libburn-1.5.6-6.fc43

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-688): [#def1]
libburn-1.5.6/cdrskin/cdrskin.c:2370:2: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘*hargv’ where non-null expected
libburn-1.5.6/cdrskin/cdrskin.c:2341:4: branch_false: following ‘false’ branch (when ‘hargv’ is non-NULL)...
libburn-1.5.6/cdrskin/cdrskin.c:2343:19: branch_false: ...to here
libburn-1.5.6/cdrskin/cdrskin.c:2343:12: acquire_memory: this call could return NULL
libburn-1.5.6/cdrskin/cdrskin.c:2344:4: branch_false: following ‘false’ branch...
libburn-1.5.6/cdrskin/cdrskin.c:2346:4: branch_false: ...to here
libburn-1.5.6/cdrskin/cdrskin.c:2370:2: danger: argument 1 (‘*hargv’) from [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) could be NULL where non-null expected
# 2368|      fprintf(stderr,"cdrskin: --------------------------------------------------------------------\n");
# 2369|    }
# 2370|->  execvp(hargv[0], hargv);
# 2371|   failure:;
# 2372|    fprintf(stderr,"cdrskin: FATAL : Cannot start fallback program '%s'\n",

Error: GCC_ANALYZER_WARNING (CWE-476): [#def2]
libburn-1.5.6/cdrskin/cdrskin.c:4064:7: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘skin’
libburn-1.5.6/cdrskin/cdrskin.c:9912:5: enter_function: entry to ‘main’
libburn-1.5.6/cdrskin/cdrskin.c:9916:18: release_memory: ‘skin’ is NULL
libburn-1.5.6/cdrskin/cdrskin.c:9930:4: branch_false: following ‘false’ branch (when ‘i >= argc’)...
libburn-1.5.6/cdrskin/cdrskin.c:9936:2: branch_false: ...to here
libburn-1.5.6/cdrskin/cdrskin.c:9940:7: call_function: calling ‘Cdrpreskin_new’ from ‘main’
libburn-1.5.6/cdrskin/cdrskin.c:9940:7: return_function: returning to ‘main’ from ‘Cdrpreskin_new’
libburn-1.5.6/cdrskin/cdrskin.c:9941:4: branch_true: following ‘true’ branch...
libburn-1.5.6/cdrskin/cdrskin.c:9942:4: branch_true: ...to here
libburn-1.5.6/cdrskin/cdrskin.c:9994:5: call_function: inlined call to ‘Cdrskin__is_aborting’ from ‘main’
libburn-1.5.6/cdrskin/cdrskin.c:9994:4: branch_true: following ‘true’ branch...
libburn-1.5.6/cdrskin/cdrskin.c:9995:4: branch_true: ...to here
libburn-1.5.6/cdrskin/cdrskin.c:9995:4: release_memory: ‘skin’ is NULL
libburn-1.5.6/cdrskin/cdrskin.c:9995:4: call_function: calling ‘Cdrskin_abort’ from ‘main’
# 4062|   
# 4063|    Cdrskin_abort_leveL= 1;
# 4064|->  ret= burn_abort(skin->abort_max_wait, burn_abort_pacifier, "cdrskin: ");
# 4065|    if(ret<=0) {
# 4066|      fprintf(stderr,

Error: GCC_ANALYZER_WARNING (CWE-457): [#def3]
libburn-1.5.6/cdrskin/cdrskin.c:4181:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘drive’
libburn-1.5.6/cdrskin/cdrskin.c:9738:5: enter_function: entry to ‘Cdrskin_run’
libburn-1.5.6/cdrskin/cdrskin.c:9756:4: branch_false: following ‘false’ branch...
libburn-1.5.6/cdrskin/cdrskin.c:9768:5: branch_false: ...to here
libburn-1.5.6/cdrskin/cdrskin.c:9768:4: branch_false: following ‘false’ branch...
libburn-1.5.6/cdrskin/cdrskin.c:9778:5: branch_false: ...to here
libburn-1.5.6/cdrskin/cdrskin.c:9778:4: branch_false: following ‘false’ branch...
libburn-1.5.6/cdrskin/cdrskin.c:9795:5: branch_false: ...to here
libburn-1.5.6/cdrskin/cdrskin.c:9795:4: branch_false: following ‘false’ branch...
libburn-1.5.6/cdrskin/cdrskin.c:9801:5: branch_false: ...to here
libburn-1.5.6/cdrskin/cdrskin.c:9810:4: branch_false: following ‘false’ branch...
libburn-1.5.6/cdrskin/cdrskin.c:9820:5: branch_false: ...to here
libburn-1.5.6/cdrskin/cdrskin.c:9847:4: branch_false: following ‘false’ branch...
libburn-1.5.6/cdrskin/cdrskin.c:9856:5: branch_false: ...to here
libburn-1.5.6/cdrskin/cdrskin.c:9865:4: branch_false: following ‘false’ branch...
libburn-1.5.6/cdrskin/cdrskin.c:9874:5: branch_false: ...to here
libburn-1.5.6/cdrskin/cdrskin.c:9874:4: branch_false: following ‘false’ branch...
libburn-1.5.6/cdrskin/cdrskin.c:9882:5: branch_false: ...to here
libburn-1.5.6/cdrskin/cdrskin.c:9883:6: branch_false: following ‘false’ branch...
libburn-1.5.6/cdrskin/cdrskin.c:9885:7: call_function: inlined call to ‘Cdrskin__is_aborting’ from ‘Cdrskin_run’
libburn-1.5.6/cdrskin/cdrskin.c:9885:6: branch_false: following ‘false’ branch...
libburn-1.5.6/cdrskin/cdrskin.c:9887:9: branch_false: ...to here
libburn-1.5.6/cdrskin/cdrskin.c:9887:9: call_function: calling ‘Cdrskin_burn’ from ‘Cdrskin_run’
# 4179|      mem= skin->drive_is_busy;
# 4180|      skin->drive_is_busy= 2;
# 4181|->    ret= burn_drive_grab(drive,(skin->do_load != -1) && !(flag&2));
# 4182|      skin->drive_is_busy= mem;
# 4183|      if(Cdrskin__is_aborting(0))

Error: COMPILER_WARNING: [#def4]
libburn-1.5.6/cdrskin/cdrskin.c: scope_hint: In function ‘Cdrskin_driveno_to_btldev’
libburn-1.5.6/cdrskin/cdrskin.c:4464:26: warning[-Wformat-overflow=]: ‘%s’ directive writing up to 1023 bytes into a region of size 1018
# 4464 |    sprintf(btldev,"stdio:%s",adr);
#      |                          ^~  ~~~
/usr/include/bits/stdio2.h:30:10: note: ‘__sprintf_chk’ output between 7 and 1030 bytes into a destination of size 1024
#   30 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   31 |                                   __glibc_objsize (__s), __fmt,
#      |                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   32 |                                   __va_arg_pack ());
#      |                                   ~~~~~~~~~~~~~~~~~
# 4462|    ret= burn_drive_get_drive_role(skin->drives[driveno].drive);
# 4463|    if(ret!=1) {
# 4464|->    sprintf(btldev,"stdio:%s",adr);
# 4465|      {ret= 2; goto adr_translation;}
# 4466|    }

Error: GCC_ANALYZER_WARNING: [#def5]
libburn-1.5.6/cdrskin/cdrskin.c:9933:4: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘1’
libburn-1.5.6/cdrskin/cdrskin.c:9930:4: branch_true: following ‘true’ branch (when ‘i < argc’)...
libburn-1.5.6/cdrskin/cdrskin.c:9931:15: branch_true: ...to here
libburn-1.5.6/cdrskin/cdrskin.c:9932:4: release_resource: closed here
libburn-1.5.6/cdrskin/cdrskin.c:9933:4: danger: ‘1’ could be invalid
# 9931|      result_fd= dup(1);
# 9932|      close(1);
# 9933|->    dup2(2,1);
# 9934|    }
# 9935|    

Error: CPPCHECK_WARNING (CWE-476): [#def6]
libburn-1.5.6/libburn/async.c:186: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: a
#  184|   
#  185|   	a = calloc(1, sizeof(struct w_list));
#  186|-> 	a->w_type = w_type;
#  187|   	a->drive = d;
#  188|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def7]
libburn-1.5.6/libburn/async.c:186:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'a'
libburn-1.5.6/libburn/async.c:185:13: acquire_memory: this call could return NULL
libburn-1.5.6/libburn/async.c:186:9: danger: 'a' could be NULL: unchecked value from [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  184|   
#  185|   	a = calloc(1, sizeof(struct w_list));
#  186|-> 	a->w_type = w_type;
#  187|   	a->drive = d;
#  188|   

Error: CPPCHECK_WARNING (CWE-476): [#def8]
libburn-1.5.6/libburn/async.c:187: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: a
#  185|   	a = calloc(1, sizeof(struct w_list));
#  186|   	a->w_type = w_type;
#  187|-> 	a->drive = d;
#  188|   
#  189|   	a->u = *data;

Error: CPPCHECK_WARNING (CWE-476): [#def9]
libburn-1.5.6/libburn/async.c:189: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: a
#  187|   	a->drive = d;
#  188|   
#  189|-> 	a->u = *data;
#  190|   
#  191|   	burn_async_manage_lock(BURN_ASYNC_LOCK_INIT);

Error: CPPCHECK_WARNING (CWE-476): [#def10]
libburn-1.5.6/libburn/async.c:194: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: a
#  192|   
#  193|   	/* insert at front of the list */
#  194|-> 	a->next = workers;
#  195|   	tmp = workers;
#  196|   	workers = a;

Error: CPPCHECK_WARNING (CWE-758): [#def11]
libburn-1.5.6/libburn/crc.c:308: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  306|   	inv_acc = 0; 
#  307|   	for (i = 0; i < 32; i++)
#  308|-> 		if (acc & (1 << i))
#  309|   			inv_acc |= 1 << (31 - i);
#  310|   	return inv_acc;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def12]
libburn-1.5.6/libburn/file.c:145:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'fd2'
libburn-1.5.6/libburn/file.c:127:12: branch_false: following 'false' branch (when 'path' is non-NULL)...
libburn-1.5.6/libburn/file.c:129:15: branch_false: ...to here
libburn-1.5.6/libburn/file.c:130:12: branch_false: following 'false' branch...
libburn-1.5.6/libburn/file.c:132:12: branch_false: ...to here
libburn-1.5.6/libburn/file.c:132:12: branch_true: following 'true' branch (when 'subpath' is non-NULL)...
libburn-1.5.6/libburn/file.c:133:23: branch_true: ...to here
libburn-1.5.6/libburn/file.c:133:23: acquire_resource: opened here
libburn-1.5.6/libburn/file.c:134:20: branch_false: following 'false' branch...
libburn-1.5.6/libburn/file.c:139:14: branch_false: ...to here
libburn-1.5.6/libburn/file.c:142:12: branch_true: following 'true' branch (when 'fs' is NULL)...
libburn-1.5.6/libburn/file.c:143:1: branch_true: ...to here
libburn-1.5.6/libburn/file.c:145:20: branch_false: following 'false' branch (when 'fd2 < 0')...
libburn-1.5.6/libburn/file.c:147:24: branch_false: ...to here
libburn-1.5.6/libburn/file.c:145:20: danger: 'fd2' leaks here; was opened at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  143|   failure:;
#  144|   		close(fd1);
#  145|-> 		if (fd2 >= 0)
#  146|   			close(fd2);
#  147|   		return NULL;

Error: CPPCHECK_WARNING (CWE-457): [#def13]
libburn-1.5.6/libburn/file.c:378: error[uninitvar]: Uninitialized variable: fs->thread_handle
#  376|   
#  377|   	fs->thread_handle= &thread_handle_storage;
#  378|-> 	*((pthread_t *) fs->thread_handle)= pthread_self();
#  379|   	fs->thread_pid = getpid();
#  380|   	fs->thread_is_valid = 1;

Error: CPPCHECK_WARNING (CWE-457): [#def14]
libburn-1.5.6/libburn/mmc.c:1059: warning[uninitvar]: Uninitialized variable: asc
# 1057|   		    (d->progress.buffer_capacity == 0 ||
# 1058|   		     start < (int) d->progress.buffer_capacity / 2048) &&
# 1059|-> 		    key == 5 && asc == 0x64 && ascq == 0) {
# 1060|   			if (d->write_opts->write_type == BURN_WRITE_TAO) {
# 1061|   				d->was_feat21h_failure = 1 + (start == 0);

Error: CPPCHECK_WARNING (CWE-457): [#def15]
libburn-1.5.6/libburn/mmc.c:1059: warning[uninitvar]: Uninitialized variable: ascq
# 1057|   		    (d->progress.buffer_capacity == 0 ||
# 1058|   		     start < (int) d->progress.buffer_capacity / 2048) &&
# 1059|-> 		    key == 5 && asc == 0x64 && ascq == 0) {
# 1060|   			if (d->write_opts->write_type == BURN_WRITE_TAO) {
# 1061|   				d->was_feat21h_failure = 1 + (start == 0);

Error: CPPCHECK_WARNING (CWE-457): [#def16]
libburn-1.5.6/libburn/mmc.c:1059: warning[uninitvar]: Uninitialized variable: key
# 1057|   		    (d->progress.buffer_capacity == 0 ||
# 1058|   		     start < (int) d->progress.buffer_capacity / 2048) &&
# 1059|-> 		    key == 5 && asc == 0x64 && ascq == 0) {
# 1060|   			if (d->write_opts->write_type == BURN_WRITE_TAO) {
# 1061|   				d->was_feat21h_failure = 1 + (start == 0);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def17]
libburn-1.5.6/libburn/mmc.c:4756:41: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
libburn-1.5.6/libburn/mmc.c:4624:12: branch_false: following 'false' branch...
libburn-1.5.6/libburn/mmc.c:4637:21: branch_false: ...to here
libburn-1.5.6/libburn/mmc.c:4739:21: branch_false: following 'false' branch...
libburn-1.5.6/libburn/mmc.c:4746:17: branch_false: ...to here
libburn-1.5.6/libburn/mmc.c:4747:20: branch_true: following 'true' branch...
libburn-1.5.6/libburn/mmc.c:4748:28: branch_true: following 'true' branch...
libburn-1.5.6/libburn/mmc.c:4749:36: branch_true: following 'true' branch...
libburn-1.5.6/libburn/mmc.c:4751:56: branch_true: ...to here
libburn-1.5.6/libburn/mmc.c:4756:41: danger: out-of-bounds write from byte 34 till byte 38 but 'isrc_text' ends at byte 34
# 4754|   					isrc_text[3] = isrc->owner[1];
# 4755|   					isrc_text[4] = isrc->owner[2];
# 4756|-> 					sprintf(isrc_text + 5, "%-2.2u",
# 4757|   						(unsigned int) isrc->year);
# 4758|   					sprintf(isrc_text + 7, "%-5.5u",

Error: GCC_ANALYZER_WARNING (CWE-121): [#def18]
libburn-1.5.6/libburn/mmc.c:4758:41: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
libburn-1.5.6/libburn/mmc.c:4624:12: branch_false: following 'false' branch...
libburn-1.5.6/libburn/mmc.c:4637:21: branch_false: ...to here
libburn-1.5.6/libburn/mmc.c:4739:21: branch_false: following 'false' branch...
libburn-1.5.6/libburn/mmc.c:4746:17: branch_false: ...to here
libburn-1.5.6/libburn/mmc.c:4747:20: branch_true: following 'true' branch...
libburn-1.5.6/libburn/mmc.c:4748:28: branch_true: following 'true' branch...
libburn-1.5.6/libburn/mmc.c:4749:36: branch_true: following 'true' branch...
libburn-1.5.6/libburn/mmc.c:4751:56: branch_true: ...to here
libburn-1.5.6/libburn/mmc.c:4758:41: danger: out-of-bounds write from byte 34 till byte 40 but 'isrc_text' ends at byte 34
# 4756|   					sprintf(isrc_text + 5, "%-2.2u",
# 4757|   						(unsigned int) isrc->year);
# 4758|-> 					sprintf(isrc_text + 7, "%-5.5u",
# 4759|   						isrc->serial);
# 4760|   					isrc_text[12]= 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def19]
libburn-1.5.6/libburn/mmc.c:4961:9: warning[-Wanalyzer-malloc-leak]: leak of 'reply'
libburn-1.5.6/libburn/mmc.c:5309:5: enter_function: entry to 'mmc_get_bd_spare_info'
libburn-1.5.6/libburn/mmc.c:5319:15: call_function: calling 'mmc_read_disc_structure' from 'mmc_get_bd_spare_info'
# 4959|   	BURN_ALLOC_MEM(buf, struct buffer, 1);
# 4960|   	BURN_ALLOC_MEM(c, struct command, 1);
# 4961|-> 	*reply = NULL;
# 4962|   	*reply_len = 0;
# 4963|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def20]
libburn-1.5.6/libburn/mmc.c:5266:15: warning[-Wanalyzer-null-dereference]: dereference of NULL 'reply'
libburn-1.5.6/libburn/mmc.c:5126:5: enter_function: entry to 'mmc_get_media_product_id'
libburn-1.5.6/libburn/mmc.c:5132:15: release_memory: 'reply' is NULL
libburn-1.5.6/libburn/mmc.c:5140:53: release_memory: 'reply' is NULL
libburn-1.5.6/libburn/mmc.c:5140:38: release_memory: 'reply' is NULL
libburn-1.5.6/libburn/mmc.c:5140:23: release_memory: 'reply' is NULL
libburn-1.5.6/libburn/mmc.c:5140:9: release_memory: 'reply' is NULL
libburn-1.5.6/libburn/mmc.c:5210:23: call_function: calling 'mmc_read_disc_structure' from 'mmc_get_media_product_id'
libburn-1.5.6/libburn/mmc.c:5210:23: return_function: returning to 'mmc_get_media_product_id' from 'mmc_read_disc_structure'
libburn-1.5.6/libburn/mmc.c:5212:20: branch_false: following 'false' branch...
libburn-1.5.6/libburn/mmc.c:5218:21: branch_false: ...to here
libburn-1.5.6/libburn/mmc.c:5218:21: release_memory: 'reply' is NULL
libburn-1.5.6/libburn/mmc.c:5218:20: branch_false: following 'false' branch...
libburn-1.5.6/libburn/mmc.c:5220:17: branch_false: ...to here
libburn-1.5.6/libburn/mmc.c:5221:23: call_function: calling 'mmc_read_disc_structure' from 'mmc_get_media_product_id'
libburn-1.5.6/libburn/mmc.c:5221:23: return_function: returning to 'mmc_get_media_product_id' from 'mmc_read_disc_structure'
libburn-1.5.6/libburn/mmc.c:5223:20: branch_true: following 'true' branch...
libburn-1.5.6/libburn/mmc.c:5259:13: branch_true: ...to here
libburn-1.5.6/libburn/mmc.c:5259:13: release_memory: 'reply' is NULL
libburn-1.5.6/libburn/mmc.c:5259:12: branch_false: following 'false' branch...
libburn-1.5.6/libburn/mmc.c:5261:9: branch_false: ...to here
libburn-1.5.6/libburn/mmc.c:5262:15: call_function: calling 'mmc_read_disc_structure' from 'mmc_get_media_product_id'
libburn-1.5.6/libburn/mmc.c:5262:15: return_function: returning to 'mmc_get_media_product_id' from 'mmc_read_disc_structure'
libburn-1.5.6/libburn/mmc.c:5264:12: branch_false: following 'false' branch...
libburn-1.5.6/libburn/mmc.c:5266:15: branch_false: ...to here
libburn-1.5.6/libburn/mmc.c:5266:15: release_memory: 'reply' is NULL
libburn-1.5.6/libburn/mmc.c:5266:15: danger: dereference of NULL 'reply'
# 5264|   	if (ret <= 0)
# 5265|   		goto ex;
# 5266|-> 	bt = (reply[0] >> 4) & 0xf;
# 5267|   	*book_type = calloc(80 + strlen(books[bt]), 1);
# 5268|   	if (*book_type == NULL) {

Error: CPPCHECK_WARNING (CWE-476): [#def21]
libburn-1.5.6/libburn/null.c:28: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: src
#   26|   
#   27|   	src = calloc(1, sizeof(struct burn_source));
#   28|-> 	src->refcount = 1;
#   29|   	src->read = null_read;
#   30|   	src->read_sub = NULL;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def22]
libburn-1.5.6/libburn/null.c:28:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'src'
libburn-1.5.6/libburn/null.c:27:15: acquire_memory: this call could return NULL
libburn-1.5.6/libburn/null.c:28:9: danger: 'src' could be NULL: unchecked value from [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   26|   
#   27|   	src = calloc(1, sizeof(struct burn_source));
#   28|-> 	src->refcount = 1;
#   29|   	src->read = null_read;
#   30|   	src->read_sub = NULL;

Error: CPPCHECK_WARNING (CWE-476): [#def23]
libburn-1.5.6/libburn/null.c:29: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: src
#   27|   	src = calloc(1, sizeof(struct burn_source));
#   28|   	src->refcount = 1;
#   29|-> 	src->read = null_read;
#   30|   	src->read_sub = NULL;
#   31|   

Error: CPPCHECK_WARNING (CWE-476): [#def24]
libburn-1.5.6/libburn/null.c:30: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: src
#   28|   	src->refcount = 1;
#   29|   	src->read = null_read;
#   30|-> 	src->read_sub = NULL;
#   31|   
#   32|   	src->get_size = 0;

Error: CPPCHECK_WARNING (CWE-476): [#def25]
libburn-1.5.6/libburn/null.c:32: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: src
#   30|   	src->read_sub = NULL;
#   31|   
#   32|-> 	src->get_size = 0;
#   33|   
#   34|   	/* ts A70126 */

Error: CPPCHECK_WARNING (CWE-476): [#def26]
libburn-1.5.6/libburn/null.c:35: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: src
#   33|   
#   34|   	/* ts A70126 */
#   35|-> 	src->set_size = NULL;
#   36|   
#   37|   	src->free_data = NULL;

Error: CPPCHECK_WARNING (CWE-476): [#def27]
libburn-1.5.6/libburn/null.c:37: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: src
#   35|   	src->set_size = NULL;
#   36|   
#   37|-> 	src->free_data = NULL;
#   38|   	src->data = NULL;
#   39|   	return src;

Error: CPPCHECK_WARNING (CWE-476): [#def28]
libburn-1.5.6/libburn/null.c:38: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: src
#   36|   
#   37|   	src->free_data = NULL;
#   38|-> 	src->data = NULL;
#   39|   	return src;
#   40|   }

Error: CPPCHECK_WARNING (CWE-476): [#def29]
libburn-1.5.6/libburn/options.c:118: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: opts
#  116|   
#  117|   	opts = calloc(1, sizeof(struct burn_read_opts));
#  118|-> 	opts->drive = drive;
#  119|   	opts->refcount = 1;
#  120|   	opts->raw = 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def30]
libburn-1.5.6/libburn/options.c:118:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL 'opts'
libburn-1.5.6/libburn/options.c:117:16: acquire_memory: this call could return NULL
libburn-1.5.6/libburn/options.c:118:9: danger: 'opts' could be NULL: unchecked value from [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  116|   
#  117|   	opts = calloc(1, sizeof(struct burn_read_opts));
#  118|-> 	opts->drive = drive;
#  119|   	opts->refcount = 1;
#  120|   	opts->raw = 0;

Error: CPPCHECK_WARNING (CWE-476): [#def31]
libburn-1.5.6/libburn/options.c:119: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: opts
#  117|   	opts = calloc(1, sizeof(struct burn_read_opts));
#  118|   	opts->drive = drive;
#  119|-> 	opts->refcount = 1;
#  120|   	opts->raw = 0;
#  121|   	opts->c2errors = 0;

Error: CPPCHECK_WARNING (CWE-476): [#def32]
libburn-1.5.6/libburn/options.c:120: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: opts
#  118|   	opts->drive = drive;
#  119|   	opts->refcount = 1;
#  120|-> 	opts->raw = 0;
#  121|   	opts->c2errors = 0;
#  122|   	opts->subcodes_audio = 0;

Error: CPPCHECK_WARNING (CWE-476): [#def33]
libburn-1.5.6/libburn/options.c:121: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: opts
#  119|   	opts->refcount = 1;
#  120|   	opts->raw = 0;
#  121|-> 	opts->c2errors = 0;
#  122|   	opts->subcodes_audio = 0;
#  123|   	opts->subcodes_data = 0;

Error: CPPCHECK_WARNING (CWE-476): [#def34]
libburn-1.5.6/libburn/options.c:122: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: opts
#  120|   	opts->raw = 0;
#  121|   	opts->c2errors = 0;
#  122|-> 	opts->subcodes_audio = 0;
#  123|   	opts->subcodes_data = 0;
#  124|   	opts->hardware_error_recovery = 0;

Error: CPPCHECK_WARNING (CWE-476): [#def35]
libburn-1.5.6/libburn/options.c:123: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: opts
#  121|   	opts->c2errors = 0;
#  122|   	opts->subcodes_audio = 0;
#  123|-> 	opts->subcodes_data = 0;
#  124|   	opts->hardware_error_recovery = 0;
#  125|   	opts->report_recovered_errors = 0;

Error: CPPCHECK_WARNING (CWE-476): [#def36]
libburn-1.5.6/libburn/options.c:124: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: opts
#  122|   	opts->subcodes_audio = 0;
#  123|   	opts->subcodes_data = 0;
#  124|-> 	opts->hardware_error_recovery = 0;
#  125|   	opts->report_recovered_errors = 0;
#  126|   	opts->transfer_damaged_blocks = 0;

Error: CPPCHECK_WARNING (CWE-476): [#def37]
libburn-1.5.6/libburn/options.c:125: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: opts
#  123|   	opts->subcodes_data = 0;
#  124|   	opts->hardware_error_recovery = 0;
#  125|-> 	opts->report_recovered_errors = 0;
#  126|   	opts->transfer_damaged_blocks = 0;
#  127|   	opts->hardware_error_retries = 3;

Error: CPPCHECK_WARNING (CWE-476): [#def38]
libburn-1.5.6/libburn/options.c:126: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: opts
#  124|   	opts->hardware_error_recovery = 0;
#  125|   	opts->report_recovered_errors = 0;
#  126|-> 	opts->transfer_damaged_blocks = 0;
#  127|   	opts->hardware_error_retries = 3;
#  128|   	opts->dap_bit = 0;

Error: CPPCHECK_WARNING (CWE-476): [#def39]
libburn-1.5.6/libburn/options.c:127: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: opts
#  125|   	opts->report_recovered_errors = 0;
#  126|   	opts->transfer_damaged_blocks = 0;
#  127|-> 	opts->hardware_error_retries = 3;
#  128|   	opts->dap_bit = 0;
#  129|   

Error: CPPCHECK_WARNING (CWE-476): [#def40]
libburn-1.5.6/libburn/options.c:128: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: opts
#  126|   	opts->transfer_damaged_blocks = 0;
#  127|   	opts->hardware_error_retries = 3;
#  128|-> 	opts->dap_bit = 0;
#  129|   
#  130|   	return opts;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def41]
libburn-1.5.6/libburn/sg-linux.c:728:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'sg_open_drive_fd(fname, (flag & 1) + 1)'
libburn-1.5.6/libburn/sg-linux.c:1754:5: enter_function: entry to 'scsi_enumerate_drives'
libburn-1.5.6/libburn/sg-linux.c:1759:15: call_function: calling 'single_enumerate' from 'scsi_enumerate_drives'
#  726|   	   of Linux kernels. Possibly introduced 2002.
#  727|   	   Mentioned in "The Linux SCSI Generic (sg) HOWTO" */
#  728|-> 	if(burn_sg_open_o_excl)
#  729|   		open_mode |= O_EXCL;
#  730|   	/* ts A60813

Error: GCC_ANALYZER_WARNING (CWE-688): [#def42]
libburn-1.5.6/libburn/sg-linux.c:2184:25: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'fp' where non-null expected
libburn-1.5.6/libburn/sg-linux.c:2167:9: branch_false: following 'false' branch...
libburn-1.5.6/libburn/sg-linux.c:2169:9: branch_false: ...to here
libburn-1.5.6/libburn/sg-linux.c:2181:12: branch_true: following 'true' branch...
libburn-1.5.6/libburn/sg-linux.c:2182:21: branch_true: ...to here
libburn-1.5.6/libburn/sg-linux.c:2182:20: branch_true: following 'true' branch...
libburn-1.5.6/libburn/sg-linux.c:2183:29: branch_true: ...to here
libburn-1.5.6/libburn/sg-linux.c:2183:29: acquire_memory: this call could return NULL
libburn-1.5.6/libburn/sg-linux.c:2184:25: danger: argument 4 ('fopen("/tmp/libburn_sg_command_log", "a")') from [(7)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/6) could be NULL where non-null expected
#argument 4 of '__builtin_fwrite' must be non-null
# 2182|   		if (fp == NULL) {
# 2183|   			fp= fopen("/tmp/libburn_sg_command_log", "a");
# 2184|-> 			fprintf(fp,
# 2185|   			    "\n-----------------------------------------\n");
# 2186|   		}

Error: COMPILER_WARNING: [#def43]
libburn-1.5.6/libburn/spc.c:1678:16: warning[-Wstringop-overflow=]: 'scsi_error_msg' accessing 161 bytes in a region of size 160
# 1678 |         resp = scsi_error_msg(d, sense, senselen, msg, &key, &asc, &ascq);
#      |                ^
libburn-1.5.6/libburn/spc.c:1678:16: note: referencing argument 4 of type 'char[161]'
libburn-1.5.6/libburn/spc.c: scope_hint: In function 'sg_issue_command'
libburn-1.5.6/libburn/spc.c:1267:15: note: in a call to function 'scsi_error_msg'
# 1267 | enum response scsi_error_msg(struct burn_drive *d, unsigned char *sense,
#      |               ^
# 1676|   
# 1677|   	BURN_ALLOC_MEM(msg, char, 160);
# 1678|-> 	resp = scsi_error_msg(d, sense, senselen, msg, &key, &asc, &ascq);
# 1679|   ex:;
# 1680|   	if (ret == -1)

Error: COMPILER_WARNING: [#def44]
libburn-1.5.6/libburn/spc.c: scope_hint: In function 'scsi_notify_error.isra'
libburn-1.5.6/libburn/spc.c:1843:9: warning[-Wstringop-overflow=]: 'scsi_error_msg' accessing 161 bytes in a region of size 160
# 1843 |         scsi_error_msg(d, sense, senselen, scsi_msg, &key, &asc, &ascq);
#      |         ^
libburn-1.5.6/libburn/spc.c:1843:9: note: referencing argument 4 of type 'char[161]'
libburn-1.5.6/libburn/spc.c:1267:15: note: in a call to function 'scsi_error_msg'
# 1267 | enum response scsi_error_msg(struct burn_drive *d, unsigned char *sense,
#      |               ^
# 1841|   	BURN_ALLOC_MEM(msg, char, 320);
# 1842|   	BURN_ALLOC_MEM(scsi_msg, char, 160);
# 1843|-> 	scsi_error_msg(d, sense, senselen, scsi_msg, &key, &asc, &ascq);
# 1844|   
# 1845|   	if (!(flag & 1)) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def45]
libburn-1.5.6/libburn/spc.c:1954:40: warning[-Wanalyzer-null-dereference]: dereference of NULL 'data'
libburn-1.5.6/libburn/spc.c:2109:5: enter_function: entry to 'scsi_eval_cmd_outcome'
libburn-1.5.6/libburn/spc.c:2118:12: branch_true: following 'true' branch...
libburn-1.5.6/libburn/spc.c:2120:34: branch_true: ...to here
libburn-1.5.6/libburn/spc.c:2119:17: call_function: calling 'scsi_log_err' from 'scsi_eval_cmd_outcome'
# 1952|   	fprintf(fp, "From drive: %db\n", dxfer_len);
# 1953|   	for (i = 0; i < dxfer_len; i++)
# 1954|-> 		fprintf(fp, "%2.2x%c", data[i],
# 1955|   			((i % 20) == 19 ? '\n' : ' '));
# 1956|   	if (i % 20)

Error: CPPCHECK_WARNING (CWE-476): [#def46]
libburn-1.5.6/libburn/write.c:598: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: e
#  596|   	d->toc_entry = calloc(d->toc_entries, sizeof(struct burn_toc_entry));
#  597|   	e = d->toc_entry;
#  598|-> 	e[0].point = 0xA0;
#  599|   	if (tar[0]->mode & BURN_AUDIO)
#  600|   		e[0].control = TOC_CONTROL_AUDIO;

Error: CPPCHECK_WARNING (CWE-476): [#def47]
libburn-1.5.6/libburn/write.c:603: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: e
#  601|   	else
#  602|   		e[0].control = TOC_CONTROL_DATA;
#  603|-> 	e[0].pmin = session->firsttrack;
#  604|   	e[0].psec = o->format;
#  605|   	e[0].adr = 1;

Error: CPPCHECK_WARNING (CWE-476): [#def48]
libburn-1.5.6/libburn/write.c:604: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: e
#  602|   		e[0].control = TOC_CONTROL_DATA;
#  603|   	e[0].pmin = session->firsttrack;
#  604|-> 	e[0].psec = o->format;
#  605|   	e[0].adr = 1;
#  606|   	e[1].point = 0xA1;

Error: CPPCHECK_WARNING (CWE-476): [#def49]
libburn-1.5.6/libburn/write.c:605: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: e
#  603|   	e[0].pmin = session->firsttrack;
#  604|   	e[0].psec = o->format;
#  605|-> 	e[0].adr = 1;
#  606|   	e[1].point = 0xA1;
#  607|   	e[1].pmin = session->lasttrack;

Error: CPPCHECK_WARNING (CWE-476): [#def50]
libburn-1.5.6/libburn/write.c:606: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: e
#  604|   	e[0].psec = o->format;
#  605|   	e[0].adr = 1;
#  606|-> 	e[1].point = 0xA1;
#  607|   	e[1].pmin = session->lasttrack;
#  608|   	e[1].adr = 1;

Error: CPPCHECK_WARNING (CWE-476): [#def51]
libburn-1.5.6/libburn/write.c:607: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: e
#  605|   	e[0].adr = 1;
#  606|   	e[1].point = 0xA1;
#  607|-> 	e[1].pmin = session->lasttrack;
#  608|   	e[1].adr = 1;
#  609|   	if (tar[ntr - 1]->mode & BURN_AUDIO)

Error: CPPCHECK_WARNING (CWE-476): [#def52]
libburn-1.5.6/libburn/write.c:608: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: e
#  606|   	e[1].point = 0xA1;
#  607|   	e[1].pmin = session->lasttrack;
#  608|-> 	e[1].adr = 1;
#  609|   	if (tar[ntr - 1]->mode & BURN_AUDIO)
#  610|   		e[1].control = TOC_CONTROL_AUDIO;

Error: CPPCHECK_WARNING (CWE-476): [#def53]
libburn-1.5.6/libburn/write.c:613: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: e
#  611|   	else
#  612|   		e[1].control = TOC_CONTROL_DATA;
#  613|-> 	e[2].point = 0xA2;
#  614|   	e[2].control = e[1].control;
#  615|   	e[2].adr = 1;

Error: CPPCHECK_WARNING (CWE-476): [#def54]
libburn-1.5.6/libburn/write.c:614: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: e
#  612|   		e[1].control = TOC_CONTROL_DATA;
#  613|   	e[2].point = 0xA2;
#  614|-> 	e[2].control = e[1].control;
#  615|   	e[2].adr = 1;
#  616|   

Error: CPPCHECK_WARNING (CWE-476): [#def55]
libburn-1.5.6/libburn/write.c:615: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: e
#  613|   	e[2].point = 0xA2;
#  614|   	e[2].control = e[1].control;
#  615|-> 	e[2].adr = 1;
#  616|   
#  617|   	tar[0]->pregap2 = 1;

Scan Properties

analyzer-version-clippy1.86.0
analyzer-version-cppcheck2.17.1
analyzer-version-gcc15.0.1
analyzer-version-gcc-analyzer15.0.1
analyzer-version-shellcheck0.10.0
analyzer-version-unicontrol0.0.2
enabled-pluginsclippy, cppcheck, gcc, shellcheck, unicontrol
exit-code0
hostip-172-16-1-41.us-west-2.compute.internal
known-false-positives/usr/share/csmock/known-false-positives.js
known-false-positives-rpmknown-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch
mock-configfedora-rawhide-x86_64
project-namelibburn-1.5.6-6.fc43
store-results-to/tmp/tmpw6rq_u7_/libburn-1.5.6-6.fc43.tar.xz
time-created2025-04-25 14:00:08
time-finished2025-04-25 14:02:03
toolcsmock
tool-args'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpw6rq_u7_/libburn-1.5.6-6.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpw6rq_u7_/libburn-1.5.6-6.fc43.src.rpm'
tool-versioncsmock-3.8.1.20250422.172604.g26bc3d6-1.el9