFile’) from [(14)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/13) could be NULL where non-null expected
#argument 1 of ‘__builtin_strlen’ must be non-null
#  339|       size_t	len;			/* Size of buffer */
#  340|   
#  341|->     len = strlen(ConfigurationFile) + 15;
#  342|       if ((filename = malloc(len)) == NULL)
#  343|       {

Error: CPPCHECK_WARNING (CWE-476): [#def73]
cups-2.4.12/scheduler/mime.c:180: error[ctunullpointer]: Null pointer dereference: mime
#  178|   
#  179|   
#  180|->   if (mime->error_cb)
#  181|     {
#  182|       va_start(ap, message);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def74]
cups-2.4.12/scheduler/util.c:302:8: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 0)’
cups-2.4.12/scheduler/util.c:247:6: branch_false: following ‘false’ branch...
cups-2.4.12/scheduler/util.c:257:30: branch_false: ...to here
cups-2.4.12/scheduler/util.c:257:6: branch_false: following ‘false’ branch...
cups-2.4.12/scheduler/util.c:267:30: branch_false: ...to here
cups-2.4.12/scheduler/util.c:267:6: branch_false: following ‘false’ branch...
cups-2.4.12/scheduler/util.c:281:15: branch_false: ...to here
cups-2.4.12/scheduler/util.c:281:6: branch_false: following ‘false’ branch...
cups-2.4.12/scheduler/util.c:293:11: branch_false: ...to here
cups-2.4.12/scheduler/util.c:293:11: branch_true: following ‘true’ branch...
cups-2.4.12/scheduler/util.c:299:10: branch_true: ...to here
cups-2.4.12/scheduler/util.c:302:15: acquire_resource: opened here
cups-2.4.12/scheduler/util.c:302:8: danger: ‘open("/dev/null", 0)’ leaks here; was opened at [(12)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/11)
#  300|         setuid(user);			/* Run as restricted user */
#  301|   
#  302|->     if ((fd = open("/dev/null", O_RDONLY)) > 0)
#  303|       {
#  304|         dup2(fd, 0);			/* </dev/null */

Error: GCC_ANALYZER_WARNING: [#def75]
cups-2.4.12/scheduler/util.c:304:7: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘open("/dev/null", 0)’
cups-2.4.12/scheduler/util.c:247:6: branch_false: following ‘false’ branch...
cups-2.4.12/scheduler/util.c:257:30: branch_false: ...to here
cups-2.4.12/scheduler/util.c:257:6: branch_false: following ‘false’ branch...
cups-2.4.12/scheduler/util.c:267:30: branch_false: ...to here
cups-2.4.12/scheduler/util.c:267:6: branch_false: following ‘false’ branch...
cups-2.4.12/scheduler/util.c:281:15: branch_false: ...to here
cups-2.4.12/scheduler/util.c:281:6: branch_false: following ‘false’ branch...
cups-2.4.12/scheduler/util.c:293:11: branch_false: ...to here
cups-2.4.12/scheduler/util.c:293:11: branch_true: following ‘true’ branch...
cups-2.4.12/scheduler/util.c:299:10: branch_true: ...to here
cups-2.4.12/scheduler/util.c:302:15: acquire_resource: opened here
cups-2.4.12/scheduler/util.c:302:8: branch_true: following ‘true’ branch...
cups-2.4.12/scheduler/util.c:304:7: branch_true: ...to here
cups-2.4.12/scheduler/util.c:304:7: danger: ‘open("/dev/null", 0)’ could be invalid: unchecked value from [(12)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/11)
#  302|       if ((fd = open("/dev/null", O_RDONLY)) > 0)
#  303|       {
#  304|->       dup2(fd, 0);			/* </dev/null */
#  305|         close(fd);
#  306|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def76]
cups-2.4.12/tools/ippevepcl.c:271:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
cups-2.4.12/tools/ippevepcl.c:266:6: branch_true: following ‘true’ branch (when ‘filename’ is non-NULL)...
cups-2.4.12/tools/ippevepcl.c:268:15: branch_true: ...to here
cups-2.4.12/tools/ippevepcl.c:268:15: acquire_resource: opened here
cups-2.4.12/tools/ippevepcl.c:268:8: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippevepcl.c:279:3: branch_false: ...to here
cups-2.4.12/tools/ippevepcl.c:292:6: branch_false: following ‘false’ branch (when ‘fd == 0’)...
 branch_false: ...to here
cups-2.4.12/tools/ippevepcl.c:271:14: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  269|       {
#  270|         fprintf(stderr, "ERROR: Unable to open \"%s\": %s\n", filename, strerror(errno));
#  271|->       return (1);
#  272|       }
#  273|     }

Error: GCC_ANALYZER_WARNING (CWE-686): [#def77]
cups-2.4.12/tools/ippeveprinter.c:3004:9: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘int’ but received ‘char (*)[32]’ for variadic argument 1 of ‘ap’
cups-2.4.12/tools/ippeveprinter.c:8224:1: enter_function: entry to ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8271:8: call_function: calling ‘respond_http’ from ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8271:8: return_function: returning to ‘show_supplies’ from ‘respond_http’
cups-2.4.12/tools/ippeveprinter.c:8271:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8274:23: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8274:3: call_function: calling ‘html_header’ from ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8274:3: return_function: returning to ‘show_supplies’ from ‘html_header’
cups-2.4.12/tools/ippeveprinter.c:8276:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8283:16: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8285:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8292:21: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8292:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8299:7: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8299:6: branch_true: following ‘true’ branch...
cups-2.4.12/tools/ippeveprinter.c:8300:19: branch_true: ...to here
cups-2.4.12/tools/ippeveprinter.c:8300:19: call_function: calling ‘parse_options’ from ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8300:19: return_function: returning to ‘show_supplies’ from ‘parse_options’
cups-2.4.12/tools/ippeveprinter.c:8355:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8358:3: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8358:3: call_function: calling ‘html_printf’ from ‘show_supplies’ with 0 variadic arguments
cups-2.4.12/tools/ippeveprinter.c:8358:3: return_function: returning to ‘show_supplies’ from ‘html_printf’
cups-2.4.12/tools/ippeveprinter.c:8359:15: branch_true: following ‘true’ branch...
cups-2.4.12/tools/ippeveprinter.c:8361:20: branch_true: ...to here
cups-2.4.12/tools/ippeveprinter.c:8368:8: branch_false: following ‘false’ branch (when ‘supply_ptr’ is NULL)...
cups-2.4.12/tools/ippeveprinter.c:8373:9: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8376:7: call_function: calling ‘html_printf’ from ‘show_supplies’ with 1 variadic argument
cups-2.4.12/tools/ippeveprinter.c:8376:7: return_function: returning to ‘show_supplies’ from ‘html_printf’
cups-2.4.12/tools/ippeveprinter.c:8378:8: branch_false: following ‘false’ branch (when ‘level > 9’)...
cups-2.4.12/tools/ippeveprinter.c:8381:7: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8381:7: call_function: calling ‘html_printf’ from ‘show_supplies’ with 4 variadic arguments
# 3002|   
# 3003|   	format ++;
# 3004|-> 	width = va_arg(ap, int);
# 3005|   
# 3006|   	snprintf(tptr, sizeof(tformat) - (size_t)(tptr - tformat), "%d", width);

Error: GCC_ANALYZER_WARNING (CWE-686): [#def78]
cups-2.4.12/tools/ippeveprinter.c:3004:9: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘int’ but received ‘char *’ for variadic argument 1 of ‘ap’
cups-2.4.12/tools/ippeveprinter.c:8224:1: enter_function: entry to ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8271:8: call_function: calling ‘respond_http’ from ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8271:8: return_function: returning to ‘show_supplies’ from ‘respond_http’
cups-2.4.12/tools/ippeveprinter.c:8271:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8274:23: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8274:3: call_function: calling ‘html_header’ from ‘show_supplies’
# 3002|   
# 3003|   	format ++;
# 3004|-> 	width = va_arg(ap, int);
# 3005|   
# 3006|   	snprintf(tptr, sizeof(tformat) - (size_t)(tptr - tformat), "%d", width);

Error: GCC_ANALYZER_WARNING (CWE-686): [#def79]
cups-2.4.12/tools/ippeveprinter.c:3004:9: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘int’ but received ‘const char *’ for variadic argument 1 of ‘ap’
cups-2.4.12/tools/ippeveprinter.c:8224:1: enter_function: entry to ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8271:8: call_function: calling ‘respond_http’ from ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8271:8: return_function: returning to ‘show_supplies’ from ‘respond_http’
cups-2.4.12/tools/ippeveprinter.c:8271:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8274:23: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8274:3: call_function: calling ‘html_header’ from ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8274:3: return_function: returning to ‘show_supplies’ from ‘html_header’
cups-2.4.12/tools/ippeveprinter.c:8276:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8283:16: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8285:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8292:21: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8292:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8299:7: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8299:6: branch_true: following ‘true’ branch...
cups-2.4.12/tools/ippeveprinter.c:8300:19: branch_true: ...to here
cups-2.4.12/tools/ippeveprinter.c:8300:19: call_function: calling ‘parse_options’ from ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8300:19: return_function: returning to ‘show_supplies’ from ‘parse_options’
cups-2.4.12/tools/ippeveprinter.c:8355:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8358:3: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8358:3: call_function: calling ‘html_printf’ from ‘show_supplies’ with 0 variadic arguments
cups-2.4.12/tools/ippeveprinter.c:8358:3: return_function: returning to ‘show_supplies’ from ‘html_printf’
cups-2.4.12/tools/ippeveprinter.c:8359:15: branch_true: following ‘true’ branch...
cups-2.4.12/tools/ippeveprinter.c:8361:20: branch_true: ...to here
cups-2.4.12/tools/ippeveprinter.c:8368:8: branch_false: following ‘false’ branch (when ‘supply_ptr’ is NULL)...
cups-2.4.12/tools/ippeveprinter.c:8373:9: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8373:8: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8376:7: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8376:7: call_function: calling ‘html_printf’ from ‘show_supplies’ with 1 variadic argument
# 3002|   
# 3003|   	format ++;
# 3004|-> 	width = va_arg(ap, int);
# 3005|   
# 3006|   	snprintf(tptr, sizeof(tformat) - (size_t)(tptr - tformat), "%d", width);

Error: GCC_ANALYZER_WARNING (CWE-685): [#def80]
cups-2.4.12/tools/ippeveprinter.c:3004:9: warning[-Wanalyzer-va-list-exhausted]: ‘ap’ has no more arguments (0 consumed)
cups-2.4.12/tools/ippeveprinter.c:8224:1: enter_function: entry to ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8271:8: call_function: calling ‘respond_http’ from ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8271:8: return_function: returning to ‘show_supplies’ from ‘respond_http’
cups-2.4.12/tools/ippeveprinter.c:8271:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8274:23: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8274:3: call_function: calling ‘html_header’ from ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8274:3: return_function: returning to ‘show_supplies’ from ‘html_header’
cups-2.4.12/tools/ippeveprinter.c:8276:6: branch_true: following ‘true’ branch...
cups-2.4.12/tools/ippeveprinter.c:8278:5: branch_true: ...to here
cups-2.4.12/tools/ippeveprinter.c:8278:5: call_function: calling ‘html_printf’ from ‘show_supplies’ with 0 variadic arguments
# 3002|   
# 3003|   	format ++;
# 3004|-> 	width = va_arg(ap, int);
# 3005|   
# 3006|   	snprintf(tptr, sizeof(tformat) - (size_t)(tptr - tformat), "%d", width);

Error: GCC_ANALYZER_WARNING (CWE-686): [#def81]
cups-2.4.12/tools/ippeveprinter.c:3036:11: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘int’ but received ‘char (*)[32]’ for variadic argument 1 of ‘ap’
cups-2.4.12/tools/ippeveprinter.c:8224:1: enter_function: entry to ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8271:8: call_function: calling ‘respond_http’ from ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8271:8: return_function: returning to ‘show_supplies’ from ‘respond_http’
cups-2.4.12/tools/ippeveprinter.c:8271:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8274:23: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8274:3: call_function: calling ‘html_header’ from ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8274:3: return_function: returning to ‘show_supplies’ from ‘html_header’
cups-2.4.12/tools/ippeveprinter.c:8276:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8283:16: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8285:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8292:21: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8292:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8299:7: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8299:6: branch_true: following ‘true’ branch...
cups-2.4.12/tools/ippeveprinter.c:8300:19: branch_true: ...to here
cups-2.4.12/tools/ippeveprinter.c:8300:19: call_function: calling ‘parse_options’ from ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8300:19: return_function: returning to ‘show_supplies’ from ‘parse_options’
cups-2.4.12/tools/ippeveprinter.c:8355:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8358:3: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8358:3: call_function: calling ‘html_printf’ from ‘show_supplies’ with 0 variadic arguments
cups-2.4.12/tools/ippeveprinter.c:8358:3: return_function: returning to ‘show_supplies’ from ‘html_printf’
cups-2.4.12/tools/ippeveprinter.c:8359:15: branch_true: following ‘true’ branch...
cups-2.4.12/tools/ippeveprinter.c:8361:20: branch_true: ...to here
cups-2.4.12/tools/ippeveprinter.c:8368:8: branch_false: following ‘false’ branch (when ‘supply_ptr’ is NULL)...
cups-2.4.12/tools/ippeveprinter.c:8373:9: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8376:7: call_function: calling ‘html_printf’ from ‘show_supplies’ with 1 variadic argument
cups-2.4.12/tools/ippeveprinter.c:8376:7: return_function: returning to ‘show_supplies’ from ‘html_printf’
cups-2.4.12/tools/ippeveprinter.c:8378:8: branch_false: following ‘false’ branch (when ‘level > 9’)...
cups-2.4.12/tools/ippeveprinter.c:8381:7: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8381:7: call_function: calling ‘html_printf’ from ‘show_supplies’ with 4 variadic arguments
# 3034|   
# 3035|   	  format ++;
# 3036|-> 	  prec = va_arg(ap, int);
# 3037|   
# 3038|   	  snprintf(tptr, sizeof(tformat) - (size_t)(tptr - tformat), "%d", prec);

Error: GCC_ANALYZER_WARNING (CWE-686): [#def82]
cups-2.4.12/tools/ippeveprinter.c:3036:11: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘int’ but received ‘char *’ for variadic argument 1 of ‘ap’
cups-2.4.12/tools/ippeveprinter.c:8224:1: enter_function: entry to ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8271:8: call_function: calling ‘respond_http’ from ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8271:8: return_function: returning to ‘show_supplies’ from ‘respond_http’
cups-2.4.12/tools/ippeveprinter.c:8271:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8274:23: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8274:3: call_function: calling ‘html_header’ from ‘show_supplies’
# 3034|   
# 3035|   	  format ++;
# 3036|-> 	  prec = va_arg(ap, int);
# 3037|   
# 3038|   	  snprintf(tptr, sizeof(tformat) - (size_t)(tptr - tformat), "%d", prec);

Error: GCC_ANALYZER_WARNING (CWE-686): [#def83]
cups-2.4.12/tools/ippeveprinter.c:3036:11: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘int’ but received ‘const char *’ for variadic argument 1 of ‘ap’
cups-2.4.12/tools/ippeveprinter.c:8224:1: enter_function: entry to ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8271:8: call_function: calling ‘respond_http’ from ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8271:8: return_function: returning to ‘show_supplies’ from ‘respond_http’
cups-2.4.12/tools/ippeveprinter.c:8271:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8274:23: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8274:3: call_function: calling ‘html_header’ from ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8274:3: return_function: returning to ‘show_supplies’ from ‘html_header’
cups-2.4.12/tools/ippeveprinter.c:8276:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8283:16: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8285:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8292:21: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8292:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8299:7: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8299:6: branch_true: following ‘true’ branch...
cups-2.4.12/tools/ippeveprinter.c:8300:19: branch_true: ...to here
cups-2.4.12/tools/ippeveprinter.c:8300:19: call_function: calling ‘parse_options’ from ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8300:19: return_function: returning to ‘show_supplies’ from ‘parse_options’
cups-2.4.12/tools/ippeveprinter.c:8355:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8358:3: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8358:3: call_function: calling ‘html_printf’ from ‘show_supplies’ with 0 variadic arguments
cups-2.4.12/tools/ippeveprinter.c:8358:3: return_function: returning to ‘show_supplies’ from ‘html_printf’
cups-2.4.12/tools/ippeveprinter.c:8359:15: branch_true: following ‘true’ branch...
cups-2.4.12/tools/ippeveprinter.c:8361:20: branch_true: ...to here
cups-2.4.12/tools/ippeveprinter.c:8368:8: branch_false: following ‘false’ branch (when ‘supply_ptr’ is NULL)...
cups-2.4.12/tools/ippeveprinter.c:8373:9: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8373:8: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8376:7: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8376:7: call_function: calling ‘html_printf’ from ‘show_supplies’ with 1 variadic argument
# 3034|   
# 3035|   	  format ++;
# 3036|-> 	  prec = va_arg(ap, int);
# 3037|   
# 3038|   	  snprintf(tptr, sizeof(tformat) - (size_t)(tptr - tformat), "%d", prec);

Error: GCC_ANALYZER_WARNING (CWE-685): [#def84]
cups-2.4.12/tools/ippeveprinter.c:3036:11: warning[-Wanalyzer-va-list-exhausted]: ‘ap’ has no more arguments (0 consumed)
cups-2.4.12/tools/ippeveprinter.c:8224:1: enter_function: entry to ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8271:8: call_function: calling ‘respond_http’ from ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8271:8: return_function: returning to ‘show_supplies’ from ‘respond_http’
cups-2.4.12/tools/ippeveprinter.c:8271:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveprinter.c:8274:23: branch_false: ...to here
cups-2.4.12/tools/ippeveprinter.c:8274:3: call_function: calling ‘html_header’ from ‘show_supplies’
cups-2.4.12/tools/ippeveprinter.c:8274:3: return_function: returning to ‘show_supplies’ from ‘html_header’
cups-2.4.12/tools/ippeveprinter.c:8276:6: branch_true: following ‘true’ branch...
cups-2.4.12/tools/ippeveprinter.c:8278:5: branch_true: ...to here
cups-2.4.12/tools/ippeveprinter.c:8278:5: call_function: calling ‘html_printf’ from ‘show_supplies’ with 0 variadic arguments
# 3034|   
# 3035|   	  format ++;
# 3036|-> 	  prec = va_arg(ap, int);
# 3037|   
# 3038|   	  snprintf(tptr, sizeof(tformat) - (size_t)(tptr - tformat), "%d", prec);

Error: CPPCHECK_WARNING (CWE-476): [#def85]
cups-2.4.12/tools/ippeveprinter.c:7435: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: start
# 7433|       char *temptypes = strdup(printer->dnssd_subtypes), *start, *end;
# 7434|   
# 7435|->     for (start = temptypes; *start; start = end)
# 7436|       {
# 7437|         if ((end = strchr(start, ',')) != NULL)

Error: CPPCHECK_WARNING (CWE-476): [#def86]
cups-2.4.12/tools/ippeveprinter.c:7459: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: start
# 7457|       char *temptypes = strdup(printer->dnssd_subtypes), *start, *end;
# 7458|   
# 7459|->     for (start = temptypes; *start; start = end)
# 7460|       {
# 7461|         if ((end = strchr(start, ',')) != NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def87]
cups-2.4.12/tools/ippeveps.c:564:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
cups-2.4.12/tools/ippeveps.c:559:6: branch_true: following ‘true’ branch (when ‘filename’ is non-NULL)...
cups-2.4.12/tools/ippeveps.c:561:15: branch_true: ...to here
cups-2.4.12/tools/ippeveps.c:561:15: acquire_resource: opened here
cups-2.4.12/tools/ippeveps.c:561:8: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveps.c:577:11: branch_false: ...to here
cups-2.4.12/tools/ippeveps.c:583:8: branch_false: following ‘false’ branch (when ‘fd == 0’)...
cups-2.4.12/tools/ippeveps.c:586:12: branch_false: ...to here
cups-2.4.12/tools/ippeveps.c:564:14: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  562|       {
#  563|         fprintf(stderr, "ERROR: Unable to open \"%s\": %s\n", filename, strerror(errno));
#  564|->       return (1);
#  565|       }
#  566|     }

Error: GCC_ANALYZER_WARNING (CWE-835): [#def88]
cups-2.4.12/tools/ippeveps.c:589:54: warning[-Wanalyzer-infinite-loop]: infinite loop
cups-2.4.12/tools/ippeveps.c:589:54: danger: infinite loop here
cups-2.4.12/tools/ippeveps.c:589:54: branch_true: when ‘bufptr < bufend’: always following ‘true’ branch...
cups-2.4.12/tools/ippeveps.c:595:9: branch_true: ...to here
cups-2.4.12/tools/ippeveps.c:595:8: branch_false: if it ever follows ‘false’ branch, it will always do so...
 branch_false: ...to here
#  587|     }
#  588|   
#  589|->   for (bufptr = buffer + 2, bufend = buffer + bytes; bufptr < bufend;)
#  590|     {
#  591|      /*

Error: GCC_ANALYZER_WARNING: [#def89]
cups-2.4.12/tools/ippeveps.c:833:5: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘1’
cups-2.4.12/tools/ippeveps.c:797:6: branch_false: following ‘false’ branch...
cups-2.4.12/tools/ippeveps.c:807:16: branch_false: ...to here
cups-2.4.12/tools/ippeveps.c:826:6: branch_true: following ‘true’ branch (when ‘pid == 0’)...
cups-2.4.12/tools/ippeveps.c:832:5: branch_true: ...to here
cups-2.4.12/tools/ippeveps.c:832:5: release_resource: closed here
cups-2.4.12/tools/ippeveps.c:833:5: danger: ‘1’ could be invalid
#  831|   
#  832|       close(1);
#  833|->     dup2(tempfd, 1);
#  834|       close(tempfd);
#  835|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def90]
cups-2.4.12/tools/ippfind.c:337:14: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
cups-2.4.12/tools/ippfind.c:200:1: enter_function: entry to ‘main’
cups-2.4.12/tools/ippfind.c:275:15: branch_true: following ‘true’ branch (when ‘i < argc’)...
cups-2.4.12/tools/ippfind.c:277:13: branch_true: ...to here
cups-2.4.12/tools/ippfind.c:277:8: branch_true: following ‘true’ branch...
cups-2.4.12/tools/ippfind.c:279:11: branch_true: ...to here
cups-2.4.12/tools/ippfind.c:279:10: branch_true: following ‘true’ branch...
cups-2.4.12/tools/ippfind.c:285:14: branch_true: ...to here
cups-2.4.12/tools/ippfind.c:285:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
cups-2.4.12/tools/ippfind.c:302:19: branch_false: ...to here
cups-2.4.12/tools/ippfind.c:302:17: branch_false: following ‘false’ branch (when the strings are non-equal)...
cups-2.4.12/tools/ippfind.c:317:19: branch_false: ...to here
cups-2.4.12/tools/ippfind.c:317:17: branch_true: following ‘true’ branch (when the strings are equal)...
cups-2.4.12/tools/ippfind.c:319:11: branch_true: ...to here
cups-2.4.12/tools/ippfind.c:320:14: branch_false: following ‘false’ branch (when ‘argc > i’)...
cups-2.4.12/tools/ippfind.c:328:37: branch_false: ...to here
cups-2.4.12/tools/ippfind.c:327:23: call_function: calling ‘new_expr’ from ‘main’
cups-2.4.12/tools/ippfind.c:327:23: return_function: returning to ‘main’ from ‘new_expr’
cups-2.4.12/tools/ippfind.c:327:14: branch_false: following ‘false’ branch...
 branch_false: ...to here
cups-2.4.12/tools/ippfind.c:331:18: branch_true: following ‘true’ branch (when ‘i < argc’)...
cups-2.4.12/tools/ippfind.c:332:29: branch_true: ...to here
cups-2.4.12/tools/ippfind.c:337:14: danger: ‘<unknown>’ leaks here; was allocated at [(28)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/27)
#  335|                 i ++;
#  336|   
#  337|->           if (i >= argc)
#  338|             {
#  339|               _cupsLangPrintf(stderr, _("ippfind: Expected semi-colon after %s."),

Error: GCC_ANALYZER_WARNING (CWE-476): [#def91]
cups-2.4.12/tools/ippfind.c:1570:11: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
cups-2.4.12/tools/ippfind.c:1530:1: enter_function: entry to ‘browse_callback’
cups-2.4.12/tools/ippfind.c:1567:19: call_function: calling ‘get_service’ from ‘browse_callback’
cups-2.4.12/tools/ippfind.c:1567:19: return_function: returning to ‘browse_callback’ from ‘get_service’
cups-2.4.12/tools/ippfind.c:1569:12: branch_true: following ‘true’ branch...
cups-2.4.12/tools/ippfind.c:1570:11: branch_true: ...to here
cups-2.4.12/tools/ippfind.c:1570:11: danger: dereference of NULL ‘get_service(context,  name,  type,  domain)’
# 1568|   
# 1569|   	if (flags & AVAHI_LOOKUP_RESULT_LOCAL)
# 1570|-> 	  service->is_local = 1;
# 1571|   	break;
# 1572|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def92]
cups-2.4.12/tools/ippfind.c:2453:28: warning[-Wanalyzer-malloc-leak]: leak of ‘new_expr(16, invert, 0, 0,  argv + (long unsigned int)i * 8)’
cups-2.4.12/tools/ippfind.c:200:1: enter_function: entry to ‘main’
cups-2.4.12/tools/ippfind.c:275:15: branch_true: following ‘true’ branch (when ‘i < argc’)...
cups-2.4.12/tools/ippfind.c:277:13: branch_true: ...to here
cups-2.4.12/tools/ippfind.c:277:8: branch_true: following ‘true’ branch...
cups-2.4.12/tools/ippfind.c:279:11: branch_true: ...to here
cups-2.4.12/tools/ippfind.c:279:10: branch_true: following ‘true’ branch...
cups-2.4.12/tools/ippfind.c:285:14: branch_true: ...to here
cups-2.4.12/tools/ippfind.c:285:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
cups-2.4.12/tools/ippfind.c:302:19: branch_false: ...to here
cups-2.4.12/tools/ippfind.c:302:17: branch_false: following ‘false’ branch (when the strings are non-equal)...
cups-2.4.12/tools/ippfind.c:317:19: branch_false: ...to here
cups-2.4.12/tools/ippfind.c:317:17: branch_true: following ‘true’ branch (when the strings are equal)...
cups-2.4.12/tools/ippfind.c:319:11: branch_true: ...to here
cups-2.4.12/tools/ippfind.c:320:14: branch_false: following ‘false’ branch (when ‘argc > i’)...
cups-2.4.12/tools/ippfind.c:328:37: branch_false: ...to here
cups-2.4.12/tools/ippfind.c:327:23: call_function: calling ‘new_expr’ from ‘main’
cups-2.4.12/tools/ippfind.c:327:23: return_function: returning to ‘main’ from ‘new_expr’
cups-2.4.12/tools/ippfind.c:327:14: branch_false: following ‘false’ branch...
 branch_false: ...to here
cups-2.4.12/tools/ippfind.c:331:18: branch_true: following ‘true’ branch (when ‘i < argc’)...
cups-2.4.12/tools/ippfind.c:332:29: branch_true: ...to here
cups-2.4.12/tools/ippfind.c:2453:28: danger: ‘new_expr(16, invert, 0, 0,  argv + (long unsigned int)i * 8)’ leaks here; was allocated at [(18)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/17)
# 2451|       int	num_args;			/* Number of arguments */
# 2452|   
# 2453|->     for (num_args = 1; args[num_args]; num_args ++)
# 2454|         if (!strcmp(args[num_args], ";"))
# 2455|           break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def93]
cups-2.4.12/tools/ippfind.c:2459:8: warning[-Wanalyzer-malloc-leak]: leak of ‘temp’
cups-2.4.12/tools/ippfind.c:2404:15: acquire_memory: allocated here
cups-2.4.12/tools/ippfind.c:2404:6: branch_false: following ‘false’ branch (when ‘temp’ is non-NULL)...
cups-2.4.12/tools/ippfind.c:2407:3: branch_false: ...to here
cups-2.4.12/tools/ippfind.c:2410:6: branch_true: following ‘true’ branch...
cups-2.4.12/tools/ippfind.c:2411:5: branch_true: ...to here
cups-2.4.12/tools/ippfind.c:2434:6: branch_false: following ‘false’ branch (when ‘regex’ is NULL)...
cups-2.4.12/tools/ippfind.c:2449:6: branch_false: ...to here
cups-2.4.12/tools/ippfind.c:2449:6: branch_true: following ‘true’ branch (when ‘args’ is non-NULL)...
 branch_true: ...to here
cups-2.4.12/tools/ippfind.c:2459:8: branch_true: following ‘true’ branch...
 branch_true: ...to here
cups-2.4.12/tools/ippfind.c:2459:8: danger: ‘temp’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
# 2457|       temp->num_args = num_args;
# 2458|       temp->args     = malloc((size_t)num_args * sizeof(char *));
# 2459|->     if (temp->args == NULL)
# 2460|         return (NULL);
# 2461|   

Error: CPPCHECK_WARNING (CWE-401): [#def94]
cups-2.4.12/tools/ippfind.c:2465: error[memleak]: Memory leak: temp.args
# 2463|     }
# 2464|   
# 2465|->   return (temp);
# 2466|   }
# 2467|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def95]
cups-2.4.12/tools/ippfind.c:2594:27: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘strdup(hostTarget)’ where non-null expected
cups-2.4.12/tools/ippfind.c:2591:26: acquire_memory: this call could return NULL
cups-2.4.12/tools/ippfind.c:2594:27: danger: argument 1 (‘strdup(hostTarget)’) from [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0) could be NULL where non-null expected
#argument 1 of ‘__builtin_strlen’ must be non-null
# 2592|     service->port        = port;
# 2593|   
# 2594|->   value = service->host + strlen(service->host) - 1;
# 2595|     if (value >= service->host && *value == '.')
# 2596|       *value = '\0';

Scan Properties