Error: GCC_ANALYZER_WARNING (CWE-457): [#def1] libsolv-0.7.32/examples/solv/repoinfo_cache.c:154:7: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘myextcookie’ libsolv-0.7.32/examples/solv/repoinfo_cache.c:86:1: enter_function: entry to ‘usecachedrepo’ libsolv-0.7.32/examples/solv/repoinfo_cache.c:90:56: branch_true: following ‘true’ branch... libsolv-0.7.32/examples/solv/repoinfo_cache.c:90:18: branch_true: ...to here libsolv-0.7.32/examples/solv/repoinfo_cache.c:99:6: branch_true: following ‘true’ branch... libsolv-0.7.32/examples/solv/repoinfo_cache.c:102:17: call_function: calling ‘usecachedrepo’ from ‘usecachedrepo’ # 152| memcpy(cinfo->cookie, mycookie, sizeof(mycookie)); # 153| cinfo->cookieset = 1; # 154|-> memcpy(cinfo->extcookie, myextcookie, sizeof(myextcookie)); # 155| cinfo->extcookieset = 1; # 156| } Error: CPPCHECK_WARNING (CWE-682): [#def2] libsolv-0.7.32/examples/solv/repoinfo_config_yum.c:105: error[nullPointerArithmeticOutOfMemory]: If memory allocation fail: pointer addition with NULL pointer. # 103| } # 104| basearch = strdup(un.machine); # 105|-> if (basearch[0] == 'i' && basearch[1] && !strcmp(basearch + 2, "86")) # 106| basearch[1] = '3'; # 107| } Error: CPPCHECK_WARNING (CWE-476): [#def3] libsolv-0.7.32/examples/solv/repoinfo_config_yum.c:105: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: basearch # 103| } # 104| basearch = strdup(un.machine); # 105|-> if (basearch[0] == 'i' && basearch[1] && !strcmp(basearch + 2, "86")) # 106| basearch[1] = '3'; # 107| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def4] libsolv-0.7.32/examples/solv/repoinfo_config_yum.c:105:19: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘basearch’ libsolv-0.7.32/examples/solv/repoinfo_config_yum.c:71:10: branch_true: following ‘true’ branch (when ‘p2’ is non-NULL)... libsolv-0.7.32/examples/solv/repoinfo_config_yum.c:73:12: branch_true: ...to here libsolv-0.7.32/examples/solv/repoinfo_config_yum.c:73:10: branch_false: following ‘false’ branch... libsolv-0.7.32/examples/solv/repoinfo_config_yum.c:94:12: branch_false: ...to here libsolv-0.7.32/examples/solv/repoinfo_config_yum.c:94:10: branch_true: following ‘true’ branch... libsolv-0.7.32/examples/solv/repoinfo_config_yum.c:96:15: branch_true: ...to here libsolv-0.7.32/examples/solv/repoinfo_config_yum.c:96:14: branch_true: following ‘true’ branch... libsolv-0.7.32/examples/solv/repoinfo_config_yum.c:99:19: branch_true: ...to here libsolv-0.7.32/examples/solv/repoinfo_config_yum.c:99:18: branch_false: following ‘false’ branch... libsolv-0.7.32/examples/solv/repoinfo_config_yum.c:104:26: branch_false: ...to here libsolv-0.7.32/examples/solv/repoinfo_config_yum.c:104:26: acquire_memory: this call could return NULL libsolv-0.7.32/examples/solv/repoinfo_config_yum.c:105:19: danger: ‘strdup(&un.machine)’ could be NULL: unchecked value from [(12)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/11) # 103| } # 104| basearch = strdup(un.machine); # 105|-> if (basearch[0] == 'i' && basearch[1] && !strcmp(basearch + 2, "86")) # 106| basearch[1] = '3'; # 107| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def5] libsolv-0.7.32/examples/solv/repoinfo_type_debian.c:41:11: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘basearch’ libsolv-0.7.32/examples/solv/repoinfo_type_debian.c:32:6: branch_true: following ‘true’ branch... libsolv-0.7.32/examples/solv/repoinfo_type_debian.c:35:11: branch_true: ...to here libsolv-0.7.32/examples/solv/repoinfo_type_debian.c:35:10: branch_false: following ‘false’ branch... libsolv-0.7.32/examples/solv/repoinfo_type_debian.c:40:18: branch_false: ...to here libsolv-0.7.32/examples/solv/repoinfo_type_debian.c:40:18: acquire_memory: this call could return NULL libsolv-0.7.32/examples/solv/repoinfo_type_debian.c:41:11: danger: ‘strdup(&un.machine)’ could be NULL: unchecked value from [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4) # 39| } # 40| basearch = strdup(un.machine); # 41|-> if (basearch[0] == 'i' && basearch[1] && !strcmp(basearch + 2, "86")) # 42| basearch[1] = '3'; # 43| } Error: GCC_ANALYZER_WARNING: [#def6] libsolv-0.7.32/ext/repo_apk.c:262:13: warning[-Wanalyzer-fd-use-without-check]: ‘read’ on possibly invalid file descriptor ‘fd’ libsolv-0.7.32/ext/repo_apk.c:686:1: enter_function: entry to ‘repo_add_apk_repo’ libsolv-0.7.32/ext/repo_apk.c:698:6: branch_false: following ‘false’ branch... libsolv-0.7.32/ext/repo_apk.c:700:3: branch_false: ...to here libsolv-0.7.32/ext/repo_apk.c:702:6: branch_true: following ‘true’ branch... libsolv-0.7.32/ext/repo_apk.c:704:10: branch_true: ...to here libsolv-0.7.32/ext/repo_apk.c:704:9: branch_false: following ‘false’ branch... libsolv-0.7.32/ext/repo_apk.c:706:10: branch_false: ...to here libsolv-0.7.32/ext/repo_apk.c:706:9: branch_true: following ‘true’ branch... libsolv-0.7.32/ext/repo_apk.c:707:15: call_function: calling ‘add_apkv3_idx’ from ‘repo_add_apk_repo’ # 260| r = fread(comp, 2, 1, fp) == 1 ? 2 : feof(fp) ? 0 : -1; # 261| else # 262|-> r = read(fd, comp, 2); # 263| if (r != 2) # 264| return open_apkv3_error(pool, fd, fn, "compression header read error"); Error: GCC_ANALYZER_WARNING (CWE-688): [#def7] libsolv-0.7.32/ext/repo_apk.c:293:11: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘cfp’ where non-null expected libsolv-0.7.32/ext/repo_apk.c:686:1: enter_function: entry to ‘repo_add_apk_repo’ libsolv-0.7.32/ext/repo_apk.c:698:6: branch_false: following ‘false’ branch... libsolv-0.7.32/ext/repo_apk.c:700:3: branch_false: ...to here libsolv-0.7.32/ext/repo_apk.c:702:6: branch_true: following ‘true’ branch... libsolv-0.7.32/ext/repo_apk.c:704:10: branch_true: ...to here libsolv-0.7.32/ext/repo_apk.c:704:9: branch_false: following ‘false’ branch... libsolv-0.7.32/ext/repo_apk.c:706:10: branch_false: ...to here libsolv-0.7.32/ext/repo_apk.c:706:9: branch_true: following ‘true’ branch... libsolv-0.7.32/ext/repo_apk.c:707:15: call_function: calling ‘add_apkv3_idx’ from ‘repo_add_apk_repo’ # 291| if (adbchar != '.') # 292| { # 293|-> if (fread(buf, 4, 1, cfp) != 1 || buf[0] != 'A' || buf[1] != 'D' || buf[2] != 'B' || buf[3] != '.') # 294| { # 295| pool_error(pool, -1, "%s: not an apkv3 file", fn); Error: CPPCHECK_WARNING (CWE-786): [#def8] libsolv-0.7.32/ext/repo_testcase.c:624: error[negativeIndex]: Array 'sp[5]' accessed at index sp[*][-1], which is out of bounds. # 622| /* join back version and release */ # 623| if (sp[2] && !(sp[2][0] == '-' && !sp[2][1])) # 624|-> sp[2][-1] = '-'; # 625| s->evr = pool_str2id(pool, sp[1], 1); # 626| s->arch = strcmp(sp[3], "-") ? pool_str2id(pool, sp[3], 1) : 0; Error: GCC_ANALYZER_WARNING (CWE-688): [#def9] libsolv-0.7.32/ext/repo_zyppdb.c:189:3: warning[-Wanalyzer-null-argument]: use of NULL ‘opendir(dirpath)’ where non-null expected libsolv-0.7.32/ext/repo_zyppdb.c:167:9: acquire_memory: allocated here libsolv-0.7.32/ext/repo_zyppdb.c:168:6: release_memory: assuming ‘opendir(dirpath)’ is NULL libsolv-0.7.32/ext/repo_zyppdb.c:168:6: branch_false: following ‘false’ branch... libsolv-0.7.32/ext/repo_zyppdb.c:189:3: branch_false: ...to here libsolv-0.7.32/ext/repo_zyppdb.c:189:3: danger: argument 1 (‘opendir(dirpath)’) NULL where non-null expected # 187| } # 188| } # 189|-> closedir(dir); # 190| # 191| solv_xmlparser_free(&pd.xmlp); Error: COMPILER_WARNING (CWE-704): [#def10] libsolv-0.7.32/ext/solv_xmlparser.c: scope_hint: In function ‘parse_block’ libsolv-0.7.32/ext/solv_xmlparser.c:282:25: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type # 282 | xmlErrorPtr err = xmlCtxtGetLastError(xmlp->parser); # | ^~~~~~~~~~~~~~~~~~~ # 280| if (xmlParseChunk(xmlp->parser, buf, l, l == 0 ? 1 : 0)) # 281| { # 282|-> xmlErrorPtr err = xmlCtxtGetLastError(xmlp->parser); # 283| set_error(xmlp, err->message, err->line, err->int2); # 284| return 0; Error: COMPILER_WARNING (CWE-704): [#def11] libsolv-0.7.32/ext/solv_xmlparser.c:282:25: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type # 280| if (xmlParseChunk(xmlp->parser, buf, l, l == 0 ? 1 : 0)) # 281| { # 282|-> xmlErrorPtr err = xmlCtxtGetLastError(xmlp->parser); # 283| set_error(xmlp, err->message, err->line, err->int2); # 284| return 0; Error: CPPCHECK_WARNING (CWE-758): [#def12] libsolv-0.7.32/ext/testcase.c:1905: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 1903| } # 1904| # 1905|-> if ((resultflags & ~TESTCASE_RESULT_REUSE_SOLVER) != 0) # 1906| { # 1907| cmd = 0; Error: CPPCHECK_WARNING (CWE-758): [#def13] libsolv-0.7.32/ext/testcase.c:2503: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 2501| { # 2502| if (npieces == 2 && resultflagsp && !strcmp(pieces[1], "reusesolver")) # 2503|-> *resultflagsp |= TESTCASE_RESULT_REUSE_SOLVER; # 2504| break; # 2505| } Error: GCC_ANALYZER_WARNING (CWE-688): [#def14] libsolv-0.7.32/ext/tools_util.h:77:7: warning[-Wanalyzer-null-argument]: use of NULL ‘p’ where non-null expected libsolv-0.7.32/ext/repo_releasefile_products.c:121:1: enter_function: entry to ‘repo_add_releasefile_products’ libsolv-0.7.32/ext/repo_releasefile_products.c:134:6: branch_false: following ‘false’ branch... libsolv-0.7.32/ext/repo_releasefile_products.c:141:3: branch_false: ...to here libsolv-0.7.32/ext/repo_releasefile_products.c:143:10: branch_true: following ‘true’ branch... libsolv-0.7.32/ext/repo_releasefile_products.c:145:24: branch_true: ...to here libsolv-0.7.32/ext/repo_releasefile_products.c:151:22: call_function: calling ‘join2’ from ‘repo_add_releasefile_products’ #argument 1 of ‘__builtin_strcpy’ must be non-null # 75| if (s1) # 76| { # 77|-> strcpy(p, s1); # 78| p += strlen(s1); # 79| } Error: GCC_ANALYZER_WARNING (CWE-688): [#def15] libsolv-0.7.32/ext/tools_util.h:82:7: warning[-Wanalyzer-null-argument]: use of NULL ‘p’ where non-null expected libsolv-0.7.32/ext/repo_releasefile_products.c:121:1: enter_function: entry to ‘repo_add_releasefile_products’ libsolv-0.7.32/ext/repo_releasefile_products.c:134:6: branch_false: following ‘false’ branch... libsolv-0.7.32/ext/repo_releasefile_products.c:141:3: branch_false: ...to here libsolv-0.7.32/ext/repo_releasefile_products.c:143:10: branch_true: following ‘true’ branch... libsolv-0.7.32/ext/repo_releasefile_products.c:145:24: branch_true: ...to here libsolv-0.7.32/ext/repo_releasefile_products.c:151:22: call_function: calling ‘join2’ from ‘repo_add_releasefile_products’ #argument 1 of ‘__builtin_strcpy’ must be non-null # 80| if (s2) # 81| { # 82|-> strcpy(p, s2); # 83| p += strlen(s2); # 84| } Error: CPPCHECK_WARNING (CWE-476): [#def16] libsolv-0.7.32/redhat-linux-build/bindings/perl/solv_perl.c:1359: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: mg->mg_virtual # 1357| mg = mg_find(sv,'U'); # 1358| mg->mg_virtual = (MGVTBL *) malloc(sizeof(MGVTBL)); # 1359|-> mg->mg_virtual->svt_get = (SwigMagicFunc) get; # 1360| mg->mg_virtual->svt_set = (SwigMagicFunc) set; # 1361| mg->mg_virtual->svt_len = 0; Error: CPPCHECK_WARNING (CWE-758): [#def17] libsolv-0.7.32/redhat-linux-build/bindings/perl/solv_perl.c:24719: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour #24717| /*@SWIG:/usr/share/swig/4.3.1/perl5/perltypemaps.swg,67,%set_constant@*/ do { #24718| SV *sv = get_sv((char*) SWIG_prefix "Selection_SELECTION_FILTER_SWAPPED", TRUE | 0x2 | GV_ADDMULTI); #24719|-> sv_setsv(sv, SWIG_From_int SWIG_PERL_CALL_ARGS_1((int)(SELECTION_FILTER_SWAPPED))); #24720| SvREADONLY_on(sv); #24721| } while(0) /*@SWIG@*/; Error: CPPCHECK_WARNING (CWE-457): [#def18] libsolv-0.7.32/redhat-linux-build/bindings/python/solv_python.c:787: warning[uninitvar]: Uninitialized variable: buff # 785| *r = 0; # 786| } # 787|-> return buff; # 788| } # 789| Error: CPPCHECK_WARNING (CWE-476): [#def19] libsolv-0.7.32/redhat-linux-build/bindings/python/solv_python.c:1683: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: data # 1681| SwigPyClientData *data = (SwigPyClientData *)malloc(sizeof(SwigPyClientData)); # 1682| /* the klass element */ # 1683|-> data->klass = obj; # 1684| SWIG_Py_INCREF(data->klass); # 1685| /* the newraw method and newargs arguments used to create a new raw instance */ Error: CPPCHECK_WARNING (CWE-476): [#def20] libsolv-0.7.32/redhat-linux-build/bindings/python/solv_python.c:1684: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: data # 1682| /* the klass element */ # 1683| data->klass = obj; # 1684|-> SWIG_Py_INCREF(data->klass); # 1685| /* the newraw method and newargs arguments used to create a new raw instance */ # 1686| if (PyClass_Check(obj)) { Error: CPPCHECK_WARNING (CWE-758): [#def21] libsolv-0.7.32/redhat-linux-build/bindings/python/solv_python.c:23217: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour #23215| SWIG_Python_SetConstant(d, "Selection_SELECTION_FILTER",SWIG_From_int((int)(SELECTION_FILTER))); #23216| SWIG_Python_SetConstant(d, "Selection_SELECTION_FILTER_KEEP_IFEMPTY",SWIG_From_int((int)(SELECTION_FILTER_KEEP_IFEMPTY))); #23217|-> SWIG_Python_SetConstant(d, "Selection_SELECTION_FILTER_SWAPPED",SWIG_From_int((int)(SELECTION_FILTER_SWAPPED))); #23218| SWIG_Python_SetConstant(d, "Dataiterator_SEARCH_STRING",SWIG_From_int((int)(SEARCH_STRING))); #23219| SWIG_Python_SetConstant(d, "Dataiterator_SEARCH_STRINGSTART",SWIG_From_int((int)(SEARCH_STRINGSTART))); Error: CPPCHECK_WARNING (CWE-476): [#def22] libsolv-0.7.32/redhat-linux-build/bindings/ruby/solv_ruby.c:1565: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: klass_name # 1563| size_t klass_len = 4 + strlen(type->name) + 1; # 1564| char *klass_name = (char *) malloc(klass_len); # 1565|-> SWIG_snprintf(klass_name, klass_len, "TYPE%s", type->name); # 1566| if (NIL_P(_cSWIG_Pointer)) { # 1567| _cSWIG_Pointer = rb_define_class_under(_mSWIG, "Pointer", rb_cObject); Error: COMPILER_WARNING (CWE-477): [#def23] libsolv-0.7.32/redhat-linux-build/bindings/ruby/solv_ruby.c: scope_hint: In function ‘SWIG_Ruby_NewPointerObj’ libsolv-0.7.32/redhat-linux-build/bindings/ruby/solv_ruby.c:1611:5: warning[-Wdeprecated-declarations]: ‘rb_data_object_wrap_warning’ is deprecated: by TypedData # 1611 | obj = Data_Wrap_Struct(sklass->klass, VOIDFUNC(sklass->mark), # | ^~~ /usr/include/ruby/internal/core.h:27: included_from: Included from here. /usr/include/ruby/ruby.h:29: included_from: Included from here. /usr/include/ruby.h:38: included_from: Included from here. libsolv-0.7.32/redhat-linux-build/bindings/ruby/solv_ruby.c:912: included_from: Included from here. /usr/include/ruby/internal/core/rdata.h:293:1: note: declared here # 293 | rb_data_object_wrap_warning(VALUE klass, void *ptr, RUBY_DATA_FUNC mark, RUBY_DATA_FUNC free) # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ # 1609| # 1610| /* Create a new Ruby object */ # 1611|-> obj = Data_Wrap_Struct(sklass->klass, VOIDFUNC(sklass->mark), # 1612| ( own ? VOIDFUNC(sklass->destroy) : # 1613| (track ? VOIDFUNC(SWIG_RubyRemoveTracking) : 0 ) Error: CPPCHECK_WARNING (CWE-476): [#def24] libsolv-0.7.32/redhat-linux-build/bindings/ruby/solv_ruby.c:1623: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: klass_name # 1621| size_t klass_len = 4 + strlen(type->name) + 1; # 1622| klass_name = (char *) malloc(klass_len); # 1623|-> SWIG_snprintf(klass_name, klass_len, "TYPE%s", type->name); # 1624| klass = rb_const_get(_mSWIG, rb_intern(klass_name)); # 1625| free((void *) klass_name); Error: COMPILER_WARNING (CWE-477): [#def25] libsolv-0.7.32/redhat-linux-build/bindings/ruby/solv_ruby.c:1626:5: warning[-Wdeprecated-declarations]: ‘rb_data_object_wrap_warning’ is deprecated: by TypedData # 1626 | obj = Data_Wrap_Struct(klass, 0, 0, ptr); # | ^~~ /usr/include/ruby/internal/core/rdata.h:293:1: note: declared here # 293 | rb_data_object_wrap_warning(VALUE klass, void *ptr, RUBY_DATA_FUNC mark, RUBY_DATA_FUNC free) # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ # 1624| klass = rb_const_get(_mSWIG, rb_intern(klass_name)); # 1625| free((void *) klass_name); # 1626|-> obj = Data_Wrap_Struct(klass, 0, 0, ptr); # 1627| } # 1628| rb_iv_set(obj, "@__swigtype__", rb_str_new2(type->name)); Error: COMPILER_WARNING (CWE-477): [#def26] libsolv-0.7.32/redhat-linux-build/bindings/ruby/solv_ruby.c: scope_hint: In function ‘SWIG_Ruby_NewClassInstance’ libsolv-0.7.32/redhat-linux-build/bindings/ruby/solv_ruby.c:1639:3: warning[-Wdeprecated-declarations]: ‘rb_data_object_wrap_warning’ is deprecated: by TypedData # 1639 | obj = Data_Wrap_Struct(klass, VOIDFUNC(sklass->mark), VOIDFUNC(sklass->destroy), 0); # | ^~~ /usr/include/ruby/internal/core/rdata.h:293:1: note: declared here # 293 | rb_data_object_wrap_warning(VALUE klass, void *ptr, RUBY_DATA_FUNC mark, RUBY_DATA_FUNC free) # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ # 1637| VALUE obj; # 1638| swig_class *sklass = (swig_class *) type->clientdata; # 1639|-> obj = Data_Wrap_Struct(klass, VOIDFUNC(sklass->mark), VOIDFUNC(sklass->destroy), 0); # 1640| rb_iv_set(obj, "@__swigtype__", rb_str_new2(type->name)); # 1641| return obj; Error: COMPILER_WARNING (CWE-477): [#def27] libsolv-0.7.32/redhat-linux-build/bindings/ruby/solv_ruby.c: scope_hint: In function ‘SWIG_Ruby_ConvertPtrAndOwn’ libsolv-0.7.32/redhat-linux-build/bindings/ruby/solv_ruby.c:1687:5: warning[-Wdeprecated-declarations]: ‘rb_data_object_get_warning’ is deprecated: by TypedData # 1687 | Data_Get_Struct(obj, void, vptr); # | ^~~~~~~~~~~~~~~ /usr/include/ruby/internal/core/rdata.h:325:1: note: declared here # 325 | rb_data_object_get_warning(VALUE obj) # | ^~~~~~~~~~~~~~~~~~~~~~~~~~ # 1685| return SWIG_ERROR; # 1686| } # 1687|-> Data_Get_Struct(obj, void, vptr); # 1688| } # 1689| Error: COMPILER_WARNING (CWE-477): [#def28] libsolv-0.7.32/redhat-linux-build/bindings/ruby/solv_ruby.c: scope_hint: In function ‘SWIG_Ruby_GetModule’ libsolv-0.7.32/redhat-linux-build/bindings/ruby/solv_ruby.c:1823:5: warning[-Wdeprecated-declarations]: ‘rb_data_object_get_warning’ is deprecated: by TypedData # 1823 | Data_Get_Struct(pointer, swig_module_info, ret); # | ^~~~~~~~~~~~~~~ /usr/include/ruby/internal/core/rdata.h:325:1: note: declared here # 325 | rb_data_object_get_warning(VALUE obj) # | ^~~~~~~~~~~~~~~~~~~~~~~~~~ # 1821| pointer = rb_gv_get("$swig_runtime_data_type_pointer" SWIG_RUNTIME_VERSION SWIG_TYPE_TABLE_NAME); # 1822| if (pointer != Qnil) { # 1823|-> Data_Get_Struct(pointer, swig_module_info, ret); # 1824| } # 1825| Error: COMPILER_WARNING (CWE-477): [#def29] libsolv-0.7.32/redhat-linux-build/bindings/ruby/solv_ruby.c: scope_hint: In function ‘SWIG_Ruby_SetModule’ libsolv-0.7.32/redhat-linux-build/bindings/ruby/solv_ruby.c:1838:3: warning[-Wdeprecated-declarations]: ‘rb_data_object_wrap_warning’ is deprecated: by TypedData # 1838 | swig_runtime_data_type_pointer = Data_Wrap_Struct(cl, 0, 0, pointer); # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /usr/include/ruby/internal/core/rdata.h:293:1: note: declared here # 293 | rb_data_object_wrap_warning(VALUE klass, void *ptr, RUBY_DATA_FUNC mark, RUBY_DATA_FUNC free) # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ # 1836| rb_undef_alloc_func(cl); # 1837| /* create and store the structure pointer to a global variable */ # 1838|-> swig_runtime_data_type_pointer = Data_Wrap_Struct(cl, 0, 0, pointer); # 1839| rb_define_readonly_variable("$swig_runtime_data_type_pointer" SWIG_RUNTIME_VERSION SWIG_TYPE_TABLE_NAME, &swig_runtime_data_type_pointer); # 1840| } Error: CPPCHECK_WARNING (CWE-457): [#def30] libsolv-0.7.32/redhat-linux-build/bindings/ruby/solv_ruby.c:2295: error[uninitvar]: Uninitialized variable: v # 2293| a[1] = (VALUE)(&v); # 2294| if (rb_rescue(VALUEFUNC(SWIG_AUX_NUM2LONG), (VALUE)a, VALUEFUNC(SWIG_ruby_failed), 0) != Qnil) { # 2295|-> if (val) *val = v; # 2296| return SWIG_OK; # 2297| } Error: CPPCHECK_WARNING (CWE-457): [#def31] libsolv-0.7.32/redhat-linux-build/bindings/ruby/solv_ruby.c:2650: error[uninitvar]: Uninitialized variable: v # 2648| if (rb_funcall(obj, swig_lowerthan_id, 1, INT2FIX(0)) != Qfalse) # 2649| return SWIG_OverflowError; # 2650|-> if (val) *val = v; # 2651| return SWIG_OK; # 2652| } Error: CPPCHECK_WARNING (CWE-457): [#def32] libsolv-0.7.32/redhat-linux-build/bindings/ruby/solv_ruby.c:3011: error[uninitvar]: Uninitialized variable: v # 3009| if (rb_funcall(obj, swig_lowerthan_id, 1, INT2FIX(0)) != Qfalse) # 3010| return SWIG_OverflowError; # 3011|-> if (val) *val = v; # 3012| return SWIG_OK; # 3013| } Error: CPPCHECK_WARNING (CWE-758): [#def33] libsolv-0.7.32/redhat-linux-build/bindings/ruby/solv_ruby.c:20758: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour #20756| rb_define_const(SwigClassSelection.klass, "SELECTION_FILTER", SWIG_From_int((int)(SELECTION_FILTER))); #20757| rb_define_const(SwigClassSelection.klass, "SELECTION_FILTER_KEEP_IFEMPTY", SWIG_From_int((int)(SELECTION_FILTER_KEEP_IFEMPTY))); #20758|-> rb_define_const(SwigClassSelection.klass, "SELECTION_FILTER_SWAPPED", SWIG_From_int((int)(SELECTION_FILTER_SWAPPED))); #20759| rb_define_method(SwigClassSelection.klass, "isempty?", _wrap_Selection_isemptyq___, -1); #20760| rb_define_method(SwigClassSelection.klass, "clone", _wrap_Selection_clone, -1); Error: GCC_ANALYZER_WARNING (CWE-688): [#def34] libsolv-0.7.32/src/chksum.c:277:10: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected libsolv-0.7.32/src/chksum.c:267:1: enter_function: entry to ‘solv_chksum_cmp’ libsolv-0.7.32/src/chksum.c:271:6: branch_false: following ‘false’ branch (when ‘chk != chk2’)... libsolv-0.7.32/src/chksum.c:273:7: branch_false: ...to here libsolv-0.7.32/src/chksum.c:273:6: branch_false: following ‘false’ branch... libsolv-0.7.32/src/chksum.c:275:10: call_function: calling ‘solv_chksum_get’ from ‘solv_chksum_cmp’ libsolv-0.7.32/src/chksum.c:275:10: return_function: returning to ‘solv_chksum_cmp’ from ‘solv_chksum_get’ libsolv-0.7.32/src/chksum.c:276:10: call_function: calling ‘solv_chksum_get’ from ‘solv_chksum_cmp’ libsolv-0.7.32/src/chksum.c:276:10: return_function: returning to ‘solv_chksum_cmp’ from ‘solv_chksum_get’ libsolv-0.7.32/src/chksum.c:277:10: danger: argument 2 (‘solv_chksum_get(chk2, 0)’) NULL where non-null expected # 275| res1 = solv_chksum_get(chk, &len); # 276| res2 = solv_chksum_get(chk2, 0); # 277|-> return memcmp(res1, res2, len) == 0 ? 1 : 0; # 278| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def35] libsolv-0.7.32/src/dirpool.c:93:7: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ libsolv-0.7.32/src/dirpool.c:81:1: enter_function: entry to ‘dirpool_make_dirtraverse’ libsolv-0.7.32/src/dirpool.c:84:6: branch_false: following ‘false’ branch... libsolv-0.7.32/src/dirpool.c:86:14: branch_false: ...to here libsolv-0.7.32/src/dirpool.c:87:17: call_function: calling ‘solv_calloc_block’ from ‘dirpool_make_dirtraverse’ libsolv-0.7.32/src/dirpool.c:87:17: return_function: returning to ‘dirpool_make_dirtraverse’ from ‘solv_calloc_block’ libsolv-0.7.32/src/dirpool.c:88:15: branch_true: following ‘true’ branch... libsolv-0.7.32/src/dirpool.c:90:11: branch_true: ...to here libsolv-0.7.32/src/dirpool.c:90:10: branch_false: following ‘false’ branch... libsolv-0.7.32/src/dirpool.c:92:7: branch_false: ...to here libsolv-0.7.32/src/dirpool.c:93:18: release_memory: ‘0’ is NULL libsolv-0.7.32/src/dirpool.c:93:7: danger: dereference of NULL ‘solv_calloc_block((long unsigned int)*dp.ndirs, 4, 127) + (long unsigned int)i * 4’ # 91| continue; # 92| parent = -dp->dirs[i]; # 93|-> dirtraverse[i] = dirtraverse[parent]; # 94| dirtraverse[parent] = i + 1; # 95| } Error: CPPCHECK_WARNING (CWE-562): [#def36] libsolv-0.7.32/src/fileprovides.c:462: error[autoVariables]: Address of local auto-variable assigned to a function parameter. # 460| if (repo->pool->solvables[p].repo == repo) # 461| MAPSET(&todo, p - repo->start); # 462|-> cbd->todo = &todo; # 463| cbd->todo_start = repo->start; # 464| cbd->todo_end = repo->end; Error: CPPCHECK_WARNING (CWE-562): [#def37] libsolv-0.7.32/src/fileprovides.c:477: error[autoVariables]: Address of local auto-variable assigned to a function parameter. # 475| { # 476| map_grow(&providedids, repo->pool->ss.nstrings); # 477|-> cbd->providedids = &providedids; # 478| provstart = data->start; # 479| provend = data->end; Error: CPPCHECK_WARNING (CWE-758): [#def38] libsolv-0.7.32/src/poolvendor.c:64: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 62| if (vs == 0) # 63| break; # 64|-> if (m == (1 << 31)) # 65| break; /* sorry, out of bits */ # 66| m <<= 1; /* next vendor equivalence class */ Error: GCC_ANALYZER_WARNING (CWE-476): [#def39] libsolv-0.7.32/src/repo.c:1181:15: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ libsolv-0.7.32/src/repo.c:1507:1: enter_function: entry to ‘repo_set_deparray’ libsolv-0.7.32/src/repo.c:1512:6: branch_true: following ‘true’ branch (when ‘marker != 0’)... libsolv-0.7.32/src/repo.c:1517:7: branch_true: ...to here libsolv-0.7.32/src/repo.c:1518:7: call_function: calling ‘repo_lookup_deparray’ from ‘repo_set_deparray’ # 1179| case SOLVABLE_ENHANCES: # 1180| offp = solvable_offsetptr(repo->pool->solvables + entry, keyname); # 1181|-> if (*offp) # 1182| { # 1183| Id *p; Error: GCC_ANALYZER_WARNING (CWE-476): [#def40] libsolv-0.7.32/src/repo.c:1492:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ libsolv-0.7.32/src/repo.c:1501:1: enter_function: entry to ‘repo_add_idarray’ libsolv-0.7.32/src/repo.c:1503:3: call_function: calling ‘repo_add_deparray’ from ‘repo_add_idarray’ # 1490| case SOLVABLE_ENHANCES: # 1491| offp = solvable_offsetptr(repo->pool->solvables + p, keyname); # 1492|-> *offp = repo_addid_dep(repo, *offp, dep, marker); # 1493| return; # 1494| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def41] libsolv-0.7.32/src/repo.c:1556:11: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ libsolv-0.7.32/src/repo.c:1507:1: enter_function: entry to ‘repo_set_deparray’ libsolv-0.7.32/src/repo.c:1512:6: branch_false: following ‘false’ branch (when ‘marker == 0’)... libsolv-0.7.32/src/repo.c:1538:6: branch_false: ...to here libsolv-0.7.32/src/repo.c:1538:6: branch_true: following ‘true’ branch (when ‘p >= 0’)... libsolv-0.7.32/src/repo.c:1542:7: branch_true: ...to here libsolv-0.7.32/src/repo.c:1542:7: branch_true: following ‘true’ branch... branch_true: ...to here libsolv-0.7.32/src/repo.c:1553:23: branch_true: following ‘true’ branch... libsolv-0.7.32/src/repo.c:1554:45: branch_true: ...to here libsolv-0.7.32/src/repo.c:1554:19: call_function: calling ‘repo_addid_dep’ from ‘repo_set_deparray’ libsolv-0.7.32/src/repo.c:1554:19: return_function: returning to ‘repo_set_deparray’ from ‘repo_addid_dep’ libsolv-0.7.32/src/repo.c:1555:18: call_function: calling ‘solvable_offsetptr’ from ‘repo_set_deparray’ libsolv-0.7.32/src/repo.c:1555:18: return_function: returning to ‘repo_set_deparray’ from ‘solvable_offsetptr’ libsolv-0.7.32/src/repo.c:1556:11: danger: dereference of NULL ‘solvable_offsetptr(*repo_45(D)->pool.solvables + (long unsigned int)p * 56, keyname)’ # 1554| off = repo_addid_dep(repo, off, q->elements[i], 0); # 1555| offp = solvable_offsetptr(repo->pool->solvables + p, keyname); # 1556|-> *offp = off; # 1557| return; # 1558| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def42] libsolv-0.7.32/src/repo_write.c:1549:3: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘spool’ libsolv-0.7.32/src/repo_write.c:2277:1: enter_function: entry to ‘repodata_write_filtered’ libsolv-0.7.32/src/repo_write.c:2285:9: call_function: calling ‘repowriter_write’ from ‘repodata_write_filtered’ # 1547| */ # 1548| # 1549|-> reloff = spool->nstrings; # 1550| if (cbdata.ownspool) # 1551| reloff = (reloff + NEEDID_BLOCK) & ~NEEDID_BLOCK; Error: CPPCHECK_WARNING (CWE-758): [#def43] libsolv-0.7.32/src/repodata.c:1544: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 1542| memset(di, 0, sizeof(*di)); # 1543| di->pool = pool; # 1544|-> di->flags = flags & ~SEARCH_THISSOLVID; # 1545| if (!pool || (repo && repo->pool != pool)) # 1546| { Error: CPPCHECK_WARNING (CWE-758): [#def44] libsolv-0.7.32/src/repodata.c:1599: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 1597| dataiterator_set_match(Dataiterator *di, const char *match, int flags) # 1598| { # 1599|-> di->flags = (flags & ~SEARCH_THISSOLVID) | (di->flags & SEARCH_THISSOLVID); # 1600| datamatcher_free(&di->matcher); # 1601| memset(&di->matcher, 0, sizeof(di->matcher)); Error: CPPCHECK_WARNING (CWE-758): [#def45] libsolv-0.7.32/src/repodata.c:1619: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 1617| di->repo = repo; # 1618| di->repoid = 0; # 1619|-> di->flags &= ~SEARCH_THISSOLVID; # 1620| di->nparents = 0; # 1621| di->rootlevel = 0; Error: CPPCHECK_WARNING (CWE-758): [#def46] libsolv-0.7.32/src/repodata.c:1719: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 1717| if (!di->repo || (di->repo->disabled && !(di->flags & SEARCH_DISABLED_REPOS))) # 1718| goto di_nextrepo; # 1719|-> if (!(di->flags & SEARCH_THISSOLVID)) # 1720| { # 1721| di->solvid = di->repo->start - 1; /* reset solvid iterator */ Error: CPPCHECK_WARNING (CWE-758): [#def47] libsolv-0.7.32/src/repodata.c:1835: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 1833| # 1834| case di_nextsolvable: di_nextsolvable: # 1835|-> if (!(di->flags & SEARCH_THISSOLVID)) # 1836| { # 1837| if (di->solvid < 0) Error: CPPCHECK_WARNING (CWE-758): [#def48] libsolv-0.7.32/src/repodata.c:2039: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 2037| { # 2038| di->state = from->state; # 2039|-> di->flags &= ~SEARCH_THISSOLVID; # 2040| di->flags |= (from->flags & SEARCH_THISSOLVID); # 2041| di->repo = from->repo; Error: CPPCHECK_WARNING (CWE-758): [#def49] libsolv-0.7.32/src/repodata.c:2040: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 2038| di->state = from->state; # 2039| di->flags &= ~SEARCH_THISSOLVID; # 2040|-> di->flags |= (from->flags & SEARCH_THISSOLVID); # 2041| di->repo = from->repo; # 2042| di->data = from->data; Error: CPPCHECK_WARNING (CWE-758): [#def50] libsolv-0.7.32/src/repodata.c:2149: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 2147| dataiterator_final_solvable(Dataiterator *di) # 2148| { # 2149|-> di->flags |= SEARCH_THISSOLVID; # 2150| di->repoid = 0; # 2151| } Error: CPPCHECK_WARNING (CWE-758): [#def51] libsolv-0.7.32/src/repodata.c:2201: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 2199| di->solvid = solvid; # 2200| if (solvid) # 2201|-> di->flags |= SEARCH_THISSOLVID; # 2202| di->state = di_enterrepo; # 2203| } Error: CPPCHECK_WARNING (CWE-758): [#def52] libsolv-0.7.32/src/repodata.c:2215: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 2213| di->repodataid = 1; # 2214| di->solvid = 0; # 2215|-> di->flags &= ~SEARCH_THISSOLVID; # 2216| di->state = di_enterrepo; # 2217| } Error: CPPCHECK_WARNING (CWE-758): [#def53] libsolv-0.7.32/src/selection.c:1335: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 1333| if (ret || !(flags & SELECTION_FILTER_KEEP_IFEMPTY)) # 1334| { # 1335|-> if ((flags & SELECTION_FILTER_SWAPPED) != 0) # 1336| { # 1337| selection_filter(pool, sel2, sel1); Error: GCC_ANALYZER_WARNING (CWE-688): [#def54] libsolv-0.7.32/src/solvable.c:367:57: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected libsolv-0.7.32/src/solvable.c:340:1: enter_function: entry to ‘solvable_lookup_location’ libsolv-0.7.32/src/solvable.c:349:6: branch_false: following ‘false’ branch... libsolv-0.7.32/src/solvable.c:351:3: branch_false: ...to here libsolv-0.7.32/src/solvable.c:360:6: branch_true: following ‘true’ branch... libsolv-0.7.32/src/solvable.c:363:14: branch_true: ...to here libsolv-0.7.32/src/solvable.c:364:13: call_function: calling ‘evrid2vrstr’ from ‘solvable_lookup_location’ libsolv-0.7.32/src/solvable.c:364:13: return_function: returning to ‘solvable_lookup_location’ from ‘evrid2vrstr’ libsolv-0.7.32/src/solvable.c:367:57: danger: argument 1 (‘evrid2vrstr(pool, *s.evr)’) NULL where non-null expected #argument 1 of ‘__builtin_strlen’ must be non-null # 365| arch = pool_id2str(pool, s->arch); # 366| /* name-vr.arch.rpm */ # 367|-> loc = pool_alloctmpspace(pool, l + strlen(name) + strlen(evr) + strlen(arch) + 7); # 368| if (mediadir) # 369| sprintf(loc, "%s/%s-%s.%s.rpm", mediadir, name, evr, arch); Error: GCC_ANALYZER_WARNING (CWE-688): [#def55] libsolv-0.7.32/src/solvable.c:367:57: warning[-Wanalyzer-null-argument]: use of NULL ‘mediadir’ where non-null expected libsolv-0.7.32/src/solvable.c:340:1: enter_function: entry to ‘solvable_lookup_location’ libsolv-0.7.32/src/solvable.c:349:6: branch_false: following ‘false’ branch... libsolv-0.7.32/src/solvable.c:351:3: branch_false: ...to here libsolv-0.7.32/src/solvable.c:354:6: branch_false: following ‘false’ branch... libsolv-0.7.32/src/solvable.c:357:16: branch_false: ...to here libsolv-0.7.32/src/solvable.c:357:16: call_function: calling ‘solvable_lookup_str’ from ‘solvable_lookup_location’ libsolv-0.7.32/src/solvable.c:357:16: return_function: returning to ‘solvable_lookup_location’ from ‘solvable_lookup_str’ libsolv-0.7.32/src/solvable.c:358:6: branch_false: following ‘false’ branch (when ‘mediadir’ is NULL)... libsolv-0.7.32/src/solvable.c:360:7: branch_false: ...to here libsolv-0.7.32/src/solvable.c:360:6: branch_true: following ‘true’ branch... libsolv-0.7.32/src/solvable.c:363:14: branch_true: ...to here libsolv-0.7.32/src/solvable.c:364:13: call_function: calling ‘evrid2vrstr’ from ‘solvable_lookup_location’ libsolv-0.7.32/src/solvable.c:364:13: return_function: returning to ‘solvable_lookup_location’ from ‘evrid2vrstr’ libsolv-0.7.32/src/solvable.c:367:57: danger: argument 1 (‘evrid2vrstr(pool, *s.evr)’) NULL where non-null expected #argument 1 of ‘__builtin_strlen’ must be non-null # 365| arch = pool_id2str(pool, s->arch); # 366| /* name-vr.arch.rpm */ # 367|-> loc = pool_alloctmpspace(pool, l + strlen(name) + strlen(evr) + strlen(arch) + 7); # 368| if (mediadir) # 369| sprintf(loc, "%s/%s-%s.%s.rpm", mediadir, name, evr, arch); Error: CPPCHECK_WARNING (CWE-758): [#def56] libsolv-0.7.32/tools/testsolv.c:402: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 400| solv->solution_callback = 0; # 401| solv->solution_callback_data = 0; # 402|-> if ((resultflags & ~TESTCASE_RESULT_REUSE_SOLVER) == 0) # 403| resultflags |= TESTCASE_RESULT_TRANSACTION | TESTCASE_RESULT_PROBLEMS; # 404| myresult = testcase_solverresult(solv, resultflags); Error: CPPCHECK_WARNING (CWE-758): [#def57] libsolv-0.7.32/tools/testsolv.c:521: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 519| } # 520| queue_free(&job); # 521|-> if ((resultflags & TESTCASE_RESULT_REUSE_SOLVER) != 0 && !feof(fp)) # 522| reusesolv = solv; # 523| else
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-158.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | libsolv-0.7.32-4.fc43 |
| store-results-to | /tmp/tmpdv7yfua8/libsolv-0.7.32-4.fc43.tar.xz |
| time-created | 2025-04-25 14:15:17 |
| time-finished | 2025-04-25 14:17:47 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpdv7yfua8/libsolv-0.7.32-4.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpdv7yfua8/libsolv-0.7.32-4.fc43.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |