Error: GCC_ANALYZER_WARNING (CWE-401): [#def1] erofs-utils-1.8.6/contrib/stress.c:127:9: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(subpath)’ erofs-utils-1.8.6/contrib/stress.c:762:5: enter_function: entry to ‘main’ erofs-utils-1.8.6/contrib/stress.c:769:12: branch_false: following ‘false’ branch... erofs-utils-1.8.6/contrib/stress.c:775:15: branch_false: ...to here erofs-utils-1.8.6/contrib/stress.c:775:15: call_function: calling ‘init_filetable’ from ‘main’ # 125| fep = &ftp->fents[ftp->nfiles++]; # 126| fep->subpath = strdup(subpath); # 127|-> fep->fd = -1; # 128| fep->chkfd = -1; # 129| return fep; Error: GCC_ANALYZER_WARNING (CWE-476): [#def2] erofs-utils-1.8.6/contrib/stress.c:758:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘freq_table’ erofs-utils-1.8.6/contrib/stress.c:752:22: acquire_memory: this call could return NULL erofs-utils-1.8.6/contrib/stress.c:754:30: branch_true: following ‘true’ branch... erofs-utils-1.8.6/contrib/stress.c:755:21: branch_true: ...to here erofs-utils-1.8.6/contrib/stress.c:757:29: branch_true: following ‘true’ branch... erofs-utils-1.8.6/contrib/stress.c:758:43: branch_true: ...to here erofs-utils-1.8.6/contrib/stress.c:758:25: danger: ‘malloc((long unsigned int)f * 4) + (long unsigned int)i * 4’ could be NULL: unchecked value from [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0) # 756| continue; # 757| for (f = 0; f < p->freq; f++, i++) # 758|-> freq_table[i] = p - ops; # 759| } # 760| } Error: CPPCHECK_WARNING (CWE-401): [#def3] erofs-utils-1.8.6/fsck/main.c:730: error[memleak]: Memory leak: entry # 728| list_add_tail(&entry->list, # 729| &erofsfsck_link_hashtable[nid % NR_HARDLINK_HASHTABLE]); # 730|-> return 0; # 731| } # 732| Error: GCC_ANALYZER_WARNING (CWE-479): [#def4] erofs-utils-1.8.6/fuse/main.c:619:25: warning[-Wanalyzer-unsafe-call-within-signal-handler]: call to ‘fprintf’ from within signal handler erofs-utils-1.8.6/fuse/main.c:631:5: enter_function: entry to ‘main’ erofs-utils-1.8.6/fuse/main.c:606:13: enter_function: entry to ‘signal_handle_sigsegv’ erofs-utils-1.8.6/fuse/main.c:617:12: branch_true: following ‘true’ branch (when ‘strings’ is non-NULL)... branch_true: ...to here erofs-utils-1.8.6/fuse/main.c:618:29: branch_true: following ‘true’ branch (when ‘i < nptrs’)... erofs-utils-1.8.6/fuse/main.c:619:25: branch_true: ...to here erofs-utils-1.8.6/fuse/main.c:619:25: danger: call to ‘fprintf’ from within signal handler # 617| if (strings) { # 618| for (i = 0; i < nptrs; i++) # 619|-> erofs_dump("%s\n", strings[i]); # 620| free(strings); # 621| } Error: GCC_ANALYZER_WARNING (CWE-479): [#def5] erofs-utils-1.8.6/fuse/main.c:620:17: warning[-Wanalyzer-unsafe-call-within-signal-handler]: call to ‘free’ from within signal handler erofs-utils-1.8.6/fuse/main.c:631:5: enter_function: entry to ‘main’ erofs-utils-1.8.6/fuse/main.c:606:13: enter_function: entry to ‘signal_handle_sigsegv’ erofs-utils-1.8.6/fuse/main.c:617:12: branch_true: following ‘true’ branch (when ‘strings’ is non-NULL)... branch_true: ...to here erofs-utils-1.8.6/fuse/main.c:620:17: danger: call to ‘free’ from within signal handler # 618| for (i = 0; i < nptrs; i++) # 619| erofs_dump("%s\n", strings[i]); # 620|-> free(strings); # 621| } # 622| erofs_dump("========================================\n"); Error: GCC_ANALYZER_WARNING (CWE-476): [#def6] erofs-utils-1.8.6/lib/../include/erofs/hashmap.h:71:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'e' erofs-utils-1.8.6/lib/hashmap.c:259:13: enter_function: entry to 'memintern' erofs-utils-1.8.6/lib/hashmap.c:272:12: branch_true: following 'true' branch... erofs-utils-1.8.6/lib/hashmap.c:274:17: call_function: inlined call to 'st_add' from 'memintern' erofs-utils-1.8.6/lib/hashmap.c:274:17: acquire_memory: this call could return NULL erofs-utils-1.8.6/lib/hashmap.c:275:17: call_function: inlined call to 'hashmap_entry_init' from 'memintern' # 69| struct hashmap_entry *e = entry; # 70| # 71|-> e->hash = hash; # 72| e->next = NULL; # 73| } Error: GCC_ANALYZER_WARNING (CWE-457): [#def7] erofs-utils-1.8.6/lib/blobchunk.c:198:22: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'extent_end' erofs-utils-1.8.6/lib/blobchunk.c:156:29: branch_false: following 'false' branch... erofs-utils-1.8.6/lib/blobchunk.c:197:15: branch_false: ...to here erofs-utils-1.8.6/lib/blobchunk.c:198:22: danger: use of uninitialized value 'extent_end' here # 196| } # 197| off = roundup(off, unit); # 198|-> extent_end = min(extent_end, extent_start + remaining_blks); # 199| if (extent_start != EROFS_NULL_ADDR) { # 200| zeroedlen = inode->i_size & (erofs_blksiz(sbi) - 1); Error: GCC_ANALYZER_WARNING (CWE-457): [#def8] erofs-utils-1.8.6/lib/blobchunk.c:234:25: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '*<unknown>' erofs-utils-1.8.6/lib/blobchunk.c:270:5: enter_function: entry to 'erofs_blob_write_chunked_file' erofs-utils-1.8.6/lib/blobchunk.c:291:12: branch_false: following 'false' branch... erofs-utils-1.8.6/lib/blobchunk.c:293:9: branch_false: ...to here erofs-utils-1.8.6/lib/blobchunk.c:296:12: branch_false: following 'false' branch... erofs-utils-1.8.6/lib/blobchunk.c:298:13: branch_false: ...to here erofs-utils-1.8.6/lib/blobchunk.c:304:12: branch_false: following 'false' branch (when 'chunkdata' is non-NULL)... erofs-utils-1.8.6/lib/blobchunk.c:307:31: branch_false: ...to here erofs-utils-1.8.6/lib/blobchunk.c:309:12: branch_false: following 'false' branch... erofs-utils-1.8.6/lib/blobchunk.c:315:22: branch_false: ...to here erofs-utils-1.8.6/lib/blobchunk.c:318:23: branch_false: following 'false' branch... erofs-utils-1.8.6/lib/blobchunk.c:379:9: call_function: inlined call to 'erofs_update_minextblks' from 'erofs_blob_write_chunked_file' erofs-utils-1.8.6/lib/blobchunk.c:382:16: call_function: calling 'erofs_blob_mergechunks' from 'erofs_blob_write_chunked_file' # 232| for (dst = src = 0; dst < count; ++dst) { # 233| *((void **)inode->chunkindexes + dst) = # 234|-> *((void **)inode->chunkindexes + src); # 235| src += 1U << (new_chunkbits - chunkbits); # 236| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def9] erofs-utils-1.8.6/lib/compress.c:362:9: warning[-Wanalyzer-malloc-leak]: leak of 'sctx.pivot' erofs-utils-1.8.6/lib/compress.c:1677:5: enter_function: entry to 'erofs_write_compressed_file' erofs-utils-1.8.6/lib/compress.c:1689:12: branch_false: following 'false' branch... erofs-utils-1.8.6/lib/compress.c:1694:14: branch_false: ...to here erofs-utils-1.8.6/lib/compress.c:1695:12: branch_false: following 'false' branch... erofs-utils-1.8.6/lib/compress.c:1699:18: branch_false: ...to here erofs-utils-1.8.6/lib/compress.c:1713:15: call_function: calling 'z_erofs_compress_segment' from 'erofs_write_compressed_file' # 360| out: # 361| z_erofs_commit_extent(ctx, ei); # 362|-> ctx->pivot = NULL; # 363| return 0; # 364| } Error: CPPCHECK_WARNING (CWE-401): [#def10] erofs-utils-1.8.6/lib/compressor_liblzma.c:110: error[memleak]: Memory leak: ctx # 108| # 109| if (lzma_lzma_preset(&ctx->opt, preset)) # 110|-> return -EINVAL; # 111| ctx->opt.dict_size = c->dict_size; # 112| Error: CPPCHECK_WARNING (CWE-758): [#def11] erofs-utils-1.8.6/lib/compressor_libzstd.c:90: error[shiftTooManyBits]: Shifting 32-bit value by 63 bits is undefined behaviour # 88| dict_size = min_t(u32, Z_EROFS_ZSTD_MAX_DICT_SIZE, # 89| cfg.c_mkfs_pclustersize_max << 3); # 90|-> dict_size = 1 << ilog2(dict_size); # 91| } # 92| } Error: CPPCHECK_WARNING (CWE-758): [#def12] erofs-utils-1.8.6/lib/compressor_libzstd.c:93: error[shiftTooManyBits]: Shifting 32-bit value by 63 bits is undefined behaviour # 91| } # 92| } # 93|-> if (dict_size != 1 << ilog2(dict_size) || # 94| dict_size > Z_EROFS_ZSTD_MAX_DICT_SIZE) { # 95| erofs_err("invalid dictionary size %u", dict_size); Error: GCC_ANALYZER_WARNING (CWE-476): [#def13] erofs-utils-1.8.6/lib/config.c:142:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 's' erofs-utils-1.8.6/lib/config.c:119:12: branch_true: following 'true' branch... erofs-utils-1.8.6/lib/config.c:125:20: branch_true: ...to here erofs-utils-1.8.6/lib/config.c:133:12: branch_false: following 'false' branch (when 'col > placeholder')... erofs-utils-1.8.6/lib/config.c:136:15: branch_false: ...to here erofs-utils-1.8.6/lib/config.c:138:12: branch_true: following 'true' branch... erofs-utils-1.8.6/lib/config.c:139:44: branch_true: ...to here erofs-utils-1.8.6/lib/config.c:139:27: acquire_memory: this call could return NULL erofs-utils-1.8.6/lib/config.c:141:20: branch_true: following 'true' branch... erofs-utils-1.8.6/lib/config.c:142:25: branch_true: ...to here erofs-utils-1.8.6/lib/config.c:142:25: danger: 's' could be NULL: unchecked value from [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6) # 140| # 141| if (col > placeholder + 2) { # 142|-> s[0] = '['; # 143| s[1] = ']'; # 144| } Error: COMPILER_WARNING (CWE-681): [#def14] erofs-utils-1.8.6/lib/decompress.c: scope_hint: In function 'z_erofs_qpl_get_job' erofs-utils-1.8.6/lib/decompress.c:136:59: warning[-Wpointer-sign]: pointer targets in passing argument 2 of 'qpl_get_job_size' differ in signedness # 136 | status = qpl_get_job_size(execution_path, &jobsize); # | ^~~~~~~~ # | | # | int32_t * {aka int *} /usr/include/qpl/qpl.h:22: included_from: Included from here. erofs-utils-1.8.6/lib/decompress.c:81: included_from: Included from here. /usr/include/qpl/c_api/job.h:161:1: note: expected 'uint32_t *' {aka 'unsigned int *'} but argument is of type 'int32_t *' {aka 'int *'} # 161 | QPL_API(qpl_status, qpl_get_job_size, (qpl_path_t qpl_path, uint32_t* job_size_ptr)) # | ^~~~~~~ # 134| # 135| if (!job) { # 136|-> status = qpl_get_job_size(execution_path, &jobsize); # 137| if (status != QPL_STS_OK) { # 138| erofs_err("failed to get job size: %d", status); Error: CPPCHECK_WARNING (CWE-457): [#def15] erofs-utils-1.8.6/lib/dir.c:168: error[uninitvar]: Uninitialized variable: de->nameoff # 166| } # 167| # 168|-> nameoff = le16_to_cpu(de->nameoff); # 169| if (nameoff < sizeof(struct erofs_dirent) || # 170| nameoff >= erofs_blksiz(sbi)) { Error: CPPCHECK_WARNING (CWE-401): [#def16] erofs-utils-1.8.6/lib/fragments.c:179: error[memleak]: Memory leak: di # 177| # 178| list_add_tail(&di->list, hash); # 179|-> return 0; # 180| } # 181| Error: GCC_ANALYZER_WARNING (CWE-835): [#def17] erofs-utils-1.8.6/lib/inode.c:140:9: warning[-Wanalyzer-infinite-loop]: infinite loop erofs-utils-1.8.6/lib/inode.c:1849:21: enter_function: entry to 'erofs_mkfs_build_tree_from_path' # 138| return got; # 139| # 140|-> list_for_each_entry_safe(d, t, &inode->i_subdirs, d_child) # 141| free(d); # 142| Error: GCC_ANALYZER_WARNING (CWE-415): [#def18] erofs-utils-1.8.6/lib/inode.c:141:17: warning[-Wanalyzer-double-free]: double-'free' of 'd' erofs-utils-1.8.6/lib/inode.c:1849:21: enter_function: entry to 'erofs_mkfs_build_tree_from_path' erofs-utils-1.8.6/lib/inode.c:1858:12: branch_false: following 'false' branch (when 'sbi' is non-NULL)... erofs-utils-1.8.6/lib/inode.c:1860:15: branch_false: ...to here erofs-utils-1.8.6/lib/inode.c:1860:15: call_function: calling 'erofs_mkfs_build_tree' from 'erofs_mkfs_build_tree_from_path' # 139| # 140| list_for_each_entry_safe(d, t, &inode->i_subdirs, d_child) # 141|-> free(d); # 142| # 143| free(inode->compressmeta); Error: GCC_ANALYZER_WARNING (CWE-401): [#def19] erofs-utils-1.8.6/lib/inode.c:236:24: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>' erofs-utils-1.8.6/lib/inode.c:1990:21: enter_function: entry to 'erofs_rebuild_make_root' erofs-utils-1.8.6/lib/inode.c:1994:16: call_function: calling 'erofs_new_inode' from 'erofs_rebuild_make_root' erofs-utils-1.8.6/lib/inode.c:1994:16: return_function: returning to 'erofs_rebuild_make_root' from 'erofs_new_inode' erofs-utils-1.8.6/lib/inode.c:1995:12: branch_false: following 'false' branch... erofs-utils-1.8.6/lib/inode.c:1997:27: branch_false: ...to here erofs-utils-1.8.6/lib/inode.c:2002:9: call_function: calling 'erofs_init_empty_dir' from 'erofs_rebuild_make_root' # 234| d = erofs_d_alloc(dir, "."); # 235| if (IS_ERR(d)) # 236|-> return PTR_ERR(d); # 237| d->inode = erofs_igrab(dir); # 238| d->type = EROFS_FT_DIR; Error: GCC_ANALYZER_WARNING (CWE-401): [#def20] erofs-utils-1.8.6/lib/inode.c:241:13: warning[-Wanalyzer-malloc-leak]: leak of 'erofs_d_alloc(dir, ".")' erofs-utils-1.8.6/lib/inode.c:1990:21: enter_function: entry to 'erofs_rebuild_make_root' erofs-utils-1.8.6/lib/inode.c:1994:16: call_function: calling 'erofs_new_inode' from 'erofs_rebuild_make_root' erofs-utils-1.8.6/lib/inode.c:1994:16: return_function: returning to 'erofs_rebuild_make_root' from 'erofs_new_inode' erofs-utils-1.8.6/lib/inode.c:1995:12: branch_false: following 'false' branch... erofs-utils-1.8.6/lib/inode.c:1997:27: branch_false: ...to here erofs-utils-1.8.6/lib/inode.c:2002:9: call_function: calling 'erofs_init_empty_dir' from 'erofs_rebuild_make_root' # 239| # 240| /* dotdot is pointed to the parent dir */ # 241|-> d = erofs_d_alloc(dir, ".."); # 242| if (IS_ERR(d)) # 243| return PTR_ERR(d); Error: GCC_ANALYZER_WARNING (CWE-401): [#def21] erofs-utils-1.8.6/lib/inode.c:243:24: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>' erofs-utils-1.8.6/lib/inode.c:1990:21: enter_function: entry to 'erofs_rebuild_make_root' erofs-utils-1.8.6/lib/inode.c:1994:16: call_function: calling 'erofs_new_inode' from 'erofs_rebuild_make_root' erofs-utils-1.8.6/lib/inode.c:1994:16: return_function: returning to 'erofs_rebuild_make_root' from 'erofs_new_inode' erofs-utils-1.8.6/lib/inode.c:1995:12: branch_false: following 'false' branch... erofs-utils-1.8.6/lib/inode.c:1997:27: branch_false: ...to here erofs-utils-1.8.6/lib/inode.c:2002:9: call_function: calling 'erofs_init_empty_dir' from 'erofs_rebuild_make_root' # 241| d = erofs_d_alloc(dir, ".."); # 242| if (IS_ERR(d)) # 243|-> return PTR_ERR(d); # 244| d->inode = erofs_igrab(erofs_parent_inode(dir)); # 245| d->type = EROFS_FT_DIR; Error: CPPCHECK_WARNING (CWE-457): [#def22] erofs-utils-1.8.6/lib/inode.c:394: error[uninitvar]: Uninitialized variable: de->nameoff # 392| return err; # 393| # 394|-> nameoff = le16_to_cpu(de->nameoff); # 395| if (nameoff < sizeof(struct erofs_dirent) || # 396| nameoff >= count) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def23] erofs-utils-1.8.6/lib/inode.c:1902:17: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>' erofs-utils-1.8.6/lib/inode.c:1875:21: enter_function: entry to 'erofs_mkfs_build_special_from_fd' erofs-utils-1.8.6/lib/inode.c:1884:12: branch_false: following 'false' branch (when 'ret >= 0')... erofs-utils-1.8.6/lib/inode.c:1887:15: branch_false: ...to here erofs-utils-1.8.6/lib/inode.c:1888:12: branch_false: following 'false' branch (when 'ret == 0')... erofs-utils-1.8.6/lib/inode.c:1891:17: branch_false: ...to here erofs-utils-1.8.6/lib/inode.c:1891:17: call_function: calling 'erofs_new_inode' from 'erofs_mkfs_build_special_from_fd' erofs-utils-1.8.6/lib/inode.c:1891:17: return_function: returning to 'erofs_mkfs_build_special_from_fd' from 'erofs_new_inode' erofs-utils-1.8.6/lib/inode.c:1892:12: branch_false: following 'false' branch... erofs-utils-1.8.6/lib/inode.c:1895:13: branch_false: ...to here erofs-utils-1.8.6/lib/inode.c:1900:15: call_function: calling 'erofs_fill_inode' from 'erofs_mkfs_build_special_from_fd' erofs-utils-1.8.6/lib/inode.c:1900:15: return_function: returning to 'erofs_mkfs_build_special_from_fd' from 'erofs_fill_inode' erofs-utils-1.8.6/lib/inode.c:1901:12: branch_true: following 'true' branch... erofs-utils-1.8.6/lib/inode.c:1902:17: branch_true: ...to here erofs-utils-1.8.6/lib/inode.c:1902:17: danger: '<unknown>' leaks here; was allocated at [(19)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/18) # 1900| ret = erofs_fill_inode(inode, &st, name); # 1901| if (ret) { # 1902|-> free(inode); # 1903| return ERR_PTR(ret); # 1904| } Error: CPPCHECK_WARNING (CWE-457): [#def24] erofs-utils-1.8.6/lib/namei.c:195: error[uninitvar]: Uninitialized variable: de->nameoff # 193| return ret; # 194| # 195|-> nameoff = le16_to_cpu(de->nameoff); # 196| if (nameoff < sizeof(struct erofs_dirent) || # 197| nameoff >= erofs_blksiz(sbi)) { Error: GCC_ANALYZER_WARNING (CWE-476): [#def25] erofs-utils-1.8.6/lib/rebuild.c:310:13: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' erofs-utils-1.8.6/lib/rebuild.c:291:12: branch_false: following 'false' branch... erofs-utils-1.8.6/lib/rebuild.c:294:15: branch_false: ...to here erofs-utils-1.8.6/lib/rebuild.c:296:12: branch_false: following 'false' branch (when 'ret >= 0')... erofs-utils-1.8.6/lib/rebuild.c:299:9: branch_false: ...to here erofs-utils-1.8.6/lib/rebuild.c:304:12: branch_false: following 'false' branch... erofs-utils-1.8.6/lib/rebuild.c:310:13: branch_false: ...to here erofs-utils-1.8.6/lib/rebuild.c:310:13: danger: dereference of NULL 'erofs_rebuild_get_dentry(mergedir, dname, 0, & dumb, & dumb, 0)' # 308| # 309| ret = 0; # 310|-> if (d->type != EROFS_FT_UNKNOWN) { # 311| /* # 312| * bail out if the file exists in the upper layers. (Note that Error: CPPCHECK_WARNING (CWE-758): [#def26] erofs-utils-1.8.6/lib/super.c:50: error[shiftTooManyBits]: Shifting 64-bit value by 64 bits is undefined behaviour # 48| # 49| sbi->extra_devices = ondisk_extradevs; # 50|-> sbi->device_id_mask = roundup_pow_of_two(ondisk_extradevs + 1) - 1; # 51| sbi->devs = calloc(ondisk_extradevs, sizeof(*sbi->devs)); # 52| if (!sbi->devs) Error: GCC_ANALYZER_WARNING (CWE-457): [#def27] erofs-utils-1.8.6/lib/tar.c:235:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'src' erofs-utils-1.8.6/lib/tar.c:706:5: enter_function: entry to 'tarerofs_parse_tar' erofs-utils-1.8.6/lib/tar.c:723:12: branch_false: following 'false' branch... erofs-utils-1.8.6/lib/tar.c:725:13: branch_false: ...to here erofs-utils-1.8.6/lib/tar.c:725:12: branch_false: following 'false' branch... erofs-utils-1.8.6/lib/tar.c:727:9: call_function: inlined call to 'init_list_head' from 'tarerofs_parse_tar' erofs-utils-1.8.6/lib/tar.c:741:12: branch_false: following 'false' branch... erofs-utils-1.8.6/lib/tar.c:750:9: branch_false: ...to here erofs-utils-1.8.6/lib/tar.c:754:12: branch_false: following 'false' branch... branch_false: ...to here erofs-utils-1.8.6/lib/tar.c:769:21: branch_true: following 'true' branch (when 'j != 8')... erofs-utils-1.8.6/lib/tar.c:770:17: branch_true: ...to here erofs-utils-1.8.6/lib/tar.c:772:21: branch_true: following 'true' branch (when 'j != 148')... erofs-utils-1.8.6/lib/tar.c:773:40: branch_true: ...to here erofs-utils-1.8.6/lib/tar.c:772:21: branch_true: following 'true' branch (when 'j != 148')... erofs-utils-1.8.6/lib/tar.c:773:40: branch_true: ...to here erofs-utils-1.8.6/lib/tar.c:776:23: branch_true: following 'true' branch (when 'j != 500')... erofs-utils-1.8.6/lib/tar.c:777:40: branch_true: ...to here erofs-utils-1.8.6/lib/tar.c:791:12: branch_false: following 'false' branch... erofs-utils-1.8.6/lib/tar.c:800:20: branch_false: ...to here erofs-utils-1.8.6/lib/tar.c:800:12: branch_false: following 'false' branch... erofs-utils-1.8.6/lib/tar.c:806:13: branch_false: ...to here erofs-utils-1.8.6/lib/tar.c:866:23: call_function: calling 'tarerofs_parse_pax_header' from 'tarerofs_parse_tar' # 233| if (ret < 0) # 234| return ret; # 235|-> memcpy(buf, src, ret); # 236| rem -= ret; # 237| } while (rem && ret); Error: CPPCHECK_WARNING (CWE-476): [#def28] erofs-utils-1.8.6/lib/tar.c:529: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: eh->path # 527| free(eh->path); # 528| eh->path = strdup(value); # 529|-> while (eh->path[j - 1] == '/') # 530| eh->path[--j] = '\0'; # 531| } else if (!strncmp(kv, "linkpath=", Error: GCC_ANALYZER_WARNING (CWE-457): [#def29] erofs-utils-1.8.6/lib/tar.c:753:32: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'th' erofs-utils-1.8.6/lib/tar.c:706:5: enter_function: entry to 'tarerofs_parse_tar' erofs-utils-1.8.6/lib/tar.c:723:12: branch_false: following 'false' branch... erofs-utils-1.8.6/lib/tar.c:725:13: branch_false: ...to here erofs-utils-1.8.6/lib/tar.c:725:12: branch_false: following 'false' branch... erofs-utils-1.8.6/lib/tar.c:727:9: call_function: inlined call to 'init_list_head' from 'tarerofs_parse_tar' erofs-utils-1.8.6/lib/tar.c:740:15: call_function: calling 'erofs_iostream_read' from 'tarerofs_parse_tar' erofs-utils-1.8.6/lib/tar.c:740:15: return_function: returning to 'tarerofs_parse_tar' from 'erofs_iostream_read' erofs-utils-1.8.6/lib/tar.c:741:12: branch_false: following 'false' branch... erofs-utils-1.8.6/lib/tar.c:750:9: branch_false: ...to here erofs-utils-1.8.6/lib/tar.c:753:32: danger: use of uninitialized value 'th' here # 751| # 752| /* chksum field itself treated as ' ' */ # 753|-> csum = tarerofs_otoi(th->chksum, sizeof(th->chksum)); # 754| if (errno) { # 755| if (*th->name == '\0') { Error: CPPCHECK_WARNING (CWE-401): [#def30] erofs-utils-1.8.6/lib/xattr.c:358: error[memleak]: Memory leak: node # 356| node->item = item; # 357| list_add(&node->list, hlist); # 358|-> return 0; # 359| } # 360| Error: CPPCHECK_WARNING (CWE-476): [#def31] erofs-utils-1.8.6/lib/xattr.c:492: warning[nullPointer]: Possible null pointer dereference: value # 490| # 491| memcpy(kvbuf, key, EROFS_XATTR_KSIZE(len)); # 492|-> memcpy(kvbuf + EROFS_XATTR_KSIZE(len), value, size); # 493| # 494| item = get_xattritem(kvbuf, len); Error: CPPCHECK_WARNING (CWE-401): [#def32] erofs-utils-1.8.6/lib/xattr.c:1626: error[memleak]: Memory leak: tnode # 1624| init_list_head(&tnode->list); # 1625| list_add_tail(&tnode->list, &ea_name_prefixes); # 1626|-> return 0; # 1627| } # 1628| Error: CPPCHECK_WARNING (CWE-758): [#def33] erofs-utils-1.8.6/mkfs/main.c:746: error[shiftTooManyBits]: Shifting 32-bit value by 63 bits is undefined behaviour # 744| } # 745| cfg.c_chunkbits = ilog2(i); # 746|-> if ((1 << cfg.c_chunkbits) != i) { # 747| erofs_err("chunksize %s must be a power of two", # 748| optarg);
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-107.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | erofs-utils-1.8.6-1.fc43 |
| store-results-to | /tmp/tmpkd1i2tjq/erofs-utils-1.8.6-1.fc43.tar.xz |
| time-created | 2025-04-25 12:24:46 |
| time-finished | 2025-04-25 12:27:03 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpkd1i2tjq/erofs-utils-1.8.6-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpkd1i2tjq/erofs-utils-1.8.6-1.fc43.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |