fprintd-1.94.5-1.fc43

List of Findings

Error: CPPCHECK_WARNING (CWE-476): [#def1]
fprintd-v1.94.5/pam/pam_fprintd.c:768: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: data
#  766|   
#  767|     data = calloc (1, sizeof (verify_data));
#  768|->   data->max_tries = max_tries;
#  769|     data->pamh = pamh;
#  770|   

Error: CPPCHECK_WARNING (CWE-476): [#def2]
fprintd-v1.94.5/pam/pam_fprintd.c:769: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: data
#  767|     data = calloc (1, sizeof (verify_data));
#  768|     data->max_tries = max_tries;
#  769|->   data->pamh = pamh;
#  770|   
#  771|     if (sd_bus_open_system (&bus) < 0)

Error: CPPCHECK_WARNING (CWE-401): [#def3]
fprintd-v1.94.5/pam/pam_fprintd.c:774: error[memleak]: Memory leak: data
#  772|       {
#  773|         pam_syslog (pamh, LOG_ERR, "Error with getting the bus: %d", errno);
#  774|->       return PAM_AUTHINFO_UNAVAIL;
#  775|       }
#  776|   

Error: CPPCHECK_WARNING (CWE-401): [#def4]
fprintd-v1.94.5/pam/pam_fprintd.c:779: error[memleak]: Memory leak: data
#  777|     data->dev = open_device (pamh, bus, username, &data->has_multiple_devices);
#  778|     if (data->dev == NULL)
#  779|->     return PAM_AUTHINFO_UNAVAIL;
#  780|   
#  781|     /* Only connect to NameOwnerChanged when needed. In case of automatic startup

Error: GCC_ANALYZER_WARNING (CWE-476): [#def5]
fprintd-v1.94.5/redhat-linux-build/../pam/pam_fprintd.c:768:3: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘data’
/usr/include/security/pam_modules.h:34:5: enter_function: entry to ‘pam_sm_authenticate’
fprintd-v1.94.5/redhat-linux-build/../pam/pam_fprintd.c:843:6: branch_false: following ‘false’ branch...
fprintd-v1.94.5/redhat-linux-build/../pam/pam_fprintd.c:846:7: branch_false: ...to here
fprintd-v1.94.5/redhat-linux-build/../pam/pam_fprintd.c:846:6: branch_false: following ‘false’ branch...
 branch_false: ...to here
fprintd-v1.94.5/redhat-linux-build/../pam/pam_fprintd.c:915:10: call_function: calling ‘do_auth’ from ‘pam_sm_authenticate’
#  766|   
#  767|     data = calloc (1, sizeof (verify_data));
#  768|->   data->max_tries = max_tries;
#  769|     data->pamh = pamh;
#  770|

Scan Properties

analyzer-version-clippy	1.86.0
analyzer-version-cppcheck	2.17.1
analyzer-version-gcc	15.0.1
analyzer-version-gcc-analyzer	15.0.1
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-234.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	fprintd-1.94.5-1.fc43
store-results-to	/tmp/tmp6t0ajk24/fprintd-1.94.5-1.fc43.tar.xz
time-created	2025-04-25 12:34:52
time-finished	2025-04-25 12:36:23
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmp6t0ajk24/fprintd-1.94.5-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp6t0ajk24/fprintd-1.94.5-1.fc43.src.rpm'
tool-version	csmock-3.8.1.20250422.172604.g26bc3d6-1.el9