Error: SHELLCHECK_WARNING (CWE-563): [#def1] /usr/bin/libpng16-config:16:1: warning[SC2034]: exec_prefix appears unused. Verify use (or export if used externally). # 14| version=`pkg-config --modversion libpng` # 15| prefix=`pkg-config --variable prefix libpng` # 16|-> exec_prefix=`pkg-config --variable exec_prefix libpng` # 17| libdir=`pkg-config --variable libdir libpng` # 18| includedir=`pkg-config --variable includedir libpng` Error: CPPCHECK_WARNING (CWE-476): [#def2] libpng-1.6.47/contrib/libtests/pngimage.c:469: warning[nullPointerOutOfResources]: If resource allocation fails, then there is a possible null pointer dereference: fp # 467| { # 468| size_t r = fread(last->buffer+count, 1/*size*/, # 469|-> (sizeof last->buffer)-count, fp); # 470| # 471| if (r > 0) Error: CPPCHECK_WARNING (CWE-476): [#def3] libpng-1.6.47/contrib/libtests/pngimage.c:808: warning[nullPointerOutOfResources]: If resource allocation fails, then there is a possible null pointer dereference: fp # 806| ret = buffer_from_file(&dp->original_file, fp); # 807| # 808|-> fclose(fp); # 809| # 810| if (ret != 0) Error: GCC_ANALYZER_WARNING (CWE-775): [#def4] libpng-1.6.47/contrib/libtests/timepng.c:273:10: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(name, "rb")’ libpng-1.6.47/contrib/libtests/timepng.c:361:5: enter_function: entry to ‘main’ libpng-1.6.47/contrib/libtests/timepng.c:454:10: branch_false: following ‘false’ branch... branch_false: ...to here libpng-1.6.47/contrib/libtests/timepng.c:509:7: branch_false: following ‘false’ branch... libpng-1.6.47/contrib/libtests/timepng.c:512:12: branch_false: ...to here libpng-1.6.47/contrib/libtests/timepng.c:512:12: branch_true: following ‘true’ branch (when ‘argc > 1’)... branch_true: ...to here libpng-1.6.47/contrib/libtests/timepng.c:516:17: branch_true: following ‘true’ branch (when ‘argc > i’)... libpng-1.6.47/contrib/libtests/timepng.c:518:13: branch_true: ...to here libpng-1.6.47/contrib/libtests/timepng.c:518:13: branch_false: following ‘false’ branch (when ‘nfiles != 2147483647’)... libpng-1.6.47/contrib/libtests/timepng.c:524:40: branch_false: ...to here libpng-1.6.47/contrib/libtests/timepng.c:524:19: call_function: calling ‘add_one_file’ from ‘main’ # 271| fpos_t pos; # 272| # 273|-> if (fgetpos(fp, &pos)) # 274| { # 275| /* Fatal error reading the start: */ Error: GCC_ANALYZER_WARNING (CWE-401): [#def5] libpng-1.6.47/contrib/libtests/timepng.c:273:10: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(name, "rb")’ libpng-1.6.47/contrib/libtests/timepng.c:361:5: enter_function: entry to ‘main’ libpng-1.6.47/contrib/libtests/timepng.c:454:10: branch_false: following ‘false’ branch... branch_false: ...to here libpng-1.6.47/contrib/libtests/timepng.c:509:7: branch_false: following ‘false’ branch... libpng-1.6.47/contrib/libtests/timepng.c:512:12: branch_false: ...to here libpng-1.6.47/contrib/libtests/timepng.c:512:12: branch_true: following ‘true’ branch (when ‘argc > 1’)... branch_true: ...to here libpng-1.6.47/contrib/libtests/timepng.c:516:17: branch_true: following ‘true’ branch (when ‘argc > i’)... libpng-1.6.47/contrib/libtests/timepng.c:518:13: branch_true: ...to here libpng-1.6.47/contrib/libtests/timepng.c:518:13: branch_false: following ‘false’ branch (when ‘nfiles != 2147483647’)... libpng-1.6.47/contrib/libtests/timepng.c:524:40: branch_false: ...to here libpng-1.6.47/contrib/libtests/timepng.c:524:19: call_function: calling ‘add_one_file’ from ‘main’ # 271| fpos_t pos; # 272| # 273|-> if (fgetpos(fp, &pos)) # 274| { # 275| /* Fatal error reading the start: */ Error: GCC_ANALYZER_WARNING (CWE-775): [#def6] libpng-1.6.47/contrib/libtests/timepng.c:399:16: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(argv[2], "rb")’ libpng-1.6.47/contrib/libtests/timepng.c:370:7: branch_true: following ‘true’ branch (when ‘argc > 2’)... libpng-1.6.47/contrib/libtests/timepng.c:370:20: branch_true: ...to here libpng-1.6.47/contrib/libtests/timepng.c:370:8: branch_false: following ‘false’ branch (when the strings are non-equal)... libpng-1.6.47/contrib/libtests/timepng.c:387:12: branch_false: ...to here libpng-1.6.47/contrib/libtests/timepng.c:387:12: branch_true: following ‘true’ branch... libpng-1.6.47/contrib/libtests/timepng.c:389:12: acquire_resource: opened here libpng-1.6.47/contrib/libtests/timepng.c:391:10: branch_false: following ‘false’ branch... libpng-1.6.47/contrib/libtests/timepng.c:399:16: branch_false: ...to here libpng-1.6.47/contrib/libtests/timepng.c:399:16: danger: ‘fopen(argv[2], "rb")’ leaks here; was opened at [(7)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/6) # 397| } # 398| # 399|-> nfiles = atoi(argv[3]); # 400| if (nfiles <= 0) # 401| { Error: GCC_ANALYZER_WARNING (CWE-401): [#def7] libpng-1.6.47/contrib/libtests/timepng.c:399:16: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(argv[2], "rb")’ libpng-1.6.47/contrib/libtests/timepng.c:370:7: branch_true: following ‘true’ branch (when ‘argc > 2’)... libpng-1.6.47/contrib/libtests/timepng.c:370:20: branch_true: ...to here libpng-1.6.47/contrib/libtests/timepng.c:370:8: branch_false: following ‘false’ branch (when the strings are non-equal)... libpng-1.6.47/contrib/libtests/timepng.c:387:12: branch_false: ...to here libpng-1.6.47/contrib/libtests/timepng.c:387:12: branch_true: following ‘true’ branch... libpng-1.6.47/contrib/libtests/timepng.c:389:12: acquire_memory: allocated here libpng-1.6.47/contrib/libtests/timepng.c:391:10: branch_false: following ‘false’ branch... libpng-1.6.47/contrib/libtests/timepng.c:399:16: branch_false: ...to here libpng-1.6.47/contrib/libtests/timepng.c:399:16: danger: ‘fopen(argv[2], "rb")’ leaks here; was allocated at [(7)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/6) # 397| } # 398| # 399|-> nfiles = atoi(argv[3]); # 400| if (nfiles <= 0) # 401| { Error: GCC_ANALYZER_WARNING (CWE-126): [#def8] libpng-1.6.47/contrib/tools/pngcp.c:718:54: warning[-Wanalyzer-out-of-bounds]: buffer over-read libpng-1.6.47/contrib/tools/pngcp.c:2338:1: enter_function: entry to ‘main’ libpng-1.6.47/contrib/tools/pngcp.c:2377:13: branch_false: following ‘false’ branch (when ‘i >= argc’)... libpng-1.6.47/contrib/tools/pngcp.c:2384:16: branch_false: ...to here libpng-1.6.47/contrib/tools/pngcp.c:2384:16: call_function: calling ‘cppng’ from ‘main’ # 716| # 717| for (j=0; j<option_count; ++j) # 718|-> if (strncmp(options[j].name, opt, len) == 0 && options[j].name[len] == 0) # 719| return j; # 720|
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-121.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | libpng-1.6.47-1.fc43 |
| store-results-to | /tmp/tmpodcvdu6t/libpng-1.6.47-1.fc43.tar.xz |
| time-created | 2025-04-25 14:09:23 |
| time-finished | 2025-04-25 14:11:13 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpodcvdu6t/libpng-1.6.47-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpodcvdu6t/libpng-1.6.47-1.fc43.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |