Fixed findings

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-126): [#def1]
libnftnl-1.2.8/src/chain.c:260:24: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
libnftnl-1.2.8/src/chain.c:324:6: enter_function: entry to 'nftnl_chain_set_u8'
libnftnl-1.2.8/src/chain.c:326:9: call_function: calling 'nftnl_chain_set_data' from 'nftnl_chain_set_u8'
#  258|   	case NFTNL_CHAIN_DEVICES:
#  259|   		dev_array = (const char **)data;
#  260|-> 		while (dev_array[len] != NULL)
#  261|   			len++;
#  262|   

Error: GCC_ANALYZER_WARNING (CWE-131): [#def2]
libnftnl-1.2.8/src/chain.c:260:33: warning[-Wanalyzer-allocation-size]: allocated buffer size is not a multiple of the pointee's size
libnftnl-1.2.8/src/chain.c:312:6: enter_function: entry to 'nftnl_chain_set_s32'
libnftnl-1.2.8/src/chain.c:314:9: call_function: calling 'nftnl_chain_set_data' from 'nftnl_chain_set_s32'
#  258|   	case NFTNL_CHAIN_DEVICES:
#  259|   		dev_array = (const char **)data;
#  260|-> 		while (dev_array[len] != NULL)
#  261|   			len++;
#  262|   

Error: GCC_ANALYZER_WARNING (CWE-126): [#def3]
libnftnl-1.2.8/src/chain.c:274:43: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
libnftnl-1.2.8/src/chain.c:312:6: enter_function: entry to 'nftnl_chain_set_s32'
libnftnl-1.2.8/src/chain.c:314:9: call_function: calling 'nftnl_chain_set_data' from 'nftnl_chain_set_s32'
#  272|   
#  273|   		for (i = 0; i < len; i++)
#  274|-> 			c->dev_array[i] = strdup(dev_array[i]);
#  275|   
#  276|   		c->dev_array_len = len;

Error: GCC_ANALYZER_WARNING (CWE-131): [#def4]
libnftnl-1.2.8/src/chain.c:274:59: warning[-Wanalyzer-allocation-size]: allocated buffer size is not a multiple of the pointee's size
libnftnl-1.2.8/src/chain.c:312:6: enter_function: entry to 'nftnl_chain_set_s32'
libnftnl-1.2.8/src/chain.c:314:9: call_function: calling 'nftnl_chain_set_data' from 'nftnl_chain_set_s32'
#  272|   
#  273|   		for (i = 0; i < len; i++)
#  274|-> 			c->dev_array[i] = strdup(dev_array[i]);
#  275|   
#  276|   		c->dev_array_len = len;

Error: GCC_ANALYZER_WARNING (CWE-126): [#def5]
libnftnl-1.2.8/src/flowtable.c:139:24: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
libnftnl-1.2.8/src/flowtable.c:184:6: enter_function: entry to 'nftnl_flowtable_set_s32'
libnftnl-1.2.8/src/flowtable.c:186:9: call_function: calling 'nftnl_flowtable_set_data' from 'nftnl_flowtable_set_s32'
#  137|   	case NFTNL_FLOWTABLE_DEVICES:
#  138|   		dev_array = (const char **)data;
#  139|-> 		while (dev_array[len] != NULL)
#  140|   			len++;
#  141|   

Error: GCC_ANALYZER_WARNING (CWE-131): [#def6]
libnftnl-1.2.8/src/flowtable.c:139:33: warning[-Wanalyzer-allocation-size]: allocated buffer size is not a multiple of the pointee's size
libnftnl-1.2.8/src/flowtable.c:184:6: enter_function: entry to 'nftnl_flowtable_set_s32'
libnftnl-1.2.8/src/flowtable.c:186:9: call_function: calling 'nftnl_flowtable_set_data' from 'nftnl_flowtable_set_s32'
#  137|   	case NFTNL_FLOWTABLE_DEVICES:
#  138|   		dev_array = (const char **)data;
#  139|-> 		while (dev_array[len] != NULL)
#  140|   			len++;
#  141|   

Error: GCC_ANALYZER_WARNING (CWE-126): [#def7]
libnftnl-1.2.8/src/flowtable.c:153:43: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
libnftnl-1.2.8/src/flowtable.c:178:6: enter_function: entry to 'nftnl_flowtable_set_u32'
libnftnl-1.2.8/src/flowtable.c:180:9: call_function: calling 'nftnl_flowtable_set_data' from 'nftnl_flowtable_set_u32'
#  151|   
#  152|   		for (i = 0; i < len; i++)
#  153|-> 			c->dev_array[i] = strdup(dev_array[i]);
#  154|   
#  155|   		c->dev_array_len = len;

Error: GCC_ANALYZER_WARNING (CWE-131): [#def8]
libnftnl-1.2.8/src/flowtable.c:153:59: warning[-Wanalyzer-allocation-size]: allocated buffer size is not a multiple of the pointee's size
libnftnl-1.2.8/src/flowtable.c:184:6: enter_function: entry to 'nftnl_flowtable_set_s32'
libnftnl-1.2.8/src/flowtable.c:186:9: call_function: calling 'nftnl_flowtable_set_data' from 'nftnl_flowtable_set_s32'
#  151|   
#  152|   		for (i = 0; i < len; i++)
#  153|-> 			c->dev_array[i] = strdup(dev_array[i]);
#  154|   
#  155|   		c->dev_array_len = len;

Scan Properties

analyzer-version-clippy	1.86.0
analyzer-version-cppcheck	2.17.1
analyzer-version-gcc	15.0.1
analyzer-version-gcc-analyzer	15.0.1
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.86.0
diffbase-analyzer-version-cppcheck	2.17.1
diffbase-analyzer-version-gcc	15.0.1
diffbase-analyzer-version-gcc-analyzer	15.0.1
diffbase-analyzer-version-shellcheck	0.10.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-176.us-west-2.compute.internal
diffbase-known-false-positives	/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpm	known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch
diffbase-mock-config	fedora-rawhide-x86_64
diffbase-project-name	libnftnl-1.2.9-1.fc43
diffbase-store-results-to	/tmp/tmpigd0xjso/libnftnl-1.2.9-1.fc43.tar.xz
diffbase-time-created	2025-04-25 14:03:27
diffbase-time-finished	2025-04-25 14:04:37
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpigd0xjso/libnftnl-1.2.9-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpigd0xjso/libnftnl-1.2.9-1.fc43.src.rpm'
diffbase-tool-version	csmock-3.8.1.20250422.172604.g26bc3d6-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-176.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	libnftnl-1.2.8-4.fc42
store-results-to	/tmp/tmpndxl07xx/libnftnl-1.2.8-4.fc42.tar.xz
time-created	2025-04-25 14:01:46
time-finished	2025-04-25 14:03:17
title	Fixed findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpndxl07xx/libnftnl-1.2.8-4.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpndxl07xx/libnftnl-1.2.8-4.fc42.src.rpm'
tool-version	csmock-3.8.1.20250422.172604.g26bc3d6-1.el9