shadow-utils-4.17.4-1.fc43

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1]
shadow-4.17.4/lib/./alloc/reallocf.h:33:13: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarrayf(p,  nmemb,  size)’
shadow-4.17.4/lib/alloc/x/xrealloc.c:23:1: enter_function: entry to ‘xreallocarray’
shadow-4.17.4/lib/alloc/x/xrealloc.c:25:13: acquire_memory: allocated here
shadow-4.17.4/lib/alloc/x/xrealloc.c:25:13: call_function: calling ‘reallocarrayf’ from ‘xreallocarray’
#   31|   	void  *q;
#   32|   
#   33|-> 	q = reallocarray(p, nmemb ?: 1, size ?: 1);
#   34|   
#   35|   	if (q == NULL)

Error: GCC_ANALYZER_WARNING (CWE-688): [#def2]
shadow-4.17.4/lib/./string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(0, strlen(str) + 1, 1)’ where non-null expected
shadow-4.17.4/lib/./string/strdup/xstrdup.h:26:1: enter_function: entry to ‘xstrdup’
shadow-4.17.4/lib/./string/strdup/xstrdup.h:28:23: call_function: inlined call to ‘xmallocarray’ from ‘xstrdup’
shadow-4.17.4/lib/./string/strdup/xstrdup.h:28:16: danger: argument 1 (‘xreallocarray(0, strlen(str) + 1, 1)’) from [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) could be NULL where non-null expected
#argument 1 of ‘__builtin_strcpy’ must be non-null
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: COMPILER_WARNING (CWE-704): [#def3]
shadow-4.17.4/lib/./string/strspn/strrcspn.h:29:11: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#   27|   	char  *p;
#   28|   
#   29|-> 	p = strnul(s);
#   30|   	while (p > s) {
#   31|   		p--;

Error: COMPILER_WARNING (CWE-704): [#def4]
shadow-4.17.4/lib/./string/strspn/strrspn.h:29:11: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#   27|   	char  *p;
#   28|   
#   29|-> 	p = strnul(s);
#   30|   	while (p > s) {
#   31|   		p--;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def5]
shadow-4.17.4/lib/alloc/reallocf.h:33:13: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarrayf(*uids, (long unsigned int)<unknown>, 4)’
shadow-4.17.4/lib/subordinateio.c:930:12: enter_function: entry to ‘append_uids’
shadow-4.17.4/lib/subordinateio.c:945:20: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/subordinateio.c:951:29: branch_false: ...to here
shadow-4.17.4/lib/subordinateio.c:959:17: acquire_memory: allocated here
shadow-4.17.4/lib/subordinateio.c:959:17: call_function: calling ‘reallocarrayf’ from ‘append_uids’
#   31|   	void  *q;
#   32|   
#   33|-> 	q = reallocarray(p, nmemb ?: 1, size ?: 1);
#   34|   
#   35|   	if (q == NULL)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
shadow-4.17.4/lib/alloc/reallocf.h:33:13: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarrayf(buf,  max(buflen, 1), 1)’
shadow-4.17.4/lib/commonio.c:569:5: enter_function: entry to ‘commonio_open’
shadow-4.17.4/lib/commonio.c:581:12: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/commonio.c:582:20: branch_false: ...to here
shadow-4.17.4/lib/commonio.c:581:16: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/commonio.c:587:9: branch_false: ...to here
shadow-4.17.4/lib/commonio.c:623:12: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/commonio.c:632:15: call_function: inlined call to ‘mallocarray’ from ‘commonio_open’
shadow-4.17.4/lib/commonio.c:633:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
shadow-4.17.4/lib/commonio.c:636:16: branch_true: following ‘true’ branch...
 branch_true: ...to here
shadow-4.17.4/lib/commonio.c:639:27: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/commonio.c:644:31: acquire_memory: allocated here
shadow-4.17.4/lib/commonio.c:644:31: call_function: calling ‘reallocarrayf’ from ‘commonio_open’
#   31|   	void  *q;
#   32|   
#   33|-> 	q = reallocarray(p, nmemb ?: 1, size ?: 1);
#   34|   
#   35|   	if (q == NULL)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def7]
shadow-4.17.4/lib/alloc/reallocf.h:33:13: warning[-Wanalyzer-malloc-leak]: leak of ‘reallocarrayf(members,  max(i + 100, 1), 8)’
shadow-4.17.4/lib/sgetgrent.c:40:1: enter_function: entry to ‘list’
shadow-4.17.4/lib/sgetgrent.c:50:20: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/sgetgrent.c:51:32: branch_true: ...to here
shadow-4.17.4/lib/sgetgrent.c:52:35: acquire_memory: allocated here
shadow-4.17.4/lib/sgetgrent.c:52:35: call_function: calling ‘reallocarrayf’ from ‘list’
#   31|   	void  *q;
#   32|   
#   33|-> 	q = reallocarray(p, nmemb ?: 1, size ?: 1);
#   34|   
#   35|   	if (q == NULL)

Error: COMPILER_WARNING (CWE-252): [#def8]
shadow-4.17.4/lib/audit_help.c: scope_hint: In function ‘audit_logger’
shadow-4.17.4/lib/audit_help.c:72:17: warning[-Wunused-result]: ignoring return value of ‘audit_log_acct_message’ declared with attribute ‘warn_unused_result’
#   72 |                 audit_log_acct_message (audit_fd, type, NULL, op, name, id,
#      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   73 |                                         NULL, NULL, NULL, result);
#      |                                         ~~~~~~~~~~~~~~~~~~~~~~~~~
#   70|   		return;
#   71|   	} else {
#   72|-> 		audit_log_acct_message (audit_fd, type, NULL, op, name, id,
#   73|   		                        NULL, NULL, NULL, result);
#   74|   	}

Error: COMPILER_WARNING (CWE-252): [#def9]
shadow-4.17.4/lib/audit_help.c: scope_hint: In function ‘audit_logger_with_group’
shadow-4.17.4/lib/audit_help.c:114:9: warning[-Wunused-result]: ignoring return value of ‘audit_log_acct_message’ declared with attribute ‘warn_unused_result’
#  114 |         audit_log_acct_message(audit_fd, type, NULL, buf, name, id,
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  115 |                                NULL, NULL, NULL, result);
#      |                                ~~~~~~~~~~~~~~~~~~~~~~~~~
#  112|   	}
#  113|   
#  114|-> 	audit_log_acct_message(audit_fd, type, NULL, buf, name, id,
#  115|   		               NULL, NULL, NULL, result);
#  116|   }

Error: COMPILER_WARNING (CWE-252): [#def10]
shadow-4.17.4/lib/audit_help.c: scope_hint: In function ‘audit_logger_message’
shadow-4.17.4/lib/audit_help.c:123:17: warning[-Wunused-result]: ignoring return value of ‘audit_log_user_message’ declared with attribute ‘warn_unused_result’
#  123 |                 audit_log_user_message (audit_fd,
#      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  124 |                                         AUDIT_USYS_CONFIG,
#      |                                         ~~~~~~~~~~~~~~~~~~
#  125 |                                         message,
#      |                                         ~~~~~~~~
#  126 |                                         NULL, /* hostname */
#      |                                         ~~~~~~~~~~~~~~~~~~~~
#  127 |                                         NULL, /* addr */
#      |                                         ~~~~~~~~~~~~~~~~
#  128 |                                         NULL, /* tty */
#      |                                         ~~~~~~~~~~~~~~~
#  129 |                                         result);
#      |                                         ~~~~~~~
#  121|   		return;
#  122|   	} else {
#  123|-> 		audit_log_user_message (audit_fd,
#  124|   		                        AUDIT_USYS_CONFIG,
#  125|   		                        message,

Error: GCC_ANALYZER_WARNING (CWE-476): [#def11]
shadow-4.17.4/lib/commonio.c:846:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘*shadow.head’
shadow-4.17.4/lib/commonio.c:810:12: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/commonio.c:814:37: branch_true: following ‘true’ branch (when ‘pw_ptr’ is non-NULL)...
shadow-4.17.4/lib/commonio.c:815:29: branch_true: ...to here
shadow-4.17.4/lib/commonio.c:815:20: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/commonio.c:818:24: branch_false: ...to here
shadow-4.17.4/lib/commonio.c:828:20: branch_true: following ‘true’ branch (when ‘spw_ptr’ is NULL)...
shadow-4.17.4/lib/commonio.c:828:20: branch_true: ...to here
shadow-4.17.4/lib/commonio.c:814:37: branch_false: following ‘false’ branch (when ‘pw_ptr’ is NULL)...
 branch_false: ...to here
shadow-4.17.4/lib/commonio.c:836:30: branch_false: following ‘false’ branch (when ‘head’ is NULL)...
shadow-4.17.4/lib/commonio.c:846:9: branch_false: ...to here
shadow-4.17.4/lib/commonio.c:846:9: danger: dereference of NULL ‘*shadow.head’
#  844|   	}
#  845|   
#  846|-> 	shadow->head->prev = NULL;
#  847|   	shadow->changed = true;
#  848|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def12]
shadow-4.17.4/lib/copydir.c:232:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, 1, 40)’
shadow-4.17.4/lib/copydir.c:872:5: enter_function: entry to ‘copy_tree’
shadow-4.17.4/lib/copydir.c:888:16: call_function: calling ‘copy_tree_impl’ from ‘copy_tree’
#  230|   
#  231|   	lp = XMALLOC(1, struct link_name);
#  232|-> 	lp->ln_dev = sb->st_dev;
#  233|   	lp->ln_ino = sb->st_ino;
#  234|   	lp->ln_count = sb->st_nlink;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def13]
shadow-4.17.4/lib/fd.c:39:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
shadow-4.17.4/lib/fd.c:38:19: acquire_resource: opened here
shadow-4.17.4/lib/fd.c:39:12: danger: ‘open("/dev/null", 2)’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   37|   
#   38|   	devnull = open("/dev/null", O_RDWR);
#   39|-> 	if (devnull != fd)
#   40|   		abort();
#   41|   }

Error: GCC_ANALYZER_WARNING (CWE-122): [#def14]
shadow-4.17.4/lib/find_new_gid.c:126:34: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read
shadow-4.17.4/lib/find_new_gid.c:155:5: enter_function: entry to ‘find_new_gid’
shadow-4.17.4/lib/find_new_gid.c:167:9: branch_true: following ‘true’ branch (when ‘gid’ is non-NULL)...
shadow-4.17.4/lib/find_new_gid.c:173:18: branch_true: ...to here
shadow-4.17.4/lib/find_new_gid.c:173:18: call_function: calling ‘get_ranges’ from ‘find_new_gid’
shadow-4.17.4/lib/find_new_gid.c:173:18: return_function: returning to ‘find_new_gid’ from ‘get_ranges’
shadow-4.17.4/lib/find_new_gid.c:174:12: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/find_new_gid.c:179:12: branch_false: ...to here
shadow-4.17.4/lib/find_new_gid.c:237:12: branch_false: following ‘false’ branch (when ‘used_gids’ is non-NULL)...
shadow-4.17.4/lib/find_new_gid.c:245:16: branch_false: ...to here
shadow-4.17.4/lib/find_new_gid.c:273:12: branch_true: following ‘true’ branch (when ‘sys_group != 0’)...
shadow-4.17.4/lib/find_new_gid.c:283:20: branch_true: ...to here
shadow-4.17.4/lib/find_new_gid.c:299:41: branch_true: following ‘true’ branch (when ‘id >= highest_found’)...
shadow-4.17.4/lib/find_new_gid.c:300:34: branch_true: ...to here
shadow-4.17.4/lib/find_new_gid.c:301:28: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/find_new_gid.c:306:36: branch_false: ...to here
shadow-4.17.4/lib/find_new_gid.c:299:41: branch_true: following ‘true’ branch (when ‘id >= highest_found’)...
shadow-4.17.4/lib/find_new_gid.c:300:34: branch_true: ...to here
shadow-4.17.4/lib/find_new_gid.c:300:34: call_function: calling ‘check_gid’ from ‘find_new_gid’
#  124|   	 * using the gr_next() loop
#  125|   	 */
#  126|-> 	if (used_gids != NULL && used_gids[gid]) {
#  127|   		return EEXIST;
#  128|   	}

Error: GCC_ANALYZER_WARNING (CWE-122): [#def15]
shadow-4.17.4/lib/find_new_uid.c:126:34: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read
shadow-4.17.4/lib/find_new_uid.c:155:5: enter_function: entry to ‘find_new_uid’
shadow-4.17.4/lib/find_new_uid.c:167:9: branch_true: following ‘true’ branch (when ‘uid’ is non-NULL)...
shadow-4.17.4/lib/find_new_uid.c:173:18: branch_true: ...to here
shadow-4.17.4/lib/find_new_uid.c:173:18: call_function: calling ‘get_ranges’ from ‘find_new_uid’
shadow-4.17.4/lib/find_new_uid.c:173:18: return_function: returning to ‘find_new_uid’ from ‘get_ranges’
shadow-4.17.4/lib/find_new_uid.c:174:12: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/find_new_uid.c:179:12: branch_false: ...to here
shadow-4.17.4/lib/find_new_uid.c:237:12: branch_false: following ‘false’ branch (when ‘used_uids’ is non-NULL)...
shadow-4.17.4/lib/find_new_uid.c:245:16: branch_false: ...to here
shadow-4.17.4/lib/find_new_uid.c:273:12: branch_true: following ‘true’ branch (when ‘sys_user != 0’)...
shadow-4.17.4/lib/find_new_uid.c:283:20: branch_true: ...to here
shadow-4.17.4/lib/find_new_uid.c:299:41: branch_true: following ‘true’ branch (when ‘id >= highest_found’)...
shadow-4.17.4/lib/find_new_uid.c:300:34: branch_true: ...to here
shadow-4.17.4/lib/find_new_uid.c:301:28: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/find_new_uid.c:306:36: branch_false: ...to here
shadow-4.17.4/lib/find_new_uid.c:299:41: branch_true: following ‘true’ branch (when ‘id >= highest_found’)...
shadow-4.17.4/lib/find_new_uid.c:300:34: branch_true: ...to here
shadow-4.17.4/lib/find_new_uid.c:300:34: call_function: calling ‘check_uid’ from ‘find_new_uid’
#  124|   	 * using the pw_next() loop
#  125|   	 */
#  126|-> 	if (used_uids != NULL && used_uids[uid]) {
#  127|   		return EEXIST;
#  128|   	}

Error: GCC_ANALYZER_WARNING (CWE-457): [#def16]
shadow-4.17.4/lib/getdate.c:1196:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyss’
shadow-4.17.4/lib/getdate.c:1154:6: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/getdate.c:1160:28: branch_true: ...to here
shadow-4.17.4/lib/getdate.c:1183:10: branch_false: following ‘false’ branch (when ‘yystacksize <= 9999’)...
shadow-4.17.4/lib/getdate.c:1185:7: branch_false: ...to here
shadow-4.17.4/lib/getdate.c:1194:12: branch_false: following ‘false’ branch (when ‘yyptr’ is non-NULL)...
shadow-4.17.4/lib/getdate.c:1196:9: branch_false: ...to here
shadow-4.17.4/lib/getdate.c:1196:9: danger: use of uninitialized value ‘yyss’ here
# 1194|           if (! yyptr)
# 1195|             YYNOMEM;
# 1196|->         YYSTACK_RELOCATE (yyss_alloc, yyss);
# 1197|           YYSTACK_RELOCATE (yyvs_alloc, yyvs);
# 1198|   #  undef YYSTACK_RELOCATE

Error: GCC_ANALYZER_WARNING (CWE-457): [#def17]
shadow-4.17.4/lib/getdate.c:1323:3: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*(unsigned int *)<unknown>’
shadow-4.17.4/lib/getdate.c:1154:6: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/getdate.c:1218:6: branch_false: ...to here
shadow-4.17.4/lib/getdate.c:1218:6: branch_false: following ‘false’ branch (when ‘gd_state != 2’)...
shadow-4.17.4/lib/getdate.c:1221:3: branch_false: ...to here
shadow-4.17.4/lib/getdate.c:1233:6: branch_true: following ‘true’ branch (when ‘yyn == -15’)...
shadow-4.17.4/lib/getdate.c:1234:5: branch_true: ...to here
shadow-4.17.4/lib/getdate.c:1303:6: branch_false: following ‘false’ branch (when ‘yyn != 0’)...
shadow-4.17.4/lib/getdate.c:1305:3: branch_false: ...to here
shadow-4.17.4/lib/getdate.c:1323:3: danger: use of uninitialized value ‘*(unsigned int *)<unknown>’ here
# 1321|        unconditionally makes the parser a bit smaller, and it avoids a
# 1322|        GCC warning that YYVAL may be used uninitialized.  */
# 1323|->   yyval = yyvsp[1-yylen];
# 1324|   
# 1325|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def18]
shadow-4.17.4/lib/getdef.c:400:9: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
shadow-4.17.4/lib/getdef.c:477:13: enter_function: entry to ‘def_load’
shadow-4.17.4/lib/getdef.c:491:12: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/getdef.c:500:22: branch_false: ...to here
shadow-4.17.4/lib/getdef.c:500:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
shadow-4.17.4/lib/getdef.c:506:28: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/getdef.c:509:67: branch_true: ...to here
shadow-4.17.4/lib/getdef.c:510:20: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/getdef.c:523:23: branch_false: ...to here
shadow-4.17.4/lib/getdef.c:523:23: call_function: calling ‘putdef_str’ from ‘def_load’
#  398|   
#  399|   	free (d->value);
#  400|-> 	d->value = cp;
#  401|   	return 0;
#  402|   }

Error: COMPILER_WARNING (CWE-477): [#def19]
shadow-4.17.4/lib/getdef.c: scope_hint: In function ‘def_load’
shadow-4.17.4/lib/getdef.c:490:9: warning[-Wdeprecated-declarations]: ‘econf_readDirs’ is deprecated: Use the econf_readConfig/econf_readConfigWithCallback instead
#  490 |         error = econf_readDirs (&defs_file, vendordir, sysconfdir, "login", "defs", " \t", "#");
#      |         ^~~~~
shadow-4.17.4/lib/getdef.c:22: included_from: Included from here.
/usr/include/libeconf.h:497:1: note: declared here
#  497 | econf_readDirs(econf_file **key_file,
#      | ^~~~~~~~~~~~~~
#  488|   	def_loaded = true;
#  489|   
#  490|-> 	error = econf_readDirs (&defs_file, vendordir, sysconfdir, "login", "defs", " \t", "#");
#  491|   	if (error) {
#  492|   		if (error == ECONF_NOFILE)

Error: COMPILER_WARNING (CWE-477): [#def20]
shadow-4.17.4/lib/getdef.c:490:9: warning[-Wdeprecated-declarations]: ‘econf_readDirs’ is deprecated: Use the econf_readConfig/econf_readConfigWithCallback instead
#  488|   	def_loaded = true;
#  489|   
#  490|-> 	error = econf_readDirs (&defs_file, vendordir, sysconfdir, "login", "defs", " \t", "#");
#  491|   	if (error) {
#  492|   		if (error == ECONF_NOFILE)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def21]
shadow-4.17.4/lib/list.c:64:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)(i + 2), 8)’
shadow-4.17.4/lib/list.c:31:1: enter_function: entry to ‘add_list’
shadow-4.17.4/lib/list.c:36:9: branch_true: following ‘true’ branch (when ‘member’ is non-NULL)...
shadow-4.17.4/lib/list.c:37:9: branch_true: ...to here
shadow-4.17.4/lib/list.c:37:9: branch_true: following ‘true’ branch (when ‘list’ is non-NULL)...
 branch_true: ...to here
shadow-4.17.4/lib/list.c:55:15: call_function: inlined call to ‘xmallocarray’ from ‘add_list’
shadow-4.17.4/lib/list.c:63:21: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/list.c:64:20: branch_true: ...to here
shadow-4.17.4/lib/list.c:64:17: danger: ‘xreallocarray(0, (long unsigned int)(i + 2), 8) + (long unsigned int)i * 8’ could be NULL: unchecked value from [(7)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/6)
#   62|   
#   63|   	for (i = 0; list[i] != NULL; i++) {
#   64|-> 		tmp[i] = list[i];
#   65|   	}
#   66|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def22]
shadow-4.17.4/lib/list.c:67:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)(i + 2), 8)’
shadow-4.17.4/lib/list.c:31:1: enter_function: entry to ‘add_list’
shadow-4.17.4/lib/list.c:36:9: branch_true: following ‘true’ branch (when ‘member’ is non-NULL)...
shadow-4.17.4/lib/list.c:37:9: branch_true: ...to here
shadow-4.17.4/lib/list.c:37:9: branch_true: following ‘true’ branch (when ‘list’ is non-NULL)...
 branch_true: ...to here
shadow-4.17.4/lib/list.c:55:15: call_function: inlined call to ‘xmallocarray’ from ‘add_list’
shadow-4.17.4/lib/list.c:63:21: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/list.c:67:12: branch_false: ...to here
shadow-4.17.4/lib/list.c:67:9: danger: ‘xreallocarray(0, (long unsigned int)(i + 2), 8) + (long unsigned int)i * 8’ could be NULL: unchecked value from [(7)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/6)
#   65|   	}
#   66|   
#   67|-> 	tmp[i] = xstrdup (member);
#   68|   	tmp[i+1] = NULL;
#   69|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def23]
shadow-4.17.4/lib/list.c:120:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)(j + 1), 8)’
shadow-4.17.4/lib/list.c:82:1: enter_function: entry to ‘del_list’
shadow-4.17.4/lib/list.c:87:9: branch_true: following ‘true’ branch (when ‘member’ is non-NULL)...
shadow-4.17.4/lib/list.c:88:9: branch_true: ...to here
shadow-4.17.4/lib/list.c:88:9: branch_true: following ‘true’ branch (when ‘list’ is non-NULL)...
 branch_true: ...to here
shadow-4.17.4/lib/list.c:101:12: branch_false: following ‘false’ branch (when ‘i != j’)...
shadow-4.17.4/lib/list.c:110:15: branch_false: ...to here
shadow-4.17.4/lib/list.c:110:15: call_function: inlined call to ‘xmallocarray’ from ‘del_list’
shadow-4.17.4/lib/list.c:118:25: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/list.c:119:22: call_function: inlined call to ‘streq’ from ‘del_list’
shadow-4.17.4/lib/list.c:119:20: branch_true: following ‘true’ branch (when the strings are non-equal)...
shadow-4.17.4/lib/list.c:120:28: branch_true: ...to here
shadow-4.17.4/lib/list.c:120:25: danger: ‘xreallocarray(0, (long unsigned int)(j + 1), 8) + (long unsigned int)j * 8’ could be NULL: unchecked value from [(9)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/8)
#  118|   	for (i = j = 0; list[i] != NULL; i++) {
#  119|   		if (!streq(list[i], member)) {
#  120|-> 			tmp[j] = list[i];
#  121|   			j++;
#  122|   		}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def24]
shadow-4.17.4/lib/list.c:125:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)(j + 1), 8)’
shadow-4.17.4/lib/list.c:82:1: enter_function: entry to ‘del_list’
shadow-4.17.4/lib/list.c:87:9: branch_true: following ‘true’ branch (when ‘member’ is non-NULL)...
shadow-4.17.4/lib/list.c:88:9: branch_true: ...to here
shadow-4.17.4/lib/list.c:88:9: branch_true: following ‘true’ branch (when ‘list’ is non-NULL)...
 branch_true: ...to here
shadow-4.17.4/lib/list.c:101:12: branch_false: following ‘false’ branch (when ‘i != j’)...
shadow-4.17.4/lib/list.c:110:15: branch_false: ...to here
shadow-4.17.4/lib/list.c:110:15: call_function: inlined call to ‘xmallocarray’ from ‘del_list’
shadow-4.17.4/lib/list.c:125:9: danger: ‘xreallocarray(0, (long unsigned int)(j + 1), 8) + (long unsigned int)j * 8’ could be NULL: unchecked value from [(9)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/8)
#  123|   	}
#  124|   
#  125|-> 	tmp[j] = NULL;
#  126|   
#  127|   	return tmp;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def25]
shadow-4.17.4/lib/list.c:150:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)(i + 1), 8)’
shadow-4.17.4/lib/list.c:137:1: enter_function: entry to ‘dup_list’
shadow-4.17.4/lib/list.c:142:9: branch_true: following ‘true’ branch (when ‘list’ is non-NULL)...
 branch_true: ...to here
shadow-4.17.4/lib/list.c:146:15: call_function: inlined call to ‘xmallocarray’ from ‘dup_list’
shadow-4.17.4/lib/list.c:149:16: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/list.c:150:20: branch_true: ...to here
shadow-4.17.4/lib/list.c:150:17: danger: ‘xreallocarray(0, (long unsigned int)(i + 1), 8) + (long unsigned int)i * 8’ could be NULL: unchecked value from [(5)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/4)
#  148|   	i = 0;
#  149|   	while (NULL != *list) {
#  150|-> 		tmp[i] = xstrdup (*list);
#  151|   		i++;
#  152|   		list++;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def26]
shadow-4.17.4/lib/list.c:155:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, (long unsigned int)(i + 1), 8)’
shadow-4.17.4/lib/list.c:137:1: enter_function: entry to ‘dup_list’
shadow-4.17.4/lib/list.c:142:9: branch_true: following ‘true’ branch (when ‘list’ is non-NULL)...
 branch_true: ...to here
shadow-4.17.4/lib/list.c:146:15: call_function: inlined call to ‘xmallocarray’ from ‘dup_list’
shadow-4.17.4/lib/list.c:149:16: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/list.c:155:12: branch_false: ...to here
shadow-4.17.4/lib/list.c:155:9: danger: ‘xreallocarray(0, (long unsigned int)(i + 1), 8) + (long unsigned int)i * 8’ could be NULL: unchecked value from [(5)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/4)
#  153|   	}
#  154|   
#  155|-> 	tmp[i] = NULL;
#  156|   	return tmp;
#  157|   }

Error: COMPILER_WARNING (CWE-563): [#def27]
shadow-4.17.4/lib/list.c: scope_hint: In function ‘comma_to_list’
shadow-4.17.4/lib/list.c:191:15: warning[-Wunused-variable]: unused variable ‘cp2’
#  191 |         char *cp2;
#      |               ^~~
#  189|   	int i;
#  190|   	char *cp;
#  191|-> 	char *cp2;
#  192|   
#  193|   	assert (NULL != comma);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def28]
shadow-4.17.4/lib/list.c:213:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, n + 2, 8)’
shadow-4.17.4/lib/list.c:185:1: enter_function: entry to ‘comma_to_list’
shadow-4.17.4/lib/list.c:193:9: branch_true: following ‘true’ branch (when ‘comma’ is non-NULL)...
shadow-4.17.4/lib/list.c:199:19: branch_true: ...to here
shadow-4.17.4/lib/list.c:206:17: call_function: inlined call to ‘strchrcnt’ from ‘comma_to_list’
shadow-4.17.4/lib/list.c:206:17: branch_false: ...to here
shadow-4.17.4/lib/list.c:206:17: call_function: inlined call to ‘xmallocarray’ from ‘comma_to_list’
shadow-4.17.4/lib/list.c:212:12: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/list.c:213:17: branch_true: ...to here
shadow-4.17.4/lib/list.c:213:17: danger: ‘xreallocarray(0, n + 2, 8)’ could be NULL: unchecked value from [(8)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/7)
#  211|   
#  212|   	if (streq(members, "")) {
#  213|-> 		*array = NULL;
#  214|   		free (members);
#  215|   		return array;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def29]
shadow-4.17.4/lib/list.c:224:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, n + 2, 8)’
shadow-4.17.4/lib/list.c:185:1: enter_function: entry to ‘comma_to_list’
shadow-4.17.4/lib/list.c:193:9: branch_true: following ‘true’ branch (when ‘comma’ is non-NULL)...
shadow-4.17.4/lib/list.c:199:19: branch_true: ...to here
shadow-4.17.4/lib/list.c:206:17: call_function: inlined call to ‘strchrcnt’ from ‘comma_to_list’
shadow-4.17.4/lib/list.c:206:17: branch_false: ...to here
shadow-4.17.4/lib/list.c:206:17: call_function: inlined call to ‘xmallocarray’ from ‘comma_to_list’
shadow-4.17.4/lib/list.c:212:12: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/list.c:223:14: branch_false: ...to here
shadow-4.17.4/lib/list.c:223:35: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/list.c:224:22: branch_true: ...to here
shadow-4.17.4/lib/list.c:224:17: danger: ‘xreallocarray(0, n + 2, 8) + (long unsigned int)i * 8’ could be NULL: unchecked value from [(8)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/7)
#  222|   
#  223|   	for (cp = members, i = 0; cp != NULL; i++)
#  224|-> 		array[i] = strsep(&cp, ",");
#  225|   	array[i] = NULL;
#  226|   

Error: COMPILER_WARNING: [#def30]
shadow-4.17.4/lib/sizeof.h:16: included_from: Included from here.
shadow-4.17.4/lib/utmp.c:28: included_from: Included from here.
shadow-4.17.4/lib/must_be.h:53:17: warning: anonymous struct declared inside parameter list will not be visible outside of this definition or declaration
#   53 |                 struct {                                                      \
#      |                 ^~~~~~
shadow-4.17.4/lib/must_be.h:113:9: note: in expansion of macro ‘must_be’
#  113 |         must_be(is_array(a))                                                  \
#      |         ^~~~~~~
shadow-4.17.4/lib/sizeof.h:22:43: note: in expansion of macro ‘must_be_array’
#   22 | #define SIZEOF_ARRAY(a)      (sizeof(a) + must_be_array(a))
#      |                                           ^~~~~~~~~~~~~
shadow-4.17.4/lib/sizeof.h:23:31: note: in expansion of macro ‘SIZEOF_ARRAY’
#   23 | #define NITEMS(a)            (SIZEOF_ARRAY((a)) / sizeof((a)[0]))
#      |                               ^~~~~~~~~~~~
shadow-4.17.4/lib/utmp.c:38:23: note: in expansion of macro ‘NITEMS’
#   38 | #define UTX_LINESIZE  NITEMS(memberof(struct utmpx, ut_line))
#      |                       ^~~~~~
shadow-4.17.4/lib/utmp.c:45:26: note: in expansion of macro ‘UTX_LINESIZE’
#   45 | is_my_tty(const char tty[UTX_LINESIZE])
#      |                          ^~~~~~~~~~~~
#   51|   (                                                                             \
#   52|   	0 * (int) sizeof(                                                     \
#   53|-> 		struct {                                                      \
#   54|   			static_assert(e, "");                                 \
#   55|   			int ISO_C_forbids_a_struct_with_no_members_;          \

Error: COMPILER_WARNING (CWE-563): [#def31]
shadow-4.17.4/lib/commonio.c:30: included_from: Included from here.
shadow-4.17.4/lib/commonio.c: scope_hint: In function ‘dec_lock_count’
shadow-4.17.4/lib/nscd.h:10:35: warning[-Wunused-value]: statement with no effect
#   10 | #define nscd_flush_cache(service) (0)
#      |                                   ^
shadow-4.17.4/lib/commonio.c:452:33: note: in expansion of macro ‘nscd_flush_cache’
#  452 |                                 nscd_flush_cache ("passwd");
#      |                                 ^~~~~~~~~~~~~~~~
#    8|   extern int nscd_flush_cache (const char *service);
#    9|   #else
#   10|-> #define nscd_flush_cache(service) (0)
#   11|   #endif
#   12|   

Error: COMPILER_WARNING (CWE-563): [#def32]
shadow-4.17.4/lib/prefix_flag.c:41:14: warning[-Wunused-variable]: ‘def_conf_file’ defined but not used
#   41 | static char *def_conf_file = NULL;
#      |              ^~~~~~~~~~~~~
#   39|   static char *suid_db_file = NULL;
#   40|   static char *sgid_db_file = NULL;
#   41|-> static char *def_conf_file = NULL;
#   42|   static FILE* fp_pwent = NULL;
#   43|   static FILE* fp_grent = NULL;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def33]
shadow-4.17.4/lib/readpassphrase.c:93:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 2)’
shadow-4.17.4/lib/readpassphrase.c:63:12: branch_false: following ‘false’ branch (when ‘bufsiz != 0’)...
 branch_false: ...to here
shadow-4.17.4/lib/readpassphrase.c:69:21: branch_true: following ‘true’ branch (when ‘i != 65’)...
shadow-4.17.4/lib/readpassphrase.c:70:17: branch_true: ...to here
shadow-4.17.4/lib/readpassphrase.c:78:12: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/readpassphrase.c:79:31: branch_false: ...to here
shadow-4.17.4/lib/readpassphrase.c:79:31: acquire_resource: opened here
shadow-4.17.4/lib/readpassphrase.c:78:13: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/readpassphrase.c:93:12: branch_false: ...to here
shadow-4.17.4/lib/readpassphrase.c:93:12: danger: ‘open("/dev/tty", 2)’ leaks here; was opened at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#   91|   	 * generate SIGTTOU, so do it *before* installing the signal handlers.
#   92|   	 */
#   93|-> 	if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
#   94|   		memcpy(&term, &oterm, sizeof(term));
#   95|   		if (!(flags & RPP_ECHO_ON))

Error: COMPILER_WARNING (CWE-252): [#def34]
shadow-4.17.4/lib/readpassphrase.c: scope_hint: In function ‘readpassphrase’
shadow-4.17.4/lib/readpassphrase.c:128:23: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  128 |                 (void)write(output, prompt, strlen(prompt));
#      |                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  126|   
#  127|   	if (!(flags & RPP_STDIN))
#  128|-> 		(void)write(output, prompt, strlen(prompt));
#  129|   	end = buf + bufsiz - 1;
#  130|   	p = buf;

Error: COMPILER_WARNING (CWE-252): [#def35]
shadow-4.17.4/lib/readpassphrase.c:147:23: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  147 |                 (void)write(output, "\n", 1);
#      |                       ^~~~~~~~~~~~~~~~~~~~~~
#  145|   	save_errno = errno;
#  146|   	if (!(term.c_lflag & ECHO))
#  147|-> 		(void)write(output, "\n", 1);
#  148|   
#  149|   	/* Restore old terminal settings and signals. */

Error: COMPILER_WARNING (CWE-563): [#def36]
shadow-4.17.4/lib/commonio.c:36: included_from: Included from here.
shadow-4.17.4/lib/sssd.h:13:35: warning[-Wunused-value]: statement with no effect
#   13 | #define sssd_flush_cache(service) (0)
#      |                                   ^
shadow-4.17.4/lib/commonio.c:454:33: note: in expansion of macro ‘sssd_flush_cache’
#  454 |                                 sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
#      |                                 ^~~~~~~~~~~~~~~~
#   11|   extern int sssd_flush_cache (int dbflags);
#   12|   #else
#   13|-> #define sssd_flush_cache(service) (0)
#   14|   #endif
#   15|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def37]
shadow-4.17.4/lib/string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup("/")’
shadow-4.17.4/lib/setupenv.c:170:6: enter_function: entry to ‘setup_env’
shadow-4.17.4/lib/setupenv.c:188:12: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/setupenv.c:189:22: branch_true: ...to here
shadow-4.17.4/lib/setupenv.c:189:20: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/setupenv.c:189:54: branch_true: ...to here
shadow-4.17.4/lib/setupenv.c:189:21: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/setupenv.c:198:30: branch_false: ...to here
shadow-4.17.4/lib/setupenv.c:200:32: acquire_memory: allocated here
shadow-4.17.4/lib/setupenv.c:200:32: call_function: calling ‘xstrdup’ from ‘setup_env’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def38]
shadow-4.17.4/lib/string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup("/bin/sh")’
shadow-4.17.4/lib/setupenv.c:170:6: enter_function: entry to ‘setup_env’
shadow-4.17.4/lib/setupenv.c:215:34: acquire_memory: allocated here
shadow-4.17.4/lib/setupenv.c:215:34: call_function: calling ‘xstrdup’ from ‘setup_env’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def39]
shadow-4.17.4/lib/string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*list)’
shadow-4.17.4/lib/list.c:137:1: enter_function: entry to ‘dup_list’
shadow-4.17.4/lib/list.c:142:9: branch_true: following ‘true’ branch (when ‘list’ is non-NULL)...
 branch_true: ...to here
shadow-4.17.4/lib/list.c:149:16: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/list.c:150:20: branch_true: ...to here
shadow-4.17.4/lib/list.c:150:26: acquire_memory: allocated here
shadow-4.17.4/lib/list.c:150:26: call_function: calling ‘xstrdup’ from ‘dup_list’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def40]
shadow-4.17.4/lib/string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(comma)’
shadow-4.17.4/lib/list.c:185:1: enter_function: entry to ‘comma_to_list’
shadow-4.17.4/lib/list.c:193:9: branch_true: following ‘true’ branch (when ‘comma’ is non-NULL)...
shadow-4.17.4/lib/list.c:199:19: branch_true: ...to here
shadow-4.17.4/lib/list.c:199:19: acquire_memory: allocated here
shadow-4.17.4/lib/list.c:199:19: call_function: calling ‘xstrdup’ from ‘comma_to_list’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def41]
shadow-4.17.4/lib/string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(host)’
shadow-4.17.4/lib/utmp.c:245:1: enter_function: entry to ‘prepare_utmp’
shadow-4.17.4/lib/utmp.c:252:9: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
shadow-4.17.4/lib/utmp.c:253:9: branch_true: ...to here
shadow-4.17.4/lib/utmp.c:253:9: branch_true: following ‘true’ branch (when ‘line’ is non-NULL)...
shadow-4.17.4/lib/utmp.c:257:12: branch_true: ...to here
shadow-4.17.4/lib/utmp.c:257:12: branch_true: following ‘true’ branch (when ‘host’ is non-NULL)...
shadow-4.17.4/lib/utmp.c:257:30: call_function: inlined call to ‘streq’ from ‘prepare_utmp’
shadow-4.17.4/lib/utmp.c:257:13: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/utmp.c:258:28: branch_true: ...to here
shadow-4.17.4/lib/utmp.c:258:28: acquire_memory: allocated here
shadow-4.17.4/lib/utmp.c:258:28: call_function: calling ‘xstrdup’ from ‘prepare_utmp’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def42]
shadow-4.17.4/lib/string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(member)’
shadow-4.17.4/lib/list.c:31:1: enter_function: entry to ‘add_list’
shadow-4.17.4/lib/list.c:36:9: branch_true: following ‘true’ branch (when ‘member’ is non-NULL)...
shadow-4.17.4/lib/list.c:37:9: branch_true: ...to here
shadow-4.17.4/lib/list.c:37:9: branch_true: following ‘true’ branch (when ‘list’ is non-NULL)...
 branch_true: ...to here
shadow-4.17.4/lib/list.c:63:21: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/list.c:67:12: branch_false: ...to here
shadow-4.17.4/lib/list.c:67:18: acquire_memory: allocated here
shadow-4.17.4/lib/list.c:67:18: call_function: calling ‘xstrdup’ from ‘add_list’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def43]
shadow-4.17.4/lib/string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(new)’
shadow-4.17.4/lib/obscure.c:123:44: enter_function: entry to ‘obscure_msg’
shadow-4.17.4/lib/obscure.c:136:12: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/obscure.c:143:14: branch_false: ...to here
shadow-4.17.4/lib/obscure.c:143:12: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/obscure.c:147:15: branch_true: ...to here
shadow-4.17.4/lib/obscure.c:147:15: call_function: calling ‘password_check’ from ‘obscure_msg’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def44]
shadow-4.17.4/lib/string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(string)’
shadow-4.17.4/lib/env.c:158:6: enter_function: entry to ‘set_env’
shadow-4.17.4/lib/env.c:164:16: branch_true: following ‘true’ branch (when ‘argc > 0’)...
shadow-4.17.4/lib/env.c:165:21: branch_true: ...to here
shadow-4.17.4/lib/env.c:165:20: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/env.c:169:22: branch_false: ...to here
shadow-4.17.4/lib/env.c:170:20: branch_true: following ‘true’ branch (when ‘cp’ is NULL)...
shadow-4.17.4/lib/env.c:171:25: branch_true: ...to here
shadow-4.17.4/lib/env.c:171:25: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/env.c:172:25: branch_true: ...to here
shadow-4.17.4/lib/env.c:173:25: call_function: calling ‘addenv’ from ‘set_env’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def45]
shadow-4.17.4/lib/string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(0, strlen(str) + 1, 1)’ where non-null expected
shadow-4.17.4/lib/env.c:74:6: enter_function: entry to ‘addenv’
shadow-4.17.4/lib/env.c:79:12: branch_false: following ‘false’ branch (when ‘value’ is NULL)...
shadow-4.17.4/lib/env.c:82:29: branch_false: ...to here
shadow-4.17.4/lib/env.c:82:29: call_function: calling ‘xstrdup’ from ‘addenv’
#argument 1 of ‘__builtin_strcpy’ must be non-null
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def46]
shadow-4.17.4/lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*list)’
shadow-4.17.4/lib/list.c:137:1: enter_function: entry to ‘dup_list’
shadow-4.17.4/lib/list.c:142:9: branch_true: following ‘true’ branch (when ‘list’ is non-NULL)...
 branch_true: ...to here
shadow-4.17.4/lib/list.c:149:16: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/list.c:150:20: branch_true: ...to here
shadow-4.17.4/lib/list.c:150:26: acquire_memory: allocated here
shadow-4.17.4/lib/list.c:149:16: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/list.c:150:20: branch_true: ...to here
shadow-4.17.4/lib/list.c:150:26: acquire_memory: allocated here
shadow-4.17.4/lib/list.c:150:26: call_function: calling ‘xstrdup’ from ‘dup_list’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def47]
shadow-4.17.4/lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(new)’
shadow-4.17.4/lib/obscure.c:91:44: enter_function: entry to ‘password_check’
shadow-4.17.4/lib/obscure.c:103:19: acquire_memory: allocated here
shadow-4.17.4/lib/obscure.c:103:19: call_function: calling ‘xstrdup’ from ‘password_check’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def48]
shadow-4.17.4/lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(old)’
shadow-4.17.4/lib/obscure.c:91:44: enter_function: entry to ‘password_check’
shadow-4.17.4/lib/obscure.c:104:19: acquire_memory: allocated here
shadow-4.17.4/lib/obscure.c:104:19: call_function: calling ‘xstrdup’ from ‘password_check’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def49]
shadow-4.17.4/lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(string)’
shadow-4.17.4/lib/env.c:74:6: enter_function: entry to ‘addenv’
shadow-4.17.4/lib/env.c:79:12: branch_false: following ‘false’ branch (when ‘value’ is NULL)...
shadow-4.17.4/lib/env.c:82:29: branch_false: ...to here
shadow-4.17.4/lib/env.c:82:29: acquire_memory: allocated here
shadow-4.17.4/lib/env.c:82:29: call_function: calling ‘xstrdup’ from ‘addenv’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: COMPILER_WARNING (CWE-704): [#def50]
shadow-4.17.4/lib/string/strspn/stprcspn.h:13: included_from: Included from here.
shadow-4.17.4/lib/basename.c:20: included_from: Included from here.
shadow-4.17.4/lib/string/strspn/strrcspn.h: scope_hint: In function ‘strrcspn’
shadow-4.17.4/lib/string/strspn/strrcspn.h:29:11: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#   29 |         p = strnul(s);
#      |           ^
#   27|   	char  *p;
#   28|   
#   29|-> 	p = strnul(s);
#   30|   	while (p > s) {
#   31|   		p--;

Error: COMPILER_WARNING (CWE-704): [#def51]
shadow-4.17.4/lib/string/strspn/stprspn.h:13: included_from: Included from here.
shadow-4.17.4/lib/fields.c:21: included_from: Included from here.
shadow-4.17.4/lib/string/strspn/strrspn.h: scope_hint: In function ‘strrspn_’
shadow-4.17.4/lib/string/strspn/strrspn.h:29:11: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#   29 |         p = strnul(s);
#      |           ^
#   27|   	char  *p;
#   28|   
#   29|-> 	p = strnul(s);
#   30|   	while (p > s) {
#   31|   		p--;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def52]
shadow-4.17.4/lib/sulog.c:59:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(getdef_str("SULOG_FILE"), "a+")’
shadow-4.17.4/lib/sulog.c:35:17: branch_false: following ‘false’ branch (when ‘saved_locale’ is NULL)...
shadow-4.17.4/lib/sulog.c:42:22: branch_false: ...to here
shadow-4.17.4/lib/sulog.c:43:12: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/sulog.c:47:18: branch_false: ...to here
shadow-4.17.4/lib/sulog.c:57:14: acquire_resource: opened here
shadow-4.17.4/lib/sulog.c:59:12: branch_true: following ‘true’ branch (when ‘oldgid != 0’)...
shadow-4.17.4/lib/sulog.c:59:31: branch_true: ...to here
shadow-4.17.4/lib/sulog.c:59:13: danger: ‘fopen(getdef_str("SULOG_FILE"), "a+")’ leaks here; was opened at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#   57|   	fp = fopen (sulog_file, "a+");
#   58|   	(void) umask (oldmask);
#   59|-> 	if ((oldgid != 0) && (setgid (oldgid) != 0)) {
#   60|   		perror ("setgid");
#   61|   		SYSLOG ((LOG_ERR,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def53]
shadow-4.17.4/lib/sulog.c:59:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(getdef_str("SULOG_FILE"), "a+")’
shadow-4.17.4/lib/sulog.c:35:17: branch_false: following ‘false’ branch (when ‘saved_locale’ is NULL)...
shadow-4.17.4/lib/sulog.c:42:22: branch_false: ...to here
shadow-4.17.4/lib/sulog.c:43:12: branch_false: following ‘false’ branch...
shadow-4.17.4/lib/sulog.c:47:18: branch_false: ...to here
shadow-4.17.4/lib/sulog.c:57:14: acquire_memory: allocated here
shadow-4.17.4/lib/sulog.c:59:12: branch_true: following ‘true’ branch (when ‘oldgid != 0’)...
shadow-4.17.4/lib/sulog.c:59:31: branch_true: ...to here
shadow-4.17.4/lib/sulog.c:59:13: danger: ‘fopen(getdef_str("SULOG_FILE"), "a+")’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#   57|   	fp = fopen (sulog_file, "a+");
#   58|   	(void) umask (oldmask);
#   59|-> 	if ((oldgid != 0) && (setgid (oldgid) != 0)) {
#   60|   		perror ("setgid");
#   61|   		SYSLOG ((LOG_ERR,

Error: COMPILER_WARNING: [#def54]
shadow-4.17.4/lib/utmp.c:45:26: warning[warning]: anonymous struct declared inside parameter list will not be visible outside of this definition or declaration
#   43|    */
#   44|   static bool
#   45|-> is_my_tty(const char tty[UTX_LINESIZE])
#   46|   {
#   47|   	char         full_tty[STRLEN("/dev/") + UTX_LINESIZE + 1];

Error: GCC_ANALYZER_WARNING (CWE-401): [#def55]
shadow-4.17.4/lib/utmp.c:159:25: warning[-Wanalyzer-malloc-leak]: leak of ‘get_current_utmp()’
shadow-4.17.4/lib/utmp.c:183:1: enter_function: entry to ‘get_session_host’
shadow-4.17.4/lib/utmp.c:188:14: call_function: calling ‘get_current_utmp’ from ‘get_session_host’
shadow-4.17.4/lib/utmp.c:188:14: return_function: returning to ‘get_session_host’ from ‘get_current_utmp’
shadow-4.17.4/lib/utmp.c:191:12: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/utmp.c:191:30: branch_true: ...to here
shadow-4.17.4/lib/utmp.c:159:25: danger: ‘get_current_utmp()’ leaks here; was allocated at [(15)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/14)
#  157|   	/* First, try to find a valid utmp entry for this process.  */
#  158|   	while ((ut = getutxent()) != NULL) {
#  159|-> 		if (   (ut->ut_pid == getpid ())
#  160|   		    && ('\0' != ut->ut_id[0])
#  161|   		    && (   (LOGIN_PROCESS == ut->ut_type)

Error: GCC_ANALYZER_WARNING (CWE-688): [#def56]
shadow-4.17.4/lib/utmp.c:173:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(0, 1, 384)’ where non-null expected
shadow-4.17.4/lib/utmp.c:150:1: enter_function: entry to ‘get_current_utmp’
shadow-4.17.4/lib/utmp.c:158:16: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/utmp.c:159:25: branch_true: ...to here
shadow-4.17.4/lib/utmp.c:165:24: call_function: calling ‘is_my_tty’ from ‘get_current_utmp’
shadow-4.17.4/lib/utmp.c:165:24: return_function: returning to ‘get_current_utmp’ from ‘is_my_tty’
shadow-4.17.4/lib/utmp.c:171:12: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/utmp.c:172:23: call_function: inlined call to ‘xmallocarray’ from ‘get_current_utmp’
shadow-4.17.4/lib/utmp.c:173:17: danger: argument 1 (‘xreallocarray(0, 1, 384)’) from [(13)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/12) could be NULL where non-null expected
#argument 1 of ‘__builtin_memcpy’ must be non-null
#  171|   	if (NULL != ut) {
#  172|   		ret = XMALLOC(1, struct utmpx);
#  173|-> 		memcpy (ret, ut, sizeof (*ret));
#  174|   	}
#  175|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def57]
shadow-4.17.4/lib/utmp.c:192:24: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(0, strnlen(&*<unknown>.ut_host, 256) + 1, 1)’ where non-null expected
shadow-4.17.4/lib/utmp.c:183:1: enter_function: entry to ‘get_session_host’
shadow-4.17.4/lib/utmp.c:188:14: call_function: calling ‘get_current_utmp’ from ‘get_session_host’
shadow-4.17.4/lib/utmp.c:188:14: return_function: returning to ‘get_session_host’ from ‘get_current_utmp’
shadow-4.17.4/lib/utmp.c:191:12: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/utmp.c:192:24: call_function: inlined call to ‘xmallocarray’ from ‘get_session_host’
shadow-4.17.4/lib/utmp.c:192:24: danger: argument 1 (‘xreallocarray(0, strnlen(&*<unknown>.ut_host, 256) + 1, 1)’) from [(19)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/18) could be NULL where non-null expected
#argument 1 of ‘__builtin_memcpy’ must be non-null
#  190|   #if defined(HAVE_STRUCT_UTMPX_UT_HOST)
#  191|   	if ((ut != NULL) && (ut->ut_host[0] != '\0')) {
#  192|-> 		*out = XSTRNDUP(ut->ut_host);
#  193|   		free (ut);
#  194|   	} else {

Error: GCC_ANALYZER_WARNING (CWE-688): [#def58]
shadow-4.17.4/lib/utmp.c:261:28: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(0, strnlen(&*ut.ut_host, 256) + 1, 1)’ where non-null expected
shadow-4.17.4/lib/utmp.c:245:1: enter_function: entry to ‘prepare_utmp’
shadow-4.17.4/lib/utmp.c:252:9: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
shadow-4.17.4/lib/utmp.c:253:9: branch_true: ...to here
shadow-4.17.4/lib/utmp.c:253:9: branch_true: following ‘true’ branch (when ‘line’ is non-NULL)...
shadow-4.17.4/lib/utmp.c:257:12: branch_true: ...to here
shadow-4.17.4/lib/utmp.c:260:17: branch_true: following ‘true’ branch...
shadow-4.17.4/lib/utmp.c:261:28: call_function: inlined call to ‘xmallocarray’ from ‘prepare_utmp’
shadow-4.17.4/lib/utmp.c:261:28: danger: argument 1 (‘xreallocarray(0, strnlen(&*ut.ut_host, 256) + 1, 1)’) from [(9)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/8) could be NULL where non-null expected
#argument 1 of ‘__builtin_memcpy’ must be non-null
#  259|   #if defined(HAVE_STRUCT_UTMPX_UT_HOST)
#  260|   	else if (NULL != ut && '\0' != ut->ut_host[0])
#  261|-> 		hostname = XSTRNDUP(ut->ut_host);
#  262|   #endif
#  263|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def59]
shadow-4.17.4/lib/utmp.c:272:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xcalloc(1, 384)’
shadow-4.17.4/lib/utmp.c:252:9: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
shadow-4.17.4/lib/utmp.c:253:9: branch_true: ...to here
shadow-4.17.4/lib/utmp.c:253:9: branch_true: following ‘true’ branch (when ‘line’ is non-NULL)...
shadow-4.17.4/lib/utmp.c:257:12: branch_true: ...to here
shadow-4.17.4/lib/utmp.c:260:17: branch_false: following ‘false’ branch (when ‘ut’ is NULL)...
shadow-4.17.4/lib/utmp.c:264:13: branch_false: ...to here
shadow-4.17.4/lib/utmp.c:269:17: acquire_memory: this call could return NULL
shadow-4.17.4/lib/utmp.c:272:9: danger: ‘xcalloc(1, 384)’ could be NULL: unchecked value from [(7)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/6)
#  270|   
#  271|   
#  272|-> 	utent->ut_type = USER_PROCESS;
#  273|   	utent->ut_pid = getpid ();
#  274|   	STRNCPY(utent->ut_line, line);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def60]
shadow-4.17.4/lib/xgetXXbyYY.c:65:26: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(buffer,  length, 1)’ where non-null expected
shadow-4.17.4/lib/xgetXXbyYY.c:57:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
shadow-4.17.4/lib/xgetXXbyYY.c:64:26: acquire_memory: this call could return NULL
shadow-4.17.4/lib/xgetXXbyYY.c:65:26: danger: argument 3 (‘xreallocarray(buffer,  length, 1)’) from [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) could be NULL where non-null expected
#   63|   		LOOKUP_TYPE *resbuf = NULL;
#   64|   		buffer = XREALLOC(buffer, length, char);
#   65|-> 		status = REENTRANT_NAME(ARG_NAME, result, buffer,
#   66|   		                        length, &resbuf);
#   67|   		if ((0 == status) && (resbuf == result)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def61]
shadow-4.17.4/libsubid/api.c:35:17: warning[-Wanalyzer-malloc-leak]: leak of ‘progname’
shadow-4.17.4/libsubid/api.c:25:12: branch_true: following ‘true’ branch (when ‘progname’ is non-NULL)...
shadow-4.17.4/libsubid/api.c:26:28: branch_true: ...to here
shadow-4.17.4/libsubid/api.c:26:28: acquire_memory: allocated here
shadow-4.17.4/libsubid/api.c:27:20: branch_false: following ‘false’ branch (when ‘progname’ is non-NULL)...
shadow-4.17.4/libsubid/api.c:29:17: branch_false: ...to here
shadow-4.17.4/libsubid/api.c:35:17: danger: ‘progname’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   33|   
#   34|   	if (logfd) {
#   35|-> 		log_set_logfd(logfd);
#   36|   		return true;
#   37|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def62]
shadow-4.17.4/libsubid/api.c:40:17: warning[-Wanalyzer-malloc-leak]: leak of ‘progname’
shadow-4.17.4/libsubid/api.c:25:12: branch_true: following ‘true’ branch (when ‘progname’ is non-NULL)...
shadow-4.17.4/libsubid/api.c:26:28: branch_true: ...to here
shadow-4.17.4/libsubid/api.c:26:28: acquire_memory: allocated here
shadow-4.17.4/libsubid/api.c:27:20: branch_false: following ‘false’ branch (when ‘progname’ is non-NULL)...
shadow-4.17.4/libsubid/api.c:29:17: branch_false: ...to here
shadow-4.17.4/libsubid/api.c:34:12: branch_false: following ‘false’ branch (when ‘logfd’ is NULL)...
shadow-4.17.4/libsubid/api.c:38:24: branch_false: ...to here
shadow-4.17.4/libsubid/api.c:39:12: branch_true: following ‘true’ branch...
shadow-4.17.4/libsubid/api.c:40:17: branch_true: ...to here
shadow-4.17.4/libsubid/api.c:40:17: danger: ‘progname’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#   38|   	shadow_logfd = fopen("/dev/null", "w");
#   39|   	if (!shadow_logfd) {
#   40|-> 		log_set_logfd(stderr);
#   41|   		return false;
#   42|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def63]
shadow-4.17.4/src/../lib/shadow/grp/agetgroups.h:34:12: warning[-Wanalyzer-malloc-leak]: leak of ‘agetgroups(&ngroups)’
shadow-4.17.4/src/newgrp.c:364:5: enter_function: entry to ‘main’
shadow-4.17.4/src/newgrp.c:435:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/newgrp.c:447:9: branch_false: ...to here
shadow-4.17.4/src/newgrp.c:516:28: branch_true: following ‘true’ branch...
shadow-4.17.4/src/newgrp.c:522:25: branch_true: ...to here
shadow-4.17.4/src/newgrp.c:551:16: acquire_memory: allocated here
shadow-4.17.4/src/newgrp.c:551:16: call_function: calling ‘agetgroups’ from ‘main’
#   32|   
#   33|   	n = getgroups(0, NULL);
#   34|-> 	if (n == -1)
#   35|   		return NULL;
#   36|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def64]
shadow-4.17.4/src/../lib/shadow/grp/agetgroups.h:37:16: warning[-Wanalyzer-malloc-leak]: leak of ‘agetgroups(&ngroups)’
shadow-4.17.4/src/newgrp.c:364:5: enter_function: entry to ‘main’
shadow-4.17.4/src/newgrp.c:435:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/newgrp.c:447:9: branch_false: ...to here
shadow-4.17.4/src/newgrp.c:516:28: branch_true: following ‘true’ branch...
shadow-4.17.4/src/newgrp.c:522:25: branch_true: ...to here
shadow-4.17.4/src/newgrp.c:551:16: acquire_memory: allocated here
shadow-4.17.4/src/newgrp.c:551:16: call_function: calling ‘agetgroups’ from ‘main’
#   35|   		return NULL;
#   36|   
#   37|-> 	gids = MALLOC(n, gid_t);
#   38|   	if (gids == NULL)
#   39|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def65]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(&crypt_passwd)’
shadow-4.17.4/src/passwd.c:510:14: enter_function: entry to ‘update_crypt_pw’
shadow-4.17.4/src/passwd.c:512:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/passwd.c:514:21: branch_false: ...to here
shadow-4.17.4/src/passwd.c:514:20: branch_true: following ‘true’ branch...
shadow-4.17.4/src/passwd.c:515:30: branch_true: ...to here
shadow-4.17.4/src/passwd.c:515:30: acquire_memory: allocated here
shadow-4.17.4/src/passwd.c:515:30: call_function: calling ‘xstrdup’ from ‘update_crypt_pw’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def66]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>)’
shadow-4.17.4/src/login.c:259:13: enter_function: entry to ‘process_flags’
shadow-4.17.4/src/login.c:305:13: branch_true: following ‘true’ branch...
shadow-4.17.4/src/login.c:313:13: branch_true: ...to here
shadow-4.17.4/src/login.c:313:12: branch_true: following ‘true’ branch...
shadow-4.17.4/src/login.c:314:17: branch_true: ...to here
shadow-4.17.4/src/login.c:314:17: branch_true: following ‘true’ branch...
shadow-4.17.4/src/login.c:315:41: branch_true: ...to here
shadow-4.17.4/src/login.c:315:28: acquire_memory: allocated here
shadow-4.17.4/src/login.c:315:28: call_function: calling ‘xstrdup’ from ‘process_flags’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def67]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.pw_name)’
shadow-4.17.4/src/groupmems.c:562:5: enter_function: entry to ‘main’
shadow-4.17.4/src/groupmems.c:582:9: call_function: calling ‘process_flags’ from ‘main’
shadow-4.17.4/src/groupmems.c:582:9: return_function: returning to ‘main’ from ‘process_flags’
shadow-4.17.4/src/groupmems.c:584:12: branch_true: following ‘true’ branch...
shadow-4.17.4/src/groupmems.c:585:24: branch_true: ...to here
shadow-4.17.4/src/groupmems.c:585:24: call_function: calling ‘whoami’ from ‘main’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def68]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(ccp)’
shadow-4.17.4/src/useradd.c:2407:5: enter_function: entry to ‘main’
shadow-4.17.4/src/useradd.c:2452:9: call_function: calling ‘get_defaults’ from ‘main’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def69]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(getlogin())’
shadow-4.17.4/src/newgrp.c:232:13: enter_function: entry to ‘syslog_sg’
shadow-4.17.4/src/newgrp.c:238:12: branch_true: following ‘true’ branch...
shadow-4.17.4/src/newgrp.c:239:30: branch_true: ...to here
shadow-4.17.4/src/newgrp.c:239:30: acquire_memory: allocated here
shadow-4.17.4/src/newgrp.c:239:30: call_function: calling ‘xstrdup’ from ‘syslog_sg’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def70]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(optarg)’
shadow-4.17.4/src/groupmems.c:562:5: enter_function: entry to ‘main’
shadow-4.17.4/src/groupmems.c:582:9: call_function: calling ‘process_flags’ from ‘main’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def71]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(ptr_user)’
shadow-4.17.4/src/login.c:391:13: enter_function: entry to ‘get_pam_user’
shadow-4.17.4/src/login.c:396:9: branch_true: following ‘true’ branch (when ‘ptr_pam_user’ is non-NULL)...
shadow-4.17.4/src/login.c:398:19: branch_true: ...to here
shadow-4.17.4/src/login.c:399:9: branch_false: following ‘false’ branch...
shadow-4.17.4/src/login.c:401:9: branch_false: ...to here
shadow-4.17.4/src/login.c:402:12: branch_true: following ‘true’ branch...
shadow-4.17.4/src/login.c:403:33: branch_true: ...to here
shadow-4.17.4/src/login.c:403:33: acquire_memory: allocated here
shadow-4.17.4/src/login.c:403:33: call_function: calling ‘xstrdup’ from ‘get_pam_user’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def72]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(s)’
shadow-4.17.4/src/useradd.c:2407:5: enter_function: entry to ‘main’
shadow-4.17.4/src/useradd.c:2452:9: call_function: calling ‘get_defaults’ from ‘main’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def73]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(shellname)’
shadow-4.17.4/src/su.c:234:13: enter_function: entry to ‘execve_shell’
shadow-4.17.4/src/su.c:242:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
shadow-4.17.4/src/su.c:255:28: acquire_memory: allocated here
shadow-4.17.4/src/su.c:255:28: call_function: calling ‘xstrdup’ from ‘execve_shell’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def74]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(tty)’
shadow-4.17.4/src/newgrp.c:232:13: enter_function: entry to ‘syslog_sg’
shadow-4.17.4/src/newgrp.c:238:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/newgrp.c:242:12: branch_false: ...to here
shadow-4.17.4/src/newgrp.c:242:12: branch_true: following ‘true’ branch (when ‘tty’ is non-NULL)...
shadow-4.17.4/src/newgrp.c:243:28: branch_true: ...to here
shadow-4.17.4/src/newgrp.c:243:28: acquire_memory: allocated here
shadow-4.17.4/src/newgrp.c:243:28: call_function: calling ‘xstrdup’ from ‘syslog_sg’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def75]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(users)’
shadow-4.17.4/src/gpasswd.c:860:5: enter_function: entry to ‘main’
shadow-4.17.4/src/gpasswd.c:907:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:915:27: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:921:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:927:9: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:927:9: call_function: calling ‘process_flags’ from ‘main’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def76]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:16: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xreallocarray(0, strlen(str) + 1, 1)’ where non-null expected
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:26:1: enter_function: entry to ‘xstrdup’
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:23: call_function: inlined call to ‘xmallocarray’ from ‘xstrdup’
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:16: danger: argument 1 (‘xreallocarray(0, strlen(str) + 1, 1)’) from [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2) could be NULL where non-null expected
#argument 1 of ‘__builtin_strcpy’ must be non-null
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def77]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.gr_name)’
shadow-4.17.4/src/gpasswd.c:698:13: enter_function: entry to ‘get_group’
shadow-4.17.4/src/gpasswd.c:708:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:714:17: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:715:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:722:9: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:723:23: acquire_memory: allocated here
shadow-4.17.4/src/gpasswd.c:723:23: call_function: calling ‘xstrdup’ from ‘get_group’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def78]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.gr_passwd)’
shadow-4.17.4/src/gpasswd.c:698:13: enter_function: entry to ‘get_group’
shadow-4.17.4/src/gpasswd.c:708:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:714:17: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:715:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:722:9: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:724:25: acquire_memory: allocated here
shadow-4.17.4/src/gpasswd.c:724:25: call_function: calling ‘xstrdup’ from ‘get_group’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def79]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.pw_dir)’
shadow-4.17.4/src/sulogin.c:189:1: enter_function: entry to ‘pw_entry’
shadow-4.17.4/src/sulogin.c:194:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/sulogin.c:197:14: branch_false: ...to here
shadow-4.17.4/src/sulogin.c:204:25: acquire_memory: allocated here
shadow-4.17.4/src/sulogin.c:204:25: call_function: calling ‘xstrdup’ from ‘pw_entry’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def80]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.pw_gecos)’
shadow-4.17.4/src/sulogin.c:189:1: enter_function: entry to ‘pw_entry’
shadow-4.17.4/src/sulogin.c:194:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/sulogin.c:197:14: branch_false: ...to here
shadow-4.17.4/src/sulogin.c:202:27: acquire_memory: allocated here
shadow-4.17.4/src/sulogin.c:202:27: call_function: calling ‘xstrdup’ from ‘pw_entry’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def81]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.pw_name)’
shadow-4.17.4/src/sulogin.c:189:1: enter_function: entry to ‘pw_entry’
shadow-4.17.4/src/sulogin.c:194:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/sulogin.c:197:14: branch_false: ...to here
shadow-4.17.4/src/sulogin.c:198:26: acquire_memory: allocated here
shadow-4.17.4/src/sulogin.c:198:26: call_function: calling ‘xstrdup’ from ‘pw_entry’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def82]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.pw_passwd)’
shadow-4.17.4/src/sulogin.c:189:1: enter_function: entry to ‘pw_entry’
shadow-4.17.4/src/sulogin.c:194:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/sulogin.c:197:14: branch_false: ...to here
shadow-4.17.4/src/sulogin.c:209:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/sulogin.c:215:14: branch_false: ...to here
shadow-4.17.4/src/sulogin.c:216:28: acquire_memory: allocated here
shadow-4.17.4/src/sulogin.c:216:28: call_function: calling ‘xstrdup’ from ‘pw_entry’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def83]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.pw_shell)’
shadow-4.17.4/src/sulogin.c:189:1: enter_function: entry to ‘pw_entry’
shadow-4.17.4/src/sulogin.c:194:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/sulogin.c:197:14: branch_false: ...to here
shadow-4.17.4/src/sulogin.c:206:27: acquire_memory: allocated here
shadow-4.17.4/src/sulogin.c:206:27: call_function: calling ‘xstrdup’ from ‘pw_entry’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def84]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.sg_namp)’
shadow-4.17.4/src/gpasswd.c:698:13: enter_function: entry to ‘get_group’
shadow-4.17.4/src/gpasswd.c:708:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:714:17: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:715:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:722:9: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:727:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:738:13: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:738:12: branch_true: following ‘true’ branch...
shadow-4.17.4/src/gpasswd.c:739:21: branch_true: ...to here
shadow-4.17.4/src/gpasswd.c:739:20: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:746:25: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:747:20: branch_true: following ‘true’ branch...
shadow-4.17.4/src/gpasswd.c:748:25: branch_true: ...to here
shadow-4.17.4/src/gpasswd.c:749:39: acquire_memory: allocated here
shadow-4.17.4/src/gpasswd.c:749:39: call_function: calling ‘xstrdup’ from ‘get_group’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def85]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.sg_passwd)’
shadow-4.17.4/src/gpasswd.c:698:13: enter_function: entry to ‘get_group’
shadow-4.17.4/src/gpasswd.c:708:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:714:17: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:715:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:722:9: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:727:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:738:13: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:738:12: branch_true: following ‘true’ branch...
shadow-4.17.4/src/gpasswd.c:739:21: branch_true: ...to here
shadow-4.17.4/src/gpasswd.c:739:20: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:746:25: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:747:20: branch_true: following ‘true’ branch...
shadow-4.17.4/src/gpasswd.c:748:25: branch_true: ...to here
shadow-4.17.4/src/gpasswd.c:750:41: acquire_memory: allocated here
shadow-4.17.4/src/gpasswd.c:750:41: call_function: calling ‘xstrdup’ from ‘get_group’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def86]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*<unknown>.sp_pwdp)’
shadow-4.17.4/src/sulogin.c:189:1: enter_function: entry to ‘pw_entry’
shadow-4.17.4/src/sulogin.c:194:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/sulogin.c:197:14: branch_false: ...to here
shadow-4.17.4/src/sulogin.c:209:12: branch_true: following ‘true’ branch...
shadow-4.17.4/src/sulogin.c:210:22: branch_true: ...to here
shadow-4.17.4/src/sulogin.c:211:36: acquire_memory: allocated here
shadow-4.17.4/src/sulogin.c:211:36: call_function: calling ‘xstrdup’ from ‘pw_entry’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def87]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*sp.sp_namp)’
shadow-4.17.4/src/chage.c:583:13: enter_function: entry to ‘update_age’
shadow-4.17.4/src/chage.c:593:12: branch_false: following ‘false’ branch (when ‘sp’ is non-NULL)...
shadow-4.17.4/src/chage.c:608:43: branch_false: ...to here
shadow-4.17.4/src/chage.c:608:34: acquire_memory: allocated here
shadow-4.17.4/src/chage.c:608:34: call_function: calling ‘xstrdup’ from ‘update_age’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def88]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(*sp.sp_pwdp)’
shadow-4.17.4/src/chage.c:583:13: enter_function: entry to ‘update_age’
shadow-4.17.4/src/chage.c:593:12: branch_false: following ‘false’ branch (when ‘sp’ is non-NULL)...
shadow-4.17.4/src/chage.c:608:43: branch_false: ...to here
shadow-4.17.4/src/chage.c:609:34: acquire_memory: allocated here
shadow-4.17.4/src/chage.c:609:34: call_function: calling ‘xstrdup’ from ‘update_age’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def89]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(ccp)’
shadow-4.17.4/src/useradd.c:2407:5: enter_function: entry to ‘main’
shadow-4.17.4/src/useradd.c:2452:9: call_function: calling ‘get_defaults’ from ‘main’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def90]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(group)’
shadow-4.17.4/src/gpasswd.c:698:13: enter_function: entry to ‘get_group’
shadow-4.17.4/src/gpasswd.c:708:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:714:17: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:715:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:722:9: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:727:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:738:13: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:738:12: branch_true: following ‘true’ branch...
shadow-4.17.4/src/gpasswd.c:739:21: branch_true: ...to here
shadow-4.17.4/src/gpasswd.c:739:20: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:746:25: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:747:20: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:755:39: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:755:39: acquire_memory: allocated here
shadow-4.17.4/src/gpasswd.c:755:39: call_function: calling ‘xstrdup’ from ‘get_group’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def91]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(pwent.pw_name)’
shadow-4.17.4/src/chage.c:583:13: enter_function: entry to ‘update_age’
shadow-4.17.4/src/chage.c:593:12: branch_true: following ‘true’ branch (when ‘sp’ is NULL)...
shadow-4.17.4/src/chage.c:594:31: branch_true: ...to here
shadow-4.17.4/src/chage.c:597:34: acquire_memory: allocated here
shadow-4.17.4/src/chage.c:597:34: call_function: calling ‘xstrdup’ from ‘update_age’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def92]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(pwent.pw_passwd)’
shadow-4.17.4/src/chage.c:583:13: enter_function: entry to ‘update_age’
shadow-4.17.4/src/chage.c:593:12: branch_true: following ‘true’ branch (when ‘sp’ is NULL)...
shadow-4.17.4/src/chage.c:594:31: branch_true: ...to here
shadow-4.17.4/src/chage.c:598:34: acquire_memory: allocated here
shadow-4.17.4/src/chage.c:598:34: call_function: calling ‘xstrdup’ from ‘update_age’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def93]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(s)’
shadow-4.17.4/src/useradd.c:2407:5: enter_function: entry to ‘main’
shadow-4.17.4/src/useradd.c:2452:9: call_function: calling ‘get_defaults’ from ‘main’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def94]
shadow-4.17.4/src/../lib/string/strdup/xstrdup.h:28:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(tty)’
shadow-4.17.4/src/newgrp.c:232:13: enter_function: entry to ‘syslog_sg’
shadow-4.17.4/src/newgrp.c:238:12: branch_true: following ‘true’ branch...
shadow-4.17.4/src/newgrp.c:239:30: branch_true: ...to here
shadow-4.17.4/src/newgrp.c:242:12: branch_true: following ‘true’ branch (when ‘tty’ is non-NULL)...
shadow-4.17.4/src/newgrp.c:243:28: branch_true: ...to here
shadow-4.17.4/src/newgrp.c:243:28: acquire_memory: allocated here
shadow-4.17.4/src/newgrp.c:243:28: call_function: calling ‘xstrdup’ from ‘syslog_sg’
#   26|   xstrdup(const char *str)
#   27|   {
#   28|-> 	return strcpy(XMALLOC(strlen(str) + 1, char), str);
#   29|   }
#   30|   

Error: COMPILER_WARNING (CWE-704): [#def95]
shadow-4.17.4/src/../lib/string/strspn/strrspn.h:29:11: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#   27|   	char  *p;
#   28|   
#   29|-> 	p = strnul(s);
#   30|   	while (p > s) {
#   31|   		p--;

Error: CPPCHECK_WARNING (CWE-908): [#def96]
shadow-4.17.4/src/faillog.c:677: error[useClosedFile]: Used file that is not opened.
#  675|   			         _("%s: Failed to write %s: %s\n"),
#  676|   			         Prog, FAILLOG_FILE, strerror (errno));
#  677|-> 			(void) fclose (fail);
#  678|   			errors = true;
#  679|   		}

Error: COMPILER_WARNING (CWE-252): [#def97]
shadow-4.17.4/src/gpasswd.c: scope_hint: In function ‘catch_signals’
shadow-4.17.4/src/gpasswd.c:162:24: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  162 |                 (void) write (STDOUT_FILENO, "\n", 1);
#      |                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  160|   
#  161|   	if (0 != killed) {
#  162|-> 		(void) write (STDOUT_FILENO, "\n", 1);
#  163|   		_exit (killed);
#  164|   	}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def98]
shadow-4.17.4/src/gpasswd.c:762:25: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, 1, 8)’
shadow-4.17.4/src/gpasswd.c:698:13: enter_function: entry to ‘get_group’
shadow-4.17.4/src/gpasswd.c:708:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:714:17: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:715:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:722:9: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:727:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:738:13: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:738:12: branch_true: following ‘true’ branch...
shadow-4.17.4/src/gpasswd.c:739:21: branch_true: ...to here
shadow-4.17.4/src/gpasswd.c:739:20: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:746:25: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:747:20: branch_false: following ‘false’ branch...
shadow-4.17.4/src/gpasswd.c:755:39: branch_false: ...to here
shadow-4.17.4/src/gpasswd.c:761:38: call_function: inlined call to ‘xmallocarray’ from ‘get_group’
shadow-4.17.4/src/gpasswd.c:762:25: danger: ‘xreallocarray(0, 1, 8)’ could be NULL: unchecked value from [(15)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/14)
#  760|   
#  761|   			sg->sg_adm = XMALLOC(1, char *);
#  762|-> 			sg->sg_adm[0] = NULL;
#  763|   
#  764|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def99]
shadow-4.17.4/src/groupmems.c:378:25: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
shadow-4.17.4/src/groupmems.c:562:5: enter_function: entry to ‘main’
shadow-4.17.4/src/groupmems.c:582:9: call_function: calling ‘process_flags’ from ‘main’
#  376|   		case 'a':
#  377|   			adduser = xstrdup (optarg);
#  378|-> 			++exclusive;
#  379|   			break;
#  380|   		case 'd':

Error: COMPILER_WARNING (CWE-563): [#def100]
shadow-4.17.4/src/login.c: scope_hint: In function ‘main’
shadow-4.17.4/src/login.c:453:24: warning[-Wunused-but-set-variable]: variable ‘subroot’ set but not used
#  453 |         bool           subroot = false;
#      |                        ^~~~~~~
#  451|   {
#  452|   	int            err;
#  453|-> 	bool           subroot = false;
#  454|   	char           **envp = environ;
#  455|   	char           *host = NULL;

Error: COMPILER_WARNING (CWE-252): [#def101]
shadow-4.17.4/src/login.c:718:25: warning[-Wunused-result]: ignoring return value of ‘audit_log_acct_message’ declared with attribute ‘warn_unused_result’
#  718 |                         audit_log_acct_message (audit_fd,
#      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  719 |                                                 AUDIT_USER_LOGIN,
#      |                                                 ~~~~~~~~~~~~~~~~~
#  720 |                                                 NULL,    /* Prog. name */
#      |                                                 ~~~~~~~~~~~~~~~~~~~~~~~~~
#  721 |                                                 "login",
#      |                                                 ~~~~~~~~
#  722 |                                                 failent_user,
#      |                                                 ~~~~~~~~~~~~~
#  723 |                                                 AUDIT_NO_ID,
#      |                                                 ~~~~~~~~~~~~
#  724 |                                                 hostname,
#      |                                                 ~~~~~~~~~
#  725 |                                                 NULL,    /* addr */
#      |                                                 ~~~~~~~~~~~~~~~~~~~
#  726 |                                                 tty,
#      |                                                 ~~~~
#  727 |                                                 0);      /* result */
#      |                                                 ~~
#  716|   #ifdef WITH_AUDIT
#  717|   			audit_fd = audit_open ();
#  718|-> 			audit_log_acct_message (audit_fd,
#  719|   			                        AUDIT_USER_LOGIN,
#  720|   			                        NULL,    /* Prog. name */

Error: COMPILER_WARNING (CWE-252): [#def102]
shadow-4.17.4/src/login.c:1033:9: warning[-Wunused-result]: ignoring return value of ‘audit_log_acct_message’ declared with attribute ‘warn_unused_result’
# 1033 |         audit_log_acct_message (audit_fd,
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1034 |                                 AUDIT_USER_LOGIN,
#      |                                 ~~~~~~~~~~~~~~~~~
# 1035 |                                 NULL,    /* Prog. name */
#      |                                 ~~~~~~~~~~~~~~~~~~~~~~~~~
# 1036 |                                 "login",
#      |                                 ~~~~~~~~
# 1037 |                                 username,
#      |                                 ~~~~~~~~~
# 1038 |                                 AUDIT_NO_ID,
#      |                                 ~~~~~~~~~~~~
# 1039 |                                 hostname,
#      |                                 ~~~~~~~~~
# 1040 |                                 NULL,    /* addr */
#      |                                 ~~~~~~~~~~~~~~~~~~~
# 1041 |                                 tty,
#      |                                 ~~~~
# 1042 |                                 1);      /* result */
#      |                                 ~~
# 1031|   #ifdef WITH_AUDIT
# 1032|   	audit_fd = audit_open ();
# 1033|-> 	audit_log_acct_message (audit_fd,
# 1034|   	                        AUDIT_USER_LOGIN,
# 1035|   	                        NULL,    /* Prog. name */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def103]
shadow-4.17.4/src/passwd.c:546:16: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
shadow-4.17.4/src/passwd.c:510:14: enter_function: entry to ‘update_crypt_pw’
shadow-4.17.4/src/passwd.c:512:12: branch_false: following ‘false’ branch...
shadow-4.17.4/src/passwd.c:514:21: branch_false: ...to here
shadow-4.17.4/src/passwd.c:514:20: branch_true: following ‘true’ branch...
shadow-4.17.4/src/passwd.c:515:30: branch_true: ...to here
shadow-4.17.4/src/passwd.c:515:30: call_function: calling ‘xstrdup’ from ‘update_crypt_pw’
shadow-4.17.4/src/passwd.c:515:30: return_function: returning to ‘update_crypt_pw’ from ‘xstrdup’
shadow-4.17.4/src/passwd.c:522:12: branch_true: following ‘true’ branch...
shadow-4.17.4/src/passwd.c:523:20: branch_false: following ‘false’ branch...
shadow-4.17.4/src/passwd.c:530:25: branch_false: ...to here
shadow-4.17.4/src/passwd.c:534:12: branch_true: following ‘true’ branch...
shadow-4.17.4/src/passwd.c:538:20: branch_false: following ‘false’ branch...
shadow-4.17.4/src/passwd.c:540:29: branch_false: ...to here
shadow-4.17.4/src/passwd.c:540:28: branch_true: following ‘true’ branch...
shadow-4.17.4/src/passwd.c:541:33: branch_true: ...to here
shadow-4.17.4/src/passwd.c:546:16: danger: ‘cp’ leaks here; was allocated at [(9)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/8)
#  544|   		cp = newpw;
#  545|   	}
#  546|-> 	return cp;
#  547|   }
#  548|   

Error: COMPILER_WARNING (CWE-252): [#def104]
shadow-4.17.4/src/su.c: scope_hint: In function ‘su_failure’
shadow-4.17.4/src/su.c:214:9: warning[-Wunused-result]: ignoring return value of ‘audit_log_acct_message’ declared with attribute ‘warn_unused_result’
#  214 |         audit_log_acct_message (audit_fd,
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  215 |                                 AUDIT_USER_ROLE_CHANGE,
#      |                                 ~~~~~~~~~~~~~~~~~~~~~~~
#  216 |                                 NULL,    /* Prog. name */
#      |                                 ~~~~~~~~~~~~~~~~~~~~~~~~~
#  217 |                                 "su",
#      |                                 ~~~~~
#  218 |                                 ('\0' != caller_name[0]) ? caller_name : "???",
#      |                                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  219 |                                 AUDIT_NO_ID,
#      |                                 ~~~~~~~~~~~~
#  220 |                                 "localhost",
#      |                                 ~~~~~~~~~~~~
#  221 |                                 NULL,    /* addr */
#      |                                 ~~~~~~~~~~~~~~~~~~~
#  222 |                                 tty,
#      |                                 ~~~~
#  223 |                                 0);      /* result */
#      |                                 ~~
#  212|   #ifdef WITH_AUDIT
#  213|   	audit_fd = audit_open ();
#  214|-> 	audit_log_acct_message (audit_fd,
#  215|   				AUDIT_USER_ROLE_CHANGE,
#  216|   				NULL,    /* Prog. name */

Error: GCC_ANALYZER_WARNING (CWE-476): [#def105]
shadow-4.17.4/src/su.c:253:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xreallocarray(0, n_args + 3, 8)’
shadow-4.17.4/src/su.c:234:13: enter_function: entry to ‘execve_shell’
shadow-4.17.4/src/su.c:242:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
shadow-4.17.4/src/su.c:252:25: call_function: inlined call to ‘xmallocarray’ from ‘execve_shell’
shadow-4.17.4/src/su.c:253:17: danger: ‘xreallocarray(0, n_args + 3, 8)’ could be NULL: unchecked value from [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#  251|   		}
#  252|   		targs = XMALLOC(n_args + 3, char *);
#  253|-> 		targs[0] = "sh";
#  254|   		targs[1] = "-";
#  255|   		targs[2] = xstrdup (shellname);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def106]
shadow-4.17.4/src/su.c:262:24: warning[-Wanalyzer-malloc-leak]: leak of ‘xreallocarray(0, n_args + 3, 8)’
shadow-4.17.4/src/su.c:234:13: enter_function: entry to ‘execve_shell’
shadow-4.17.4/src/su.c:242:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
shadow-4.17.4/src/su.c:252:25: call_function: inlined call to ‘xmallocarray’ from ‘execve_shell’
shadow-4.17.4/src/su.c:262:24: danger: ‘xreallocarray(0, n_args + 3, 8)’ leaks here; was allocated at [(5)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/4)
#  260|   		}
#  261|   
#  262|-> 		(void) execve (SHELL, targs, envp);
#  263|   	} else {
#  264|   		errno = err;

Error: COMPILER_WARNING (CWE-252): [#def107]
shadow-4.17.4/src/su.c: scope_hint: In function ‘main’
shadow-4.17.4/src/su.c:1142:9: warning[-Wunused-result]: ignoring return value of ‘audit_log_acct_message’ declared with attribute ‘warn_unused_result’
# 1142 |         audit_log_acct_message (audit_fd,
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1143 |                                 AUDIT_USER_ROLE_CHANGE,
#      |                                 ~~~~~~~~~~~~~~~~~~~~~~~
# 1144 |                                 NULL,    /* Prog. name */
#      |                                 ~~~~~~~~~~~~~~~~~~~~~~~~~
# 1145 |                                 "su",
#      |                                 ~~~~~
# 1146 |                                 (!streq(caller_name, "")) ? caller_name : "???",
#      |                                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1147 |                                 AUDIT_NO_ID,
#      |                                 ~~~~~~~~~~~~
# 1148 |                                 "localhost",
#      |                                 ~~~~~~~~~~~~
# 1149 |                                 NULL,    /* addr */
#      |                                 ~~~~~~~~~~~~~~~~~~~
# 1150 |                                 caller_tty,
#      |                                 ~~~~~~~~~~~
# 1151 |                                 1);      /* result */
#      |                                 ~~
# 1140|   #ifdef WITH_AUDIT
# 1141|   	audit_fd = audit_open ();
# 1142|-> 	audit_log_acct_message (audit_fd,
# 1143|   				AUDIT_USER_ROLE_CHANGE,
# 1144|   				NULL,    /* Prog. name */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def108]
shadow-4.17.4/src/sulogin.c:88:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(argv[1], 2)’
shadow-4.17.4/src/sulogin.c:83:12: branch_true: following ‘true’ branch (when ‘argc > 1’)...
shadow-4.17.4/src/sulogin.c:84:17: branch_true: ...to here
shadow-4.17.4/src/sulogin.c:88:21: acquire_resource: opened here
shadow-4.17.4/src/sulogin.c:88:20: danger: ‘open(argv[1], 2)’ leaks here; was opened at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
#   86|   		close(2);
#   87|   
#   88|-> 		if (open(argv[1], O_RDWR) == -1)
#   89|   			exit(1);
#   90|   		dup(0);

Error: GCC_ANALYZER_WARNING (CWE-910): [#def109]
shadow-4.17.4/src/sulogin.c:90:17: warning[-Wanalyzer-fd-use-after-close]: ‘dup’ on closed file descriptor ‘0’
shadow-4.17.4/src/sulogin.c:83:12: branch_true: following ‘true’ branch (when ‘argc > 1’)...
shadow-4.17.4/src/sulogin.c:84:17: branch_true: ...to here
shadow-4.17.4/src/sulogin.c:84:17: release_resource: closed here
shadow-4.17.4/src/sulogin.c:88:20: branch_false: following ‘false’ branch...
shadow-4.17.4/src/sulogin.c:90:17: branch_false: ...to here
shadow-4.17.4/src/sulogin.c:90:17: danger: ‘dup’ on closed file descriptor ‘0’; ‘close’ was at [(3)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/2)
#   88|   		if (open(argv[1], O_RDWR) == -1)
#   89|   			exit(1);
#   90|-> 		dup(0);
#   91|   		dup(0);
#   92|   	}

Error: COMPILER_WARNING (CWE-252): [#def110]
shadow-4.17.4/src/sulogin.c: scope_hint: In function ‘main’
shadow-4.17.4/src/sulogin.c:90:17: warning[-Wunused-result]: ignoring return value of ‘dup’ declared with attribute ‘warn_unused_result’
#   90 |                 dup(0);
#      |                 ^~~~~~
#   88|   		if (open(argv[1], O_RDWR) == -1)
#   89|   			exit(1);
#   90|-> 		dup(0);
#   91|   		dup(0);
#   92|   	}

Error: GCC_ANALYZER_WARNING (CWE-910): [#def111]
shadow-4.17.4/src/sulogin.c:91:17: warning[-Wanalyzer-fd-use-after-close]: ‘dup’ on closed file descriptor ‘0’
shadow-4.17.4/src/sulogin.c:83:12: branch_true: following ‘true’ branch (when ‘argc > 1’)...
shadow-4.17.4/src/sulogin.c:84:17: branch_true: ...to here
shadow-4.17.4/src/sulogin.c:84:17: release_resource: closed here
shadow-4.17.4/src/sulogin.c:88:20: branch_false: following ‘false’ branch...
shadow-4.17.4/src/sulogin.c:90:17: branch_false: ...to here
shadow-4.17.4/src/sulogin.c:91:17: danger: ‘dup’ on closed file descriptor ‘0’; ‘close’ was at [(3)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/2)
#   89|   			exit(1);
#   90|   		dup(0);
#   91|-> 		dup(0);
#   92|   	}
#   93|   	if (access (PASSWD_FILE, F_OK) == -1) {	/* must be a password file! */

Error: COMPILER_WARNING (CWE-252): [#def112]
shadow-4.17.4/src/sulogin.c:91:17: warning[-Wunused-result]: ignoring return value of ‘dup’ declared with attribute ‘warn_unused_result’
#   91 |                 dup(0);
#      |                 ^~~~~~
#   89|   			exit(1);
#   90|   		dup(0);
#   91|-> 		dup(0);
#   92|   	}
#   93|   	if (access (PASSWD_FILE, F_OK) == -1) {	/* must be a password file! */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def113]
shadow-4.17.4/src/useradd.c:392:25: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
shadow-4.17.4/src/useradd.c:2407:5: enter_function: entry to ‘main’
shadow-4.17.4/src/useradd.c:2452:9: call_function: calling ‘get_defaults’ from ‘main’
#  390|   		 */
#  391|   		else if (streq(buf, DHOME)) {
#  392|-> 			def_home = xstrdup(ccp);
#  393|   		}
#  394|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def114]
shadow-4.17.4/src/useradd.c:437:33: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
shadow-4.17.4/src/useradd.c:2407:5: enter_function: entry to ‘main’
shadow-4.17.4/src/useradd.c:2452:9: call_function: calling ‘get_defaults’ from ‘main’
#  435|   				def_template = dt;
#  436|   			} else {
#  437|-> 				def_template = xstrdup(ccp);
#  438|   			}
#  439|   		}

Error: COMPILER_WARNING (CWE-563): [#def115]
shadow-4.17.4/src/useradd.c: scope_hint: In function ‘set_defaults’
shadow-4.17.4/src/useradd.c:529:16: warning[-Wunused-variable]: unused variable ‘cp’
#  529 |         char  *cp;
#      |                ^~
#  527|   	char  *new_file_dup = NULL;
#  528|   	char  *default_file = USER_DEFAULTS_FILE;
#  529|-> 	char  *cp;
#  530|   	FILE  *ifp;
#  531|   	FILE  *ofp;

Error: COMPILER_WARNING (CWE-252): [#def116]
shadow-4.17.4/src/useradd.c: scope_hint: In function ‘create_home’
shadow-4.17.4/src/useradd.c:2278:16: warning[-Wunused-result]: ignoring return value of ‘chown’ declared with attribute ‘warn_unused_result’
# 2278 |         (void) chown(prefix_user_home, user_id, user_gid);
#      |                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 2276|   	free(bhome);
# 2277|   
# 2278|-> 	(void) chown(prefix_user_home, user_id, user_gid);
# 2279|   	mode = getdef_num("HOME_MODE",
# 2280|   			  0777 & ~getdef_num("UMASK", GETDEF_DEFAULT_UMASK));

Error: GCC_ANALYZER_WARNING (CWE-476): [#def117]
shadow-4.17.4/src/useradd.c:2444:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘user_groups’
shadow-4.17.4/src/useradd.c:2407:5: enter_function: entry to ‘main’
shadow-4.17.4/src/useradd.c:2440:23: call_function: inlined call to ‘xmallocarray’ from ‘main’
shadow-4.17.4/src/useradd.c:2444:9: danger: ‘xreallocarray(0, (long unsigned int)(sysconf(3) + 1), 8)’ could be NULL: unchecked value from [(3)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/2)
# 2442|   	 * Initialize the list to be empty
# 2443|   	 */
# 2444|-> 	user_groups[0] = NULL;
# 2445|   
# 2446|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def118]
shadow-4.17.4/src/usermod.c:2182:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘user_groups’
shadow-4.17.4/src/usermod.c:2156:5: enter_function: entry to ‘main’
shadow-4.17.4/src/usermod.c:2181:23: call_function: inlined call to ‘xmallocarray’ from ‘main’
shadow-4.17.4/src/usermod.c:2182:9: danger: ‘xreallocarray(0, (long unsigned int)(sysconf(3) + 1), 8)’ could be NULL: unchecked value from [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
# 2180|   	sys_ngroups = sysconf (_SC_NGROUPS_MAX);
# 2181|   	user_groups = XMALLOC(sys_ngroups + 1, char *);
# 2182|-> 	user_groups[0] = NULL;
# 2183|   
# 2184|   	is_shadow_pwd = spw_file_present ();

Error: GCC_ANALYZER_WARNING (CWE-775): [#def119]
shadow-4.17.4/src/vipw.c:278:12: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(file, "r")’
shadow-4.17.4/src/vipw.c:476:5: enter_function: entry to ‘main’
shadow-4.17.4/src/vipw.c:547:20: branch_false: following ‘false’ branch...
shadow-4.17.4/src/vipw.c:552:12: branch_false: ...to here
shadow-4.17.4/src/vipw.c:552:12: branch_true: following ‘true’ branch (when ‘do_vigr != 0’)...
shadow-4.17.4/src/vipw.c:554:20: branch_true: ...to here
shadow-4.17.4/src/vipw.c:554:20: branch_false: following ‘false’ branch (when ‘editshadow == 0’)...
shadow-4.17.4/src/vipw.c:562:25: branch_false: ...to here
shadow-4.17.4/src/vipw.c:562:25: call_function: calling ‘vipwedit’ from ‘main’
#  276|   		vipwexit (_("failed to gain privileges"), errno, 1);
#  277|   #endif				/* WITH_TCB */
#  278|-> 	if (create_backup_file (f, fileedit, &st1) != 0) {
#  279|   		vipwexit (_("Couldn't make backup"), errno, 1);
#  280|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def120]
shadow-4.17.4/src/vipw.c:278:12: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(file, "r")’
shadow-4.17.4/src/vipw.c:476:5: enter_function: entry to ‘main’
shadow-4.17.4/src/vipw.c:547:20: branch_false: following ‘false’ branch...
shadow-4.17.4/src/vipw.c:552:12: branch_false: ...to here
shadow-4.17.4/src/vipw.c:552:12: branch_true: following ‘true’ branch (when ‘do_vigr != 0’)...
shadow-4.17.4/src/vipw.c:554:20: branch_true: ...to here
shadow-4.17.4/src/vipw.c:554:20: branch_false: following ‘false’ branch (when ‘editshadow == 0’)...
shadow-4.17.4/src/vipw.c:562:25: branch_false: ...to here
shadow-4.17.4/src/vipw.c:562:25: call_function: calling ‘vipwedit’ from ‘main’
#  276|   		vipwexit (_("failed to gain privileges"), errno, 1);
#  277|   #endif				/* WITH_TCB */
#  278|-> 	if (create_backup_file (f, fileedit, &st1) != 0) {
#  279|   		vipwexit (_("Couldn't make backup"), errno, 1);
#  280|   	}

Error: COMPILER_WARNING (CWE-252): [#def121]
shadow-4.17.4/src/vipw.c: scope_hint: In function ‘vipwedit’
shadow-4.17.4/src/vipw.c:446:9: warning[-Wunused-result]: ignoring return value of ‘link’ declared with attribute ‘warn_unused_result’
#  446 |         link (file, filebackup);
#      |         ^~~~~~~~~~~~~~~~~~~~~~~
#  444|   #endif				/* WITH_TCB */
#  445|   	unlink (filebackup);
#  446|-> 	link (file, filebackup);
#  447|   	if (rename (to_rename, file) == -1) {
#  448|   		fprintf (stderr,

Scan Properties