Error: CPPCHECK_WARNING (CWE-562): [#def1] libnice-0.1.22/agent/agent.c:4587: error[autoVariables]: Address of local auto-variable assigned to a function parameter. # 4585| if (message->from == NULL) { # 4586| nice_address_init (&from); # 4587|-> message->from = &from; # 4588| } # 4589| Error: GCC_ANALYZER_WARNING (CWE-476): [#def2] libnice-0.1.22/redhat-linux-build/../stun/debug.c:100:3: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘bytes’ libnice-0.1.22/redhat-linux-build/../stun/debug.c:96:6: branch_false: following ‘false’ branch... libnice-0.1.22/redhat-linux-build/../stun/debug.c:99:36: branch_false: ...to here libnice-0.1.22/redhat-linux-build/../stun/debug.c:99:11: acquire_memory: this call could return NULL libnice-0.1.22/redhat-linux-build/../stun/debug.c:100:3: danger: ‘bytes’ could be NULL: unchecked value from [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) # 98| # 99| bytes = malloc (prefix_len + 2 + (len * 2) + 1); # 100|-> bytes[0] = 0; # 101| strcpy (bytes, prefix); # 102| strcpy (bytes + prefix_len, "0x"); Error: GCC_ANALYZER_WARNING (CWE-479): [#def3] libnice-0.1.22/redhat-linux-build/../stun/tools/stund.c:282:3: warning[-Wanalyzer-unsafe-call-within-signal-handler]: call to ‘exit’ from within signal handler libnice-0.1.22/redhat-linux-build/../stun/tools/stund.c:286:5: enter_function: entry to ‘main’ libnice-0.1.22/redhat-linux-build/../stun/tools/stund.c:279:13: enter_function: entry to ‘exit_handler’ libnice-0.1.22/redhat-linux-build/../stun/tools/stund.c:282:3: danger: call to ‘exit’ from within signal handler # 280| { # 281| (void)signum; # 282|-> exit (0); # 283| } # 284| Error: CPPCHECK_WARNING (CWE-476): [#def4] libnice-0.1.22/stun/debug.c:100: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: bytes # 98| # 99| bytes = malloc (prefix_len + 2 + (len * 2) + 1); # 100|-> bytes[0] = 0; # 101| strcpy (bytes, prefix); # 102| strcpy (bytes + prefix_len, "0x"); Error: CPPCHECK_WARNING (CWE-476): [#def5] libnice-0.1.22/stun/debug.c:101: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: bytes # 99| bytes = malloc (prefix_len + 2 + (len * 2) + 1); # 100| bytes[0] = 0; # 101|-> strcpy (bytes, prefix); # 102| strcpy (bytes + prefix_len, "0x"); # 103| Error: CPPCHECK_WARNING (CWE-682): [#def6] libnice-0.1.22/stun/debug.c:102: error[nullPointerArithmeticOutOfMemory]: If memory allocation fail: pointer addition with NULL pointer. # 100| bytes[0] = 0; # 101| strcpy (bytes, prefix); # 102|-> strcpy (bytes + prefix_len, "0x"); # 103| # 104| j = bytes + prefix_len + 2; Error: CPPCHECK_WARNING (CWE-682): [#def7] libnice-0.1.22/stun/debug.c:104: error[nullPointerArithmeticOutOfMemory]: If memory allocation fail: pointer addition with NULL pointer. # 102| strcpy (bytes + prefix_len, "0x"); # 103| # 104|-> j = bytes + prefix_len + 2; # 105| for (i = 0; i < len; i++) { # 106| k = ((const unsigned char *)data)[i]; Error: CPPCHECK_WARNING (CWE-476): [#def8] libnice-0.1.22/stun/usages/bind.c:236: warning[nullPointer]: Possible null pointer dereference: srv # 234| # 235| tr->dstlen = srvlen; # 236|-> memcpy (&tr->dst, srv, srvlen); # 237| # 238| return STUN_USAGE_TRANS_RETURN_SUCCESS; Error: CPPCHECK_WARNING (CWE-476): [#def9] libnice-0.1.22/stun/usages/ice.c:116: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: buf # 114| assert (attribute_len >= identifier_len); # 115| buf = malloc(attribute_len); # 116|-> memset(buf, 0, attribute_len); # 117| memcpy(buf, candidate_identifier, identifier_len); # 118| Error: CPPCHECK_WARNING (CWE-476): [#def10] libnice-0.1.22/stun/usages/ice.c:117: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: buf # 115| buf = malloc(attribute_len); # 116| memset(buf, 0, attribute_len); # 117|-> memcpy(buf, candidate_identifier, identifier_len); # 118| # 119| val = stun_message_append_bytes (msg, STUN_ATTRIBUTE_CANDIDATE_IDENTIFIER, Error: CPPCHECK_WARNING (CWE-457): [#def11] libnice-0.1.22/tests/test-bsd.c:160: error[uninitvar]: Uninitialized variable: &local_out_message # 158| # 159| /* And again with messages. */ # 160|-> g_assert_cmpint (nice_socket_send_messages (sock, &tmp, # 161| &local_out_message, 0), ==, 0); # 162| g_assert_cmpint (nice_socket_send_messages (sock, &tmp, NULL, 0), ==, 0); Error: CPPCHECK_WARNING (CWE-457): [#def12] libnice-0.1.22/tests/test-pseudotcp-fin.c:189: error[legacyUninitvar]: Uninitialized variable: queue # 187| # 188| segment = g_bytes_new (buffer, len); # 189|-> g_queue_push_tail (queue, segment); # 190| # 191| return WR_SUCCESS;
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-144.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | libnice-0.1.22-6.fc43 |
| store-results-to | /tmp/tmprunedi53/libnice-0.1.22-6.fc43.tar.xz |
| time-created | 2025-04-25 14:11:37 |
| time-finished | 2025-04-25 14:14:13 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmprunedi53/libnice-0.1.22-6.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmprunedi53/libnice-0.1.22-6.fc43.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |