Error: GCC_ANALYZER_WARNING (CWE-465): [#def1] rpm-4.20.1/build/files.c:1450:8: warning[-Wanalyzer-deref-before-check]: check of ‘fl.buildRoot’ for NULL after already dereferencing it rpm-4.20.1/build/files.c:3128:7: enter_function: entry to ‘processBinaryFiles’ rpm-4.20.1/build/files.c:3173:15: branch_false: following ‘false’ branch (when ‘dbgsrcpkg’ is NULL)... rpm-4.20.1/build/files.c:3181:10: branch_false: ...to here rpm-4.20.1/build/files.c:3181:32: branch_true: following ‘true’ branch (when ‘pkg’ is non-NULL)... rpm-4.20.1/build/files.c:3187:12: branch_true: ...to here rpm-4.20.1/build/files.c:3187:12: branch_false: following ‘false’ branch (when ‘pkg != maindbg’)... rpm-4.20.1/build/files.c:3201:13: branch_false: ...to here rpm-4.20.1/build/files.c:3201:12: branch_false: following ‘false’ branch... rpm-4.20.1/build/files.c:3204:15: branch_false: ...to here rpm-4.20.1/build/files.c:3208:19: call_function: calling ‘processPackageFiles’ from ‘processBinaryFiles’ # 1448| * # 1449| */ # 1450|-> if (fl->buildRoot && !rstreq(fl->buildRoot, "/")) # 1451| cpioPath += fl->buildRootLen; # 1452| Error: GCC_ANALYZER_WARNING (CWE-775): [#def2] rpm-4.20.1/build/rpmfc.c:295:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fromProg[0]’ rpm-4.20.1/build/rpmfc.c:1689:7: enter_function: entry to ‘rpmfcGenerateDepends’ rpm-4.20.1/build/rpmfc.c:1701:8: branch_false: following ‘false’ branch (when ‘ac > 0’)... rpm-4.20.1/build/rpmfc.c:1705:27: branch_false: ...to here rpm-4.20.1/build/rpmfc.c:1761:10: call_function: calling ‘rpmfcClassify’ from ‘rpmfcGenerateDepends’ rpm-4.20.1/build/rpmfc.c:1761:10: return_function: returning to ‘rpmfcGenerateDepends’ from ‘rpmfcClassify’ rpm-4.20.1/build/rpmfc.c:1762:8: branch_false: following ‘false’ branch... rpm-4.20.1/build/rpmfc.c:1766:10: branch_false: ...to here rpm-4.20.1/build/rpmfc.c:1766:10: call_function: calling ‘rpmfcApply’ from ‘rpmfcGenerateDepends’ # 293| if (doio && (pipe(toProg) < 0 || pipe(fromProg) < 0)) { # 294| rpmlog(RPMLOG_ERR, _("Couldn't create pipe for %s: %m\n"), argv[0]); # 295|-> return -1; # 296| } # 297| Error: GCC_ANALYZER_WARNING (CWE-775): [#def3] rpm-4.20.1/build/rpmfc.c:295:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘toProg[0]’ rpm-4.20.1/build/rpmfc.c:1689:7: enter_function: entry to ‘rpmfcGenerateDepends’ rpm-4.20.1/build/rpmfc.c:1701:8: branch_false: following ‘false’ branch (when ‘ac > 0’)... rpm-4.20.1/build/rpmfc.c:1705:27: branch_false: ...to here rpm-4.20.1/build/rpmfc.c:1761:10: call_function: calling ‘rpmfcClassify’ from ‘rpmfcGenerateDepends’ rpm-4.20.1/build/rpmfc.c:1761:10: return_function: returning to ‘rpmfcGenerateDepends’ from ‘rpmfcClassify’ rpm-4.20.1/build/rpmfc.c:1762:8: branch_false: following ‘false’ branch... rpm-4.20.1/build/rpmfc.c:1766:10: branch_false: ...to here rpm-4.20.1/build/rpmfc.c:1766:10: call_function: calling ‘rpmfcApply’ from ‘rpmfcGenerateDepends’ # 293| if (doio && (pipe(toProg) < 0 || pipe(fromProg) < 0)) { # 294| rpmlog(RPMLOG_ERR, _("Couldn't create pipe for %s: %m\n"), argv[0]); # 295|-> return -1; # 296| } # 297| Error: GCC_ANALYZER_WARNING (CWE-775): [#def4] rpm-4.20.1/build/rpmfc.c:295:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘toProg[1]’ rpm-4.20.1/build/rpmfc.c:1689:7: enter_function: entry to ‘rpmfcGenerateDepends’ rpm-4.20.1/build/rpmfc.c:1701:8: branch_false: following ‘false’ branch (when ‘ac > 0’)... rpm-4.20.1/build/rpmfc.c:1705:27: branch_false: ...to here rpm-4.20.1/build/rpmfc.c:1761:10: call_function: calling ‘rpmfcClassify’ from ‘rpmfcGenerateDepends’ rpm-4.20.1/build/rpmfc.c:1761:10: return_function: returning to ‘rpmfcGenerateDepends’ from ‘rpmfcClassify’ rpm-4.20.1/build/rpmfc.c:1762:8: branch_false: following ‘false’ branch... rpm-4.20.1/build/rpmfc.c:1766:10: branch_false: ...to here rpm-4.20.1/build/rpmfc.c:1766:10: call_function: calling ‘rpmfcApply’ from ‘rpmfcGenerateDepends’ # 293| if (doio && (pipe(toProg) < 0 || pipe(fromProg) < 0)) { # 294| rpmlog(RPMLOG_ERR, _("Couldn't create pipe for %s: %m\n"), argv[0]); # 295|-> return -1; # 296| } # 297| Error: GCC_ANALYZER_WARNING (CWE-476): [#def5] rpm-4.20.1/build/rpmfc.c:1226:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ rpm-4.20.1/build/rpmfc.c:1288:7: enter_function: entry to ‘rpmfcClassify’ rpm-4.20.1/build/rpmfc.c:1304:9: call_function: calling ‘initAttrs’ from ‘rpmfcClassify’ # 1224| # 1225| for (int i = 0; i < nattrs; i++) { # 1226|-> fc->atypes[i] = rpmfcAttrNew(all_attrs[i]); # 1227| } # 1228| fc->atypes[nattrs] = NULL; Error: CPPCHECK_WARNING (CWE-758): [#def6] rpm-4.20.1/include/rpm/rpmfc.h:40: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour # 38| RPMFC_WHITE = (1 << 29), # 39| RPMFC_INCLUDE = (1 << 30), # 40|-> RPMFC_ERROR = (1 << 31) # 41| }; # 42| Error: GCC_ANALYZER_WARNING (CWE-688): [#def7] rpm-4.20.1/include/rpm/rpmstring.h:117:13: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected rpm-4.20.1/rpmio/rpmstrpool.c:465:5: enter_function: entry to ‘rpmstrPoolStreq’ rpm-4.20.1/rpmio/rpmstrpool.c:469:8: branch_false: following ‘false’ branch (when ‘poolA != poolB’)... rpm-4.20.1/rpmio/rpmstrpool.c:472:9: call_function: inlined call to ‘poolLock’ from ‘rpmstrPoolStreq’ rpm-4.20.1/rpmio/rpmstrpool.c:474:25: call_function: calling ‘rpmstrPoolStr’ from ‘rpmstrPoolStreq’ rpm-4.20.1/rpmio/rpmstrpool.c:474:25: return_function: returning to ‘rpmstrPoolStreq’ from ‘rpmstrPoolStr’ rpm-4.20.1/rpmio/rpmstrpool.c:475:25: call_function: calling ‘rpmstrPoolStr’ from ‘rpmstrPoolStreq’ rpm-4.20.1/rpmio/rpmstrpool.c:475:25: return_function: returning to ‘rpmstrPoolStreq’ from ‘rpmstrPoolStr’ rpm-4.20.1/rpmio/rpmstrpool.c:476:14: call_function: inlined call to ‘rstreq’ from ‘rpmstrPoolStreq’ # 115| static inline int rstreq(const char *s1, const char *s2) # 116| { # 117|-> return (strcmp(s1, s2) == 0); # 118| } # 119| Error: GCC_ANALYZER_WARNING (CWE-476): [#def8] rpm-4.20.1/lib/backend/sqlite.c:482:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘hdrNum’ rpm-4.20.1/lib/backend/sqlite.c:465:14: enter_function: entry to ‘sqlite_pkgdbPut’ rpm-4.20.1/lib/backend/sqlite.c:471:8: branch_false: following ‘false’ branch (when ‘hdrNum’ is NULL)... rpm-4.20.1/lib/backend/sqlite.c:477:14: branch_false: ...to here rpm-4.20.1/lib/backend/sqlite.c:477:14: call_function: calling ‘dbiCursorPrep’ from ‘sqlite_pkgdbPut’ rpm-4.20.1/lib/backend/sqlite.c:477:14: return_function: returning to ‘sqlite_pkgdbPut’ from ‘dbiCursorPrep’ rpm-4.20.1/lib/backend/sqlite.c:481:8: branch_true: following ‘true’ branch... rpm-4.20.1/lib/backend/sqlite.c:482:14: branch_true: ...to here rpm-4.20.1/lib/backend/sqlite.c:482:14: danger: dereference of NULL ‘hdrNum’ # 480| # 481| if (!rc) # 482|-> rc = dbiCursorBindPkg(dbc, *hdrNum, hdrBlob, hdrLen); # 483| # 484| if (!rc) { Error: CPPCHECK_WARNING (CWE-476): [#def9] rpm-4.20.1/lib/depends.c:855: warning[nullPointer]: Possible null pointer dereference: dep # 853| dep = rpmdsN(depds); # 854| if (neg) { # 855|-> ndep = (char *)xmalloc(strlen(dep) + 2); # 856| ndep[0] = '!'; # 857| strcpy(ndep + 1, dep); Error: CPPCHECK_WARNING (CWE-476): [#def10] rpm-4.20.1/lib/depends.c:857: warning[nullPointer]: Possible null pointer dereference: dep # 855| ndep = (char *)xmalloc(strlen(dep) + 2); # 856| ndep[0] = '!'; # 857|-> strcpy(ndep + 1, dep); # 858| dep = ndep; # 859| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def11] rpm-4.20.1/lib/formats.c:344:29: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘c’ rpm-4.20.1/lib/formats.c:389:14: enter_function: entry to ‘jsonFormat’ rpm-4.20.1/lib/formats.c:403:15: call_function: calling ‘stringFormat’ from ‘jsonFormat’ rpm-4.20.1/lib/formats.c:403:15: return_function: returning to ‘jsonFormat’ from ‘stringFormat’ rpm-4.20.1/lib/formats.c:407:8: branch_true: following ‘true’ branch (when ‘escape != 0’)... rpm-4.20.1/lib/formats.c:408:19: branch_true: ...to here rpm-4.20.1/lib/formats.c:408:19: call_function: calling ‘jsonEscape’ from ‘jsonFormat’ # 342| char *es = NULL; # 343| rstrcat(&es, "\""); # 344|-> for (const char *c = s; *c != '\0'; c++) { # 345| const char *ec = NULL; # 346| switch (*c) { Error: CPPCHECK_WARNING (CWE-457): [#def12] rpm-4.20.1/lib/header.c:894: error[uninitvar]: Uninitialized variables: &key.data, &key.length, &key.rdlen # 892| key.info.tag = tag; # 893| # 894|-> entry = (indexEntry)bsearch(&key, h->index, h->indexUsed, sizeof(*h->index), indexCmp); # 895| if (entry == NULL) # 896| return NULL; Error: GCC_ANALYZER_WARNING (CWE-476): [#def13] rpm-4.20.1/lib/rpmds.c:1403:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘depstr’ rpm-4.20.1/lib/rpmds.c:1572:7: enter_function: entry to ‘rpmdsParseRichDep’ rpm-4.20.1/lib/rpmds.c:1576:26: call_function: calling ‘rpmdsN’ from ‘rpmdsParseRichDep’ rpm-4.20.1/lib/rpmds.c:1576:26: return_function: returning to ‘rpmdsParseRichDep’ from ‘rpmdsN’ rpm-4.20.1/lib/rpmds.c:1576:17: release_memory: ‘depstr’ is NULL rpm-4.20.1/lib/rpmds.c:1580:21: call_function: calling ‘rpmdsFlags’ from ‘rpmdsParseRichDep’ rpm-4.20.1/lib/rpmds.c:1580:21: return_function: returning to ‘rpmdsParseRichDep’ from ‘rpmdsFlags’ rpm-4.20.1/lib/rpmds.c:1581:10: call_function: calling ‘rpmrichParse’ from ‘rpmdsParseRichDep’ # 1401| if (cb && cb(cbdata, RPMRICH_PARSE_ENTER, p, 0, 0, 0, 0, op, emsg) != RPMRC_OK) # 1402| return RPMRC_FAIL; # 1403|-> if (*p++ != '(') { # 1404| if (emsg) # 1405| rasprintf(emsg, _("Rich dependency does not start with '('")); Error: GCC_ANALYZER_WARNING (CWE-476): [#def14] rpm-4.20.1/lib/rpmds.c:1553:20: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ rpm-4.20.1/lib/rpmds.c:1572:7: enter_function: entry to ‘rpmdsParseRichDep’ rpm-4.20.1/lib/rpmds.c:1576:26: call_function: calling ‘rpmdsN’ from ‘rpmdsParseRichDep’ rpm-4.20.1/lib/rpmds.c:1576:26: return_function: returning to ‘rpmdsParseRichDep’ from ‘rpmdsN’ rpm-4.20.1/lib/rpmds.c:1580:21: call_function: calling ‘rpmdsFlags’ from ‘rpmdsParseRichDep’ rpm-4.20.1/lib/rpmds.c:1580:21: return_function: returning to ‘rpmdsParseRichDep’ from ‘rpmdsFlags’ rpm-4.20.1/lib/rpmds.c:1581:10: call_function: calling ‘rpmrichParse’ from ‘rpmdsParseRichDep’ # 1551| sense |= RPMSENSE_RPMLIB; # 1552| ds = singleDS(data->dep->pool, data->dep->tagN, 0, 0, sense | data->depflags, 0, 0, 0); # 1553|-> ds->N[0] = rpmstrPoolIdn(ds->pool, n, nl, 1); # 1554| ds->EVR[0] = rpmstrPoolIdn(ds->pool, e ? e : "", el, 1); # 1555| if (!data->leftds) Error: GCC_ANALYZER_WARNING (CWE-476): [#def15] rpm-4.20.1/lib/rpmfi.c:2101:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘fi’ rpm-4.20.1/lib/rpmfi.c:2148:12: enter_function: entry to ‘iterWriteArchiveNext’ rpm-4.20.1/lib/rpmfi.c:2153:14: call_function: calling ‘iterWriteArchiveNextFile’ from ‘iterWriteArchiveNext’ # 2099| } # 2100| } else { # 2101|-> fi->i = -1; # 2102| /* search next non hardlinked file */ # 2103| for (int i=fx+1; i<fc; i++) { Error: GCC_ANALYZER_WARNING (CWE-457): [#def16] rpm-4.20.1/lib/rpmrc.c:1533:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘arch’ rpm-4.20.1/lib/rpmrc.c:1909:5: enter_function: entry to ‘rpmShowRC’ rpm-4.20.1/lib/rpmrc.c:1936:5: call_function: calling ‘rpmSetTables’ from ‘rpmShowRC’ # 1531| if (ctx->currTables[ARCH] != archTable) { # 1532| ctx->currTables[ARCH] = archTable; # 1533|-> rebuildCompatTables(ctx, ARCH, arch); # 1534| } # 1535| Error: GCC_ANALYZER_WARNING (CWE-457): [#def17] rpm-4.20.1/lib/rpmrc.c:1538:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘os’ rpm-4.20.1/lib/rpmrc.c:1909:5: enter_function: entry to ‘rpmShowRC’ rpm-4.20.1/lib/rpmrc.c:1936:5: call_function: calling ‘rpmSetTables’ from ‘rpmShowRC’ # 1536| if (ctx->currTables[OS] != osTable) { # 1537| ctx->currTables[OS] = osTable; # 1538|-> rebuildCompatTables(ctx, OS, os); # 1539| } # 1540| } Error: GCC_ANALYZER_WARNING (CWE-457): [#def18] rpm-4.20.1/lib/rpmrc.c:1561:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘host_cpu’ rpm-4.20.1/lib/rpmrc.c:1909:5: enter_function: entry to ‘rpmShowRC’ rpm-4.20.1/lib/rpmrc.c:1936:5: call_function: calling ‘rpmSetTables’ from ‘rpmShowRC’ rpm-4.20.1/lib/rpmrc.c:1936:5: return_function: returning to ‘rpmShowRC’ from ‘rpmSetTables’ rpm-4.20.1/lib/rpmrc.c:1937:5: call_function: calling ‘rpmSetMachine’ from ‘rpmShowRC’ # 1559| # 1560| if (arch == NULL) { # 1561|-> arch = host_cpu; # 1562| if (ctx->tables[ctx->currTables[ARCH]].hasTranslate) # 1563| arch = lookupInDefaultTable(arch, Error: GCC_ANALYZER_WARNING (CWE-688): [#def19] rpm-4.20.1/lib/rpmscript.c:388:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘in’ where non-null expected rpm-4.20.1/lib/rpmscript.c:353:8: branch_false: following ‘false’ branch... rpm-4.20.1/lib/rpmscript.c:358:10: branch_false: ...to here rpm-4.20.1/lib/rpmscript.c:358:10: acquire_memory: this call could return NULL rpm-4.20.1/lib/rpmscript.c:373:8: branch_false: following ‘false’ branch (when ‘out’ is non-NULL)... rpm-4.20.1/lib/rpmscript.c:379:11: branch_false: ...to here rpm-4.20.1/lib/rpmscript.c:380:8: branch_false: following ‘false’ branch (when ‘pid != -1’)... rpm-4.20.1/lib/rpmscript.c:384:15: branch_false: ...to here rpm-4.20.1/lib/rpmscript.c:384:15: branch_true: following ‘true’ branch (when ‘pid == 0’)... rpm-4.20.1/lib/rpmscript.c:386:52: branch_true: ...to here rpm-4.20.1/lib/rpmscript.c:388:9: danger: argument 1 (‘in’) from [(4)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/3) could be NULL where non-null expected # 386| script->descr, *argvp[0], (unsigned)getpid()); # 387| # 388|-> fclose(in); # 389| dup2(inpipe[0], STDIN_FILENO); # 390| Error: GCC_ANALYZER_WARNING (CWE-688): [#def20] rpm-4.20.1/lib/rpmscript.c:409:24: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘in’ where non-null expected rpm-4.20.1/lib/rpmscript.c:335:8: branch_false: following ‘false’ branch... rpm-4.20.1/lib/rpmscript.c:353:9: branch_false: ...to here rpm-4.20.1/lib/rpmscript.c:353:8: branch_false: following ‘false’ branch... rpm-4.20.1/lib/rpmscript.c:358:10: branch_false: ...to here rpm-4.20.1/lib/rpmscript.c:358:10: acquire_memory: this call could return NULL rpm-4.20.1/lib/rpmscript.c:373:8: branch_false: following ‘false’ branch (when ‘out’ is non-NULL)... rpm-4.20.1/lib/rpmscript.c:379:11: branch_false: ...to here rpm-4.20.1/lib/rpmscript.c:380:8: branch_false: following ‘false’ branch (when ‘pid != -1’)... rpm-4.20.1/lib/rpmscript.c:384:15: branch_false: ...to here rpm-4.20.1/lib/rpmscript.c:384:15: branch_false: following ‘false’ branch (when ‘pid != 0’)... rpm-4.20.1/lib/rpmscript.c:398:5: branch_false: ...to here rpm-4.20.1/lib/rpmscript.c:401:8: branch_true: following ‘true’ branch... branch_true: ...to here rpm-4.20.1/lib/rpmscript.c:403:16: branch_true: following ‘true’ branch... rpm-4.20.1/lib/rpmscript.c:404:27: branch_true: ...to here rpm-4.20.1/lib/rpmscript.c:409:24: danger: argument 4 (‘in’) from [(6)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/5) could be NULL where non-null expected # 407| mline[size] = '\n'; # 408| # 409|-> ret_size = fwrite(mline, size + 1, 1, in); # 410| mline = _free(mline); # 411| if (ret_size != 1) { Error: GCC_ANALYZER_WARNING (CWE-688): [#def21] rpm-4.20.1/lib/rpmscript.c:422:5: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘in’ where non-null expected rpm-4.20.1/lib/rpmscript.c:335:8: branch_false: following ‘false’ branch... rpm-4.20.1/lib/rpmscript.c:353:9: branch_false: ...to here rpm-4.20.1/lib/rpmscript.c:353:8: branch_false: following ‘false’ branch... rpm-4.20.1/lib/rpmscript.c:358:10: branch_false: ...to here rpm-4.20.1/lib/rpmscript.c:358:10: acquire_memory: this call could return NULL rpm-4.20.1/lib/rpmscript.c:373:8: branch_false: following ‘false’ branch (when ‘out’ is non-NULL)... rpm-4.20.1/lib/rpmscript.c:379:11: branch_false: ...to here rpm-4.20.1/lib/rpmscript.c:380:8: branch_false: following ‘false’ branch (when ‘pid != -1’)... rpm-4.20.1/lib/rpmscript.c:384:15: branch_false: ...to here rpm-4.20.1/lib/rpmscript.c:384:15: branch_false: following ‘false’ branch (when ‘pid != 0’)... rpm-4.20.1/lib/rpmscript.c:398:5: branch_false: ...to here rpm-4.20.1/lib/rpmscript.c:401:8: branch_false: following ‘false’ branch... rpm-4.20.1/lib/rpmscript.c:422:5: branch_false: ...to here rpm-4.20.1/lib/rpmscript.c:422:5: danger: argument 1 (‘in’) from [(6)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/5) could be NULL where non-null expected # 420| } # 421| } # 422|-> fclose(in); # 423| in = NULL; # 424| Error: GCC_ANALYZER_WARNING (CWE-775): [#def22] rpm-4.20.1/lib/rpmscript.c:465:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘inpipe[0]’ rpm-4.20.1/lib/rpmscript.c:353:8: branch_false: following ‘false’ branch... rpm-4.20.1/lib/rpmscript.c:358:10: branch_false: ...to here rpm-4.20.1/lib/rpmscript.c:452:8: branch_false: following ‘false’ branch... rpm-4.20.1/lib/rpmscript.c:455:8: branch_false: ...to here rpm-4.20.1/lib/rpmscript.c:458:8: branch_false: following ‘false’ branch (when ‘fn’ is NULL)... rpm-4.20.1/lib/rpmscript.c:463:5: branch_false: ...to here rpm-4.20.1/lib/rpmscript.c:465:12: danger: ‘inpipe[0]’ leaks here # 463| free(mline); # 464| # 465|-> return rc; # 466| } # 467| Error: GCC_ANALYZER_WARNING (CWE-131): [#def23] rpm-4.20.1/lib/rpmscript.c:668:9: warning[-Wanalyzer-allocation-size]: allocated buffer size is not a multiple of the pointee's size rpm-4.20.1/lib/rpmscript.c:627:11: enter_function: entry to ‘rpmScriptFromTriggerTag’ rpm-4.20.1/lib/rpmscript.c:657:8: branch_true: following ‘true’ branch... rpm-4.20.1/lib/rpmscript.c:664:18: call_function: calling ‘rpmScriptNew’ from ‘rpmScriptFromTriggerTag’ rpm-4.20.1/lib/rpmscript.c:664:18: return_function: returning to ‘rpmScriptFromTriggerTag’ from ‘rpmScriptNew’ rpm-4.20.1/lib/rpmscript.c:668:9: danger: allocated and assigned to ‘char **’ here; ‘sizeof (char *)’ is ‘8’ # 666| # 667| /* hack up a hge-style NULL-terminated array */ # 668|-> script->args = (char **)xmalloc(2 * sizeof(*script->args) + strlen(prog) + 1); # 669| script->args[0] = (char *)(script->args + 2); # 670| script->args[1] = NULL; Error: GCC_ANALYZER_WARNING (CWE-476): [#def24] rpm-4.20.1/lib/rpmte.c:717:43: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘te’ rpm-4.20.1/lib/rpmte.c:736:6: enter_function: entry to ‘rpmteAddProblem’ rpm-4.20.1/lib/rpmte.c:740:9: call_function: calling ‘rpmteKey’ from ‘rpmteAddProblem’ rpm-4.20.1/lib/rpmte.c:740:9: return_function: returning to ‘rpmteAddProblem’ from ‘rpmteKey’ rpm-4.20.1/lib/rpmte.c:740:9: call_function: calling ‘appendProblem’ from ‘rpmteAddProblem’ # 715| { # 716| rpmProblem o; # 717|-> rpmProblem p = rpmProblemCreate(type, te->NEVRA, key, altNEVR, str, number); # 718| rpmpsi psi = rpmpsInitIterator(te->probs); # 719| Error: CPPCHECK_WARNING (CWE-476): [#def25] rpm-4.20.1/lib/tagexts.c:858: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: e # 856| if (!headerGet(h, RPMTAG_EPOCH, td, HEADERGET_ALLOC)) { # 857| uint32_t *e = (uint32_t *)malloc(sizeof(*e)); # 858|-> *e = 0; # 859| td->data = e; # 860| td->type = RPM_INT32_TYPE; Error: GCC_ANALYZER_WARNING (CWE-476): [#def26] rpm-4.20.1/lib/tagexts.c:858:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘e’ rpm-4.20.1/lib/tagexts.c:856:8: branch_true: following ‘true’ branch... rpm-4.20.1/lib/tagexts.c:857:35: branch_true: ...to here rpm-4.20.1/lib/tagexts.c:857:35: acquire_memory: this call could return NULL rpm-4.20.1/lib/tagexts.c:858:9: danger: ‘e’ could be NULL: unchecked value from [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) # 856| if (!headerGet(h, RPMTAG_EPOCH, td, HEADERGET_ALLOC)) { # 857| uint32_t *e = (uint32_t *)malloc(sizeof(*e)); # 858|-> *e = 0; # 859| td->data = e; # 860| td->type = RPM_INT32_TYPE; Error: CPPCHECK_WARNING (CWE-476): [#def27] rpm-4.20.1/misc/rpmhash.C:106: error[ctunullpointer]: Null pointer dereference: ht # 104| unsigned int HASHPREFIX(KeyHash)(HASHTYPE ht, HTKEYTYPE key) # 105| { # 106|-> return ht->fn(key); # 107| } # 108| Error: GCC_ANALYZER_WARNING (CWE-126): [#def28] rpm-4.20.1/rpmio/base64.c:28:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read rpm-4.20.1/rpmio/base64.c:205:7: enter_function: entry to ‘rpmBase64CRC’ rpm-4.20.1/rpmio/base64.c:221:16: call_function: calling ‘rpmBase64Encode’ from ‘rpmBase64CRC’ # 26| return codechar; # 27| } # 28|-> fragment = *plainchar++; # 29| result = (fragment & 0x0fc) >> 2; # 30| *codechar++ = base64_encode_value(result); Error: GCC_ANALYZER_WARNING (CWE-122): [#def29] rpm-4.20.1/rpmio/base64.c:34:25: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow rpm-4.20.1/rpmio/base64.c:205:7: enter_function: entry to ‘rpmBase64CRC’ rpm-4.20.1/rpmio/base64.c:221:16: call_function: calling ‘rpmBase64Encode’ from ‘rpmBase64CRC’ # 32| if (plainchar == plaintextend) # 33| { # 34|-> *codechar++ = base64_encode_value(result); # 35| *codechar++ = '='; # 36| *codechar++ = '='; Error: GCC_ANALYZER_WARNING (CWE-122): [#def30] rpm-4.20.1/rpmio/base64.c:35:25: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow rpm-4.20.1/rpmio/base64.c:205:7: enter_function: entry to ‘rpmBase64CRC’ rpm-4.20.1/rpmio/base64.c:221:16: call_function: calling ‘rpmBase64Encode’ from ‘rpmBase64CRC’ # 33| { # 34| *codechar++ = base64_encode_value(result); # 35|-> *codechar++ = '='; # 36| *codechar++ = '='; # 37| return codechar; Error: GCC_ANALYZER_WARNING (CWE-122): [#def31] rpm-4.20.1/rpmio/base64.c:36:25: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow rpm-4.20.1/rpmio/base64.c:205:7: enter_function: entry to ‘rpmBase64CRC’ rpm-4.20.1/rpmio/base64.c:221:16: call_function: calling ‘rpmBase64Encode’ from ‘rpmBase64CRC’ # 34| *codechar++ = base64_encode_value(result); # 35| *codechar++ = '='; # 36|-> *codechar++ = '='; # 37| return codechar; # 38| } Error: GCC_ANALYZER_WARNING (CWE-126): [#def32] rpm-4.20.1/rpmio/base64.c:39:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read rpm-4.20.1/rpmio/base64.c:205:7: enter_function: entry to ‘rpmBase64CRC’ rpm-4.20.1/rpmio/base64.c:221:16: call_function: calling ‘rpmBase64Encode’ from ‘rpmBase64CRC’ # 37| return codechar; # 38| } # 39|-> fragment = *plainchar++; # 40| result |= (fragment & 0x0f0) >> 4; # 41| *codechar++ = base64_encode_value(result); Error: GCC_ANALYZER_WARNING (CWE-122): [#def33] rpm-4.20.1/rpmio/base64.c:41:17: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow rpm-4.20.1/rpmio/base64.c:205:7: enter_function: entry to ‘rpmBase64CRC’ rpm-4.20.1/rpmio/base64.c:221:16: call_function: calling ‘rpmBase64Encode’ from ‘rpmBase64CRC’ # 39| fragment = *plainchar++; # 40| result |= (fragment & 0x0f0) >> 4; # 41|-> *codechar++ = base64_encode_value(result); # 42| result = (fragment & 0x00f) << 2; # 43| if (plainchar == plaintextend) Error: GCC_ANALYZER_WARNING (CWE-122): [#def34] rpm-4.20.1/rpmio/base64.c:45:25: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow rpm-4.20.1/rpmio/base64.c:205:7: enter_function: entry to ‘rpmBase64CRC’ rpm-4.20.1/rpmio/base64.c:221:16: call_function: calling ‘rpmBase64Encode’ from ‘rpmBase64CRC’ # 43| if (plainchar == plaintextend) # 44| { # 45|-> *codechar++ = base64_encode_value(result); # 46| *codechar++ = '='; # 47| return codechar; Error: GCC_ANALYZER_WARNING (CWE-122): [#def35] rpm-4.20.1/rpmio/base64.c:46:25: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow rpm-4.20.1/rpmio/base64.c:205:7: enter_function: entry to ‘rpmBase64CRC’ rpm-4.20.1/rpmio/base64.c:221:16: call_function: calling ‘rpmBase64Encode’ from ‘rpmBase64CRC’ # 44| { # 45| *codechar++ = base64_encode_value(result); # 46|-> *codechar++ = '='; # 47| return codechar; # 48| } Error: GCC_ANALYZER_WARNING (CWE-126): [#def36] rpm-4.20.1/rpmio/base64.c:49:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read rpm-4.20.1/rpmio/base64.c:205:7: enter_function: entry to ‘rpmBase64CRC’ rpm-4.20.1/rpmio/base64.c:221:16: call_function: calling ‘rpmBase64Encode’ from ‘rpmBase64CRC’ # 47| return codechar; # 48| } # 49|-> fragment = *plainchar++; # 50| result |= (fragment & 0x0c0) >> 6; # 51| *codechar++ = base64_encode_value(result); Error: GCC_ANALYZER_WARNING (CWE-122): [#def37] rpm-4.20.1/rpmio/base64.c:51:17: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow rpm-4.20.1/rpmio/base64.c:205:7: enter_function: entry to ‘rpmBase64CRC’ rpm-4.20.1/rpmio/base64.c:221:16: call_function: calling ‘rpmBase64Encode’ from ‘rpmBase64CRC’ # 49| fragment = *plainchar++; # 50| result |= (fragment & 0x0c0) >> 6; # 51|-> *codechar++ = base64_encode_value(result); # 52| result = (fragment & 0x03f) >> 0; # 53| *codechar++ = base64_encode_value(result); Error: GCC_ANALYZER_WARNING (CWE-122): [#def38] rpm-4.20.1/rpmio/base64.c:53:17: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow rpm-4.20.1/rpmio/base64.c:205:7: enter_function: entry to ‘rpmBase64CRC’ rpm-4.20.1/rpmio/base64.c:221:16: call_function: calling ‘rpmBase64Encode’ from ‘rpmBase64CRC’ # 51| *codechar++ = base64_encode_value(result); # 52| result = (fragment & 0x03f) >> 0; # 53|-> *codechar++ = base64_encode_value(result); # 54| } # 55| /* control should not reach here */ Error: GCC_ANALYZER_WARNING (CWE-685): [#def39] rpm-4.20.1/rpmio/macro.c:2258:40: warning[-Wanalyzer-va-list-exhausted]: ‘ap’ has no more arguments (2 consumed) rpm-4.20.1/rpmio/macro.c:2272:1: enter_function: entry to ‘rpmExpandNumeric’ rpm-4.20.1/rpmio/macro.c:2280:11: call_function: calling ‘rpmExpand’ from ‘rpmExpandNumeric’ with 1 variadic argument # 2256| # 2257| va_start(ap, arg); # 2258|-> for (pe = buf, s = arg; s != NULL; s = va_arg(ap, const char *)) # 2259| pe = stpcpy(pe, s); # 2260| va_end(ap); Error: GCC_ANALYZER_WARNING (CWE-685): [#def40] rpm-4.20.1/rpmio/macro.c:2258:40: warning[-Wanalyzer-va-list-exhausted]: ‘ap’ has no more arguments (3 consumed) rpm-4.20.1/rpmio/macro.c:2272:1: enter_function: entry to ‘rpmExpandNumeric’ rpm-4.20.1/rpmio/macro.c:2280:11: call_function: calling ‘rpmExpand’ from ‘rpmExpandNumeric’ # 2256| # 2257| va_start(ap, arg); # 2258|-> for (pe = buf, s = arg; s != NULL; s = va_arg(ap, const char *)) # 2259| pe = stpcpy(pe, s); # 2260| va_end(ap); Error: GCC_ANALYZER_WARNING (CWE-416): [#def41] rpm-4.20.1/rpmio/rpmio.c:68:12: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘fd’ rpm-4.20.1/rpmio/rpmio.c:1579:6: enter_function: entry to ‘Fopen’ rpm-4.20.1/rpmio/rpmio.c:1587:8: branch_false: following ‘false’ branch... rpm-4.20.1/rpmio/rpmio.c:1590:5: branch_false: ...to here rpm-4.20.1/rpmio/rpmio.c:1591:5: call_function: calling ‘cvtfmode’ from ‘Fopen’ rpm-4.20.1/rpmio/rpmio.c:1591:5: return_function: returning to ‘Fopen’ from ‘cvtfmode’ rpm-4.20.1/rpmio/rpmio.c:1592:8: branch_false: following ‘false’ branch... rpm-4.20.1/rpmio/rpmio.c:1595:9: branch_false: ...to here rpm-4.20.1/rpmio/rpmio.c:1595:8: branch_false: following ‘false’ branch... rpm-4.20.1/rpmio/rpmio.c:1595:24: call_function: inlined call to ‘rstreq’ from ‘Fopen’ rpm-4.20.1/rpmio/rpmio.c:1595:9: branch_false: following ‘false’ branch (when the strings are non-equal)... rpm-4.20.1/rpmio/rpmio.c:1600:13: branch_false: ...to here rpm-4.20.1/rpmio/rpmio.c:1602:14: call_function: calling ‘ufdOpen’ from ‘Fopen’ # 66| static FDSTACK_t fdGetFps(FD_t fd) # 67| { # 68|-> return (fd != NULL) ? fd->fps : NULL; # 69| } # 70| Error: GCC_ANALYZER_WARNING (CWE-416): [#def42] rpm-4.20.1/rpmio/rpmio.c:91:15: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘fd’ rpm-4.20.1/rpmio/rpmio.c:1579:6: enter_function: entry to ‘Fopen’ rpm-4.20.1/rpmio/rpmio.c:1587:8: branch_false: following ‘false’ branch... rpm-4.20.1/rpmio/rpmio.c:1590:5: branch_false: ...to here rpm-4.20.1/rpmio/rpmio.c:1591:5: call_function: calling ‘cvtfmode’ from ‘Fopen’ rpm-4.20.1/rpmio/rpmio.c:1591:5: return_function: returning to ‘Fopen’ from ‘cvtfmode’ rpm-4.20.1/rpmio/rpmio.c:1592:8: branch_false: following ‘false’ branch... rpm-4.20.1/rpmio/rpmio.c:1595:9: branch_false: ...to here rpm-4.20.1/rpmio/rpmio.c:1595:8: branch_false: following ‘false’ branch... rpm-4.20.1/rpmio/rpmio.c:1595:24: call_function: inlined call to ‘rstreq’ from ‘Fopen’ rpm-4.20.1/rpmio/rpmio.c:1595:9: branch_false: following ‘false’ branch (when the strings are non-equal)... rpm-4.20.1/rpmio/rpmio.c:1600:13: branch_false: ...to here rpm-4.20.1/rpmio/rpmio.c:1602:14: call_function: calling ‘ufdOpen’ from ‘Fopen’ # 89| static FDSTACK_t fdPop(FD_t fd) # 90| { # 91|-> FDSTACK_t fps = fd->fps; # 92| fd->fps = fps->prev; # 93| free(fps); Error: GCC_ANALYZER_WARNING (CWE-416): [#def43] rpm-4.20.1/rpmio/rpmio.c:197:9: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘fd’ rpm-4.20.1/rpmio/rpmio.c:1579:6: enter_function: entry to ‘Fopen’ rpm-4.20.1/rpmio/rpmio.c:1587:8: branch_false: following ‘false’ branch... rpm-4.20.1/rpmio/rpmio.c:1590:5: branch_false: ...to here rpm-4.20.1/rpmio/rpmio.c:1591:5: call_function: calling ‘cvtfmode’ from ‘Fopen’ rpm-4.20.1/rpmio/rpmio.c:1591:5: return_function: returning to ‘Fopen’ from ‘cvtfmode’ rpm-4.20.1/rpmio/rpmio.c:1592:8: branch_false: following ‘false’ branch... rpm-4.20.1/rpmio/rpmio.c:1595:9: branch_false: ...to here rpm-4.20.1/rpmio/rpmio.c:1595:8: branch_false: following ‘false’ branch... rpm-4.20.1/rpmio/rpmio.c:1595:24: call_function: inlined call to ‘rstreq’ from ‘Fopen’ rpm-4.20.1/rpmio/rpmio.c:1595:9: branch_false: following ‘false’ branch (when the strings are non-equal)... rpm-4.20.1/rpmio/rpmio.c:1600:13: branch_false: ...to here rpm-4.20.1/rpmio/rpmio.c:1602:14: call_function: calling ‘ufdOpen’ from ‘Fopen’ # 195| fps->syserrno = errno; # 196| } # 197|-> if (fd->stats != NULL) # 198| (void) rpmswExit(fdOp(fd, opx), rc); # 199| } Error: GCC_ANALYZER_WARNING (CWE-416): [#def44] rpm-4.20.1/rpmio/rpmio.c:206:23: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘fd’ rpm-4.20.1/rpmio/rpmio.c:1579:6: enter_function: entry to ‘Fopen’ rpm-4.20.1/rpmio/rpmio.c:1587:8: branch_false: following ‘false’ branch... rpm-4.20.1/rpmio/rpmio.c:1590:5: branch_false: ...to here rpm-4.20.1/rpmio/rpmio.c:1591:5: call_function: calling ‘cvtfmode’ from ‘Fopen’ rpm-4.20.1/rpmio/rpmio.c:1591:5: return_function: returning to ‘Fopen’ from ‘cvtfmode’ rpm-4.20.1/rpmio/rpmio.c:1592:8: branch_false: following ‘false’ branch... rpm-4.20.1/rpmio/rpmio.c:1595:9: branch_false: ...to here rpm-4.20.1/rpmio/rpmio.c:1595:8: branch_false: following ‘false’ branch... rpm-4.20.1/rpmio/rpmio.c:1595:24: call_function: inlined call to ‘rstreq’ from ‘Fopen’ rpm-4.20.1/rpmio/rpmio.c:1595:9: branch_false: following ‘false’ branch (when the strings are non-equal)... rpm-4.20.1/rpmio/rpmio.c:1600:13: branch_false: ...to here rpm-4.20.1/rpmio/rpmio.c:1602:14: call_function: calling ‘ufdOpen’ from ‘Fopen’ # 204| int opx; # 205| # 206|-> if (fd == NULL || fd->stats == NULL) return; # 207| for (opx = 0; opx < 4; opx++) { # 208| rpmop op = &fd->stats->ops[opx]; Error: GCC_ANALYZER_WARNING (CWE-416): [#def45] rpm-4.20.1/rpmio/rpmio.c:323:15: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘fd’ rpm-4.20.1/rpmio/rpmio.c:1579:6: enter_function: entry to ‘Fopen’ rpm-4.20.1/rpmio/rpmio.c:1587:8: branch_false: following ‘false’ branch... rpm-4.20.1/rpmio/rpmio.c:1590:5: branch_false: ...to here rpm-4.20.1/rpmio/rpmio.c:1591:5: call_function: calling ‘cvtfmode’ from ‘Fopen’ rpm-4.20.1/rpmio/rpmio.c:1591:5: return_function: returning to ‘Fopen’ from ‘cvtfmode’ rpm-4.20.1/rpmio/rpmio.c:1592:8: branch_false: following ‘false’ branch... rpm-4.20.1/rpmio/rpmio.c:1595:9: branch_false: ...to here rpm-4.20.1/rpmio/rpmio.c:1595:8: branch_false: following ‘false’ branch... rpm-4.20.1/rpmio/rpmio.c:1595:24: call_function: inlined call to ‘rstreq’ from ‘Fopen’ rpm-4.20.1/rpmio/rpmio.c:1595:9: branch_false: following ‘false’ branch (when the strings are non-equal)... rpm-4.20.1/rpmio/rpmio.c:1600:13: branch_false: ...to here rpm-4.20.1/rpmio/rpmio.c:1602:14: call_function: calling ‘ufdOpen’ from ‘Fopen’ # 321| { # 322| if (fd) { # 323|-> if (--fd->nrefs > 0) # 324| return fd; # 325| fd->stats = _free(fd->stats); Error: CPPCHECK_WARNING (CWE-476): [#def46] rpm-4.20.1/rpmio/rpmio.c:776: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: lzfile # 774| return NULL; # 775| lzfile = (LZFILE *)calloc(1, sizeof(*lzfile)); # 776|-> lzfile->file = fp; # 777| lzfile->encoding = encoding; # 778| lzfile->eof = 0; Error: CPPCHECK_WARNING (CWE-476): [#def47] rpm-4.20.1/rpmio/rpmio.c:777: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: lzfile # 775| lzfile = (LZFILE *)calloc(1, sizeof(*lzfile)); # 776| lzfile->file = fp; # 777|-> lzfile->encoding = encoding; # 778| lzfile->eof = 0; # 779| lzfile->strm = init_strm; Error: CPPCHECK_WARNING (CWE-476): [#def48] rpm-4.20.1/rpmio/rpmio.c:778: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: lzfile # 776| lzfile->file = fp; # 777| lzfile->encoding = encoding; # 778|-> lzfile->eof = 0; # 779| lzfile->strm = init_strm; # 780| if (encoding) { Error: CPPCHECK_WARNING (CWE-476): [#def49] rpm-4.20.1/rpmio/rpmio.c:779: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: lzfile # 777| lzfile->encoding = encoding; # 778| lzfile->eof = 0; # 779|-> lzfile->strm = init_strm; # 780| if (encoding) { # 781| if (xz) { Error: GCC_ANALYZER_WARNING (CWE-476): [#def50] rpm-4.20.1/rpmio/rpmio.c:1646:14: warning[-Wanalyzer-jump-through-null]: jump through null pointer rpm-4.20.1/rpmio/rpmio.c:1643:8: branch_false: following ‘false’ branch (when ‘fd’ is non-NULL)... rpm-4.20.1/rpmio/rpmio.c:1644:20: branch_false: ...to here rpm-4.20.1/rpmio/rpmio.c:1644:35: branch_true: following ‘true’ branch (when ‘fps’ is non-NULL)... rpm-4.20.1/rpmio/rpmio.c:1645:42: branch_true: ...to here rpm-4.20.1/rpmio/rpmio.c:1645:42: branch_false: following ‘false’ branch... rpm-4.20.1/rpmio/rpmio.c:1646:14: branch_false: ...to here rpm-4.20.1/rpmio/rpmio.c:1646:14: danger: jump through null pointer here # 1644| for (FDSTACK_t fps = fd->fps; fps != NULL; fps = fps->prev) { # 1645| fdio_ferror_function_t _ferror = FDIOVEC(fps, _ferror); # 1646|-> rc = _ferror(fps); # 1647| # 1648| if (rc) Error: GCC_ANALYZER_WARNING (CWE-775): [#def51] rpm-4.20.1/rpmio/rpmlua.c:78:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘r’ rpm-4.20.1/rpmio/rpmlua.c:786:12: enter_function: entry to ‘rpm_redirect2null’ rpm-4.20.1/rpmio/rpmlua.c:798:8: branch_true: following ‘true’ branch... rpm-4.20.1/rpmio/rpmlua.c:799:13: branch_true: ...to here rpm-4.20.1/rpmio/rpmlua.c:799:13: acquire_resource: opened here rpm-4.20.1/rpmio/rpmlua.c:804:8: branch_false: following ‘false’ branch (when ‘r >= 0’)... rpm-4.20.1/rpmio/rpmlua.c:807:12: call_function: inlined call to ‘pushresult’ from ‘rpm_redirect2null’ # 76| static int pushresult(lua_State *L, int result) # 77| { # 78|-> lua_pushnumber(L, result); # 79| return 1; # 80| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def52] rpm-4.20.1/rpmio/rpmlua.c:178:12: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘lua’ rpm-4.20.1/rpmio/rpmlua.c:175:8: enter_function: entry to ‘rpmluaGetLua’ rpm-4.20.1/rpmio/rpmlua.c:177:5: branch_true: following ‘true’ branch... rpm-4.20.1/rpmio/rpmlua.c:177:5: call_function: calling ‘rpmluaNew’ from ‘rpmluaGetLua’ rpm-4.20.1/rpmio/rpmlua.c:177:5: return_function: returning to ‘rpmluaGetLua’ from ‘rpmluaNew’ rpm-4.20.1/rpmio/rpmlua.c:178:12: danger: dereference of NULL ‘lua’ # 176| { # 177| INITSTATE(lua); # 178|-> return lua->L; # 179| } # 180| Error: GCC_ANALYZER_WARNING (CWE-476): [#def53] rpm-4.20.1/rpmio/rpmlua.c:188:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘lua’ rpm-4.20.1/rpmio/rpmlua.c:181:6: enter_function: entry to ‘rpmluaPushPrintBuffer’ rpm-4.20.1/rpmio/rpmlua.c:183:5: branch_true: following ‘true’ branch... rpm-4.20.1/rpmio/rpmlua.c:183:5: call_function: calling ‘rpmluaNew’ from ‘rpmluaPushPrintBuffer’ rpm-4.20.1/rpmio/rpmlua.c:183:5: return_function: returning to ‘rpmluaPushPrintBuffer’ from ‘rpmluaNew’ rpm-4.20.1/rpmio/rpmlua.c:188:19: danger: dereference of NULL ‘lua’ # 186| prbuf->alloced = 0; # 187| prbuf->used = 0; # 188|-> prbuf->next = lua->printbuf; # 189| # 190| lua->printbuf = prbuf; Error: GCC_ANALYZER_WARNING (CWE-476): [#def54] rpm-4.20.1/rpmio/rpmlua.c:196:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘lua’ rpm-4.20.1/rpmio/rpmlua.c:193:7: enter_function: entry to ‘rpmluaPopPrintBuffer’ rpm-4.20.1/rpmio/rpmlua.c:195:5: branch_true: following ‘true’ branch... rpm-4.20.1/rpmio/rpmlua.c:195:5: call_function: calling ‘rpmluaNew’ from ‘rpmluaPopPrintBuffer’ rpm-4.20.1/rpmio/rpmlua.c:195:5: return_function: returning to ‘rpmluaPopPrintBuffer’ from ‘rpmluaNew’ rpm-4.20.1/rpmio/rpmlua.c:196:14: danger: dereference of NULL ‘lua’ # 194| { # 195| INITSTATE(lua); # 196|-> rpmluapb prbuf = lua->printbuf; # 197| char *ret = NULL; # 198| Error: GCC_ANALYZER_WARNING (CWE-476): [#def55] rpm-4.20.1/rpmio/rpmlua.c:211:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘lua’ rpm-4.20.1/rpmio/rpmlua.c:208:5: enter_function: entry to ‘rpmluaCheckScript’ rpm-4.20.1/rpmio/rpmlua.c:210:5: branch_true: following ‘true’ branch... rpm-4.20.1/rpmio/rpmlua.c:210:5: call_function: calling ‘rpmluaNew’ from ‘rpmluaCheckScript’ rpm-4.20.1/rpmio/rpmlua.c:210:5: return_function: returning to ‘rpmluaCheckScript’ from ‘rpmluaNew’ rpm-4.20.1/rpmio/rpmlua.c:211:16: danger: dereference of NULL ‘lua’ # 209| { # 210| INITSTATE(lua); # 211|-> lua_State *L = lua->L; # 212| int ret = 0; # 213| if (name == NULL) Error: GCC_ANALYZER_WARNING (CWE-476): [#def56] rpm-4.20.1/rpmio/rpmlua.c:254:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘lua’ rpm-4.20.1/rpmio/rpmlua.c:250:5: enter_function: entry to ‘rpmluaRunScript’ rpm-4.20.1/rpmio/rpmlua.c:253:5: branch_true: following ‘true’ branch... rpm-4.20.1/rpmio/rpmlua.c:253:5: call_function: calling ‘rpmluaNew’ from ‘rpmluaRunScript’ rpm-4.20.1/rpmio/rpmlua.c:253:5: return_function: returning to ‘rpmluaRunScript’ from ‘rpmluaNew’ rpm-4.20.1/rpmio/rpmlua.c:254:16: danger: dereference of NULL ‘lua’ # 252| { # 253| INITSTATE(lua); # 254|-> lua_State *L = lua->L; # 255| int ret = -1; # 256| int oind = 0; Error: GCC_ANALYZER_WARNING (CWE-476): [#def57] rpm-4.20.1/rpmio/rpmlua.c:329:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘lua’ rpm-4.20.1/rpmio/rpmlua.c:326:5: enter_function: entry to ‘rpmluaRunScriptFile’ rpm-4.20.1/rpmio/rpmlua.c:328:5: branch_true: following ‘true’ branch... rpm-4.20.1/rpmio/rpmlua.c:328:5: call_function: calling ‘rpmluaNew’ from ‘rpmluaRunScriptFile’ rpm-4.20.1/rpmio/rpmlua.c:328:5: return_function: returning to ‘rpmluaRunScriptFile’ from ‘rpmluaNew’ rpm-4.20.1/rpmio/rpmlua.c:329:16: danger: dereference of NULL ‘lua’ # 327| { # 328| INITSTATE(lua); # 329|-> lua_State *L = lua->L; # 330| int ret = 0; # 331| if (luaL_loadfile(L, filename) != 0) { Error: GCC_ANALYZER_WARNING (CWE-476): [#def58] rpm-4.20.1/rpmio/rpmlua.c:422:5: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘lua’ rpm-4.20.1/rpmio/rpmlua.c:419:6: enter_function: entry to ‘rpmluaInteractive’ rpm-4.20.1/rpmio/rpmlua.c:421:5: branch_true: following ‘true’ branch... rpm-4.20.1/rpmio/rpmlua.c:421:5: call_function: calling ‘rpmluaNew’ from ‘rpmluaInteractive’ rpm-4.20.1/rpmio/rpmlua.c:421:5: return_function: returning to ‘rpmluaInteractive’ from ‘rpmluaNew’ rpm-4.20.1/rpmio/rpmlua.c:422:5: danger: dereference of NULL ‘lua’ # 420| { # 421| INITSTATE(lua); # 422|-> _rpmluaInteractive(lua->L, rl); # 423| } # 424| Error: GCC_ANALYZER_WARNING (CWE-476): [#def59] rpm-4.20.1/rpmio/rpmlua.c:428:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘lua’ rpm-4.20.1/rpmio/rpmlua.c:425:7: enter_function: entry to ‘rpmluaCallStringFunction’ rpm-4.20.1/rpmio/rpmlua.c:427:5: branch_true: following ‘true’ branch... rpm-4.20.1/rpmio/rpmlua.c:427:5: call_function: calling ‘rpmluaNew’ from ‘rpmluaCallStringFunction’ rpm-4.20.1/rpmio/rpmlua.c:427:5: return_function: returning to ‘rpmluaCallStringFunction’ from ‘rpmluaNew’ rpm-4.20.1/rpmio/rpmlua.c:428:16: danger: dereference of NULL ‘lua’ # 426| { # 427| INITSTATE(lua); # 428|-> lua_State *L = lua->L; # 429| int i; # 430| char *fcall = NULL; Error: CPPCHECK_WARNING (CWE-476): [#def60] rpm-4.20.1/rpmio/rpmlua.c:874: warning[nullPointer]: Possible null pointer dereference: argv # 872| rpmSetCloseOnExec(); # 873| # 874|-> status = posix_spawnp(&pid, argv[0], fap, NULL, argv, environ); # 875| # 876| argvFree(argv); Error: GCC_ANALYZER_WARNING (CWE-476): [#def61] rpm-4.20.1/rpmio/rpmlua.c:874:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘argv’ rpm-4.20.1/rpmio/rpmlua.c:851:8: branch_false: following ‘false’ branch... rpm-4.20.1/rpmio/rpmlua.c:865:12: branch_false: ...to here rpm-4.20.1/rpmio/rpmlua.c:865:12: release_memory: ‘argv’ is NULL rpm-4.20.1/rpmio/rpmlua.c:866:21: branch_false: following ‘false’ branch (when ‘i >= argc’)... rpm-4.20.1/rpmio/rpmlua.c:872:5: branch_false: ...to here rpm-4.20.1/rpmio/rpmlua.c:874:14: release_memory: ‘argv’ is NULL rpm-4.20.1/rpmio/rpmlua.c:876:5: release_memory: ‘argv’ is NULL rpm-4.20.1/rpmio/rpmlua.c:874:14: danger: dereference of NULL ‘argv’ # 872| rpmSetCloseOnExec(); # 873| # 874|-> status = posix_spawnp(&pid, argv[0], fap, NULL, argv, environ); # 875| # 876| argvFree(argv); Error: GCC_ANALYZER_WARNING (CWE-476): [#def62] rpm-4.20.1/rpmio/rpmstrpool.c:69:12: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘s’ rpm-4.20.1/rpmio/rpmstrpool.c:265:12: enter_function: entry to ‘rpmstrPoolFree’ rpm-4.20.1/rpmio/rpmstrpool.c:267:8: branch_true: following ‘true’ branch (when ‘pool’ is non-NULL)... rpm-4.20.1/rpmio/rpmstrpool.c:268:9: call_function: inlined call to ‘poolLock’ from ‘rpmstrPoolFree’ rpm-4.20.1/rpmio/rpmstrpool.c:269:12: branch_false: following ‘false’ branch... rpm-4.20.1/rpmio/rpmstrpool.c:273:17: branch_false: ...to here rpm-4.20.1/rpmio/rpmstrpool.c:273:16: branch_true: following ‘true’ branch... rpm-4.20.1/rpmio/rpmstrpool.c:274:17: branch_true: ...to here rpm-4.20.1/rpmio/rpmstrpool.c:274:17: call_function: calling ‘poolHashPrintStats’ from ‘rpmstrPoolFree’ # 67| const char * s = str; # 68| # 69|-> while (*s != '\0') { # 70| hash += *s; # 71| hash += (hash << 10); Error: GCC_ANALYZER_WARNING (CWE-688): [#def63] rpm-4.20.1/rpmio/rpmstrpool.c:170:21: warning[-Wanalyzer-null-argument]: use of NULL ‘s’ where non-null expected rpm-4.20.1/rpmio/rpmstrpool.c:329:15: enter_function: entry to ‘rpmstrPoolPut’ rpm-4.20.1/rpmio/rpmstrpool.c:367:5: call_function: calling ‘poolHashAddHEntry’ from ‘rpmstrPoolPut’ # 168| ht->keyCount++; # 169| break; # 170|-> } else if (!strcmp(id2str(pool, ht->buckets[hash].keyid), key)) { # 171| return; # 172| } Error: GCC_ANALYZER_WARNING (CWE-688): [#def64] rpm-4.20.1/rpmio/rpmstrpool.c:388:13: warning[-Wanalyzer-null-argument]: use of NULL ‘s’ where non-null expected rpm-4.20.1/rpmio/rpmstrpool.c:372:15: enter_function: entry to ‘rpmstrPoolGet’ rpm-4.20.1/rpmio/rpmstrpool.c:382:12: branch_false: following ‘false’ branch... rpm-4.20.1/rpmio/rpmstrpool.c:386:13: call_function: inlined call to ‘id2str’ from ‘rpmstrPoolGet’ rpm-4.20.1/rpmio/rpmstrpool.c:388:13: branch_false: ...to here rpm-4.20.1/rpmio/rpmstrpool.c:388:13: danger: argument 1 (‘s’) NULL where non-null expected # 386| s = id2str(pool, ht->buckets[hash].keyid); # 387| /* pool string could be longer than keylen, require exact matche */ # 388|-> if (strncmp(s, key, keylen) == 0 && s[keylen] == '\0') # 389| return ht->buckets[hash].keyid; # 390| } Error: GCC_ANALYZER_WARNING (CWE-457): [#def65] rpm-4.20.1/sign/rpmsignverity.c:194:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘sig_size’ rpm-4.20.1/sign/rpmsignverity.c:123:8: branch_false: following ‘false’ branch... rpm-4.20.1/sign/rpmsignverity.c:129:26: branch_false: ...to here rpm-4.20.1/sign/rpmsignverity.c:166:12: branch_false: following ‘false’ branch... branch_false: ...to here rpm-4.20.1/sign/rpmsignverity.c:185:19: branch_true: following ‘true’ branch (when ‘idx < nr_files’)... rpm-4.20.1/sign/rpmsignverity.c:186:29: branch_true: ...to here rpm-4.20.1/sign/rpmsignverity.c:188:12: branch_false: following ‘false’ branch... rpm-4.20.1/sign/rpmsignverity.c:193:9: branch_false: ...to here rpm-4.20.1/sign/rpmsignverity.c:194:9: danger: use of uninitialized value ‘sig_size’ here # 192| } # 193| rpmlog(RPMLOG_DEBUG, _("signature: %s\n"), signatures[idx]); # 194|-> rpmlog(RPMLOG_DEBUG, _("digest signed, len: %zu\n"), sig_size); # 195| free(signatures[idx]); # 196| signatures[idx] = NULL; Error: GCC_ANALYZER_WARNING (CWE-457): [#def66] rpm-4.20.1/sign/rpmsignverity.c:199:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘sig_size’ rpm-4.20.1/sign/rpmsignverity.c:123:8: branch_false: following ‘false’ branch... rpm-4.20.1/sign/rpmsignverity.c:129:26: branch_false: ...to here rpm-4.20.1/sign/rpmsignverity.c:166:12: branch_false: following ‘false’ branch... branch_false: ...to here rpm-4.20.1/sign/rpmsignverity.c:185:19: branch_false: following ‘false’ branch (when ‘idx >= nr_files’)... rpm-4.20.1/sign/rpmsignverity.c:199:9: branch_false: ...to here rpm-4.20.1/sign/rpmsignverity.c:199:9: danger: use of uninitialized value ‘sig_size’ here # 197| } # 198| # 199|-> if (sig_size == 0) { # 200| rpmlog(RPMLOG_ERR, _("Zero length fsverity signature\n")); # 201| rc = RPMRC_FAIL; Error: CPPCHECK_WARNING (CWE-476): [#def67] rpm-4.20.1/tools/rpmdump.c:132: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: blob # 130| # 131| blob = (uint32_t *)malloc(sizeof(numEntries) + sizeof(numBytes) + headerLen); # 132|-> blob[0] = htonl(numEntries); # 133| blob[1] = htonl(numBytes); # 134| Error: GCC_ANALYZER_WARNING (CWE-476): [#def68] rpm-4.20.1/tools/rpmdump.c:132:5: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘blob’ rpm-4.20.1/tools/rpmdump.c:224:5: enter_function: entry to ‘main’ rpm-4.20.1/tools/rpmdump.c:227:17: branch_true: following ‘true’ branch (when ‘i < argc’)... rpm-4.20.1/tools/rpmdump.c:228:27: branch_true: ...to here rpm-4.20.1/tools/rpmdump.c:229:12: branch_false: following ‘false’ branch... rpm-4.20.1/tools/rpmdump.c:231:13: branch_false: ...to here rpm-4.20.1/tools/rpmdump.c:231:13: call_function: calling ‘readpkg’ from ‘main’ # 130| # 131| blob = (uint32_t *)malloc(sizeof(numEntries) + sizeof(numBytes) + headerLen); # 132|-> blob[0] = htonl(numEntries); # 133| blob[1] = htonl(numBytes); # 134| Error: CPPCHECK_WARNING (CWE-476): [#def69] rpm-4.20.1/tools/rpmdump.c:133: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: blob # 131| blob = (uint32_t *)malloc(sizeof(numEntries) + sizeof(numBytes) + headerLen); # 132| blob[0] = htonl(numEntries); # 133|-> blob[1] = htonl(numBytes); # 134| # 135| pe = (struct entryInfo *) &(blob[2]); Error: CPPCHECK_WARNING (CWE-682): [#def70] rpm-4.20.1/tools/rpmdump.c:143: error[nullPointerArithmeticOutOfMemory]: If memory allocation fail: pointer addition with NULL pointer. # 141| # 142| # 143|-> if (read(fd, blob+2, headerLen) != headerLen) { # 144| fprintf(stderr, "reading %d bytes of header fail\n", headerLen); # 145| goto exit; Error: GCC_ANALYZER_WARNING (CWE-465): [#def71] rpm-4.20.1/tools/rpmsort.c:74:8: warning[-Wanalyzer-deref-before-check]: check of ‘package_string’ for NULL after already dereferencing it rpm-4.20.1/tools/rpmsort.c:88:12: enter_function: entry to ‘package_version_compare’ rpm-4.20.1/tools/rpmsort.c:98:5: call_function: calling ‘split_package_string’ from ‘package_version_compare’ # 72| # 73| /* Bubble up non-null values from release to name */ # 74|-> if (*name == NULL) { # 75| *name = (*version == NULL ? *release : *version); # 76| *version = *release;
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.86.0 |
| diffbase-analyzer-version-cppcheck | 2.17.1 |
| diffbase-analyzer-version-gcc | 15.0.1 |
| diffbase-analyzer-version-gcc-analyzer | 15.0.1 |
| diffbase-analyzer-version-shellcheck | 0.10.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-154.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | rpm-5.99.90-3.fc43 |
| diffbase-store-results-to | /tmp/tmp9ag8fqr6/rpm-5.99.90-3.fc43.tar.xz |
| diffbase-time-created | 2025-04-25 15:38:51 |
| diffbase-time-finished | 2025-04-25 15:41:08 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmp9ag8fqr6/rpm-5.99.90-3.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp9ag8fqr6/rpm-5.99.90-3.fc43.src.rpm' |
| diffbase-tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-154.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | rpm-4.20.1-1.fc42 |
| store-results-to | /tmp/tmpwxbicwkc/rpm-4.20.1-1.fc42.tar.xz |
| time-created | 2025-04-25 15:35:46 |
| time-finished | 2025-04-25 15:38:25 |
| title | Fixed findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpwxbicwkc/rpm-4.20.1-1.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpwxbicwkc/rpm-4.20.1-1.fc42.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |