Newly introduced findings

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1]
erofs-utils-1.8.6/contrib/stress.c:127:9: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(subpath)’
erofs-utils-1.8.6/contrib/stress.c:762:5: enter_function: entry to ‘main’
erofs-utils-1.8.6/contrib/stress.c:769:12: branch_false: following ‘false’ branch...
erofs-utils-1.8.6/contrib/stress.c:775:15: branch_false: ...to here
erofs-utils-1.8.6/contrib/stress.c:775:15: call_function: calling ‘init_filetable’ from ‘main’
#  125|   	fep = &ftp->fents[ftp->nfiles++];
#  126|   	fep->subpath = strdup(subpath);
#  127|-> 	fep->fd = -1;
#  128|   	fep->chkfd = -1;
#  129|   	return fep;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def2]
erofs-utils-1.8.6/contrib/stress.c:758:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘freq_table’
erofs-utils-1.8.6/contrib/stress.c:752:22: acquire_memory: this call could return NULL
erofs-utils-1.8.6/contrib/stress.c:754:30: branch_true: following ‘true’ branch...
erofs-utils-1.8.6/contrib/stress.c:755:21: branch_true: ...to here
erofs-utils-1.8.6/contrib/stress.c:757:29: branch_true: following ‘true’ branch...
erofs-utils-1.8.6/contrib/stress.c:758:43: branch_true: ...to here
erofs-utils-1.8.6/contrib/stress.c:758:25: danger: ‘malloc((long unsigned int)f * 4) + (long unsigned int)i * 4’ could be NULL: unchecked value from [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  756|   			continue;
#  757|   		for (f = 0; f < p->freq; f++, i++)
#  758|-> 			freq_table[i] = p - ops;
#  759|   	}
#  760|   }

Scan Properties

analyzer-version-clippy1.86.0
analyzer-version-cppcheck2.17.1
analyzer-version-gcc15.0.1
analyzer-version-gcc-analyzer15.0.1
analyzer-version-shellcheck0.10.0
analyzer-version-unicontrol0.0.2
diffbase-analyzer-version-clippy1.86.0
diffbase-analyzer-version-cppcheck2.17.1
diffbase-analyzer-version-gcc15.0.1
diffbase-analyzer-version-gcc-analyzer15.0.1
diffbase-analyzer-version-shellcheck0.10.0
diffbase-analyzer-version-unicontrol0.0.2
diffbase-enabled-pluginsclippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code0
diffbase-hostip-172-16-1-107.us-west-2.compute.internal
diffbase-known-false-positives/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpmknown-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch
diffbase-mock-configfedora-rawhide-x86_64
diffbase-project-nameerofs-utils-1.8.5-2.fc42
diffbase-store-results-to/tmp/tmpulfi_n1v/erofs-utils-1.8.5-2.fc42.tar.xz
diffbase-time-created2025-04-25 12:21:41
diffbase-time-finished2025-04-25 12:24:19
diffbase-toolcsmock
diffbase-tool-args'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpulfi_n1v/erofs-utils-1.8.5-2.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpulfi_n1v/erofs-utils-1.8.5-2.fc42.src.rpm'
diffbase-tool-versioncsmock-3.8.1.20250422.172604.g26bc3d6-1.el9
enabled-pluginsclippy, cppcheck, gcc, shellcheck, unicontrol
exit-code0
hostip-172-16-1-107.us-west-2.compute.internal
known-false-positives/usr/share/csmock/known-false-positives.js
known-false-positives-rpmknown-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch
mock-configfedora-rawhide-x86_64
project-nameerofs-utils-1.8.6-1.fc43
store-results-to/tmp/tmpkd1i2tjq/erofs-utils-1.8.6-1.fc43.tar.xz
time-created2025-04-25 12:24:46
time-finished2025-04-25 12:27:03
titleNewly introduced findings
toolcsmock
tool-args'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpkd1i2tjq/erofs-utils-1.8.6-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpkd1i2tjq/erofs-utils-1.8.6-1.fc43.src.rpm'
tool-versioncsmock-3.8.1.20250422.172604.g26bc3d6-1.el9