Error: GCC_ANALYZER_WARNING (CWE-121): [#def1] opencryptoki-3.24.0/./testcases/common/common.c:259:5: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1359:5: enter_function: entry to ‘main’ opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1394:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1396:31: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1400:10: call_function: calling ‘do_GetFunctionList’ from ‘main’ opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1400:10: return_function: returning to ‘main’ from ‘do_GetFunctionList’ opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1401:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1406:5: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1413:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1419:5: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1422:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1427:5: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1431:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1436:5: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1442:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1447:5: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1450:8: branch_true: following ‘true’ branch... opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1451:19: branch_true: ...to here opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1452:12: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1457:9: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1463:10: call_function: calling ‘do_tok2tok_tests’ from ‘main’ # 257| # 258| memset(value, 0, sizeof(value)); # 259|-> memcpy(value, key, klen); # 260| rc = funcs->C_CreateObject(session, keyTemplate, 5, h_key); # 261| if (rc != CKR_OK) { Error: GCC_ANALYZER_WARNING (CWE-121): [#def2] opencryptoki-3.24.0/./testcases/common/common.c:291:5: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1359:5: enter_function: entry to ‘main’ opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1394:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1396:31: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1400:10: call_function: calling ‘do_GetFunctionList’ from ‘main’ opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1400:10: return_function: returning to ‘main’ from ‘do_GetFunctionList’ opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1401:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1406:5: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1413:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1419:5: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1422:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1427:5: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1431:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1436:5: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1442:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1447:5: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1450:8: branch_true: following ‘true’ branch... opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1451:19: branch_true: ...to here opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1452:12: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1457:9: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/tok2tok_transport.c:1463:10: call_function: calling ‘do_tok2tok_tests’ from ‘main’ # 289| # 290| memset(value, 0, sizeof(value)); # 291|-> memcpy(value, key, klen); # 292| rc = funcs->C_CreateObject(session, keyTemplate, 5, h_key); # 293| if (rc != CKR_OK) { Error: GCC_ANALYZER_WARNING (CWE-457): [#def3] opencryptoki-3.24.0/testcases/crypto/des_func.c:428:10: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘h_key’ opencryptoki-3.24.0/testcases/crypto/des_func.c:1122:5: enter_function: entry to ‘main’ opencryptoki-3.24.0/testcases/crypto/des_func.c:1128:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/crypto/des_func.c:1132:5: branch_false: ...to here opencryptoki-3.24.0/testcases/crypto/des_func.c:1135:10: call_function: calling ‘do_GetFunctionList’ from ‘main’ opencryptoki-3.24.0/testcases/crypto/des_func.c:1135:10: return_function: returning to ‘main’ from ‘do_GetFunctionList’ opencryptoki-3.24.0/testcases/crypto/des_func.c:1136:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/crypto/des_func.c:1141:5: branch_false: ...to here opencryptoki-3.24.0/testcases/crypto/des_func.c:1148:12: branch_false: following ‘false’ branch (when ‘rc == 81’)... opencryptoki-3.24.0/testcases/crypto/des_func.c:1152:19: branch_false: ...to here opencryptoki-3.24.0/testcases/crypto/des_func.c:1153:12: branch_false: following ‘false’ branch (when ‘rc == 81’)... opencryptoki-3.24.0/testcases/crypto/des_func.c:1158:5: branch_false: ...to here opencryptoki-3.24.0/testcases/crypto/des_func.c:1159:10: call_function: calling ‘des_funcs’ from ‘main’ # 426| # 427| /** clean up **/ # 428|-> rc = funcs->C_DestroyObject(session, h_key); # 429| if (rc != CKR_OK) { # 430| testcase_error("C_DestroyObject rc=%s", p11_get_ckr(rc)); Error: GCC_ANALYZER_WARNING (CWE-457): [#def4] opencryptoki-3.24.0/testcases/crypto/kyber_func.c:1012:14: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘wrapped_keylen’ opencryptoki-3.24.0/testcases/crypto/kyber_func.c:898:5: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/crypto/kyber_func.c:899:5: branch_false: ...to here opencryptoki-3.24.0/testcases/crypto/kyber_func.c:899:5: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/crypto/kyber_func.c:902:8: branch_false: following ‘false’ branch (when ‘rc == 0’)... opencryptoki-3.24.0/testcases/crypto/kyber_func.c:908:10: branch_false: ...to here opencryptoki-3.24.0/testcases/crypto/kyber_func.c:908:8: branch_false: following ‘false’ branch (when ‘rc == 0’)... opencryptoki-3.24.0/testcases/crypto/kyber_func.c:914:10: branch_false: ...to here opencryptoki-3.24.0/testcases/crypto/kyber_func.c:914:8: branch_false: following ‘false’ branch... branch_false: ...to here opencryptoki-3.24.0/testcases/crypto/kyber_func.c:921:17: branch_true: following ‘true’ branch (when ‘i != 6’)... opencryptoki-3.24.0/testcases/crypto/kyber_func.c:923:9: branch_true: ...to here opencryptoki-3.24.0/testcases/crypto/kyber_func.c:921:17: branch_true: following ‘true’ branch (when ‘i != 6’)... opencryptoki-3.24.0/testcases/crypto/kyber_func.c:923:9: branch_true: ...to here opencryptoki-3.24.0/testcases/crypto/kyber_func.c:934:12: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/crypto/kyber_func.c:950:9: branch_false: ...to here opencryptoki-3.24.0/testcases/crypto/kyber_func.c:960:12: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/crypto/kyber_func.c:976:9: branch_false: ...to here opencryptoki-3.24.0/testcases/crypto/kyber_func.c:985:12: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/crypto/kyber_func.c:996:9: branch_false: ...to here opencryptoki-3.24.0/testcases/crypto/kyber_func.c:1004:12: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/crypto/kyber_func.c:1008:9: branch_false: ...to here opencryptoki-3.24.0/testcases/crypto/kyber_func.c:1012:14: danger: use of uninitialized value ‘wrapped_keylen’ here # 1010| # 1011| /* Unwrap Kyber private key */ # 1012|-> rc = unwrapKey(session, &wrap_mech, wrapped_key, wrapped_keylen, # 1013| secret_key, &unwrapped_key); # 1014| testcase_new_assertion(); Error: GCC_ANALYZER_WARNING (CWE-401): [#def5] opencryptoki-3.24.0/testcases/login/init_tok.c:78:27: warning[-Wanalyzer-malloc-leak]: leak of ‘pass’ opencryptoki-3.24.0/testcases/login/init_tok.c:78:17: branch_true: following ‘true’ branch (when ‘i < argc’)... opencryptoki-3.24.0/testcases/login/init_tok.c:79:24: branch_true: ...to here opencryptoki-3.24.0/testcases/login/init_tok.c:79:12: branch_false: following ‘false’ branch (when the strings are non-equal)... opencryptoki-3.24.0/testcases/login/init_tok.c:86:20: branch_false: ...to here opencryptoki-3.24.0/testcases/login/init_tok.c:86:19: branch_true: following ‘true’ branch (when the strings are equal)... opencryptoki-3.24.0/testcases/login/init_tok.c:87:17: branch_true: ...to here opencryptoki-3.24.0/testcases/login/init_tok.c:87:16: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/login/init_tok.c:91:45: branch_false: ...to here opencryptoki-3.24.0/testcases/login/init_tok.c:91:34: acquire_memory: allocated here opencryptoki-3.24.0/testcases/login/init_tok.c:78:17: branch_true: following ‘true’ branch (when ‘i < argc’)... opencryptoki-3.24.0/testcases/login/init_tok.c:79:24: branch_true: ...to here opencryptoki-3.24.0/testcases/login/init_tok.c:79:12: branch_false: following ‘false’ branch (when the strings are non-equal)... opencryptoki-3.24.0/testcases/login/init_tok.c:86:20: branch_false: ...to here opencryptoki-3.24.0/testcases/login/init_tok.c:86:19: branch_true: following ‘true’ branch (when the strings are equal)... opencryptoki-3.24.0/testcases/login/init_tok.c:87:17: branch_true: ...to here opencryptoki-3.24.0/testcases/login/init_tok.c:87:16: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/login/init_tok.c:91:45: branch_false: ...to here opencryptoki-3.24.0/testcases/login/init_tok.c:78:27: danger: ‘pass’ leaks here; was allocated at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8) # 76| SLOT_ID = 0; # 77| # 78|-> for (i = 1; i < argc; i++) { # 79| if (strcmp(argv[i], "-slot") == 0) { # 80| if (i + 1 >= argc) { Error: COMPILER_WARNING: [#def6] opencryptoki-3.24.0/testcases/misc_tests/events.c:20:26: warning[-Wunterminated-string-initialization]: initializer-string for array of ‘char’ truncates NUL terminator but destination lacks ‘nonstring’ attribute (21 chars into 20 available) # 20 | const char payload[20] = "12345678901234567890"; # | ^~~~~~~~~~~~~~~~~~~~~~ # 18| #include "defs.h" # 19| # 20|-> const char payload[20] = "12345678901234567890"; # 21| # 22| static inline void init_event_destination(struct event_destination *dest, Error: GCC_ANALYZER_WARNING (CWE-457): [#def7] opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:397:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘id[i]’ opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:244:5: enter_function: entry to ‘main’ opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:263:17: branch_true: following ‘true’ branch (when ‘k < argc’)... opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:264:24: branch_true: ...to here opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:289:12: branch_false: following ‘false’ branch (when the strings are non-equal)... opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:263:27: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:263:17: branch_true: following ‘true’ branch (when ‘k < argc’)... opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:264:24: branch_true: ...to here opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:272:17: branch_true: following ‘true’ branch (when the strings are equal)... opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:273:13: branch_true: ...to here opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:289:12: branch_false: following ‘false’ branch (when the strings are non-equal)... opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:263:27: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:296:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:298:31: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:302:10: call_function: calling ‘do_GetFunctionList’ from ‘main’ opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:302:10: return_function: returning to ‘main’ from ‘do_GetFunctionList’ opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:303:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:308:5: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:315:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:321:5: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:324:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:328:5: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:330:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:347:5: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:349:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:353:5: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:355:8: branch_true: following ‘true’ branch... opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:357:9: branch_true: ...to here opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:363:12: branch_false: following ‘false’ branch (when ‘rv == 0’)... opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:367:9: branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:380:17: branch_false: following ‘false’ branch (when ‘num_usage_threads <= i’)... branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:388:17: branch_false: following ‘false’ branch (when ‘num_alter_threads <= i’)... branch_false: ...to here opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:396:17: branch_true: following ‘true’ branch... opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:397:9: branch_true: ...to here opencryptoki-3.24.0/testcases/misc_tests/obj_lock.c:397:9: danger: use of uninitialized value ‘id[i]’ here # 395| // wait for all threads to end # 396| for (i = 0; i < num_usage_threads + num_alter_threads; i++) { # 397|-> pthread_join(id[i], NULL); # 398| } # 399| testcase_notice("All threads have ended."); Error: COMPILER_WARNING: [#def8] opencryptoki-3.24.0/testcases/pkcs11/destroyobjects.c: scope_hint: In function ‘do_DestroyObjects’ opencryptoki-3.24.0/testcases/pkcs11/destroyobjects.c:49:26: warning[-Wunterminated-string-initialization]: initializer-string for array of ‘unsigned char’ truncates NUL terminator but destination lacks ‘nonstring’ attribute (6 chars into 5 available) # 49 | CK_CHAR test_id[5] = "abcde"; # | ^~~~~~~ # 47| CK_OBJECT_CLASS key_class = CKO_SECRET_KEY; # 48| CK_CHAR aes_value[] = "This is a fake aes key."; # 49|-> CK_CHAR test_id[5] = "abcde"; # 50| CK_ULONG aesgen_keylen = 32; # 51| Error: GCC_ANALYZER_WARNING (CWE-457): [#def9] opencryptoki-3.24.0/testcases/pkcs11/sess_opstate.c:210:10: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘opstatelen’ opencryptoki-3.24.0/testcases/pkcs11/sess_opstate.c:67:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/pkcs11/sess_opstate.c:72:15: branch_false: ...to here opencryptoki-3.24.0/testcases/pkcs11/sess_opstate.c:73:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/pkcs11/sess_opstate.c:78:34: branch_false: ...to here opencryptoki-3.24.0/testcases/pkcs11/sess_opstate.c:78:8: branch_false: following ‘false’ branch (when ‘rc == 0’)... opencryptoki-3.24.0/testcases/pkcs11/sess_opstate.c:85:15: branch_false: ...to here opencryptoki-3.24.0/testcases/pkcs11/sess_opstate.c:86:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/testcases/pkcs11/sess_opstate.c:91:15: branch_false: ...to here opencryptoki-3.24.0/testcases/pkcs11/sess_opstate.c:92:8: branch_false: following ‘false’ branch... branch_false: ...to here opencryptoki-3.24.0/testcases/pkcs11/sess_opstate.c:98:23: branch_false: following ‘false’ branch (when ‘counter >= loops’)... opencryptoki-3.24.0/testcases/pkcs11/sess_opstate.c:210:15: branch_false: ...to here opencryptoki-3.24.0/testcases/pkcs11/sess_opstate.c:210:10: danger: use of uninitialized value ‘opstatelen’ here # 208| # 209| // restore op state on session 2 # 210|-> rc = funcs->C_SetOperationState(s2, opstate, opstatelen, 0, 0); # 211| if (rc != CKR_OK) { # 212| testcase_error("C_SetOperationState rc=%s", p11_get_ckr(rc)); Error: GCC_ANALYZER_WARNING (CWE-476): [#def10] opencryptoki-3.24.0/usr/lib/api/hashmap.c:160:13: warning[-Wanalyzer-null-dereference]: dereference of NULL '*h.buckets' opencryptoki-3.24.0/usr/lib/api/hashmap.c:214:5: enter_function: entry to 'hashmap_add' opencryptoki-3.24.0/usr/lib/api/hashmap.c:219:9: call_function: calling 'hashmap_findbucket' from 'hashmap_add' opencryptoki-3.24.0/usr/lib/api/hashmap.c:219:9: return_function: returning to 'hashmap_add' from 'hashmap_findbucket' opencryptoki-3.24.0/usr/lib/api/hashmap.c:220:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/api/hashmap.c:227:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/api/hashmap.c:227:8: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/api/hashmap.c:228:13: branch_true: ...to here opencryptoki-3.24.0/usr/lib/api/hashmap.c:228:13: call_function: calling 'grow' from 'hashmap_add' # 158| return 1; # 159| for (i = 0; i < h->capa; ++i) { # 160|-> if (h->buckets[i].key) { # 161| walk = &h->buckets[i]; # 162| while (walk) { Error: COMPILER_WARNING: [#def11] opencryptoki-3.24.0/usr/lib/api/socket_client.c:210:49: warning[-Wunterminated-string-initialization]: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (17 chars into 16 available) # 210 | { .type = EVENT_TOK_TYPE_CCA, .model = "CCA " }, # | ^~~~~~~~~~~~~~~~~~ # 208| # 209| static const struct type_model type_model_flt[] = { # 210|-> { .type = EVENT_TOK_TYPE_CCA, .model = "CCA " }, # 211| { .type = EVENT_TOK_TYPE_EP11, .model = "EP11 " }, # 212| }; Error: COMPILER_WARNING: [#def12] opencryptoki-3.24.0/usr/lib/api/socket_client.c:211:49: warning[-Wunterminated-string-initialization]: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (17 chars into 16 available) # 211 | { .type = EVENT_TOK_TYPE_EP11, .model = "EP11 " }, # | ^~~~~~~~~~~~~~~~~~ # 209| static const struct type_model type_model_flt[] = { # 210| { .type = EVENT_TOK_TYPE_CCA, .model = "CCA " }, # 211|-> { .type = EVENT_TOK_TYPE_EP11, .model = "EP11 " }, # 212| }; # 213| Error: GCC_ANALYZER_WARNING (CWE-121): [#def13] opencryptoki-3.24.0/usr/lib/cca_stdll/cca_mkchange.c:245:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow opencryptoki-3.24.0/usr/lib/cca_stdll/cca_mkchange.c:179:14: enter_function: entry to 'cca_select_single_apqn' opencryptoki-3.24.0/usr/lib/cca_stdll/cca_mkchange.c:201:20: call_function: calling 'cca_mk_type_from_key_type' from 'cca_select_single_apqn' opencryptoki-3.24.0/usr/lib/cca_stdll/cca_mkchange.c:201:20: return_function: returning to 'cca_select_single_apqn' from 'cca_mk_type_from_key_type' opencryptoki-3.24.0/usr/lib/cca_stdll/cca_mkchange.c:204:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/cca_stdll/cca_mkchange.c:207:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/cca_stdll/cca_mkchange.c:207:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/cca_stdll/cca_mkchange.c:212:5: branch_false: ...to here opencryptoki-3.24.0/usr/lib/cca_stdll/cca_mkchange.c:244:8: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/cca_stdll/cca_mkchange.c:245:70: branch_true: ...to here opencryptoki-3.24.0/usr/lib/cca_stdll/cca_mkchange.c:245:9: danger: out-of-bounds write from byte 256 till byte 263 but 'rule_array' ends at byte 256 # 243| # 244| if (cca_private->dom_any) { # 245|-> sprintf((char *)(rule_array + CCA_KEYWORD_SIZE), "DOMN%04u", ssd.domain); # 246| rule_array_count = 2; # 247| Error: GCC_ANALYZER_WARNING (CWE-401): [#def14] opencryptoki-3.24.0/usr/lib/common/key.c:664:8: warning[-Wanalyzer-malloc-leak]: leak of 'wraptmpl_attr' opencryptoki-3.24.0/usr/lib/common/key.c:5329:7: enter_function: entry to 'ibm_kyber_publ_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:5336:5: call_function: calling 'publ_key_set_default_attributes' from 'ibm_kyber_publ_set_default_attributes' # 662| if (pki_attr) # 663| free(pki_attr); # 664|-> if (wraptmpl_attr) # 665| free(wraptmpl_attr); # 666| Error: GCC_ANALYZER_WARNING (CWE-401): [#def15] opencryptoki-3.24.0/usr/lib/common/key.c:1056:8: warning[-Wanalyzer-malloc-leak]: leak of 'always_auth_attr' opencryptoki-3.24.0/usr/lib/common/key.c:5395:7: enter_function: entry to 'ibm_kyber_priv_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:5403:5: call_function: calling 'priv_key_set_default_attributes' from 'ibm_kyber_priv_set_default_attributes' # 1054| if (unwraptmpl_attr) # 1055| free(unwraptmpl_attr); # 1056|-> if (derivetmpl_attr) # 1057| free(derivetmpl_attr); # 1058| Error: GCC_ANALYZER_WARNING (CWE-401): [#def16] opencryptoki-3.24.0/usr/lib/common/key.c:1056:8: warning[-Wanalyzer-malloc-leak]: leak of 'always_sens_attr' opencryptoki-3.24.0/usr/lib/common/key.c:5395:7: enter_function: entry to 'ibm_kyber_priv_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:5403:5: call_function: calling 'priv_key_set_default_attributes' from 'ibm_kyber_priv_set_default_attributes' # 1054| if (unwraptmpl_attr) # 1055| free(unwraptmpl_attr); # 1056|-> if (derivetmpl_attr) # 1057| free(derivetmpl_attr); # 1058| Error: GCC_ANALYZER_WARNING (CWE-401): [#def17] opencryptoki-3.24.0/usr/lib/common/key.c:1056:8: warning[-Wanalyzer-malloc-leak]: leak of 'derivetmpl_attr' opencryptoki-3.24.0/usr/lib/common/key.c:5395:7: enter_function: entry to 'ibm_kyber_priv_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:5403:5: call_function: calling 'priv_key_set_default_attributes' from 'ibm_kyber_priv_set_default_attributes' # 1054| if (unwraptmpl_attr) # 1055| free(unwraptmpl_attr); # 1056|-> if (derivetmpl_attr) # 1057| free(derivetmpl_attr); # 1058| Error: GCC_ANALYZER_WARNING (CWE-401): [#def18] opencryptoki-3.24.0/usr/lib/common/key.c:1056:8: warning[-Wanalyzer-malloc-leak]: leak of 'never_extr_attr' opencryptoki-3.24.0/usr/lib/common/key.c:5395:7: enter_function: entry to 'ibm_kyber_priv_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:5403:5: call_function: calling 'priv_key_set_default_attributes' from 'ibm_kyber_priv_set_default_attributes' # 1054| if (unwraptmpl_attr) # 1055| free(unwraptmpl_attr); # 1056|-> if (derivetmpl_attr) # 1057| free(derivetmpl_attr); # 1058| Error: GCC_ANALYZER_WARNING (CWE-401): [#def19] opencryptoki-3.24.0/usr/lib/common/key.c:1056:8: warning[-Wanalyzer-malloc-leak]: leak of 'pki_attr' opencryptoki-3.24.0/usr/lib/common/key.c:5395:7: enter_function: entry to 'ibm_kyber_priv_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:5403:5: call_function: calling 'priv_key_set_default_attributes' from 'ibm_kyber_priv_set_default_attributes' # 1054| if (unwraptmpl_attr) # 1055| free(unwraptmpl_attr); # 1056|-> if (derivetmpl_attr) # 1057| free(derivetmpl_attr); # 1058| Error: GCC_ANALYZER_WARNING (CWE-401): [#def20] opencryptoki-3.24.0/usr/lib/common/key.c:1056:8: warning[-Wanalyzer-malloc-leak]: leak of 'unwraptmpl_attr' opencryptoki-3.24.0/usr/lib/common/key.c:5395:7: enter_function: entry to 'ibm_kyber_priv_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:5403:5: call_function: calling 'priv_key_set_default_attributes' from 'ibm_kyber_priv_set_default_attributes' # 1054| if (unwraptmpl_attr) # 1055| free(unwraptmpl_attr); # 1056|-> if (derivetmpl_attr) # 1057| free(derivetmpl_attr); # 1058| Error: GCC_ANALYZER_WARNING (CWE-401): [#def21] opencryptoki-3.24.0/usr/lib/common/key.c:1056:8: warning[-Wanalyzer-malloc-leak]: leak of 'wrap_trusted_attr' opencryptoki-3.24.0/usr/lib/common/key.c:5395:7: enter_function: entry to 'ibm_kyber_priv_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:5403:5: call_function: calling 'priv_key_set_default_attributes' from 'ibm_kyber_priv_set_default_attributes' # 1054| if (unwraptmpl_attr) # 1055| free(unwraptmpl_attr); # 1056|-> if (derivetmpl_attr) # 1057| free(derivetmpl_attr); # 1058| Error: GCC_ANALYZER_WARNING (CWE-401): [#def22] opencryptoki-3.24.0/usr/lib/common/key.c:1696:8: warning[-Wanalyzer-malloc-leak]: leak of 'always_sens_attr' opencryptoki-3.24.0/usr/lib/common/key.c:7028:7: enter_function: entry to 'aes_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:7037:5: call_function: calling 'secret_key_set_default_attributes' from 'aes_set_default_attributes' # 1694| if (unwraptmpl_attr) # 1695| free(unwraptmpl_attr); # 1696|-> if (derivetmpl_attr) # 1697| free(derivetmpl_attr); # 1698| Error: GCC_ANALYZER_WARNING (CWE-401): [#def23] opencryptoki-3.24.0/usr/lib/common/key.c:1696:8: warning[-Wanalyzer-malloc-leak]: leak of 'chkval_attr' opencryptoki-3.24.0/usr/lib/common/key.c:7028:7: enter_function: entry to 'aes_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:7037:5: call_function: calling 'secret_key_set_default_attributes' from 'aes_set_default_attributes' # 1694| if (unwraptmpl_attr) # 1695| free(unwraptmpl_attr); # 1696|-> if (derivetmpl_attr) # 1697| free(derivetmpl_attr); # 1698| Error: GCC_ANALYZER_WARNING (CWE-401): [#def24] opencryptoki-3.24.0/usr/lib/common/key.c:1696:8: warning[-Wanalyzer-malloc-leak]: leak of 'derivetmpl_attr' opencryptoki-3.24.0/usr/lib/common/key.c:7028:7: enter_function: entry to 'aes_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:7037:5: call_function: calling 'secret_key_set_default_attributes' from 'aes_set_default_attributes' # 1694| if (unwraptmpl_attr) # 1695| free(unwraptmpl_attr); # 1696|-> if (derivetmpl_attr) # 1697| free(derivetmpl_attr); # 1698| Error: GCC_ANALYZER_WARNING (CWE-401): [#def25] opencryptoki-3.24.0/usr/lib/common/key.c:1696:8: warning[-Wanalyzer-malloc-leak]: leak of 'extractable_attr' opencryptoki-3.24.0/usr/lib/common/key.c:7028:7: enter_function: entry to 'aes_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:7037:5: call_function: calling 'secret_key_set_default_attributes' from 'aes_set_default_attributes' # 1694| if (unwraptmpl_attr) # 1695| free(unwraptmpl_attr); # 1696|-> if (derivetmpl_attr) # 1697| free(derivetmpl_attr); # 1698| Error: GCC_ANALYZER_WARNING (CWE-401): [#def26] opencryptoki-3.24.0/usr/lib/common/key.c:1696:8: warning[-Wanalyzer-malloc-leak]: leak of 'never_extr_attr' opencryptoki-3.24.0/usr/lib/common/key.c:7028:7: enter_function: entry to 'aes_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:7037:5: call_function: calling 'secret_key_set_default_attributes' from 'aes_set_default_attributes' # 1694| if (unwraptmpl_attr) # 1695| free(unwraptmpl_attr); # 1696|-> if (derivetmpl_attr) # 1697| free(derivetmpl_attr); # 1698| Error: GCC_ANALYZER_WARNING (CWE-401): [#def27] opencryptoki-3.24.0/usr/lib/common/key.c:1696:8: warning[-Wanalyzer-malloc-leak]: leak of 'trusted_attr' opencryptoki-3.24.0/usr/lib/common/key.c:7028:7: enter_function: entry to 'aes_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:7037:5: call_function: calling 'secret_key_set_default_attributes' from 'aes_set_default_attributes' # 1694| if (unwraptmpl_attr) # 1695| free(unwraptmpl_attr); # 1696|-> if (derivetmpl_attr) # 1697| free(derivetmpl_attr); # 1698| Error: GCC_ANALYZER_WARNING (CWE-401): [#def28] opencryptoki-3.24.0/usr/lib/common/key.c:1696:8: warning[-Wanalyzer-malloc-leak]: leak of 'unwraptmpl_attr' opencryptoki-3.24.0/usr/lib/common/key.c:7028:7: enter_function: entry to 'aes_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:7037:5: call_function: calling 'secret_key_set_default_attributes' from 'aes_set_default_attributes' # 1694| if (unwraptmpl_attr) # 1695| free(unwraptmpl_attr); # 1696|-> if (derivetmpl_attr) # 1697| free(derivetmpl_attr); # 1698| Error: GCC_ANALYZER_WARNING (CWE-401): [#def29] opencryptoki-3.24.0/usr/lib/common/key.c:1696:8: warning[-Wanalyzer-malloc-leak]: leak of 'wrap_trusted_attr' opencryptoki-3.24.0/usr/lib/common/key.c:7028:7: enter_function: entry to 'aes_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:7037:5: call_function: calling 'secret_key_set_default_attributes' from 'aes_set_default_attributes' # 1694| if (unwraptmpl_attr) # 1695| free(unwraptmpl_attr); # 1696|-> if (derivetmpl_attr) # 1697| free(derivetmpl_attr); # 1698| Error: GCC_ANALYZER_WARNING (CWE-401): [#def30] opencryptoki-3.24.0/usr/lib/common/key.c:1696:8: warning[-Wanalyzer-malloc-leak]: leak of 'wraptmpl_attr' opencryptoki-3.24.0/usr/lib/common/key.c:7028:7: enter_function: entry to 'aes_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:7037:5: call_function: calling 'secret_key_set_default_attributes' from 'aes_set_default_attributes' # 1694| if (unwraptmpl_attr) # 1695| free(unwraptmpl_attr); # 1696|-> if (derivetmpl_attr) # 1697| free(derivetmpl_attr); # 1698| Error: GCC_ANALYZER_WARNING (CWE-401): [#def31] opencryptoki-3.24.0/usr/lib/common/key.c:4123:8: warning[-Wanalyzer-malloc-leak]: leak of 'ec_point_attr' opencryptoki-3.24.0/usr/lib/common/key.c:4064:7: enter_function: entry to 'ecdsa_publ_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:4071:5: call_function: calling 'publ_key_set_default_attributes' from 'ecdsa_publ_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:4071:5: return_function: returning to 'ecdsa_publ_set_default_attributes' from 'publ_key_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:4076:38: acquire_memory: allocated here opencryptoki-3.24.0/usr/lib/common/key.c:4078:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/key.c:4078:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:4078:9: branch_false: following 'false' branch (when 'ec_point_attr' is non-NULL)... opencryptoki-3.24.0/usr/lib/common/key.c:4084:5: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:4098:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/key.c:4103:10: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:4104:8: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/common/key.c:4105:9: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:4123:8: branch_false: following 'false' branch (when 'ec_point_attr' is NULL)... branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:4123:8: danger: 'ec_point_attr' leaks here; was allocated at [(55)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/54) # 4121| if (params_attr) # 4122| free(params_attr); # 4123|-> if (ec_point_attr) # 4124| free(ec_point_attr); # 4125| Error: GCC_ANALYZER_WARNING (CWE-401): [#def32] opencryptoki-3.24.0/usr/lib/common/key.c:4642:9: warning[-Wanalyzer-malloc-leak]: leak of 'base_attr' opencryptoki-3.24.0/usr/lib/common/key.c:4568:7: enter_function: entry to 'dh_publ_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:4576:5: call_function: calling 'publ_key_set_default_attributes' from 'dh_publ_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:4576:5: return_function: returning to 'dh_publ_set_default_attributes' from 'publ_key_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:4581:34: acquire_memory: allocated here opencryptoki-3.24.0/usr/lib/common/key.c:4584:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/key.c:4584:38: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:4584:9: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/key.c:4590:5: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:4608:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/key.c:4613:10: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:4614:8: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/common/key.c:4615:9: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:4639:8: branch_false: following 'false' branch (when 'base_attr' is NULL)... opencryptoki-3.24.0/usr/lib/common/key.c:4641:8: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:4641:8: branch_true: following 'true' branch (when 'value_attr' is non-NULL)... opencryptoki-3.24.0/usr/lib/common/key.c:4642:9: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:4642:9: danger: 'base_attr' leaks here; was allocated at [(55)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/54) # 4640| free(base_attr); # 4641| if (value_attr) # 4642|-> free(value_attr); # 4643| # 4644| return rc; Error: GCC_ANALYZER_WARNING (CWE-401): [#def33] opencryptoki-3.24.0/usr/lib/common/key.c:5171:9: warning[-Wanalyzer-malloc-leak]: leak of 't1_attr' opencryptoki-3.24.0/usr/lib/common/key.c:5098:7: enter_function: entry to 'ibm_dilithium_publ_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:5106:5: call_function: calling 'publ_key_set_default_attributes' from 'ibm_dilithium_publ_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:5106:5: return_function: returning to 'ibm_dilithium_publ_set_default_attributes' from 'publ_key_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:5110:32: acquire_memory: allocated here opencryptoki-3.24.0/usr/lib/common/key.c:5113:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/key.c:5113:36: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:5113:9: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/key.c:5119:5: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:5137:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/key.c:5142:10: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:5143:8: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/common/key.c:5144:9: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:5168:8: branch_false: following 'false' branch (when 't1_attr' is NULL)... opencryptoki-3.24.0/usr/lib/common/key.c:5170:8: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:5170:8: branch_true: following 'true' branch (when 'value_attr' is non-NULL)... opencryptoki-3.24.0/usr/lib/common/key.c:5171:9: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:5171:9: danger: 't1_attr' leaks here; was allocated at [(55)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/54) # 5169| free(t1_attr); # 5170| if (value_attr) # 5171|-> free(value_attr); # 5172| # 5173| return rc; Error: GCC_ANALYZER_WARNING (CWE-401): [#def34] opencryptoki-3.24.0/usr/lib/common/key.c:5387:8: warning[-Wanalyzer-malloc-leak]: leak of 'value_attr' opencryptoki-3.24.0/usr/lib/common/key.c:5329:7: enter_function: entry to 'ibm_kyber_publ_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:5336:5: call_function: calling 'publ_key_set_default_attributes' from 'ibm_kyber_publ_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:5336:5: return_function: returning to 'ibm_kyber_publ_set_default_attributes' from 'publ_key_set_default_attributes' opencryptoki-3.24.0/usr/lib/common/key.c:5340:35: acquire_memory: allocated here opencryptoki-3.24.0/usr/lib/common/key.c:5342:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/key.c:5342:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:5342:9: branch_false: following 'false' branch (when 'value_attr' is non-NULL)... opencryptoki-3.24.0/usr/lib/common/key.c:5348:5: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:5362:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/key.c:5367:10: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:5368:8: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/common/key.c:5369:9: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:5387:8: branch_false: following 'false' branch (when 'value_attr' is NULL)... branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/key.c:5387:8: danger: 'value_attr' leaks here; was allocated at [(55)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/54) # 5385| if (pk_attr) # 5386| free(pk_attr); # 5387|-> if (value_attr) # 5388| free(value_attr); # 5389| Error: GCC_ANALYZER_WARNING (CWE-789): [#def35] opencryptoki-3.24.0/usr/lib/common/loadsave.c:920:27: warning[-Wanalyzer-tainted-allocation-size]: use of attacker-controlled value '(unsigned int)size' as allocation size without upper-bounds checking opencryptoki-3.24.0/usr/lib/common/loadsave.c:2616:7: enter_function: entry to 'load_private_token_objects' opencryptoki-3.24.0/usr/lib/common/loadsave.c:2629:8: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/common/loadsave.c:2630:16: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/loadsave.c:2630:16: call_function: calling 'load_private_token_objects_old' from 'load_private_token_objects' # 918| # 919| size -= sizeof(CK_ULONG_32) + sizeof(CK_BBOOL); # 920|-> buf = (CK_BYTE *) malloc(size); # 921| if (!buf) { # 922| fclose(fp2); Error: GCC_ANALYZER_WARNING (CWE-789): [#def36] opencryptoki-3.24.0/usr/lib/common/loadsave.c:920:27: warning[-Wanalyzer-tainted-allocation-size]: use of attacker-controlled value ‘(unsigned int)size’ as allocation size without upper-bounds checking opencryptoki-3.24.0/usr/lib/common/loadsave.c:2616:7: enter_function: entry to ‘load_private_token_objects’ opencryptoki-3.24.0/usr/lib/common/loadsave.c:2629:8: branch_true: following ‘true’ branch... opencryptoki-3.24.0/usr/lib/common/loadsave.c:2630:16: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/loadsave.c:2630:16: call_function: calling ‘load_private_token_objects_old’ from ‘load_private_token_objects’ # 918| # 919| size -= sizeof(CK_ULONG_32) + sizeof(CK_BBOOL); # 920|-> buf = (CK_BYTE *) malloc(size); # 921| if (!buf) { # 922| fclose(fp2); Error: GCC_ANALYZER_WARNING (CWE-789): [#def37] opencryptoki-3.24.0/usr/lib/common/loadsave.c:1491:25: warning[-Wanalyzer-tainted-allocation-size]: use of attacker-controlled value '(unsigned int)size' as allocation size without upper-bounds checking opencryptoki-3.24.0/usr/lib/common/loadsave.c:2761:7: enter_function: entry to 'reload_token_object' opencryptoki-3.24.0/usr/lib/common/loadsave.c:2774:8: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/common/loadsave.c:2775:16: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/loadsave.c:2775:16: call_function: calling 'reload_token_object_old' from 'reload_token_object' # 1489| clear_len = len; # 1490| # 1491|-> clear = (CK_BYTE *) malloc(len); # 1492| if (!clear) { # 1493| TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY)); Error: GCC_ANALYZER_WARNING (CWE-789): [#def38] opencryptoki-3.24.0/usr/lib/common/loadsave.c:1491:25: warning[-Wanalyzer-tainted-allocation-size]: use of attacker-controlled value ‘(unsigned int)size’ as allocation size without upper-bounds checking opencryptoki-3.24.0/usr/lib/common/loadsave.c:2761:7: enter_function: entry to ‘reload_token_object’ opencryptoki-3.24.0/usr/lib/common/loadsave.c:2774:8: branch_true: following ‘true’ branch... opencryptoki-3.24.0/usr/lib/common/loadsave.c:2775:16: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/loadsave.c:2775:16: call_function: calling ‘reload_token_object_old’ from ‘reload_token_object’ # 1489| clear_len = len; # 1490| # 1491|-> clear = (CK_BYTE *) malloc(len); # 1492| if (!clear) { # 1493| TRACE_ERROR("%s\n", ock_err(ERR_HOST_MEMORY)); Error: GCC_ANALYZER_WARNING (CWE-789): [#def39] opencryptoki-3.24.0/usr/lib/common/loadsave.c:1625:23: warning[-Wanalyzer-tainted-allocation-size]: use of attacker-controlled value '(unsigned int)size' as allocation size without upper-bounds checking opencryptoki-3.24.0/usr/lib/common/loadsave.c:2761:7: enter_function: entry to 'reload_token_object' opencryptoki-3.24.0/usr/lib/common/loadsave.c:2774:8: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/common/loadsave.c:2775:16: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/loadsave.c:2775:16: call_function: calling 'reload_token_object_old' from 'reload_token_object' # 1623| size -= sizeof(CK_ULONG_32) + sizeof(CK_BBOOL); # 1624| # 1625|-> buf = (CK_BYTE *) malloc(size); # 1626| if (!buf) { # 1627| rc = CKR_HOST_MEMORY; Error: GCC_ANALYZER_WARNING (CWE-789): [#def40] opencryptoki-3.24.0/usr/lib/common/loadsave.c:1625:23: warning[-Wanalyzer-tainted-allocation-size]: use of attacker-controlled value ‘(unsigned int)size’ as allocation size without upper-bounds checking opencryptoki-3.24.0/usr/lib/common/loadsave.c:2761:7: enter_function: entry to ‘reload_token_object’ opencryptoki-3.24.0/usr/lib/common/loadsave.c:2774:8: branch_true: following ‘true’ branch... opencryptoki-3.24.0/usr/lib/common/loadsave.c:2775:16: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/loadsave.c:2775:16: call_function: calling ‘reload_token_object_old’ from ‘reload_token_object’ # 1623| size -= sizeof(CK_ULONG_32) + sizeof(CK_BBOOL); # 1624| # 1625|-> buf = (CK_BYTE *) malloc(size); # 1626| if (!buf) { # 1627| rc = CKR_HOST_MEMORY; Error: GCC_ANALYZER_WARNING (CWE-789): [#def41] opencryptoki-3.24.0/usr/lib/common/loadsave.c:1763:27: warning[-Wanalyzer-tainted-allocation-size]: use of attacker-controlled value '(unsigned int)size' as allocation size without upper-bounds checking opencryptoki-3.24.0/usr/lib/common/loadsave.c:2934:7: enter_function: entry to 'load_public_token_objects' opencryptoki-3.24.0/usr/lib/common/loadsave.c:2946:8: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/common/loadsave.c:2947:16: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/loadsave.c:2947:16: call_function: calling 'load_public_token_objects_old' from 'load_public_token_objects' # 1761| # 1762| size -= sizeof(CK_ULONG_32) + sizeof(CK_BBOOL); # 1763|-> buf = (CK_BYTE *) malloc(size); # 1764| if (!buf) { # 1765| fclose(fp2); Error: GCC_ANALYZER_WARNING (CWE-789): [#def42] opencryptoki-3.24.0/usr/lib/common/loadsave.c:1763:27: warning[-Wanalyzer-tainted-allocation-size]: use of attacker-controlled value ‘(unsigned int)size’ as allocation size without upper-bounds checking opencryptoki-3.24.0/usr/lib/common/loadsave.c:2934:7: enter_function: entry to ‘load_public_token_objects’ opencryptoki-3.24.0/usr/lib/common/loadsave.c:2946:8: branch_true: following ‘true’ branch... opencryptoki-3.24.0/usr/lib/common/loadsave.c:2947:16: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/loadsave.c:2947:16: call_function: calling ‘load_public_token_objects_old’ from ‘load_public_token_objects’ # 1761| # 1762| size -= sizeof(CK_ULONG_32) + sizeof(CK_BBOOL); # 1763|-> buf = (CK_BYTE *) malloc(size); # 1764| if (!buf) { # 1765| fclose(fp2); Error: GCC_ANALYZER_WARNING (CWE-122): [#def43] opencryptoki-3.24.0/usr/lib/common/mech_rsa.c:2490:9: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow opencryptoki-3.24.0/usr/lib/common/mech_rsa.c:2605:7: enter_function: entry to 'decode_eme_oaep' opencryptoki-3.24.0/usr/lib/common/mech_rsa.c:2640:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/mech_rsa.c:2645:13: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_rsa.c:2647:8: branch_false: following 'false' branch (when 'db' is non-NULL)... opencryptoki-3.24.0/usr/lib/common/mech_rsa.c:2657:32: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_rsa.c:2662:9: call_function: calling 'mgf1' from 'decode_eme_oaep' # 2488| /* concatenate seed and octet string */ # 2489| memset(seed_buffer, 0, seedlen + 4); # 2490|-> memcpy(seed_buffer, seed, seedlen); # 2491| memcpy(seed_buffer + seedlen, counter, 4); # 2492| Error: GCC_ANALYZER_WARNING (CWE-401): [#def44] opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1757:9: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>' opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1578:8: branch_false: following 'false' branch (when 'new_attrs' is non-NULL)... branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1589:17: branch_true: following 'true' branch (when 'i != 3')... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1590:22: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1592:37: acquire_memory: allocated here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1593:12: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1598:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1589:17: branch_true: following 'true' branch (when 'i != 3')... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1590:22: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1593:12: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1595:13: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1736:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1739:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1739:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1742:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1742:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1744:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1744:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1746:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1746:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1748:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1748:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1751:8: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1751:8: branch_true: following 'true' branch (when 'new_attrs' is non-NULL)... branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1752:21: branch_false: following 'false' branch (when 'ulCount <= i')... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1757:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1757:9: danger: '<unknown>' leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4) # 1755| } # 1756| # 1757|-> free(new_attrs); # 1758| } # 1759| Error: GCC_ANALYZER_WARNING (CWE-401): [#def45] opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1757:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1578:8: branch_false: following ‘false’ branch (when ‘new_attrs’ is non-NULL)... branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1589:17: branch_true: following ‘true’ branch (when ‘i != 3’)... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1590:22: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1592:37: acquire_memory: allocated here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1593:12: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1598:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1589:17: branch_true: following ‘true’ branch (when ‘i != 3’)... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1590:22: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1593:12: branch_true: following ‘true’ branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1595:13: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1736:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1739:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1739:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1742:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1742:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1744:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1744:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1746:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1746:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1748:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1748:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1751:8: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1751:8: branch_true: following ‘true’ branch (when ‘new_attrs’ is non-NULL)... branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1752:21: branch_false: following ‘false’ branch (when ‘ulCount <= i’)... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1757:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1757:9: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4) # 1755| } # 1756| # 1757|-> free(new_attrs); # 1758| } # 1759| Error: GCC_ANALYZER_WARNING (CWE-401): [#def46] opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2022:9: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>' opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1796:8: branch_false: following 'false' branch (when 'new_attrs' is non-NULL)... branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1807:17: branch_true: following 'true' branch (when 'i != 3')... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1808:22: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1810:37: acquire_memory: allocated here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1811:12: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1815:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1807:17: branch_true: following 'true' branch (when 'i != 3')... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1808:22: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1811:12: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1812:13: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1998:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2001:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2001:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2007:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2007:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2009:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2009:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2011:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2011:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2013:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2013:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2016:8: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2016:8: branch_true: following 'true' branch (when 'new_attrs' is non-NULL)... branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2017:21: branch_false: following 'false' branch (when 'ulCount <= i')... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2022:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2022:9: danger: '<unknown>' leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4) # 2020| } # 2021| # 2022|-> free(new_attrs); # 2023| } # 2024| Error: GCC_ANALYZER_WARNING (CWE-401): [#def47] opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2022:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1796:8: branch_false: following ‘false’ branch (when ‘new_attrs’ is non-NULL)... branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1807:17: branch_true: following ‘true’ branch (when ‘i != 3’)... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1808:22: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1810:37: acquire_memory: allocated here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1811:12: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1815:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1807:17: branch_true: following ‘true’ branch (when ‘i != 3’)... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1808:22: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1811:12: branch_true: following ‘true’ branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1812:13: branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:1998:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2001:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2001:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2007:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2007:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2009:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2009:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2011:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2011:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2013:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2013:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2016:8: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2016:8: branch_true: following ‘true’ branch (when ‘new_attrs’ is non-NULL)... branch_true: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2017:21: branch_false: following ‘false’ branch (when ‘ulCount <= i’)... opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2022:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/common/mech_ssl3.c:2022:9: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4) # 2020| } # 2021| # 2022|-> free(new_attrs); # 2023| } # 2024| Error: CPPCHECK_WARNING (CWE-682): [#def48] opencryptoki-3.24.0/usr/lib/common/shared_memory.c:129: error[nullPointerArithmeticOutOfMemory]: If memory allocation fail: pointer addition with NULL pointer. # 127| # 128| i = 0; # 129|-> *it++ = '/'; # 130| if (file_path[0] == '/') # 131| i++; Error: CPPCHECK_WARNING (CWE-476): [#def49] opencryptoki-3.24.0/usr/lib/common/shared_memory.c:129: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: it++ # 127| # 128| i = 0; # 129|-> *it++ = '/'; # 130| if (file_path[0] == '/') # 131| i++; Error: GCC_ANALYZER_WARNING (CWE-401): [#def50] opencryptoki-3.24.0/usr/lib/config/cfglex.c:1756:12: warning[-Wanalyzer-malloc-leak]: leak of 'configalloc(64, yyscanner)' opencryptoki-3.24.0/usr/lib/config/cfglex.c:1742:21: enter_function: entry to 'config_create_buffer' opencryptoki-3.24.0/usr/lib/config/cfglex.c:1746:24: call_function: calling 'configalloc' from 'config_create_buffer' opencryptoki-3.24.0/usr/lib/config/cfglex.c:1746:24: return_function: returning to 'config_create_buffer' from 'configalloc' opencryptoki-3.24.0/usr/lib/config/cfglex.c:1747:12: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/config/cfglex.c:1750:2: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/cfglex.c:1756:12: danger: 'configalloc(64, yyscanner)' leaks here; was allocated at [(4)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/3) # 1754| * we need to put in 2 end-of-buffer characters. # 1755| */ # 1756|-> b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2) , yyscanner ); # 1757| if ( ! b->yy_ch_buf ) # 1758| YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); Error: GCC_ANALYZER_WARNING (CWE-401): [#def51] opencryptoki-3.24.0/usr/lib/config/cfglex.c:1756:12: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(64)’ opencryptoki-3.24.0/usr/lib/config/cfglex.c:1742:21: enter_function: entry to ‘config_create_buffer’ opencryptoki-3.24.0/usr/lib/config/cfglex.c:1746:24: call_function: inlined call to ‘configalloc’ from ‘config_create_buffer’ opencryptoki-3.24.0/usr/lib/config/cfglex.c:1747:12: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/lib/config/cfglex.c:1750:2: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/cfglex.c:1756:12: danger: ‘malloc(64)’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) # 1754| * we need to put in 2 end-of-buffer characters. # 1755| */ # 1756|-> b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2) , yyscanner ); # 1757| if ( ! b->yy_ch_buf ) # 1758| YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); Error: GCC_ANALYZER_WARNING (CWE-476): [#def52] opencryptoki-3.24.0/usr/lib/config/cfglex.c:1798:2: warning[-Wanalyzer-null-dereference]: dereference of NULL 'b' opencryptoki-3.24.0/usr/lib/config/cfglex.c:1677:10: enter_function: entry to 'configrestart' opencryptoki-3.24.0/usr/lib/config/cfglex.c:1682:16: call_function: calling 'configensure_buffer_stack' from 'configrestart' opencryptoki-3.24.0/usr/lib/config/cfglex.c:1682:16: return_function: returning to 'configrestart' from 'configensure_buffer_stack' opencryptoki-3.24.0/usr/lib/config/cfglex.c:1684:27: call_function: calling 'config_create_buffer' from 'configrestart' opencryptoki-3.24.0/usr/lib/config/cfglex.c:1684:27: return_function: returning to 'configrestart' from 'config_create_buffer' opencryptoki-3.24.0/usr/lib/config/cfglex.c:1687:2: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/config/cfglex.c:1687:2: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/cfglex.c:1687:2: call_function: calling 'config_init_buffer' from 'configrestart' # 1796| # 1797| yy_flush_buffer( b , yyscanner); # 1798|-> # 1799| b->yy_input_file = file; # 1800| b->yy_fill_buffer = 1; Error: GCC_ANALYZER_WARNING (CWE-476): [#def53] opencryptoki-3.24.0/usr/lib/config/cfglex.c:1798:2: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘b’ opencryptoki-3.24.0/usr/lib/config/cfglex.c:1677:10: enter_function: entry to ‘configrestart’ opencryptoki-3.24.0/usr/lib/config/cfglex.c:1682:16: call_function: calling ‘configensure_buffer_stack’ from ‘configrestart’ opencryptoki-3.24.0/usr/lib/config/cfglex.c:1682:16: return_function: returning to ‘configrestart’ from ‘configensure_buffer_stack’ opencryptoki-3.24.0/usr/lib/config/cfglex.c:1684:27: call_function: calling ‘config_create_buffer’ from ‘configrestart’ opencryptoki-3.24.0/usr/lib/config/cfglex.c:1684:27: return_function: returning to ‘configrestart’ from ‘config_create_buffer’ opencryptoki-3.24.0/usr/lib/config/cfglex.c:1687:2: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/lib/config/cfglex.c:1687:2: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/cfglex.c:1687:2: call_function: calling ‘config_init_buffer’ from ‘configrestart’ # 1796| # 1797| yy_flush_buffer( b , yyscanner); # 1798|-> # 1799| b->yy_input_file = file; # 1800| b->yy_fill_buffer = 1; Error: GCC_ANALYZER_WARNING (CWE-401): [#def54] opencryptoki-3.24.0/usr/lib/config/cfglex.c:2016:25: warning[-Wanalyzer-malloc-leak]: leak of 'configalloc(n, yyscanner)' opencryptoki-3.24.0/usr/lib/config/cfglex.c:2000:17: enter_function: entry to 'config_scan_bytes' opencryptoki-3.24.0/usr/lib/config/cfglex.c:2009:24: call_function: calling 'configalloc' from 'config_scan_bytes' opencryptoki-3.24.0/usr/lib/config/cfglex.c:2009:24: return_function: returning to 'config_scan_bytes' from 'configalloc' opencryptoki-3.24.0/usr/lib/config/cfglex.c:2010:12: branch_false: following 'false' branch... branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/cfglex.c:2018:6: call_function: calling 'config_scan_buffer' from 'config_scan_bytes' # 2014| for ( i = 0; i < _yybytes_len; ++i ) # 2015| buf[i] = yybytes[i]; # 2016|-> # 2017| buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; # 2018| Error: GCC_ANALYZER_WARNING (CWE-401): [#def55] opencryptoki-3.24.0/usr/lib/config/cfglex.c:2016:25: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(n)’ opencryptoki-3.24.0/usr/lib/config/cfglex.c:2000:17: enter_function: entry to ‘config_scan_bytes’ opencryptoki-3.24.0/usr/lib/config/cfglex.c:2009:24: call_function: inlined call to ‘configalloc’ from ‘config_scan_bytes’ opencryptoki-3.24.0/usr/lib/config/cfglex.c:2010:12: branch_false: following ‘false’ branch... branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/cfglex.c:2018:6: call_function: calling ‘config_scan_buffer’ from ‘config_scan_bytes’ # 2014| for ( i = 0; i < _yybytes_len; ++i ) # 2015| buf[i] = yybytes[i]; # 2016|-> # 2017| buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; # 2018| Error: GCC_ANALYZER_WARNING (CWE-457): [#def56] opencryptoki-3.24.0/usr/lib/config/cfgparse.c:1688:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'yyss' opencryptoki-3.24.0/usr/lib/config/cfgparse.y:333:5: enter_function: entry to 'parse_configlib_file' opencryptoki-3.24.0/usr/lib/config/cfgparse.y:341:11: call_function: calling 'configparse' from 'parse_configlib_file' # 1686| if (! yyptr) # 1687| YYNOMEM; # 1688|-> YYSTACK_RELOCATE (yyss_alloc, yyss); # 1689| YYSTACK_RELOCATE (yyvs_alloc, yyvs); # 1690| YYSTACK_RELOCATE (yyls_alloc, yyls); Error: GCC_ANALYZER_WARNING (CWE-457): [#def57] opencryptoki-3.24.0/usr/lib/config/cfgparse.c:1688:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyss’ opencryptoki-3.24.0/usr/lib/config/cfgparse.y:333:5: enter_function: entry to ‘parse_configlib_file’ opencryptoki-3.24.0/usr/lib/config/cfgparse.y:341:11: call_function: calling ‘configparse’ from ‘parse_configlib_file’ # 1686| if (! yyptr) # 1687| YYNOMEM; # 1688|-> YYSTACK_RELOCATE (yyss_alloc, yyss); # 1689| YYSTACK_RELOCATE (yyvs_alloc, yyvs); # 1690| YYSTACK_RELOCATE (yyls_alloc, yyls); Error: GCC_ANALYZER_WARNING (CWE-415): [#def58] opencryptoki-3.24.0/usr/lib/config/configuration.c:556:17: warning[-Wanalyzer-double-free]: double-'free' of 'cmt' opencryptoki-3.24.0/usr/lib/config/configuration.c:527:1: enter_function: entry to 'confignode_allocidxstructdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:537:8: branch_false: following 'false' branch (when 'dkey' is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:539:8: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:539:8: branch_true: following 'true' branch (when 'comment' is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:540:15: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:540:15: acquire_memory: allocated here opencryptoki-3.24.0/usr/lib/config/configuration.c:541:12: branch_false: following 'false' branch (when 'cmt' is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:548:11: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:548:11: call_function: calling 'confignode_alloceoc' from 'confignode_allocidxstructdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:548:11: return_function: returning to 'confignode_allocidxstructdumpable' from 'confignode_alloceoc' opencryptoki-3.24.0/usr/lib/config/configuration.c:549:8: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/config/configuration.c:550:15: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:550:15: call_function: calling 'confignode_allocidxstruct' from 'confignode_allocidxstructdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:550:15: return_function: returning to 'confignode_allocidxstructdumpable' from 'confignode_allocidxstruct' opencryptoki-3.24.0/usr/lib/config/configuration.c:551:12: branch_false: following 'false' branch... branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:554:13: call_function: inlined call to 'confignode_freeeoc' from 'confignode_allocidxstructdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:554:13: call_function: inlined call to 'confignode_freeeoc' from 'confignode_allocidxstructdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:555:16: branch_true: following 'true' branch (when 'cmt' is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:556:17: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:556:17: danger: second 'free' here; first 'free' was at [(27)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/26) # 554| confignode_freeeoc(eoc); # 555| if (cmt != NULL) # 556|-> free(cmt); # 557| free(dkey); # 558| } Error: GCC_ANALYZER_WARNING (CWE-415): [#def59] opencryptoki-3.24.0/usr/lib/config/configuration.c:556:17: warning[-Wanalyzer-double-free]: double-‘free’ of ‘cmt’ opencryptoki-3.24.0/usr/lib/config/configuration.c:527:1: enter_function: entry to ‘confignode_allocidxstructdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:537:8: branch_false: following ‘false’ branch (when ‘dkey’ is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:539:8: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:539:8: branch_true: following ‘true’ branch (when ‘comment’ is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:540:15: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:540:15: acquire_memory: allocated here opencryptoki-3.24.0/usr/lib/config/configuration.c:541:12: branch_false: following ‘false’ branch (when ‘cmt’ is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:548:11: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:548:11: call_function: calling ‘confignode_alloceoc’ from ‘confignode_allocidxstructdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:548:11: return_function: returning to ‘confignode_allocidxstructdumpable’ from ‘confignode_alloceoc’ opencryptoki-3.24.0/usr/lib/config/configuration.c:549:8: branch_true: following ‘true’ branch... opencryptoki-3.24.0/usr/lib/config/configuration.c:550:15: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:550:15: call_function: calling ‘confignode_allocidxstruct’ from ‘confignode_allocidxstructdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:550:15: return_function: returning to ‘confignode_allocidxstructdumpable’ from ‘confignode_allocidxstruct’ opencryptoki-3.24.0/usr/lib/config/configuration.c:551:12: branch_false: following ‘false’ branch... branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:554:13: call_function: inlined call to ‘confignode_freeeoc’ from ‘confignode_allocidxstructdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:554:13: call_function: inlined call to ‘confignode_freeeoc’ from ‘confignode_allocidxstructdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:555:16: branch_true: following ‘true’ branch (when ‘cmt’ is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:556:17: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:556:17: danger: second ‘free’ here; first ‘free’ was at [(27)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/26) # 554| confignode_freeeoc(eoc); # 555| if (cmt != NULL) # 556|-> free(cmt); # 557| free(dkey); # 558| } Error: GCC_ANALYZER_WARNING (CWE-415): [#def60] opencryptoki-3.24.0/usr/lib/config/configuration.c:596:17: warning[-Wanalyzer-double-free]: double-'free' of 'cmt' opencryptoki-3.24.0/usr/lib/config/configuration.c:567:1: enter_function: entry to 'confignode_allocstructdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:577:8: branch_false: following 'false' branch (when 'dkey' is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:579:8: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:579:8: branch_true: following 'true' branch (when 'comment' is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:580:15: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:580:15: acquire_memory: allocated here opencryptoki-3.24.0/usr/lib/config/configuration.c:581:12: branch_false: following 'false' branch (when 'cmt' is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:588:11: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:588:11: call_function: calling 'confignode_alloceoc' from 'confignode_allocstructdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:588:11: return_function: returning to 'confignode_allocstructdumpable' from 'confignode_alloceoc' opencryptoki-3.24.0/usr/lib/config/configuration.c:589:8: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/config/configuration.c:590:15: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:590:15: call_function: calling 'confignode_allocstruct' from 'confignode_allocstructdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:590:15: return_function: returning to 'confignode_allocstructdumpable' from 'confignode_allocstruct' opencryptoki-3.24.0/usr/lib/config/configuration.c:591:12: branch_false: following 'false' branch... branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:594:13: call_function: inlined call to 'confignode_freeeoc' from 'confignode_allocstructdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:594:13: call_function: inlined call to 'confignode_freeeoc' from 'confignode_allocstructdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:595:16: branch_true: following 'true' branch (when 'cmt' is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:596:17: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:596:17: danger: second 'free' here; first 'free' was at [(27)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/26) # 594| confignode_freeeoc(eoc); # 595| if (cmt != NULL) # 596|-> free(cmt); # 597| free(dkey); # 598| } Error: GCC_ANALYZER_WARNING (CWE-415): [#def61] opencryptoki-3.24.0/usr/lib/config/configuration.c:596:17: warning[-Wanalyzer-double-free]: double-‘free’ of ‘cmt’ opencryptoki-3.24.0/usr/lib/config/configuration.c:567:1: enter_function: entry to ‘confignode_allocstructdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:577:8: branch_false: following ‘false’ branch (when ‘dkey’ is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:579:8: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:579:8: branch_true: following ‘true’ branch (when ‘comment’ is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:580:15: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:580:15: acquire_memory: allocated here opencryptoki-3.24.0/usr/lib/config/configuration.c:581:12: branch_false: following ‘false’ branch (when ‘cmt’ is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:588:11: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:588:11: call_function: calling ‘confignode_alloceoc’ from ‘confignode_allocstructdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:588:11: return_function: returning to ‘confignode_allocstructdumpable’ from ‘confignode_alloceoc’ opencryptoki-3.24.0/usr/lib/config/configuration.c:589:8: branch_true: following ‘true’ branch... opencryptoki-3.24.0/usr/lib/config/configuration.c:590:15: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:590:15: call_function: calling ‘confignode_allocstruct’ from ‘confignode_allocstructdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:590:15: return_function: returning to ‘confignode_allocstructdumpable’ from ‘confignode_allocstruct’ opencryptoki-3.24.0/usr/lib/config/configuration.c:591:12: branch_false: following ‘false’ branch... branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:594:13: call_function: inlined call to ‘confignode_freeeoc’ from ‘confignode_allocstructdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:594:13: call_function: inlined call to ‘confignode_freeeoc’ from ‘confignode_allocstructdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:595:16: branch_true: following ‘true’ branch (when ‘cmt’ is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:596:17: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:596:17: danger: second ‘free’ here; first ‘free’ was at [(27)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/26) # 594| confignode_freeeoc(eoc); # 595| if (cmt != NULL) # 596|-> free(cmt); # 597| free(dkey); # 598| } Error: GCC_ANALYZER_WARNING (CWE-415): [#def62] opencryptoki-3.24.0/usr/lib/config/configuration.c:637:17: warning[-Wanalyzer-double-free]: double-'free' of 'cmt' opencryptoki-3.24.0/usr/lib/config/configuration.c:608:1: enter_function: entry to 'confignode_allocbarelistdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:618:8: branch_false: following 'false' branch (when 'dkey' is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:620:8: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:620:8: branch_true: following 'true' branch (when 'comment' is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:621:15: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:621:15: acquire_memory: allocated here opencryptoki-3.24.0/usr/lib/config/configuration.c:622:12: branch_false: following 'false' branch (when 'cmt' is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:629:11: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:629:11: call_function: calling 'confignode_alloceoc' from 'confignode_allocbarelistdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:629:11: return_function: returning to 'confignode_allocbarelistdumpable' from 'confignode_alloceoc' opencryptoki-3.24.0/usr/lib/config/configuration.c:630:8: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/config/configuration.c:631:15: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:631:15: call_function: calling 'confignode_allocbarelist' from 'confignode_allocbarelistdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:631:15: return_function: returning to 'confignode_allocbarelistdumpable' from 'confignode_allocbarelist' opencryptoki-3.24.0/usr/lib/config/configuration.c:632:12: branch_false: following 'false' branch... branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:635:13: call_function: inlined call to 'confignode_freeeoc' from 'confignode_allocbarelistdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:635:13: call_function: inlined call to 'confignode_freeeoc' from 'confignode_allocbarelistdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:636:16: branch_true: following 'true' branch (when 'cmt' is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:637:17: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:637:17: danger: second 'free' here; first 'free' was at [(27)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/26) # 635| confignode_freeeoc(eoc); # 636| if (cmt != NULL) # 637|-> free(cmt); # 638| free(dkey); # 639| } Error: GCC_ANALYZER_WARNING (CWE-415): [#def63] opencryptoki-3.24.0/usr/lib/config/configuration.c:637:17: warning[-Wanalyzer-double-free]: double-‘free’ of ‘cmt’ opencryptoki-3.24.0/usr/lib/config/configuration.c:608:1: enter_function: entry to ‘confignode_allocbarelistdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:618:8: branch_false: following ‘false’ branch (when ‘dkey’ is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:620:8: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:620:8: branch_true: following ‘true’ branch (when ‘comment’ is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:621:15: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:621:15: acquire_memory: allocated here opencryptoki-3.24.0/usr/lib/config/configuration.c:622:12: branch_false: following ‘false’ branch (when ‘cmt’ is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:629:11: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:629:11: call_function: calling ‘confignode_alloceoc’ from ‘confignode_allocbarelistdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:629:11: return_function: returning to ‘confignode_allocbarelistdumpable’ from ‘confignode_alloceoc’ opencryptoki-3.24.0/usr/lib/config/configuration.c:630:8: branch_true: following ‘true’ branch... opencryptoki-3.24.0/usr/lib/config/configuration.c:631:15: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:631:15: call_function: calling ‘confignode_allocbarelist’ from ‘confignode_allocbarelistdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:631:15: return_function: returning to ‘confignode_allocbarelistdumpable’ from ‘confignode_allocbarelist’ opencryptoki-3.24.0/usr/lib/config/configuration.c:632:12: branch_false: following ‘false’ branch... branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:635:13: call_function: inlined call to ‘confignode_freeeoc’ from ‘confignode_allocbarelistdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:635:13: call_function: inlined call to ‘confignode_freeeoc’ from ‘confignode_allocbarelistdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:636:16: branch_true: following ‘true’ branch (when ‘cmt’ is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:637:17: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:637:17: danger: second ‘free’ here; first ‘free’ was at [(27)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/26) # 635| confignode_freeeoc(eoc); # 636| if (cmt != NULL) # 637|-> free(cmt); # 638| free(dkey); # 639| } Error: GCC_ANALYZER_WARNING (CWE-415): [#def64] opencryptoki-3.24.0/usr/lib/config/configuration.c:787:17: warning[-Wanalyzer-double-free]: double-'free' of 'cmt' opencryptoki-3.24.0/usr/lib/config/configuration.c:752:1: enter_function: entry to 'confignode_allocnumpairlistdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:762:8: branch_false: following 'false' branch (when 'dkey' is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:764:12: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:765:8: branch_false: following 'false' branch (when 'dend' is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:769:8: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:769:8: branch_true: following 'true' branch (when 'comment' is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:770:15: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:770:15: acquire_memory: allocated here opencryptoki-3.24.0/usr/lib/config/configuration.c:771:12: branch_false: following 'false' branch (when 'cmt' is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:779:11: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:779:11: call_function: calling 'confignode_alloceoc' from 'confignode_allocnumpairlistdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:779:11: return_function: returning to 'confignode_allocnumpairlistdumpable' from 'confignode_alloceoc' opencryptoki-3.24.0/usr/lib/config/configuration.c:780:8: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/config/configuration.c:781:15: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:781:15: call_function: calling 'confignode_allocnumpairlist' from 'confignode_allocnumpairlistdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:781:15: return_function: returning to 'confignode_allocnumpairlistdumpable' from 'confignode_allocnumpairlist' opencryptoki-3.24.0/usr/lib/config/configuration.c:782:12: branch_false: following 'false' branch... branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:785:13: call_function: inlined call to 'confignode_freeeoc' from 'confignode_allocnumpairlistdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:785:13: call_function: inlined call to 'confignode_freeeoc' from 'confignode_allocnumpairlistdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:786:16: branch_true: following 'true' branch (when 'cmt' is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:787:17: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:787:17: danger: second 'free' here; first 'free' was at [(29)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/28) # 785| confignode_freeeoc(eoc); # 786| if (cmt != NULL) # 787|-> free(cmt); # 788| free(dkey); # 789| free(dend); Error: GCC_ANALYZER_WARNING (CWE-415): [#def65] opencryptoki-3.24.0/usr/lib/config/configuration.c:787:17: warning[-Wanalyzer-double-free]: double-‘free’ of ‘cmt’ opencryptoki-3.24.0/usr/lib/config/configuration.c:752:1: enter_function: entry to ‘confignode_allocnumpairlistdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:762:8: branch_false: following ‘false’ branch (when ‘dkey’ is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:764:12: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:765:8: branch_false: following ‘false’ branch (when ‘dend’ is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:769:8: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:769:8: branch_true: following ‘true’ branch (when ‘comment’ is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:770:15: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:770:15: acquire_memory: allocated here opencryptoki-3.24.0/usr/lib/config/configuration.c:771:12: branch_false: following ‘false’ branch (when ‘cmt’ is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:779:11: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:779:11: call_function: calling ‘confignode_alloceoc’ from ‘confignode_allocnumpairlistdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:779:11: return_function: returning to ‘confignode_allocnumpairlistdumpable’ from ‘confignode_alloceoc’ opencryptoki-3.24.0/usr/lib/config/configuration.c:780:8: branch_true: following ‘true’ branch... opencryptoki-3.24.0/usr/lib/config/configuration.c:781:15: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:781:15: call_function: calling ‘confignode_allocnumpairlist’ from ‘confignode_allocnumpairlistdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:781:15: return_function: returning to ‘confignode_allocnumpairlistdumpable’ from ‘confignode_allocnumpairlist’ opencryptoki-3.24.0/usr/lib/config/configuration.c:782:12: branch_false: following ‘false’ branch... branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:785:13: call_function: inlined call to ‘confignode_freeeoc’ from ‘confignode_allocnumpairlistdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:785:13: call_function: inlined call to ‘confignode_freeeoc’ from ‘confignode_allocnumpairlistdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:786:16: branch_true: following ‘true’ branch (when ‘cmt’ is non-NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:787:17: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:787:17: danger: second ‘free’ here; first ‘free’ was at [(29)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/28) # 785| confignode_freeeoc(eoc); # 786| if (cmt != NULL) # 787|-> free(cmt); # 788| free(dkey); # 789| free(dend); Error: GCC_ANALYZER_WARNING (CWE-401): [#def66] opencryptoki-3.24.0/usr/lib/config/configuration.h:727:13: warning[-Wanalyzer-malloc-leak]: leak of 'confignode_alloceoc(cmt, line)' opencryptoki-3.24.0/usr/lib/config/configuration.c:801:1: enter_function: entry to 'confignode_allocbarestringconstdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:807:8: branch_false: following 'false' branch (when 'comment' is NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:812:11: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:812:11: call_function: calling 'confignode_allocbarestringconst' from 'confignode_allocbarestringconstdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:812:11: return_function: returning to 'confignode_allocbarestringconstdumpable' from 'confignode_allocbarestringconst' opencryptoki-3.24.0/usr/lib/config/configuration.c:813:8: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/config/configuration.c:814:15: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:814:15: call_function: calling 'confignode_alloceoc' from 'confignode_allocbarestringconstdumpable' opencryptoki-3.24.0/usr/lib/config/configuration.c:814:15: return_function: returning to 'confignode_allocbarestringconstdumpable' from 'confignode_alloceoc' opencryptoki-3.24.0/usr/lib/config/configuration.c:815:12: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/config/configuration.c:816:13: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:816:13: call_function: inlined call to 'confignode_append' from 'confignode_allocbarestringconstdumpable' # 725| tmp = n2->prev; # 726| n2->prev = n1->prev; # 727|-> tmp->next = n1; # 728| n1->prev = tmp; # 729| return n1; Error: GCC_ANALYZER_WARNING (CWE-401): [#def67] opencryptoki-3.24.0/usr/lib/config/configuration.h:727:13: warning[-Wanalyzer-malloc-leak]: leak of ‘confignode_alloceoc(cmt, line)’ opencryptoki-3.24.0/usr/lib/config/configuration.c:721:1: enter_function: entry to ‘confignode_allocnumpairdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:728:8: branch_false: following ‘false’ branch (when ‘comment’ is NULL)... opencryptoki-3.24.0/usr/lib/config/configuration.c:733:11: branch_false: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:733:11: call_function: calling ‘confignode_allocnumpair’ from ‘confignode_allocnumpairdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:733:11: return_function: returning to ‘confignode_allocnumpairdumpable’ from ‘confignode_allocnumpair’ opencryptoki-3.24.0/usr/lib/config/configuration.c:734:8: branch_true: following ‘true’ branch... opencryptoki-3.24.0/usr/lib/config/configuration.c:735:15: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:735:15: call_function: calling ‘confignode_alloceoc’ from ‘confignode_allocnumpairdumpable’ opencryptoki-3.24.0/usr/lib/config/configuration.c:735:15: return_function: returning to ‘confignode_allocnumpairdumpable’ from ‘confignode_alloceoc’ opencryptoki-3.24.0/usr/lib/config/configuration.c:736:12: branch_true: following ‘true’ branch... opencryptoki-3.24.0/usr/lib/config/configuration.c:737:13: branch_true: ...to here opencryptoki-3.24.0/usr/lib/config/configuration.c:737:13: call_function: inlined call to ‘confignode_append’ from ‘confignode_allocnumpairdumpable’ # 725| tmp = n2->prev; # 726| n2->prev = n1->prev; # 727|-> tmp->next = n1; # 728| n1->prev = tmp; # 729| return n1; Error: GCC_ANALYZER_WARNING (CWE-476): [#def68] opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:214:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:941:7: enter_function: entry to 'hsm_mk_change_op_iterate' opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:952:8: branch_false: following 'false' branch... branch_false: ...to here opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:958:17: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:959:21: branch_true: ...to here opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:959:12: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:961:20: branch_false: ...to here opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:964:14: call_function: calling 'hsm_mk_change_op_load' from 'hsm_mk_change_op_iterate' # 212| apqn = (struct apqn *)buff; # 213| # 214|-> (*apqns)[i].card = be16toh(apqn->card); # 215| (*apqns)[i].domain = be16toh(apqn->domain); # 216| buff += sizeof(struct apqn); Error: GCC_ANALYZER_WARNING (CWE-401): [#def69] opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:255:4: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>' opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:941:7: enter_function: entry to 'hsm_mk_change_op_iterate' opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:952:8: branch_false: following 'false' branch... branch_false: ...to here opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:958:17: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:959:21: branch_true: ...to here opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:959:12: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:961:20: branch_false: ...to here opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:964:14: call_function: calling 'hsm_mk_change_op_load' from 'hsm_mk_change_op_iterate' # 253| } # 254| # 255|-> memset(mkvps, 0, num_mkvps * sizeof(struct hsm_mkvp)); # 256| } # 257| Error: GCC_ANALYZER_WARNING (CWE-476): [#def70] opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:340:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:941:7: enter_function: entry to 'hsm_mk_change_op_iterate' opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:952:8: branch_false: following 'false' branch... branch_false: ...to here opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:958:17: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:959:21: branch_true: ...to here opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:959:12: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:961:20: branch_false: ...to here opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:964:14: call_function: calling 'hsm_mk_change_op_load' from 'hsm_mk_change_op_iterate' # 338| # 339| hdr = (struct hsm_mkvp_hdr *)buff; # 340|-> (*mkvps)[i].type = be32toh(hdr->type); # 341| (*mkvps)[i].mkvp_len = be32toh(hdr->mkvp_len); # 342| buff += sizeof(struct hsm_mkvp_hdr); Error: GCC_ANALYZER_WARNING (CWE-476): [#def71] opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:556:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:941:7: enter_function: entry to 'hsm_mk_change_op_iterate' opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:952:8: branch_false: following 'false' branch... branch_false: ...to here opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:958:17: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:959:21: branch_true: ...to here opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:959:12: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:961:20: branch_false: ...to here opencryptoki-3.24.0/usr/lib/hsm_mk_change/hsm_mk_change.c:964:14: call_function: calling 'hsm_mk_change_op_load' from 'hsm_mk_change_op_iterate' # 554| for (i = 0; i < *num_slots; i++) { # 555| slot = (CK_SLOT_ID_32 *)buff; # 556|-> (*slots)[i] = be32toh(*slot); # 557| buff += sizeof(CK_SLOT_ID_32); # 558| *bytes_read += sizeof(CK_SLOT_ID_32); Error: CPPCHECK_WARNING (CWE-476): [#def72] opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf.c:143: error[ctunullpointer]: Null pointer dereference: orig # 141| static void strpad(char *dest, const char *orig, size_t len, int padding_char) # 142| { # 143|-> size_t str_len = strlen(orig); # 144| # 145| UNUSED(padding_char); Error: CPPCHECK_WARNING (CWE-476): [#def73] opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf.c:143: warning[nullPointer]: Possible null pointer dereference: orig # 141| static void strpad(char *dest, const char *orig, size_t len, int padding_char) # 142| { # 143|-> size_t str_len = strlen(orig); # 144| # 145| UNUSED(padding_char); Error: GCC_ANALYZER_WARNING (CWE-457): [#def74] opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:679:5: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '&config.name' opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:632:7: enter_function: entry to 'token_specific_init_token_data' opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:640:8: branch_false: following 'false' branch (when 'slot_id <= 1023')... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:645:10: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:646:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:649:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:649:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:656:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:656:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:663:5: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:664:9: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:670:5: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:671:9: call_function: calling 'parse_config_file' from 'token_specific_init_token_data' opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:671:9: return_function: returning to 'token_specific_init_token_data' from 'parse_config_file' opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:671:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:679:5: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:679:5: danger: use of uninitialized value '&config.name' here # 677| # 678| /* Copy general info */ # 679|-> memcpy(tokdata->nv_token_data->token_info.label, config.name, # 680| strlen(config.name)); # 681| memcpy(tokdata->nv_token_data->token_info.manufacturerID, config.manuf, Error: GCC_ANALYZER_WARNING (CWE-121): [#def75] opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:886:13: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:846:8: branch_false: following 'false' branch (when 'slot_id <= 1023')... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:851:10: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:852:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:858:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:858:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:867:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:872:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:872:8: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:875:13: branch_true: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:880:12: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:885:24: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:885:12: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:886:13: branch_true: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:886:13: danger: out-of-bounds write on 'fname' # 884| # 885| if (PATH_MAX - strlen(fname) > strlen("/MK_SO")) { # 886|-> strcat(fname, "/MK_SO"); # 887| } else { # 888| TRACE_ERROR("MK_SO buffer overflow\n"); Error: GCC_ANALYZER_WARNING (CWE-121): [#def76] opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1213:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1180:8: branch_false: following 'false' branch (when 'rc == 0')... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1186:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1186:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1192:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1192:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1197:10: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1197:8: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1201:14: branch_true: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1200:12: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1207:13: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1207:12: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1208:17: branch_true: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1208:16: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1212:28: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1212:16: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1213:17: branch_true: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1213:17: danger: out-of-bounds write on 'fname' # 1211| } # 1212| if (PATH_MAX - strlen(fname) > strlen("/MK_USER")) { # 1213|-> strcat(fname, "/MK_USER"); # 1214| } else { # 1215| TRACE_ERROR("MK_USER buffer overflow\n"); Error: GCC_ANALYZER_WARNING (CWE-121): [#def77] opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1269:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1180:8: branch_false: following 'false' branch (when 'rc == 0')... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1186:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1186:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1192:9: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1192:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1197:10: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1197:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1244:15: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1244:15: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1248:14: branch_true: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1247:12: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1255:13: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1255:12: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1260:13: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1260:12: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1264:17: branch_true: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1264:16: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1268:28: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1268:16: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1269:17: branch_true: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1269:17: danger: out-of-bounds write on 'fname' # 1267| } # 1268| if (PATH_MAX - strlen(fname) > strlen("/MK_SO")) { # 1269|-> strcat(fname, "/MK_SO"); # 1270| } else { # 1271| TRACE_ERROR("MK_SO buffer overflow\n"); Error: GCC_ANALYZER_WARNING (CWE-121): [#def78] opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1646:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1603:8: branch_false: following 'false' branch (when 'slot_id <= 1023')... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1609:10: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1610:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1615:10: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1616:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1621:8: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1621:8: branch_true: following 'true' branch (when 'userType == 1')... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1623:20: branch_true: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1623:12: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1631:13: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1631:12: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1639:13: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1639:12: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1640:17: branch_true: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1640:16: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1645:28: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1645:16: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1646:17: branch_true: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1646:17: danger: out-of-bounds write on 'fname' # 1644| } # 1645| if (PATH_MAX - strlen(fname) > strlen("/MK_USER")) { # 1646|-> strcat(fname, "/MK_USER"); # 1647| } else { # 1648| TRACE_ERROR("MK_USER buffer overflow\n"); Error: GCC_ANALYZER_WARNING (CWE-121): [#def79] opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1678:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1603:8: branch_false: following 'false' branch (when 'slot_id <= 1023')... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1609:10: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1610:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1615:10: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1616:8: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1621:8: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1621:8: branch_false: following 'false' branch (when 'userType != 1')... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1663:20: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1663:12: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1670:13: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1670:12: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1672:17: branch_true: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1672:16: branch_false: following 'false' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1677:28: branch_false: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1677:16: branch_true: following 'true' branch... opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1678:17: branch_true: ...to here opencryptoki-3.24.0/usr/lib/icsf_stdll/icsf_specific.c:1678:17: danger: out-of-bounds write on 'fname' # 1676| } # 1677| if (PATH_MAX - strlen(fname) > strlen("/MK_SO")) { # 1678|-> strcat(fname, "/MK_SO"); # 1679| } else { # 1680| TRACE_ERROR("MK_SO buffer overflow\n"); Error: GCC_ANALYZER_WARNING (CWE-401): [#def80] opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:3187:8: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:11344:14: enter_function: entry to ‘p11sak_extract_cert_pubkey’ opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:11350:8: branch_true: following ‘true’ branch... opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:11351:9: branch_true: ...to here opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:11355:10: call_function: calling ‘iterate_objects’ from ‘p11sak_extract_cert_pubkey’ # 3185| # 3186| tmp = realloc(*attrs, (*num_attrs + 1) * sizeof(CK_ATTRIBUTE)); # 3187|-> if (tmp == NULL) { # 3188| warnx("Failed to allocate memory for attribute list"); # 3189| return CKR_HOST_MEMORY; Error: GCC_ANALYZER_WARNING (CWE-401): [#def81] opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:4151:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:11344:14: enter_function: entry to ‘p11sak_extract_cert_pubkey’ opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:11350:8: branch_true: following ‘true’ branch... opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:11351:9: branch_true: ...to here opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:11355:10: call_function: calling ‘iterate_objects’ from ‘p11sak_extract_cert_pubkey’ # 4149| } # 4150| # 4151|-> free(attrs); # 4152| } # 4153| Error: GCC_ANALYZER_WARNING (CWE-401): [#def82] opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:4195:16: warning[-Wanalyzer-malloc-leak]: leak of ‘calloc(*elem.ulValueLen, 1)’ opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10774:14: enter_function: entry to ‘handle_key_pubkey_extract’ opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10790:8: branch_false: following ‘false’ branch (when ‘class == 3’)... opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10793:9: branch_false: ...to here opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10793:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10798:10: branch_false: ...to here opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10798:8: branch_true: following ‘true’ branch... opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10825:10: branch_true: ...to here opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10825:10: call_function: calling ‘p11sak_key_extract_pubkey’ from ‘handle_key_pubkey_extract’ # 4193| if (elem->ulValueLen > 0 && elem->pValue == NULL) { # 4194| elem->pValue = calloc(elem->ulValueLen, 1); # 4195|-> if (elem->pValue == NULL) { # 4196| free_attr_array_attr(attr); # 4197| return CKR_HOST_MEMORY; Error: GCC_ANALYZER_WARNING (CWE-476): [#def83] opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10463:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘keytype’ opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10774:14: enter_function: entry to ‘handle_key_pubkey_extract’ opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10790:8: branch_false: following ‘false’ branch (when ‘class == 3’)... opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10793:9: branch_false: ...to here opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10793:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10798:10: branch_false: ...to here opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10798:8: branch_true: following ‘true’ branch... opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10825:10: branch_true: ...to here opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10825:10: call_function: calling ‘p11sak_key_extract_pubkey’ from ‘handle_key_pubkey_extract’ #10461| if (rc != CKR_OK) { #10462| warnx("Failed to add %s key attribute CKA_LABEL: 0x%lX: %s", #10463|-> keytype->name, rc, p11_get_ckr(rc)); #10464| goto done; #10465| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def84] opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10600:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘certtype’ opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10969:14: enter_function: entry to ‘handle_cert_pubkey_extract’ opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10986:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10991:10: branch_false: ...to here opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10991:8: branch_true: following ‘true’ branch... opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:11018:10: branch_true: ...to here opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:11018:10: call_function: calling ‘p11sak_cert_extract_pubkey’ from ‘handle_cert_pubkey_extract’ #10598| if (rc != CKR_OK) { #10599| warnx("Failed to add %s key attribute CKA_LABEL: 0x%lX: %s", #10600|-> certtype->name, rc, p11_get_ckr(rc)); #10601| goto done; #10602| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def85] opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10611:10: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘certtype’ opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10969:14: enter_function: entry to ‘handle_cert_pubkey_extract’ opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10986:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10991:10: branch_false: ...to here opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:10991:8: branch_true: following ‘true’ branch... opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:11018:10: branch_true: ...to here opencryptoki-3.24.0/usr/sbin/p11sak/p11sak.c:11018:10: call_function: calling ‘p11sak_cert_extract_pubkey’ from ‘handle_cert_pubkey_extract’ #10609| } #10610| #10611|-> rc = certtype->extract_x509_pubkey(certtype, &attrs, &num_attrs, cert, label); #10612| if (rc != CKR_OK) { #10613| warnx("Failed to extract public key from certificate object: 0x%lx: %s", Error: CPPCHECK_WARNING (CWE-476): [#def86] opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:1737: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: mk_type # 1735| case 'k': # 1736| mk_type = strdup(optarg); # 1737|-> if (strcmp(mk_type, "aes") == 0) { # 1738| masterkey = MK_AES; # 1739| } else if (strcmp(mk_type, "apka") == 0) { Error: GCC_ANALYZER_WARNING (CWE-688): [#def87] opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:1737:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘mk_type’ where non-null expected opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:1726:12: branch_true: following ‘true’ branch (when ‘opt != -1’)... opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:1728:9: branch_true: ...to here opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:1736:23: acquire_memory: this call could return NULL opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:1737:17: danger: argument 1 (‘mk_type’) from [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4) could be NULL where non-null expected # 1735| case 'k': # 1736| mk_type = strdup(optarg); # 1737|-> if (strcmp(mk_type, "aes") == 0) { # 1738| masterkey = MK_AES; # 1739| } else if (strcmp(mk_type, "apka") == 0) { Error: CPPCHECK_WARNING (CWE-476): [#def88] opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:1753: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: m_type # 1751| case 'm': # 1752| m_type = strdup(optarg); # 1753|-> if (strcmp(m_type, "v2objectsv3") == 0) { # 1754| m_version = 1; # 1755| } else if (strcmp(m_type, "keys") == 0) { Error: GCC_ANALYZER_WARNING (CWE-688): [#def89] opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:1753:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘m_type’ where non-null expected opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:1726:12: branch_true: following ‘true’ branch (when ‘opt != -1’)... opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:1728:9: branch_true: ...to here opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:1752:22: acquire_memory: this call could return NULL opencryptoki-3.24.0/usr/sbin/pkcscca/pkcscca.c:1753:17: danger: argument 1 (‘m_type’) from [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4) could be NULL where non-null expected # 1751| case 'm': # 1752| m_type = strdup(optarg); # 1753|-> if (strcmp(m_type, "v2objectsv3") == 0) { # 1754| m_version = 1; # 1755| } else if (strcmp(m_type, "keys") == 0) { Error: GCC_ANALYZER_WARNING (CWE-688): [#def90] opencryptoki-3.24.0/usr/sbin/pkcsicsf/pkcsicsf.c:684:13: warning[-Wanalyzer-null-argument]: use of NULL ‘tokenname’ where non-null expected opencryptoki-3.24.0/usr/sbin/pkcsicsf/pkcsicsf.c:539:11: release_memory: ‘buf_racfpwd’ is NULL opencryptoki-3.24.0/usr/sbin/pkcsicsf/pkcsicsf.c:622:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/sbin/pkcsicsf/pkcsicsf.c:626:9: branch_false: ...to here opencryptoki-3.24.0/usr/sbin/pkcsicsf/pkcsicsf.c:626:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/sbin/pkcsicsf/pkcsicsf.c:626:23: branch_false: ...to here opencryptoki-3.24.0/usr/sbin/pkcsicsf/pkcsicsf.c:630:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/sbin/pkcsicsf/pkcsicsf.c:634:9: branch_false: ...to here opencryptoki-3.24.0/usr/sbin/pkcsicsf/pkcsicsf.c:654:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/sbin/pkcsicsf/pkcsicsf.c:660:9: branch_false: ...to here opencryptoki-3.24.0/usr/sbin/pkcsicsf/pkcsicsf.c:660:8: branch_false: following ‘false’ branch... opencryptoki-3.24.0/usr/sbin/pkcsicsf/pkcsicsf.c:683:8: branch_true: following ‘true’ branch... opencryptoki-3.24.0/usr/sbin/pkcsicsf/pkcsicsf.c:684:13: branch_true: ...to here opencryptoki-3.24.0/usr/sbin/pkcsicsf/pkcsicsf.c:684:13: danger: argument 1 (‘tokenname’) NULL where non-null expected # 682| /* Add token(s) */ # 683| if (flags & CFG_ADD) { # 684|-> if (strcmp(tokenname, "all") == 0) { # 685| rc = retrieve_all(racfpwd); # 686| if (rc) { Error: GCC_ANALYZER_WARNING (CWE-789): [#def91] opencryptoki-3.24.0/usr/sbin/pkcstok_migrate/pkcstok_migrate.c:548:11: warning[-Wanalyzer-tainted-allocation-size]: use of attacker-controlled value ‘size + 4294967291’ as allocation size without upper-bounds checking opencryptoki-3.24.0/usr/sbin/pkcstok_migrate/pkcstok_migrate.c:1866:14: enter_function: entry to ‘count_objects’ opencryptoki-3.24.0/usr/sbin/pkcstok_migrate/pkcstok_migrate.c:1883:8: branch_false: following ‘false’ branch... branch_false: ...to here opencryptoki-3.24.0/usr/sbin/pkcstok_migrate/pkcstok_migrate.c:1890:12: branch_true: following ‘true’ branch... opencryptoki-3.24.0/usr/sbin/pkcstok_migrate/pkcstok_migrate.c:1891:13: branch_true: ...to here opencryptoki-3.24.0/usr/sbin/pkcstok_migrate/pkcstok_migrate.c:1893:15: call_function: calling ‘read_object’ from ‘count_objects’ # 546| /* Allocate buffer for obj */ # 547| size -= sizeof(CK_ULONG_32) + sizeof(CK_BBOOL); # 548|-> buf = malloc(size); # 549| if (!buf) { # 550| TRACE_ERROR("Cannot malloc %d bytes for object %s.\n", size, name);
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-34.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | opencryptoki-3.24.0-8.fc43 |
| store-results-to | /tmp/tmpo5x367h9/opencryptoki-3.24.0-8.fc43.tar.xz |
| time-created | 2025-04-25 14:46:16 |
| time-finished | 2025-04-25 14:50:54 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpo5x367h9/opencryptoki-3.24.0-8.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpo5x367h9/opencryptoki-3.24.0-8.fc43.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |