Error: COMPILER_WARNING (CWE-457): [#def1] patch-2.7.6/lib/diffseq.h:425:36: warning[-Wmaybe-uninitialized]: 'fxbest' may be used uninitialized # 425 | part->ymid = fxybest - fxbest; # | ~~~~~~~~^~~~~~~~ patch-2.7.6/lib/diffseq.h: scope_hint: In function 'compareseq' patch-2.7.6/lib/diffseq.h:381:18: note: 'fxbest' was declared here # 381 | OFFSET fxbest IF_LINT (= 0); # | ^~~~~~ # 423| { # 424| part->xmid = fxbest; # 425|-> part->ymid = fxybest - fxbest; # 426| part->lo_minimal = true; # 427| part->hi_minimal = false; Error: COMPILER_WARNING (CWE-457): [#def2] patch-2.7.6/lib/diffseq.h:432:36: warning[-Wmaybe-uninitialized]: 'bxbest' may be used uninitialized # 432 | part->ymid = bxybest - bxbest; # | ~~~~~~~~^~~~~~~~ patch-2.7.6/lib/diffseq.h: scope_hint: In function 'compareseq' patch-2.7.6/lib/diffseq.h:383:18: note: 'bxbest' was declared here # 383 | OFFSET bxbest IF_LINT (= 0); # | ^~~~~~ # 430| { # 431| part->xmid = bxbest; # 432|-> part->ymid = bxybest - bxbest; # 433| part->lo_minimal = false; # 434| part->hi_minimal = true; Error: GCC_ANALYZER_WARNING (CWE-686): [#def3] patch-2.7.6/lib/fcntl.c:408:15: warning[-Wanalyzer-va-arg-type-mismatch]: 'va_arg' expected 'void *' but received 'int' for variadic argument 1 of 'arg' patch-2.7.6/lib/./fcntl.h:543:1: enter_function: entry to 'rpl_fcntl' patch-2.7.6/lib/fcntl.c:281:3: branch_true: following 'true' branch (when 'action == 1030')... patch-2.7.6/lib/fcntl.c:324:5: branch_true: ...to here patch-2.7.6/lib/fcntl.c:340:12: branch_false: following 'false' branch... patch-2.7.6/lib/fcntl.c:360:20: branch_false: ...to here patch-2.7.6/lib/fcntl.c:360:20: call_function: calling 'rpl_fcntl' from 'rpl_fcntl' with 1 variadic argument # 406| { # 407| #if HAVE_FCNTL # 408|-> void *p = va_arg (arg, void *); # 409| result = fcntl (fd, action, p); # 410| #else Error: CPPCHECK_WARNING (CWE-457): [#def4] patch-2.7.6/lib/gl_anylinked_list2.h:932: error[uninitvar]: Uninitialized variables: result.count, result.i, result.j # 930| #endif # 931| # 932|-> return result; # 933| } # 934| Error: GCC_ANALYZER_WARNING (CWE-457): [#def5] patch-2.7.6/lib/gl_anylinked_list2.h:932:10: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'result.count' # 930| #endif # 931| # 932|-> return result; # 933| } # 934| Error: CPPCHECK_WARNING (CWE-457): [#def6] patch-2.7.6/lib/gl_anylinked_list2.h:1003: warning[uninitvar]: Uninitialized variables: result.count, result.i, result.j # 1001| #endif # 1002| # 1003|-> return result; # 1004| } # 1005| Error: GCC_ANALYZER_WARNING (CWE-457): [#def7] patch-2.7.6/lib/gl_anylinked_list2.h:1003:10: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'result.count' patch-2.7.6/lib/gl_anylinked_list2.h:942:6: branch_false: following 'false' branch... patch-2.7.6/lib/gl_anylinked_list2.h:1003:10: danger: use of uninitialized value 'result.count' here # 1001| #endif # 1002| # 1003|-> return result; # 1004| } # 1005| Error: GCC_ANALYZER_WARNING (CWE-401): [#def8] patch-2.7.6/lib/malloca.c:65:11: warning[-Wanalyzer-malloc-leak]: leak of 'mem' patch-2.7.6/lib/malloca.c:50:6: branch_true: following 'true' branch (when 'n <= nplus')... patch-2.7.6/lib/malloca.c:52:28: branch_true: ...to here patch-2.7.6/lib/malloca.c:52:28: acquire_memory: allocated here patch-2.7.6/lib/malloca.c:54:10: branch_true: following 'true' branch (when 'mem' is non-NULL)... patch-2.7.6/lib/malloca.c:57:24: branch_true: ...to here patch-2.7.6/lib/malloca.c:65:11: danger: 'mem' leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) # 63| So, the memory range [p, p+n) lies in the allocated memory range # 64| [mem, mem + nplus). */ # 65|-> ((small_t *) p)[-1] = p - mem; # 66| /* p ≡ sa_alignment_max mod 2*sa_alignment_max. */ # 67| return p; Error: CPPCHECK_WARNING (CWE-401): [#def9] patch-2.7.6/lib/malloca.c:67: error[memleak]: Memory leak: mem # 65| ((small_t *) p)[-1] = p - mem; # 66| /* p ≡ sa_alignment_max mod 2*sa_alignment_max. */ # 67|-> return p; # 68| } # 69| } Error: CPPCHECK_WARNING (CWE-562): [#def10] patch-2.7.6/lib/mktime.c:258: error[returnDanglingLifetime]: Returning pointer to local variable 'x' that will be invalid when returning. # 256| { # 257| time_t x = t; # 258|-> return convert (&x, tm); # 259| } # 260| Error: GCC_ANALYZER_WARNING (CWE-457): [#def11] patch-2.7.6/lib/parse-datetime.c:1894:3: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '*(__time_t *)<unknown>' patch-2.7.6/lib/parse-datetime.y:1736:1: enter_function: entry to 'parse_datetime2' patch-2.7.6/lib/parse-datetime.y:1813:6: branch_false: following 'false' branch... patch-2.7.6/lib/parse-datetime.y:1819:7: branch_false: ...to here patch-2.7.6/lib/parse-datetime.y:1825:6: branch_false: following 'false' branch... patch-2.7.6/lib/parse-datetime.y:1831:3: branch_false: ...to here patch-2.7.6/lib/parse-datetime.y:1869:23: branch_true: following 'true' branch (when 'quarter != 4')... patch-2.7.6/lib/parse-datetime.y:1872:13: branch_true: ...to here patch-2.7.6/lib/parse-datetime.y:1921:7: call_function: calling 'yyparse' from 'parse_datetime2' # 1892| unconditionally makes the parser a bit smaller, and it avoids a # 1893| GCC warning that YYVAL may be used uninitialized. */ # 1894|-> yyval = yyvsp[1-yylen]; # 1895| # 1896| Error: GCC_ANALYZER_WARNING (CWE-126): [#def12] patch-2.7.6/lib/parse-datetime.y:389:5: warning[-Wanalyzer-out-of-bounds]: buffer over-read patch-2.7.6/lib/parse-datetime.y:432:1: enter_function: entry to 'debug_print_current_time' patch-2.7.6/lib/parse-datetime.y:442:6: branch_true: following 'true' branch... patch-2.7.6/lib/parse-datetime.y:442:26: branch_true: ...to here patch-2.7.6/lib/parse-datetime.y:442:7: branch_false: following 'false' branch... patch-2.7.6/lib/parse-datetime.y:445:7: branch_false: ...to here patch-2.7.6/lib/parse-datetime.y:451:6: branch_false: following 'false' branch... patch-2.7.6/lib/parse-datetime.y:461:7: branch_false: ...to here patch-2.7.6/lib/parse-datetime.y:478:6: branch_true: following 'true' branch... patch-2.7.6/lib/parse-datetime.y:478:25: branch_true: ...to here patch-2.7.6/lib/parse-datetime.y:478:7: branch_false: following 'false' branch... patch-2.7.6/lib/parse-datetime.y:480:10: branch_false: ...to here patch-2.7.6/lib/parse-datetime.y:480:10: branch_true: following 'true' branch (when 'space != 0')... patch-2.7.6/lib/parse-datetime.y:481:9: branch_true: ...to here patch-2.7.6/lib/parse-datetime.y:483:7: call_function: calling 'str_days' from 'debug_print_current_time' # 387| /* Add the day name */ # 388| if (0 <= pc->day_number && pc->day_number <= 6 && 0 <= len && len < n) # 389|-> snprintf (buffer + len, n - len, &" %s"[len == 0], # 390| days_values[pc->day_number]); # 391| else Error: GCC_ANALYZER_WARNING (CWE-126): [#def13] patch-2.7.6/lib/parse-datetime.y:464:7: warning[-Wanalyzer-out-of-bounds]: buffer over-read patch-2.7.6/lib/parse-datetime.y:451:6: branch_false: following 'false' branch... patch-2.7.6/lib/parse-datetime.y:461:7: branch_false: ...to here patch-2.7.6/lib/parse-datetime.y:461:6: branch_true: following 'true' branch... patch-2.7.6/lib/parse-datetime.y:461:26: branch_true: ...to here patch-2.7.6/lib/parse-datetime.y:461:7: branch_false: following 'false' branch... patch-2.7.6/lib/parse-datetime.y:463:16: branch_false: ...to here patch-2.7.6/lib/parse-datetime.y:464:7: danger: out-of-bounds read at byte 19 but '" %02ld:%02ld:%02ld"' ends at byte 19 # 462| { # 463| intmax_t sec = pc->seconds.tv_sec; # 464|-> fprintf (stderr, &" %02"PRIdMAX":%02"PRIdMAX":%02"PRIdMAX[!space], # 465| pc->hour, pc->minutes, sec); # 466| if (pc->seconds.tv_nsec != 0) Error: GCC_ANALYZER_WARNING (CWE-126): [#def14] patch-2.7.6/lib/parse-datetime.y:494:7: warning[-Wanalyzer-out-of-bounds]: buffer over-read patch-2.7.6/lib/parse-datetime.y:451:6: branch_false: following 'false' branch... patch-2.7.6/lib/parse-datetime.y:461:7: branch_false: ...to here patch-2.7.6/lib/parse-datetime.y:492:6: branch_true: following 'true' branch... patch-2.7.6/lib/parse-datetime.y:492:32: branch_true: ...to here patch-2.7.6/lib/parse-datetime.y:492:7: branch_false: following 'false' branch... patch-2.7.6/lib/parse-datetime.y:495:33: branch_false: ...to here patch-2.7.6/lib/parse-datetime.y:494:7: danger: out-of-bounds read at byte 12 but '" isdst=%d%s"' ends at byte 12 # 492| if (pc->local_zones_seen && !pc->debug_local_zones_seen) # 493| { # 494|-> fprintf (stderr, &" isdst=%d%s"[!space], # 495| pc->local_isdst, pc->dsts_seen ? " DST" : ""); # 496| pc->debug_local_zones_seen = true; Error: GCC_ANALYZER_WARNING (CWE-126): [#def15] patch-2.7.6/lib/parse-datetime.y:527:3: warning[-Wanalyzer-out-of-bounds]: buffer over-read patch-2.7.6/lib/parse-datetime.y:532:1: enter_function: entry to 'debug_print_relative_time' patch-2.7.6/lib/parse-datetime.y:551:11: call_function: inlined call to 'print_rel_part' from 'debug_print_relative_time' branch_false: ...to here patch-2.7.6/lib/parse-datetime.y:551:11: call_function: inlined call to 'print_rel_part' from 'debug_print_relative_time' # 525| if (val == 0) # 526| return space; # 527|-> fprintf (stderr, &" %+"PRIdMAX" %s"[!space], val, name); # 528| return true; # 529| } Error: GCC_ANALYZER_WARNING (CWE-127): [#def16] patch-2.7.6/lib/parse-datetime.y:844:19: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read patch-2.7.6/lib/parse-datetime.y:1736:1: enter_function: entry to 'parse_datetime2' patch-2.7.6/lib/parse-datetime.y:1813:6: branch_false: following 'false' branch... patch-2.7.6/lib/parse-datetime.y:1819:7: branch_false: ...to here patch-2.7.6/lib/parse-datetime.y:1825:6: branch_false: following 'false' branch... patch-2.7.6/lib/parse-datetime.y:1831:3: branch_false: ...to here patch-2.7.6/lib/parse-datetime.y:1869:23: branch_true: following 'true' branch (when 'quarter != 4')... patch-2.7.6/lib/parse-datetime.y:1872:13: branch_true: ...to here patch-2.7.6/lib/parse-datetime.y:1921:7: call_function: calling 'yyparse' from 'parse_datetime2' # 842| { # 843| /* E.g., 17-JUN-1992. */ # 844|-> pc->day = $1.value; # 845| pc->month = $2; # 846| if (INT_SUBTRACT_WRAPV (0, $3.value, &pc->year.value)) YYABORT; Error: GCC_ANALYZER_WARNING (CWE-457): [#def17] patch-2.7.6/lib/parse-datetime.y:845:21: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '(((char *)yyvsp + 16))[329406144173384849].intval' patch-2.7.6/lib/parse-datetime.y:1736:1: enter_function: entry to 'parse_datetime2' patch-2.7.6/lib/parse-datetime.y:1813:6: branch_false: following 'false' branch... patch-2.7.6/lib/parse-datetime.y:1819:7: branch_false: ...to here patch-2.7.6/lib/parse-datetime.y:1825:6: branch_false: following 'false' branch... patch-2.7.6/lib/parse-datetime.y:1831:3: branch_false: ...to here patch-2.7.6/lib/parse-datetime.y:1869:23: branch_true: following 'true' branch (when 'quarter != 4')... patch-2.7.6/lib/parse-datetime.y:1872:13: branch_true: ...to here patch-2.7.6/lib/parse-datetime.y:1921:7: call_function: calling 'yyparse' from 'parse_datetime2' # 843| /* E.g., 17-JUN-1992. */ # 844| pc->day = $1.value; # 845|-> pc->month = $2; # 846| if (INT_SUBTRACT_WRAPV (0, $3.value, &pc->year.value)) YYABORT; # 847| pc->year.digits = $3.digits; Error: GCC_ANALYZER_WARNING (CWE-127): [#def18] patch-2.7.6/lib/parse-datetime.y:886:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read patch-2.7.6/lib/parse-datetime.y:1736:1: enter_function: entry to 'parse_datetime2' patch-2.7.6/lib/parse-datetime.y:1813:6: branch_false: following 'false' branch... patch-2.7.6/lib/parse-datetime.y:1819:7: branch_false: ...to here patch-2.7.6/lib/parse-datetime.y:1825:6: branch_false: following 'false' branch... patch-2.7.6/lib/parse-datetime.y:1831:3: branch_false: ...to here patch-2.7.6/lib/parse-datetime.y:1869:23: branch_true: following 'true' branch (when 'quarter != 4')... patch-2.7.6/lib/parse-datetime.y:1872:13: branch_true: ...to here patch-2.7.6/lib/parse-datetime.y:1921:7: call_function: calling 'yyparse' from 'parse_datetime2' # 884| { # 885| /* ISO 8601 format. YYYY-MM-DD. */ # 886|-> pc->year = $1; # 887| if (INT_SUBTRACT_WRAPV (0, $2.value, &pc->month)) YYABORT; # 888| if (INT_SUBTRACT_WRAPV (0, $3.value, &pc->day)) YYABORT; Error: GCC_ANALYZER_WARNING (CWE-457): [#def19] patch-2.7.6/lib/parse-datetime.y:887:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '(((char *)yyvsp + 16))[329406144173384849].textintval.value' patch-2.7.6/lib/parse-datetime.y:1736:1: enter_function: entry to 'parse_datetime2' patch-2.7.6/lib/parse-datetime.y:1813:6: branch_false: following 'false' branch... patch-2.7.6/lib/parse-datetime.y:1819:7: branch_false: ...to here patch-2.7.6/lib/parse-datetime.y:1825:6: branch_false: following 'false' branch... patch-2.7.6/lib/parse-datetime.y:1831:3: branch_false: ...to here patch-2.7.6/lib/parse-datetime.y:1869:23: branch_true: following 'true' branch (when 'quarter != 4')... patch-2.7.6/lib/parse-datetime.y:1872:13: branch_true: ...to here patch-2.7.6/lib/parse-datetime.y:1921:7: call_function: calling 'yyparse' from 'parse_datetime2' # 885| /* ISO 8601 format. YYYY-MM-DD. */ # 886| pc->year = $1; # 887|-> if (INT_SUBTRACT_WRAPV (0, $2.value, &pc->month)) YYABORT; # 888| if (INT_SUBTRACT_WRAPV (0, $3.value, &pc->day)) YYABORT; # 889| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def20] patch-2.7.6/lib/time_rz.c:246:9: warning[-Wanalyzer-malloc-leak]: leak of 'set_tz(tz)' patch-2.7.6/lib/./time.h:753:1: enter_function: entry to 'mktime_z' patch-2.7.6/lib/time_rz.c:308:6: branch_false: following 'false' branch (when 'tz' is non-NULL)... patch-2.7.6/lib/time_rz.c:312:27: branch_false: ...to here patch-2.7.6/lib/time_rz.c:312:27: call_function: calling 'set_tz' from 'mktime_z' patch-2.7.6/lib/time_rz.c:312:27: return_function: returning to 'mktime_z' from 'set_tz' patch-2.7.6/lib/time_rz.c:313:10: branch_true: following 'true' branch... patch-2.7.6/lib/time_rz.c:315:22: branch_true: ...to here patch-2.7.6/lib/time_rz.c:319:14: branch_false: following 'false' branch... patch-2.7.6/lib/time_rz.c:320:20: branch_false: ...to here patch-2.7.6/lib/time_rz.c:246:9: danger: 'set_tz(tz)' leaks here; was allocated at [(8)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/7) # 244| char *env_tz = getenv_TZ (); # 245| if (env_tz # 246|-> ? tz->tz_is_set && strcmp (tz->abbrs, env_tz) == 0 # 247| : !tz->tz_is_set) # 248| return local_tz; Error: COMPILER_WARNING: [#def21] patch-2.7.6/lib/utimens.c: scope_hint: In function 'fdutimens' patch-2.7.6/lib/utimens.c:383:17: warning[-Wstringop-overflow=]: 'update_timespec' accessing 16 bytes in a region of size 8 # 383 | if (ts && update_timespec (&st, &ts)) # | ^~~~~~~~~~~~~~~~~~~~~~~~~~ patch-2.7.6/lib/utimens.c:383:17: note: referencing argument 2 of type 'struct timespec *[2]' patch-2.7.6/lib/utimens.c:134:1: note: in a call to function 'update_timespec' # 134 | update_timespec (struct stat const *statbuf, struct timespec *ts[2]) # | ^~~~~~~~~~~~~~~ # 381| && (fd < 0 ? stat (file, &st) : fstat (fd, &st))) # 382| return -1; # 383|-> if (ts && update_timespec (&st, &ts)) # 384| return 0; # 385| } Error: COMPILER_WARNING: [#def22] patch-2.7.6/lib/utimens.c:383:17: warning[-Wstringop-overflow=]: 'update_timespec' accessing 16 bytes in a region of size 8 # 381| && (fd < 0 ? stat (file, &st) : fstat (fd, &st))) # 382| return -1; # 383|-> if (ts && update_timespec (&st, &ts)) # 384| return 0; # 385| } Error: COMPILER_WARNING: [#def23] patch-2.7.6/lib/utimens.c: scope_hint: In function 'lutimens' patch-2.7.6/lib/utimens.c:596:17: warning[-Wstringop-overflow=]: 'update_timespec' accessing 16 bytes in a region of size 8 # 596 | if (ts && update_timespec (&st, &ts)) # | ^~~~~~~~~~~~~~~~~~~~~~~~~~ patch-2.7.6/lib/utimens.c:596:17: note: referencing argument 2 of type 'struct timespec *[2]' patch-2.7.6/lib/utimens.c:134:1: note: in a call to function 'update_timespec' # 134 | update_timespec (struct stat const *statbuf, struct timespec *ts[2]) # | ^~~~~~~~~~~~~~~ # 594| if (adjustment_needed != 3 && lstat (file, &st)) # 595| return -1; # 596|-> if (ts && update_timespec (&st, &ts)) # 597| return 0; # 598| } Error: COMPILER_WARNING: [#def24] patch-2.7.6/lib/utimens.c:596:17: warning[-Wstringop-overflow=]: 'update_timespec' accessing 16 bytes in a region of size 8 # 594| if (adjustment_needed != 3 && lstat (file, &st)) # 595| return -1; # 596|-> if (ts && update_timespec (&st, &ts)) # 597| return 0; # 598| } Error: CPPCHECK_WARNING (CWE-476): [#def25] patch-2.7.6/lib/wait-process.c:156: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: new_slaves # 154| xalloc_die (); # 155| } # 156|-> memcpy (new_slaves, old_slaves, # 157| slaves_allocated * sizeof (slaves_entry_t)); # 158| slaves = new_slaves; Error: CPPCHECK_WARNING (CWE-476): [#def26] patch-2.7.6/lib/wait-process.c:168: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: slaves # 166| new slave and its 'used' bit have been written to the memory locations # 167| that make up slaves[slaves_count]. */ # 168|-> slaves[slaves_count].child = child; # 169| slaves[slaves_count].used = 1; # 170| slaves_count++; Error: CPPCHECK_WARNING (CWE-476): [#def27] patch-2.7.6/lib/wait-process.c:169: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: slaves # 167| that make up slaves[slaves_count]. */ # 168| slaves[slaves_count].child = child; # 169|-> slaves[slaves_count].used = 1; # 170| slaves_count++; # 171| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def28] patch-2.7.6/lib/wait-process.c:170:3: warning[-Wanalyzer-malloc-leak]: leak of 'new_slaves' patch-2.7.6/lib/wait-process.c:138:6: branch_true: following 'true' branch... patch-2.7.6/lib/wait-process.c:143:23: branch_true: ...to here patch-2.7.6/lib/wait-process.c:147:9: acquire_memory: allocated here patch-2.7.6/lib/wait-process.c:148:10: branch_false: following 'false' branch (when 'new_slaves' is non-NULL)... patch-2.7.6/lib/wait-process.c:157:15: branch_false: ...to here patch-2.7.6/lib/wait-process.c:170:3: danger: 'new_slaves' leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) # 168| slaves[slaves_count].child = child; # 169| slaves[slaves_count].used = 1; # 170|-> slaves_count++; # 171| } # 172| Error: GCC_ANALYZER_WARNING (CWE-457): [#def29] patch-2.7.6/src/../lib/diffseq.h:424:15: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'fxbest' patch-2.7.6/src/merge.c:551:1: enter_function: entry to 'compute_changes' patch-2.7.6/src/merge.c:568:3: call_function: calling 'compareseq' from 'compute_changes' # 422| if ((xlim + ylim) - bxybest < fxybest - (xoff + yoff)) # 423| { # 424|-> part->xmid = fxbest; # 425| part->ymid = fxybest - fxbest; # 426| part->lo_minimal = true; Error: GCC_ANALYZER_WARNING (CWE-457): [#def30] patch-2.7.6/src/../lib/diffseq.h:431:15: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'bxbest' patch-2.7.6/src/merge.c:551:1: enter_function: entry to 'compute_changes' patch-2.7.6/src/merge.c:568:3: call_function: calling 'compareseq' from 'compute_changes' # 429| else # 430| { # 431|-> part->xmid = bxbest; # 432| part->ymid = bxybest - bxbest; # 433| part->lo_minimal = false; Error: COMPILER_WARNING (CWE-477): [#def31] patch-2.7.6/src/./common.h:89:1: warning[-Wdeprecated-declarations]: 'security_context_t' is deprecated # 87| XTERN int invc; # 88| XTERN struct stat instat; # 89|-> XTERN security_context_t incontext; # 90| XTERN bool dry_run; # 91| XTERN bool posixly_correct; Error: COMPILER_WARNING (CWE-477): [#def32] patch-2.7.6/src/./util.h:47:80: warning[-Wdeprecated-declarations]: 'security_context_t' is deprecated # 45| char *savestr (char const *); # 46| char const *version_controller (char const *, bool, struct stat const *, char **, char **); # 47|-> bool version_get (char const *, char const *, bool, bool, char const *, struct stat *, security_context_t *); # 48| int create_file (char const *, int, mode_t, bool); # 49| int systemic (char const *); Error: COMPILER_WARNING (CWE-477): [#def33] patch-2.7.6/src/./util.h:70:37: warning[-Wdeprecated-declarations]: 'security_context_t' is deprecated # 68| void set_queued_output (struct stat const *, bool); # 69| bool has_queued_output (struct stat const *); # 70|-> int stat_file (char const *, struct stat *, security_context_t *); # 71| bool filename_is_safe (char const *) _GL_ATTRIBUTE_PURE; # 72| bool cwd_is_root (char const *); Error: COMPILER_WARNING (CWE-477): [#def34] patch-2.7.6/src/util.c:22: included_from: Included from here. patch-2.7.6/src/common.h:89:1: warning[-Wdeprecated-declarations]: 'security_context_t' is deprecated # 89 | XTERN security_context_t incontext; # | ^~~~~ # 87| XTERN int invc; # 88| XTERN struct stat instat; # 89|-> XTERN security_context_t incontext; # 90| XTERN bool dry_run; # 91| XTERN bool posixly_correct; Error: COMPILER_WARNING (CWE-477): [#def35] patch-2.7.6/src/common.h:89:1: warning[-Wdeprecated-declarations]: 'security_context_t' is deprecated # 87| XTERN int invc; # 88| XTERN struct stat instat; # 89|-> XTERN security_context_t incontext; # 90| XTERN bool dry_run; # 91| XTERN bool posixly_correct; Error: CPPCHECK_WARNING (CWE-401): [#def36] patch-2.7.6/src/inp.c:234: error[memleak]: Memory leak: buffer # 232| if (! (size == instat.st_size # 233| && (buffer = malloc (size ? size : (size_t) 1)))) # 234|-> return false; # 235| # 236| /* Read the input file, but don't bother reading it if it's empty. Error: GCC_ANALYZER_WARNING (CWE-688): [#def37] patch-2.7.6/src/patch.c:386:32: warning[-Wanalyzer-null-argument]: use of NULL 'outname' where non-null expected patch-2.7.6/src/patch.c:114:1: enter_function: entry to 'main' patch-2.7.6/src/patch.c:161:5: call_function: calling 'init_files_to_delete' from 'main' patch-2.7.6/src/patch.c:161:5: return_function: returning to 'main' from 'init_files_to_delete' patch-2.7.6/src/patch.c:162:5: call_function: calling 'init_files_to_output' from 'main' patch-2.7.6/src/patch.c:162:5: return_function: returning to 'main' from 'init_files_to_output' patch-2.7.6/src/patch.c:201:33: branch_true: following 'true' branch... patch-2.7.6/src/patch.c:201:43: branch_true: ...to here patch-2.7.6/src/patch.c:201:33: branch_false: following 'false' branch... patch-2.7.6/src/patch.c:201:9: branch_false: ...to here patch-2.7.6/src/patch.c:201:9: branch_true: following 'true' branch... patch-2.7.6/src/patch.c:212:11: branch_true: ...to here patch-2.7.6/src/patch.c:225:10: branch_false: following 'false' branch... patch-2.7.6/src/patch.c:234:11: branch_false: ...to here patch-2.7.6/src/patch.c:255:10: branch_true: following 'true' branch... patch-2.7.6/src/patch.c:265:11: branch_true: ...to here patch-2.7.6/src/patch.c:339:10: branch_false: following 'false' branch... patch-2.7.6/src/patch.c:354:14: branch_false: ...to here patch-2.7.6/src/patch.c:363:12: branch_false: following 'false' branch... patch-2.7.6/src/patch.c:363:37: branch_false: ...to here patch-2.7.6/src/patch.c:363:13: branch_true: following 'true' branch... patch-2.7.6/src/patch.c:365:13: call_function: inlined call to 'init_output' from 'main' patch-2.7.6/src/patch.c:367:16: branch_false: following 'false' branch... patch-2.7.6/src/patch.c:381:13: branch_false: ...to here patch-2.7.6/src/patch.c:381:12: branch_false: following 'false' branch... patch-2.7.6/src/patch.c:382:13: branch_false: ...to here patch-2.7.6/src/patch.c:384:16: branch_true: following 'true' branch... patch-2.7.6/src/patch.c:386:32: branch_true: ...to here patch-2.7.6/src/patch.c:386:32: danger: argument 2 ('outname') NULL where non-null expected # 384| if (verbosity != SILENT) # 385| { # 386|-> bool renamed = strcmp (inname, outname); # 387| bool skip_rename = ! renamed && pch_rename (); # 388| Error: GCC_ANALYZER_WARNING (CWE-775): [#def38] patch-2.7.6/src/patch.c:1611:10: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'dup2(fileno(stderr), fileno(stdout))' patch-2.7.6/src/patch.c:1600:6: branch_false: following 'false' branch (when the strings are equal)... patch-2.7.6/src/patch.c:1605:24: branch_false: ...to here patch-2.7.6/src/patch.c:1606:10: branch_false: following 'false' branch (when 'stdout_dup != -1')... patch-2.7.6/src/patch.c:1608:13: branch_false: ...to here patch-2.7.6/src/patch.c:1609:10: branch_false: following 'false' branch (when 'ofp' is non-NULL)... patch-2.7.6/src/patch.c:1611:11: branch_false: ...to here patch-2.7.6/src/patch.c:1611:11: acquire_resource: opened here patch-2.7.6/src/patch.c:1611:10: danger: 'dup2(fileno(stderr), fileno(stdout))' leaks here; was opened at [(7)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/6) # 1609| if (! ofp) # 1610| pfatal ("Failed to duplicate standard output"); # 1611|-> if (dup2 (fileno (stderr), fileno (stdout)) == -1) # 1612| pfatal ("Failed to redirect messages to standard error"); # 1613| /* FIXME: Do we need to switch stdout_dup into O_BINARY mode here? */ Error: CPPCHECK_WARNING (CWE-476): [#def39] patch-2.7.6/src/patch.c:1873: error[ctunullpointer]: Null pointer dereference: from_st # 1871| file_to_output = xmalloc (sizeof *file_to_output); # 1872| file_to_output->from = xstrdup (from); # 1873|-> file_to_output->from_st = *from_st; # 1874| file_to_output->to = to ? xstrdup (to) : NULL; # 1875| file_to_output->mode = mode; Error: CPPCHECK_WARNING (CWE-401): [#def40] patch-2.7.6/src/pch.c:189: error[memleakOnRealloc]: Common realloc mistake: 'p_line' nulled but not freed upon failure # 187| hunkmax *= 2; # 188| assert (p_line && p_len && p_Char); # 189|-> if ((p_line = realloc (p_line, hunkmax * sizeof (*p_line))) # 190| && (p_len = realloc (p_len, hunkmax * sizeof (*p_len))) # 191| && (p_Char = realloc (p_Char, hunkmax * sizeof (*p_Char)))) Error: CPPCHECK_WARNING (CWE-401): [#def41] patch-2.7.6/src/pch.c:190: error[memleakOnRealloc]: Common realloc mistake: 'p_len' nulled but not freed upon failure # 188| assert (p_line && p_len && p_Char); # 189| if ((p_line = realloc (p_line, hunkmax * sizeof (*p_line))) # 190|-> && (p_len = realloc (p_len, hunkmax * sizeof (*p_len))) # 191| && (p_Char = realloc (p_Char, hunkmax * sizeof (*p_Char)))) # 192| return true; Error: CPPCHECK_WARNING (CWE-401): [#def42] patch-2.7.6/src/pch.c:191: error[memleakOnRealloc]: Common realloc mistake: 'p_Char' nulled but not freed upon failure # 189| if ((p_line = realloc (p_line, hunkmax * sizeof (*p_line))) # 190| && (p_len = realloc (p_len, hunkmax * sizeof (*p_len))) # 191|-> && (p_Char = realloc (p_Char, hunkmax * sizeof (*p_Char)))) # 192| return true; # 193| if (!using_plan_a) Error: COMPILER_WARNING (CWE-477): [#def43] patch-2.7.6/src/pch.c: scope_hint: In function 'intuit_diff_type' patch-2.7.6/src/pch.c:438:5: warning[-Wdeprecated-declarations]: 'security_context_t' is deprecated # 438 | security_context_t con[3]; # | ^~~~~~~~~~~~~~~~~~ # 436| enum nametype i; # 437| struct stat st[3]; # 438|-> security_context_t con[3]; # 439| int stat_errno[3]; # 440| int version_controlled[3]; Error: COMPILER_WARNING (CWE-477): [#def44] patch-2.7.6/src/pch.c:438:5: warning[-Wdeprecated-declarations]: 'security_context_t' is deprecated # 436| enum nametype i; # 437| struct stat st[3]; # 438|-> security_context_t con[3]; # 439| int stat_errno[3]; # 440| int version_controlled[3]; Error: CPPCHECK_WARNING (CWE-457): [#def45] patch-2.7.6/src/pch.c:973: warning[uninitvar]: Uninitialized variable: distance_from_minimum # 971| # 972| /* The best of the filenames which create the fewest directories. */ # 973|-> i = best_name (p_name, distance_from_minimum); # 974| } # 975| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def46] patch-2.7.6/src/pch.c:2468:8: warning[-Wanalyzer-malloc-leak]: leak of 'tmpfp' patch-2.7.6/src/pch.c:2406:1: enter_function: entry to 'do_ed_script' patch-2.7.6/src/pch.c:2420:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2429:12: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2431:9: branch_false: ...to here patch-2.7.6/src/pch.c:2432:17: acquire_memory: allocated here patch-2.7.6/src/pch.c:2433:12: branch_false: following 'false' branch (when 'tmpfp' is non-NULL)... branch_false: ...to here patch-2.7.6/src/pch.c:2440:22: call_function: calling 'get_line' from 'do_ed_script' patch-2.7.6/src/pch.c:2440:22: return_function: returning to 'do_ed_script' from 'get_line' patch-2.7.6/src/pch.c:2468:8: danger: 'tmpfp' leaks here; was allocated at [(6)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/5) # 2466| } # 2467| } # 2468|-> if (dry_run || skip_rest_of_patch) # 2469| return; # 2470| if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) < (size_t) 4 Error: GCC_ANALYZER_WARNING (CWE-688): [#def47] patch-2.7.6/src/pch.c:2470:9: warning[-Wanalyzer-null-argument]: use of NULL 'tmpfp' where non-null expected patch-2.7.6/src/pch.c:2406:1: enter_function: entry to 'do_ed_script' patch-2.7.6/src/pch.c:2440:22: call_function: calling 'get_line' from 'do_ed_script' patch-2.7.6/src/pch.c:2440:22: return_function: returning to 'do_ed_script' from 'get_line' patch-2.7.6/src/pch.c:2468:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2470:9: danger: argument 4 ('tmpfp') NULL where non-null expected # 2468| if (dry_run || skip_rest_of_patch) # 2469| return; # 2470|-> if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) < (size_t) 4 # 2471| || fflush (tmpfp) != 0) # 2472| write_fatal (); Error: GCC_ANALYZER_WARNING (CWE-775): [#def48] patch-2.7.6/src/pch.c:2484:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'dup2(tmpfd, 0)' patch-2.7.6/src/pch.c:2406:1: enter_function: entry to 'do_ed_script' patch-2.7.6/src/pch.c:2420:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2429:12: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2431:9: branch_false: ...to here patch-2.7.6/src/pch.c:2433:12: branch_false: following 'false' branch (when 'tmpfp' is non-NULL)... branch_false: ...to here patch-2.7.6/src/pch.c:2440:22: call_function: calling 'get_line' from 'do_ed_script' patch-2.7.6/src/pch.c:2440:22: return_function: returning to 'do_ed_script' from 'get_line' patch-2.7.6/src/pch.c:2468:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2470:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2471:12: branch_false: ...to here patch-2.7.6/src/pch.c:2470:9: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2474:9: branch_false: ...to here patch-2.7.6/src/pch.c:2474:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2477:9: branch_false: ...to here patch-2.7.6/src/pch.c:2484:8: branch_false: following 'false' branch (when 'stdin_dup != -1')... patch-2.7.6/src/pch.c:2485:12: branch_false: ...to here patch-2.7.6/src/pch.c:2485:12: acquire_resource: opened here patch-2.7.6/src/pch.c:2484:9: danger: 'dup2(tmpfd, 0)' leaks here; was opened at [(26)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/25) # 2482| fflush (stdout); # 2483| # 2484|-> if ((stdin_dup = dup (0)) == -1 # 2485| || dup2 (tmpfd, 0) == -1) # 2486| pfatal ("Failed to duplicate standard input"); Error: GCC_ANALYZER_WARNING (CWE-775): [#def49] patch-2.7.6/src/pch.c:2497:8: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'dup2(stdin_dup, 0)' patch-2.7.6/src/pch.c:2406:1: enter_function: entry to 'do_ed_script' patch-2.7.6/src/pch.c:2420:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2429:12: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2431:9: branch_false: ...to here patch-2.7.6/src/pch.c:2433:12: branch_false: following 'false' branch (when 'tmpfp' is non-NULL)... branch_false: ...to here patch-2.7.6/src/pch.c:2440:22: call_function: calling 'get_line' from 'do_ed_script' patch-2.7.6/src/pch.c:2440:22: return_function: returning to 'do_ed_script' from 'get_line' patch-2.7.6/src/pch.c:2468:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2470:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2471:12: branch_false: ...to here patch-2.7.6/src/pch.c:2470:9: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2474:9: branch_false: ...to here patch-2.7.6/src/pch.c:2474:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2477:9: branch_false: ...to here patch-2.7.6/src/pch.c:2484:8: branch_false: following 'false' branch (when 'stdin_dup != -1')... patch-2.7.6/src/pch.c:2485:12: branch_false: ...to here patch-2.7.6/src/pch.c:2484:9: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2487:5: branch_false: ...to here patch-2.7.6/src/pch.c:2487:5: branch_true: following 'true' branch... patch-2.7.6/src/pch.c:2488:15: branch_true: ...to here patch-2.7.6/src/pch.c:2495:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2497:9: branch_false: ...to here patch-2.7.6/src/pch.c:2497:9: acquire_resource: opened here patch-2.7.6/src/pch.c:2497:8: danger: 'dup2(stdin_dup, 0)' leaks here; was opened at [(32)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/31) # 2495| if (status) # 2496| fatal ("%s FAILED", editor_program); # 2497|-> if (dup2 (stdin_dup, 0) == -1 # 2498| || close (stdin_dup) == -1) # 2499| pfatal ("Failed to duplicate standard input"); Error: CPPCHECK_WARNING (CWE-476): [#def50] patch-2.7.6/src/pch.c:2509: warning[nullPointerOutOfResources]: If resource allocation fails, then there is a possible null pointer dereference: ifp # 2507| if (!ifp) # 2508| pfatal ("can't open '%s'", outname); # 2509|-> while ((c = getc (ifp)) != EOF) # 2510| if (putc (c, ofp) == EOF) # 2511| write_fatal (); Error: GCC_ANALYZER_WARNING (CWE-775): [#def51] patch-2.7.6/src/pch.c:2510:14: warning[-Wanalyzer-file-leak]: leak of FILE 'fopen(outname, "r")' patch-2.7.6/src/pch.c:2406:1: enter_function: entry to 'do_ed_script' patch-2.7.6/src/pch.c:2420:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2429:12: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2431:9: branch_false: ...to here patch-2.7.6/src/pch.c:2433:12: branch_false: following 'false' branch (when 'tmpfp' is non-NULL)... branch_false: ...to here patch-2.7.6/src/pch.c:2440:22: call_function: calling 'get_line' from 'do_ed_script' patch-2.7.6/src/pch.c:2440:22: return_function: returning to 'do_ed_script' from 'get_line' patch-2.7.6/src/pch.c:2468:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2470:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2471:12: branch_false: ...to here patch-2.7.6/src/pch.c:2470:9: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2474:9: branch_false: ...to here patch-2.7.6/src/pch.c:2474:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2477:9: branch_false: ...to here patch-2.7.6/src/pch.c:2484:8: branch_false: following 'false' branch (when 'stdin_dup != -1')... patch-2.7.6/src/pch.c:2485:12: branch_false: ...to here patch-2.7.6/src/pch.c:2484:9: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2487:5: branch_false: ...to here patch-2.7.6/src/pch.c:2487:5: branch_true: following 'true' branch... patch-2.7.6/src/pch.c:2488:15: branch_true: ...to here patch-2.7.6/src/pch.c:2495:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2497:9: branch_false: ...to here patch-2.7.6/src/pch.c:2497:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2498:12: branch_false: ...to here patch-2.7.6/src/pch.c:2497:9: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2501:5: branch_false: ...to here patch-2.7.6/src/pch.c:2503:8: branch_true: following 'true' branch (when 'ofp' is non-NULL)... patch-2.7.6/src/pch.c:2505:21: branch_true: ...to here patch-2.7.6/src/pch.c:2505:21: acquire_resource: opened here patch-2.7.6/src/pch.c:2507:12: branch_false: following 'false' branch... branch_false: ...to here patch-2.7.6/src/pch.c:2509:16: branch_true: following 'true' branch... patch-2.7.6/src/pch.c:2510:15: branch_true: ...to here patch-2.7.6/src/pch.c:2510:14: danger: 'fopen(outname, "r")' leaks here; was opened at [(38)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/37) # 2508| pfatal ("can't open '%s'", outname); # 2509| while ((c = getc (ifp)) != EOF) # 2510|-> if (putc (c, ofp) == EOF) # 2511| write_fatal (); # 2512| if (ferror (ifp) || fclose (ifp) != 0) Error: GCC_ANALYZER_WARNING (CWE-401): [#def52] patch-2.7.6/src/pch.c:2510:14: warning[-Wanalyzer-malloc-leak]: leak of 'fopen(outname, "r")' patch-2.7.6/src/pch.c:2406:1: enter_function: entry to 'do_ed_script' patch-2.7.6/src/pch.c:2420:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2429:12: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2431:9: branch_false: ...to here patch-2.7.6/src/pch.c:2433:12: branch_false: following 'false' branch (when 'tmpfp' is non-NULL)... branch_false: ...to here patch-2.7.6/src/pch.c:2440:22: call_function: calling 'get_line' from 'do_ed_script' patch-2.7.6/src/pch.c:2440:22: return_function: returning to 'do_ed_script' from 'get_line' patch-2.7.6/src/pch.c:2468:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2470:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2471:12: branch_false: ...to here patch-2.7.6/src/pch.c:2470:9: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2474:9: branch_false: ...to here patch-2.7.6/src/pch.c:2474:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2477:9: branch_false: ...to here patch-2.7.6/src/pch.c:2484:8: branch_false: following 'false' branch (when 'stdin_dup != -1')... patch-2.7.6/src/pch.c:2485:12: branch_false: ...to here patch-2.7.6/src/pch.c:2484:9: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2487:5: branch_false: ...to here patch-2.7.6/src/pch.c:2487:5: branch_true: following 'true' branch... patch-2.7.6/src/pch.c:2488:15: branch_true: ...to here patch-2.7.6/src/pch.c:2495:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2497:9: branch_false: ...to here patch-2.7.6/src/pch.c:2497:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2498:12: branch_false: ...to here patch-2.7.6/src/pch.c:2497:9: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2501:5: branch_false: ...to here patch-2.7.6/src/pch.c:2503:8: branch_true: following 'true' branch (when 'ofp' is non-NULL)... patch-2.7.6/src/pch.c:2505:21: branch_true: ...to here patch-2.7.6/src/pch.c:2505:21: acquire_memory: allocated here patch-2.7.6/src/pch.c:2507:12: branch_false: following 'false' branch... branch_false: ...to here patch-2.7.6/src/pch.c:2509:16: branch_true: following 'true' branch... patch-2.7.6/src/pch.c:2510:15: branch_true: ...to here patch-2.7.6/src/pch.c:2510:14: danger: 'fopen(outname, "r")' leaks here; was allocated at [(38)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/37) # 2508| pfatal ("can't open '%s'", outname); # 2509| while ((c = getc (ifp)) != EOF) # 2510|-> if (putc (c, ofp) == EOF) # 2511| write_fatal (); # 2512| if (ferror (ifp) || fclose (ifp) != 0) Error: CPPCHECK_WARNING (CWE-476): [#def53] patch-2.7.6/src/pch.c:2512: warning[nullPointerOutOfResources]: If resource allocation fails, then there is a possible null pointer dereference: ifp # 2510| if (putc (c, ofp) == EOF) # 2511| write_fatal (); # 2512|-> if (ferror (ifp) || fclose (ifp) != 0) # 2513| read_fatal (); # 2514| } Error: GCC_ANALYZER_WARNING (CWE-775): [#def54] patch-2.7.6/src/pch.c:2512:12: warning[-Wanalyzer-file-leak]: leak of FILE 'fopen(outname, "r")' patch-2.7.6/src/pch.c:2406:1: enter_function: entry to 'do_ed_script' patch-2.7.6/src/pch.c:2420:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2429:12: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2431:9: branch_false: ...to here patch-2.7.6/src/pch.c:2433:12: branch_false: following 'false' branch (when 'tmpfp' is non-NULL)... branch_false: ...to here patch-2.7.6/src/pch.c:2440:22: call_function: calling 'get_line' from 'do_ed_script' patch-2.7.6/src/pch.c:2440:22: return_function: returning to 'do_ed_script' from 'get_line' patch-2.7.6/src/pch.c:2468:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2470:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2471:12: branch_false: ...to here patch-2.7.6/src/pch.c:2470:9: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2474:9: branch_false: ...to here patch-2.7.6/src/pch.c:2474:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2477:9: branch_false: ...to here patch-2.7.6/src/pch.c:2484:8: branch_false: following 'false' branch (when 'stdin_dup != -1')... patch-2.7.6/src/pch.c:2485:12: branch_false: ...to here patch-2.7.6/src/pch.c:2484:9: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2487:5: branch_false: ...to here patch-2.7.6/src/pch.c:2487:5: branch_true: following 'true' branch... patch-2.7.6/src/pch.c:2488:15: branch_true: ...to here patch-2.7.6/src/pch.c:2495:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2497:9: branch_false: ...to here patch-2.7.6/src/pch.c:2497:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2498:12: branch_false: ...to here patch-2.7.6/src/pch.c:2497:9: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2501:5: branch_false: ...to here patch-2.7.6/src/pch.c:2503:8: branch_true: following 'true' branch (when 'ofp' is non-NULL)... patch-2.7.6/src/pch.c:2505:21: branch_true: ...to here patch-2.7.6/src/pch.c:2505:21: acquire_resource: opened here patch-2.7.6/src/pch.c:2507:12: branch_false: following 'false' branch... branch_false: ...to here patch-2.7.6/src/pch.c:2512:12: danger: 'fopen(outname, "r")' leaks here; was opened at [(38)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/37) # 2510| if (putc (c, ofp) == EOF) # 2511| write_fatal (); # 2512|-> if (ferror (ifp) || fclose (ifp) != 0) # 2513| read_fatal (); # 2514| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def55] patch-2.7.6/src/pch.c:2512:12: warning[-Wanalyzer-malloc-leak]: leak of 'fopen(outname, "r")' patch-2.7.6/src/pch.c:2406:1: enter_function: entry to 'do_ed_script' patch-2.7.6/src/pch.c:2420:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2429:12: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2431:9: branch_false: ...to here patch-2.7.6/src/pch.c:2433:12: branch_false: following 'false' branch (when 'tmpfp' is non-NULL)... branch_false: ...to here patch-2.7.6/src/pch.c:2440:22: call_function: calling 'get_line' from 'do_ed_script' patch-2.7.6/src/pch.c:2440:22: return_function: returning to 'do_ed_script' from 'get_line' patch-2.7.6/src/pch.c:2468:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2470:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2471:12: branch_false: ...to here patch-2.7.6/src/pch.c:2470:9: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2474:9: branch_false: ...to here patch-2.7.6/src/pch.c:2474:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2477:9: branch_false: ...to here patch-2.7.6/src/pch.c:2484:8: branch_false: following 'false' branch (when 'stdin_dup != -1')... patch-2.7.6/src/pch.c:2485:12: branch_false: ...to here patch-2.7.6/src/pch.c:2484:9: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2487:5: branch_false: ...to here patch-2.7.6/src/pch.c:2487:5: branch_true: following 'true' branch... patch-2.7.6/src/pch.c:2488:15: branch_true: ...to here patch-2.7.6/src/pch.c:2495:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2497:9: branch_false: ...to here patch-2.7.6/src/pch.c:2497:8: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2498:12: branch_false: ...to here patch-2.7.6/src/pch.c:2497:9: branch_false: following 'false' branch... patch-2.7.6/src/pch.c:2501:5: branch_false: ...to here patch-2.7.6/src/pch.c:2503:8: branch_true: following 'true' branch (when 'ofp' is non-NULL)... patch-2.7.6/src/pch.c:2505:21: branch_true: ...to here patch-2.7.6/src/pch.c:2505:21: acquire_memory: allocated here patch-2.7.6/src/pch.c:2507:12: branch_false: following 'false' branch... branch_false: ...to here patch-2.7.6/src/pch.c:2512:12: danger: 'fopen(outname, "r")' leaks here; was allocated at [(38)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/37) # 2510| if (putc (c, ofp) == EOF) # 2511| write_fatal (); # 2512|-> if (ferror (ifp) || fclose (ifp) != 0) # 2513| read_fatal (); # 2514| } Error: COMPILER_WARNING (CWE-477): [#def56] patch-2.7.6/src/util.c: scope_hint: In function 'set_file_attributes' patch-2.7.6/src/util.c:305:7: warning[-Wdeprecated-declarations]: 'security_context_t' is deprecated # 305 | security_context_t outcontext; # | ^~~~~~~~~~~~~~~~~~ # 303| if (attr & FA_SECCONTEXT) # 304| { # 305|-> security_context_t outcontext; # 306| if (incontext && getfilecon (to, &outcontext) != -1 && outcontext) # 307| { Error: COMPILER_WARNING (CWE-477): [#def57] patch-2.7.6/src/util.c:305:7: warning[-Wdeprecated-declarations]: 'security_context_t' is deprecated # 303| if (attr & FA_SECCONTEXT) # 304| { # 305|-> security_context_t outcontext; # 306| if (incontext && getfilecon (to, &outcontext) != -1 && outcontext) # 307| { Error: COMPILER_WARNING (CWE-477): [#def58] patch-2.7.6/src/util.c: scope_hint: At top level patch-2.7.6/src/util.c:847:14: warning[-Wdeprecated-declarations]: 'security_context_t' is deprecated # 847 | security_context_t *filecontext) # | ^~~~~~~~~~~~~~~~~~ # 845| version_get (char const *filename, char const *cs, bool exists, bool readonly, # 846| char const *getbuf, struct stat *filestat, # 847|-> security_context_t *filecontext) # 848| { # 849| if (patch_get < 0) Error: COMPILER_WARNING (CWE-477): [#def59] patch-2.7.6/src/util.c:847:14: warning[-Wdeprecated-declarations]: 'security_context_t' is deprecated # 845| version_get (char const *filename, char const *cs, bool exists, bool readonly, # 846| char const *getbuf, struct stat *filestat, # 847|-> security_context_t *filecontext) # 848| { # 849| if (patch_get < 0) Error: COMPILER_WARNING (CWE-477): [#def60] patch-2.7.6/src/util.c:1706:45: warning[-Wdeprecated-declarations]: 'security_context_t' is deprecated # 1706 | int stat_file (char const *filename, struct stat *st, security_context_t *con) # | ^~~~ # 1704| } # 1705| # 1706|-> int stat_file (char const *filename, struct stat *st, security_context_t *con) # 1707| { # 1708| int (*xstat)(char const *, struct stat *) = Error: COMPILER_WARNING (CWE-477): [#def61] patch-2.7.6/src/util.c:1706:45: warning[-Wdeprecated-declarations]: 'security_context_t' is deprecated # 1704| } # 1705| # 1706|-> int stat_file (char const *filename, struct stat *st, security_context_t *con) # 1707| { # 1708| int (*xstat)(char const *, struct stat *) = Error: COMPILER_WARNING (CWE-477): [#def62] patch-2.7.6/src/util.c: scope_hint: In function 'stat_file' patch-2.7.6/src/util.c:1710:3: warning[-Wdeprecated-declarations]: 'security_context_t' is deprecated # 1710 | int (*xgetfilecon)(char const *, security_context_t *) = # | ^~~ # 1708| int (*xstat)(char const *, struct stat *) = # 1709| follow_symlinks ? safe_stat : safe_lstat; # 1710|-> int (*xgetfilecon)(char const *, security_context_t *) = # 1711| follow_symlinks ? getfilecon : lgetfilecon; # 1712| Error: COMPILER_WARNING (CWE-477): [#def63] patch-2.7.6/src/util.c:1710:3: warning[-Wdeprecated-declarations]: 'security_context_t' is deprecated # 1708| int (*xstat)(char const *, struct stat *) = # 1709| follow_symlinks ? safe_stat : safe_lstat; # 1710|-> int (*xgetfilecon)(char const *, security_context_t *) = # 1711| follow_symlinks ? getfilecon : lgetfilecon; # 1712| Error: COMPILER_WARNING (CWE-477): [#def64] patch-2.7.6/src/util.c:28: included_from: Included from here. patch-2.7.6/src/util.h:47:80: warning[-Wdeprecated-declarations]: 'security_context_t' is deprecated # 47 | bool version_get (char const *, char const *, bool, bool, char const *, struct stat *, security_context_t *); # | ^~~~ # 45| char *savestr (char const *); # 46| char const *version_controller (char const *, bool, struct stat const *, char **, char **); # 47|-> bool version_get (char const *, char const *, bool, bool, char const *, struct stat *, security_context_t *); # 48| int create_file (char const *, int, mode_t, bool); # 49| int systemic (char const *); Error: COMPILER_WARNING (CWE-477): [#def65] patch-2.7.6/src/util.h:47:80: warning[-Wdeprecated-declarations]: 'security_context_t' is deprecated # 45| char *savestr (char const *); # 46| char const *version_controller (char const *, bool, struct stat const *, char **, char **); # 47|-> bool version_get (char const *, char const *, bool, bool, char const *, struct stat *, security_context_t *); # 48| int create_file (char const *, int, mode_t, bool); # 49| int systemic (char const *); Error: COMPILER_WARNING (CWE-477): [#def66] patch-2.7.6/src/util.h:70:37: warning[-Wdeprecated-declarations]: 'security_context_t' is deprecated # 70 | int stat_file (char const *, struct stat *, security_context_t *); # | ^~~~ # 68| void set_queued_output (struct stat const *, bool); # 69| bool has_queued_output (struct stat const *); # 70|-> int stat_file (char const *, struct stat *, security_context_t *); # 71| bool filename_is_safe (char const *) _GL_ATTRIBUTE_PURE; # 72| bool cwd_is_root (char const *); Error: COMPILER_WARNING (CWE-477): [#def67] patch-2.7.6/src/util.h:70:37: warning[-Wdeprecated-declarations]: 'security_context_t' is deprecated # 68| void set_queued_output (struct stat const *, bool); # 69| bool has_queued_output (struct stat const *); # 70|-> int stat_file (char const *, struct stat *, security_context_t *); # 71| bool filename_is_safe (char const *) _GL_ATTRIBUTE_PURE; # 72| bool cwd_is_root (char const *);
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.86.0 |
| diffbase-analyzer-version-cppcheck | 2.17.1 |
| diffbase-analyzer-version-gcc | 15.0.1 |
| diffbase-analyzer-version-gcc-analyzer | 15.0.1 |
| diffbase-analyzer-version-shellcheck | 0.10.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-84.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | patch-2.8-1.fc43 |
| diffbase-store-results-to | /tmp/tmprtxc617x/patch-2.8-1.fc43.tar.xz |
| diffbase-time-created | 2025-04-25 14:48:35 |
| diffbase-time-finished | 2025-04-25 14:50:20 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmprtxc617x/patch-2.8-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmprtxc617x/patch-2.8-1.fc43.src.rpm' |
| diffbase-tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-84.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | patch-2.7.6-26.fc42 |
| store-results-to | /tmp/tmpk5mds760/patch-2.7.6-26.fc42.tar.xz |
| time-created | 2025-04-25 14:45:51 |
| time-finished | 2025-04-25 14:48:23 |
| title | Fixed findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpk5mds760/patch-2.7.6-26.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpk5mds760/patch-2.7.6-26.fc42.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |