Error: GCC_ANALYZER_WARNING (CWE-457): [#def1] libxcrypt-4.4.38/lib/alg-sha256.c:121:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '*<unknown>' libxcrypt-4.4.38/lib/alg-sha256.c:465:1: enter_function: entry to '_crypt_HMAC_SHA256_Buf' libxcrypt-4.4.38/lib/alg-sha256.c:472:9: call_function: calling '_HMAC_SHA256_Init' from '_crypt_HMAC_SHA256_Buf' # 119| uint32_t x_xor_y, y_xor_z = S[(65 - i) % 8] ^ S[(66 - i) % 8]; # 120| RNDr(S, W, 0, i); # 121|-> RNDr(S, W, 1, i); # 122| RNDr(S, W, 2, i); # 123| RNDr(S, W, 3, i); Error: GCC_ANALYZER_WARNING (CWE-457): [#def2] libxcrypt-4.4.38/lib/alg-sha512.c:134:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'W[<unknown>]' libxcrypt-4.4.38/lib/alg-sha512.c:301:1: enter_function: entry to '_crypt_SHA512_Buf' libxcrypt-4.4.38/lib/alg-sha512.c:307:9: call_function: calling '_crypt_SHA512_Update' from '_crypt_SHA512_Buf' # 132| uint64_t x_xor_y, y_xor_z = S[(65 - i) % 8] ^ S[(66 - i) % 8]; # 133| RNDr(S, W, 0, i); # 134|-> RNDr(S, W, 1, i); # 135| RNDr(S, W, 2, i); # 136| RNDr(S, W, 3, i); Error: GCC_ANALYZER_WARNING (CWE-476): [#def3] libxcrypt-4.4.38/lib/alg-yescrypt-opt.c:1320:17: warning[-Wanalyzer-null-dereference]: dereference of NULL 'B' libxcrypt-4.4.38/lib/alg-yescrypt-opt.c:1445:5: enter_function: entry to '_crypt_yescrypt_init_shared' libxcrypt-4.4.38/lib/alg-yescrypt-opt.c:1459:12: branch_false: following 'false' branch... libxcrypt-4.4.38/lib/alg-yescrypt-opt.c:1462:12: branch_false: following 'false' branch... libxcrypt-4.4.38/lib/alg-yescrypt-opt.c:1471:17: call_function: inlined call to 'init_region' from '_crypt_yescrypt_init_shared' libxcrypt-4.4.38/lib/alg-yescrypt-opt.c:1474:21: call_function: calling '_crypt_yescrypt_kdf' from '_crypt_yescrypt_init_shared' # 1318| # 1319| if (flags) # 1320|-> memcpy(sha256, B, sizeof(sha256)); # 1321| # 1322| if (p == 1 || (flags & YESCRYPT_RW)) { Error: GCC_ANALYZER_WARNING (CWE-787): [#def4] libxcrypt-4.4.38/lib/crypt-bcrypt.c:732:8: warning[-Wanalyzer-out-of-bounds]: buffer over-read libxcrypt-4.4.38/lib/crypt-bcrypt.c:1046:1: enter_function: entry to '_crypt_crypt_bcrypt_y_rn' libxcrypt-4.4.38/lib/crypt-bcrypt.c:1051:3: call_function: calling 'BF_full_crypt' from '_crypt_crypt_bcrypt_y_rn' # 730| setting[1] != '2' || # 731| setting[2] < 'a' || setting[2] > 'z' || # 732|-> !flags_by_subtype[(unsigned int) (unsigned char) setting[2] - 'a'] || # 733| setting[3] != '$' || # 734| setting[4] < '0' || setting[4] > '3' ||
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-112.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | libxcrypt-4.4.38-7.fc43 |
| store-results-to | /tmp/tmpktgtyvz9/libxcrypt-4.4.38-7.fc43.tar.xz |
| time-created | 2025-04-25 14:15:34 |
| time-finished | 2025-04-25 14:17:46 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpktgtyvz9/libxcrypt-4.4.38-7.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpktgtyvz9/libxcrypt-4.4.38-7.fc43.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |