nettle-3.10.1-1.fc43

List of Findings

Error: COMPILER_WARNING: [#def1]
nettle-3.10.1/base16-encode.c:42:18: warning[-Wunterminated-string-initialization]: initializer-string for array of ‘unsigned char’ truncates NUL terminator but destination lacks ‘nonstring’ attribute (17 chars into 16 available)
#   42 | hex_digits[16] = "0123456789abcdef";
#      |                  ^~~~~~~~~~~~~~~~~~
#   40|   
#   41|   static const uint8_t
#   42|-> hex_digits[16] = "0123456789abcdef";
#   43|   
#   44|   #define DIGIT(x) (hex_digits[(x) & 0xf])

Error: COMPILER_WARNING: [#def2]
nettle-3.10.1/base64-encode.c:87:3: warning[-Wunterminated-string-initialization]: initializer-string for array of ‘char’ truncates NUL terminator but destination lacks ‘nonstring’ attribute (65 chars into 64 available)
#   87 |   "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
#      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   85|   
#   86|   static const char base64_encode_table[64] =
#   87|->   "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
#   88|     "abcdefghijklmnopqrstuvwxyz"
#   89|     "0123456789+/";

Error: COMPILER_WARNING: [#def3]
nettle-3.10.1/base64url-encode.c: scope_hint: In function ‘nettle_base64url_encode_init’
nettle-3.10.1/base64url-encode.c:42:5: warning[-Wunterminated-string-initialization]: initializer-string for array of ‘char’ truncates NUL terminator but destination lacks ‘nonstring’ attribute (65 chars into 64 available)
#   42 |     "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
#      |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   40|   {
#   41|     static const char base64url_encode_table[64] =
#   42|->     "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
#   43|       "abcdefghijklmnopqrstuvwxyz"
#   44|       "0123456789-_";

Error: COMPILER_WARNING: [#def4]
nettle-3.10.1/blowfish-bcrypt.c:74:3: warning[-Wunterminated-string-initialization]: initializer-string for array of ‘char’ truncates NUL terminator but destination lacks ‘nonstring’ attribute (65 chars into 64 available)
#   74 |   "./ABCDEFGHIJKLMNOPQRSTUVWXYZ"
#      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   72|   
#   73|   static const char radix64_encode_table[64] =
#   74|->   "./ABCDEFGHIJKLMNOPQRSTUVWXYZ"
#   75|       "abcdefghijklmnopqrstuvwxyz"
#   76|       "0123456789";

Error: COMPILER_WARNING: [#def5]
nettle-3.10.1/conftest.s: scope_hint: Assembler messages
nettle-3.10.1/conftest.s:2: Error: alignment not a power of 2

Error: COMPILER_WARNING: [#def6]
nettle-3.10.1/conftest.s: scope_hint: Assembler messages
nettle-3.10.1/conftest.s:4: Error: unknown pseudo-op: `.def'

Error: COMPILER_WARNING: [#def7]
nettle-3.10.1/conftest.s: scope_hint: Assembler messages
nettle-3.10.1/conftest.s:4: Error: unrecognized symbol type ""

Error: COMPILER_WARNING: [#def8]
nettle-3.10.1/conftest.s:5: Error: unknown pseudo-op: `.scl'

Error: COMPILER_WARNING: [#def9]
nettle-3.10.1/conftest.s:6: Error: Missing symbol name in directive

Error: COMPILER_WARNING: [#def10]
nettle-3.10.1/conftest.s:6: Error: unrecognized symbol type "32"

Error: COMPILER_WARNING: [#def11]
nettle-3.10.1/conftest.s:7: Error: unknown pseudo-op: `.endef'

Error: GCC_ANALYZER_WARNING (CWE-401): [#def12]
nettle-3.10.1/examples/hogweed-benchmark.c:553:3: warning[-Wanalyzer-malloc-leak]: leak of ‘xalloc(248)’
nettle-3.10.1/examples/hogweed-benchmark.c:546:1: enter_function: entry to ‘bench_eddsa_init’
nettle-3.10.1/examples/hogweed-benchmark.c:552:9: call_function: calling ‘xalloc’ from ‘bench_eddsa_init’
nettle-3.10.1/examples/hogweed-benchmark.c:552:9: return_function: returning to ‘bench_eddsa_init’ from ‘xalloc’
nettle-3.10.1/examples/hogweed-benchmark.c:553:3: danger: ‘xalloc(248)’ leaks here; was allocated at [(4)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/3)
#  551|   
#  552|     ctx = xalloc (sizeof(*ctx));
#  553|->   switch (size) {
#  554|     case 255:
#  555|       ctx->sign = ed25519_sha512_sign;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def13]
nettle-3.10.1/examples/hogweed-benchmark.c:817:3: warning[-Wanalyzer-malloc-leak]: leak of ‘xalloc(128)’
nettle-3.10.1/examples/hogweed-benchmark.c:812:1: enter_function: entry to ‘bench_curve_init’
nettle-3.10.1/examples/hogweed-benchmark.c:815:27: call_function: calling ‘xalloc’ from ‘bench_curve_init’
nettle-3.10.1/examples/hogweed-benchmark.c:815:27: return_function: returning to ‘bench_curve_init’ from ‘xalloc’
nettle-3.10.1/examples/hogweed-benchmark.c:817:3: danger: ‘xalloc(128)’ leaks here; was allocated at [(4)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/3)
#  815|     struct curve_ctx *ctx = xalloc (sizeof (*ctx));
#  816|     knuth_lfib_init (&lfib, 17);
#  817|->   switch (size)
#  818|       {
#  819|       case 255:

Error: GCC_ANALYZER_WARNING (CWE-457): [#def14]
nettle-3.10.1/gosthash94.c:76:39: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘v[1]’
nettle-3.10.1/gosthash94.c:297:1: enter_function: entry to ‘gosthash94_update_int’
nettle-3.10.1/gosthash94.c:301:5: branch_false: following ‘false’ branch...
 branch_false: ...to here
nettle-3.10.1/gosthash94.c:301:5: branch_true: following ‘true’ branch (when ‘length > 31’)...
nettle-3.10.1/gosthash94.c:301:5: branch_true: ...to here
nettle-3.10.1/gosthash94.c:301:5: call_function: calling ‘gost_compute_sum_and_hash’ from ‘gosthash94_update_int’
#   74|   
#   75|       /* w := u xor v */
#   76|->     w[0] = u[0] ^ v[0], w[1] = u[1] ^ v[1];
#   77|       w[2] = u[2] ^ v[2], w[3] = u[3] ^ v[3];
#   78|       w[4] = u[4] ^ v[4], w[5] = u[5] ^ v[5];

Error: GCC_ANALYZER_WARNING (CWE-471): [#def15]
nettle-3.10.1/mini-gmp.c:1328:11: warning[-Wanalyzer-write-to-const]: write to ‘const’ object ‘dummy_limb’
nettle-3.10.1/eccdata.c:1404:1: enter_function: entry to ‘main’
nettle-3.10.1/eccdata.c:1408:6: branch_false: following ‘false’ branch (when ‘argc > 3’)...
nettle-3.10.1/eccdata.c:1414:3: branch_false: ...to here
nettle-3.10.1/eccdata.c:1414:3: call_function: calling ‘ecc_curve_init’ from ‘main’
# 1326|         if (shift == 0)
# 1327|   	{
# 1328|-> 	  rp[rn++] = sp[j];
# 1329|   	  shift += bits;
# 1330|   	}

Error: GCC_ANALYZER_WARNING (CWE-471): [#def16]
nettle-3.10.1/mini-gmp.c:1333:11: warning[-Wanalyzer-write-to-const]: write to ‘const’ object ‘dummy_limb’
nettle-3.10.1/eccdata.c:1404:1: enter_function: entry to ‘main’
nettle-3.10.1/eccdata.c:1408:6: branch_false: following ‘false’ branch (when ‘argc > 3’)...
nettle-3.10.1/eccdata.c:1414:3: branch_false: ...to here
nettle-3.10.1/eccdata.c:1414:3: call_function: calling ‘ecc_curve_init’ from ‘main’
# 1331|         else
# 1332|   	{
# 1333|-> 	  rp[rn-1] |= (mp_limb_t) sp[j] << shift;
# 1334|   	  shift += bits;
# 1335|   	  if (shift >= GMP_LIMB_BITS)

Error: GCC_ANALYZER_WARNING (CWE-471): [#def17]
nettle-3.10.1/mini-gmp.c:1339:17: warning[-Wanalyzer-write-to-const]: write to ‘const’ object ‘dummy_limb’
nettle-3.10.1/eccdata.c:1404:1: enter_function: entry to ‘main’
nettle-3.10.1/eccdata.c:1408:6: branch_false: following ‘false’ branch (when ‘argc > 3’)...
nettle-3.10.1/eccdata.c:1414:3: branch_false: ...to here
nettle-3.10.1/eccdata.c:1414:3: call_function: calling ‘ecc_curve_init’ from ‘main’
# 1337|   	      shift -= GMP_LIMB_BITS;
# 1338|   	      if (shift > 0)
# 1339|-> 		rp[rn++] = (mp_limb_t) sp[j] >> (bits - shift);
# 1340|   	    }
# 1341|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def18]
nettle-3.10.1/testsuite/testutils.c:38:7: warning[-Wanalyzer-malloc-leak]: leak of ‘xalloc((long unsigned int)*aead.context_size)’
nettle-3.10.1/testsuite/testutils.c:827:1: enter_function: entry to ‘test_aead’
nettle-3.10.1/testsuite/testutils.c:836:15: call_function: calling ‘xalloc’ from ‘test_aead’
nettle-3.10.1/testsuite/testutils.c:836:15: return_function: returning to ‘test_aead’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:38:7: danger: ‘xalloc((long unsigned int)*aead.context_size)’ leaks here; was allocated at [(4)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/3)
#   36|   {
#   37|     void *p = malloc(size);
#   38|->   if (size && !p)
#   39|       {
#   40|         fprintf(stderr, "Virtual memory exhausted.\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def19]
nettle-3.10.1/testsuite/testutils.c:38:7: warning[-Wanalyzer-malloc-leak]: leak of ‘xalloc((long unsigned int)*aead.digest_size)’
nettle-3.10.1/testsuite/testutils.c:827:1: enter_function: entry to ‘test_aead’
nettle-3.10.1/testsuite/testutils.c:836:15: call_function: calling ‘xalloc’ from ‘test_aead’
nettle-3.10.1/testsuite/testutils.c:836:15: return_function: returning to ‘test_aead’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:841:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:842:3: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:842:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:843:3: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:843:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:845:19: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:845:12: call_function: calling ‘xalloc’ from ‘test_aead’
nettle-3.10.1/testsuite/testutils.c:845:12: return_function: returning to ‘test_aead’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:846:8: call_function: calling ‘xalloc’ from ‘test_aead’
nettle-3.10.1/testsuite/testutils.c:846:8: return_function: returning to ‘test_aead’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:847:9: call_function: calling ‘xalloc’ from ‘test_aead’
nettle-3.10.1/testsuite/testutils.c:847:9: return_function: returning to ‘test_aead’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:849:22: branch_true: following ‘true’ branch...
nettle-3.10.1/testsuite/testutils.c:852:28: branch_true: ...to here
nettle-3.10.1/testsuite/testutils.c:855:24: branch_true: following ‘true’ branch...
nettle-3.10.1/testsuite/testutils.c:858:11: branch_true: ...to here
nettle-3.10.1/testsuite/testutils.c:860:14: branch_false: following ‘false’ branch (when ‘set_nonce’ is NULL)...
nettle-3.10.1/testsuite/testutils.c:864:15: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:38:7: danger: ‘xalloc((long unsigned int)*aead.digest_size)’ leaks here; was allocated at [(15)](sarif:/runs/0/results/74/codeFlows/0/threadFlows/0/locations/14)
#   36|   {
#   37|     void *p = malloc(size);
#   38|->   if (size && !p)
#   39|       {
#   40|         fprintf(stderr, "Virtual memory exhausted.\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def20]
nettle-3.10.1/testsuite/testutils.c:38:7: warning[-Wanalyzer-malloc-leak]: leak of ‘xalloc((long unsigned int)*armor.decode_context_size)’
nettle-3.10.1/testsuite/testutils.c:1347:1: enter_function: entry to ‘test_armor’
nettle-3.10.1/testsuite/testutils.c:1353:18: call_function: calling ‘xalloc’ from ‘test_armor’
nettle-3.10.1/testsuite/testutils.c:1353:18: return_function: returning to ‘test_armor’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:1354:20: call_function: calling ‘xalloc’ from ‘test_armor’
nettle-3.10.1/testsuite/testutils.c:1354:20: return_function: returning to ‘test_armor’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:1355:18: call_function: calling ‘xalloc’ from ‘test_armor’
nettle-3.10.1/testsuite/testutils.c:1355:18: return_function: returning to ‘test_armor’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:1356:18: call_function: calling ‘xalloc’ from ‘test_armor’
nettle-3.10.1/testsuite/testutils.c:1356:18: return_function: returning to ‘test_armor’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:38:7: danger: ‘xalloc((long unsigned int)*armor.decode_context_size)’ leaks here; was allocated at [(19)](sarif:/runs/0/results/53/codeFlows/0/threadFlows/0/locations/18)
#   36|   {
#   37|     void *p = malloc(size);
#   38|->   if (size && !p)
#   39|       {
#   40|         fprintf(stderr, "Virtual memory exhausted.\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def21]
nettle-3.10.1/testsuite/testutils.c:38:7: warning[-Wanalyzer-malloc-leak]: leak of ‘xalloc((long unsigned int)*armor.encode_context_size)’
nettle-3.10.1/testsuite/testutils.c:1347:1: enter_function: entry to ‘test_armor’
nettle-3.10.1/testsuite/testutils.c:1353:18: call_function: calling ‘xalloc’ from ‘test_armor’
nettle-3.10.1/testsuite/testutils.c:1353:18: return_function: returning to ‘test_armor’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:1354:20: call_function: calling ‘xalloc’ from ‘test_armor’
nettle-3.10.1/testsuite/testutils.c:1354:20: return_function: returning to ‘test_armor’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:1355:18: call_function: calling ‘xalloc’ from ‘test_armor’
nettle-3.10.1/testsuite/testutils.c:1355:18: return_function: returning to ‘test_armor’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:1356:18: call_function: calling ‘xalloc’ from ‘test_armor’
nettle-3.10.1/testsuite/testutils.c:1356:18: return_function: returning to ‘test_armor’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:38:7: danger: ‘xalloc((long unsigned int)*armor.encode_context_size)’ leaks here; was allocated at [(14)](sarif:/runs/0/results/52/codeFlows/0/threadFlows/0/locations/13)
#   36|   {
#   37|     void *p = malloc(size);
#   38|->   if (size && !p)
#   39|       {
#   40|         fprintf(stderr, "Virtual memory exhausted.\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def22]
nettle-3.10.1/testsuite/testutils.c:38:7: warning[-Wanalyzer-malloc-leak]: leak of ‘xalloc((long unsigned int)*cipher.block_size)’
nettle-3.10.1/testsuite/testutils.c:226:1: enter_function: entry to ‘test_cipher_cbc’
nettle-3.10.1/testsuite/testutils.c:232:15: call_function: calling ‘xalloc’ from ‘test_cipher_cbc’
nettle-3.10.1/testsuite/testutils.c:232:15: return_function: returning to ‘test_cipher_cbc’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:234:17: call_function: calling ‘xalloc’ from ‘test_cipher_cbc’
nettle-3.10.1/testsuite/testutils.c:234:17: return_function: returning to ‘test_cipher_cbc’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:38:7: danger: ‘xalloc((long unsigned int)*cipher.block_size)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/8)
#   36|   {
#   37|     void *p = malloc(size);
#   38|->   if (size && !p)
#   39|       {
#   40|         fprintf(stderr, "Virtual memory exhausted.\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def23]
nettle-3.10.1/testsuite/testutils.c:38:7: warning[-Wanalyzer-malloc-leak]: leak of ‘xalloc((long unsigned int)*cipher.context_size)’
nettle-3.10.1/testsuite/testutils.c:226:1: enter_function: entry to ‘test_cipher_cbc’
nettle-3.10.1/testsuite/testutils.c:232:15: call_function: calling ‘xalloc’ from ‘test_cipher_cbc’
nettle-3.10.1/testsuite/testutils.c:232:15: return_function: returning to ‘test_cipher_cbc’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:234:17: call_function: calling ‘xalloc’ from ‘test_cipher_cbc’
nettle-3.10.1/testsuite/testutils.c:234:17: return_function: returning to ‘test_cipher_cbc’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:38:7: danger: ‘xalloc((long unsigned int)*cipher.context_size)’ leaks here; was allocated at [(4)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/3)
#   36|   {
#   37|     void *p = malloc(size);
#   38|->   if (size && !p)
#   39|       {
#   40|         fprintf(stderr, "Virtual memory exhausted.\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def24]
nettle-3.10.1/testsuite/testutils.c:38:7: warning[-Wanalyzer-malloc-leak]: leak of ‘xalloc((long unsigned int)*hash.context_size)’
nettle-3.10.1/testsuite/testutils.c:1097:1: enter_function: entry to ‘test_hash’
nettle-3.10.1/testsuite/testutils.c:1101:15: call_function: calling ‘xalloc’ from ‘test_hash’
nettle-3.10.1/testsuite/testutils.c:1101:15: return_function: returning to ‘test_hash’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:1102:21: call_function: calling ‘xalloc’ from ‘test_hash’
nettle-3.10.1/testsuite/testutils.c:1102:21: return_function: returning to ‘test_hash’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:38:7: danger: ‘xalloc((long unsigned int)*hash.context_size)’ leaks here; was allocated at [(4)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/3)
#   36|   {
#   37|     void *p = malloc(size);
#   38|->   if (size && !p)
#   39|       {
#   40|         fprintf(stderr, "Virtual memory exhausted.\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def25]
nettle-3.10.1/testsuite/testutils.c:38:7: warning[-Wanalyzer-malloc-leak]: leak of ‘xalloc((long unsigned int)*hash.digest_size)’
nettle-3.10.1/testsuite/testutils.c:1244:1: enter_function: entry to ‘test_hash_large’
nettle-3.10.1/testsuite/testutils.c:1249:15: call_function: calling ‘xalloc’ from ‘test_hash_large’
nettle-3.10.1/testsuite/testutils.c:1249:15: return_function: returning to ‘test_hash_large’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:1250:21: call_function: calling ‘xalloc’ from ‘test_hash_large’
nettle-3.10.1/testsuite/testutils.c:1250:21: return_function: returning to ‘test_hash_large’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:1251:19: call_function: calling ‘xalloc’ from ‘test_hash_large’
nettle-3.10.1/testsuite/testutils.c:1251:19: return_function: returning to ‘test_hash_large’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:38:7: danger: ‘xalloc((long unsigned int)*hash.digest_size)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/33/codeFlows/0/threadFlows/0/locations/8)
#   36|   {
#   37|     void *p = malloc(size);
#   38|->   if (size && !p)
#   39|       {
#   40|         fprintf(stderr, "Virtual memory exhausted.\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def26]
nettle-3.10.1/testsuite/testutils.c:38:7: warning[-Wanalyzer-malloc-leak]: leak of ‘xalloc((long unsigned int)*mac.context_size)’
nettle-3.10.1/testsuite/testutils.c:1279:1: enter_function: entry to ‘test_mac’
nettle-3.10.1/testsuite/testutils.c:1285:15: call_function: calling ‘xalloc’ from ‘test_mac’
nettle-3.10.1/testsuite/testutils.c:1285:15: return_function: returning to ‘test_mac’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:1286:19: call_function: calling ‘xalloc’ from ‘test_mac’
nettle-3.10.1/testsuite/testutils.c:1286:19: return_function: returning to ‘test_mac’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:38:7: danger: ‘xalloc((long unsigned int)*mac.context_size)’ leaks here; was allocated at [(4)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/3)
#   36|   {
#   37|     void *p = malloc(size);
#   38|->   if (size && !p)
#   39|       {
#   40|         fprintf(stderr, "Virtual memory exhausted.\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def27]
nettle-3.10.1/testsuite/testutils.c:38:7: warning[-Wanalyzer-malloc-leak]: leak of ‘xalloc((long unsigned int)*mac.digest_size)’
nettle-3.10.1/testsuite/testutils.c:1279:1: enter_function: entry to ‘test_mac’
nettle-3.10.1/testsuite/testutils.c:1285:15: call_function: calling ‘xalloc’ from ‘test_mac’
nettle-3.10.1/testsuite/testutils.c:1285:15: return_function: returning to ‘test_mac’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:1286:19: call_function: calling ‘xalloc’ from ‘test_mac’
nettle-3.10.1/testsuite/testutils.c:1286:19: return_function: returning to ‘test_mac’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:38:7: danger: ‘xalloc((long unsigned int)*mac.digest_size)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/8)
#   36|   {
#   37|     void *p = malloc(size);
#   38|->   if (size && !p)
#   39|       {
#   40|         fprintf(stderr, "Virtual memory exhausted.\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def28]
nettle-3.10.1/testsuite/testutils.c:38:7: warning[-Wanalyzer-malloc-leak]: leak of ‘xalloc(*armor.decode_length(ascii_length) + 1)’
nettle-3.10.1/testsuite/testutils.c:1347:1: enter_function: entry to ‘test_armor’
nettle-3.10.1/testsuite/testutils.c:1353:18: call_function: calling ‘xalloc’ from ‘test_armor’
nettle-3.10.1/testsuite/testutils.c:1353:18: return_function: returning to ‘test_armor’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:1354:20: call_function: calling ‘xalloc’ from ‘test_armor’
nettle-3.10.1/testsuite/testutils.c:1354:20: return_function: returning to ‘test_armor’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:1355:18: call_function: calling ‘xalloc’ from ‘test_armor’
nettle-3.10.1/testsuite/testutils.c:1355:18: return_function: returning to ‘test_armor’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:1356:18: call_function: calling ‘xalloc’ from ‘test_armor’
nettle-3.10.1/testsuite/testutils.c:1356:18: return_function: returning to ‘test_armor’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:38:7: danger: ‘xalloc(*armor.decode_length(ascii_length) + 1)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/55/codeFlows/0/threadFlows/0/locations/8)
#   36|   {
#   37|     void *p = malloc(size);
#   38|->   if (size && !p)
#   39|       {
#   40|         fprintf(stderr, "Virtual memory exhausted.\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def29]
nettle-3.10.1/testsuite/testutils.c:38:7: warning[-Wanalyzer-malloc-leak]: leak of ‘xalloc(*cipher.length + 1)’
nettle-3.10.1/testsuite/testutils.c:947:1: enter_function: entry to ‘test_aead_message’
nettle-3.10.1/testsuite/testutils.c:954:15: call_function: calling ‘xalloc’ from ‘test_aead_message’
nettle-3.10.1/testsuite/testutils.c:954:15: return_function: returning to ‘test_aead_message’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:955:18: call_function: calling ‘xalloc’ from ‘test_aead_message’
nettle-3.10.1/testsuite/testutils.c:955:18: return_function: returning to ‘test_aead_message’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:956:19: call_function: calling ‘xalloc’ from ‘test_aead_message’
nettle-3.10.1/testsuite/testutils.c:956:19: return_function: returning to ‘test_aead_message’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:38:7: danger: ‘xalloc(*cipher.length + 1)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/34/codeFlows/0/threadFlows/0/locations/8)
#   36|   {
#   37|     void *p = malloc(size);
#   38|->   if (size && !p)
#   39|       {
#   40|         fprintf(stderr, "Virtual memory exhausted.\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def30]
nettle-3.10.1/testsuite/testutils.c:38:7: warning[-Wanalyzer-malloc-leak]: leak of ‘xalloc(*cipher.length)’
nettle-3.10.1/testsuite/testutils.c:947:1: enter_function: entry to ‘test_aead_message’
nettle-3.10.1/testsuite/testutils.c:954:15: call_function: calling ‘xalloc’ from ‘test_aead_message’
nettle-3.10.1/testsuite/testutils.c:954:15: return_function: returning to ‘test_aead_message’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:955:18: call_function: calling ‘xalloc’ from ‘test_aead_message’
nettle-3.10.1/testsuite/testutils.c:955:18: return_function: returning to ‘test_aead_message’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:956:19: call_function: calling ‘xalloc’ from ‘test_aead_message’
nettle-3.10.1/testsuite/testutils.c:956:19: return_function: returning to ‘test_aead_message’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:38:7: danger: ‘xalloc(*cipher.length)’ leaks here; was allocated at [(14)](sarif:/runs/0/results/37/codeFlows/0/threadFlows/0/locations/13)
#   36|   {
#   37|     void *p = malloc(size);
#   38|->   if (size && !p)
#   39|       {
#   40|         fprintf(stderr, "Virtual memory exhausted.\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def31]
nettle-3.10.1/testsuite/testutils.c:38:7: warning[-Wanalyzer-malloc-leak]: leak of ‘xalloc(*cleartext.length + (long unsigned int)*aead.block_size + 18446744073709551615)’
nettle-3.10.1/testsuite/testutils.c:827:1: enter_function: entry to ‘test_aead’
nettle-3.10.1/testsuite/testutils.c:836:15: call_function: calling ‘xalloc’ from ‘test_aead’
nettle-3.10.1/testsuite/testutils.c:836:15: return_function: returning to ‘test_aead’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:841:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:842:3: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:842:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:843:3: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:843:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:845:19: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:845:12: call_function: calling ‘xalloc’ from ‘test_aead’
nettle-3.10.1/testsuite/testutils.c:845:12: return_function: returning to ‘test_aead’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:846:8: call_function: calling ‘xalloc’ from ‘test_aead’
nettle-3.10.1/testsuite/testutils.c:846:8: return_function: returning to ‘test_aead’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:847:9: call_function: calling ‘xalloc’ from ‘test_aead’
nettle-3.10.1/testsuite/testutils.c:847:9: return_function: returning to ‘test_aead’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:849:22: branch_true: following ‘true’ branch...
nettle-3.10.1/testsuite/testutils.c:852:28: branch_true: ...to here
nettle-3.10.1/testsuite/testutils.c:855:24: branch_true: following ‘true’ branch...
nettle-3.10.1/testsuite/testutils.c:858:11: branch_true: ...to here
nettle-3.10.1/testsuite/testutils.c:860:14: branch_false: following ‘false’ branch (when ‘set_nonce’ is NULL)...
nettle-3.10.1/testsuite/testutils.c:864:15: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:38:7: danger: ‘xalloc(*cleartext.length + (long unsigned int)*aead.block_size + 18446744073709551615)’ leaks here; was allocated at [(25)](sarif:/runs/0/results/73/codeFlows/0/threadFlows/0/locations/24)
#   36|   {
#   37|     void *p = malloc(size);
#   38|->   if (size && !p)
#   39|       {
#   40|         fprintf(stderr, "Virtual memory exhausted.\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def32]
nettle-3.10.1/testsuite/testutils.c:38:7: warning[-Wanalyzer-malloc-leak]: leak of ‘xalloc(*cleartext.length + 1)’
nettle-3.10.1/testsuite/testutils.c:465:1: enter_function: entry to ‘test_cipher_cfb8’
nettle-3.10.1/testsuite/testutils.c:471:15: call_function: calling ‘xalloc’ from ‘test_cipher_cfb8’
nettle-3.10.1/testsuite/testutils.c:471:15: return_function: returning to ‘test_cipher_cfb8’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:473:17: call_function: calling ‘xalloc’ from ‘test_cipher_cfb8’
nettle-3.10.1/testsuite/testutils.c:473:17: return_function: returning to ‘test_cipher_cfb8’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:477:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:480:3: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:480:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:481:3: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:481:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:483:10: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:483:10: call_function: calling ‘xalloc’ from ‘test_cipher_cfb8’
nettle-3.10.1/testsuite/testutils.c:483:10: return_function: returning to ‘test_cipher_cfb8’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:484:11: call_function: calling ‘xalloc’ from ‘test_cipher_cfb8’
nettle-3.10.1/testsuite/testutils.c:484:11: return_function: returning to ‘test_cipher_cfb8’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:486:19: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:547:3: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:38:7: danger: ‘xalloc(*cleartext.length + 1)’ leaks here; was allocated at [(25)](sarif:/runs/0/results/64/codeFlows/0/threadFlows/0/locations/24)
#   36|   {
#   37|     void *p = malloc(size);
#   38|->   if (size && !p)
#   39|       {
#   40|         fprintf(stderr, "Virtual memory exhausted.\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def33]
nettle-3.10.1/testsuite/testutils.c:38:7: warning[-Wanalyzer-malloc-leak]: leak of ‘xalloc(*cleartext.length)’
nettle-3.10.1/testsuite/testutils.c:180:1: enter_function: entry to ‘test_cipher’
nettle-3.10.1/testsuite/testutils.c:185:15: call_function: calling ‘xalloc’ from ‘test_cipher’
nettle-3.10.1/testsuite/testutils.c:185:15: return_function: returning to ‘test_cipher’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:186:19: call_function: calling ‘xalloc’ from ‘test_cipher’
nettle-3.10.1/testsuite/testutils.c:186:19: return_function: returning to ‘test_cipher’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:38:7: danger: ‘xalloc(*cleartext.length)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/8)
#   36|   {
#   37|     void *p = malloc(size);
#   38|->   if (size && !p)
#   39|       {
#   40|         fprintf(stderr, "Virtual memory exhausted.\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def34]
nettle-3.10.1/testsuite/testutils.c:38:7: warning[-Wanalyzer-malloc-leak]: leak of ‘xalloc(*digest.length)’
nettle-3.10.1/testsuite/testutils.c:1097:1: enter_function: entry to ‘test_hash’
nettle-3.10.1/testsuite/testutils.c:1101:15: call_function: calling ‘xalloc’ from ‘test_hash’
nettle-3.10.1/testsuite/testutils.c:1101:15: return_function: returning to ‘test_hash’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:1102:21: call_function: calling ‘xalloc’ from ‘test_hash’
nettle-3.10.1/testsuite/testutils.c:1102:21: return_function: returning to ‘test_hash’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:38:7: danger: ‘xalloc(*digest.length)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/8)
#   36|   {
#   37|     void *p = malloc(size);
#   38|->   if (size && !p)
#   39|       {
#   40|         fprintf(stderr, "Virtual memory exhausted.\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def35]
nettle-3.10.1/testsuite/testutils.c:38:7: warning[-Wanalyzer-malloc-leak]: leak of ‘xalloc(ascii_length + 1)’
nettle-3.10.1/testsuite/testutils.c:1347:1: enter_function: entry to ‘test_armor’
nettle-3.10.1/testsuite/testutils.c:1353:18: call_function: calling ‘xalloc’ from ‘test_armor’
nettle-3.10.1/testsuite/testutils.c:1353:18: return_function: returning to ‘test_armor’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:1354:20: call_function: calling ‘xalloc’ from ‘test_armor’
nettle-3.10.1/testsuite/testutils.c:1354:20: return_function: returning to ‘test_armor’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:1355:18: call_function: calling ‘xalloc’ from ‘test_armor’
nettle-3.10.1/testsuite/testutils.c:1355:18: return_function: returning to ‘test_armor’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:1356:18: call_function: calling ‘xalloc’ from ‘test_armor’
nettle-3.10.1/testsuite/testutils.c:1356:18: return_function: returning to ‘test_armor’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:38:7: danger: ‘xalloc(ascii_length + 1)’ leaks here; was allocated at [(4)](sarif:/runs/0/results/54/codeFlows/0/threadFlows/0/locations/3)
#   36|   {
#   37|     void *p = malloc(size);
#   38|->   if (size && !p)
#   39|       {
#   40|         fprintf(stderr, "Virtual memory exhausted.\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def36]
nettle-3.10.1/testsuite/testutils.c:38:7: warning[-Wanalyzer-malloc-leak]: leak of ‘xalloc(length)’
nettle-3.10.1/testsuite/testutils.c:1244:1: enter_function: entry to ‘test_hash_large’
nettle-3.10.1/testsuite/testutils.c:1249:15: call_function: calling ‘xalloc’ from ‘test_hash_large’
nettle-3.10.1/testsuite/testutils.c:1249:15: return_function: returning to ‘test_hash_large’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:1250:21: call_function: calling ‘xalloc’ from ‘test_hash_large’
nettle-3.10.1/testsuite/testutils.c:1250:21: return_function: returning to ‘test_hash_large’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:1251:19: call_function: calling ‘xalloc’ from ‘test_hash_large’
nettle-3.10.1/testsuite/testutils.c:1251:19: return_function: returning to ‘test_hash_large’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:38:7: danger: ‘xalloc(length)’ leaks here; was allocated at [(14)](sarif:/runs/0/results/32/codeFlows/0/threadFlows/0/locations/13)
#   36|   {
#   37|     void *p = malloc(size);
#   38|->   if (size && !p)
#   39|       {
#   40|         fprintf(stderr, "Virtual memory exhausted.\n");

Error: GCC_ANALYZER_WARNING (CWE-476): [#def37]
nettle-3.10.1/testsuite/testutils.c:53:3: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xalloc(length + 24)’
nettle-3.10.1/testsuite/testutils.c:50:1: enter_function: entry to ‘tstring_alloc’
nettle-3.10.1/testsuite/testutils.c:52:23: call_function: calling ‘xalloc’ from ‘tstring_alloc’
nettle-3.10.1/testsuite/testutils.c:52:23: return_function: returning to ‘tstring_alloc’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:53:3: danger: ‘xalloc(length + 24)’ could be NULL: unchecked value from [(4)](sarif:/runs/0/results/90/codeFlows/0/threadFlows/0/locations/3)
#   51|   {
#   52|     struct tstring *s = xalloc(sizeof(struct tstring) + length);
#   53|->   s->length = length;
#   54|     s->next = tstring_first;
#   55|     /* NUL-terminate, for convenience. */

Error: GCC_ANALYZER_WARNING (CWE-122): [#def38]
nettle-3.10.1/testsuite/testutils.c:695:3: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
nettle-3.10.1/testsuite/testutils.c:669:1: enter_function: entry to ‘test_cipher_ctr’
nettle-3.10.1/testsuite/testutils.c:675:15: call_function: calling ‘xalloc’ from ‘test_cipher_ctr’
nettle-3.10.1/testsuite/testutils.c:675:15: return_function: returning to ‘test_cipher_ctr’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:677:18: call_function: calling ‘xalloc’ from ‘test_cipher_ctr’
nettle-3.10.1/testsuite/testutils.c:677:18: return_function: returning to ‘test_cipher_ctr’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:678:19: call_function: calling ‘xalloc’ from ‘test_cipher_ctr’
nettle-3.10.1/testsuite/testutils.c:678:19: return_function: returning to ‘test_cipher_ctr’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:683:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:686:3: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:686:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:687:3: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:687:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:690:14: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:691:3: branch_false: following ‘false’ branch (when ‘nblocks <= 255’)...
nettle-3.10.1/testsuite/testutils.c:693:29: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:695:3: danger: write of 1 byte at offset ‘(sizetype)(*cipher.block_size + 4294967295)’ exceeds the buffer
#  693|     memcpy (octr, ictr->data, cipher->block_size - 1);
#  694|     low = ictr->data[cipher->block_size - 1] + nblocks;
#  695|->   octr[cipher->block_size - 1] = low;
#  696|   
#  697|     if (low >= 0x100)

Error: GCC_ANALYZER_WARNING (CWE-122): [#def39]
nettle-3.10.1/testsuite/testutils.c:698:5: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read
nettle-3.10.1/testsuite/testutils.c:669:1: enter_function: entry to ‘test_cipher_ctr’
nettle-3.10.1/testsuite/testutils.c:675:15: call_function: calling ‘xalloc’ from ‘test_cipher_ctr’
nettle-3.10.1/testsuite/testutils.c:675:15: return_function: returning to ‘test_cipher_ctr’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:677:18: call_function: calling ‘xalloc’ from ‘test_cipher_ctr’
nettle-3.10.1/testsuite/testutils.c:677:18: return_function: returning to ‘test_cipher_ctr’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:678:19: call_function: calling ‘xalloc’ from ‘test_cipher_ctr’
nettle-3.10.1/testsuite/testutils.c:678:19: return_function: returning to ‘test_cipher_ctr’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:683:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:686:3: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:686:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:687:3: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:687:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:690:14: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:691:3: branch_false: following ‘false’ branch (when ‘nblocks <= 255’)...
nettle-3.10.1/testsuite/testutils.c:693:29: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:697:6: branch_true: following ‘true’ branch (when ‘low > 255’)...
nettle-3.10.1/testsuite/testutils.c:698:5: branch_true: ...to here
nettle-3.10.1/testsuite/testutils.c:698:5: danger: read of 1 byte at offset ‘(sizetype)(*cipher.block_size + 4294967294)’ exceeds the buffer
#  696|   
#  697|     if (low >= 0x100)
#  698|->     INCREMENT (cipher->block_size - 1, octr);
#  699|   
#  700|     data = xalloc(length);  

Error: GCC_ANALYZER_WARNING (CWE-122): [#def40]
nettle-3.10.1/testsuite/testutils.c:698:5: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
nettle-3.10.1/testsuite/testutils.c:669:1: enter_function: entry to ‘test_cipher_ctr’
nettle-3.10.1/testsuite/testutils.c:675:15: call_function: calling ‘xalloc’ from ‘test_cipher_ctr’
nettle-3.10.1/testsuite/testutils.c:675:15: return_function: returning to ‘test_cipher_ctr’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:677:18: call_function: calling ‘xalloc’ from ‘test_cipher_ctr’
nettle-3.10.1/testsuite/testutils.c:677:18: return_function: returning to ‘test_cipher_ctr’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:678:19: call_function: calling ‘xalloc’ from ‘test_cipher_ctr’
nettle-3.10.1/testsuite/testutils.c:678:19: return_function: returning to ‘test_cipher_ctr’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:683:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:686:3: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:686:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:687:3: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:687:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:690:14: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:691:3: branch_false: following ‘false’ branch (when ‘nblocks <= 255’)...
nettle-3.10.1/testsuite/testutils.c:693:29: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:697:6: branch_true: following ‘true’ branch (when ‘low > 255’)...
nettle-3.10.1/testsuite/testutils.c:698:5: branch_true: ...to here
nettle-3.10.1/testsuite/testutils.c:698:5: danger: write of 1 byte at offset ‘(sizetype)(*cipher.block_size + 4294967294)’ exceeds the buffer
#  696|   
#  697|     if (low >= 0x100)
#  698|->     INCREMENT (cipher->block_size - 1, octr);
#  699|   
#  700|     data = xalloc(length);  

Error: GCC_ANALYZER_WARNING (CWE-688): [#def41]
nettle-3.10.1/testsuite/testutils.c:728:3: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xalloc((long unsigned int)*cipher.block_size)’ where non-null expected
nettle-3.10.1/testsuite/testutils.c:669:1: enter_function: entry to ‘test_cipher_ctr’
nettle-3.10.1/testsuite/testutils.c:675:15: call_function: calling ‘xalloc’ from ‘test_cipher_ctr’
nettle-3.10.1/testsuite/testutils.c:675:15: return_function: returning to ‘test_cipher_ctr’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:677:18: call_function: calling ‘xalloc’ from ‘test_cipher_ctr’
nettle-3.10.1/testsuite/testutils.c:677:18: return_function: returning to ‘test_cipher_ctr’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:678:19: call_function: calling ‘xalloc’ from ‘test_cipher_ctr’
nettle-3.10.1/testsuite/testutils.c:678:19: return_function: returning to ‘test_cipher_ctr’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:683:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:686:3: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:686:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:687:3: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:687:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:690:14: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:691:3: branch_false: following ‘false’ branch (when ‘nblocks <= 255’)...
nettle-3.10.1/testsuite/testutils.c:693:29: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:700:10: call_function: calling ‘xalloc’ from ‘test_cipher_ctr’
nettle-3.10.1/testsuite/testutils.c:700:10: return_function: returning to ‘test_cipher_ctr’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:704:15: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:728:3: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:728:3: danger: argument 1 (‘xalloc((long unsigned int)*cipher.block_size)’) from [(9)](sarif:/runs/0/results/96/codeFlows/0/threadFlows/0/locations/8) could be NULL where non-null expected
#  726|       }
#  727|   
#  728|->   ASSERT (MEMEQ (cipher->block_size, ctr, octr));
#  729|   
#  730|     memcpy(ctr, ictr->data, cipher->block_size);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def42]
nettle-3.10.1/testsuite/testutils.c:1017:3: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xalloc(*cipher.length)’
nettle-3.10.1/testsuite/testutils.c:947:1: enter_function: entry to ‘test_aead_message’
nettle-3.10.1/testsuite/testutils.c:954:15: call_function: calling ‘xalloc’ from ‘test_aead_message’
nettle-3.10.1/testsuite/testutils.c:954:15: return_function: returning to ‘test_aead_message’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:955:18: call_function: calling ‘xalloc’ from ‘test_aead_message’
nettle-3.10.1/testsuite/testutils.c:955:18: return_function: returning to ‘test_aead_message’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:956:19: call_function: calling ‘xalloc’ from ‘test_aead_message’
nettle-3.10.1/testsuite/testutils.c:956:19: return_function: returning to ‘test_aead_message’ from ‘xalloc’
nettle-3.10.1/testsuite/testutils.c:961:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:962:3: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:962:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:963:3: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:963:3: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:965:3: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:971:6: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:979:10: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:979:6: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:984:3: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:997:6: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:1007:6: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:1007:6: branch_false: following ‘false’ branch...
nettle-3.10.1/testsuite/testutils.c:1016:31: branch_false: ...to here
nettle-3.10.1/testsuite/testutils.c:1017:3: danger: ‘xalloc(*cipher.length)’ could be NULL: unchecked value from [(14)](sarif:/runs/0/results/98/codeFlows/0/threadFlows/0/locations/13)
# 1015|       }
# 1016|     memcpy (copy, cipher->data, cipher->length);
# 1017|->   copy[0] ^= 4;
# 1018|     if (aead->decrypt (ctx,
# 1019|   		     nonce->length, nonce->data,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def43]
nettle-3.10.1/tools/nettle-hash.c:226:11: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(*<unknown>, "rb")’
nettle-3.10.1/tools/nettle-hash.c:141:1: enter_function: entry to ‘main’
nettle-3.10.1/tools/nettle-hash.c:163:11: branch_true: following ‘true’ branch (when ‘c != -1’)...
nettle-3.10.1/tools/nettle-hash.c:164:5: branch_true: ...to here
nettle-3.10.1/tools/nettle-hash.c:197:6: branch_false: following ‘false’ branch (when ‘alg_name’ is non-NULL)...
nettle-3.10.1/tools/nettle-hash.c:201:9: branch_false: ...to here
nettle-3.10.1/tools/nettle-hash.c:202:6: branch_false: following ‘false’ branch...
nettle-3.10.1/tools/nettle-hash.c:207:6: branch_false: ...to here
nettle-3.10.1/tools/nettle-hash.c:207:6: branch_true: following ‘true’ branch (when ‘length == 0’)...
nettle-3.10.1/tools/nettle-hash.c:208:5: branch_true: ...to here
nettle-3.10.1/tools/nettle-hash.c:216:6: branch_false: following ‘false’ branch (when ‘argc != 0’)...
 branch_false: ...to here
nettle-3.10.1/tools/nettle-hash.c:221:19: branch_true: following ‘true’ branch (when ‘i < argc’)...
nettle-3.10.1/tools/nettle-hash.c:223:32: branch_true: ...to here
nettle-3.10.1/tools/nettle-hash.c:223:21: acquire_resource: opened here
nettle-3.10.1/tools/nettle-hash.c:224:14: branch_false: following ‘false’ branch...
nettle-3.10.1/tools/nettle-hash.c:226:11: branch_false: ...to here
nettle-3.10.1/tools/nettle-hash.c:227:16: call_function: calling ‘digest_file’ from ‘main’
nettle-3.10.1/tools/nettle-hash.c:227:16: return_function: returning to ‘main’ from ‘digest_file’
nettle-3.10.1/tools/nettle-hash.c:226:11: danger: ‘fopen(*<unknown>, "rb")’ leaks here; was opened at [(14)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/13)
#  224|   	  if (!f)
#  225|   	    die ("Cannot open `%s': %s\n", argv[i], strerror(errno));
#  226|-> 	  printf("%s: ", argv[i]);
#  227|   	  if (!digest_file (alg, length, raw, f))
#  228|   	    die("Reading `%s' failed: %s\n", argv[i], strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def44]
nettle-3.10.1/tools/nettle-hash.c:226:11: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(*<unknown>, "rb")’
nettle-3.10.1/tools/nettle-hash.c:141:1: enter_function: entry to ‘main’
nettle-3.10.1/tools/nettle-hash.c:163:11: branch_true: following ‘true’ branch (when ‘c != -1’)...
nettle-3.10.1/tools/nettle-hash.c:164:5: branch_true: ...to here
nettle-3.10.1/tools/nettle-hash.c:197:6: branch_false: following ‘false’ branch (when ‘alg_name’ is non-NULL)...
nettle-3.10.1/tools/nettle-hash.c:201:9: branch_false: ...to here
nettle-3.10.1/tools/nettle-hash.c:202:6: branch_false: following ‘false’ branch...
nettle-3.10.1/tools/nettle-hash.c:207:6: branch_false: ...to here
nettle-3.10.1/tools/nettle-hash.c:207:6: branch_true: following ‘true’ branch (when ‘length == 0’)...
nettle-3.10.1/tools/nettle-hash.c:208:5: branch_true: ...to here
nettle-3.10.1/tools/nettle-hash.c:216:6: branch_false: following ‘false’ branch (when ‘argc != 0’)...
 branch_false: ...to here
nettle-3.10.1/tools/nettle-hash.c:221:19: branch_true: following ‘true’ branch (when ‘i < argc’)...
nettle-3.10.1/tools/nettle-hash.c:223:32: branch_true: ...to here
nettle-3.10.1/tools/nettle-hash.c:223:21: acquire_memory: allocated here
nettle-3.10.1/tools/nettle-hash.c:224:14: branch_false: following ‘false’ branch...
nettle-3.10.1/tools/nettle-hash.c:226:11: branch_false: ...to here
nettle-3.10.1/tools/nettle-hash.c:227:16: call_function: calling ‘digest_file’ from ‘main’
nettle-3.10.1/tools/nettle-hash.c:227:16: return_function: returning to ‘main’ from ‘digest_file’
nettle-3.10.1/tools/nettle-hash.c:226:11: danger: ‘fopen(*<unknown>, "rb")’ leaks here; was allocated at [(14)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/13)
#  224|   	  if (!f)
#  225|   	    die ("Cannot open `%s': %s\n", argv[i], strerror(errno));
#  226|-> 	  printf("%s: ", argv[i]);
#  227|   	  if (!digest_file (alg, length, raw, f))
#  228|   	    die("Reading `%s' failed: %s\n", argv[i], strerror(errno));

Error: COMPILER_WARNING: [#def45]
nettle-3.10.1/tools/pkcs1-conv.c:120:25: warning[-Wunterminated-string-initialization]: initializer-string for array of ‘unsigned char’ truncates NUL terminator but destination lacks ‘nonstring’ attribute (12 chars into 11 available)
#  120 | pem_start_pattern[11] = "-----BEGIN ";
#      |                         ^~~~~~~~~~~~~
#  118|   
#  119|   static const uint8_t
#  120|-> pem_start_pattern[11] = "-----BEGIN ";
#  121|   
#  122|   static const uint8_t

Error: COMPILER_WARNING: [#def46]
nettle-3.10.1/tools/pkcs1-conv.c:123:22: warning[-Wunterminated-string-initialization]: initializer-string for array of ‘unsigned char’ truncates NUL terminator but destination lacks ‘nonstring’ attribute (10 chars into 9 available)
#  123 | pem_end_pattern[9] = "-----END ";
#      |                      ^~~~~~~~~~~
#  121|   
#  122|   static const uint8_t
#  123|-> pem_end_pattern[9] = "-----END ";
#  124|   
#  125|   static const uint8_t

Error: COMPILER_WARNING: [#def47]
nettle-3.10.1/tools/pkcs1-conv.c:126:26: warning[-Wunterminated-string-initialization]: initializer-string for array of ‘unsigned char’ truncates NUL terminator but destination lacks ‘nonstring’ attribute (6 chars into 5 available)
#  126 | pem_trailer_pattern[5] = "-----";
#      |                          ^~~~~~~
#  124|   
#  125|   static const uint8_t
#  126|-> pem_trailer_pattern[5] = "-----";
#  127|   
#  128|   static const char

Error: GCC_ANALYZER_WARNING (CWE-457): [#def48]
nettle-3.10.1/umac64.c:139:3: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘&tag’
nettle-3.10.1/umac64.c:97:3: branch_true: following ‘true’ branch (when ‘length != 0’)...
nettle-3.10.1/umac64.c:98:3: branch_true: ...to here
nettle-3.10.1/umac64.c:98:3: branch_true: following ‘true’ branch (when ‘length <= 8’)...
nettle-3.10.1/umac64.c:100:7: branch_true: ...to here
nettle-3.10.1/umac64.c:112:3: branch_true: following ‘true’ branch...
nettle-3.10.1/umac64.c:113:10: branch_true: ...to here
nettle-3.10.1/umac64.c:113:6: branch_false: following ‘false’ branch...
nettle-3.10.1/umac64.c:119:9: branch_false: ...to here
nettle-3.10.1/umac64.c:123:6: branch_false: following ‘false’ branch...
nettle-3.10.1/umac64.c:134:3: branch_false: ...to here
nettle-3.10.1/umac64.c:139:3: danger: use of uninitialized value ‘&tag’ here
#  137|     tag[1] = pad[1] ^ ctx->l3_key2[1] ^ _nettle_umac_l3 (ctx->l3_key1 + 8,
#  138|   						       ctx->l2_state + 2);
#  139|->   memcpy (digest, tag, length);
#  140|   
#  141|     /* Reinitialize */

Scan Properties