Error: CPPCHECK_WARNING (CWE-457): [#def1] realmd-0.17.1/service/realm-disco-mscldap.c:142: warning[uninitvar]: Uninitialized variable: *at # 140| unsigned int *val) # 141| { # 142|-> unsigned char *p = *at; # 143| if (p + 4 > end) # 144| return FALSE; Error: CPPCHECK_WARNING (CWE-457): [#def2] realmd-0.17.1/service/realm-disco-mscldap.c:180: warning[uninitvar]: Uninitialized variable: end # 178| /* domain forest */ # 179| if (!success || # 180|-> !get_32_le (&at, end, &type) || type != 23 || # 181| !get_32_le (&at, end, &flags) || # 182| !skip_n (&at, end, 16) || /* guid */ Error: CPPCHECK_WARNING (CWE-457): [#def3] realmd-0.17.1/service/realm-disco-mscldap.c:183: warning[uninitvar]: Uninitialized variable: beg # 181| !get_32_le (&at, end, &flags) || # 182| !skip_n (&at, end, 16) || /* guid */ # 183|-> !parse_string (beg, end, &at, &unused) || /* forest */ # 184| !parse_string (beg, end, &at, &disco->domain_name) || # 185| !parse_string (beg, end, &at, &disco->netlogon_server_name) || Error: GCC_ANALYZER_WARNING (CWE-457): [#def4] realmd-0.17.1/service/realm-provider.c:183:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘relevance’ realmd-0.17.1/service/realm-provider.c:173:1: enter_function: entry to ‘on_discover_complete’ realmd-0.17.1/service/realm-provider.c:182:18: call_function: calling ‘realm_provider_discover_finish’ from ‘on_discover_complete’ realmd-0.17.1/service/realm-provider.c:182:18: return_function: returning to ‘on_discover_complete’ from ‘realm_provider_discover_finish’ realmd-0.17.1/service/realm-provider.c:183:9: danger: use of uninitialized value ‘relevance’ here # 181| # 182| realms = realm_provider_discover_finish (method->self, result, &relevance, &error); # 183|-> return_discover_result (method, realms, relevance, error); # 184| } # 185| Error: GCC_ANALYZER_WARNING (CWE-476): [#def5] realmd-0.17.1/service/realm-provider.c:273:13: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘string’ realmd-0.17.1/service/realm-provider.c:257:1: enter_function: entry to ‘realm_provider_handle_discover’ realmd-0.17.1/service/realm-provider.c:273:13: danger: dereference of NULL ‘string’ # 271| g_strstrip (method->string); # 272| # 273|-> if (g_str_equal (string, "")) { # 274| connection = g_dbus_method_invocation_get_connection (invocation); # 275| realm_network_get_dhcp_domain_async (connection, on_discover_default, Error: GCC_ANALYZER_WARNING (CWE-688): [#def6] realmd-0.17.1/service/realm-sssd.c:591:15: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected realmd-0.17.1/service/realm-sssd.c:584:1: enter_function: entry to ‘realm_sssd_build_default_home’ realmd-0.17.1/service/realm-sssd.c:591:15: danger: argument 1 (‘<unknown>’) NULL where non-null expected #argument 1 of ‘__builtin_strstr’ must be non-null # 589| /* Change from our format to the sssd format place-holders */ # 590| home = g_strdup (value); # 591|-> pos = strstr (home, "%U"); # 592| if (pos) # 593| pos[1] = 'u'; Error: CPPCHECK_WARNING (CWE-476): [#def7] realmd-0.17.1/tools/realm-client.c:810: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: password # 808| # 809| password = malloc (pass_max); # 810|-> if (!fgets (password, pass_max, stdin)) # 811| password[0] = '\0'; # 812| Error: GCC_ANALYZER_WARNING (CWE-476): [#def8] realmd-0.17.1/tools/realm-client.c:811:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘password’ realmd-0.17.1/tools/realm-client.c:809:20: acquire_memory: this call could return NULL realmd-0.17.1/tools/realm-client.c:810:12: branch_true: following ‘true’ branch... realmd-0.17.1/tools/realm-client.c:811:17: branch_true: ...to here realmd-0.17.1/tools/realm-client.c:811:17: danger: ‘password’ could be NULL: unchecked value from [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0) # 809| password = malloc (pass_max); # 810| if (!fgets (password, pass_max, stdin)) # 811|-> password[0] = '\0'; # 812| # 813| g_printf ("\n"); Error: GCC_ANALYZER_WARNING (CWE-688): [#def9] realmd-0.17.1/tools/realm-client.c:815:15: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘password’ where non-null expected realmd-0.17.1/tools/realm-client.c:809:20: acquire_memory: this call could return NULL realmd-0.17.1/tools/realm-client.c:810:12: branch_false: following ‘false’ branch... realmd-0.17.1/tools/realm-client.c:813:9: branch_false: ...to here realmd-0.17.1/tools/realm-client.c:815:15: danger: argument 1 (‘password’) from [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0) could be NULL where non-null expected #argument 1 of ‘__builtin_strlen’ must be non-null # 813| g_printf ("\n"); # 814| # 815|-> len = strlen (password); # 816| if (len > 0 && password[len - 1] == '\n') # 817| password[len - 1] = '\0';
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-130.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | realmd-0.17.1-17.fc43 |
| store-results-to | /tmp/tmp551j53uy/realmd-0.17.1-17.fc43.tar.xz |
| time-created | 2025-04-25 15:32:28 |
| time-finished | 2025-04-25 15:34:13 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmp551j53uy/realmd-0.17.1-17.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp551j53uy/realmd-0.17.1-17.fc43.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |