Fixed findings

List of Findings

Error: COMPILER_WARNING (CWE-691): [#def1]
gettext-0.23.1/gettext-runtime/gnulib-lib/mbsstr.c: scope_hint: In function ‘knuth_morris_pratt_multibyte’
gettext-0.23.1/gettext-runtime/gnulib-lib/mbsstr.c:47:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#   47 | knuth_morris_pratt_multibyte (const char *haystack, const char *needle,
#      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   45|      Return false if it was aborted because not enough memory was available.  */
#   46|   static bool
#   47|-> knuth_morris_pratt_multibyte (const char *haystack, const char *needle,
#   48|                                 const char **resultp)
#   49|   {

Error: COMPILER_WARNING (CWE-691): [#def2]
gettext-0.23.1/gettext-runtime/gnulib-lib/mbsstr.c:39: included_from: Included from here.
gettext-0.23.1/gettext-runtime/gnulib-lib/str-kmp.h: scope_hint: In function ‘knuth_morris_pratt’
gettext-0.23.1/gettext-runtime/gnulib-lib/str-kmp.h:43:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#   43 | knuth_morris_pratt (const UNIT *haystack,
#      | ^~~~~~~~~~~~~~~~~~
#   41|      Return false if it was aborted because not enough memory was available.  */
#   42|   static bool
#   43|-> knuth_morris_pratt (const UNIT *haystack,
#   44|                       const UNIT *needle, size_t needle_len,
#   45|                       const UNIT **resultp)

Error: COMPILER_WARNING (CWE-691): [#def3]
gettext-0.23.1/gettext-runtime/gnulib-lib/vasnprintf.c: scope_hint: In function ‘vasnprintf’
gettext-0.23.1/gettext-runtime/gnulib-lib/vasnprintf.c:148:22: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  148 | #  define VASNPRINTF vasnprintf
#      |                      ^~~~~~~~~~
#  146|   #  define DCHAR_SET wmemset
#  147|   # else
#  148|-> #  define VASNPRINTF vasnprintf
#  149|   #  define FCHAR_T char
#  150|   #  define DCHAR_T char

Error: COMPILER_WARNING (CWE-691): [#def4]
gettext-0.23.1/gettext-runtime/intl/dcigettext.c:25: included_from: Included from here.
gettext-0.23.1/gettext-runtime/intl/dcigettext.c: scope_hint: In function '_libintl_find_msg'
gettext-0.23.1/gettext-runtime/intl/config.h:2150:42: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
# 2150 | #define _nl_find_msg                     _libintl_find_msg
#      |                                          ^~~~~~~~~~~~~~~~~
# 2148|   #define _nl_explode_name                 _libintl_explode_name
# 2149|   #define _nl_find_domain                  _libintl_find_domain
# 2150|-> #define _nl_find_msg                     _libintl_find_msg
# 2151|   #define _nl_language_preferences_default _libintl_language_preferences_default
# 2152|   #define _nl_load_domain                  _libintl_load_domain

Error: COMPILER_WARNING: [#def5]
gettext-0.23.1/gettext-runtime/intl/gettextP.h:36: included_from: Included from here.
gettext-0.23.1/gettext-runtime/intl/dcigettext.c:81: included_from: Included from here.
gettext-0.23.1/gettext-runtime/intl/config.h:2156:42: warning[-Wmissing-variable-declarations]: no previous declaration for '_libintl_state_lock'
# 2156 | #define _nl_state_lock                   _libintl_state_lock
#      |                                          ^~~~~~~~~~~~~~~~~~~
gettext-0.23.1/gettext-runtime/intl/gnulib-lib/glthread/lock.h:231:37: note: in definition of macro 'gl_rwlock_define_initialized'
#  231 |       STORAGECLASS pthread_rwlock_t NAME = gl_rwlock_initializer;
#      |                                     ^~~~
gettext-0.23.1/gettext-runtime/intl/dcigettext.c:366:33: note: in expansion of macro '_nl_state_lock'
#  366 | gl_rwlock_define_initialized (, _nl_state_lock attribute_hidden)
#      |                                 ^~~~~~~~~~~~~~
# 2154|   #define _nl_make_l10nflist               _libintl_make_l10nflist
# 2155|   #define _nl_normalize_codeset            _libintl_normalize_codeset
# 2156|-> #define _nl_state_lock                   _libintl_state_lock
# 2157|   /* Symbols defined by gnulib module 'float'.  */
# 2158|   #define gl_LDBL_MAX                _libintl_LDBL_MAX

Error: COMPILER_WARNING (CWE-691): [#def6]
gettext-0.23.1/gettext-runtime/intl/gnulib-lib/vasnprintf.c:61: included_from: Included from here.
gettext-0.23.1/gettext-runtime/intl/gnulib-lib/vasnprintf.c: scope_hint: In function '_libintl_vasnprintf'
gettext-0.23.1/gettext-runtime/intl/config.h:2234:36: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
# 2234 | #define vasnprintf                 _libintl_vasnprintf
#      |                                    ^~~~~~~~~~~~~~~~~~~
# 2232|   #define printf_fetchargs           _libintl_printf_fetchargs
# 2233|   #define printf_parse               _libintl_printf_parse
# 2234|-> #define vasnprintf                 _libintl_vasnprintf
# 2235|   #define rpl_vasnprintf             _libintl_vasnprintf
# 2236|   /* Symbols defined by gnulib module 'vasnwprintf'.  */

Error: COMPILER_WARNING (CWE-691): [#def7]
gettext-0.23.1/gettext-runtime/intl/gnulib-lib/vasnprintf.c:61: included_from: Included from here.
gettext-0.23.1/gettext-runtime/intl/gnulib-lib/vasnwprintf.c:18: included_from: Included from here.
gettext-0.23.1/gettext-runtime/intl/gnulib-lib/vasnprintf.c: scope_hint: In function '_libintl_vasnwprintf'
gettext-0.23.1/gettext-runtime/intl/config.h:2239:36: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
# 2239 | #define vasnwprintf                _libintl_vasnwprintf
#      |                                    ^~~~~~~~~~~~~~~~~~~~
# 2237|   #define asnwprintf                 _libintl_asnwprintf
# 2238|   #define wprintf_parse              _libintl_wprintf_parse
# 2239|-> #define vasnwprintf                _libintl_vasnwprintf
# 2240|   /* Symbols defined by gnulib module 'windows-mutex'.  */
# 2241|   #define glwthread_mutex_init       _libintl_glwthread_mutex_init

Error: COMPILER_WARNING (CWE-691): [#def8]
gettext-0.23.1/gettext-runtime/intl/dcigettext.c: scope_hint: In function 'libintl_dcigettext'
gettext-0.23.1/gettext-runtime/intl/dcigettext.c:362:21: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  362 | # define DCIGETTEXT libintl_dcigettext
#      |                     ^~~~~~~~~~~~~~~~~~
#  360|   # define DCIGETTEXT __dcigettext
#  361|   #else
#  362|-> # define DCIGETTEXT libintl_dcigettext
#  363|   #endif
#  364|   

Error: COMPILER_WARNING (CWE-691): [#def9]
gettext-0.23.1/gettext-runtime/intl/localealias.c: scope_hint: In function 'read_alias_file'
gettext-0.23.1/gettext-runtime/intl/localealias.c:256:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  256 | read_alias_file (const char *fname, int fname_len)
#      | ^~~~~~~~~~~~~~~
#  254|   
#  255|   static size_t
#  256|-> read_alias_file (const char *fname, int fname_len)
#  257|   {
#  258|     FILE *fp;

Error: COMPILER_WARNING (CWE-691): [#def10]
gettext-0.23.1/gettext-tools/gnulib-lib/csharpcomp.c: scope_hint: In function 'compile_csharp_using_mono.isra.0'
gettext-0.23.1/gettext-tools/gnulib-lib/csharpcomp.c:82:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#   82 | compile_csharp_using_mono (const char * const *sources,
#      | ^~~~~~~~~~~~~~~~~~~~~~~~~
#   80|   
#   81|   static int
#   82|-> compile_csharp_using_mono (const char * const *sources,
#   83|                              unsigned int sources_count,
#   84|                              const char * const *libdirs,

Error: COMPILER_WARNING (CWE-691): [#def11]
gettext-0.23.1/gettext-tools/gnulib-lib/csharpcomp.c: scope_hint: In function 'compile_csharp_using_dotnet'
gettext-0.23.1/gettext-tools/gnulib-lib/csharpcomp.c:270:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  270 | compile_csharp_using_dotnet (const char * const *sources,
#      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~
#  268|   
#  269|   static int
#  270|-> compile_csharp_using_dotnet (const char * const *sources,
#  271|                                unsigned int sources_count,
#  272|                                const char * const *libdirs,

Error: COMPILER_WARNING (CWE-691): [#def12]
gettext-0.23.1/gettext-tools/gnulib-lib/csharpcomp.c: scope_hint: In function 'compile_csharp_using_sscli'
gettext-0.23.1/gettext-tools/gnulib-lib/csharpcomp.c:847:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  847 | compile_csharp_using_sscli (const char * const *sources,
#      | ^~~~~~~~~~~~~~~~~~~~~~~~~~
#  845|   
#  846|   static int
#  847|-> compile_csharp_using_sscli (const char * const *sources,
#  848|                               unsigned int sources_count,
#  849|                               const char * const *libdirs,

Error: COMPILER_WARNING (CWE-691): [#def13]
gettext-0.23.1/gettext-tools/gnulib-lib/csharpexec.c: scope_hint: In function 'execute_csharp_using_mono.isra.0'
gettext-0.23.1/gettext-tools/gnulib-lib/csharpexec.c:115:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  115 | execute_csharp_using_mono (const char *assembly_path,
#      | ^~~~~~~~~~~~~~~~~~~~~~~~~
#  113|   
#  114|   static int
#  115|-> execute_csharp_using_mono (const char *assembly_path,
#  116|                              const char * const *libdirs,
#  117|                              unsigned int libdirs_count,

Error: COMPILER_WARNING (CWE-691): [#def14]
gettext-0.23.1/gettext-tools/gnulib-lib/csharpexec.c: scope_hint: In function 'execute_csharp_using_dotnet.isra.0'
gettext-0.23.1/gettext-tools/gnulib-lib/csharpexec.c:179:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  179 | execute_csharp_using_dotnet (const char *assembly_path,
#      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~
#  177|   
#  178|   static int
#  179|-> execute_csharp_using_dotnet (const char *assembly_path,
#  180|                                const char * const *libdirs,
#  181|                                unsigned int libdirs_count,

Error: COMPILER_WARNING (CWE-691): [#def15]
gettext-0.23.1/gettext-tools/gnulib-lib/csharpexec.c: scope_hint: In function 'execute_csharp_using_sscli.isra.0'
gettext-0.23.1/gettext-tools/gnulib-lib/csharpexec.c:556:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  556 | execute_csharp_using_sscli (const char *assembly_path,
#      | ^~~~~~~~~~~~~~~~~~~~~~~~~~
#  554|   
#  555|   static int
#  556|-> execute_csharp_using_sscli (const char *assembly_path,
#  557|                               const char * const *libdirs,
#  558|                               unsigned int libdirs_count,

Error: COMPILER_WARNING (CWE-691): [#def16]
gettext-0.23.1/gettext-tools/gnulib-lib/javacomp.c: scope_hint: In function 'compile_using_envjavac'
gettext-0.23.1/gettext-tools/gnulib-lib/javacomp.c:177:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  177 | compile_using_envjavac (const char *javac,
#      | ^~~~~~~~~~~~~~~~~~~~~~
#  175|      Return a failure indicator (true upon error).  */
#  176|   static bool
#  177|-> compile_using_envjavac (const char *javac,
#  178|                           const char * const *java_sources,
#  179|                           unsigned int java_sources_count,

Error: COMPILER_WARNING (CWE-691): [#def17]
gettext-0.23.1/gettext-tools/gnulib-lib/javacomp.c: scope_hint: In function 'compile_using_javac'
gettext-0.23.1/gettext-tools/gnulib-lib/javacomp.c:259:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  259 | compile_using_javac (const char * const *java_sources,
#      | ^~~~~~~~~~~~~~~~~~~
#  257|      Return a failure indicator (true upon error).  */
#  258|   static bool
#  259|-> compile_using_javac (const char * const *java_sources,
#  260|                        unsigned int java_sources_count,
#  261|                        const char *nowarn_option,

Error: COMPILER_WARNING (CWE-691): [#def18]
gettext-0.23.1/gettext-tools/gnulib-lib/javacomp.c: scope_hint: In function 'is_envjavac_usable.constprop.0'
gettext-0.23.1/gettext-tools/gnulib-lib/javacomp.c:502:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  502 | is_envjavac_usable (const char *javac,
#      | ^~~~~~~~~~~~~~~~~~
#  500|      Return a failure indicator (true upon error).  */
#  501|   static bool
#  502|-> is_envjavac_usable (const char *javac,
#  503|                       const char *source_version, const char *target_version,
#  504|                       bool *usablep,

Error: COMPILER_WARNING (CWE-691): [#def19]
gettext-0.23.1/gettext-tools/gnulib-lib/javaexec.c: scope_hint: In function 'execute_java_class'
gettext-0.23.1/gettext-tools/gnulib-lib/javaexec.c:69:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#   69 | execute_java_class (const char *class_name,
#      | ^~~~~~~~~~~~~~~~~~
#   67|   
#   68|   bool
#   69|-> execute_java_class (const char *class_name,
#   70|                       const char * const *classpaths,
#   71|                       unsigned int classpaths_count,

Error: COMPILER_WARNING (CWE-691): [#def20]
gettext-0.23.1/gettext-tools/gnulib-lib/mbsstr.c: scope_hint: In function 'knuth_morris_pratt_multibyte'
gettext-0.23.1/gettext-tools/gnulib-lib/mbsstr.c:47:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#   47 | knuth_morris_pratt_multibyte (const char *haystack, const char *needle,
#      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   45|      Return false if it was aborted because not enough memory was available.  */
#   46|   static bool
#   47|-> knuth_morris_pratt_multibyte (const char *haystack, const char *needle,
#   48|                                 const char **resultp)
#   49|   {

Error: COMPILER_WARNING (CWE-691): [#def21]
gettext-0.23.1/gettext-tools/gnulib-lib/mbsstr.c:39: included_from: Included from here.
gettext-0.23.1/gettext-tools/gnulib-lib/str-kmp.h: scope_hint: In function 'knuth_morris_pratt'
gettext-0.23.1/gettext-tools/gnulib-lib/str-kmp.h:43:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#   43 | knuth_morris_pratt (const UNIT *haystack,
#      | ^~~~~~~~~~~~~~~~~~
#   41|      Return false if it was aborted because not enough memory was available.  */
#   42|   static bool
#   43|-> knuth_morris_pratt (const UNIT *haystack,
#   44|                       const UNIT *needle, size_t needle_len,
#   45|                       const UNIT **resultp)

Error: COMPILER_WARNING (CWE-691): [#def22]
gettext-0.23.1/gettext-tools/gnulib-lib/striconveha.c: scope_hint: In function 'mem_iconveha'
gettext-0.23.1/gettext-tools/gnulib-lib/striconveha.c:208:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  208 | mem_iconveha (const char *src, size_t srclen,
#      | ^~~~~~~~~~~~
#  206|   
#  207|   int
#  208|-> mem_iconveha (const char *src, size_t srclen,
#  209|                 const char *from_codeset, const char *to_codeset,
#  210|                 bool transliterate,

Error: COMPILER_WARNING (CWE-691): [#def23]
gettext-0.23.1/gettext-tools/gnulib-lib/striconveha.c: scope_hint: In function 'str_iconveha'
gettext-0.23.1/gettext-tools/gnulib-lib/striconveha.c:316:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  316 | str_iconveha (const char *src,
#      | ^~~~~~~~~~~~
#  314|   
#  315|   char *
#  316|-> str_iconveha (const char *src,
#  317|                 const char *from_codeset, const char *to_codeset,
#  318|                 bool transliterate,

Error: COMPILER_WARNING (CWE-691): [#def24]
gettext-0.23.1/gettext-tools/gnulib-lib/vasnprintf.c: scope_hint: In function 'vasnprintf'
gettext-0.23.1/gettext-tools/gnulib-lib/vasnprintf.c:148:22: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  148 | #  define VASNPRINTF vasnprintf
#      |                      ^~~~~~~~~~
#  146|   #  define DCHAR_SET wmemset
#  147|   # else
#  148|-> #  define VASNPRINTF vasnprintf
#  149|   #  define FCHAR_T char
#  150|   #  define DCHAR_T char

Error: COMPILER_WARNING (CWE-691): [#def25]
gettext-0.23.1/gettext-tools/libgettextpo/striconveha.c:18: included_from: Included from here.
gettext-0.23.1/gettext-tools/libgettextpo/striconveha.c: scope_hint: In function 'libgettextpo_mem_iconveha'
gettext-0.23.1/gettext-tools/libgettextpo/config.h:218:22: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  218 | #define mem_iconveha libgettextpo_mem_iconveha
#      |                      ^~~~~~~~~~~~~~~~~~~~~~~~~
#  216|   #define mem_cd_iconveh libgettextpo_mem_cd_iconveh
#  217|   #define mem_iconveh libgettextpo_mem_iconveh
#  218|-> #define mem_iconveha libgettextpo_mem_iconveha
#  219|   #define message_alloc libgettextpo_message_alloc
#  220|   #define message_comment_append libgettextpo_message_comment_append

Error: COMPILER_WARNING (CWE-691): [#def26]
gettext-0.23.1/gettext-tools/src/message.c:20: included_from: Included from here.
gettext-0.23.1/gettext-tools/src/message.c: scope_hint: In function 'libgettextpo_message_list_search'
gettext-0.23.1/gettext-tools/libgettextpo/config.h:238:29: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  238 | #define message_list_search libgettextpo_message_list_search
#      |                             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  236|   #define message_list_prepend libgettextpo_message_list_prepend
#  237|   #define message_list_remove_if_not libgettextpo_message_list_remove_if_not
#  238|-> #define message_list_search libgettextpo_message_list_search
#  239|   #define message_list_search_fuzzy libgettextpo_message_list_search_fuzzy
#  240|   #define message_page_width_ignore libgettextpo_message_page_width_ignore

Error: COMPILER_WARNING (CWE-691): [#def27]
gettext-0.23.1/gettext-tools/src/read-po-lex.c:22: included_from: Included from here.
gettext-0.23.1/gettext-tools/src/read-po-lex.c: scope_hint: In function 'libgettextpo_po_lex_charset_set'
gettext-0.23.1/gettext-tools/libgettextpo/config.h:281:28: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  281 | #define po_lex_charset_set libgettextpo_po_lex_charset_set
#      |                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  279|   #define po_is_charset_weird libgettextpo_po_is_charset_weird
#  280|   #define po_is_charset_weird_cjk libgettextpo_po_is_charset_weird_cjk
#  281|-> #define po_lex_charset_set libgettextpo_po_lex_charset_set
#  282|   #define pos_filename_has_spaces libgettextpo_pos_filename_has_spaces
#  283|   #define possible_format_p libgettextpo_possible_format_p

Error: COMPILER_WARNING (CWE-691): [#def28]
gettext-0.23.1/gettext-tools/libgettextpo/striconveha.c: scope_hint: In function 'libgettextpo_str_iconveha'
gettext-0.23.1/gettext-tools/libgettextpo/config.h:309:22: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  309 | #define str_iconveha libgettextpo_str_iconveha
#      |                      ^~~~~~~~~~~~~~~~~~~~~~~~~
#  307|   #define str_iconv libgettextpo_str_iconv
#  308|   #define str_iconveh libgettextpo_str_iconveh
#  309|-> #define str_iconveha libgettextpo_str_iconveha
#  310|   #define string_desc_c libgettextpo_string_desc_c
#  311|   #define string_desc_c_casecmp libgettextpo_string_desc_c_casecmp

Error: COMPILER_WARNING (CWE-691): [#def29]
gettext-0.23.1/gettext-tools/libgettextpo/vasnprintf.c:61: included_from: Included from here.
gettext-0.23.1/gettext-tools/libgettextpo/vasnprintf.c: scope_hint: In function 'libgettextpo_vasnprintf'
gettext-0.23.1/gettext-tools/libgettextpo/config.h:365:20: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  365 | #define vasnprintf libgettextpo_vasnprintf
#      |                    ^~~~~~~~~~~~~~~~~~~~~~~
#  363|   #define unilbrk_table libgettextpo_unilbrk_table
#  364|   #define unilbrkprop libgettextpo_unilbrkprop
#  365|-> #define vasnprintf libgettextpo_vasnprintf
#  366|   #define vaszprintf libgettextpo_vaszprintf
#  367|   #define x2nrealloc libgettextpo_x2nrealloc

Error: COMPILER_WARNING (CWE-691): [#def30]
gettext-0.23.1/gettext-tools/src/format-java.c: scope_hint: In function 'message_format_parse'
gettext-0.23.1/gettext-tools/src/format-java.c:152:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  152 | message_format_parse (const char *format, char *fdi, struct spec *spec,
#      | ^~~~~~~~~~~~~~~~~~~~
#  150|      Extracts argument type information into spec.  */
#  151|   static bool
#  152|-> message_format_parse (const char *format, char *fdi, struct spec *spec,
#  153|                         char **invalid_reason)
#  154|   {

Error: COMPILER_WARNING (CWE-691): [#def31]
gettext-0.23.1/gettext-tools/src/format-java.c: scope_hint: In function 'choice_format_parse'
gettext-0.23.1/gettext-tools/src/format-java.c:517:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  517 | choice_format_parse (const char *format, struct spec *spec,
#      | ^~~~~~~~~~~~~~~~~~~
#  515|      Extracts argument type information into spec.  */
#  516|   static bool
#  517|-> choice_format_parse (const char *format, struct spec *spec,
#  518|                        char **invalid_reason)
#  519|   {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def32]
gettext-0.23.1/gettext-tools/src/its.c:684:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL '_its_collect_text_content(n,  whitespace, (int)do_escape)'
gettext-0.23.1/gettext-tools/src/its.c:843:1: enter_function: entry to 'its_localization_note_rule_constructor'
gettext-0.23.1/gettext-tools/src/its.c:864:28: branch_true: following 'true' branch (when 'n' is non-NULL)...
gettext-0.23.1/gettext-tools/src/its.c:866:11: branch_true: ...to here
gettext-0.23.1/gettext-tools/src/its.c:877:6: branch_true: following 'true' branch (when 'n' is non-NULL)...
gettext-0.23.1/gettext-tools/src/its.c:880:23: branch_true: ...to here
gettext-0.23.1/gettext-tools/src/its.c:880:23: call_function: calling '_its_collect_text_content' from 'its_localization_note_rule_constructor'
#  682|                     }
#  683|                 }
#  684|->             if (*p != '\0')
#  685|                 xmlTextWriterWriteRaw (writer, BAD_CAST p);
#  686|               xmlTextWriterEndElement (writer);

Error: COMPILER_WARNING (CWE-691): [#def33]
gettext-0.23.1/gettext-tools/src/message.c: scope_hint: In function 'message_list_hash_insert_entry'
gettext-0.23.1/gettext-tools/src/message.c:308:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  308 | message_list_hash_insert_entry (hash_table *htable, message_ty *mp)
#      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  306|   
#  307|   static int
#  308|-> message_list_hash_insert_entry (hash_table *htable, message_ty *mp)
#  309|   {
#  310|     char *alloced_key;

Error: COMPILER_WARNING (CWE-691): [#def34]
gettext-0.23.1/gettext-tools/src/message.c: scope_hint: In function 'message_list_search'
gettext-0.23.1/gettext-tools/src/message.c:507:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  507 | message_list_search (message_list_ty *mlp,
#      | ^~~~~~~~~~~~~~~~~~~
#  505|   
#  506|   message_ty *
#  507|-> message_list_search (message_list_ty *mlp,
#  508|                        const char *msgctxt, const char *msgid)
#  509|   {

Error: COMPILER_WARNING (CWE-691): [#def35]
gettext-0.23.1/gettext-tools/src/msgcmp.c: scope_hint: In function ‘compare’
gettext-0.23.1/gettext-tools/src/msgcmp.c:392:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  392 | compare (const char *fn1, const char *fn2, catalog_input_format_ty input_syntax)
#      | ^~~~~~~
#  390|   
#  391|   static void
#  392|-> compare (const char *fn1, const char *fn2, catalog_input_format_ty input_syntax)
#  393|   {
#  394|     msgdomain_list_ty *def;

Error: COMPILER_WARNING (CWE-691): [#def36]
gettext-0.23.1/gettext-tools/src/msggrep.c: scope_hint: In function ‘is_message_selected_no_invert’
gettext-0.23.1/gettext-tools/src/msggrep.c:687:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  687 | is_message_selected_no_invert (const message_ty *mp)
#      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  685|      criteria and ignoring --invert-match.  */
#  686|   static bool
#  687|-> is_message_selected_no_invert (const message_ty *mp)
#  688|   {
#  689|     size_t i;

Error: COMPILER_WARNING (CWE-691): [#def37]
gettext-0.23.1/gettext-tools/src/msginit.c: scope_hint: In function ‘subst_string.constprop.0’
gettext-0.23.1/gettext-tools/src/msginit.c:1725:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
# 1725 | subst_string (const char *str,
#      | ^~~~~~~~~~~~
# 1723|      subst[j][0] must not be the empty string.  */
# 1724|   static const char *
# 1725|-> subst_string (const char *str,
# 1726|                 unsigned int nsubst, const char *(*subst)[2])
# 1727|   {

Error: COMPILER_WARNING (CWE-691): [#def38]
gettext-0.23.1/gettext-tools/src/msgl-cat.c: scope_hint: In function 'catenate_msgdomain_list'
gettext-0.23.1/gettext-tools/src/msgl-cat.c:109:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  109 | catenate_msgdomain_list (string_list_ty *file_list,
#      | ^~~~~~~~~~~~~~~~~~~~~~~
#  107|   
#  108|   msgdomain_list_ty *
#  109|-> catenate_msgdomain_list (string_list_ty *file_list,
#  110|                            catalog_input_format_ty input_syntax,
#  111|                            const char *to_code)

Error: COMPILER_WARNING (CWE-691): [#def39]
gettext-0.23.1/gettext-tools/src/msgl-charset.c:55:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#   55 | check_pot_charset (const msgdomain_list_ty *mdlp, const char *filename)
#      | ^~~~~~~~~~~~~~~~~
#   53|      already be prepeared ready-to-use.  */
#   54|   void
#   55|-> check_pot_charset (const msgdomain_list_ty *mdlp, const char *filename)
#   56|   {
#   57|     size_t j, k;

Error: COMPILER_WARNING (CWE-704): [#def40]
gettext-0.23.1/gettext-tools/src/msgl-charset.c: scope_hint: In function 'check_pot_charset'
gettext-0.23.1/gettext-tools/src/msgl-charset.c:92:49: warning[-Wdiscarded-qualifiers]: passing argument 1 of 'is_ascii_message_list' discards 'const' qualifier from pointer target type
#   92 |                     if (!is_ascii_message_list (mlp)
#      |                                                 ^~~
gettext-0.23.1/gettext-tools/src/msgl-charset.c:32: included_from: Included from here.
gettext-0.23.1/gettext-tools/src/msgl-ascii.h:41:48: note: expected 'message_list_ty *' but argument is of type 'const message_list_ty *'
#   41 |        is_ascii_message_list (message_list_ty *mlp);
#      |                               ~~~~~~~~~~~~~~~~~^~~
#   90|                                _("%s: The present charset \"%s\" is not a portable encoding name."),
#   91|                                filename, charset);
#   92|->                     if (!is_ascii_message_list (mlp)
#   93|                           && canon_charset != po_charset_utf8)
#   94|                         error (EXIT_FAILURE, 0,

Error: COMPILER_WARNING (CWE-704): [#def41]
gettext-0.23.1/gettext-tools/src/msgl-charset.c:92:49: warning[-Wdiscarded-qualifiers]: passing argument 1 of 'is_ascii_message_list' discards 'const' qualifier from pointer target type
#   90|                                _("%s: The present charset \"%s\" is not a portable encoding name."),
#   91|                                filename, charset);
#   92|->                     if (!is_ascii_message_list (mlp)
#   93|                           && canon_charset != po_charset_utf8)
#   94|                         error (EXIT_FAILURE, 0,

Error: COMPILER_WARNING (CWE-691): [#def42]
gettext-0.23.1/gettext-tools/src/msgl-charset.c: scope_hint: In function 'compare_po_locale_charsets'
gettext-0.23.1/gettext-tools/src/msgl-charset.c:106:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  106 | compare_po_locale_charsets (const msgdomain_list_ty *mdlp)
#      | ^~~~~~~~~~~~~~~~~~~~~~~~~~
#  104|   
#  105|   void
#  106|-> compare_po_locale_charsets (const msgdomain_list_ty *mdlp)
#  107|   {
#  108|     const char *locale_code;

Error: COMPILER_WARNING (CWE-691): [#def43]
gettext-0.23.1/gettext-tools/src/msgl-iconv.c: scope_hint: In function 'iconv_message_list_internal'
gettext-0.23.1/gettext-tools/src/msgl-iconv.c:217:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  217 | iconv_message_list_internal (message_list_ty *mlp,
#      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~
#  215|   
#  216|   static bool
#  217|-> iconv_message_list_internal (message_list_ty *mlp,
#  218|                                const char *canon_from_code,
#  219|                                const char *canon_to_code,

Error: COMPILER_WARNING (CWE-691): [#def44]
gettext-0.23.1/gettext-tools/src/msgl-iconv.c: scope_hint: In function 'is_message_list_iconvable'
gettext-0.23.1/gettext-tools/src/msgl-iconv.c:508:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  508 | is_message_list_iconvable (message_list_ty *mlp,
#      | ^~~~~~~~~~~~~~~~~~~~~~~~~
#  506|   
#  507|   bool
#  508|-> is_message_list_iconvable (message_list_ty *mlp,
#  509|                              const char *canon_from_code,
#  510|                              const char *canon_to_code)

Error: COMPILER_WARNING (CWE-691): [#def45]
gettext-0.23.1/gettext-tools/src/msgmerge.c: scope_hint: In function ‘merge’
gettext-0.23.1/gettext-tools/src/msgmerge.c:1782:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
# 1782 | merge (const char *fn1, const char *fn2, catalog_input_format_ty input_syntax,
#      | ^~~~~
# 1780|   
# 1781|   static msgdomain_list_ty *
# 1782|-> merge (const char *fn1, const char *fn2, catalog_input_format_ty input_syntax,
# 1783|          msgdomain_list_ty **defp)
# 1784|   {

Error: COMPILER_WARNING (CWE-691): [#def46]
gettext-0.23.1/gettext-tools/src/read-po-lex.c: scope_hint: In function 'po_lex_charset_set'
gettext-0.23.1/gettext-tools/src/read-po-lex.c:136:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  136 | po_lex_charset_set (struct po_parser_state *ps,
#      | ^~~~~~~~~~~~~~~~~~
#  134|      a warning.  */
#  135|   void
#  136|-> po_lex_charset_set (struct po_parser_state *ps,
#  137|                       const char *header_entry,
#  138|                       const char *filename, bool is_pot_role)

Error: GCC_ANALYZER_WARNING (CWE-688): [#def47]
gettext-0.23.1/gettext-tools/src/read-properties.c:189:23: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'string' where non-null expected
gettext-0.23.1/gettext-tools/src/read-properties.c:589:1: enter_function: entry to 'properties_parse'
gettext-0.23.1/gettext-tools/src/read-properties.c:595:6: branch_false: following 'false' branch...
gettext-0.23.1/gettext-tools/src/read-properties.c:606:18: branch_false: ...to here
gettext-0.23.1/gettext-tools/src/read-properties.c:621:10: branch_false: following 'false' branch...
gettext-0.23.1/gettext-tools/src/read-properties.c:626:10: branch_false: ...to here
gettext-0.23.1/gettext-tools/src/read-properties.c:626:10: branch_true: following 'true' branch...
gettext-0.23.1/gettext-tools/src/read-properties.c:647:11: branch_true: ...to here
gettext-0.23.1/gettext-tools/src/read-properties.c:651:18: branch_true: following 'true' branch...
gettext-0.23.1/gettext-tools/src/read-properties.c:656:28: branch_true: ...to here
gettext-0.23.1/gettext-tools/src/read-properties.c:656:28: acquire_memory: this call could return NULL
gettext-0.23.1/gettext-tools/src/read-properties.c:660:13: branch_false: following 'false' branch...
gettext-0.23.1/gettext-tools/src/read-properties.c:661:40: branch_false: ...to here
gettext-0.23.1/gettext-tools/src/read-properties.c:661:40: call_function: calling 'conv_from_iso_8859_1' from 'properties_parse'
#argument 1 of '__builtin_strlen' must be non-null
#  187|     else
#  188|       {
#  189|->       size_t length = strlen (string);
#  190|         /* Each ISO-8859-1 character needs 2 bytes at worst.  */
#  191|         unsigned char *utf8_string = XNMALLOC (2 * length + 1, unsigned char);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def48]
gettext-0.23.1/gettext-tools/src/read-properties.c:221:10: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'p'
gettext-0.23.1/gettext-tools/src/read-properties.c:589:1: enter_function: entry to 'properties_parse'
gettext-0.23.1/gettext-tools/src/read-properties.c:595:6: branch_false: following 'false' branch...
gettext-0.23.1/gettext-tools/src/read-properties.c:606:18: branch_false: ...to here
gettext-0.23.1/gettext-tools/src/read-properties.c:621:10: branch_false: following 'false' branch...
gettext-0.23.1/gettext-tools/src/read-properties.c:626:10: branch_false: ...to here
gettext-0.23.1/gettext-tools/src/read-properties.c:626:10: branch_true: following 'true' branch...
gettext-0.23.1/gettext-tools/src/read-properties.c:647:11: branch_true: ...to here
gettext-0.23.1/gettext-tools/src/read-properties.c:651:18: branch_true: following 'true' branch...
gettext-0.23.1/gettext-tools/src/read-properties.c:656:28: branch_true: ...to here
gettext-0.23.1/gettext-tools/src/read-properties.c:656:28: acquire_memory: this call could return NULL
gettext-0.23.1/gettext-tools/src/read-properties.c:660:13: call_function: calling 'conv_from_java' from 'properties_parse'
#  219|     unsigned char *q = (unsigned char *) string;
#  220|   
#  221|->   while (*p != '\0')
#  222|       {
#  223|         if (p[0] == '\\' && p[1] == 'u')

Error: COMPILER_WARNING (CWE-691): [#def49]
gettext-0.23.1/gettext-tools/src/read-tcl.c: scope_hint: In function ‘msgdomain_read_tcl’
gettext-0.23.1/gettext-tools/src/read-tcl.c:51:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#   51 | msgdomain_read_tcl (const char *locale_name, const char *directory)
#      | ^~~~~~~~~~~~~~~~~~
#   49|   
#   50|   msgdomain_list_ty *
#   51|-> msgdomain_read_tcl (const char *locale_name, const char *directory)
#   52|   {
#   53|     const char *gettextdatadir;

Error: COMPILER_WARNING (CWE-691): [#def50]
gettext-0.23.1/gettext-tools/src/write-csharp.c: scope_hint: In function ‘write_csharp_msgid.isra.0’
gettext-0.23.1/gettext-tools/src/write-csharp.c:225:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  225 | write_csharp_msgid (FILE *stream, message_ty *mp)
#      | ^~~~~~~~~~~~~~~~~~
#  223|      given stream.  */
#  224|   static void
#  225|-> write_csharp_msgid (FILE *stream, message_ty *mp)
#  226|   {
#  227|     const char *msgctxt = mp->msgctxt;

Error: COMPILER_WARNING (CWE-691): [#def51]
gettext-0.23.1/gettext-tools/src/write-java.c: scope_hint: In function ‘msgid_hashcode’
gettext-0.23.1/gettext-tools/src/write-java.c:145:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  145 | msgid_hashcode (const char *msgctxt, const char *msgid)
#      | ^~~~~~~~~~~~~~
#  143|   /* Return the Java hash code of a (msgctxt, msgid) pair mod 2^31.  */
#  144|   static unsigned int
#  145|-> msgid_hashcode (const char *msgctxt, const char *msgid)
#  146|   {
#  147|     if (msgctxt == NULL)

Error: COMPILER_WARNING (CWE-691): [#def52]
gettext-0.23.1/gettext-tools/src/write-java.c: scope_hint: In function ‘compute_hashsize’
gettext-0.23.1/gettext-tools/src/write-java.c:173:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  173 | compute_hashsize (message_list_ty *mlp, bool *collisionp)
#      | ^~~~~~~~~~~~~~~~
#  171|   /* Compute a good hash table size for the given set of msgids.  */
#  172|   static unsigned int
#  173|-> compute_hashsize (message_list_ty *mlp, bool *collisionp)
#  174|   {
#  175|     /* This is an O(n^2) algorithm, but should be sufficient because few

Error: COMPILER_WARNING (CWE-691): [#def53]
gettext-0.23.1/gettext-tools/src/write-java.c: scope_hint: In function ‘write_java_msgid.isra.0’
gettext-0.23.1/gettext-tools/src/write-java.c:409:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  409 | write_java_msgid (FILE *stream, message_ty *mp)
#      | ^~~~~~~~~~~~~~~~
#  407|      given stream.  */
#  408|   static void
#  409|-> write_java_msgid (FILE *stream, message_ty *mp)
#  410|   {
#  411|     const char *msgctxt = mp->msgctxt;

Error: COMPILER_WARNING (CWE-691): [#def54]
gettext-0.23.1/gettext-tools/src/write-java.c: scope_hint: In function ‘msgdomain_write_java’
gettext-0.23.1/gettext-tools/src/write-java.c:1048:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
# 1048 | msgdomain_write_java (message_list_ty *mlp, const char *canon_encoding,
#      | ^~~~~~~~~~~~~~~~~~~~
# 1046|   
# 1047|   int
# 1048|-> msgdomain_write_java (message_list_ty *mlp, const char *canon_encoding,
# 1049|                         const char *resource_name, const char *locale_name,
# 1050|                         const char *directory,

Error: COMPILER_WARNING (CWE-691): [#def55]
gettext-0.23.1/gettext-tools/src/write-mo.c:371:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  371 | write_table (FILE *output_file, message_list_ty *mlp)
#      | ^~~~~~~~~~~
#  369|   /* Write the message list to the given open file.  */
#  370|   static void
#  371|-> write_table (FILE *output_file, message_list_ty *mlp)
#  372|   {
#  373|     char **msgctid_arr;

Error: COMPILER_WARNING (CWE-691): [#def56]
gettext-0.23.1/gettext-tools/src/write-po.c: scope_hint: In function 'msgdomain_list_print_po'
gettext-0.23.1/gettext-tools/src/write-po.c:1577:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
# 1577 | msgdomain_list_print_po (msgdomain_list_ty *mdlp, ostream_t stream,
#      | ^~~~~~~~~~~~~~~~~~~~~~~
# 1575|   
# 1576|   static void
# 1577|-> msgdomain_list_print_po (msgdomain_list_ty *mdlp, ostream_t stream,
# 1578|                            size_t page_width, xerror_handler_ty xeh, bool debug)
# 1579|   {

Error: COMPILER_WARNING (CWE-691): [#def57]
gettext-0.23.1/gettext-tools/src/write-tcl.c: scope_hint: In function ‘msgdomain_write_tcl’
gettext-0.23.1/gettext-tools/src/write-tcl.c:237:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  237 | msgdomain_write_tcl (message_list_ty *mlp, const char *canon_encoding,
#      | ^~~~~~~~~~~~~~~~~~~
#  235|   
#  236|   int
#  237|-> msgdomain_write_tcl (message_list_ty *mlp, const char *canon_encoding,
#  238|                        const char *locale_name,
#  239|                        const char *directory)

Error: GCC_ANALYZER_WARNING (CWE-688): [#def58]
gettext-0.23.1/gettext-tools/src/x-awk.c:495:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘*tp.string’ where non-null expected
gettext-0.23.1/gettext-tools/src/x-awk.c:370:1: enter_function: entry to ‘phase3_get’
gettext-0.23.1/gettext-tools/src/x-awk.c:447:21: call_function: calling ‘phase2_getc’ from ‘phase3_get’
gettext-0.23.1/gettext-tools/src/x-awk.c:447:21: return_function: returning to ‘phase3_get’ from ‘phase2_getc’
gettext-0.23.1/gettext-tools/src/x-awk.c:481:26: acquire_memory: this call could return NULL
gettext-0.23.1/gettext-tools/src/x-awk.c:495:17: danger: argument 1 (‘sb_xdupfree_c(&buffer)’) from [(10)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/9) could be NULL where non-null expected
#  493|                     done
#  494|                */
#  495|->             if (strcmp (tp->string, "do") == 0
#  496|                   || strcmp (tp->string, "exit") == 0
#  497|                   || strcmp (tp->string, "print") == 0

Error: GCC_ANALYZER_WARNING (CWE-688): [#def59]
gettext-0.23.1/gettext-tools/src/x-awk.c:495:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘token.string’ where non-null expected
gettext-0.23.1/gettext-tools/src/x-awk.c:914:1: enter_function: entry to ‘extract_awk’
gettext-0.23.1/gettext-tools/src/x-awk.c:939:11: call_function: calling ‘extract_parenthesized’ from ‘extract_awk’
#  493|                     done
#  494|                */
#  495|->             if (strcmp (tp->string, "do") == 0
#  496|                   || strcmp (tp->string, "exit") == 0
#  497|                   || strcmp (tp->string, "print") == 0

Error: COMPILER_WARNING: [#def60]
gettext-0.23.1/gettext-tools/src/x-c.c: scope_hint: In function ‘phase5_get’
gettext-0.23.1/gettext-tools/src/x-c.c:1466:45: warning[-Wshadow=compatible-local]: declaration of ‘contents’ shadows a previous local
# 1466 |                               string_desc_t contents = sb_contents (&buffer);
#      |                                             ^~~~~~~~
gettext-0.23.1/gettext-tools/src/x-c.c:1347:33: note: shadowed declaration is here
# 1347 |                   string_desc_t contents = sb_contents (&buffer);
#      |                                 ^~~~~~~~
# 1464|   
# 1465|                                 /* Update the state.  */
# 1466|->                               string_desc_t contents = sb_contents (&buffer);
# 1467|                                 const char *buf = string_desc_data (contents);
# 1468|                                 size_t buflen = string_desc_length (contents);

Error: COMPILER_WARNING: [#def61]
gettext-0.23.1/gettext-tools/src/x-c.c:1467:43: warning[-Wshadow=compatible-local]: declaration of ‘buf’ shadows a previous local
# 1467 |                               const char *buf = string_desc_data (contents);
#      |                                           ^~~
gettext-0.23.1/gettext-tools/src/x-c.c:1348:31: note: shadowed declaration is here
# 1348 |                   const char *buf = string_desc_data (contents);
#      |                               ^~~
# 1465|                                 /* Update the state.  */
# 1466|                                 string_desc_t contents = sb_contents (&buffer);
# 1467|->                               const char *buf = string_desc_data (contents);
# 1468|                                 size_t buflen = string_desc_length (contents);
# 1469|                                 if (c == (state < buflen ? buf[state] : '"'))

Error: COMPILER_WARNING: [#def62]
gettext-0.23.1/gettext-tools/src/x-c.c:1468:38: warning[-Wshadow=compatible-local]: declaration of ‘buflen’ shadows a previous local
# 1468 |                               size_t buflen = string_desc_length (contents);
#      |                                      ^~~~~~
gettext-0.23.1/gettext-tools/src/x-c.c:1349:26: note: shadowed declaration is here
# 1349 |                   size_t buflen = string_desc_length (contents);
#      |                          ^~~~~~
# 1466|                                 string_desc_t contents = sb_contents (&buffer);
# 1467|                                 const char *buf = string_desc_data (contents);
# 1468|->                               size_t buflen = string_desc_length (contents);
# 1469|                                 if (c == (state < buflen ? buf[state] : '"'))
# 1470|                                   {

Error: COMPILER_WARNING: [#def63]
gettext-0.23.1/gettext-tools/src/x-php.c: scope_hint: In function ‘phase4_get’
gettext-0.23.1/gettext-tools/src/x-php.c:1461:34: warning[-Wshadow=local]: declaration of ‘c’ shadows a previous local
# 1461 |                             char c = *p;
#      |                                  ^
gettext-0.23.1/gettext-tools/src/x-php.c:1064:7: note: shadowed declaration is here
# 1064 |   int c;
#      |       ^
# 1459|                             {
# 1460|                               /* Invariant: doc <= q <= p <= doc + doc_len.  */
# 1461|->                             char c = *p;
# 1462|                               *q++ = c;
# 1463|                               if (curr_line_indent < end_label_indent)

Error: GCC_ANALYZER_WARNING (CWE-688): [#def64]
gettext-0.23.1/gettext-tools/src/x-ycp.c:577:48: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘tmp.string’ where non-null expected
gettext-0.23.1/gettext-tools/src/x-ycp.c:555:1: enter_function: entry to ‘phase8_get’
gettext-0.23.1/gettext-tools/src/x-ycp.c:570:7: call_function: calling ‘phase5_get’ from ‘phase8_get’
gettext-0.23.1/gettext-tools/src/x-ycp.c:570:7: return_function: returning to ‘phase8_get’ from ‘phase5_get’
gettext-0.23.1/gettext-tools/src/x-ycp.c:571:10: branch_false: following ‘false’ branch...
gettext-0.23.1/gettext-tools/src/x-ycp.c:576:21: branch_false: ...to here
gettext-0.23.1/gettext-tools/src/x-ycp.c:577:48: danger: argument 1 (‘tmp.string’) from [(18)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/17) could be NULL where non-null expected
#argument 1 of ‘__builtin_strlen’ must be non-null
#  575|           }
#  576|         len = strlen (tp->string);
#  577|->       tp->string = xrealloc (tp->string, len + strlen (tmp.string) + 1);
#  578|         strcpy (tp->string + len, tmp.string);
#  579|         free_token (&tmp);

Error: COMPILER_WARNING (CWE-691): [#def65]
gettext-0.23.1/gettext-tools/src/xgettext.c: scope_hint: In function ‘flag_context_list_table_insert’
gettext-0.23.1/gettext-tools/src/xgettext.c:1364:1: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
# 1364 | flag_context_list_table_insert (flag_context_list_table_ty *table,
#      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1362|   
# 1363|   static void
# 1364|-> flag_context_list_table_insert (flag_context_list_table_ty *table,
# 1365|                                   size_t fi,
# 1366|                                   const char *name_start, const char *name_end,

Error: COMPILER_WARNING (CWE-252): [#def66]
gettext-0.23.1/libtextstyle/lib/glib/gtypes.h:44: included_from: Included from here.
gettext-0.23.1/libtextstyle/lib/glib/ghash.h:44: included_from: Included from here.
gettext-0.23.1/libtextstyle/lib/glib.h:52: included_from: Included from here.
gettext-0.23.1/libtextstyle/lib/glib/gstrfuncs.c:61: included_from: Included from here.
gettext-0.23.1/libtextstyle/lib/glib/gstrfuncs.c: scope_hint: In function 'libtextstyle_g_strdup_vprintf'
gettext-0.23.1/libtextstyle/lib/glibconfig.h:183:21: warning[-Wunused-result]: ignoring return value of 'vasprintf' declared with attribute 'warn_unused_result'
#  183 | #define g_vasprintf vasprintf
gettext-0.23.1/libtextstyle/lib/glib/gstrfuncs.c:215:3: note: in expansion of macro 'g_vasprintf'
#  215 |   g_vasprintf (&string, format, args);
#      |   ^~~~~~~~~~~
#  181|   #define g_vfprintf vfprintf
#  182|   #define g_vsprintf vsprintf
#  183|-> #define g_vasprintf vasprintf
#  184|   
#  185|   /* ===================== Substitute for <glib/gslice.h> ===================== */

Error: COMPILER_WARNING (CWE-691): [#def67]
gettext-0.23.1/libtextstyle/lib/vasnprintf.c: scope_hint: In function 'vasnprintf'
gettext-0.23.1/libtextstyle/lib/vasnprintf.c:148:22: warning[-Wstack-protector]: stack protector not protecting local variables: variable length buffer
#  148 | #  define VASNPRINTF vasnprintf
#      |                      ^~~~~~~~~~
#  146|   #  define DCHAR_SET wmemset
#  147|   # else
#  148|-> #  define VASNPRINTF vasnprintf
#  149|   #  define FCHAR_T char
#  150|   #  define DCHAR_T char
Scan Properties

analyzer-version-clippy	1.86.0
analyzer-version-cppcheck	2.17.1
analyzer-version-gcc	15.0.1
analyzer-version-gcc-analyzer	15.0.1
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.86.0
diffbase-analyzer-version-cppcheck	2.17.1
diffbase-analyzer-version-gcc	15.0.1
diffbase-analyzer-version-gcc-analyzer	15.0.1
diffbase-analyzer-version-shellcheck	0.10.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-199.us-west-2.compute.internal
diffbase-known-false-positives	/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpm	known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch
diffbase-mock-config	fedora-rawhide-x86_64
diffbase-project-name	gettext-0.24-1.fc43
diffbase-store-results-to	/tmp/tmpsw5tsdfw/gettext-0.24-1.fc43.tar.xz
diffbase-time-created	2025-04-25 12:50:33
diffbase-time-finished	2025-04-25 13:08:33
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpsw5tsdfw/gettext-0.24-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpsw5tsdfw/gettext-0.24-1.fc43.src.rpm'
diffbase-tool-version	csmock-3.8.1.20250422.172604.g26bc3d6-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-199.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	gettext-0.23.1-2.fc42
store-results-to	/tmp/tmp8fgtt6bk/gettext-0.23.1-2.fc42.tar.xz
time-created	2025-04-25 12:33:01
time-finished	2025-04-25 12:50:07
title	Fixed findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmp8fgtt6bk/gettext-0.23.1-2.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp8fgtt6bk/gettext-0.23.1-2.fc42.src.rpm'
tool-version	csmock-3.8.1.20250422.172604.g26bc3d6-1.el9