Error: GCC_ANALYZER_WARNING (CWE-457): [#def1] kexec-tools-2.0.31/kexec/arch/i386/crashdump-x86.c:869:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘mem_range’ kexec-tools-2.0.31/kexec/arch/i386/crashdump-x86.c:859:12: branch_true: following ‘true’ branch... kexec-tools-2.0.31/kexec/arch/i386/crashdump-x86.c:869:9: branch_true: ...to here kexec-tools-2.0.31/kexec/arch/i386/crashdump-x86.c:869:9: danger: use of uninitialized value ‘mem_range’ here # 867| return -1; # 868| # 869|-> get_backup_area(info, mem_range, nr_ranges); # 870| # 871| dbgprint_mem_range("CRASH MEMORY RANGES", mem_range, nr_ranges); Error: GCC_ANALYZER_WARNING (CWE-126): [#def2] kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:207:25: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:189:12: branch_false: following ‘false’ branch (when ‘tmp_cmdline’ is NULL)... kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:193:12: branch_false: ...to here kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:193:12: branch_false: following ‘false’ branch... kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:196:28: branch_false: ...to here kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:203:12: branch_true: following ‘true’ branch... kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:204:36: branch_true: ...to here kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:206:20: branch_true: following ‘true’ branch (when ‘command_line’ is non-NULL)... kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:207:25: branch_true: ...to here kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:207:25: danger: out-of-bounds read from byte 1 till byte 2047 but region ends at byte 1 # 205| memset((void *)modified_cmdline, 0, COMMAND_LINE_SIZE); # 206| if (command_line) { # 207|-> strncpy(modified_cmdline, command_line, # 208| COMMAND_LINE_SIZE); # 209| modified_cmdline[COMMAND_LINE_SIZE - 1] = '\0'; Error: GCC_ANALYZER_WARNING (CWE-688): [#def3] kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:300:44: warning[-Wanalyzer-null-argument]: use of NULL ‘modified_cmdline’ where non-null expected kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:189:12: branch_false: following ‘false’ branch (when ‘tmp_cmdline’ is NULL)... kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:193:12: branch_false: ...to here kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:193:12: branch_true: following ‘true’ branch... kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:194:36: branch_true: ...to here kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:203:12: branch_false: following ‘false’ branch... kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:214:9: branch_false: ...to here kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:229:17: branch_false: following ‘false’ branch (when ‘arg_style != 0’)... kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:264:23: branch_false: ...to here kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:284:20: branch_false: following ‘false’ branch (when ‘ramdisk’ is NULL)... kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:290:21: branch_false: ...to here kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:290:20: branch_true: following ‘true’ branch... kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:291:30: branch_true: ...to here kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:293:28: branch_false: following ‘false’ branch... kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:298:25: branch_false: ...to here kexec-tools-2.0.31/kexec/arch/i386/kexec-elf-x86.c:300:44: danger: argument 1 (‘modified_cmdline’) NULL where non-null expected #argument 1 of ‘__builtin_strlen’ must be non-null # 298| free(command_line); # 299| command_line = modified_cmdline; # 300|-> command_line_len = strlen(modified_cmdline) + 1; # 301| modified_cmdline = NULL; # 302| } Error: COMPILER_WARNING (CWE-252): [#def4] kexec-tools-2.0.31/kexec/arch/i386/kexec-x86-common.c: scope_hint: In function ‘efi_map_added’ kexec-tools-2.0.31/kexec/arch/i386/kexec-x86-common.c:320:17: warning[-Wunused-result]: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’ # 320 | fgets( buf, 512, fp ); # | ^~~~~~~~~~~~~~~~~~~~~ # 318| FILE *fp = fopen( "/proc/cmdline", "r" ); # 319| if( fp ) { # 320|-> fgets( buf, 512, fp ); # 321| fclose( fp ); # 322| return strstr( buf, "add_efi_memmap" ) != NULL; Error: COMPILER_WARNING (CWE-252): [#def5] kexec-tools-2.0.31/kexec/arch/i386/x86-linux-setup.c: scope_hint: In function ‘get_bootparam’ kexec-tools-2.0.31/kexec/arch/i386/x86-linux-setup.c:513:9: warning[-Wunused-result]: ignoring return value of ‘read’ declared with attribute ‘warn_unused_result’ # 513 | read(data_file, buf, size); # | ^~~~~~~~~~~~~~~~~~~~~~~~~~ # 511| if (lseek(data_file, offset, SEEK_SET) < 0) # 512| goto close; # 513|-> read(data_file, buf, size); # 514| close: # 515| close(data_file); Error: GCC_ANALYZER_WARNING (CWE-457): [#def6] kexec-tools-2.0.31/kexec/arch/i386/x86-linux-setup.c:635:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*map’ kexec-tools-2.0.31/kexec/arch/i386/x86-linux-setup.c:890:6: enter_function: entry to ‘setup_linux_system_parameters’ kexec-tools-2.0.31/kexec/arch/i386/x86-linux-setup.c:896:9: call_function: inlined call to ‘setup_subarch’ from ‘setup_linux_system_parameters’ kexec-tools-2.0.31/kexec/arch/i386/x86-linux-setup.c:896:9: call_function: inlined call to ‘setup_subarch’ from ‘setup_linux_system_parameters’ kexec-tools-2.0.31/kexec/arch/i386/x86-linux-setup.c:897:12: branch_true: following ‘true’ branch... kexec-tools-2.0.31/kexec/arch/i386/x86-linux-setup.c:898:17: call_function: calling ‘setup_efi_info’ from ‘setup_linux_system_parameters’ # 633| return nr_maps; # 634| err_out: # 635|-> if (*map) # 636| free(*map); # 637| closedir(dirp); Error: GCC_ANALYZER_WARNING (CWE-401): [#def7] kexec-tools-2.0.31/kexec/arch/i386/x86-linux-setup.c:725:16: warning[-Wanalyzer-malloc-leak]: leak of ‘maps’ kexec-tools-2.0.31/kexec/arch/i386/x86-linux-setup.c:890:6: enter_function: entry to ‘setup_linux_system_parameters’ kexec-tools-2.0.31/kexec/arch/i386/x86-linux-setup.c:896:9: call_function: inlined call to ‘setup_subarch’ from ‘setup_linux_system_parameters’ kexec-tools-2.0.31/kexec/arch/i386/x86-linux-setup.c:896:9: call_function: inlined call to ‘setup_subarch’ from ‘setup_linux_system_parameters’ kexec-tools-2.0.31/kexec/arch/i386/x86-linux-setup.c:897:12: branch_true: following ‘true’ branch... kexec-tools-2.0.31/kexec/arch/i386/x86-linux-setup.c:898:17: call_function: calling ‘setup_efi_info’ from ‘setup_linux_system_parameters’ # 723| ei->efi_memdesc_size = sizeof(struct efi_mem_descriptor); # 724| # 725|-> return 0; # 726| free_maps: # 727| free(maps); Error: GCC_ANALYZER_WARNING (CWE-401): [#def8] kexec-tools-2.0.31/kexec/arch/i386/x86-linux-setup.c:725:16: warning[-Wanalyzer-malloc-leak]: leak of ‘sd’ kexec-tools-2.0.31/kexec/arch/i386/x86-linux-setup.c:890:6: enter_function: entry to ‘setup_linux_system_parameters’ kexec-tools-2.0.31/kexec/arch/i386/x86-linux-setup.c:896:9: call_function: inlined call to ‘setup_subarch’ from ‘setup_linux_system_parameters’ kexec-tools-2.0.31/kexec/arch/i386/x86-linux-setup.c:896:9: call_function: inlined call to ‘setup_subarch’ from ‘setup_linux_system_parameters’ kexec-tools-2.0.31/kexec/arch/i386/x86-linux-setup.c:897:12: branch_true: following ‘true’ branch... kexec-tools-2.0.31/kexec/arch/i386/x86-linux-setup.c:898:17: call_function: calling ‘setup_efi_info’ from ‘setup_linux_system_parameters’ # 723| ei->efi_memdesc_size = sizeof(struct efi_mem_descriptor); # 724| # 725|-> return 0; # 726| free_maps: # 727| free(maps); Error: GCC_ANALYZER_WARNING (CWE-126): [#def9] kexec-tools-2.0.31/kexec/arch/x86_64/kexec-bzImage64.c:155:25: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read kexec-tools-2.0.31/kexec/arch/x86_64/kexec-bzImage64.c:329:5: enter_function: entry to ‘bzImage64_load’ kexec-tools-2.0.31/kexec/arch/x86_64/kexec-bzImage64.c:341:12: branch_false: following ‘false’ branch... branch_false: ...to here kexec-tools-2.0.31/kexec/arch/x86_64/kexec-bzImage64.c:382:12: branch_false: following ‘false’ branch (when ‘tmp_cmdline’ is NULL)... kexec-tools-2.0.31/kexec/arch/x86_64/kexec-bzImage64.c:385:12: branch_false: ...to here kexec-tools-2.0.31/kexec/arch/x86_64/kexec-bzImage64.c:385:12: branch_false: following ‘false’ branch... kexec-tools-2.0.31/kexec/arch/x86_64/kexec-bzImage64.c:388:32: branch_false: ...to here kexec-tools-2.0.31/kexec/arch/x86_64/kexec-bzImage64.c:392:12: branch_false: following ‘false’ branch (when ‘ramdisk’ is NULL)... kexec-tools-2.0.31/kexec/arch/x86_64/kexec-bzImage64.c:395:13: branch_false: ...to here kexec-tools-2.0.31/kexec/arch/x86_64/kexec-bzImage64.c:395:12: branch_false: following ‘false’ branch... kexec-tools-2.0.31/kexec/arch/x86_64/kexec-bzImage64.c:400:26: branch_false: ...to here kexec-tools-2.0.31/kexec/arch/x86_64/kexec-bzImage64.c:400:26: call_function: calling ‘do_bzImage64_load’ from ‘bzImage64_load’ # 153| memset((void *)modified_cmdline, 0, COMMAND_LINE_SIZE); # 154| if (command_line) { # 155|-> strncpy(modified_cmdline, command_line, # 156| COMMAND_LINE_SIZE); # 157| modified_cmdline[COMMAND_LINE_SIZE - 1] = '\0'; Error: GCC_ANALYZER_WARNING (CWE-688): [#def10] kexec-tools-2.0.31/kexec/arch/x86_64/kexec-elf-x86_64.c:226:44: warning[-Wanalyzer-null-argument]: use of NULL ‘modified_cmdline’ where non-null expected kexec-tools-2.0.31/kexec/arch/x86_64/kexec-elf-x86_64.c:135:12: branch_false: following ‘false’ branch (when ‘tmp_cmdline’ is NULL)... kexec-tools-2.0.31/kexec/arch/x86_64/kexec-elf-x86_64.c:138:12: branch_false: ...to here kexec-tools-2.0.31/kexec/arch/x86_64/kexec-elf-x86_64.c:145:12: branch_false: following ‘false’ branch... kexec-tools-2.0.31/kexec/arch/x86_64/kexec-elf-x86_64.c:156:9: branch_false: ...to here kexec-tools-2.0.31/kexec/arch/x86_64/kexec-elf-x86_64.c:162:12: branch_true: following ‘true’ branch (when ‘arg_style != 2’)... kexec-tools-2.0.31/kexec/arch/x86_64/kexec-elf-x86_64.c:164:17: branch_true: ...to here kexec-tools-2.0.31/kexec/arch/x86_64/kexec-elf-x86_64.c:171:17: branch_false: following ‘false’ branch (when ‘arg_style != 0’)... kexec-tools-2.0.31/kexec/arch/x86_64/kexec-elf-x86_64.c:199:23: branch_false: ...to here kexec-tools-2.0.31/kexec/arch/x86_64/kexec-elf-x86_64.c:210:20: branch_false: following ‘false’ branch (when ‘ramdisk’ is NULL)... kexec-tools-2.0.31/kexec/arch/x86_64/kexec-elf-x86_64.c:216:21: branch_false: ...to here kexec-tools-2.0.31/kexec/arch/x86_64/kexec-elf-x86_64.c:216:20: branch_true: following ‘true’ branch... kexec-tools-2.0.31/kexec/arch/x86_64/kexec-elf-x86_64.c:217:30: branch_true: ...to here kexec-tools-2.0.31/kexec/arch/x86_64/kexec-elf-x86_64.c:219:28: branch_false: following ‘false’ branch... kexec-tools-2.0.31/kexec/arch/x86_64/kexec-elf-x86_64.c:224:25: branch_false: ...to here kexec-tools-2.0.31/kexec/arch/x86_64/kexec-elf-x86_64.c:226:44: danger: argument 1 (‘modified_cmdline’) NULL where non-null expected #argument 1 of ‘__builtin_strlen’ must be non-null # 224| free(command_line); # 225| command_line = modified_cmdline; # 226|-> command_line_len = strlen(modified_cmdline) + 1; # 227| modified_cmdline = NULL; # 228| } Error: GCC_ANALYZER_WARNING (CWE-688): [#def11] kexec-tools-2.0.31/kexec/kexec-iomem.c:52:15: warning[-Wanalyzer-null-argument]: use of NULL ‘fopen(proc_iomem(), "r")’ where non-null expected kexec-tools-2.0.31/kexec/kexec-iomem.c:45:12: branch_false: following ‘false’ branch (when ‘callback’ is non-NULL)... kexec-tools-2.0.31/kexec/kexec-iomem.c:48:14: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec-iomem.c:48:14: acquire_memory: allocated here kexec-tools-2.0.31/kexec/kexec-iomem.c:49:12: release_memory: assuming ‘fopen(proc_iomem(), "r")’ is NULL kexec-tools-2.0.31/kexec/kexec-iomem.c:49:12: branch_true: following ‘true’ branch... kexec-tools-2.0.31/kexec/kexec-iomem.c:50:17: branch_true: ...to here kexec-tools-2.0.31/kexec/kexec-iomem.c:52:15: danger: argument 3 (‘fopen(proc_iomem(), "r")’) NULL where non-null expected # 50| die("Cannot open %s\n", iomem); # 51| # 52|-> while(fgets(line, sizeof(line), fp) != 0) { # 53| count = sscanf(line, "%llx-%llx : %n", &start, &end, &consumed); # 54| if (count != 2) Error: COMPILER_WARNING (CWE-252): [#def12] kexec-tools-2.0.31/kexec/kexec-pe-zboot.c: scope_hint: In function ‘pez_prepare’ kexec-tools-2.0.31/kexec/kexec-pe-zboot.c:112:25: warning[-Wunused-result]: ignoring return value of ‘ftruncate’ declared with attribute ‘warn_unused_result’ # 112 | ftruncate(fd, 0); # | ^~~~~~~~~~~~~~~~ # 110| if (dir->certs.virtual_address != 0 && dir->certs.size != 0) { # 111| original_file_sz = dir->certs.virtual_address + dir->certs.size; # 112|-> ftruncate(fd, 0); # 113| } # 114| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def13] kexec-tools-2.0.31/kexec/kexec.c:510:51: warning[-Wanalyzer-malloc-leak]: leak of ‘xmalloc((long unsigned int)size)’ kexec-tools-2.0.31/kexec/kexec.c:1470:5: enter_function: entry to ‘main’ kexec-tools-2.0.31/kexec/kexec.c:1501:16: branch_true: following ‘true’ branch (when ‘opt != -1’)... kexec-tools-2.0.31/kexec/kexec.c:1503:17: branch_true: ...to here kexec-tools-2.0.31/kexec/kexec.c:1501:16: branch_false: following ‘false’ branch (when ‘opt == -1’)... kexec-tools-2.0.31/kexec/kexec.c:1648:12: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1648:12: branch_false: following ‘false’ branch (when ‘skip_ifdown == 0’)... kexec-tools-2.0.31/kexec/kexec.c:1650:12: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1650:12: branch_false: following ‘false’ branch (when ‘skip_sync == 0’)... kexec-tools-2.0.31/kexec/kexec.c:1653:12: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1653:12: branch_false: following ‘false’ branch (when ‘do_status == 0’)... kexec-tools-2.0.31/kexec/kexec.c:1667:12: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1667:12: branch_true: following ‘true’ branch (when ‘do_load != 0’)... kexec-tools-2.0.31/kexec/kexec.c:1668:14: branch_true: ...to here kexec-tools-2.0.31/kexec/kexec.c:1667:13: branch_false: following ‘false’ branch... kexec-tools-2.0.31/kexec/kexec.c:1669:14: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1668:13: branch_false: following ‘false’ branch... branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1677:12: branch_true: following ‘true’ branch (when ‘do_load != 0’)... kexec-tools-2.0.31/kexec/kexec.c:1677:24: branch_true: ...to here kexec-tools-2.0.31/kexec/kexec.c:1677:13: branch_false: following ‘false’ branch... kexec-tools-2.0.31/kexec/kexec.c:1684:24: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1684:13: branch_false: following ‘false’ branch... branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1689:12: branch_true: following ‘true’ branch... kexec-tools-2.0.31/kexec/kexec.c:1691:29: branch_true: ...to here kexec-tools-2.0.31/kexec/kexec.c:1693:23: call_function: calling ‘slurp_file_len’ from ‘main’ # 508| progress = 0; # 509| while (progress < size) { # 510|-> result = read(fd, buf + progress, size - progress); # 511| if (result < 0) { # 512| if ((errno == EINTR) || (errno == EAGAIN)) Error: GCC_ANALYZER_WARNING (CWE-401): [#def14] kexec-tools-2.0.31/kexec/kexec.c:526:12: warning[-Wanalyzer-malloc-leak]: leak of ‘xmalloc((long unsigned int)size)’ kexec-tools-2.0.31/kexec/kexec.c:637:7: enter_function: entry to ‘slurp_decompress_file’ kexec-tools-2.0.31/kexec/kexec.c:647:40: call_function: inlined call to ‘slurp_file’ from ‘slurp_decompress_file’ # 524| } # 525| result = close(fd); # 526|-> if (result < 0) # 527| die("Close of %s failed: %s\n", filename, strerror(errno)); # 528| Error: GCC_ANALYZER_WARNING (CWE-1341): [#def15] kexec-tools-2.0.31/kexec/kexec.c:597:9: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘open(filename, 0)’ kexec-tools-2.0.31/kexec/kexec.c:637:7: enter_function: entry to ‘slurp_decompress_file’ kexec-tools-2.0.31/kexec/kexec.c:647:40: call_function: inlined call to ‘slurp_file’ from ‘slurp_decompress_file’ # 595| # 596| *r_size = size; # 597|-> close(fd); # 598| return buf; # 599| } Error: GCC_ANALYZER_WARNING (CWE-127): [#def16] kexec-tools-2.0.31/kexec/kexec.c:1695:29: warning[-Wanalyzer-out-of-bounds]: heap-based buffer under-read kexec-tools-2.0.31/kexec/kexec.c:1470:5: enter_function: entry to ‘main’ kexec-tools-2.0.31/kexec/kexec.c:1501:16: branch_true: following ‘true’ branch (when ‘opt != -1’)... kexec-tools-2.0.31/kexec/kexec.c:1503:17: branch_true: ...to here kexec-tools-2.0.31/kexec/kexec.c:1501:16: branch_false: following ‘false’ branch (when ‘opt == -1’)... kexec-tools-2.0.31/kexec/kexec.c:1648:12: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1648:12: branch_false: following ‘false’ branch (when ‘skip_ifdown == 0’)... kexec-tools-2.0.31/kexec/kexec.c:1650:12: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1650:12: branch_false: following ‘false’ branch (when ‘skip_sync == 0’)... kexec-tools-2.0.31/kexec/kexec.c:1653:12: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1653:12: branch_false: following ‘false’ branch (when ‘do_status == 0’)... kexec-tools-2.0.31/kexec/kexec.c:1667:12: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1667:12: branch_true: following ‘true’ branch (when ‘do_load != 0’)... kexec-tools-2.0.31/kexec/kexec.c:1668:14: branch_true: ...to here kexec-tools-2.0.31/kexec/kexec.c:1667:13: branch_false: following ‘false’ branch... kexec-tools-2.0.31/kexec/kexec.c:1669:14: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1668:13: branch_false: following ‘false’ branch... branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1677:12: branch_true: following ‘true’ branch (when ‘do_load != 0’)... kexec-tools-2.0.31/kexec/kexec.c:1677:24: branch_true: ...to here kexec-tools-2.0.31/kexec/kexec.c:1677:13: branch_false: following ‘false’ branch... kexec-tools-2.0.31/kexec/kexec.c:1684:24: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1684:13: branch_false: following ‘false’ branch... branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1689:12: branch_true: following ‘true’ branch... kexec-tools-2.0.31/kexec/kexec.c:1691:29: branch_true: ...to here kexec-tools-2.0.31/kexec/kexec.c:1693:23: call_function: calling ‘slurp_file_len’ from ‘main’ kexec-tools-2.0.31/kexec/kexec.c:1693:23: return_function: returning to ‘main’ from ‘slurp_file_len’ kexec-tools-2.0.31/kexec/kexec.c:1694:20: branch_true: following ‘true’ branch... kexec-tools-2.0.31/kexec/kexec.c:1695:32: branch_true: ...to here kexec-tools-2.0.31/kexec/kexec.c:1695:29: danger: out-of-bounds read at byte -1 but region starts at byte 0 # 1693| buf = slurp_file_len(ces, sizeof(buf)-1, &nread); # 1694| if (buf) { # 1695|-> if (buf[nread-1] == '\n') # 1696| buf[nread-1] = '\0'; # 1697| elfcorehdrsz = strtoul(buf, &endptr, 0); Error: GCC_ANALYZER_WARNING (CWE-124): [#def17] kexec-tools-2.0.31/kexec/kexec.c:1696:33: warning[-Wanalyzer-out-of-bounds]: heap-based buffer underwrite kexec-tools-2.0.31/kexec/kexec.c:1470:5: enter_function: entry to ‘main’ kexec-tools-2.0.31/kexec/kexec.c:1501:16: branch_true: following ‘true’ branch (when ‘opt != -1’)... kexec-tools-2.0.31/kexec/kexec.c:1503:17: branch_true: ...to here kexec-tools-2.0.31/kexec/kexec.c:1501:16: branch_false: following ‘false’ branch (when ‘opt == -1’)... kexec-tools-2.0.31/kexec/kexec.c:1648:12: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1648:12: branch_false: following ‘false’ branch (when ‘skip_ifdown == 0’)... kexec-tools-2.0.31/kexec/kexec.c:1650:12: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1650:12: branch_false: following ‘false’ branch (when ‘skip_sync == 0’)... kexec-tools-2.0.31/kexec/kexec.c:1653:12: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1653:12: branch_false: following ‘false’ branch (when ‘do_status == 0’)... kexec-tools-2.0.31/kexec/kexec.c:1667:12: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1667:12: branch_true: following ‘true’ branch (when ‘do_load != 0’)... kexec-tools-2.0.31/kexec/kexec.c:1668:14: branch_true: ...to here kexec-tools-2.0.31/kexec/kexec.c:1667:13: branch_false: following ‘false’ branch... kexec-tools-2.0.31/kexec/kexec.c:1669:14: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1668:13: branch_false: following ‘false’ branch... branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1677:12: branch_true: following ‘true’ branch (when ‘do_load != 0’)... kexec-tools-2.0.31/kexec/kexec.c:1677:24: branch_true: ...to here kexec-tools-2.0.31/kexec/kexec.c:1677:13: branch_false: following ‘false’ branch... kexec-tools-2.0.31/kexec/kexec.c:1684:24: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1684:13: branch_false: following ‘false’ branch... branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1689:12: branch_true: following ‘true’ branch... kexec-tools-2.0.31/kexec/kexec.c:1691:29: branch_true: ...to here kexec-tools-2.0.31/kexec/kexec.c:1693:23: call_function: calling ‘slurp_file_len’ from ‘main’ kexec-tools-2.0.31/kexec/kexec.c:1693:23: return_function: returning to ‘main’ from ‘slurp_file_len’ kexec-tools-2.0.31/kexec/kexec.c:1694:20: branch_true: following ‘true’ branch... kexec-tools-2.0.31/kexec/kexec.c:1695:32: branch_true: ...to here kexec-tools-2.0.31/kexec/kexec.c:1695:28: branch_true: following ‘true’ branch... kexec-tools-2.0.31/kexec/kexec.c:1696:33: branch_true: ...to here kexec-tools-2.0.31/kexec/kexec.c:1696:33: danger: out-of-bounds write at byte -1 but region starts at byte 0 # 1694| if (buf) { # 1695| if (buf[nread-1] == '\n') # 1696|-> buf[nread-1] = '\0'; # 1697| elfcorehdrsz = strtoul(buf, &endptr, 0); # 1698| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def18] kexec-tools-2.0.31/kexec/kexec.c:1697:25: warning[-Wanalyzer-malloc-leak]: leak of ‘slurp_file_len("/sys/kernel/crash_elfcorehdr_size", 7, &nread)’ kexec-tools-2.0.31/kexec/kexec.c:1470:5: enter_function: entry to ‘main’ kexec-tools-2.0.31/kexec/kexec.c:1501:16: branch_true: following ‘true’ branch (when ‘opt != -1’)... kexec-tools-2.0.31/kexec/kexec.c:1503:17: branch_true: ...to here kexec-tools-2.0.31/kexec/kexec.c:1501:16: branch_false: following ‘false’ branch (when ‘opt == -1’)... kexec-tools-2.0.31/kexec/kexec.c:1648:12: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1648:12: branch_false: following ‘false’ branch (when ‘skip_ifdown == 0’)... kexec-tools-2.0.31/kexec/kexec.c:1650:12: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1650:12: branch_false: following ‘false’ branch (when ‘skip_sync == 0’)... kexec-tools-2.0.31/kexec/kexec.c:1653:12: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1653:12: branch_false: following ‘false’ branch (when ‘do_status == 0’)... kexec-tools-2.0.31/kexec/kexec.c:1667:12: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1667:12: branch_true: following ‘true’ branch (when ‘do_load != 0’)... kexec-tools-2.0.31/kexec/kexec.c:1668:14: branch_true: ...to here kexec-tools-2.0.31/kexec/kexec.c:1667:13: branch_false: following ‘false’ branch... kexec-tools-2.0.31/kexec/kexec.c:1669:14: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1668:13: branch_false: following ‘false’ branch... branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1677:12: branch_true: following ‘true’ branch (when ‘do_load != 0’)... kexec-tools-2.0.31/kexec/kexec.c:1677:24: branch_true: ...to here kexec-tools-2.0.31/kexec/kexec.c:1677:13: branch_false: following ‘false’ branch... kexec-tools-2.0.31/kexec/kexec.c:1684:24: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1684:13: branch_false: following ‘false’ branch... branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1689:12: branch_true: following ‘true’ branch... kexec-tools-2.0.31/kexec/kexec.c:1691:29: branch_true: ...to here kexec-tools-2.0.31/kexec/kexec.c:1693:23: call_function: calling ‘slurp_file_len’ from ‘main’ kexec-tools-2.0.31/kexec/kexec.c:1693:23: return_function: returning to ‘main’ from ‘slurp_file_len’ kexec-tools-2.0.31/kexec/kexec.c:1694:20: branch_true: following ‘true’ branch... kexec-tools-2.0.31/kexec/kexec.c:1695:32: branch_true: ...to here kexec-tools-2.0.31/kexec/kexec.c:1695:28: branch_false: following ‘false’ branch... kexec-tools-2.0.31/kexec/kexec.c:1697:40: branch_false: ...to here kexec-tools-2.0.31/kexec/kexec.c:1697:25: danger: ‘slurp_file_len("/sys/kernel/crash_elfcorehdr_size", 7, &nread)’ leaks here; was allocated at [(40)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/39) # 1695| if (buf[nread-1] == '\n') # 1696| buf[nread-1] = '\0'; # 1697|-> elfcorehdrsz = strtoul(buf, &endptr, 0); # 1698| } # 1699| if (!elfcorehdrsz || (endptr && *endptr != '\0'))
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-246.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | kexec-tools-2.0.31-1.fc43 |
| store-results-to | /tmp/tmpmc4t1n22/kexec-tools-2.0.31-1.fc43.tar.xz |
| time-created | 2025-04-25 13:15:13 |
| time-finished | 2025-04-25 13:16:33 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpmc4t1n22/kexec-tools-2.0.31-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpmc4t1n22/kexec-tools-2.0.31-1.fc43.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |