Error: GCC_ANALYZER_WARNING (CWE-401): [#def1] patch-2.8/lib/ialloc.h:57:10: warning[-Wanalyzer-malloc-leak]: leak of 'ximalloc(s + 1)' patch-2.8/lib/xmalloc.c:327:1: enter_function: entry to 'ximemdup0' patch-2.8/lib/xmalloc.c:329:18: call_function: calling 'ximalloc' from 'ximemdup0' # 55| imalloc (idx_t s) # 56| { # 57|-> return s <= SIZE_MAX ? malloc (s) : _gl_alloc_nomem (); # 58| } # 59| Error: GCC_ANALYZER_WARNING (CWE-401): [#def2] patch-2.8/lib/ialloc.h:57:10: warning[-Wanalyzer-malloc-leak]: leak of 'ximalloc(s)' patch-2.8/lib/xmalloc.c:318:1: enter_function: entry to 'ximemdup' patch-2.8/lib/xmalloc.c:320:10: call_function: calling 'ximalloc' from 'ximemdup' # 55| imalloc (idx_t s) # 56| { # 57|-> return s <= SIZE_MAX ? malloc (s) : _gl_alloc_nomem (); # 58| } # 59| Error: GCC_ANALYZER_WARNING (CWE-401): [#def3] patch-2.8/lib/ialloc.h:91:10: warning[-Wanalyzer-malloc-leak]: leak of 'xicalloc(s, 1)' patch-2.8/lib/xmalloc.c:287:1: enter_function: entry to 'xizalloc' patch-2.8/lib/xmalloc.c:289:10: call_function: calling 'xicalloc' from 'xizalloc' # 89| s = 0; # 90| } # 91|-> return calloc (n, s); # 92| } # 93| Error: GCC_ANALYZER_WARNING (CWE-457): [#def4] patch-2.8/lib/parse-datetime.c:1831:3: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '*<unknown>' patch-2.8/lib/parse-datetime.y:2404:1: enter_function: entry to 'parse_datetime' patch-2.8/lib/parse-datetime.y:2409:6: branch_false: following 'false' branch... patch-2.8/lib/parse-datetime.y:2411:13: branch_false: ...to here patch-2.8/lib/parse-datetime.y:2411:13: call_function: calling 'parse_datetime_body' from 'parse_datetime' # 1829| unconditionally makes the parser a bit smaller, and it avoids a # 1830| GCC warning that YYVAL may be used uninitialized. */ # 1831|-> yyval = yyvsp[1-yylen]; # 1832| # 1833| Error: GCC_ANALYZER_WARNING (CWE-401): [#def5] patch-2.8/lib/xmalloc.c:45:10: warning[-Wanalyzer-malloc-leak]: leak of 'xmalloc(n)' patch-2.8/lib/xmalloc.c:55:1: enter_function: entry to 'xcharalloc' patch-2.8/lib/xmalloc.c:57:10: call_function: calling 'xmalloc' from 'xcharalloc' # 43| xmalloc (size_t s) # 44| { # 45|-> return check_nonnull (malloc (s)); # 46| } # 47| Error: GCC_ANALYZER_WARNING (CWE-401): [#def6] patch-2.8/lib/xmalloc.c:45:10: warning[-Wanalyzer-malloc-leak]: leak of 'xmalloc(s)' patch-2.8/lib/xmalloc.c:312:1: enter_function: entry to 'xmemdup' patch-2.8/lib/xmalloc.c:314:10: call_function: calling 'xmalloc' from 'xmemdup' # 43| xmalloc (size_t s) # 44| { # 45|-> return check_nonnull (malloc (s)); # 46| } # 47| Error: GCC_ANALYZER_WARNING (CWE-401): [#def7] patch-2.8/lib/xmalloc.c:298:10: warning[-Wanalyzer-malloc-leak]: leak of 'xcalloc(s, 1)' patch-2.8/lib/xmalloc.c:281:1: enter_function: entry to 'xzalloc' patch-2.8/lib/xmalloc.c:283:10: call_function: calling 'xcalloc' from 'xzalloc' # 296| xcalloc (size_t n, size_t s) # 297| { # 298|-> return check_nonnull (calloc (n, s)); # 299| } # 300| Error: GCC_ANALYZER_WARNING (CWE-401): [#def8] patch-2.8/lib/xmalloc.c:314:10: warning[-Wanalyzer-malloc-leak]: leak of 'xmemdup(string, strlen(string) + 1)' patch-2.8/lib/xmalloc.c:337:1: enter_function: entry to 'xstrdup' patch-2.8/lib/xmalloc.c:339:10: call_function: calling 'xmemdup' from 'xstrdup' # 312| xmemdup (void const *p, size_t s) # 313| { # 314|-> return memcpy (xmalloc (s), p, s); # 315| } # 316| Error: GCC_ANALYZER_WARNING (CWE-401): [#def9] patch-2.8/src/../lib/diffseq.h:242:15: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>' patch-2.8/src/merge.c:505:1: enter_function: entry to 'compute_changes' patch-2.8/src/merge.c:513:6: branch_false: following 'false' branch... patch-2.8/src/merge.c:522:3: call_function: calling 'compareseq' from 'compute_changes' # 240| big_snake = true; # 241| fd[d] = x; # 242|-> if (odd && bmin <= d && d <= bmax && bd[d] <= x) # 243| { # 244| part->xmid = x; Error: GCC_ANALYZER_WARNING (CWE-401): [#def10] patch-2.8/src/../lib/diffseq.h:275:15: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>' patch-2.8/src/merge.c:505:1: enter_function: entry to 'compute_changes' patch-2.8/src/merge.c:513:6: branch_false: following 'false' branch... patch-2.8/src/merge.c:522:3: call_function: calling 'compareseq' from 'compute_changes' # 273| big_snake = true; # 274| bd[d] = x; # 275|-> if (!odd && fmin <= d && d <= fmax && x <= fd[d]) # 276| { # 277| part->xmid = x; Error: GCC_ANALYZER_WARNING (CWE-401): [#def11] patch-2.8/src/../lib/diffseq.h:406:26: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>' patch-2.8/src/merge.c:505:1: enter_function: entry to 'compute_changes' patch-2.8/src/merge.c:513:6: branch_false: following 'false' branch... patch-2.8/src/merge.c:522:3: call_function: calling 'compareseq' from 'compute_changes' # 404| /* Find backward diagonal that minimizes X + Y. */ # 405| OFFSET bxybest = OFFSET_MAX, bxbest; # 406|-> for (d = bmax; d >= bmin; d -= 2) # 407| { # 408| OFFSET x = MAX (xoff, bd[d]); Error: GCC_ANALYZER_WARNING (CWE-401): [#def12] patch-2.8/src/patch.c:935:17: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>' patch-2.8/src/patch.c:911:1: enter_function: entry to 'get_some_switches' patch-2.8/src/patch.c:914:12: branch_true: following 'true' branch (when 'optc >= 0')... patch-2.8/src/patch.c:915:9: branch_true: ...to here patch-2.8/src/patch.c:935:28: call_function: calling 'backup_file_name_option' from 'get_some_switches' patch-2.8/src/patch.c:935:28: return_function: returning to 'get_some_switches' from 'backup_file_name_option' patch-2.8/src/patch.c:935:17: danger: '<unknown>' leaks here; was allocated at [(8)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/7) # 933| break; # 934| case 'B': # 935|-> origprae = backup_file_name_option ("prefix"); # 936| break; # 937| case 'c': Error: GCC_ANALYZER_WARNING (CWE-401): [#def13] patch-2.8/src/patch.c:1847:3: warning[-Wanalyzer-malloc-leak]: leak of 'ximalloc((long int)((long unsigned int)tosize + 200))' patch-2.8/src/patch.c:1831:6: branch_true: following 'true' branch (when 'alloc' is non-NULL)... patch-2.8/src/patch.c:1832:5: branch_true: ...to here patch-2.8/src/patch.c:1836:11: branch_false: following 'false' branch (when 'to' is NULL)... patch-2.8/src/patch.c:1836:3: branch_false: ...to here patch-2.8/src/patch.c:1847:3: danger: 'ximalloc((long int)((long unsigned int)tosize + 200))' leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0) # 1845| undefer_signals (); # 1846| # 1847|-> files_to_output_tail = &f->next; # 1848| } # 1849| Error: CPPCHECK_WARNING (CWE-457): [#def14] patch-2.8/src/pch.c:986: warning[uninitvar]: Uninitialized variable: above_minimum # 984| /* The best of the filenames that create the fewest # 985| directories. */ # 986|-> i = best_name (p_name, above_minimum); # 987| } # 988| } Error: CPPCHECK_WARNING (CWE-457): [#def15] patch-2.8/src/pch.c:1759: error[legacyUninitvar]: Uninitialized variable: s # 1757| for (s = patchbuf; c_isblank (*s); s++) # 1758| continue; # 1759|-> if (invalid_line || !c_isdigit (*s)) # 1760| { # 1761| next_intuit_at(line_beginning,p_input_line); Error: CPPCHECK_WARNING (CWE-476): [#def16] patch-2.8/src/pch.c:2399: warning[nullPointerOutOfResources]: If resource allocation fails, then there is a possible null pointer dereference: ifp # 2397| if (!ifp) # 2398| pfatal ("can't open '%s'", output_name); # 2399|-> while (0 <= (c = getc (ifp))) # 2400| Fputc (c, ofp); # 2401| if (ferror (ifp) || fclose (ifp) < 0) Error: CPPCHECK_WARNING (CWE-476): [#def17] patch-2.8/src/pch.c:2401: warning[nullPointerOutOfResources]: If resource allocation fails, then there is a possible null pointer dereference: ifp # 2399| while (0 <= (c = getc (ifp))) # 2400| Fputc (c, ofp); # 2401|-> if (ferror (ifp) || fclose (ifp) < 0) # 2402| read_fatal (); # 2403| } Error: GCC_ANALYZER_WARNING (CWE-775): [#def18] patch-2.8/src/pch.c:2401:12: warning[-Wanalyzer-file-leak]: leak of FILE 'fopen(output_name, "r")' patch-2.8/src/pch.c:2308:1: enter_function: entry to 'do_ed_script' patch-2.8/src/pch.c:2315:8: branch_false: following 'false' branch... patch-2.8/src/pch.c:2324:12: branch_false: following 'false' branch... patch-2.8/src/pch.c:2326:17: branch_false: ...to here patch-2.8/src/pch.c:2327:12: branch_false: following 'false' branch (when 'tmpfp' is non-NULL)... branch_false: ...to here patch-2.8/src/pch.c:2334:28: call_function: calling 'get_line' from 'do_ed_script' patch-2.8/src/pch.c:2334:28: return_function: returning to 'do_ed_script' from 'get_line' patch-2.8/src/pch.c:2359:8: branch_false: following 'false' branch (when 'tmpfp' is non-NULL)... patch-2.8/src/pch.c:2362:5: branch_false: ...to here patch-2.8/src/pch.c:2365:8: branch_false: following 'false' branch... patch-2.8/src/pch.c:2369:9: branch_false: ...to here patch-2.8/src/pch.c:2375:8: branch_false: following 'false' branch... patch-2.8/src/pch.c:2377:5: branch_true: following 'true' branch... patch-2.8/src/pch.c:2378:28: branch_true: ...to here patch-2.8/src/pch.c:2386:8: branch_false: following 'false' branch... patch-2.8/src/pch.c:2388:9: branch_false: ...to here patch-2.8/src/pch.c:2388:8: branch_false: following 'false' branch... patch-2.8/src/pch.c:2393:8: branch_true: following 'true' branch (when 'ofp' is non-NULL)... patch-2.8/src/pch.c:2395:21: branch_true: ...to here patch-2.8/src/pch.c:2395:21: acquire_resource: opened here patch-2.8/src/pch.c:2397:12: branch_false: following 'false' branch... branch_false: ...to here patch-2.8/src/pch.c:2401:12: danger: 'fopen(output_name, "r")' leaks here; was opened at [(32)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/31) # 2399| while (0 <= (c = getc (ifp))) # 2400| Fputc (c, ofp); # 2401|-> if (ferror (ifp) || fclose (ifp) < 0) # 2402| read_fatal (); # 2403| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def19] patch-2.8/src/pch.c:2401:12: warning[-Wanalyzer-malloc-leak]: leak of 'fopen(output_name, "r")' patch-2.8/src/pch.c:2308:1: enter_function: entry to 'do_ed_script' patch-2.8/src/pch.c:2315:8: branch_false: following 'false' branch... patch-2.8/src/pch.c:2324:12: branch_false: following 'false' branch... patch-2.8/src/pch.c:2326:17: branch_false: ...to here patch-2.8/src/pch.c:2327:12: branch_false: following 'false' branch (when 'tmpfp' is non-NULL)... branch_false: ...to here patch-2.8/src/pch.c:2334:28: call_function: calling 'get_line' from 'do_ed_script' patch-2.8/src/pch.c:2334:28: return_function: returning to 'do_ed_script' from 'get_line' patch-2.8/src/pch.c:2359:8: branch_false: following 'false' branch (when 'tmpfp' is non-NULL)... patch-2.8/src/pch.c:2362:5: branch_false: ...to here patch-2.8/src/pch.c:2365:8: branch_false: following 'false' branch... patch-2.8/src/pch.c:2369:9: branch_false: ...to here patch-2.8/src/pch.c:2375:8: branch_false: following 'false' branch... patch-2.8/src/pch.c:2377:5: branch_true: following 'true' branch... patch-2.8/src/pch.c:2378:28: branch_true: ...to here patch-2.8/src/pch.c:2386:8: branch_false: following 'false' branch... patch-2.8/src/pch.c:2388:9: branch_false: ...to here patch-2.8/src/pch.c:2388:8: branch_false: following 'false' branch... patch-2.8/src/pch.c:2393:8: branch_true: following 'true' branch (when 'ofp' is non-NULL)... patch-2.8/src/pch.c:2395:21: branch_true: ...to here patch-2.8/src/pch.c:2395:21: acquire_memory: allocated here patch-2.8/src/pch.c:2397:12: branch_false: following 'false' branch... branch_false: ...to here patch-2.8/src/pch.c:2401:12: danger: 'fopen(output_name, "r")' leaks here; was allocated at [(32)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/31) # 2399| while (0 <= (c = getc (ifp))) # 2400| Fputc (c, ofp); # 2401|-> if (ferror (ifp) || fclose (ifp) < 0) # 2402| read_fatal (); # 2403| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def20] patch-2.8/src/safe.c:457:14: warning[-Wanalyzer-malloc-leak]: leak of 'dir' patch-2.8/src/safe.c:721:1: enter_function: entry to 'safe_access' patch-2.8/src/safe.c:723:15: call_function: inlined call to 'traverse_path' from 'safe_access' # 455| { # 456| errno = EILSEQ; # 457|-> return DIRFD_INVALID; # 458| } # 459| if (unsafe || last == path || IS_ABSOLUTE_FILE_NAME (path)) Error: GCC_ANALYZER_WARNING (CWE-401): [#def21] patch-2.8/src/util.c:534:14: warning[-Wanalyzer-malloc-leak]: leak of 'ximalloc(__real__ <unknown>)' patch-2.8/src/util.c:519:6: branch_true: following 'true' branch (when 'outfrom' is non-NULL)... patch-2.8/src/util.c:521:13: branch_true: ...to here patch-2.8/src/util.c:522:10: branch_true: following 'true' branch... patch-2.8/src/util.c:529:15: branch_true: ...to here patch-2.8/src/util.c:529:14: branch_false: following 'false' branch... patch-2.8/src/util.c:531:26: branch_false: ...to here patch-2.8/src/util.c:534:14: danger: 'ximalloc(__real__ <unknown>)' leaks here; was allocated at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6) # 532| # 533| int fd = safe_open (from, O_RDONLY | O_BINARY, 0); # 534|-> if (fd < 0) # 535| pfatal ("Can't reopen file %s", quotearg (from)); # 536|
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.86.0 |
| diffbase-analyzer-version-cppcheck | 2.17.1 |
| diffbase-analyzer-version-gcc | 15.0.1 |
| diffbase-analyzer-version-gcc-analyzer | 15.0.1 |
| diffbase-analyzer-version-shellcheck | 0.10.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-84.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | patch-2.7.6-26.fc42 |
| diffbase-store-results-to | /tmp/tmpk5mds760/patch-2.7.6-26.fc42.tar.xz |
| diffbase-time-created | 2025-04-25 14:45:51 |
| diffbase-time-finished | 2025-04-25 14:48:23 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpk5mds760/patch-2.7.6-26.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpk5mds760/patch-2.7.6-26.fc42.src.rpm' |
| diffbase-tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-84.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | patch-2.8-1.fc43 |
| store-results-to | /tmp/tmprtxc617x/patch-2.8-1.fc43.tar.xz |
| time-created | 2025-04-25 14:48:35 |
| time-finished | 2025-04-25 14:50:20 |
| title | Newly introduced findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmprtxc617x/patch-2.8-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmprtxc617x/patch-2.8-1.fc43.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |