Error: COMPILER_WARNING: [#def1] openssl-3.5.0/crypto/context.c:10:9: warning: '_GNU_SOURCE' redefined # 10 | #define _GNU_SOURCE /* needed for secure_getenv */ # | ^~~~~~~~~~~ <command-line>: note: this is the location of the previous definition # 8| */ # 9| # 10|-> #define _GNU_SOURCE /* needed for secure_getenv */ # 11| #include "crypto/cryptlib.h" # 12| #include <openssl/conf.h> Error: COMPILER_WARNING: [#def2] openssl-3.5.0/crypto/context.c:10:9: warning[warning]: '_GNU_SOURCE' redefined # 8| */ # 9| # 10|-> #define _GNU_SOURCE /* needed for secure_getenv */ # 11| #include "crypto/cryptlib.h" # 12| #include <openssl/conf.h> Error: GCC_ANALYZER_WARNING (CWE-476): [#def3] openssl-3.5.0/crypto/evp/skeymgmt_meth.c:24:13: warning[-Wanalyzer-null-dereference]: dereference of NULL 'skeymgmt' openssl-3.5.0/crypto/evp/skeymgmt_meth.c:20:7: enter_function: entry to 'evp_skeymgmt_generate' openssl-3.5.0/crypto/evp/skeymgmt_meth.c:22:21: call_function: calling 'EVP_SKEYMGMT_get0_provider' from 'evp_skeymgmt_generate' openssl-3.5.0/crypto/evp/skeymgmt_meth.c:22:21: return_function: returning to 'evp_skeymgmt_generate' from 'EVP_SKEYMGMT_get0_provider' openssl-3.5.0/crypto/evp/skeymgmt_meth.c:24:13: danger: dereference of NULL 'skeymgmt' # 22| void *provctx = ossl_provider_ctx(EVP_SKEYMGMT_get0_provider(skeymgmt)); # 23| # 24|-> return (skeymgmt->generate != NULL) ? skeymgmt->generate(provctx, params) : NULL; # 25| } # 26| Error: GCC_ANALYZER_WARNING (CWE-476): [#def4] openssl-3.5.0/crypto/evp/skeymgmt_meth.c:32:12: warning[-Wanalyzer-null-dereference]: dereference of NULL 'skeymgmt' openssl-3.5.0/crypto/evp/skeymgmt_meth.c:27:7: enter_function: entry to 'evp_skeymgmt_import' openssl-3.5.0/crypto/evp/skeymgmt_meth.c:29:21: call_function: calling 'EVP_SKEYMGMT_get0_provider' from 'evp_skeymgmt_import' openssl-3.5.0/crypto/evp/skeymgmt_meth.c:29:21: return_function: returning to 'evp_skeymgmt_import' from 'EVP_SKEYMGMT_get0_provider' openssl-3.5.0/crypto/evp/skeymgmt_meth.c:32:12: danger: dereference of NULL 'skeymgmt' # 30| # 31| /* This is mandatory, no need to check for its presence */ # 32|-> return skeymgmt->import(provctx, selection, params); # 33| } # 34| Error: CPPCHECK_WARNING (CWE-758): [#def5] openssl-3.5.0/crypto/ml_dsa/ml_dsa_key_compress.c:72: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 70| } else { # 71| r1 = (r1 * 11275 + (1 << 23)) >> 24; # 72|-> r1 ^= ((43 - r1) >> 31) & r1; # 73| return r1; # 74| } Error: CPPCHECK_WARNING (CWE-758): [#def6] openssl-3.5.0/crypto/ml_dsa/ml_dsa_key_compress.c:92: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 90| # 91| *r0 = r - *r1 * 2 * (int32_t)gamma2; # 92|-> *r0 -= (((int32_t)ML_DSA_Q_MINUS1_DIV2 - *r0) >> 31) & (int32_t)ML_DSA_Q; # 93| } # 94| Error: CPPCHECK_WARNING (CWE-190): [#def7] openssl-3.5.0/crypto/params.c:1273: error[floatConversionOverflow]: Undefined behaviour: float (4.29497e+09) to integer conversion overflow. # 1271| if (val >= 0 && val < d_pow_32) { # 1272| p->return_size = sizeof(uint32_t); # 1273|-> *(uint32_t *)p->data = (uint32_t)val; # 1274| return 1; # 1275| } Error: CPPCHECK_WARNING (CWE-190): [#def8] openssl-3.5.0/crypto/params.c:1281: error[floatConversionOverflow]: Undefined behaviour: float (1.84467e+19) to integer conversion overflow. # 1279| if (val >= 0 && val < d_pow_64) { # 1280| p->return_size = sizeof(uint64_t); # 1281|-> *(uint64_t *)p->data = (uint64_t)val; # 1282| return 1; # 1283| } Error: CPPCHECK_WARNING (CWE-457): [#def9] openssl-3.5.0/crypto/slh_dsa/slh_dsa.c:85: error[uninitvar]: Uninitialized variable: m_digest # 83| if (!WPACKET_init_static_len(wpkt, sig, sig_len_expected, 0)) # 84| return 0; # 85|-> if (!PACKET_buf_init(rpkt, m_digest, params->m)) # 86| return 0; # 87| Error: CPPCHECK_WARNING (CWE-457): [#def10] openssl-3.5.0/crypto/slh_dsa/slh_dsa.c:283: warning[uninitvar]: Uninitialized variable: m # 281| return 0; # 282| } # 283|-> ret = slh_sign_internal(slh_ctx, m, m_len, sig, siglen, sigsize, add_rand); # 284| if (m != msg && m != m_tmp) # 285| OPENSSL_free(m); Error: CPPCHECK_WARNING (CWE-457): [#def11] openssl-3.5.0/include/openssl/comp.h:66: warning[uninitvar]: Uninitialized variables: ptr.name, ptr.method # 64| typedef struct ssl_comp_st SSL_COMP; # 65| # 66|-> SKM_DEFINE_STACK_OF_INTERNAL(SSL_COMP, SSL_COMP, SSL_COMP) # 67| #define sk_SSL_COMP_num(sk) OPENSSL_sk_num(ossl_check_const_SSL_COMP_sk_type(sk)) # 68| #define sk_SSL_COMP_value(sk, idx) ((SSL_COMP *)OPENSSL_sk_value(ossl_check_const_SSL_COMP_sk_type(sk), (idx))) Error: CPPCHECK_WARNING (CWE-758): [#def12] openssl-3.5.0/providers/implementations/keymgmt/ml_kem_kmgmt.c:347: error[ctuPointerArith]: Pointer arithmetic overflow; 'seed' buffer size is 64 # 345| size_t zlen = ML_KEM_RANDOM_BYTES; # 346| # 347|-> if (memcmp(seed + ML_KEM_SEED_BYTES - zlen, # 348| prvenc + key->vinfo->prvkey_bytes - zlen, zlen) == 0) # 349| return 1; Error: CPPCHECK_WARNING (CWE-476): [#def13] openssl-3.5.0/providers/implementations/keymgmt/ml_kem_kmgmt.c:525: error[nullPointer]: Null pointer dereference: key # 523| goto err; # 524| /* Generate the key now, if it holds only a stashed seed. */ # 525|-> if (ossl_ml_kem_have_seed(key) # 526| && (encoded_dk == NULL # 527| || (key->prov_flags & ML_KEM_KEY_PREFER_SEED))) { Error: CPPCHECK_WARNING (CWE-457): [#def14] openssl-3.5.0/providers/implementations/signature/dsa_sig.c:404: warning[uninitvar]: Uninitialized variable: digest # 402| } # 403| # 404|-> return dsa_sign_directly(vpdsactx, sig, siglen, sigsize, digest, dlen); # 405| } # 406| Error: CPPCHECK_WARNING (CWE-457): [#def15] openssl-3.5.0/providers/implementations/signature/rsa_sig.c:883: warning[uninitvar]: Uninitialized variable: digest # 881| } # 882| # 883|-> return rsa_sign_directly(prsactx, sig, siglen, sigsize, digest, dlen); # 884| } # 885| Error: GCC_ANALYZER_WARNING (CWE-476): [#def16] openssl-3.5.0/ssl/quic/quic_port.c:539:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' openssl-3.5.0/ssl/quic/quic_port.c:526:8: branch_false: following 'false' branch... openssl-3.5.0/ssl/quic/quic_port.c:532:15: branch_false: ...to here openssl-3.5.0/ssl/quic/quic_port.c:532:15: branch_true: following 'true' branch (when 'tls' is NULL)... openssl-3.5.0/ssl/quic/quic_port.c:532:37: branch_true: ...to here openssl-3.5.0/ssl/quic/quic_port.c:532:5: release_memory: '0' is NULL openssl-3.5.0/ssl/quic/quic_port.c:539:9: danger: dereference of NULL '<unknown>' # 537| */ # 538| ch->use_qlog = 1; # 539|-> if (ch->tls->ctx->qlog_title != NULL) { # 540| if ((ch->qlog_title = OPENSSL_strdup(ch->tls->ctx->qlog_title)) == NULL) { # 541| OPENSSL_free(ch); Error: GCC_ANALYZER_WARNING (CWE-476): [#def17] openssl-3.5.0/ssl/quic/quic_reactor_wait_ctx.c:37:11: warning[-Wanalyzer-null-dereference]: dereference of NULL 'slot' openssl-3.5.0/ssl/quic/quic_reactor_wait_ctx.c:64:6: enter_function: entry to 'ossl_quic_reactor_wait_ctx_leave' openssl-3.5.0/ssl/quic/quic_reactor_wait_ctx.c:69:5: branch_false: following 'false' branch (when 'slot' is NULL)... openssl-3.5.0/ssl/quic/quic_reactor_wait_ctx.c:74:5: branch_false: ...to here openssl-3.5.0/ssl/quic/quic_reactor_wait_ctx.c:74:5: call_function: calling 'slot_deactivate' from 'ossl_quic_reactor_wait_ctx_leave' # 35| assert(slot->blocking_count > 0); # 36| # 37|-> if (--slot->blocking_count > 0) # 38| return; # 39| Error: GCC_ANALYZER_WARNING (CWE-476): [#def18] openssl-3.5.0/ssl/quic/quic_tls_api.c:146:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 'sc' openssl-3.5.0/ssl/quic/quic_tls_api.c:134:26: branch_false: following 'false' branch (when 's' is NULL)... openssl-3.5.0/ssl/quic/quic_tls_api.c:137:10: branch_false: ...to here openssl-3.5.0/ssl/quic/quic_tls_api.c:137:8: branch_false: following 'false' branch... openssl-3.5.0/ssl/quic/quic_tls_api.c:142:10: branch_false: ...to here openssl-3.5.0/ssl/quic/quic_tls_api.c:142:8: branch_false: following 'false' branch... openssl-3.5.0/ssl/quic/quic_tls_api.c:146:5: branch_false: ...to here openssl-3.5.0/ssl/quic/quic_tls_api.c:146:5: danger: dereference of NULL 'sc' # 144| return 0; # 145| # 146|-> sc->qtarg = arg; # 147| # 148| ossl_quic_tls_free(sc->qtls); Error: GCC_ANALYZER_WARNING (CWE-476): [#def19] openssl-3.5.0/ssl/quic/quic_tls_api.c:202:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'sc' openssl-3.5.0/ssl/quic/quic_tls_api.c:195:26: branch_false: following 'false' branch (when 's' is NULL)... openssl-3.5.0/ssl/quic/quic_tls_api.c:197:10: branch_false: ...to here openssl-3.5.0/ssl/quic/quic_tls_api.c:197:8: branch_false: following 'false' branch... openssl-3.5.0/ssl/quic/quic_tls_api.c:202:9: branch_false: ...to here openssl-3.5.0/ssl/quic/quic_tls_api.c:202:9: danger: dereference of NULL 'sc' # 200| } # 201| # 202|-> if (sc->qtls == NULL) { # 203| ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); # 204| return 0; Error: COMPILER_WARNING: [#def20] openssl-3.5.0/ssl/ssl_ciph.c:12:9: warning: '_GNU_SOURCE' redefined # 12 | #define _GNU_SOURCE # | ^~~~~~~~~~~ <command-line>: note: this is the location of the previous definition # 10| */ # 11| # 12|-> #define _GNU_SOURCE # 13| #include <stdio.h> # 14| #include <ctype.h> Error: COMPILER_WARNING: [#def21] openssl-3.5.0/ssl/ssl_ciph.c:12:9: warning[warning]: '_GNU_SOURCE' redefined # 10| */ # 11| # 12|-> #define _GNU_SOURCE # 13| #include <stdio.h> # 14| #include <ctype.h> Error: GCC_ANALYZER_WARNING (CWE-476): [#def22] openssl-3.5.0/test/lhash_test.c:201:19: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' openssl-3.5.0/test/lhash_test.c:198:12: enter_function: entry to 'int_foreach' openssl-3.5.0/test/lhash_test.c:200:15: call_function: inlined call to 'ossl_ht_test_int_from_value' from 'int_foreach' openssl-3.5.0/test/lhash_test.c:201:19: branch_true: ...to here openssl-3.5.0/test/lhash_test.c:201:19: danger: dereference of NULL '<unknown>' # 199| { # 200| int *vd = ossl_ht_test_int_from_value(v); # 201|-> const int n = int_find(*vd); # 202| # 203| if (n < 0) Error: GCC_ANALYZER_WARNING (CWE-476): [#def23] openssl-3.5.0/test/lhash_test.c:468:21: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' openssl-3.5.0/test/lhash_test.c:402:12: enter_function: entry to 'test_hashtable_stress' openssl-3.5.0/test/lhash_test.c:426:8: branch_false: following 'false' branch... openssl-3.5.0/test/lhash_test.c:432:5: branch_false: ...to here openssl-3.5.0/test/lhash_test.c:435:17: branch_true: following 'true' branch (when 'i != 2500000')... openssl-3.5.0/test/lhash_test.c:436:13: branch_true: ...to here openssl-3.5.0/test/lhash_test.c:437:12: branch_false: following 'false' branch... openssl-3.5.0/test/lhash_test.c:441:14: branch_false: ...to here openssl-3.5.0/test/lhash_test.c:443:14: call_function: calling 'ossl_ht_test_int_insert' from 'test_hashtable_stress' openssl-3.5.0/test/lhash_test.c:443:14: return_function: returning to 'test_hashtable_stress' from 'ossl_ht_test_int_insert' openssl-3.5.0/test/lhash_test.c:443:12: branch_false: following 'false' branch... openssl-3.5.0/test/lhash_test.c:435:24: branch_false: ...to here openssl-3.5.0/test/lhash_test.c:435:17: branch_true: following 'true' branch (when 'i != 2500000')... openssl-3.5.0/test/lhash_test.c:436:13: branch_true: ...to here openssl-3.5.0/test/lhash_test.c:437:12: branch_false: following 'false' branch... openssl-3.5.0/test/lhash_test.c:441:14: branch_false: ...to here openssl-3.5.0/test/lhash_test.c:443:14: call_function: calling 'ossl_ht_test_int_insert' from 'test_hashtable_stress' openssl-3.5.0/test/lhash_test.c:443:14: return_function: returning to 'test_hashtable_stress' from 'ossl_ht_test_int_insert' openssl-3.5.0/test/lhash_test.c:443:12: branch_false: following 'false' branch... openssl-3.5.0/test/lhash_test.c:435:24: branch_false: ...to here openssl-3.5.0/test/lhash_test.c:451:8: branch_false: following 'false' branch... branch_false: ...to here openssl-3.5.0/test/lhash_test.c:455:17: branch_true: following 'true' branch (when 'i != 2500000')... openssl-3.5.0/test/lhash_test.c:456:24: branch_true: ...to here openssl-3.5.0/test/lhash_test.c:467:16: branch_false: following 'false' branch... openssl-3.5.0/test/lhash_test.c:468:21: branch_false: ...to here openssl-3.5.0/test/lhash_test.c:468:21: danger: dereference of NULL 'ossl_ht_test_int_get(ossl_ht_new(&hash_conf), &key.key_header, & v)' # 466| case 1: # 467| if (!TEST_ptr(p = ossl_ht_test_int_get(h, TO_HT_KEY(&key), &v)) # 468|-> || !TEST_int_eq(*p, j)) { # 469| TEST_info("hashtable didn't get key %d\n", j); # 470| goto end; Error: GCC_ANALYZER_WARNING (CWE-688): [#def24] openssl-3.5.0/test/quicapitest.c:620:21: warning[-Wanalyzer-null-argument]: use of NULL 'tokenval' where non-null expected openssl-3.5.0/test/quicapitest.c:596:12: branch_true: following 'true' branch... openssl-3.5.0/test/quicapitest.c:599:9: branch_true: ...to here openssl-3.5.0/test/quicapitest.c:601:16: branch_false: following 'false' branch... branch_false: ...to here openssl-3.5.0/test/quicapitest.c:596:12: branch_true: following 'true' branch... openssl-3.5.0/test/quicapitest.c:599:9: branch_true: ...to here openssl-3.5.0/test/quicapitest.c:619:16: branch_true: following 'true' branch (when 'tmpstring' is non-NULL)... openssl-3.5.0/test/quicapitest.c:620:21: branch_true: ...to here openssl-3.5.0/test/quicapitest.c:620:21: danger: argument 2 ('tokenval') NULL where non-null expected # 618| tmpstring = strstr(buf, "Token: "); # 619| if (tmpstring != NULL # 620|-> && !strcmp(tmpstring, tokenval)) { # 621| state = SUCCESS; # 622| TEST_info("Matched next connection token %s\n", tmpstring); Error: GCC_ANALYZER_WARNING (CWE-476): [#def25] openssl-3.5.0/test/radix/quic_bindings.c:571:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 'rt' openssl-3.5.0/test/radix/main.c:22:12: enter_function: entry to 'test_script' openssl-3.5.0/test/radix/main.c:28:10: call_function: calling 'bindings_process_init' from 'test_script' # 569| return 0; # 570| # 571|-> set_override_bio_out(rt->debug_bio); # 572| set_override_bio_err(rt->debug_bio); # 573| return 1; Error: GCC_ANALYZER_WARNING (CWE-476): [#def26] openssl-3.5.0/test/radix/terp.c:770:23: warning[-Wanalyzer-jump-through-null]: jump through null pointer openssl-3.5.0/test/radix/quic_bindings.c:743:21: enter_function: entry to 'RADIX_THREAD_worker_main' openssl-3.5.0/test/radix/quic_bindings.c:755:18: call_function: calling 'RADIX_THREAD_worker_run' from 'RADIX_THREAD_worker_main' # 768| goto err; # 769| # 770|-> ret = v(&terp->fctx); # 771| # 772| if (terp->fctx.skip_rest) { Error: GCC_ANALYZER_WARNING (CWE-476): [#def27] openssl-3.5.0/test/sslapitest.c:8933:13: warning[-Wanalyzer-null-dereference]: dereference of NULL 'x509' openssl-3.5.0/test/sslapitest.c:8950:12: enter_function: entry to 'cert_cb' openssl-3.5.0/test/sslapitest.c:8958:8: branch_false: following 'false' branch... openssl-3.5.0/test/sslapitest.c:8962:15: branch_false: ...to here openssl-3.5.0/test/sslapitest.c:8962:15: branch_false: following 'false' branch... openssl-3.5.0/test/sslapitest.c:8977:15: branch_false: ...to here openssl-3.5.0/test/sslapitest.c:8977:15: branch_true: following 'true' branch... openssl-3.5.0/test/sslapitest.c:8980:17: branch_true: ...to here openssl-3.5.0/test/sslapitest.c:8981:12: branch_false: following 'false' branch... openssl-3.5.0/test/sslapitest.c:8982:17: branch_false: ...to here openssl-3.5.0/test/sslapitest.c:8982:17: call_function: calling 'load_chain' from 'cert_cb' # 8931| goto out; # 8932| if (chain == NULL) # 8933|-> *x509 = x; # 8934| else if (!sk_X509_push(chain, x)) # 8935| goto out;
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.86.0 |
| diffbase-analyzer-version-cppcheck | 2.17.1 |
| diffbase-analyzer-version-gcc | 15.0.1 |
| diffbase-analyzer-version-gcc-analyzer | 15.0.1 |
| diffbase-analyzer-version-shellcheck | 0.10.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-216.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | openssl-3.2.4-3.fc42 |
| diffbase-store-results-to | /tmp/tmpsn0kasvf/openssl-3.2.4-3.fc42.tar.xz |
| diffbase-time-created | 2025-04-25 14:39:51 |
| diffbase-time-finished | 2025-04-25 15:11:20 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpsn0kasvf/openssl-3.2.4-3.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpsn0kasvf/openssl-3.2.4-3.fc42.src.rpm' |
| diffbase-tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-216.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | openssl-3.5.0-3.fc43 |
| store-results-to | /tmp/tmpvokizq7y/openssl-3.5.0-3.fc43.tar.xz |
| time-created | 2025-04-25 15:11:50 |
| time-finished | 2025-04-25 15:51:53 |
| title | Newly introduced findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpvokizq7y/openssl-3.5.0-3.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpvokizq7y/openssl-3.5.0-3.fc43.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |