Error: GCC_ANALYZER_WARNING (CWE-401): [#def1] pcsc-lite-2.3.3/redhat-linux-build/../src/hotplug_libudev.c:235:44: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’ pcsc-lite-2.3.3/redhat-linux-build/../src/hotplug_libudev.c:673:6: enter_function: entry to ‘HPSearchHotPluggables’ pcsc-lite-2.3.3/redhat-linux-build/../src/hotplug_libudev.c:677:19: branch_true: following ‘true’ branch (when ‘i != 16’)... pcsc-lite-2.3.3/redhat-linux-build/../src/hotplug_libudev.c:679:17: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/hotplug_libudev.c:684:16: call_function: calling ‘HPReadBundleValues’ from ‘HPSearchHotPluggables’ # 233| driverSize * sizeof(*driverTracker)); # 234| # 235|-> if (NULL == tmp) # 236| { # 237| free(driverTracker); Error: GCC_ANALYZER_WARNING (CWE-688): [#def2] pcsc-lite-2.3.3/redhat-linux-build/../src/hotplug_libudev.c:477:36: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘tmpInterfaceName’ where non-null expected pcsc-lite-2.3.3/redhat-linux-build/../src/hotplug_libudev.c:728:7: enter_function: entry to ‘HPRegisterForHotplugEvents’ pcsc-lite-2.3.3/redhat-linux-build/../src/hotplug_libudev.c:732:12: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/hotplug_libudev.c:742:16: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/hotplug_libudev.c:743:12: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/hotplug_libudev.c:749:24: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/hotplug_libudev.c:750:12: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/hotplug_libudev.c:757:13: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/hotplug_libudev.c:759:12: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/hotplug_libudev.c:765:13: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/hotplug_libudev.c:766:12: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/hotplug_libudev.c:773:9: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/hotplug_libudev.c:773:9: call_function: calling ‘HPScanUSB’ from ‘HPRegisterForHotplugEvents’ #argument 1 of ‘__builtin_strlen’ must be non-null # 475| # 476| /* check the interface name contains only valid ASCII codes */ # 477|-> for (size_t i=0; i<strlen(tmpInterfaceName); i++) # 478| { # 479| if (! isascii(tmpInterfaceName[i])) Error: GCC_ANALYZER_WARNING (CWE-476): [#def3] pcsc-lite-2.3.3/redhat-linux-build/../src/ifdwrapper.c:136:30: warning[-Wanalyzer-jump-through-null]: jump through null pointer pcsc-lite-2.3.3/redhat-linux-build/../src/ifdwrapper.c:113:12: branch_true: following ‘true’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/ifdwrapper.c:114:17: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/ifdwrapper.c:129:12: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/ifdwrapper.c:135:21: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/ifdwrapper.c:135:20: branch_true: following ‘true’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/ifdwrapper.c:136:62: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/ifdwrapper.c:136:30: danger: jump through null pointer here # 134| /* use device name only if defined */ # 135| if (rContext->device[0] != '\0') # 136|-> rv = (*IFDH_create_channel_by_name) (rContext->slot, rContext->device); # 137| else # 138| rv = (*IFDH_create_channel) (rContext->slot, rContext->port); Error: GCC_ANALYZER_WARNING (CWE-775): [#def4] pcsc-lite-2.3.3/redhat-linux-build/../src/pcscdaemon.c:564:28: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’ pcsc-lite-2.3.3/redhat-linux-build/../src/pcscdaemon.c:435:12: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/pcscdaemon.c:446:14: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/pcscdaemon.c:447:12: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/pcscdaemon.c:454:20: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/pcscdaemon.c:518:20: branch_false: following ‘false’ branch (when ‘HotPlug == 0’)... pcsc-lite-2.3.3/redhat-linux-build/../src/pcscdaemon.c:526:13: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/pcscdaemon.c:527:12: branch_false: following ‘false’ branch (when ‘r >= 0’)... pcsc-lite-2.3.3/redhat-linux-build/../src/pcscdaemon.c:536:12: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/pcscdaemon.c:536:12: branch_false: following ‘false’ branch (when ‘setToForeground == 0’)... pcsc-lite-2.3.3/redhat-linux-build/../src/pcscdaemon.c:541:21: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/pcscdaemon.c:541:20: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/pcscdaemon.c:547:23: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/pcscdaemon.c:548:20: branch_false: following ‘false’ branch (when ‘pid != -1’)... pcsc-lite-2.3.3/redhat-linux-build/../src/pcscdaemon.c:556:22: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/pcscdaemon.c:556:22: acquire_resource: opened here pcsc-lite-2.3.3/redhat-linux-build/../src/pcscdaemon.c:557:20: branch_true: following ‘true’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/pcscdaemon.c:559:25: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/pcscdaemon.c:564:28: danger: ‘open("/dev/null", 2)’ leaks here; was opened at [(16)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/15) # 562| # 563| /* do not close stdin, stdout or stderr */ # 564|-> if (fd > 2) # 565| close(fd); # 566| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def5] pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:345:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc(4)’ pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1500:6: enter_function: entry to ‘RFReCheckReaderConf’ pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1508:12: branch_false: following ‘false’ branch... branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1526:12: branch_false: following ‘false’ branch... branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1534:19: branch_true: following ‘true’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1539:17: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1543:29: branch_true: following ‘true’ branch (when ‘r != 16’)... pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1545:29: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1579:20: branch_true: following ‘true’ branch (when ‘present == 0’)... pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1583:44: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1581:31: call_function: calling ‘RFAddReader’ from ‘RFReCheckReaderConf’ # 343| RFUnloadReader unloads the driver library # 344| and there are still devices attached using it --mikeg*/ # 345|-> *(sReadersContexts[dwContext])->pFeeds = 1; # 346| } # 347| Error: GCC_ANALYZER_WARNING (CWE-688): [#def6] pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:352:23: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘malloc(40)’ where non-null expected pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1500:6: enter_function: entry to ‘RFReCheckReaderConf’ pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1508:12: branch_false: following ‘false’ branch... branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1526:12: branch_false: following ‘false’ branch... branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1534:19: branch_true: following ‘true’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1539:17: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1543:29: branch_true: following ‘true’ branch (when ‘r != 16’)... pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1545:29: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1579:20: branch_true: following ‘true’ branch (when ‘present == 0’)... pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1583:44: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1581:31: call_function: calling ‘RFAddReader’ from ‘RFReCheckReaderConf’ # 350| sReadersContexts[dwContext]->mMutex = # 351| malloc(sizeof(pthread_mutex_t)); # 352|-> (void)pthread_mutex_init(sReadersContexts[dwContext]->mMutex, NULL); # 353| } # 354| Error: GCC_ANALYZER_WARNING (CWE-476): [#def7] pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:358:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc(4)’ pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1500:6: enter_function: entry to ‘RFReCheckReaderConf’ pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1508:12: branch_false: following ‘false’ branch... branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1526:12: branch_false: following ‘false’ branch... branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1534:19: branch_true: following ‘true’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1539:17: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1543:29: branch_true: following ‘true’ branch (when ‘r != 16’)... pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1545:29: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1579:20: branch_true: following ‘true’ branch (when ‘present == 0’)... pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1583:44: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1581:31: call_function: calling ‘RFAddReader’ from ‘RFReCheckReaderConf’ # 356| { # 357| sReadersContexts[dwContext]->pMutex = malloc(sizeof(int)); # 358|-> *(sReadersContexts[dwContext])->pMutex = 1; # 359| } # 360| Error: GCC_ANALYZER_WARNING: [#def8] pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:455:17: warning[-Wanalyzer-overlapping-buffers]: overlapping buffers passed as arguments to ‘memcpy’ pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1500:6: enter_function: entry to ‘RFReCheckReaderConf’ pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1508:12: branch_false: following ‘false’ branch... branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1526:12: branch_false: following ‘false’ branch... branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1534:19: branch_true: following ‘true’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1539:17: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1543:29: branch_true: following ‘true’ branch (when ‘r != 16’)... pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1545:29: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1579:20: branch_true: following ‘true’ branch (when ‘present == 0’)... pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1583:44: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1581:31: call_function: calling ‘RFAddReader’ from ‘RFReCheckReaderConf’ # 453| /* Copy the previous reader name and increment the slot number */ # 454| tmpReader = sReadersContexts[dwContextB]->readerState->readerName; # 455|-> memcpy(tmpReader, # 456| sReadersContexts[dwContext]->readerState->readerName, # 457| sizeof(sReadersContexts[dwContextB]->readerState->readerName)); Error: GCC_ANALYZER_WARNING (CWE-688): [#def9] pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:531:31: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘malloc(40)’ where non-null expected pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1500:6: enter_function: entry to ‘RFReCheckReaderConf’ pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1508:12: branch_false: following ‘false’ branch... branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1526:12: branch_false: following ‘false’ branch... branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1534:19: branch_true: following ‘true’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1539:17: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1543:29: branch_true: following ‘true’ branch (when ‘r != 16’)... pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1545:29: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1579:20: branch_true: following ‘true’ branch (when ‘present == 0’)... pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1583:44: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1581:31: call_function: calling ‘RFAddReader’ from ‘RFReCheckReaderConf’ # 529| sReadersContexts[dwContextB]->mMutex = # 530| malloc(sizeof(pthread_mutex_t)); # 531|-> (void)pthread_mutex_init(sReadersContexts[dwContextB]->mMutex, # 532| NULL); # 533| Error: GCC_ANALYZER_WARNING (CWE-476): [#def10] pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:535:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘malloc(4)’ pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1500:6: enter_function: entry to ‘RFReCheckReaderConf’ pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1508:12: branch_false: following ‘false’ branch... branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1526:12: branch_false: following ‘false’ branch... branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1534:19: branch_true: following ‘true’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1539:17: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1543:29: branch_true: following ‘true’ branch (when ‘r != 16’)... pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1545:29: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1579:20: branch_true: following ‘true’ branch (when ‘present == 0’)... pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1583:44: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/readerfactory.c:1581:31: call_function: calling ‘RFAddReader’ from ‘RFReCheckReaderConf’ # 533| # 534| sReadersContexts[dwContextB]->pMutex = malloc(sizeof(int)); # 535|-> *(sReadersContexts[dwContextB])->pMutex = 1; # 536| } # 537| else Error: GCC_ANALYZER_WARNING (CWE-401): [#def11] pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1297:5: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’ pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1437:5: enter_function: entry to ‘list_restore_file’ pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1441:8: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1443:5: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1443:5: call_function: calling ‘list_restore_filedescriptor’ from ‘list_restore_file’ # 1295| # 1296| /* version */ # 1297|-> READ_ERRCHECK(fd, &header.ver, sizeof(header.ver)); # 1298| header.ver = ntohs(header.ver); # 1299| if (header.ver != SIMCLIST_DUMPFORMAT_VERSION) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def12] pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1349:23: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’ pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1286:5: enter_function: entry to ‘list_restore_filedescriptor’ pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1297:5: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1298:18: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1299:8: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1305:5: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1305:5: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1306:28: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1307:5: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1308:29: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1311:5: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1313:22: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1316:5: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1317:25: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1320:5: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1321:21: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1324:5: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1325:22: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1328:5: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1329:23: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1334:8: branch_true: following ‘true’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1336:13: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1336:12: branch_false: following ‘false’ branch... branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1348:27: branch_true: following ‘true’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1349:30: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1349:23: acquire_memory: allocated here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1350:20: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1352:17: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1352:17: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1353:17: call_function: inlined call to ‘list_append’ from ‘list_restore_filedescriptor’ pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1353:17: call_function: inlined call to ‘list_append’ from ‘list_restore_filedescriptor’ pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1348:27: branch_true: following ‘true’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1349:30: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1349:23: danger: ‘buf’ leaks here; was allocated at [(26)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/25) # 1347| /* copy verbatim into memory */ # 1348| for (cnt = 0; cnt < header.numels; cnt++) { # 1349|-> buf = malloc(header.elemlen); # 1350| if (NULL == buf) # 1351| return -1; Error: GCC_ANALYZER_WARNING (CWE-401): [#def13] pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1376:23: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’ pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1286:5: enter_function: entry to ‘list_restore_filedescriptor’ pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1297:5: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1298:18: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1299:8: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1305:5: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1305:5: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1306:28: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1307:5: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1308:29: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1311:5: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1313:22: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1316:5: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1317:25: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1320:5: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1321:21: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1324:5: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1325:22: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1328:5: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1329:23: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1334:8: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1360:13: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1360:12: branch_false: following ‘false’ branch... branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1374:27: branch_true: following ‘true’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1375:17: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1375:17: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1376:23: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1376:23: acquire_memory: allocated here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1377:20: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1379:17: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1379:17: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1380:17: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1381:17: call_function: inlined call to ‘list_append’ from ‘list_restore_filedescriptor’ pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1381:17: call_function: inlined call to ‘list_append’ from ‘list_restore_filedescriptor’ pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1374:27: branch_true: following ‘true’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1375:17: branch_true: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1375:17: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1376:23: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/simclist.c:1376:23: danger: ‘buf’ leaks here; was allocated at [(28)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/27) # 1374| for (cnt = 0; cnt < header.numels; cnt++) { # 1375| READ_ERRCHECK(fd, & elsize, sizeof(elsize)); # 1376|-> buf = malloc(elsize); # 1377| if (NULL == buf) # 1378| return -1; Error: GCC_ANALYZER_WARNING (CWE-476): [#def14] pcsc-lite-2.3.3/redhat-linux-build/../src/tokenparser.l:98:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘elt’ pcsc-lite-2.3.3/redhat-linux-build/../src/tokenparser.l:203:5: enter_function: entry to ‘bundleParse’ pcsc-lite-2.3.3/redhat-linux-build/../src/tokenparser.l:212:12: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/tokenparser.l:219:13: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/tokenparser.l:228:23: call_function: calling ‘tokenparserlex’ from ‘bundleParse’ # 96| len++; /* final NULL byte */ # 97| # 98|-> elt->key = malloc(len); # 99| memcpy(elt->key, &pcToken[5], len-1); # 100| elt->key[len-1] = '\0'; Error: GCC_ANALYZER_WARNING (CWE-688): [#def15] pcsc-lite-2.3.3/redhat-linux-build/../src/tokenparser.l:136:23: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘amp’ where non-null expected pcsc-lite-2.3.3/redhat-linux-build/../src/tokenparser.l:203:5: enter_function: entry to ‘bundleParse’ pcsc-lite-2.3.3/redhat-linux-build/../src/tokenparser.l:212:12: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/tokenparser.l:219:13: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/tokenparser.l:228:23: call_function: calling ‘tokenparserlex’ from ‘bundleParse’ #argument 1 of ‘__builtin_strstr’ must be non-null # 134| /* for all & in the string */ # 135| amp = value; # 136|-> while ((amp = strstr(amp, "&")) != NULL) # 137| { # 138| char *p; Error: GCC_ANALYZER_WARNING (CWE-401): [#def16] pcsc-lite-2.3.3/redhat-linux-build/../src/tokenparser.l:155:1: warning[-Wanalyzer-malloc-leak]: leak of ‘amp’ pcsc-lite-2.3.3/redhat-linux-build/../src/tokenparser.l:203:5: enter_function: entry to ‘bundleParse’ pcsc-lite-2.3.3/redhat-linux-build/../src/tokenparser.l:212:12: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/tokenparser.l:219:13: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/tokenparser.l:228:23: call_function: calling ‘tokenparserlex’ from ‘bundleParse’ # 153| assert(r >= 0); # 154| (void)r; # 155|-> } # 156| # 157| void tperrorCheck (char *token_error) Error: GCC_ANALYZER_WARNING (CWE-401): [#def17] pcsc-lite-2.3.3/redhat-linux-build/../src/winscard_clnt.c:3485:12: warning[-Wanalyzer-malloc-leak]: leak of ‘newChannelMap’ pcsc-lite-2.3.3/redhat-linux-build/../src/winscard_clnt.c:3477:25: acquire_memory: allocated here pcsc-lite-2.3.3/redhat-linux-build/../src/winscard_clnt.c:3478:12: branch_false: following ‘false’ branch (when ‘newChannelMap’ is non-NULL)... pcsc-lite-2.3.3/redhat-linux-build/../src/winscard_clnt.c:3481:9: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/winscard_clnt.c:3485:12: branch_false: following ‘false’ branch... branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/winscard_clnt.c:3485:12: danger: ‘newChannelMap’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0) # 3483| # 3484| lrv = list_append(¤tContextMap->channelMapList, newChannelMap); # 3485|-> if (lrv < 0) # 3486| { # 3487| free(newChannelMap->readerName); Error: GCC_ANALYZER_WARNING (CWE-775): [#def18] pcsc-lite-2.3.3/redhat-linux-build/../src/winscard_msg.c:138:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor pcsc-lite-2.3.3/redhat-linux-build/../src/winscard_msg.c:126:12: branch_false: following ‘false’ branch (when ‘ret >= 0’)... pcsc-lite-2.3.3/redhat-linux-build/../src/winscard_msg.c:132:9: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/winscard_msg.c:138:12: danger: leaks here # 136| strncpy(svc_addr.sun_path, socketName, sizeof(svc_addr.sun_path)); # 137| # 138|-> if (connect(*pdwClientID, (struct sockaddr *) &svc_addr, # 139| sizeof(svc_addr.sun_family) + strlen(svc_addr.sun_path) + 1) < 0) # 140| { Error: GCC_ANALYZER_WARNING (CWE-401): [#def19] pcsc-lite-2.3.3/redhat-linux-build/pcscd.p/configfile.c:1581:12: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(64)’ pcsc-lite-2.3.3/redhat-linux-build/../src/configfile.l:356:5: enter_function: entry to ‘DBGetReaderList’ pcsc-lite-2.3.3/redhat-linux-build/../src/configfile.l:369:12: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/configfile.l:372:9: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/configfile.l:387:23: call_function: calling ‘configfilelex’ from ‘DBGetReaderList’ # 1579| * we need to put in 2 end-of-buffer characters. # 1580| */ # 1581|-> b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2) ); # 1582| if ( ! b->yy_ch_buf ) # 1583| YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); Error: CPPCHECK_WARNING (CWE-476): [#def20] pcsc-lite-2.3.3/redhat-linux-build/pcscd.p/configfile.c:1621: warning[nullPointer]: Possible null pointer dereference: b # 1619| # 1620| yy_flush_buffer( b ); # 1621|-> # 1622| b->yy_input_file = file; # 1623| b->yy_fill_buffer = 1; Error: CPPCHECK_WARNING (CWE-476): [#def21] pcsc-lite-2.3.3/redhat-linux-build/pcscd.p/configfile.c:1622: warning[nullPointer]: Possible null pointer dereference: b # 1620| yy_flush_buffer( b ); # 1621| # 1622|-> b->yy_input_file = file; # 1623| b->yy_fill_buffer = 1; # 1624| Error: GCC_ANALYZER_WARNING (CWE-401): [#def22] pcsc-lite-2.3.3/redhat-linux-build/pcscd.p/tokenparser.c:1594:12: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(64)’ pcsc-lite-2.3.3/redhat-linux-build/../src/tokenparser.l:203:5: enter_function: entry to ‘bundleParse’ pcsc-lite-2.3.3/redhat-linux-build/../src/tokenparser.l:212:12: branch_false: following ‘false’ branch... pcsc-lite-2.3.3/redhat-linux-build/../src/tokenparser.l:219:13: branch_false: ...to here pcsc-lite-2.3.3/redhat-linux-build/../src/tokenparser.l:228:23: call_function: calling ‘tokenparserlex’ from ‘bundleParse’ # 1592| * we need to put in 2 end-of-buffer characters. # 1593| */ # 1594|-> b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2) ); # 1595| if ( ! b->yy_ch_buf ) # 1596| YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); Error: CPPCHECK_WARNING (CWE-476): [#def23] pcsc-lite-2.3.3/redhat-linux-build/pcscd.p/tokenparser.c:1634: warning[nullPointer]: Possible null pointer dereference: b # 1632| # 1633| yy_flush_buffer( b ); # 1634|-> # 1635| b->yy_input_file = file; # 1636| b->yy_fill_buffer = 1; Error: CPPCHECK_WARNING (CWE-476): [#def24] pcsc-lite-2.3.3/redhat-linux-build/pcscd.p/tokenparser.c:1635: warning[nullPointer]: Possible null pointer dereference: b # 1633| yy_flush_buffer( b ); # 1634| # 1635|-> b->yy_input_file = file; # 1636| b->yy_fill_buffer = 1; # 1637| Error: CPPCHECK_WARNING (CWE-476): [#def25] pcsc-lite-2.3.3/src/configfile.l:124: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: pcFriendlyname # 122| } # 123| } # 124|-> pcFriendlyname[p++] = '\0'; # 125| } # 126| else Error: CPPCHECK_WARNING (CWE-476): [#def26] pcsc-lite-2.3.3/src/configfile.l:139: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: pcDevicename # 137| # 138| pcDevicename = strdup(pcCurrent); # 139|-> if ((NULL == strchr(pcDevicename, ':')) # 140| && (stat(pcDevicename, &fStatBuf) != 0)) # 141| { Error: CPPCHECK_WARNING (CWE-476): [#def27] pcsc-lite-2.3.3/src/hotplug_libudev.c:477: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: tmpInterfaceName # 475| # 476| /* check the interface name contains only valid ASCII codes */ # 477|-> for (size_t i=0; i<strlen(tmpInterfaceName); i++) # 478| { # 479| if (! isascii(tmpInterfaceName[i])) Error: CPPCHECK_WARNING (CWE-786): [#def28] pcsc-lite-2.3.3/src/testpcsc.c:232: error[negativeIndex]: Array 'iList[16]' accessed at index -1, which is out of bounds. # 230| iReader = 1; # 231| # 232|-> rgReaderStates[0].szReader = &mszReaders[iList[iReader]]; # 233| rgReaderStates[0].dwCurrentState = SCARD_STATE_EMPTY; # 234|
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-94.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | pcsc-lite-2.3.3-1.fc43 |
| store-results-to | /tmp/tmpuuw29fh7/pcsc-lite-2.3.3-1.fc43.tar.xz |
| time-created | 2025-04-25 14:43:57 |
| time-finished | 2025-04-25 14:45:18 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpuuw29fh7/pcsc-lite-2.3.3-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpuuw29fh7/pcsc-lite-2.3.3-1.fc43.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |