libtasn1-4.20.0-1.fc43

List of Findings

Error: COMPILER_WARNING: [#def1]
libtasn1-4.20.0/examples/pkix_asn1_tab.c:7:24: warning[-Wmissing-variable-declarations]: no previous declaration for 'pkix_asn1_tab'
#    7 | const asn1_static_node pkix_asn1_tab[] = {
#      |                        ^~~~~~~~~~~~~
#    5|   #include <libtasn1.h>
#    6|   
#    7|-> const asn1_static_node pkix_asn1_tab[] = {
#    8|     { "PKIX1Implicit88", 536875024, NULL },
#    9|     { NULL, 1610612748, NULL },

Error: COMPILER_WARNING: [#def2]
libtasn1-4.20.0/lib/ASN1.c:73:25: warning[-Wmissing-variable-declarations]: no previous declaration for '_asn1_yynerrs'
#   73 | #define yynerrs         _asn1_yynerrs
#      |                         ^~~~~~~~~~~~~
libtasn1-4.20.0/lib/ASN1.c:1594:5: note: in expansion of macro 'yynerrs'
# 1594 | int yynerrs;
#      |     ^~~~~~~
#   71|   #define yyerror         _asn1_yyerror
#   72|   #define yydebug         _asn1_yydebug
#   73|-> #define yynerrs         _asn1_yynerrs
#   74|   #define yylval          _asn1_yylval
#   75|   #define yychar          _asn1_yychar

Error: COMPILER_WARNING: [#def3]
libtasn1-4.20.0/lib/ASN1.c:75:25: warning[-Wmissing-variable-declarations]: no previous declaration for '_asn1_yychar'
#   75 | #define yychar          _asn1_yychar
#      |                         ^~~~~~~~~~~~
libtasn1-4.20.0/lib/ASN1.c:1589:5: note: in expansion of macro 'yychar'
# 1589 | int yychar;
#      |     ^~~~~~
#   73|   #define yynerrs         _asn1_yynerrs
#   74|   #define yylval          _asn1_yylval
#   75|-> #define yychar          _asn1_yychar
#   76|   
#   77|   /* First part of user prologue.  */

Error: GCC_ANALYZER_WARNING (CWE-457): [#def4]
libtasn1-4.20.0/lib/ASN1.c:1715:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'yyss'
libtasn1-4.20.0/lib/ASN1.y:788:1: enter_function: entry to 'asn1_parser2array'
libtasn1-4.20.0/lib/ASN1.y:802:6: branch_false: following 'false' branch...
libtasn1-4.20.0/lib/ASN1.y:808:3: branch_false: ...to here
libtasn1-4.20.0/lib/ASN1.y:811:3: call_function: calling '_asn1_yyparse' from 'asn1_parser2array'
# 1713|           if (! yyptr)
# 1714|             YYNOMEM;
# 1715|->         YYSTACK_RELOCATE (yyss_alloc, yyss);
# 1716|           YYSTACK_RELOCATE (yyvs_alloc, yyvs);
# 1717|   #  undef YYSTACK_RELOCATE

Error: GCC_ANALYZER_WARNING (CWE-457): [#def5]
libtasn1-4.20.0/lib/ASN1.c:1842:3: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '*<unknown>'
libtasn1-4.20.0/lib/ASN1.y:788:1: enter_function: entry to 'asn1_parser2array'
libtasn1-4.20.0/lib/ASN1.y:802:6: branch_false: following 'false' branch...
libtasn1-4.20.0/lib/ASN1.y:808:3: branch_false: ...to here
libtasn1-4.20.0/lib/ASN1.y:811:3: call_function: calling '_asn1_yyparse' from 'asn1_parser2array'
# 1840|        unconditionally makes the parser a bit smaller, and it avoids a
# 1841|        GCC warning that YYVAL may be used uninitialized.  */
# 1842|->   yyval = yyvsp[1-yylen];
# 1843|   
# 1844|   

Error: CPPCHECK_WARNING (CWE-476): [#def6]
libtasn1-4.20.0/lib/ASN1.y:850: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: file_out_name
#  848|         file_out_name = malloc (dot_p - inputFileName + 1 +
#  849|                                 sizeof ("_asn1_tab.c")-1);
#  850|->       memcpy (file_out_name, inputFileName,
#  851|                 dot_p - inputFileName);
#  852|         file_out_name[dot_p - inputFileName] = 0;

Error: CPPCHECK_WARNING (CWE-476): [#def7]
libtasn1-4.20.0/lib/ASN1.y:852: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: file_out_name
#  850|         memcpy (file_out_name, inputFileName,
#  851|                 dot_p - inputFileName);
#  852|->       file_out_name[dot_p - inputFileName] = 0;
#  853|         strcat (file_out_name, "_asn1_tab.c");
#  854|       }

Error: CPPCHECK_WARNING (CWE-476): [#def8]
libtasn1-4.20.0/lib/ASN1.y:853: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: file_out_name
#  851|                 dot_p - inputFileName);
#  852|         file_out_name[dot_p - inputFileName] = 0;
#  853|->       strcat (file_out_name, "_asn1_tab.c");
#  854|       }
#  855|     else

Error: CPPCHECK_WARNING (CWE-476): [#def9]
libtasn1-4.20.0/lib/ASN1.y:867: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: vector_name
#  865|         vector_name = malloc (dot_p - slash_p + 1 +
#  866|                               sizeof("_asn1_tab") - 1);
#  867|->       memcpy (vector_name, slash_p, dot_p - slash_p);
#  868|         vector_name[dot_p - slash_p] = 0;
#  869|         strcat (vector_name, "_asn1_tab");

Error: CPPCHECK_WARNING (CWE-476): [#def10]
libtasn1-4.20.0/lib/ASN1.y:868: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: vector_name
#  866|                               sizeof("_asn1_tab") - 1);
#  867|         memcpy (vector_name, slash_p, dot_p - slash_p);
#  868|->       vector_name[dot_p - slash_p] = 0;
#  869|         strcat (vector_name, "_asn1_tab");
#  870|   

Error: CPPCHECK_WARNING (CWE-476): [#def11]
libtasn1-4.20.0/lib/ASN1.y:869: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: vector_name
#  867|         memcpy (vector_name, slash_p, dot_p - slash_p);
#  868|         vector_name[dot_p - slash_p] = 0;
#  869|->       strcat (vector_name, "_asn1_tab");
#  870|   
#  871|         len = strlen(vector_name);

Error: CPPCHECK_WARNING (CWE-476): [#def12]
libtasn1-4.20.0/lib/ASN1.y:871: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: vector_name
#  869|         strcat (vector_name, "_asn1_tab");
#  870|   
#  871|->       len = strlen(vector_name);
#  872|         for (i=0;i<len;i++)
#  873|           {

Error: CPPCHECK_WARNING (CWE-476): [#def13]
libtasn1-4.20.0/lib/ASN1.y:874: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: vector_name
#  872|         for (i=0;i<len;i++)
#  873|           {
#  874|->           if (vector_name[i] == '-')
#  875|             vector_name[i] = '_';
#  876|           }

Error: GCC_ANALYZER_WARNING (CWE-457): [#def14]
libtasn1-4.20.0/lib/coding.c:758:5: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '&tag_der'
libtasn1-4.20.0/lib/coding.c:1077:1: enter_function: entry to 'asn1_der_coding'
libtasn1-4.20.0/lib/coding.c:1091:6: branch_false: following 'false' branch...
libtasn1-4.20.0/lib/coding.c:1098:10: branch_false: ...to here
libtasn1-4.20.0/lib/coding.c:1099:6: branch_false: following 'false' branch...
libtasn1-4.20.0/lib/coding.c:1102:13: branch_false: ...to here
libtasn1-4.20.0/lib/coding.c:1104:6: branch_false: following 'false' branch...
libtasn1-4.20.0/lib/coding.c:1110:3: branch_false: ...to here
libtasn1-4.20.0/lib/coding.c:1119:10: branch_true: following 'true' branch (when 'move != 1')...
libtasn1-4.20.0/lib/coding.c:1121:11: branch_true: ...to here
libtasn1-4.20.0/lib/coding.c:1122:17: call_function: calling '_asn1_insert_tag_der' from 'asn1_der_coding'
#  756|     *max_len -= tag_len;
#  757|     if (der && *max_len >= 0)
#  758|->     memcpy (der + *counter, tag_der, tag_len);
#  759|     *counter += tag_len;
#  760|   

Error: CPPCHECK_WARNING (CWE-190): [#def15]
libtasn1-4.20.0/lib/decoding.c:137: error[integerOverflow]: Signed integer overflow for expression '((((1?0:((1?0:(ans))+256))-1)<0)?~(((((1?0:((1?0:(ans))+256))+1)<<((sizeof((1?0:(ans))+256)*8)-2))-1)*2+1):((1?0:((1?0:(ans))+256))+0))/256'.
#  135|   	  while (punt <= k && punt < der_len)
#  136|   	    {
#  137|-> 	      if (INT_MULTIPLY_OVERFLOW (ans, 256))
#  138|   		return -2;
#  139|   	      ans *= 256;

Error: CPPCHECK_WARNING (CWE-190): [#def16]
libtasn1-4.20.0/lib/decoding.c:204: error[integerOverflow]: Signed integer overflow for expression '((((1?0:((1?0:(ris))+128))-1)<0)?~(((((1?0:((1?0:(ris))+128))+1)<<((sizeof((1?0:(ris))+128)*8)-2))-1)*2+1):((1?0:((1?0:(ris))+128))+0))/128'.
#  202|   	{
#  203|   
#  204|-> 	  if (INT_MULTIPLY_OVERFLOW (ris, 128))
#  205|   	    return ASN1_DER_ERROR;
#  206|   	  ris *= 128;

Error: CPPCHECK_WARNING (CWE-190): [#def17]
libtasn1-4.20.0/lib/decoding.c:217: error[integerOverflow]: Signed integer overflow for expression '((((1?0:((1?0:(ris))+128))-1)<0)?~(((((1?0:((1?0:(ris))+128))+1)<<((sizeof((1?0:(ris))+128)*8)-2))-1)*2+1):((1?0:((1?0:(ris))+128))+0))/128'.
#  215|   	return ASN1_DER_ERROR;
#  216|   
#  217|->       if (INT_MULTIPLY_OVERFLOW (ris, 128))
#  218|   	return ASN1_DER_ERROR;
#  219|         ris *= 128;

Error: COMPILER_WARNING: [#def18]
libtasn1-4.20.0/lib/parser_aux.c:32:6: warning[-Wmissing-variable-declarations]: no previous declaration for '_asn1_identifierMissing'
#   32 | char _asn1_identifierMissing[ASN1_MAX_NAME_SIZE + 1];   /* identifier name not found */
#      |      ^~~~~~~~~~~~~~~~~~~~~~~
#   30|   #include "c-ctype.h"
#   31|   
#   32|-> char _asn1_identifierMissing[ASN1_MAX_NAME_SIZE + 1];	/* identifier name not found */
#   33|   
#   34|   /* Return a hash of the N bytes of X using the method described by

Error: GCC_ANALYZER_WARNING (CWE-835): [#def19]
libtasn1-4.20.0/lib/parser_aux.c:537:6: warning[-Wanalyzer-infinite-loop]: infinite loop
libtasn1-4.20.0/lib/parser_aux.c:1144:1: enter_function: entry to '_asn1_set_default_tag'
libtasn1-4.20.0/lib/parser_aux.c:1173:19: call_function: inlined call to '_asn1_find_up' from '_asn1_set_default_tag'
libtasn1-4.20.0/lib/parser_aux.c:1174:18: branch_true: ...to here
libtasn1-4.20.0/lib/parser_aux.c:1174:18: branch_false: if it ever follows 'false' branch, it will always do so...
libtasn1-4.20.0/lib/parser_aux.c:1179:18: branch_false: ...to here
libtasn1-4.20.0/lib/parser_aux.c:1179:18: branch_false: if it ever follows 'false' branch, it will always do so...
 branch_false: ...to here
libtasn1-4.20.0/lib/parser_aux.c:1173:19: call_function: inlined call to '_asn1_find_up' from '_asn1_set_default_tag'
#  535|     asn1_node_const p;
#  536|   
#  537|->   if (node == NULL)
#  538|       return NULL;
#  539|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def20]
libtasn1-4.20.0/lib/structure.c:458:11: warning[-Wanalyzer-null-dereference]: dereference of NULL 'p_d'
libtasn1-4.20.0/lib/structure.c:1234:1: enter_function: entry to 'asn1_dup_node'
libtasn1-4.20.0/lib/structure.c:1236:10: call_function: calling '_asn1_copy_structure2' from 'asn1_dup_node'
#  456|   	      continue;
#  457|   	    }
#  458|-> 	  p_d->start = p_s->start;
#  459|   	  p_d->end = p_s->end;
#  460|   	}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def21]
libtasn1-4.20.0/src/asn1Coding.c:344:31: warning[-Wanalyzer-null-dereference]: dereference of NULL 'der'
libtasn1-4.20.0/src/asn1Coding.c:207:6: branch_false: following 'false' branch...
libtasn1-4.20.0/src/asn1Coding.c:215:6: branch_false: following 'false' branch (when 'inputFileAsnName' is non-NULL)...
libtasn1-4.20.0/src/asn1Coding.c:221:41: branch_false: ...to here
libtasn1-4.20.0/src/asn1Coding.c:222:6: branch_false: following 'false' branch (when 'inputFileAssignmentName' is non-NULL)...
libtasn1-4.20.0/src/asn1Coding.c:229:5: branch_false: ...to here
libtasn1-4.20.0/src/asn1Coding.c:248:6: branch_false: following 'false' branch...
libtasn1-4.20.0/src/asn1Coding.c:256:15: branch_false: ...to here
libtasn1-4.20.0/src/asn1Coding.c:258:6: branch_false: following 'false' branch...
libtasn1-4.20.0/src/asn1Coding.c:268:3: branch_false: ...to here
libtasn1-4.20.0/src/asn1Coding.c:270:10: branch_false: following 'false' branch...
libtasn1-4.20.0/src/asn1Coding.c:301:6: branch_false: ...to here
libtasn1-4.20.0/src/asn1Coding.c:301:6: branch_false: following 'false' branch...
libtasn1-4.20.0/src/asn1Coding.c:306:3: branch_false: ...to here
libtasn1-4.20.0/src/asn1Coding.c:314:6: branch_false: following 'false' branch...
libtasn1-4.20.0/src/asn1Coding.c:325:3: branch_false: ...to here
libtasn1-4.20.0/src/asn1Coding.c:326:6: branch_false: following 'false' branch (when 'asn1_result == 0')...
libtasn1-4.20.0/src/asn1Coding.c:342:3: branch_false: ...to here
libtasn1-4.20.0/src/asn1Coding.c:343:15: branch_true: following 'true' branch...
libtasn1-4.20.0/src/asn1Coding.c:344:34: branch_true: ...to here
libtasn1-4.20.0/src/asn1Coding.c:344:34: release_memory: 'der' is NULL
libtasn1-4.20.0/src/asn1Coding.c:344:31: danger: dereference of NULL 'der + (sizetype)k'
#  342|     fprintf (stderr, "-----------------\nNumber of bytes=%i\n", der_len);
#  343|     for (k = 0; k < der_len; k++)
#  344|->     fprintf (stderr, "%02x ", der[k]);
#  345|     fputs ("\n-----------------\n", stderr);
#  346|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def22]
libtasn1-4.20.0/src/asn1Coding.c:372:36: warning[-Wanalyzer-null-dereference]: dereference of NULL 'der'
libtasn1-4.20.0/src/asn1Coding.c:166:10: branch_false: following 'false' branch (when 'option_result != -1')...
libtasn1-4.20.0/src/asn1Coding.c:169:7: branch_false: ...to here
libtasn1-4.20.0/src/asn1Coding.c:185:11: branch_true: following 'true' branch...
libtasn1-4.20.0/src/asn1Coding.c:186:28: branch_true: ...to here
libtasn1-4.20.0/src/asn1Coding.c:187:14: branch_false: following 'false' branch...
 branch_false: ...to here
libtasn1-4.20.0/src/asn1Coding.c:207:6: branch_false: following 'false' branch...
libtasn1-4.20.0/src/asn1Coding.c:215:6: branch_false: following 'false' branch (when 'inputFileAsnName' is non-NULL)...
libtasn1-4.20.0/src/asn1Coding.c:221:41: branch_false: ...to here
libtasn1-4.20.0/src/asn1Coding.c:222:6: branch_false: following 'false' branch (when 'inputFileAssignmentName' is non-NULL)...
libtasn1-4.20.0/src/asn1Coding.c:229:5: branch_false: ...to here
libtasn1-4.20.0/src/asn1Coding.c:248:6: branch_false: following 'false' branch...
libtasn1-4.20.0/src/asn1Coding.c:256:15: branch_false: ...to here
libtasn1-4.20.0/src/asn1Coding.c:258:6: branch_false: following 'false' branch...
libtasn1-4.20.0/src/asn1Coding.c:268:3: branch_false: ...to here
libtasn1-4.20.0/src/asn1Coding.c:301:6: branch_false: following 'false' branch...
libtasn1-4.20.0/src/asn1Coding.c:306:3: branch_false: ...to here
libtasn1-4.20.0/src/asn1Coding.c:314:6: branch_false: following 'false' branch...
libtasn1-4.20.0/src/asn1Coding.c:325:3: branch_false: ...to here
libtasn1-4.20.0/src/asn1Coding.c:326:6: branch_false: following 'false' branch (when 'asn1_result == 0')...
libtasn1-4.20.0/src/asn1Coding.c:342:3: branch_false: ...to here
libtasn1-4.20.0/src/asn1Coding.c:343:15: branch_false: following 'false' branch...
libtasn1-4.20.0/src/asn1Coding.c:345:3: branch_false: ...to here
libtasn1-4.20.0/src/asn1Coding.c:350:6: branch_true: following 'true' branch (when 'checkSyntaxOnly == 0')...
libtasn1-4.20.0/src/asn1Coding.c:352:11: branch_true: ...to here
libtasn1-4.20.0/src/asn1Coding.c:352:10: branch_false: following 'false' branch...
libtasn1-4.20.0/src/asn1Coding.c:355:7: branch_false: ...to here
libtasn1-4.20.0/src/asn1Coding.c:359:10: branch_false: following 'false' branch...
 branch_false: ...to here
libtasn1-4.20.0/src/asn1Coding.c:371:19: branch_true: following 'true' branch...
libtasn1-4.20.0/src/asn1Coding.c:372:39: branch_true: ...to here
libtasn1-4.20.0/src/asn1Coding.c:372:39: release_memory: 'der' is NULL
libtasn1-4.20.0/src/asn1Coding.c:372:36: danger: dereference of NULL 'der + (sizetype)k'
#  370|   
#  371|         for (k = 0; k < der_len; k++)
#  372|-> 	fprintf (outputFile, "%c", der[k]);
#  373|         fclose (outputFile);
#  374|         fputs ("\nWriting: done.\n", stderr);

Error: CPPCHECK_WARNING (CWE-401): [#def23]
libtasn1-4.20.0/src/asn1Decoding.c:205: error[memleakOnRealloc]: Common realloc mistake: 'der' nulled but not freed upon failure
#  203|      * boundaries are detected */
#  204|     if (der != NULL && debug != 0)
#  205|->     der = realloc (der, der_len);
#  206|   
#  207|     if (der == NULL)

Error: CPPCHECK_WARNING (CWE-562): [#def24]
libtasn1-4.20.0/src/gl/gettext.h:254: error[returnDanglingLifetime]: Returning pointer to local variable 'msg_ctxt_id' that will be invalid when returning.
#  252|   #endif
#  253|         if (found_translation)
#  254|->         return translation;
#  255|       }
#  256|     return msgid;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def25]
libtasn1-4.20.0/src/gl/read-file.c:62:46: warning[-Wanalyzer-malloc-leak]: leak of 'fread_file(fopen(filename,  mode), flags,  length)'
libtasn1-4.20.0/src/gl/read-file.c:190:1: enter_function: entry to 'read_file'
libtasn1-4.20.0/src/gl/read-file.c:196:6: branch_false: following 'false' branch...
libtasn1-4.20.0/src/gl/read-file.c:199:7: branch_false: ...to here
libtasn1-4.20.0/src/gl/read-file.c:202:9: acquire_memory: allocated here
libtasn1-4.20.0/src/gl/read-file.c:202:9: call_function: calling 'fread_file' from 'read_file'
#   60|       struct stat st;
#   61|   
#   62|->     if (fstat (fileno (stream), &st) >= 0 && S_ISREG (st.st_mode))
#   63|         {
#   64|           off_t pos = ftello (stream);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def26]
libtasn1-4.20.0/src/gl/read-file.c:82:6: warning[-Wanalyzer-malloc-leak]: leak of 'fread_file(fopen(filename,  mode), flags,  length)'
libtasn1-4.20.0/src/gl/read-file.c:190:1: enter_function: entry to 'read_file'
libtasn1-4.20.0/src/gl/read-file.c:196:6: branch_false: following 'false' branch...
libtasn1-4.20.0/src/gl/read-file.c:199:7: branch_false: ...to here
libtasn1-4.20.0/src/gl/read-file.c:202:9: acquire_memory: allocated here
libtasn1-4.20.0/src/gl/read-file.c:202:9: call_function: calling 'fread_file' from 'read_file'
#   80|     }
#   81|   
#   82|->   if (!(buf = malloc (alloc)))
#   83|       return NULL; /* errno is ENOMEM.  */
#   84|   

Scan Properties