Error: GCC_ANALYZER_WARNING (CWE-401): [#def1] libnftnl-1.2.9/src/../include/linux_list.h:83:9: warning[-Wanalyzer-malloc-leak]: leak of 'nftnl_set_elem_alloc()' libnftnl-1.2.9/src/set_elem.c:478:12: enter_function: entry to 'nftnl_set_elems_parse2' libnftnl-1.2.9/src/set_elem.c:484:13: call_function: calling 'nftnl_set_elem_alloc' from 'nftnl_set_elems_parse2' libnftnl-1.2.9/src/set_elem.c:484:13: return_function: returning to 'nftnl_set_elems_parse2' from 'nftnl_set_elem_alloc' libnftnl-1.2.9/src/set_elem.c:485:12: branch_false: following 'false' branch... libnftnl-1.2.9/src/set_elem.c:488:15: branch_false: ...to here libnftnl-1.2.9/src/set_elem.c:489:12: branch_false: following 'false' branch... libnftnl-1.2.9/src/set_elem.c:492:13: branch_false: ...to here libnftnl-1.2.9/src/set_elem.c:492:12: branch_false: following 'false' branch... libnftnl-1.2.9/src/set_elem.c:497:13: branch_false: ...to here libnftnl-1.2.9/src/set_elem.c:497:12: branch_false: following 'false' branch... libnftnl-1.2.9/src/set_elem.c:501:13: branch_false: ...to here libnftnl-1.2.9/src/set_elem.c:501:12: branch_false: following 'false' branch... libnftnl-1.2.9/src/set_elem.c:505:13: branch_false: ...to here libnftnl-1.2.9/src/set_elem.c:505:12: branch_false: following 'false' branch... libnftnl-1.2.9/src/set_elem.c:511:13: branch_false: ...to here libnftnl-1.2.9/src/set_elem.c:511:12: branch_false: following 'false' branch... libnftnl-1.2.9/src/set_elem.c:518:13: branch_false: ...to here libnftnl-1.2.9/src/set_elem.c:518:12: branch_false: following 'false' branch... libnftnl-1.2.9/src/set_elem.c:535:13: branch_false: ...to here libnftnl-1.2.9/src/set_elem.c:535:12: branch_false: following 'false' branch... libnftnl-1.2.9/src/set_elem.c:545:20: branch_false: ...to here libnftnl-1.2.9/src/set_elem.c:545:19: branch_false: following 'false' branch... libnftnl-1.2.9/src/set_elem.c:563:13: branch_false: ...to here libnftnl-1.2.9/src/set_elem.c:563:12: branch_false: following 'false' branch... libnftnl-1.2.9/src/set_elem.c:579:13: branch_false: ...to here libnftnl-1.2.9/src/set_elem.c:579:12: branch_false: following 'false' branch... libnftnl-1.2.9/src/set_elem.c:589:9: branch_false: ...to here libnftnl-1.2.9/src/set_elem.c:589:9: call_function: inlined call to 'list_add_tail' from 'nftnl_set_elems_parse2' # 81| new->next = next; # 82| new->prev = prev; # 83|-> prev->next = new; # 84| } # 85| Error: GCC_ANALYZER_WARNING (CWE-126): [#def2] libnftnl-1.2.9/src/chain.c:212:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/chain.c:291:6: enter_function: entry to 'nftnl_chain_set_u8' libnftnl-1.2.9/src/chain.c:293:9: call_function: calling 'nftnl_chain_set_data' from 'nftnl_chain_set_u8' # 210| attr, data, data_len); # 211| case NFTNL_CHAIN_HOOKNUM: # 212|-> memcpy(&c->hooknum, data, sizeof(c->hooknum)); # 213| break; # 214| case NFTNL_CHAIN_PRIO: Error: GCC_ANALYZER_WARNING (CWE-126): [#def3] libnftnl-1.2.9/src/chain.c:215:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/chain.c:291:6: enter_function: entry to 'nftnl_chain_set_u8' libnftnl-1.2.9/src/chain.c:293:9: call_function: calling 'nftnl_chain_set_data' from 'nftnl_chain_set_u8' # 213| break; # 214| case NFTNL_CHAIN_PRIO: # 215|-> memcpy(&c->prio, data, sizeof(c->prio)); # 216| break; # 217| case NFTNL_CHAIN_POLICY: Error: GCC_ANALYZER_WARNING (CWE-126): [#def4] libnftnl-1.2.9/src/chain.c:218:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/chain.c:291:6: enter_function: entry to 'nftnl_chain_set_u8' libnftnl-1.2.9/src/chain.c:293:9: call_function: calling 'nftnl_chain_set_data' from 'nftnl_chain_set_u8' # 216| break; # 217| case NFTNL_CHAIN_POLICY: # 218|-> memcpy(&c->policy, data, sizeof(c->policy)); # 219| break; # 220| case NFTNL_CHAIN_USE: Error: GCC_ANALYZER_WARNING (CWE-126): [#def5] libnftnl-1.2.9/src/chain.c:221:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/chain.c:291:6: enter_function: entry to 'nftnl_chain_set_u8' libnftnl-1.2.9/src/chain.c:293:9: call_function: calling 'nftnl_chain_set_data' from 'nftnl_chain_set_u8' # 219| break; # 220| case NFTNL_CHAIN_USE: # 221|-> memcpy(&c->use, data, sizeof(c->use)); # 222| break; # 223| case NFTNL_CHAIN_BYTES: Error: GCC_ANALYZER_WARNING (CWE-126): [#def6] libnftnl-1.2.9/src/chain.c:224:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/chain.c:273:6: enter_function: entry to 'nftnl_chain_set_u32' libnftnl-1.2.9/src/chain.c:275:9: call_function: calling 'nftnl_chain_set_data' from 'nftnl_chain_set_u32' # 222| break; # 223| case NFTNL_CHAIN_BYTES: # 224|-> memcpy(&c->bytes, data, sizeof(c->bytes)); # 225| break; # 226| case NFTNL_CHAIN_PACKETS: Error: GCC_ANALYZER_WARNING (CWE-126): [#def7] libnftnl-1.2.9/src/chain.c:227:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/chain.c:279:6: enter_function: entry to 'nftnl_chain_set_s32' libnftnl-1.2.9/src/chain.c:281:9: call_function: calling 'nftnl_chain_set_data' from 'nftnl_chain_set_s32' # 225| break; # 226| case NFTNL_CHAIN_PACKETS: # 227|-> memcpy(&c->packets, data, sizeof(c->packets)); # 228| break; # 229| case NFTNL_CHAIN_HANDLE: Error: GCC_ANALYZER_WARNING (CWE-126): [#def8] libnftnl-1.2.9/src/chain.c:230:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/chain.c:279:6: enter_function: entry to 'nftnl_chain_set_s32' libnftnl-1.2.9/src/chain.c:281:9: call_function: calling 'nftnl_chain_set_data' from 'nftnl_chain_set_s32' # 228| break; # 229| case NFTNL_CHAIN_HANDLE: # 230|-> memcpy(&c->handle, data, sizeof(c->handle)); # 231| break; # 232| case NFTNL_CHAIN_FAMILY: Error: GCC_ANALYZER_WARNING (CWE-126): [#def9] libnftnl-1.2.9/src/chain.c:233:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/chain.c:291:6: enter_function: entry to 'nftnl_chain_set_u8' libnftnl-1.2.9/src/chain.c:293:9: call_function: calling 'nftnl_chain_set_data' from 'nftnl_chain_set_u8' # 231| break; # 232| case NFTNL_CHAIN_FAMILY: # 233|-> memcpy(&c->family, data, sizeof(c->family)); # 234| break; # 235| case NFTNL_CHAIN_TYPE: Error: GCC_ANALYZER_WARNING (CWE-126): [#def10] libnftnl-1.2.9/src/chain.c:246:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/chain.c:291:6: enter_function: entry to 'nftnl_chain_set_u8' libnftnl-1.2.9/src/chain.c:293:9: call_function: calling 'nftnl_chain_set_data' from 'nftnl_chain_set_u8' # 244| break; # 245| case NFTNL_CHAIN_FLAGS: # 246|-> memcpy(&c->chain_flags, data, sizeof(c->chain_flags)); # 247| break; # 248| case NFTNL_CHAIN_ID: Error: GCC_ANALYZER_WARNING (CWE-126): [#def11] libnftnl-1.2.9/src/chain.c:249:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/chain.c:291:6: enter_function: entry to 'nftnl_chain_set_u8' libnftnl-1.2.9/src/chain.c:293:9: call_function: calling 'nftnl_chain_set_data' from 'nftnl_chain_set_u8' # 247| break; # 248| case NFTNL_CHAIN_ID: # 249|-> memcpy(&c->chain_id, data, sizeof(c->chain_id)); # 250| break; # 251| case NFTNL_CHAIN_USERDATA: Error: CPPCHECK_WARNING (CWE-457): [#def12] libnftnl-1.2.9/src/chain.c:1027: error[uninitvar]: Uninitialized variable: c # 1025| # 1026| hlist_for_each_entry(c, n, &chain_list->name_hash[key], hnode) { # 1027|-> if (!strcmp(chain, c->name)) # 1028| return c; # 1029| } Error: CPPCHECK_WARNING (CWE-758): [#def13] libnftnl-1.2.9/src/expr/data_reg.c:144: error[overlappingWriteUnion]: Overlapping read/write of union is undefined behavior # 142| if (type) # 143| *type = DATA_VERDICT; # 144|-> data->len = sizeof(data->verdict); # 145| break; # 146| case NFT_JUMP: Error: GCC_ANALYZER_WARNING (CWE-126): [#def14] libnftnl-1.2.9/src/flowtable.c:134:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/flowtable.c:154:6: enter_function: entry to 'nftnl_flowtable_set_s32' libnftnl-1.2.9/src/flowtable.c:156:9: call_function: calling 'nftnl_flowtable_set_data' from 'nftnl_flowtable_set_s32' # 132| break; # 133| case NFTNL_FLOWTABLE_HANDLE: # 134|-> memcpy(&c->handle, data, sizeof(c->handle)); # 135| break; # 136| } Error: GCC_ANALYZER_WARNING (CWE-126): [#def15] libnftnl-1.2.9/src/object.c:119:28: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/object.c:167:5: enter_function: entry to 'nftnl_obj_set_u8' libnftnl-1.2.9/src/object.c:169:16: call_function: calling 'nftnl_obj_set_data' from 'nftnl_obj_set_u8' # 117| attr, data, data_len); # 118| case NFTNL_OBJ_TYPE: # 119|-> obj->ops = nftnl_obj_ops_lookup(*((uint32_t *)data)); # 120| if (!obj->ops) # 121| return -1; Error: GCC_ANALYZER_WARNING (CWE-126): [#def16] libnftnl-1.2.9/src/object.c:124:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/object.c:173:5: enter_function: entry to 'nftnl_obj_set_u16' libnftnl-1.2.9/src/object.c:175:16: call_function: calling 'nftnl_obj_set_data' from 'nftnl_obj_set_u16' # 122| break; # 123| case NFTNL_OBJ_FAMILY: # 124|-> memcpy(&obj->family, data, sizeof(obj->family)); # 125| break; # 126| case NFTNL_OBJ_USE: Error: GCC_ANALYZER_WARNING (CWE-126): [#def17] libnftnl-1.2.9/src/object.c:127:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/object.c:173:5: enter_function: entry to 'nftnl_obj_set_u16' libnftnl-1.2.9/src/object.c:175:16: call_function: calling 'nftnl_obj_set_data' from 'nftnl_obj_set_u16' # 125| break; # 126| case NFTNL_OBJ_USE: # 127|-> memcpy(&obj->use, data, sizeof(obj->use)); # 128| break; # 129| case NFTNL_OBJ_HANDLE: Error: GCC_ANALYZER_WARNING (CWE-126): [#def18] libnftnl-1.2.9/src/object.c:130:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/object.c:179:5: enter_function: entry to 'nftnl_obj_set_u32' libnftnl-1.2.9/src/object.c:181:16: call_function: calling 'nftnl_obj_set_data' from 'nftnl_obj_set_u32' # 128| break; # 129| case NFTNL_OBJ_HANDLE: # 130|-> memcpy(&obj->handle, data, sizeof(obj->handle)); # 131| break; # 132| case NFTNL_OBJ_USERDATA: Error: GCC_ANALYZER_WARNING (CWE-126): [#def19] libnftnl-1.2.9/src/rule.c:120:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/rule.c:163:6: enter_function: entry to 'nftnl_rule_set_u32' libnftnl-1.2.9/src/rule.c:165:9: call_function: calling 'nftnl_rule_set_data' from 'nftnl_rule_set_u32' # 118| attr, data, data_len); # 119| case NFTNL_RULE_HANDLE: # 120|-> memcpy(&r->handle, data, sizeof(r->handle)); # 121| break; # 122| case NFTNL_RULE_COMPAT_PROTO: Error: GCC_ANALYZER_WARNING (CWE-126): [#def20] libnftnl-1.2.9/src/rule.c:132:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/rule.c:163:6: enter_function: entry to 'nftnl_rule_set_u32' libnftnl-1.2.9/src/rule.c:165:9: call_function: calling 'nftnl_rule_set_data' from 'nftnl_rule_set_u32' # 130| break; # 131| case NFTNL_RULE_POSITION: # 132|-> memcpy(&r->position, data, sizeof(r->position)); # 133| break; # 134| case NFTNL_RULE_USERDATA: Error: GCC_ANALYZER_WARNING (CWE-126): [#def21] libnftnl-1.2.9/src/set.c:151:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/set.c:232:6: enter_function: entry to 'nftnl_set_set_u32' libnftnl-1.2.9/src/set.c:234:9: call_function: calling 'nftnl_set_set_data' from 'nftnl_set_set_u32' # 149| attr, data, data_len); # 150| case NFTNL_SET_HANDLE: # 151|-> memcpy(&s->handle, data, sizeof(s->handle)); # 152| break; # 153| case NFTNL_SET_FLAGS: Error: GCC_ANALYZER_WARNING (CWE-126): [#def22] libnftnl-1.2.9/src/set.c:196:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/set.c:232:6: enter_function: entry to 'nftnl_set_set_u32' libnftnl-1.2.9/src/set.c:234:9: call_function: calling 'nftnl_set_set_data' from 'nftnl_set_set_u32' # 194| break; # 195| case NFTNL_SET_TIMEOUT: # 196|-> memcpy(&s->timeout, data, sizeof(s->timeout)); # 197| break; # 198| case NFTNL_SET_GC_INTERVAL: Error: CPPCHECK_WARNING (CWE-457): [#def23] libnftnl-1.2.9/src/set.c:1029: error[uninitvar]: Uninitialized variable: s # 1027| # 1028| hlist_for_each_entry(s, n, &set_list->name_hash[key], hnode) { # 1029|-> if (!strcmp(set, s->name)) # 1030| return s; # 1031| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def24] libnftnl-1.2.9/src/set_elem.c:261:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' # 259| uint32_t size, val; # 260| # 261|-> memcpy(&val, nftnl_set_elem_get(s, attr, &size), sizeof(val)); # 262| # 263| return val; Error: GCC_ANALYZER_WARNING (CWE-476): [#def25] libnftnl-1.2.9/src/set_elem.c:272:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' # 270| uint64_t val; # 271| # 272|-> memcpy(&val, nftnl_set_elem_get(s, attr, &size), sizeof(val)); # 273| # 274| return val; Error: GCC_ANALYZER_WARNING (CWE-401): [#def26] libnftnl-1.2.9/src/str_array.c:60:20: warning[-Wanalyzer-malloc-leak]: leak of 'strdup(mnl_attr_get_str(attr))' libnftnl-1.2.9/src/str_array.c:42:5: enter_function: entry to 'nftnl_parse_devs' libnftnl-1.2.9/src/str_array.c:53:9: call_function: calling 'nftnl_str_array_clear' from 'nftnl_parse_devs' libnftnl-1.2.9/src/str_array.c:53:9: return_function: returning to 'nftnl_parse_devs' from 'nftnl_str_array_clear' libnftnl-1.2.9/src/str_array.c:55:12: branch_false: following 'false' branch... libnftnl-1.2.9/src/str_array.c:58:9: branch_false: ...to here libnftnl-1.2.9/src/str_array.c:58:9: branch_true: following 'true' branch... libnftnl-1.2.9/src/str_array.c:59:38: branch_true: ...to here libnftnl-1.2.9/src/str_array.c:59:38: acquire_memory: allocated here libnftnl-1.2.9/src/str_array.c:60:20: danger: 'strdup(mnl_attr_get_str(attr))' leaks here; was allocated at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10) # 58| mnl_attr_for_each_nested(attr, nest) { # 59| sa->array[sa->len] = strdup(mnl_attr_get_str(attr)); # 60|-> if (!sa->array[sa->len]) { # 61| nftnl_str_array_clear(sa); # 62| return -1; Error: GCC_ANALYZER_WARNING (CWE-126): [#def27] libnftnl-1.2.9/src/table.c:106:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/table.c:154:6: enter_function: entry to 'nftnl_table_set_u8' libnftnl-1.2.9/src/table.c:156:9: call_function: calling 'nftnl_table_set_data' from 'nftnl_table_set_u8' # 104| attr, data, data_len); # 105| case NFTNL_TABLE_HANDLE: # 106|-> memcpy(&t->handle, data, sizeof(t->handle)); # 107| break; # 108| case NFTNL_TABLE_FLAGS: Error: GCC_ANALYZER_WARNING (CWE-126): [#def28] libnftnl-1.2.9/src/table.c:109:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/table.c:154:6: enter_function: entry to 'nftnl_table_set_u8' libnftnl-1.2.9/src/table.c:156:9: call_function: calling 'nftnl_table_set_data' from 'nftnl_table_set_u8' # 107| break; # 108| case NFTNL_TABLE_FLAGS: # 109|-> memcpy(&t->table_flags, data, sizeof(t->table_flags)); # 110| break; # 111| case NFTNL_TABLE_FAMILY: Error: GCC_ANALYZER_WARNING (CWE-126): [#def29] libnftnl-1.2.9/src/table.c:112:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/table.c:154:6: enter_function: entry to 'nftnl_table_set_u8' libnftnl-1.2.9/src/table.c:156:9: call_function: calling 'nftnl_table_set_data' from 'nftnl_table_set_u8' # 110| break; # 111| case NFTNL_TABLE_FAMILY: # 112|-> memcpy(&t->family, data, sizeof(t->family)); # 113| break; # 114| case NFTNL_TABLE_USE: Error: GCC_ANALYZER_WARNING (CWE-126): [#def30] libnftnl-1.2.9/src/table.c:115:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/table.c:154:6: enter_function: entry to 'nftnl_table_set_u8' libnftnl-1.2.9/src/table.c:156:9: call_function: calling 'nftnl_table_set_data' from 'nftnl_table_set_u8' # 113| break; # 114| case NFTNL_TABLE_USE: # 115|-> memcpy(&t->use, data, sizeof(t->use)); # 116| break; # 117| case NFTNL_TABLE_USERDATA: Error: GCC_ANALYZER_WARNING (CWE-126): [#def31] libnftnl-1.2.9/src/table.c:128:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read libnftnl-1.2.9/src/table.c:154:6: enter_function: entry to 'nftnl_table_set_u8' libnftnl-1.2.9/src/table.c:156:9: call_function: calling 'nftnl_table_set_data' from 'nftnl_table_set_u8' # 126| break; # 127| case NFTNL_TABLE_OWNER: # 128|-> memcpy(&t->owner, data, sizeof(t->owner)); # 129| break; # 130| } Error: CPPCHECK_WARNING (CWE-476): [#def32] libnftnl-1.2.9/src/udata.c:85: warning[nullPointer]: Possible null pointer dereference: value # 83| attr->len = len; # 84| attr->type = type; # 85|-> memcpy(attr->value, value, len); # 86| # 87| buf->end = (char *)nftnl_udata_next(attr);
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-176.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | libnftnl-1.2.9-1.fc43 |
| store-results-to | /tmp/tmpigd0xjso/libnftnl-1.2.9-1.fc43.tar.xz |
| time-created | 2025-04-25 14:03:27 |
| time-finished | 2025-04-25 14:04:37 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpigd0xjso/libnftnl-1.2.9-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpigd0xjso/libnftnl-1.2.9-1.fc43.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |