screen-5.0.0-4.fc43

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1]
screen-5.0.0/ansi.c:1928:20: warning[-Wanalyzer-malloc-leak]: leak of ‘calloc((long unsigned int)(*win.w_layer.l_width + 1), 4)’
screen-5.0.0/ansi.c:2189:13: enter_function: entry to ‘MBceLine’
screen-5.0.0/ansi.c:2196:9: call_function: calling ‘MFixLine’ from ‘MBceLine’
# 1926|   	}
# 1927|   	if (mc->colorbg && ml->colorbg == null) {
# 1928|-> 		if ((ml->colorbg = calloc(win->w_width + 1, 4)) == NULL) {
# 1929|   			ml->colorbg = null;
# 1930|   			mc->colorbg = win->w_rend.colorbg = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def2]
screen-5.0.0/ansi.c:1935:20: warning[-Wanalyzer-malloc-leak]: leak of ‘calloc((long unsigned int)(*win.w_layer.l_width + 1), 4)’
screen-5.0.0/ansi.c:2189:13: enter_function: entry to ‘MBceLine’
screen-5.0.0/ansi.c:2196:9: call_function: calling ‘MFixLine’ from ‘MBceLine’
# 1933|   	}
# 1934|   	if (mc->colorfg && ml->colorfg == null) {
# 1935|-> 		if ((ml->colorfg = calloc(win->w_width + 1, 4)) == NULL) {
# 1936|   			ml->colorfg = null;
# 1937|   			mc->colorfg = win->w_rend.colorfg = 0;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def3]
screen-5.0.0/attacher.c:484:25: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘&query’
screen-5.0.0/attacher.c:439:20: branch_false: following ‘false’ branch...
screen-5.0.0/attacher.c:441:20: branch_false: ...to here
screen-5.0.0/attacher.c:441:20: branch_false: following ‘false’ branch...
screen-5.0.0/attacher.c:452:9: branch_false: ...to here
screen-5.0.0/attacher.c:476:12: branch_true: following ‘true’ branch (when ‘query != 0’)...
screen-5.0.0/attacher.c:478:41: branch_true: ...to here
screen-5.0.0/attacher.c:482:31: branch_true: following ‘true’ branch (when ‘c != 91’)...
screen-5.0.0/attacher.c:483:25: branch_true: ...to here
screen-5.0.0/attacher.c:484:25: danger: use of uninitialized value ‘&query’ here
#  482|   		for (c = 'A'; c <= 'Z'; c++) {
#  483|   			query[6] = c;
#  484|-> 			strncpy(sp, query, strlen(SocketPath));
#  485|   			if ((r = MakeServerSocket()) >= 0)
#  486|   				break;

Error: GCC_ANALYZER_WARNING (CWE-416): [#def4]
screen-5.0.0/canvas.c:86:13: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘cv’
screen-5.0.0/canvas.c:700:6: enter_function: entry to ‘OneCanvas’
screen-5.0.0/canvas.c:712:12: branch_false: following ‘false’ branch (when ‘ocv’ is non-NULL)...
screen-5.0.0/canvas.c:714:13: branch_false: ...to here
screen-5.0.0/canvas.c:717:16: branch_true: following ‘true’ branch...
screen-5.0.0/canvas.c:718:17: branch_true: ...to here
screen-5.0.0/canvas.c:718:17: call_function: calling ‘FreeCanvas’ from ‘OneCanvas’
#   84|   	Window *win;
#   85|   
#   86|-> 	if (cv->c_slprev)
#   87|   		cv->c_slprev->c_slnext = cv->c_slnext;
#   88|   	if (cv->c_slnext)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def5]
screen-5.0.0/canvas.c:215:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘cvp’
screen-5.0.0/canvas.c:700:6: enter_function: entry to ‘OneCanvas’
screen-5.0.0/canvas.c:712:12: branch_false: following ‘false’ branch (when ‘ocv’ is non-NULL)...
screen-5.0.0/canvas.c:714:13: branch_false: ...to here
screen-5.0.0/canvas.c:717:16: branch_true: following ‘true’ branch...
screen-5.0.0/canvas.c:718:17: branch_true: ...to here
screen-5.0.0/canvas.c:718:17: call_function: calling ‘FreeCanvas’ from ‘OneCanvas’
#  213|   			if (cvp == cv)
#  214|   				break;
#  215|-> 		*cvpp = cvp->c_lnext;
#  216|   
#  217|   		p = Layer2Window(l);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def6]
screen-5.0.0/canvas.c:282:39: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘p’
screen-5.0.0/canvas.c:775:6: enter_function: entry to ‘PutWindowCv’
screen-5.0.0/canvas.c:778:16: branch_true: following ‘true’ branch (when ‘cv’ is non-NULL)...
screen-5.0.0/canvas.c:779:21: branch_true: ...to here
screen-5.0.0/canvas.c:779:20: branch_false: following ‘false’ branch...
screen-5.0.0/canvas.c:783:21: branch_false: ...to here
screen-5.0.0/canvas.c:783:21: branch_true: following ‘true’ branch...
screen-5.0.0/canvas.c:783:17: branch_true: ...to here
screen-5.0.0/canvas.c:785:17: call_function: calling ‘SetCanvasWindow’ from ‘PutWindowCv’
#  280|   					if (p == window)
#  281|   						break;
#  282|-> 				*pp = p->w_prev_mru;
#  283|   				p->w_prev_mru = mru_window;
#  284|   				mru_window = p;

Error: CPPCHECK_WARNING (CWE-476): [#def7]
screen-5.0.0/canvas.c:760: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cvt->c_slperp
#  758|   		if (cvf->c_slperp) {
#  759|   			cvt->c_slperp = calloc(1, sizeof(Canvas));
#  760|-> 			cvt->c_slperp->c_slback = cvt;
#  761|   			CanvasInitBlank(cvt->c_slperp);
#  762|   			DupLayoutCv(cvf->c_slperp, cvt->c_slperp, save);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def8]
screen-5.0.0/canvas.c:760:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*cvt.c_slperp’
screen-5.0.0/canvas.c:738:16: branch_true: following ‘true’ branch (when ‘cvf’ is non-NULL)...
screen-5.0.0/canvas.c:739:35: branch_true: ...to here
screen-5.0.0/canvas.c:743:20: branch_false: following ‘false’ branch (when ‘save == 0’)...
screen-5.0.0/canvas.c:744:25: branch_false: ...to here
screen-5.0.0/canvas.c:745:28: branch_false: following ‘false’ branch...
screen-5.0.0/canvas.c:753:40: branch_false: ...to here
screen-5.0.0/canvas.c:758:20: branch_true: following ‘true’ branch...
screen-5.0.0/canvas.c:759:41: branch_true: ...to here
screen-5.0.0/canvas.c:759:41: acquire_memory: this call could return NULL
screen-5.0.0/canvas.c:760:25: danger: ‘calloc(1, 304)’ could be NULL: unchecked value from [(9)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/8)
#  758|   		if (cvf->c_slperp) {
#  759|   			cvt->c_slperp = calloc(1, sizeof(Canvas));
#  760|-> 			cvt->c_slperp->c_slback = cvt;
#  761|   			CanvasInitBlank(cvt->c_slperp);
#  762|   			DupLayoutCv(cvf->c_slperp, cvt->c_slperp, save);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def9]
screen-5.0.0/canvas.c:760:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘calloc(1, 304)’
screen-5.0.0/canvas.c:736:6: enter_function: entry to ‘DupLayoutCv’
screen-5.0.0/canvas.c:738:16: branch_true: following ‘true’ branch (when ‘cvf’ is non-NULL)...
screen-5.0.0/canvas.c:739:35: branch_true: ...to here
screen-5.0.0/canvas.c:743:20: branch_false: following ‘false’ branch (when ‘save == 0’)...
screen-5.0.0/canvas.c:744:25: branch_false: ...to here
screen-5.0.0/canvas.c:745:28: branch_false: following ‘false’ branch...
screen-5.0.0/canvas.c:753:40: branch_false: ...to here
screen-5.0.0/canvas.c:758:20: branch_true: following ‘true’ branch...
screen-5.0.0/canvas.c:759:41: branch_true: ...to here
screen-5.0.0/canvas.c:762:25: call_function: calling ‘DupLayoutCv’ from ‘DupLayoutCv’
#  758|   		if (cvf->c_slperp) {
#  759|   			cvt->c_slperp = calloc(1, sizeof(Canvas));
#  760|-> 			cvt->c_slperp->c_slback = cvt;
#  761|   			CanvasInitBlank(cvt->c_slperp);
#  762|   			DupLayoutCv(cvf->c_slperp, cvt->c_slperp, save);

Error: CPPCHECK_WARNING (CWE-476): [#def10]
screen-5.0.0/canvas.c:766: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: cvt->c_slnext
#  764|   		if (cvf->c_slnext) {
#  765|   			cvt->c_slnext = calloc(1, sizeof(Canvas));
#  766|-> 			cvt->c_slnext->c_slprev = cvt;
#  767|   			cvt->c_slnext->c_slback = cvt->c_slback;
#  768|   			CanvasInitBlank(cvt->c_slnext);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def11]
screen-5.0.0/canvas.c:766:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*cvt.c_slnext’
screen-5.0.0/canvas.c:738:16: branch_true: following ‘true’ branch (when ‘cvf’ is non-NULL)...
screen-5.0.0/canvas.c:739:35: branch_true: ...to here
screen-5.0.0/canvas.c:743:20: branch_false: following ‘false’ branch (when ‘save == 0’)...
screen-5.0.0/canvas.c:744:25: branch_false: ...to here
screen-5.0.0/canvas.c:745:28: branch_false: following ‘false’ branch...
screen-5.0.0/canvas.c:753:40: branch_false: ...to here
screen-5.0.0/canvas.c:758:20: branch_false: following ‘false’ branch...
screen-5.0.0/canvas.c:764:21: branch_false: ...to here
screen-5.0.0/canvas.c:764:20: branch_true: following ‘true’ branch...
screen-5.0.0/canvas.c:765:41: branch_true: ...to here
screen-5.0.0/canvas.c:765:41: acquire_memory: this call could return NULL
screen-5.0.0/canvas.c:766:25: danger: ‘calloc(1, 304)’ could be NULL: unchecked value from [(11)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/10)
#  764|   		if (cvf->c_slnext) {
#  765|   			cvt->c_slnext = calloc(1, sizeof(Canvas));
#  766|-> 			cvt->c_slnext->c_slprev = cvt;
#  767|   			cvt->c_slnext->c_slback = cvt->c_slback;
#  768|   			CanvasInitBlank(cvt->c_slnext);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def12]
screen-5.0.0/canvas.c:766:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘calloc(1, 304)’
screen-5.0.0/canvas.c:736:6: enter_function: entry to ‘DupLayoutCv’
screen-5.0.0/canvas.c:738:16: branch_true: following ‘true’ branch (when ‘cvf’ is non-NULL)...
screen-5.0.0/canvas.c:739:35: branch_true: ...to here
screen-5.0.0/canvas.c:743:20: branch_false: following ‘false’ branch (when ‘save == 0’)...
screen-5.0.0/canvas.c:744:25: branch_false: ...to here
screen-5.0.0/canvas.c:745:28: branch_false: following ‘false’ branch...
screen-5.0.0/canvas.c:753:40: branch_false: ...to here
screen-5.0.0/canvas.c:758:20: branch_true: following ‘true’ branch...
screen-5.0.0/canvas.c:759:41: branch_true: ...to here
screen-5.0.0/canvas.c:762:25: call_function: calling ‘DupLayoutCv’ from ‘DupLayoutCv’
#  764|   		if (cvf->c_slnext) {
#  765|   			cvt->c_slnext = calloc(1, sizeof(Canvas));
#  766|-> 			cvt->c_slnext->c_slprev = cvt;
#  767|   			cvt->c_slnext->c_slback = cvt->c_slback;
#  768|   			CanvasInitBlank(cvt->c_slnext);

Error: COMPILER_WARNING (CWE-252): [#def13]
screen-5.0.0/display.c: scope_hint: In function ‘DisplaySleep1000’
screen-5.0.0/display.c:2335:25: warning[-Wunused-result]: ignoring return value of ‘read’ declared with attribute ‘warn_unused_result’
# 2335 |                         read(D_userfd, &buf, 1);
#      |                         ^~~~~~~~~~~~~~~~~~~~~~~
# 2333|   	if (poll(pfd, ARRAY_SIZE(pfd), n) > 0) {
# 2334|   		if (eat)
# 2335|-> 			read(D_userfd, &buf, 1);
# 2336|   	}
# 2337|   }

Error: COMPILER_WARNING (CWE-252): [#def14]
screen-5.0.0/display.c: scope_hint: In function ‘RunBlanker’
screen-5.0.0/display.c:3027:25: warning[-Wunused-result]: ignoring return value of ‘dup’ declared with attribute ‘warn_unused_result’
# 3027 |                         dup(slave);
#      |                         ^~~~~~~~~~
# 3025|   		if (slave != -1) {
# 3026|   			close(0);
# 3027|-> 			dup(slave);
# 3028|   			close(slave);
# 3029|   			closeallfiles(D_blankerev.fd);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def15]
screen-5.0.0/fileio.c:70:17: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘cp’
screen-5.0.0/fileio.c:140:5: enter_function: entry to ‘StartRc’
screen-5.0.0/fileio.c:151:23: call_function: calling ‘CatExtra’ from ‘StartRc’
screen-5.0.0/fileio.c:151:23: return_function: returning to ‘StartRc’ from ‘CatExtra’
screen-5.0.0/fileio.c:154:12: branch_true: following ‘true’ branch...
screen-5.0.0/fileio.c:154:34: branch_true: ...to here
screen-5.0.0/fileio.c:156:21: call_function: calling ‘CatExtra’ from ‘StartRc’
#   68|   		if ((cp = realloc(str2, len1 + len2 + add_colon + 1)) == NULL)
#   69|   			Panic(0, "%s", strnomem);
#   70|-> 		memmove(cp + len1 + add_colon, cp, len2 + 1);
#   71|   	} else {
#   72|   		if ((cp = malloc(len1 + add_colon + 1)) == NULL)

Error: COMPILER_WARNING: [#def16]
screen-5.0.0/fileio.c: scope_hint: In function ‘WriteFile’
screen-5.0.0/fileio.c:352:25: warning[-Wstringop-truncation]: ‘__strncpy_chk’ output may be truncated copying between 0 and 4087 bytes from a string of length 4095
#  352 |                         strncpy(fnbuf, SocketPath, i);
#      |                         ^
#  350|   			if (i > (int)ARRAY_SIZE(fnbuf) - 9)
#  351|   				i = 0;
#  352|-> 			strncpy(fnbuf, SocketPath, i);
#  353|   			strncpy(fnbuf + i, ".termcap", 9);
#  354|   			fn = fnbuf;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def17]
screen-5.0.0/fileio.c:564:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pi[0]’
screen-5.0.0/fileio.c:562:12: branch_false: following ‘false’ branch...
screen-5.0.0/fileio.c:566:17: branch_false: ...to here
screen-5.0.0/fileio.c:564:24: danger: ‘pi[0]’ leaks here
#  562|   	if (pipe(pi)) {
#  563|   		WMsg(p, errno, "printing pipe");
#  564|-> 		return -1;
#  565|   	}
#  566|   	switch (fork()) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def18]
screen-5.0.0/fileio.c:564:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pi[1]’
screen-5.0.0/fileio.c:562:12: branch_false: following ‘false’ branch...
screen-5.0.0/fileio.c:566:17: branch_false: ...to here
screen-5.0.0/fileio.c:564:24: danger: ‘pi[1]’ leaks here
#  562|   	if (pipe(pi)) {
#  563|   		WMsg(p, errno, "printing pipe");
#  564|-> 		return -1;
#  565|   	}
#  566|   	switch (fork()) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def19]
screen-5.0.0/fileio.c:575:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup(pi[0])’
screen-5.0.0/fileio.c:562:12: branch_false: following ‘false’ branch...
screen-5.0.0/fileio.c:566:17: branch_false: ...to here
screen-5.0.0/fileio.c:575:21: acquire_resource: opened here
screen-5.0.0/fileio.c:575:20: danger: ‘dup(pi[0])’ leaks here; was opened at [(6)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/5)
#  573|   		ServerSocket = -1;
#  574|   		close(0);
#  575|-> 		if (dup(pi[0]) < 0)
#  576|   			Panic(errno, "printpipe dup");
#  577|   		closeallfiles(0);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def20]
screen-5.0.0/fileio.c:600:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pi[0]’
screen-5.0.0/fileio.c:598:12: branch_false: following ‘false’ branch...
screen-5.0.0/fileio.c:602:17: branch_false: ...to here
screen-5.0.0/fileio.c:600:24: danger: ‘pi[0]’ leaks here
#  598|   	if (pipe(pi)) {
#  599|   		Msg(errno, "pipe");
#  600|-> 		return -1;
#  601|   	}
#  602|   	switch (fork()) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def21]
screen-5.0.0/fileio.c:600:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pi[1]’
screen-5.0.0/fileio.c:598:12: branch_false: following ‘false’ branch...
screen-5.0.0/fileio.c:602:17: branch_false: ...to here
screen-5.0.0/fileio.c:600:24: danger: ‘pi[1]’ leaks here
#  598|   	if (pipe(pi)) {
#  599|   		Msg(errno, "pipe");
#  600|-> 		return -1;
#  601|   	}
#  602|   	switch (fork()) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def22]
screen-5.0.0/fileio.c:610:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup(pi[1])’
screen-5.0.0/fileio.c:598:12: branch_false: following ‘false’ branch...
screen-5.0.0/fileio.c:602:17: branch_false: ...to here
screen-5.0.0/fileio.c:610:21: acquire_resource: opened here
screen-5.0.0/fileio.c:610:20: danger: ‘dup(pi[1])’ leaks here; was opened at [(6)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/5)
#  608|   		ServerSocket = -1;
#  609|   		close(1);
#  610|-> 		if (dup(pi[1]) != 1) {
#  611|   			close(pi[1]);
#  612|   			Panic(0, "dup");

Error: GCC_ANALYZER_WARNING (CWE-121): [#def23]
screen-5.0.0/help.c:329:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
screen-5.0.0/help.c:343:13: enter_function: entry to ‘HelpRedisplayLine’
screen-5.0.0/help.c:351:17: call_function: calling ‘helppage’ from ‘HelpRedisplayLine’
#  327|   	buf += strlen(buf);
#  328|   	if (key < 0)
#  329|-> 		strncpy(buf, "unset", 6);
#  330|   	else if (key == ' ')
#  331|   		strncpy(buf, "sp", 3);

Error: CPPCHECK_WARNING (CWE-476): [#def24]
screen-5.0.0/input.c:358: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: store
#  356|   				if (!store) {
#  357|   					store = malloc(sizeof(struct inpline));
#  358|-> 					memmove(store, &inpdata->inp, sizeof(struct inpline));
#  359|   				}
#  360|   				store->next = &inphist;

Error: CPPCHECK_WARNING (CWE-476): [#def25]
screen-5.0.0/input.c:360: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: store
#  358|   					memmove(store, &inpdata->inp, sizeof(struct inpline));
#  359|   				}
#  360|-> 				store->next = &inphist;
#  361|   				store->prev = inphist.prev;
#  362|   				if (inphist.prev)

Error: CPPCHECK_WARNING (CWE-476): [#def26]
screen-5.0.0/input.c:361: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: store
#  359|   				}
#  360|   				store->next = &inphist;
#  361|-> 				store->prev = inphist.prev;
#  362|   				if (inphist.prev)
#  363|   					inphist.prev->next = store;

Error: CPPCHECK_WARNING (CWE-476): [#def27]
screen-5.0.0/layout.c:82: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: lay
#   80|   	}
#   81|   	lay = calloc(1, sizeof(Layout));
#   82|-> 	lay->lay_title = SaveStr(title);
#   83|   	lay->lay_autosave = 1;
#   84|   	lay->lay_number = i;

Error: CPPCHECK_WARNING (CWE-476): [#def28]
screen-5.0.0/layout.c:83: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: lay
#   81|   	lay = calloc(1, sizeof(Layout));
#   82|   	lay->lay_title = SaveStr(title);
#   83|-> 	lay->lay_autosave = 1;
#   84|   	lay->lay_number = i;
#   85|   	laytab[i] = lay;

Error: CPPCHECK_WARNING (CWE-476): [#def29]
screen-5.0.0/layout.c:84: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: lay
#   82|   	lay->lay_title = SaveStr(title);
#   83|   	lay->lay_autosave = 1;
#   84|-> 	lay->lay_number = i;
#   85|   	laytab[i] = lay;
#   86|   	lay->lay_next = NULL;

Error: CPPCHECK_WARNING (CWE-476): [#def30]
screen-5.0.0/layout.c:86: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: lay
#   84|   	lay->lay_number = i;
#   85|   	laytab[i] = lay;
#   86|-> 	lay->lay_next = NULL;
#   87|   
#   88|   	pl = &layouts;

Error: CPPCHECK_WARNING (CWE-457): [#def31]
screen-5.0.0/layout.c:229: warning[uninitvar]: Uninitialized variable: ss
#  227|   	}
#  228|   	*s = 0;
#  229|-> 	return ss;
#  230|   }
#  231|   

Error: CPPCHECK_WARNING (CWE-476): [#def32]
screen-5.0.0/list_generic.c:372: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: r
#  370|   {
#  371|   	ListRow *r = calloc(1, sizeof(ListRow));
#  372|-> 	r->data = data;
#  373|   
#  374|   	if (after) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def33]
screen-5.0.0/list_generic.c:372:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘r’
screen-5.0.0/list_generic.c:371:22: acquire_memory: this call could return NULL
screen-5.0.0/list_generic.c:372:9: danger: ‘r’ could be NULL: unchecked value from [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  370|   {
#  371|   	ListRow *r = calloc(1, sizeof(ListRow));
#  372|-> 	r->data = data;
#  373|   
#  374|   	if (after) {

Error: CPPCHECK_WARNING (CWE-476): [#def34]
screen-5.0.0/list_generic.c:375: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: r
#  373|   
#  374|   	if (after) {
#  375|-> 		r->next = after->next;
#  376|   		r->prev = after;
#  377|   		after->next = r;

Error: CPPCHECK_WARNING (CWE-476): [#def35]
screen-5.0.0/list_generic.c:376: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: r
#  374|   	if (after) {
#  375|   		r->next = after->next;
#  376|-> 		r->prev = after;
#  377|   		after->next = r;
#  378|   		if (r->next)

Error: CPPCHECK_WARNING (CWE-476): [#def36]
screen-5.0.0/list_generic.c:378: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: r
#  376|   		r->prev = after;
#  377|   		after->next = r;
#  378|-> 		if (r->next)
#  379|   			r->next->prev = r;
#  380|   	} else {

Error: CPPCHECK_WARNING (CWE-476): [#def37]
screen-5.0.0/list_generic.c:381: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: r
#  379|   			r->next->prev = r;
#  380|   	} else {
#  381|-> 		r->next = ldata->root;
#  382|   		if (ldata->root)
#  383|   			ldata->root->prev = r;

Error: COMPILER_WARNING: [#def38]
screen-5.0.0/list_license.c: scope_hint: In function ‘gl_License_row’
screen-5.0.0/list_license.c:99:36: warning[-Wcalloc-transposed-args]: ‘calloc’ sizes specified with ‘sizeof’ in the earlier argument and not in the later argument
#   99 |         char *line = calloc(sizeof(char), flayer->l_width + 1);
#      |                                    ^~~~
screen-5.0.0/list_license.c:99:36: note: earlier argument should specify number of elements, later size of each element
#   97|   	(void)ldata; /* unused */
#   98|   
#   99|-> 	char *line = calloc(sizeof(char), flayer->l_width + 1);
#  100|   	char *start = (char *)lrow->data;
#  101|   	char *lastspace = start;

Error: CPPCHECK_WARNING (CWE-476): [#def39]
screen-5.0.0/list_window.c:500: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: wdata
#  498|   
#  499|   	wdata = calloc(1, sizeof(struct gl_Window_Data));
#  500|-> 	wdata->group = group;
#  501|   	wdata->order = (order & ~WLIST_NESTED);
#  502|   	wdata->nested = ! !(order & WLIST_NESTED);

Error: CPPCHECK_WARNING (CWE-476): [#def40]
screen-5.0.0/list_window.c:501: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: wdata
#  499|   	wdata = calloc(1, sizeof(struct gl_Window_Data));
#  500|   	wdata->group = group;
#  501|-> 	wdata->order = (order & ~WLIST_NESTED);
#  502|   	wdata->nested = ! !(order & WLIST_NESTED);
#  503|   	wdata->onblank = onblank;

Error: CPPCHECK_WARNING (CWE-476): [#def41]
screen-5.0.0/list_window.c:502: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: wdata
#  500|   	wdata->group = group;
#  501|   	wdata->order = (order & ~WLIST_NESTED);
#  502|-> 	wdata->nested = ! !(order & WLIST_NESTED);
#  503|   	wdata->onblank = onblank;
#  504|   

Error: CPPCHECK_WARNING (CWE-476): [#def42]
screen-5.0.0/list_window.c:503: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: wdata
#  501|   	wdata->order = (order & ~WLIST_NESTED);
#  502|   	wdata->nested = ! !(order & WLIST_NESTED);
#  503|-> 	wdata->onblank = onblank;
#  504|   
#  505|   	/* Set the most recent window as selected. */

Error: CPPCHECK_WARNING (CWE-476): [#def43]
screen-5.0.0/list_window.c:506: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: wdata
#  504|   
#  505|   	/* Set the most recent window as selected. */
#  506|-> 	wdata->fore = mru_window;
#  507|   	while (wdata->fore && wdata->fore->w_group != group)
#  508|   		wdata->fore = wdata->fore->w_prev_mru;

Error: CPPCHECK_WARNING (CWE-476): [#def44]
screen-5.0.0/list_window.c:507: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: wdata
#  505|   	/* Set the most recent window as selected. */
#  506|   	wdata->fore = mru_window;
#  507|-> 	while (wdata->fore && wdata->fore->w_group != group)
#  508|   		wdata->fore = wdata->fore->w_prev_mru;
#  509|   

Error: CPPCHECK_WARNING (CWE-476): [#def45]
screen-5.0.0/list_window.c:508: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: wdata
#  506|   	wdata->fore = mru_window;
#  507|   	while (wdata->fore && wdata->fore->w_group != group)
#  508|-> 		wdata->fore = wdata->fore->w_prev_mru;
#  509|   
#  510|   	ldata->data = wdata;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def46]
screen-5.0.0/logfile.c:75:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘lf_move_fd(open(name, 1089, 438), wantfd)’
screen-5.0.0/logfile.c:216:5: enter_function: entry to ‘logfflush’
screen-5.0.0/logfile.c:220:12: branch_false: following ‘false’ branch (when ‘l’ is non-NULL)...
screen-5.0.0/logfile.c:228:21: branch_false: ...to here
screen-5.0.0/logfile.c:228:20: branch_true: following ‘true’ branch...
screen-5.0.0/logfile.c:228:42: branch_true: ...to here
screen-5.0.0/logfile.c:228:42: call_function: calling ‘logfile_reopen’ from ‘logfflush’
#   73|   	if (fd == need_fd)
#   74|   		return fd;
#   75|-> 	if (fd >= 0 && fd < need_fd)
#   76|   		r = lf_move_fd(dup(fd), need_fd);
#   77|   	close(fd);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def47]
screen-5.0.0/logfile.c:222:50: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fileno(*l.fp)’
screen-5.0.0/logfile.c:216:5: enter_function: entry to ‘logfflush’
screen-5.0.0/logfile.c:220:12: branch_true: following ‘true’ branch (when ‘l’ is NULL)...
screen-5.0.0/logfile.c:221:22: branch_true: ...to here
screen-5.0.0/logfile.c:221:35: branch_true: following ‘true’ branch (when ‘l’ is non-NULL)...
screen-5.0.0/logfile.c:222:29: branch_true: ...to here
screen-5.0.0/logfile.c:222:28: branch_true: following ‘true’ branch...
screen-5.0.0/logfile.c:222:50: branch_true: ...to here
screen-5.0.0/logfile.c:222:50: call_function: calling ‘logfile_reopen’ from ‘logfflush’
#  220|   	if (!l)
#  221|   		for (l = logroot; l; l = l->next) {
#  222|-> 			if (stolen_logfile(l) && logfile_reopen(l->name, fileno(l->fp), l))
#  223|   				return -1;
#  224|   			r |= fflush(l->fp);

Error: COMPILER_WARNING (CWE-457): [#def48]
screen-5.0.0/process.c: scope_hint: In function ‘DoCommandAt’
screen-5.0.0/process.c:1372:36: warning[-Wmaybe-uninitialized]: ‘i’ may be used uninitialized
# 1372 |                                 if (i < 0)
#      |                                    ^
screen-5.0.0/process.c:1340:29: note: ‘i’ was declared here
# 1340 |                         int i;
#      |                             ^
# 1370|   				display = NULL;
# 1371|   				fore = NULL;
# 1372|-> 				if (i < 0)
# 1373|   					OutputMsg(0, "%s: at '%s': no such window.\n", rc_name, args[0]);
# 1374|   				goto out;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def49]
screen-5.0.0/process.c:5912:15: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘p’
screen-5.0.0/process.c:618:6: enter_function: entry to ‘ProcessInput’
screen-5.0.0/process.c:632:16: branch_true: following ‘true’ branch (when ‘ilen != 0’)...
screen-5.0.0/process.c:633:23: branch_true: ...to here
screen-5.0.0/process.c:634:20: branch_false: following ‘false’ branch...
screen-5.0.0/process.c:639:28: branch_true: following ‘true’ branch...
screen-5.0.0/process.c:640:52: branch_true: ...to here
screen-5.0.0/process.c:650:36: branch_false: following ‘false’ branch...
screen-5.0.0/process.c:652:37: branch_false: ...to here
screen-5.0.0/process.c:652:36: branch_true: following ‘true’ branch (when ‘q’ is non-NULL)...
screen-5.0.0/process.c:653:41: branch_true: ...to here
screen-5.0.0/process.c:656:45: call_function: calling ‘StuffKey’ from ‘ProcessInput’
# 5910|   		if (p == window)
# 5911|   			break;
# 5912|-> 	*pp = p->w_prev_mru;
# 5913|   
# 5914|   	if (first_window == last_window) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def50]
screen-5.0.0/resize.c:307:13: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ml’
screen-5.0.0/resize.c:814:6: enter_function: entry to ‘LeaveAltScreen’
screen-5.0.0/resize.c:816:12: branch_false: following ‘false’ branch...
screen-5.0.0/resize.c:818:9: branch_false: ...to here
screen-5.0.0/resize.c:819:9: call_function: calling ‘ChangeWindowSize’ from ‘LeaveAltScreen’
#  305|   static void FreeMline(struct mline *ml)
#  306|   {
#  307|-> 	if (ml->image)
#  308|   		free(ml->image);
#  309|   	if (ml->attr && ml->attr != null)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def51]
screen-5.0.0/resize.c:322:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ml’
screen-5.0.0/resize.c:814:6: enter_function: entry to ‘LeaveAltScreen’
screen-5.0.0/resize.c:816:12: branch_false: following ‘false’ branch...
screen-5.0.0/resize.c:818:9: branch_false: ...to here
screen-5.0.0/resize.c:819:9: call_function: calling ‘ChangeWindowSize’ from ‘LeaveAltScreen’
#  320|   static int AllocMline(struct mline *ml, int w)
#  321|   {
#  322|-> 	ml->image = malloc(w * 4);
#  323|   	ml->attr = null;
#  324|   	ml->font = null;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def52]
screen-5.0.0/resize.c:573:29: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘mlf’
screen-5.0.0/resize.c:814:6: enter_function: entry to ‘LeaveAltScreen’
screen-5.0.0/resize.c:816:12: branch_false: following ‘false’ branch...
screen-5.0.0/resize.c:818:9: branch_false: ...to here
screen-5.0.0/resize.c:819:9: call_function: calling ‘ChangeWindowSize’ from ‘LeaveAltScreen’
#  571|   		/* calculate lenght */
#  572|   		for (l = p->w_width - 1; l > 0; l--)
#  573|-> 			if (mlf->image[l] != ' ' || mlf->attr[l])
#  574|   				break;
#  575|   		if (fy == p->w_y + p->w_histheight && l < p->w_x)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def53]
screen-5.0.0/resize.c:593:29: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘mlt’
screen-5.0.0/resize.c:814:6: enter_function: entry to ‘LeaveAltScreen’
screen-5.0.0/resize.c:816:12: branch_false: following ‘false’ branch...
screen-5.0.0/resize.c:818:9: branch_false: ...to here
screen-5.0.0/resize.c:819:9: call_function: calling ‘ChangeWindowSize’ from ‘LeaveAltScreen’
#  591|   		while (l > 0 && fy >= 0 && ty >= 0) {
#  592|   			lx = lt > lf ? lf : lt;
#  593|-> 			if (mlt->image == NULL) {
#  594|   				if (AllocMline(mlt, wi + 1))
#  595|   					goto nomem;

Error: CPPCHECK_WARNING (CWE-401): [#def54]
screen-5.0.0/sched.c:78: error[memleakOnRealloc]: Common realloc mistake: 'pfd' nulled but not freed upon failure
#   76|   	if (i > pfd_cnt) {
#   77|   		pfd_cnt = i;
#   78|-> 		pfd = realloc(pfd, pfd_cnt * sizeof(struct pollfd));
#   79|   	}
#   80|   }

Error: COMPILER_WARNING: [#def55]
screen-5.0.0/screen.c: scope_hint: In function ‘main’
screen-5.0.0/screen.c:955:102: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 4096 bytes into a region of size 4095
#  955 |                 snprintf(SocketPath + strlen(SocketPath), sizeof(SocketPath) - strlen(SocketPath), "/%s", socknamebuf);
#      |                                                                                                      ^~   ~~~~~~~~~~~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 2 and 4098 bytes into a destination of size 4096
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  953|   		if (strlen(socknamebuf) > FILENAME_MAX)
#  954|   			socknamebuf[FILENAME_MAX - 1] = 0;
#  955|-> 		snprintf(SocketPath + strlen(SocketPath), sizeof(SocketPath) - strlen(SocketPath), "/%s", socknamebuf);
#  956|   		SET_GUID();
#  957|   		Attacher();

Error: COMPILER_WARNING: [#def56]
screen-5.0.0/screen.c: scope_hint: In function ‘main’
screen-5.0.0/screen.c:1020:94: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 4096 bytes into a region of size 4095
# 1020 |         snprintf(SocketPath + strlen(SocketPath), sizeof(SocketPath) - strlen(SocketPath), "/%s", socknamebuf);
#      |                                                                                              ^~   ~~~~~~~~~~~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 2 and 4098 bytes into a destination of size 4096
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
# 1018|   		socknamebuf[FILENAME_MAX] = 0;
# 1019|   	}
# 1020|-> 	snprintf(SocketPath + strlen(SocketPath), sizeof(SocketPath) - strlen(SocketPath), "/%s", socknamebuf);
# 1021|   
# 1022|   	ServerSocket = MakeServerSocket();

Error: COMPILER_WARNING (CWE-252): [#def57]
screen-5.0.0/screen.c: scope_hint: In function ‘CoreDump’
screen-5.0.0/screen.c:1178:17: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 1178 |                 write(disp->d_userfd, buf, strlen(buf));
#      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1176|   		fcntl(disp->d_userfd, F_SETFL, 0);
# 1177|   		SetTTY(disp->d_userfd, &D_OldMode);
# 1178|-> 		write(disp->d_userfd, buf, strlen(buf));
# 1179|   		Kill(disp->d_userpid, SIG_BYE);
# 1180|   	}

Error: COMPILER_WARNING (CWE-252): [#def58]
screen-5.0.0/screen.c: scope_hint: In function ‘Msg’
screen-5.0.0/screen.c:1513:17: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 1513 |                 write(queryflag, buf, strlen(buf));
#      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1511|   
# 1512|   	if (queryflag >= 0)
# 1513|-> 		write(queryflag, buf, strlen(buf));
# 1514|   }
# 1515|   

Error: COMPILER_WARNING (CWE-252): [#def59]
screen-5.0.0/screen.c: scope_hint: In function ‘Panic’
screen-5.0.0/screen.c:1548:25: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 1548 |                         write(D_userfd, buf, strlen(buf));
#      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1546|   			SetTTY(D_userfd, &D_OldMode);
# 1547|   			fcntl(D_userfd, F_SETFL, 0);
# 1548|-> 			write(D_userfd, buf, strlen(buf));
# 1549|   			write(D_userfd, "\n", 1);
# 1550|   			freetty();

Error: COMPILER_WARNING (CWE-252): [#def60]
screen-5.0.0/screen.c:1549:25: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 1549 |                         write(D_userfd, "\n", 1);
#      |                         ^~~~~~~~~~~~~~~~~~~~~~~~
# 1547|   			fcntl(D_userfd, F_SETFL, 0);
# 1548|   			write(D_userfd, buf, strlen(buf));
# 1549|-> 			write(D_userfd, "\n", 1);
# 1550|   			freetty();
# 1551|   			if (D_userpid)

Error: COMPILER_WARNING (CWE-252): [#def61]
screen-5.0.0/screen.c: scope_hint: In function ‘QueryMsg’
screen-5.0.0/screen.c:1574:9: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 1574 |         write(queryflag, buf, strlen(buf));
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1572|   
# 1573|   	PROCESS_MESSAGE(buf);
# 1574|-> 	write(queryflag, buf, strlen(buf));
# 1575|   }
# 1576|   

Error: COMPILER_WARNING (CWE-252): [#def62]
screen-5.0.0/screen.c: scope_hint: In function ‘serv_select_fn’
screen-5.0.0/screen.c:1678:25: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 1678 |                         write(W_UWP(fore) ? fore->w_pwin->p_ptyfd : fore->w_ptyfd, &ibuf, 1);
#      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1676|   		if (fore && displays) {
# 1677|   			char ibuf = displays->d_OldMode.tio.c_cc[VINTR];
# 1678|-> 			write(W_UWP(fore) ? fore->w_pwin->p_ptyfd : fore->w_ptyfd, &ibuf, 1);
# 1679|   		}
# 1680|   		InterruptPlease = 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def63]
screen-5.0.0/socket.c:845:29: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
screen-5.0.0/socket.c:713:12: branch_false: following ‘false’ branch...
screen-5.0.0/socket.c:720:9: branch_false: ...to here
screen-5.0.0/socket.c:731:20: branch_false: following ‘false’ branch...
screen-5.0.0/socket.c:736:21: branch_false: ...to here
screen-5.0.0/socket.c:772:12: branch_false: following ‘false’ branch...
screen-5.0.0/socket.c:778:12: branch_false: ...to here
screen-5.0.0/socket.c:778:12: branch_false: following ‘false’ branch (when ‘left <= 0’)...
screen-5.0.0/socket.c:783:13: branch_false: ...to here
screen-5.0.0/socket.c:783:12: branch_false: following ‘false’ branch...
screen-5.0.0/socket.c:790:13: branch_false: ...to here
screen-5.0.0/socket.c:798:12: branch_true: following ‘true’ branch...
screen-5.0.0/socket.c:799:22: branch_true: ...to here
screen-5.0.0/socket.c:799:40: branch_true: following ‘true’ branch (when ‘win’ is non-NULL)...
screen-5.0.0/socket.c:800:46: branch_true: ...to here
screen-5.0.0/socket.c:802:43: branch_false: following ‘false’ branch...
screen-5.0.0/socket.c:802:33: branch_false: ...to here
screen-5.0.0/socket.c:802:33: release_memory: ‘0’ is NULL
screen-5.0.0/socket.c:808:13: release_memory: ‘0’ is NULL
screen-5.0.0/socket.c:808:12: branch_false: following ‘false’ branch...
screen-5.0.0/socket.c:811:13: branch_false: ...to here
screen-5.0.0/socket.c:811:13: release_memory: ‘0’ is NULL
screen-5.0.0/socket.c:811:12: branch_false: following ‘false’ branch...
screen-5.0.0/socket.c:817:17: branch_false: ...to here
screen-5.0.0/socket.c:845:29: danger: dereference of NULL ‘display’
#  843|   	case MSG_ERROR:
#  844|   		{
#  845|-> 			int blocked = D_blocked;
#  846|   			if (D_blocked == 4)	/* allow error messages while in blanker mode */
#  847|   				D_blocked = 0;	/* likely they're from failed blanker */

Error: COMPILER_WARNING: [#def64]
screen-5.0.0/socket.c: scope_hint: In function ‘ReceiveMsg’
screen-5.0.0/socket.c:870:25: warning[-Wstringop-truncation]: ‘strncpy’ specified bound 4096 equals destination size
#  870 |                         strncpy(SocketPath, oldSocketPath, ARRAY_SIZE(SocketPath));
#      |                         ^
#  868|   			strncpy(SocketPath, m.m.command.writeback, ARRAY_SIZE(SocketPath));
#  869|   			int s = MakeClientSocket(0);
#  870|-> 			strncpy(SocketPath, oldSocketPath, ARRAY_SIZE(SocketPath));
#  871|   			Free(oldSocketPath);
#  872|   			if (s >= 0) {

Error: CPPCHECK_WARNING (CWE-476): [#def65]
screen-5.0.0/socket.c:1169: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: reply
# 1167|   	reply = (struct pam_response *)malloc(sizeof(struct pam_response));  
# 1168|   
# 1169|-> 	reply[0].resp = strdup(password);  
# 1170|   	reply[0].resp_retcode = 0;  
# 1171|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def66]
screen-5.0.0/socket.c:1169:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘reply’
screen-5.0.0/socket.c:1167:40: acquire_memory: this call could return NULL
screen-5.0.0/socket.c:1169:9: danger: ‘reply’ could be NULL: unchecked value from [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
# 1167|   	reply = (struct pam_response *)malloc(sizeof(struct pam_response));  
# 1168|   
# 1169|-> 	reply[0].resp = strdup(password);  
# 1170|   	reply[0].resp_retcode = 0;  
# 1171|   

Error: CPPCHECK_WARNING (CWE-476): [#def67]
screen-5.0.0/socket.c:1170: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: reply
# 1168|   
# 1169|   	reply[0].resp = strdup(password);  
# 1170|-> 	reply[0].resp_retcode = 0;  
# 1171|   
# 1172|   	pamc.conv = &screen_conv; 

Error: GCC_ANALYZER_WARNING (CWE-787): [#def68]
screen-5.0.0/termcap.c:682:25: warning[-Wanalyzer-out-of-bounds]: buffer overflow
screen-5.0.0/termcap.c:856:6: enter_function: entry to ‘DumpTermcap’
screen-5.0.0/termcap.c:861:24: call_function: calling ‘MakeTermcap’ from ‘DumpTermcap’
#  680|   		p = Term + 5;
#  681|   		if (!aflag && strlen(screenterm) + strlen(tname) < MAXSTR - 1) {
#  682|-> 			sprintf(p, "%s.%s", screenterm, tname);
#  683|   			if (e_tgetent(buf, p) == 1)
#  684|   				break;

Error: GCC_ANALYZER_WARNING (CWE-787): [#def69]
screen-5.0.0/termcap.c:687:25: warning[-Wanalyzer-out-of-bounds]: buffer overflow
screen-5.0.0/termcap.c:856:6: enter_function: entry to ‘DumpTermcap’
screen-5.0.0/termcap.c:861:24: call_function: calling ‘MakeTermcap’ from ‘DumpTermcap’
#  685|   		}
#  686|   		if (nwin_default.bce) {
#  687|-> 			sprintf(p, "%s-bce", screenterm);
#  688|   			if (e_tgetent(buf, p) == 1)
#  689|   				break;

Error: COMPILER_WARNING (CWE-252): [#def70]
screen-5.0.0/window.c: scope_hint: In function ‘CloseDevice’
screen-5.0.0/window.c:808:23: warning[-Wunused-result]: ignoring return value of ‘chown’ declared with attribute ‘warn_unused_result’
#  808 |                 (void)chown(window->w_tty, 0, 0);
#      |                       ^~~~~~~~~~~~~~~~~~~~~~~~~~
#  806|   		/* pty 4 SALE */
#  807|   		(void)chmod(window->w_tty, 0666);
#  808|-> 		(void)chown(window->w_tty, 0, 0);
#  809|   		ClosePTY(window->w_ptyfd);
#  810|   		break;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def71]
screen-5.0.0/window.c:1075:27: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup(slave)’
screen-5.0.0/window.c:1029:12: branch_true: following ‘true’ branch...
screen-5.0.0/window.c:1030:30: branch_true: ...to here
screen-5.0.0/window.c:1030:20: branch_false: following ‘false’ branch...
screen-5.0.0/window.c:1036:9: branch_false: ...to here
screen-5.0.0/window.c:1037:12: branch_false: following ‘false’ branch (when ‘proc’ is non-NULL)...
screen-5.0.0/window.c:1041:9: branch_false: ...to here
screen-5.0.0/window.c:1060:20: branch_false: following ‘false’ branch...
screen-5.0.0/window.c:1073:20: branch_true: following ‘true’ branch (when ‘slave != -1’)...
screen-5.0.0/window.c:1074:25: branch_true: ...to here
screen-5.0.0/window.c:1075:28: acquire_resource: opened here
screen-5.0.0/window.c:1075:27: danger: ‘dup(slave)’ leaks here; was opened at [(13)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/12)
# 1073|   		if (slave != -1) {
# 1074|   			close(0);
# 1075|-> 			if(dup(slave) < 0)
# 1076|   				Panic(errno, "Cannot duplicate file descriptor");
# 1077|   			close(slave);

Error: GCC_ANALYZER_WARNING (CWE-910): [#def72]
screen-5.0.0/window.c:1079:33: warning[-Wanalyzer-fd-use-after-close]: ‘dup’ on closed file descriptor ‘0’
screen-5.0.0/window.c:1029:12: branch_true: following ‘true’ branch...
screen-5.0.0/window.c:1030:30: branch_true: ...to here
screen-5.0.0/window.c:1030:20: branch_false: following ‘false’ branch...
screen-5.0.0/window.c:1036:9: branch_false: ...to here
screen-5.0.0/window.c:1037:12: branch_false: following ‘false’ branch (when ‘proc’ is non-NULL)...
screen-5.0.0/window.c:1041:9: branch_false: ...to here
screen-5.0.0/window.c:1060:20: branch_false: following ‘false’ branch...
screen-5.0.0/window.c:1073:20: branch_true: following ‘true’ branch (when ‘slave != -1’)...
screen-5.0.0/window.c:1074:25: branch_true: ...to here
screen-5.0.0/window.c:1074:25: release_resource: closed here
screen-5.0.0/window.c:1075:27: branch_false: following ‘false’ branch...
screen-5.0.0/window.c:1077:25: branch_false: ...to here
screen-5.0.0/window.c:1079:33: danger: ‘dup’ on closed file descriptor ‘0’; ‘close’ was at [(13)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/12)
# 1077|   			close(slave);
# 1078|   			closeallfiles(win->w_ptyfd);
# 1079|-> 			slave = dup(0);
# 1080|   		} else
# 1081|   			closeallfiles(win->w_ptyfd);

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def73]
screen-5.0.0/window.c:1083:17: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘0’
screen-5.0.0/window.c:1029:12: branch_true: following ‘true’ branch...
screen-5.0.0/window.c:1030:30: branch_true: ...to here
screen-5.0.0/window.c:1030:20: branch_false: following ‘false’ branch...
screen-5.0.0/window.c:1036:9: branch_false: ...to here
screen-5.0.0/window.c:1037:12: branch_false: following ‘false’ branch (when ‘proc’ is non-NULL)...
screen-5.0.0/window.c:1041:9: branch_false: ...to here
screen-5.0.0/window.c:1060:20: branch_false: following ‘false’ branch...
screen-5.0.0/window.c:1073:20: branch_true: following ‘true’ branch (when ‘slave != -1’)...
screen-5.0.0/window.c:1074:25: branch_true: ...to here
screen-5.0.0/window.c:1074:25: release_resource: first ‘close’ here
screen-5.0.0/window.c:1075:27: branch_false: following ‘false’ branch...
screen-5.0.0/window.c:1077:25: branch_false: ...to here
screen-5.0.0/window.c:1083:17: danger: second ‘close’ here; first ‘close’ was at [(13)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/12)
# 1081|   			closeallfiles(win->w_ptyfd);
# 1082|   		/* Close the three /dev/null descriptors */
# 1083|-> 		close(0);
# 1084|   		close(1);
# 1085|   		close(2);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def74]
screen-5.0.0/window.c:1112:35: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup(*win.w_ptyfd)’
screen-5.0.0/window.c:1029:12: branch_false: following ‘false’ branch...
screen-5.0.0/window.c:1036:9: branch_false: ...to here
screen-5.0.0/window.c:1037:12: branch_false: following ‘false’ branch (when ‘proc’ is non-NULL)...
screen-5.0.0/window.c:1041:9: branch_false: ...to here
screen-5.0.0/window.c:1060:20: branch_false: following ‘false’ branch...
screen-5.0.0/window.c:1073:20: branch_false: following ‘false’ branch (when ‘slave == -1’)...
screen-5.0.0/window.c:1081:25: branch_false: ...to here
screen-5.0.0/window.c:1092:33: branch_true: following ‘true’ branch (when ‘i != 3’)...
screen-5.0.0/window.c:1093:47: branch_true: ...to here
screen-5.0.0/window.c:1093:28: branch_false: following ‘false’ branch...
screen-5.0.0/window.c:1112:36: branch_false: ...to here
screen-5.0.0/window.c:1112:36: acquire_resource: opened here
screen-5.0.0/window.c:1112:35: danger: ‘dup(*win.w_ptyfd)’ leaks here; was opened at [(15)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/14)
# 1110|   					Msg(errno, "fgtty");
# 1111|   			} else {
# 1112|-> 				if(dup(win->w_ptyfd) < 0)
# 1113|   					Panic(errno, "Cannot duplicate file descriptor");
# 1114|   				wfdused = 1;

Error: COMPILER_WARNING (CWE-252): [#def75]
screen-5.0.0/window.c: scope_hint: In function ‘FreePseudowin’
screen-5.0.0/window.c:1372:15: warning[-Wunused-result]: ignoring return value of ‘chown’ declared with attribute ‘warn_unused_result’
# 1372 |         (void)chown(pwin->p_tty, 0, 0);
#      |               ^~~~~~~~~~~~~~~~~~~~~~~~
# 1370|   	/* should be able to use CloseDevice() here */
# 1371|   	(void)chmod(pwin->p_tty, 0666);
# 1372|-> 	(void)chown(pwin->p_tty, 0, 0);
# 1373|   	if (pwin->p_ptyfd >= 0) {
# 1374|   		if (w->w_type == W_TYPE_PTY)

Error: COMPILER_WARNING (CWE-252): [#def76]
screen-5.0.0/window.c: scope_hint: In function ‘win_writeev_fn’
screen-5.0.0/window.c:1574:41: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 1574 |                                         write(win->w_ptyfd, p->w_inbuf, p->w_inlen);
#      |                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1572|   			for (Window *win = mru_window; win; win = win->w_prev_mru) {
# 1573|   				if (win != p && win->w_miflag)
# 1574|-> 					write(win->w_ptyfd, p->w_inbuf, p->w_inlen);
# 1575|   			}
# 1576|   		}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def77]
screen-5.0.0/window.c:1853:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
screen-5.0.0/window.c:1836:5: enter_function: entry to ‘SwapWindows’
screen-5.0.0/window.c:1841:12: branch_false: following ‘false’ branch (when ‘dest >= 0’)...
screen-5.0.0/window.c:1846:12: branch_false: ...to here
screen-5.0.0/window.c:1846:12: branch_false: following ‘false’ branch (when ‘dest != old’)...
screen-5.0.0/window.c:1849:17: branch_false: ...to here
screen-5.0.0/window.c:1852:9: call_function: calling ‘remove_window_from_list’ from ‘SwapWindows’
screen-5.0.0/window.c:1852:9: return_function: returning to ‘SwapWindows’ from ‘remove_window_from_list’
screen-5.0.0/window.c:1853:9: danger: dereference of NULL ‘GetWindowByNumber(old & 65535)’
# 1851|   
# 1852|   	remove_window_from_list(win_a);
# 1853|-> 	win_a->w_number = dest;
# 1854|   	if (win_b) {
# 1855|   		remove_window_from_list(win_b);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def78]
screen-5.0.0/window.c:2008:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘w’
screen-5.0.0/window.c:1993:12: branch_true: following ‘true’ branch...
screen-5.0.0/window.c:1994:29: branch_true: ...to here
screen-5.0.0/window.c:1993:13: branch_true: following ‘true’ branch...
screen-5.0.0/window.c:1997:22: branch_true: ...to here
screen-5.0.0/window.c:1997:20: branch_true: following ‘true’ branch...
 branch_true: ...to here
screen-5.0.0/window.c:2000:32: branch_true: following ‘true’ branch...
screen-5.0.0/window.c:2008:21: danger: dereference of NULL ‘w’
# 2006|   				w = w->w_prev;
# 2007|   		}
# 2008|-> 		if (w->w_number == n)
# 2009|   			return w;
# 2010|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def79]
screen-5.0.0/winmsgbuf.c:77:9: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
screen-5.0.0/winmsgbuf.c:226:5: enter_function: entry to ‘wmbc_printf’
screen-5.0.0/winmsgbuf.c:234:15: call_function: inlined call to ‘wmbc_bytesleft’ from ‘wmbc_printf’
screen-5.0.0/winmsgbuf.c:234:15: call_function: inlined call to ‘wmbc_bytesleft’ from ‘wmbc_printf’
screen-5.0.0/winmsgbuf.c:241:12: branch_true: following ‘true’ branch...
screen-5.0.0/winmsgbuf.c:242:50: branch_true: ...to here
screen-5.0.0/winmsgbuf.c:242:22: call_function: calling ‘_wmbc_expand’ from ‘wmbc_printf’
#   75|   	/* realloc already handled the free for us */
#   76|   	wmb->buf = p;
#   77|-> 	wmb->size = size;
#   78|   	return size;
#   79|   }

Scan Properties