Error: GCC_ANALYZER_WARNING (CWE-457): [#def1] jq-jq-1.7.1/src/decNumber/decNumber.c:6282:37: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '*u' jq-jq-1.7.1/src/decNumber/decNumber.c:6169:12: enter_function: entry to 'decCompare' jq-jq-1.7.1/src/decNumber/decNumber.c:6180:8: branch_false: following 'false' branch (when 'result != 0')... jq-jq-1.7.1/src/decNumber/decNumber.c:6194:8: branch_false: ...to here jq-jq-1.7.1/src/decNumber/decNumber.c:6194:6: branch_false: following 'false' branch... jq-jq-1.7.1/src/decNumber/decNumber.c:6202:7: branch_false: ...to here jq-jq-1.7.1/src/decNumber/decNumber.c:6209:11: branch_true: following 'true' branch... jq-jq-1.7.1/src/decNumber/decNumber.c:6210:36: branch_true: ...to here jq-jq-1.7.1/src/decNumber/decNumber.c:6209:11: branch_true: following 'true' branch... jq-jq-1.7.1/src/decNumber/decNumber.c:6209:36: branch_true: ...to here jq-jq-1.7.1/src/decNumber/decNumber.c:6209:11: call_function: calling 'decUnitCompare' from 'decCompare' # 6280| else { // non-negative result # 6281| // check units of the result before freeing any storage # 6282|-> for (u=acc; u<acc+accunits-1 && *u==0;) u++; # 6283| result=(*u==0 ? 0 : +1); # 6284| } Error: GCC_ANALYZER_WARNING (CWE-457): [#def2] jq-jq-1.7.1/src/decNumber/decNumber.c:6283:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '*u' jq-jq-1.7.1/src/decNumber/decNumber.c:6169:12: enter_function: entry to 'decCompare' jq-jq-1.7.1/src/decNumber/decNumber.c:6180:8: branch_false: following 'false' branch (when 'result != 0')... jq-jq-1.7.1/src/decNumber/decNumber.c:6194:8: branch_false: ...to here jq-jq-1.7.1/src/decNumber/decNumber.c:6194:6: branch_false: following 'false' branch... jq-jq-1.7.1/src/decNumber/decNumber.c:6202:7: branch_false: ...to here jq-jq-1.7.1/src/decNumber/decNumber.c:6209:11: branch_true: following 'true' branch... jq-jq-1.7.1/src/decNumber/decNumber.c:6210:36: branch_true: ...to here jq-jq-1.7.1/src/decNumber/decNumber.c:6209:11: branch_true: following 'true' branch... jq-jq-1.7.1/src/decNumber/decNumber.c:6209:36: branch_true: ...to here jq-jq-1.7.1/src/decNumber/decNumber.c:6209:11: call_function: calling 'decUnitCompare' from 'decCompare' # 6281| // check units of the result before freeing any storage # 6282| for (u=acc; u<acc+accunits-1 && *u==0;) u++; # 6283|-> result=(*u==0 ? 0 : +1); # 6284| } # 6285| // clean up and return the result Error: GCC_ANALYZER_WARNING (CWE-126): [#def3] jq-jq-1.7.1/src/decNumber/decNumber.c:6382:19: warning[-Wanalyzer-out-of-bounds]: buffer over-read jq-jq-1.7.1/src/decNumber/decNumber.c:7428:13: enter_function: entry to 'decSetSubnormal' jq-jq-1.7.1/src/decNumber/decNumber.c:7464:6: branch_false: following 'false' branch (when 'adjust > 0')... jq-jq-1.7.1/src/decNumber/decNumber.c:7474:3: branch_false: ...to here jq-jq-1.7.1/src/decNumber/decNumber.c:7478:3: call_function: calling 'decSetCoeff' from 'decSetSubnormal' jq-jq-1.7.1/src/decNumber/decNumber.c:7478:3: return_function: returning to 'decSetSubnormal' from 'decSetCoeff' jq-jq-1.7.1/src/decNumber/decNumber.c:7479:3: call_function: inlined call to 'decApplyRound' from 'decSetSubnormal' branch_false: ...to here jq-jq-1.7.1/src/decNumber/decNumber.c:7479:3: call_function: inlined call to 'decApplyRound' from 'decSetSubnormal' # 6380| carry+=*a; # 6381| a++; # 6382|-> carry+=((eInt)*b)*m; // [special-casing m=1/-1 # 6383| b++; // here is not a win] # 6384| // here carry is new Unit of digits; it could be +ve or -ve Error: GCC_ANALYZER_WARNING (CWE-476): [#def4] jq-jq-1.7.1/src/jv.c:1853:6: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' jq-jq-1.7.1/src/jv.c:1956:5: enter_function: entry to 'jv_contains' jq-jq-1.7.1/src/jv.c:1958:6: branch_false: following 'false' branch... jq-jq-1.7.1/src/jv.c:1960:13: branch_false: ...to here jq-jq-1.7.1/src/jv.c:1960:13: branch_true: following 'true' branch... jq-jq-1.7.1/src/jv.c:1961:9: branch_true: ...to here jq-jq-1.7.1/src/jv.c:1961:9: call_function: calling 'jvp_object_contains' from 'jv_contains' # 1851| # 1852| jv jv_object_iter_key(jv object, int iter) { # 1853|-> jv s = jvp_object_get_slot(object, iter)->string; # 1854| assert(JVP_HAS_KIND(s, JV_KIND_STRING)); # 1855| return jv_copy(s); Error: GCC_ANALYZER_WARNING (CWE-476): [#def5] jq-jq-1.7.1/src/jv.c:1859:10: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' jq-jq-1.7.1/src/jv.c:1956:5: enter_function: entry to 'jv_contains' jq-jq-1.7.1/src/jv.c:1958:6: branch_false: following 'false' branch... jq-jq-1.7.1/src/jv.c:1960:13: branch_false: ...to here jq-jq-1.7.1/src/jv.c:1960:13: branch_true: following 'true' branch... jq-jq-1.7.1/src/jv.c:1961:9: branch_true: ...to here jq-jq-1.7.1/src/jv.c:1961:9: call_function: calling 'jvp_object_contains' from 'jv_contains' # 1857| # 1858| jv jv_object_iter_value(jv object, int iter) { # 1859|-> return jv_copy(jvp_object_get_slot(object, iter)->value); # 1860| } # 1861| Error: GCC_ANALYZER_WARNING (CWE-401): [#def6] jq-jq-1.7.1/src/jv_alloc.c:89:1: warning[-Wanalyzer-malloc-leak]: leak of 'nomem_handler' jq-jq-1.7.1/src/jv_alloc.c:82:6: branch_true: following 'true' branch... jq-jq-1.7.1/src/jv_alloc.c:83:43: branch_true: ...to here jq-jq-1.7.1/src/jv_alloc.c:83:43: acquire_memory: allocated here jq-jq-1.7.1/src/jv_alloc.c:84:8: branch_false: following 'false' branch... jq-jq-1.7.1/src/jv_alloc.c:89:1: branch_false: ...to here jq-jq-1.7.1/src/jv_alloc.c:89:1: danger: 'nomem_handler' leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) # 87| } # 88| } # 89|-> } # 90| # 91| void jv_nomem_handler(jv_nomem_handler_f handler, void *data) { Error: GCC_ANALYZER_WARNING (CWE-476): [#def7] jq-jq-1.7.1/src/lexer.c:2003:2: warning[-Wanalyzer-null-dereference]: dereference of NULL 'b' jq-jq-1.7.1/src/lexer.c:1882:10: enter_function: entry to 'jq_yyrestart' jq-jq-1.7.1/src/lexer.c:1889:27: call_function: calling 'jq_yy_create_buffer' from 'jq_yyrestart' jq-jq-1.7.1/src/lexer.c:1889:27: return_function: returning to 'jq_yyrestart' from 'jq_yy_create_buffer' jq-jq-1.7.1/src/lexer.c:1892:2: branch_false: following 'false' branch... jq-jq-1.7.1/src/lexer.c:1892:2: branch_false: ...to here jq-jq-1.7.1/src/lexer.c:1892:2: call_function: calling 'jq_yy_init_buffer' from 'jq_yyrestart' # 2001| # 2002| yy_flush_buffer( b , yyscanner); # 2003|-> # 2004| b->yy_input_file = file; # 2005| b->yy_fill_buffer = 1; Error: GCC_ANALYZER_WARNING (CWE-457): [#def8] jq-jq-1.7.1/src/parser.c:2531:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'yyss' jq-jq-1.7.1/src/parser.y:1005:5: enter_function: entry to 'jq_parse_library' jq-jq-1.7.1/src/parser.y:1006:14: call_function: calling 'jq_parse' from 'jq_parse_library' # 2529| if (! yyptr) # 2530| YYNOMEM; # 2531|-> YYSTACK_RELOCATE (yyss_alloc, yyss); # 2532| YYSTACK_RELOCATE (yyvs_alloc, yyvs); # 2533| YYSTACK_RELOCATE (yyls_alloc, yyls);
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-14.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | jq-1.7.1-11.fc43 |
| store-results-to | /tmp/tmp3lb31x8x/jq-1.7.1-11.fc43.tar.xz |
| time-created | 2025-04-25 13:08:46 |
| time-finished | 2025-04-25 13:10:22 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmp3lb31x8x/jq-1.7.1-11.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp3lb31x8x/jq-1.7.1-11.fc43.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |