Error: CPPCHECK_WARNING (CWE-401): [#def1] libusb-1.0.28/libusb/descriptor.c:1086: error[memleak]: Memory leak: _ssplus_cap # 1084| if (dev_cap->bLength < LIBUSB_BT_SSPLUS_USB_DEVICE_CAPABILITY_SIZE + _ssplus_cap->numSublinkSpeedAttributes * sizeof(uint32_t)) { # 1085| usbi_err(ctx, "short ssplus capability descriptor, unable to read sublinks: Not enough data"); # 1086|-> return LIBUSB_ERROR_IO; # 1087| } # 1088| Error: CPPCHECK_WARNING (CWE-476): [#def2] libusb-1.0.28/libusb/libusbi.h:497: error[ctunullpointer]: Null pointer dereference: ctx # 495| static inline int usbi_handling_events(struct libusb_context *ctx) # 496| { # 497|-> return usbi_tls_key_get(ctx->event_handling_key) != NULL; # 498| } # 499| Error: CPPCHECK_WARNING (CWE-476): [#def3] libusb-1.0.28/libusb/libusbi.h:497: warning[nullPointer]: Possible null pointer dereference: ctx # 495| static inline int usbi_handling_events(struct libusb_context *ctx) # 496| { # 497|-> return usbi_tls_key_get(ctx->event_handling_key) != NULL; # 498| } # 499| Error: GCC_ANALYZER_WARNING (CWE-789): [#def4] libusb-1.0.28/linux/examples/../../examples/ezusb.c:649:40: warning[-Wanalyzer-tainted-allocation-size]: use of attacker-controlled value ‘(long unsigned int)dLength * 4’ as allocation size without upper-bounds checking libusb-1.0.28/linux/examples/../../examples/ezusb.c:585:12: branch_false: following ‘false’ branch... libusb-1.0.28/linux/examples/../../examples/ezusb.c:588:20: branch_false: ...to here libusb-1.0.28/linux/examples/../../examples/ezusb.c:592:12: branch_false: following ‘false’ branch... libusb-1.0.28/linux/examples/../../examples/ezusb.c:599:14: branch_false: ...to here libusb-1.0.28/linux/examples/../../examples/ezusb.c:599:12: branch_false: following ‘false’ branch... libusb-1.0.28/linux/examples/../../examples/ezusb.c:639:20: branch_false: following ‘false’ branch... libusb-1.0.28/linux/examples/../../examples/ezusb.c:640:26: branch_false: ...to here libusb-1.0.28/linux/examples/../../examples/ezusb.c:639:21: branch_false: following ‘false’ branch... libusb-1.0.28/linux/examples/../../examples/ezusb.c:645:21: branch_false: ...to here libusb-1.0.28/linux/examples/../../examples/ezusb.c:645:20: branch_false: following ‘false’ branch... libusb-1.0.28/linux/examples/../../examples/ezusb.c:649:40: branch_false: ...to here libusb-1.0.28/linux/examples/../../examples/ezusb.c:649:40: danger: use of attacker-controlled value ‘(long unsigned int)dLength * 4’ as allocation size without upper-bounds checking # 647| # 648| // coverity[tainted_data] # 649|-> dImageBuf = (uint32_t*)calloc(dLength, sizeof(uint32_t)); # 650| if (dImageBuf == NULL) { # 651| logerror("could not allocate buffer for image chunk\n"); Error: GCC_ANALYZER_WARNING (CWE-129): [#def5] libusb-1.0.28/linux/examples/../../examples/ezusb.c:649:40: warning[-Wanalyzer-tainted-size]: use of attacker-controlled value ‘(long unsigned int)dLength * 4’ as size without upper-bounds checking libusb-1.0.28/linux/examples/../../examples/ezusb.c:585:12: branch_false: following ‘false’ branch... libusb-1.0.28/linux/examples/../../examples/ezusb.c:588:20: branch_false: ...to here libusb-1.0.28/linux/examples/../../examples/ezusb.c:592:12: branch_false: following ‘false’ branch... libusb-1.0.28/linux/examples/../../examples/ezusb.c:599:14: branch_false: ...to here libusb-1.0.28/linux/examples/../../examples/ezusb.c:599:12: branch_false: following ‘false’ branch... libusb-1.0.28/linux/examples/../../examples/ezusb.c:639:20: branch_false: following ‘false’ branch... libusb-1.0.28/linux/examples/../../examples/ezusb.c:640:26: branch_false: ...to here libusb-1.0.28/linux/examples/../../examples/ezusb.c:639:21: branch_false: following ‘false’ branch... libusb-1.0.28/linux/examples/../../examples/ezusb.c:645:21: branch_false: ...to here libusb-1.0.28/linux/examples/../../examples/ezusb.c:645:20: branch_false: following ‘false’ branch... libusb-1.0.28/linux/examples/../../examples/ezusb.c:649:40: branch_false: ...to here libusb-1.0.28/linux/examples/../../examples/ezusb.c:649:40: danger: use of attacker-controlled value ‘(long unsigned int)dLength * 4’ as size without upper-bounds checking # 647| # 648| // coverity[tainted_data] # 649|-> dImageBuf = (uint32_t*)calloc(dLength, sizeof(uint32_t)); # 650| if (dImageBuf == NULL) { # 651| logerror("could not allocate buffer for image chunk\n"); Error: GCC_ANALYZER_WARNING (CWE-476): [#def6] libusb-1.0.28/linux/libusb/../../libusb/core.c:2227:17: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' libusb-1.0.28/linux/libusb/../../libusb/core.c:2216:13: enter_function: entry to 'libusb_set_log_cb_internal' libusb-1.0.28/linux/libusb/../../libusb/core.c:2226:23: call_function: calling 'usbi_get_context' from 'libusb_set_log_cb_internal' libusb-1.0.28/linux/libusb/../../libusb/core.c:2226:23: return_function: returning to 'libusb_set_log_cb_internal' from 'usbi_get_context' libusb-1.0.28/linux/libusb/../../libusb/core.c:2227:17: danger: dereference of NULL 'usbi_get_context(ctx)' # 2225| if (mode & LIBUSB_LOG_CB_CONTEXT) { # 2226| ctx = usbi_get_context(ctx); # 2227|-> ctx->log_handler = cb; # 2228| } # 2229| #else Error: GCC_ANALYZER_WARNING (CWE-685): [#def7] libusb-1.0.28/linux/libusb/../../libusb/core.c:2310:17: warning[-Wanalyzer-va-list-exhausted]: 'ap' has no more arguments (0 consumed) libusb-1.0.28/linux/libusb/../../libusb/core.c:2422:18: enter_function: entry to 'libusb_init_context' libusb-1.0.28/linux/libusb/../../libusb/core.c:2428:9: call_function: calling 'usbi_mutex_static_lock' from 'libusb_init_context' libusb-1.0.28/linux/libusb/../../libusb/core.c:2428:9: return_function: returning to 'libusb_init_context' from 'usbi_mutex_static_lock' libusb-1.0.28/linux/libusb/../../libusb/core.c:2438:9: call_function: calling 'usbi_mutex_static_lock' from 'libusb_init_context' libusb-1.0.28/linux/libusb/../../libusb/core.c:2438:9: return_function: returning to 'libusb_init_context' from 'usbi_mutex_static_lock' libusb-1.0.28/linux/libusb/../../libusb/core.c:2443:9: call_function: calling 'usbi_mutex_static_unlock' from 'libusb_init_context' libusb-1.0.28/linux/libusb/../../libusb/core.c:2443:9: return_function: returning to 'libusb_init_context' from 'usbi_mutex_static_unlock' libusb-1.0.28/linux/libusb/../../libusb/core.c:2446:12: branch_false: following 'false' branch (when '_ctx' is non-NULL)... libusb-1.0.28/linux/libusb/../../libusb/core.c:2452:9: branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/core.c:2461:9: call_function: calling 'usbi_mutex_init' from 'libusb_init_context' libusb-1.0.28/linux/libusb/../../libusb/core.c:2461:9: return_function: returning to 'libusb_init_context' from 'usbi_mutex_init' libusb-1.0.28/linux/libusb/../../libusb/core.c:2462:9: call_function: calling 'usbi_mutex_init' from 'libusb_init_context' libusb-1.0.28/linux/libusb/../../libusb/core.c:2462:9: return_function: returning to 'libusb_init_context' from 'usbi_mutex_init' libusb-1.0.28/linux/libusb/../../libusb/core.c:2467:46: branch_true: following 'true' branch (when 'option != 4')... libusb-1.0.28/linux/libusb/../../libusb/core.c:2468:20: branch_true: ...to here libusb-1.0.28/linux/libusb/../../libusb/core.c:2468:20: branch_true: following 'true' branch (when 'option == 0')... libusb-1.0.28/linux/libusb/../../libusb/core.c:2468:20: branch_true: ...to here libusb-1.0.28/linux/libusb/../../libusb/core.c:2467:46: branch_true: following 'true' branch (when 'option != 4')... libusb-1.0.28/linux/libusb/../../libusb/core.c:2468:20: branch_true: ...to here libusb-1.0.28/linux/libusb/../../libusb/core.c:2468:20: branch_false: following 'false' branch... libusb-1.0.28/linux/libusb/../../libusb/core.c:2471:20: branch_true: following 'true' branch (when 'option != 3')... libusb-1.0.28/linux/libusb/../../libusb/core.c:2472:29: branch_true: ...to here libusb-1.0.28/linux/libusb/../../libusb/core.c:2472:29: call_function: calling 'libusb_set_option' from 'libusb_init_context' with 0 variadic arguments libusb-1.0.28/linux/libusb/../../libusb/core.c:2472:29: return_function: returning to 'libusb_init_context' from 'libusb_set_option' libusb-1.0.28/linux/libusb/../../libusb/core.c:2476:20: branch_false: following 'false' branch (when 'r == 0')... libusb-1.0.28/linux/libusb/../../libusb/core.c:2467:75: branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/core.c:2467:46: branch_true: following 'true' branch (when 'option != 4')... libusb-1.0.28/linux/libusb/../../libusb/core.c:2468:20: branch_true: ...to here libusb-1.0.28/linux/libusb/../../libusb/core.c:2472:29: call_function: calling 'libusb_set_option' from 'libusb_init_context' with 0 variadic arguments libusb-1.0.28/linux/libusb/../../libusb/core.c:2472:29: return_function: returning to 'libusb_init_context' from 'libusb_set_option' libusb-1.0.28/linux/libusb/../../libusb/core.c:2476:20: branch_false: following 'false' branch (when 'r == 0')... libusb-1.0.28/linux/libusb/../../libusb/core.c:2467:75: branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/core.c:2467:46: branch_true: following 'true' branch (when 'option != 4')... libusb-1.0.28/linux/libusb/../../libusb/core.c:2468:20: branch_true: ...to here libusb-1.0.28/linux/libusb/../../libusb/core.c:2472:29: call_function: calling 'libusb_set_option' from 'libusb_init_context' with 0 variadic arguments # 2308| } # 2309| if (LIBUSB_OPTION_LOG_CB == option) { # 2310|-> log_cb = (libusb_log_cb) va_arg(ap, libusb_log_cb); # 2311| } # 2312| Error: GCC_ANALYZER_WARNING (CWE-401): [#def8] libusb-1.0.28/linux/libusb/../../libusb/descriptor.c:1085:17: warning[-Wanalyzer-malloc-leak]: leak of '_ssplus_cap' libusb-1.0.28/linux/libusb/../../libusb/descriptor.c:1038:18: enter_function: entry to 'libusb_get_ssplus_usb_device_capability_descriptor' libusb-1.0.28/linux/libusb/../../libusb/descriptor.c:1049:12: branch_false: following 'false' branch... libusb-1.0.28/linux/libusb/../../libusb/descriptor.c:1054:20: branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/descriptor.c:1054:19: branch_false: following 'false' branch... libusb-1.0.28/linux/libusb/../../libusb/descriptor.c:1065:41: call_function: inlined call to 'ReadLittleEndian32' from 'libusb_get_ssplus_usb_device_capability_descriptor' libusb-1.0.28/linux/libusb/../../libusb/descriptor.c:1070:23: acquire_memory: allocated here libusb-1.0.28/linux/libusb/../../libusb/descriptor.c:1071:12: branch_false: following 'false' branch (when '_ssplus_cap' is non-NULL)... libusb-1.0.28/linux/libusb/../../libusb/descriptor.c:1075:9: branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/descriptor.c:1084:12: branch_true: following 'true' branch... libusb-1.0.28/linux/libusb/../../libusb/descriptor.c:1085:17: branch_true: ...to here libusb-1.0.28/linux/libusb/../../libusb/descriptor.c:1085:17: danger: '_ssplus_cap' leaks here; was allocated at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6) # 1083| /* Check that we have enough to read all the sublink attributes */ # 1084| if (dev_cap->bLength < LIBUSB_BT_SSPLUS_USB_DEVICE_CAPABILITY_SIZE + _ssplus_cap->numSublinkSpeedAttributes * sizeof(uint32_t)) { # 1085|-> usbi_err(ctx, "short ssplus capability descriptor, unable to read sublinks: Not enough data"); # 1086| return LIBUSB_ERROR_IO; # 1087| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def9] libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:389:30: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:342:18: enter_function: entry to 'libusb_hotplug_register_callback' libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:351:12: branch_false: following 'false' branch... libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:351:13: branch_false: following 'false' branch... libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:354:13: branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:351:13: branch_false: following 'false' branch... libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:355:13: branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:351:13: branch_false: following 'false' branch... libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:351:13: branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:351:13: branch_false: following 'false' branch (when 'cb_fn' is non-NULL)... libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:361:14: branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:361:12: branch_false: following 'false' branch... libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:364:15: branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:364:15: call_function: calling 'usbi_get_context' from 'libusb_hotplug_register_callback' libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:364:15: return_function: returning to 'libusb_hotplug_register_callback' from 'usbi_get_context' libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:367:12: branch_false: following 'false' branch (when 'hotplug_cb' is non-NULL)... libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:370:29: branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:371:12: branch_false: following 'false' branch (when 'vendor_id == -1')... libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:375:12: branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:375:12: branch_false: following 'false' branch (when 'product_id == -1')... libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:379:12: branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:379:12: branch_false: following 'false' branch (when 'dev_class == -1')... libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:383:9: branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:386:9: call_function: calling 'usbi_mutex_lock' from 'libusb_hotplug_register_callback' libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:386:9: return_function: returning to 'libusb_hotplug_register_callback' from 'usbi_mutex_lock' libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:389:30: danger: dereference of NULL 'usbi_get_context(ctx)' # 387| # 388| /* protect the handle by the context hotplug lock */ # 389|-> hotplug_cb->handle = ctx->next_hotplug_cb_handle++; # 390| # 391| /* handle the unlikely case of overflow */ Error: GCC_ANALYZER_WARNING (CWE-476): [#def10] libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:456:17: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:427:19: enter_function: entry to 'libusb_hotplug_deregister_callback' libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:439:15: call_function: calling 'usbi_get_context' from 'libusb_hotplug_deregister_callback' libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:439:15: return_function: returning to 'libusb_hotplug_deregister_callback' from 'usbi_get_context' libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:441:9: call_function: calling 'usbi_mutex_lock' from 'libusb_hotplug_deregister_callback' libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:441:9: return_function: returning to 'libusb_hotplug_deregister_callback' from 'usbi_mutex_lock' libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:442:9: branch_true: following 'true' branch... libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:443:40: branch_true: ...to here libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:450:9: call_function: calling 'usbi_mutex_unlock' from 'libusb_hotplug_deregister_callback' libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:450:9: return_function: returning to 'libusb_hotplug_deregister_callback' from 'usbi_mutex_unlock' libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:452:12: branch_true: following 'true' branch (when 'deregistered != 0')... libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:455:17: branch_true: ...to here libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:455:17: call_function: calling 'usbi_mutex_lock' from 'libusb_hotplug_deregister_callback' libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:455:17: return_function: returning to 'libusb_hotplug_deregister_callback' from 'usbi_mutex_lock' libusb-1.0.28/linux/libusb/../../libusb/hotplug.c:456:17: danger: dereference of NULL 'usbi_get_context(ctx)' # 454| # 455| usbi_mutex_lock(&ctx->event_data_lock); # 456|-> event_flags = ctx->event_flags; # 457| ctx->event_flags |= USBI_EVENT_HOTPLUG_CB_DEREGISTERED; # 458| if (!event_flags) Error: GCC_ANALYZER_WARNING (CWE-476): [#def11] libusb-1.0.28/linux/libusb/../../libusb/io.c:2651:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' libusb-1.0.28/linux/libusb/../../libusb/io.c:2645:19: enter_function: entry to 'libusb_set_pollfd_notifiers' libusb-1.0.28/linux/libusb/../../libusb/io.c:2650:15: call_function: calling 'usbi_get_context' from 'libusb_set_pollfd_notifiers' libusb-1.0.28/linux/libusb/../../libusb/io.c:2650:15: return_function: returning to 'libusb_set_pollfd_notifiers' from 'usbi_get_context' libusb-1.0.28/linux/libusb/../../libusb/io.c:2651:9: danger: dereference of NULL 'usbi_get_context(ctx)' # 2649| #if !defined(PLATFORM_WINDOWS) # 2650| ctx = usbi_get_context(ctx); # 2651|-> ctx->fd_added_cb = added_cb; # 2652| ctx->fd_removed_cb = removed_cb; # 2653| ctx->fd_cb_user_data = user_data; Error: GCC_ANALYZER_WARNING (CWE-476): [#def12] libusb-1.0.28/linux/libusb/../../libusb/io.c:2820:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'dev_handle' libusb-1.0.28/linux/libusb/../../libusb/io.c:2816:38: branch_false: following 'false' branch (when 'dev_handle' is NULL)... libusb-1.0.28/linux/libusb/../../libusb/io.c:2820:9: branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/io.c:2820:9: danger: dereference of NULL 'dev_handle' # 2818| struct usbi_transfer *to_cancel; # 2819| # 2820|-> usbi_dbg(ctx, "device %d.%d", # 2821| dev_handle->dev->bus_number, dev_handle->dev->device_address); # 2822| Error: GCC_ANALYZER_WARNING (CWE-476): [#def13] libusb-1.0.28/linux/libusb/../../libusb/libusbi.h:497:16: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' libusb-1.0.28/linux/libusb/../../libusb/sync.c:103:18: enter_function: entry to 'libusb_control_transfer' libusb-1.0.28/linux/libusb/../../libusb/sync.c:112:13: branch_false: following 'false' branch (when 'dev_handle' is NULL)... libusb-1.0.28/linux/libusb/../../libusb/sync.c:112:13: call_function: inlined call to 'usbi_handling_events' from 'libusb_control_transfer' # 495| static inline int usbi_handling_events(struct libusb_context *ctx) # 496| { # 497|-> return usbi_tls_key_get(ctx->event_handling_key) != NULL; # 498| } # 499| Error: GCC_ANALYZER_WARNING (CWE-476): [#def14] libusb-1.0.28/linux/libusb/../../libusb/os/events_posix.h:58:16: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' libusb-1.0.28/linux/libusb/../../libusb/io.c:2573:18: enter_function: entry to 'libusb_get_next_timeout' libusb-1.0.28/linux/libusb/../../libusb/io.c:2580:15: call_function: calling 'usbi_get_context' from 'libusb_get_next_timeout' libusb-1.0.28/linux/libusb/../../libusb/io.c:2580:15: return_function: returning to 'libusb_get_next_timeout' from 'usbi_get_context' libusb-1.0.28/linux/libusb/../../libusb/io.c:2581:13: call_function: inlined call to 'usbi_using_timer' from 'libusb_get_next_timeout' # 56| static inline int usbi_timer_valid(usbi_timer_t *timer) # 57| { # 58|-> return timer->timerfd >= 0; # 59| } # 60| #endif Error: GCC_ANALYZER_WARNING (CWE-476): [#def15] libusb-1.0.28/linux/libusb/../../libusb/os/events_posix.h:58:16: warning[-Wanalyzer-null-dereference]: dereference of NULL 'ctx' libusb-1.0.28/linux/libusb/../../libusb/io.c:2491:18: enter_function: entry to 'libusb_handle_events_locked' libusb-1.0.28/linux/libusb/../../libusb/io.c:2497:12: branch_false: following 'false' branch... libusb-1.0.28/linux/libusb/../../libusb/io.c:2500:15: call_function: calling 'usbi_get_context' from 'libusb_handle_events_locked' libusb-1.0.28/linux/libusb/../../libusb/io.c:2500:15: return_function: returning to 'libusb_handle_events_locked' from 'usbi_get_context' libusb-1.0.28/linux/libusb/../../libusb/io.c:2501:13: call_function: calling 'get_next_timeout' from 'libusb_handle_events_locked' # 56| static inline int usbi_timer_valid(usbi_timer_t *timer) # 57| { # 58|-> return timer->timerfd >= 0; # 59| } # 60| #endif Error: GCC_ANALYZER_WARNING (CWE-401): [#def16] libusb-1.0.28/linux/libusb/../../libusb/os/linux_usbfs.c:1997:21: warning[-Wanalyzer-malloc-leak]: leak of 'urbs' libusb-1.0.28/linux/libusb/../../libusb/os/linux_usbfs.c:1988:16: acquire_memory: allocated here libusb-1.0.28/linux/libusb/../../libusb/os/linux_usbfs.c:1989:12: branch_false: following 'false' branch (when 'urbs' is non-NULL)... libusb-1.0.28/linux/libusb/../../libusb/os/linux_usbfs.c:1991:9: branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/os/linux_usbfs.c:1997:21: branch_false: following 'false' branch (when 'num_urbs <= i')... branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/os/linux_usbfs.c:1997:21: danger: 'urbs' leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0) # 1995| tpriv->reap_status = LIBUSB_TRANSFER_COMPLETED; # 1996| # 1997|-> for (i = 0; i < num_urbs; i++) { # 1998| struct usbfs_urb *urb = &urbs[i]; # 1999| Error: GCC_ANALYZER_WARNING (CWE-401): [#def17] libusb-1.0.28/linux/libusb/../../libusb/os/linux_usbfs.c:2186:21: warning[-Wanalyzer-malloc-leak]: leak of 'urbs' libusb-1.0.28/linux/libusb/../../libusb/os/linux_usbfs.c:2110:12: branch_false: following 'false' branch (when 'num_packets > 0')... branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/os/linux_usbfs.c:2118:21: branch_true: following 'true' branch (when 'i < num_packets')... libusb-1.0.28/linux/libusb/../../libusb/os/linux_usbfs.c:2119:17: branch_true: ...to here libusb-1.0.28/linux/libusb/../../libusb/os/linux_usbfs.c:2121:20: branch_false: following 'false' branch... libusb-1.0.28/linux/libusb/../../libusb/os/linux_usbfs.c:2128:17: branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/os/linux_usbfs.c:2131:12: branch_false: following 'false' branch... libusb-1.0.28/linux/libusb/../../libusb/os/linux_usbfs.c:2135:20: branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/os/linux_usbfs.c:2139:16: acquire_memory: allocated here libusb-1.0.28/linux/libusb/../../libusb/os/linux_usbfs.c:2140:12: branch_false: following 'false' branch (when 'urbs' is non-NULL)... libusb-1.0.28/linux/libusb/../../libusb/os/linux_usbfs.c:2143:9: branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/os/linux_usbfs.c:2151:28: branch_false: following 'false' branch (when 'i >= num_urbs')... branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/os/linux_usbfs.c:2186:21: branch_false: following 'false' branch (when 'i >= num_urbs')... branch_false: ...to here libusb-1.0.28/linux/libusb/../../libusb/os/linux_usbfs.c:2186:21: danger: 'urbs' leaks here; was allocated at [(9)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/8) # 2184| # 2185| /* submit URBs */ # 2186|-> for (i = 0; i < num_urbs; i++) { # 2187| int r = ioctl(hpriv->fd, IOCTL_USBFS_SUBMITURB, urbs[i]); # 2188| Error: CPPCHECK_WARNING (CWE-562): [#def18] libusb-1.0.28/tests/umockdev.c:603: error[autoVariables]: Address of local auto-variable assigned to a function parameter. # 601| struct libusb_transfer *transfer = NULL; # 602| # 603|-> fixture->chat = chat; # 604| # 605| /* Open */ Error: CPPCHECK_WARNING (CWE-562): [#def19] libusb-1.0.28/tests/umockdev.c:650: error[autoVariables]: Address of local auto-variable assigned to a function parameter. # 648| struct libusb_transfer *transfer = NULL; # 649| # 650|-> fixture->chat = chat; # 651| # 652| /* Open */ Error: CPPCHECK_WARNING (CWE-562): [#def20] libusb-1.0.28/tests/umockdev.c:696: error[autoVariables]: Address of local auto-variable assigned to a function parameter. # 694| struct libusb_transfer *transfer = NULL; # 695| # 696|-> fixture->chat = chat; # 697| # 698| /* Open */ Error: CPPCHECK_WARNING (CWE-562): [#def21] libusb-1.0.28/tests/umockdev.c:778: error[autoVariables]: Address of local auto-variable assigned to a function parameter. # 776| }; # 777| # 778|-> fixture->chat = chat; # 779| # 780| handle = libusb_open_device_with_vid_pid(fixture->ctx, 0x04a9, 0x31c0); Error: CPPCHECK_WARNING (CWE-562): [#def22] libusb-1.0.28/tests/umockdev.c:825: error[autoVariables]: Address of local auto-variable assigned to a function parameter. # 823| struct libusb_transfer *transfer = NULL; # 824| # 825|-> fixture->chat = chat; # 826| # 827| handle = libusb_open_device_with_vid_pid(fixture->ctx, 0x04a9, 0x31c0);
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-92.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | libusb1-1.0.28-2.fc43 |
| store-results-to | /tmp/tmpabu46nea/libusb1-1.0.28-2.fc43.tar.xz |
| time-created | 2025-04-25 14:14:52 |
| time-finished | 2025-04-25 14:16:38 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpabu46nea/libusb1-1.0.28-2.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpabu46nea/libusb1-1.0.28-2.fc43.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |