libuser-0.64-14.fc43

List of Findings

Error: COMPILER_WARNING: [#def1]
libuser-0.64/./config.h:9:9: warning[warning]: 'GLIB_VERSION_MIN_REQUIRED' redefined
#    7|   
#    8|   /* Shut up warnings about deprecated GValueArray */
#    9|-> #define GLIB_VERSION_MIN_REQUIRED GLIB_VERSION_2_30
#   10|   
#   11|   /* Stay away from deprecated glib functionality. */

Error: COMPILER_WARNING: [#def2]
libuser-0.64/lib/user_private.h:28: included_from: Included from here.
libuser-0.64/lib/common.c:25: included_from: Included from here.
libuser-0.64/config.h:9:9: warning: 'GLIB_VERSION_MIN_REQUIRED' redefined
#    9 | #define GLIB_VERSION_MIN_REQUIRED GLIB_VERSION_2_30
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/glib-2.0/glib/gtypes.h:36: included_from: Included from here.
/usr/include/glib-2.0/glib/galloca.h:34: included_from: Included from here.
/usr/include/glib-2.0/glib.h:32: included_from: Included from here.
libuser-0.64/lib/config.h:23: included_from: Included from here.
libuser-0.64/lib/common.c:19: included_from: Included from here.
/usr/include/glib-2.0/glib/gversionmacros.h:474:9: note: this is the location of the previous definition
#  474 | #define GLIB_VERSION_MIN_REQUIRED (GLIB_VERSION_CUR_STABLE)
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~
#    7|   
#    8|   /* Shut up warnings about deprecated GValueArray */
#    9|-> #define GLIB_VERSION_MIN_REQUIRED GLIB_VERSION_2_30
#   10|   
#   11|   /* Stay away from deprecated glib functionality. */

Error: COMPILER_WARNING (CWE-252): [#def3]
libuser-0.64/lib/common.c: scope_hint: In function 'lu_audit_logger'
libuser-0.64/lib/common.c:139:9: warning[-Wunused-result]: ignoring return value of 'audit_log_acct_message' declared with attribute 'warn_unused_result'
#  139 |         audit_log_acct_message(audit_fd, type, NULL, op, name, id,
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  140 |                 NULL, NULL, NULL, (int) result);
#      |                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  137|   	if (audit_fd < 0)
#  138|   		return;
#  139|-> 	audit_log_acct_message(audit_fd, type, NULL, op, name, id,
#  140|   		NULL, NULL, NULL, (int) result);
#  141|   }

Error: COMPILER_WARNING (CWE-252): [#def4]
libuser-0.64/lib/common.c: scope_hint: In function 'lu_audit_logger_with_group'
libuser-0.64/lib/common.c:173:9: warning[-Wunused-result]: ignoring return value of 'audit_log_acct_message' declared with attribute 'warn_unused_result'
#  173 |         audit_log_acct_message(audit_fd, type, NULL, buf, name, id,
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  174 |                         NULL, NULL, NULL, (int) result);
#      |                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  171|   		snprintf(buf, sizeof(buf), "%s grp=\"%s\"", op, grp);
#  172|   	}
#  173|-> 	audit_log_acct_message(audit_fd, type, NULL, buf, name, id,
#  174|   			NULL, NULL, NULL, (int) result);
#  175|   }

Error: GCC_ANALYZER_WARNING (CWE-457): [#def5]
libuser-0.64/lib/getdate.c:1179:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'yyss'
libuser-0.64/lib/getdate.c:1137:6: branch_true: following 'true' branch...
libuser-0.64/lib/getdate.c:1143:28: branch_true: ...to here
libuser-0.64/lib/getdate.c:1166:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')...
libuser-0.64/lib/getdate.c:1168:7: branch_false: ...to here
libuser-0.64/lib/getdate.c:1177:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)...
libuser-0.64/lib/getdate.c:1179:9: branch_false: ...to here
libuser-0.64/lib/getdate.c:1179:9: danger: use of uninitialized value 'yyss' here
# 1177|           if (! yyptr)
# 1178|             YYNOMEM;
# 1179|->         YYSTACK_RELOCATE (yyss_alloc, yyss);
# 1180|           YYSTACK_RELOCATE (yyvs_alloc, yyvs);
# 1181|   #  undef YYSTACK_RELOCATE

Error: GCC_ANALYZER_WARNING (CWE-457): [#def6]
libuser-0.64/lib/getdate.c:1306:3: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '*(unsigned int *)<unknown>'
libuser-0.64/lib/getdate.c:1137:6: branch_false: following 'false' branch...
libuser-0.64/lib/getdate.c:1201:6: branch_false: ...to here
libuser-0.64/lib/getdate.c:1201:6: branch_false: following 'false' branch (when 'yystate != 2')...
libuser-0.64/lib/getdate.c:1204:3: branch_false: ...to here
libuser-0.64/lib/getdate.c:1216:6: branch_true: following 'true' branch (when 'yyn == -20')...
libuser-0.64/lib/getdate.c:1217:5: branch_true: ...to here
libuser-0.64/lib/getdate.c:1286:6: branch_false: following 'false' branch (when 'yyn != 0')...
libuser-0.64/lib/getdate.c:1288:3: branch_false: ...to here
libuser-0.64/lib/getdate.c:1306:3: danger: use of uninitialized value '*(unsigned int *)<unknown>' here
# 1304|        unconditionally makes the parser a bit smaller, and it avoids a
# 1305|        GCC warning that YYVAL may be used uninitialized.  */
# 1306|->   yyval = yyvsp[1-yylen];
# 1307|   
# 1308|   

Error: CPPCHECK_WARNING (CWE-823): [#def7]
libuser-0.64/lib/util.c:176: error[arrayIndexOutOfBounds]: Array 'salt_type_info[5]' accessed at index 5, which is out of bounds.
#  174|   	g_assert(i < G_N_ELEMENTS(salt_type_info));
#  175|   
#  176|-> 	if (salt_type_info[i].sha_rounds != FALSE
#  177|   	    && strncmp(previous + len, "rounds=", strlen("rounds=")) == 0) {
#  178|   #if USE_XCRYPT_GENSALT

Error: CPPCHECK_WARNING (CWE-823): [#def8]
libuser-0.64/lib/util.c:204: error[arrayIndexOutOfBounds]: Array 'salt_type_info[5]' accessed at index 5, which is out of bounds.
#  202|   	}
#  203|   
#  204|-> 	g_assert(len + salt_type_info[i].salt_length
#  205|   		 + strlen(salt_type_info[i].separator) < sizeof(salt));
#  206|   	memcpy(salt, previous, len);

Error: CPPCHECK_WARNING (CWE-457): [#def9]
libuser-0.64/modules/files.c:902: error[legacyUninitvar]: Uninitialized variable: id_attribute
#  900|   	}
#  901|   
#  902|-> 	id_change = lu_ent_get_first_id(ent, id_attribute);
#  903|   	if (id_change == LU_VALUE_INVALID_ID) {
#  904|   		/* The GID is not being changed, success */

Error: CPPCHECK_WARNING (CWE-457): [#def10]
libuser-0.64/modules/files.c:1324: error[legacyUninitvar]: Uninitialized variable: name_attribute
# 1322|   
# 1323|   	current_name = lu_ent_get_first_value_strdup_current(ent,
# 1324|-> 							     name_attribute);
# 1325|   	if (current_name == NULL) {
# 1326|   		lu_error_new(error, lu_error_generic,

Scan Properties

analyzer-version-clippy	1.86.0
analyzer-version-cppcheck	2.17.1
analyzer-version-gcc	15.0.1
analyzer-version-gcc-analyzer	15.0.1
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-34.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	libuser-0.64-14.fc43
store-results-to	/tmp/tmpbb83_ubx/libuser-0.64-14.fc43.tar.xz
time-created	2025-04-25 14:16:45
time-finished	2025-04-25 14:19:29
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpbb83_ubx/libuser-0.64-14.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpbb83_ubx/libuser-0.64-14.fc43.src.rpm'
tool-version	csmock-3.8.1.20250422.172604.g26bc3d6-1.el9