upower-1.90.9-1.fc43

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-476): [#def1]
upower-v1.90.9/redhat-linux-build/../libupower-glib/up-client.c:154:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘error’
upower-v1.90.9/redhat-linux-build/../libupower-glib/up-client.c:146:1: enter_function: entry to ‘up_client_get_devices2’
upower-v1.90.9/redhat-linux-build/../libupower-glib/up-client.c:148:27: release_memory: ‘error’ is NULL
upower-v1.90.9/redhat-linux-build/../libupower-glib/up-client.c:151:15: call_function: calling ‘up_client_get_devices_full’ from ‘up_client_get_devices2’
upower-v1.90.9/redhat-linux-build/../libupower-glib/up-client.c:151:15: return_function: returning to ‘up_client_get_devices2’ from ‘up_client_get_devices_full’
upower-v1.90.9/redhat-linux-build/../libupower-glib/up-client.c:152:12: branch_true: following ‘true’ branch...
upower-v1.90.9/redhat-linux-build/../libupower-glib/up-client.c:153:22: branch_true: ...to here
upower-v1.90.9/redhat-linux-build/../libupower-glib/up-client.c:153:22: release_memory: ‘error’ is NULL
upower-v1.90.9/redhat-linux-build/../libupower-glib/up-client.c:153:20: branch_true: following ‘true’ branch...
upower-v1.90.9/redhat-linux-build/../libupower-glib/up-client.c:154:25: branch_true: ...to here
upower-v1.90.9/redhat-linux-build/../libupower-glib/up-client.c:154:25: release_memory: ‘error’ is NULL
upower-v1.90.9/redhat-linux-build/../libupower-glib/up-client.c:154:25: danger: dereference of NULL ‘error’
#  152|   	if (!ret) {
#  153|   		if (!g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED))
#  154|-> 			g_warning ("up_client_get_devices failed: %s", error->message);
#  155|   		return NULL;
#  156|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def2]
upower-v1.90.9/redhat-linux-build/../src/linux/up-device-hid.c:301:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(g_udev_device_get_device_file(up_device_get_native(device)), 2048)’
upower-v1.90.9/redhat-linux-build/../src/linux/up-device-hid.c:284:12: branch_false: following ‘false’ branch...
upower-v1.90.9/redhat-linux-build/../src/linux/up-device-hid.c:289:12: branch_false: following ‘false’ branch...
upower-v1.90.9/redhat-linux-build/../src/linux/up-device-hid.c:295:9: branch_false: ...to here
upower-v1.90.9/redhat-linux-build/../src/linux/up-device-hid.c:296:12: branch_true: following ‘true’ branch...
upower-v1.90.9/redhat-linux-build/../src/linux/up-device-hid.c:299:17: branch_true: ...to here
upower-v1.90.9/redhat-linux-build/../src/linux/up-device-hid.c:300:33: acquire_resource: opened here
upower-v1.90.9/redhat-linux-build/../src/linux/up-device-hid.c:301:21: danger: ‘open(g_udev_device_get_device_file(up_device_get_native(device)), 2048)’ leaks here; was opened at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  299|   		g_debug ("using device: %s", device_file);
#  300|   		hid->priv->fd = open (device_file, O_RDONLY | O_NONBLOCK);
#  301|-> 		if (hid->priv->fd < 0) {
#  302|   			g_debug ("cannot open device file %s", device_file);
#  303|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def3]
upower-v1.90.9/redhat-linux-build/../src/linux/up-device-wup.c:299:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(g_udev_device_get_device_file(up_device_get_native(device)), 2050)’
upower-v1.90.9/redhat-linux-build/../src/linux/up-device-wup.c:288:12: branch_false: following ‘false’ branch...
upower-v1.90.9/redhat-linux-build/../src/linux/up-device-wup.c:293:12: branch_false: following ‘false’ branch...
upower-v1.90.9/redhat-linux-build/../src/linux/up-device-wup.c:299:9: branch_false: ...to here
upower-v1.90.9/redhat-linux-build/../src/linux/up-device-wup.c:299:25: acquire_resource: opened here
upower-v1.90.9/redhat-linux-build/../src/linux/up-device-wup.c:299:25: danger: ‘open(g_udev_device_get_device_file(up_device_get_native(device)), 2050)’ leaks here; was opened at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  297|   
#  298|   	/* connect to the device */
#  299|-> 	wup->priv->fd = open (device_file, O_RDWR | O_NONBLOCK);
#  300|   	if (wup->priv->fd < 0) {
#  301|   		g_debug ("cannot open device file %s", device_file);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def4]
upower-v1.90.9/redhat-linux-build/../src/linux/up-device-wup.c:300:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(g_udev_device_get_device_file(up_device_get_native(device)), 2050)’
upower-v1.90.9/redhat-linux-build/../src/linux/up-device-wup.c:288:12: branch_false: following ‘false’ branch...
upower-v1.90.9/redhat-linux-build/../src/linux/up-device-wup.c:293:12: branch_false: following ‘false’ branch...
upower-v1.90.9/redhat-linux-build/../src/linux/up-device-wup.c:299:9: branch_false: ...to here
upower-v1.90.9/redhat-linux-build/../src/linux/up-device-wup.c:299:25: acquire_resource: opened here
upower-v1.90.9/redhat-linux-build/../src/linux/up-device-wup.c:300:13: danger: ‘open(g_udev_device_get_device_file(up_device_get_native(device)), 2050)’ leaks here; was opened at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  298|   	/* connect to the device */
#  299|   	wup->priv->fd = open (device_file, O_RDWR | O_NONBLOCK);
#  300|-> 	if (wup->priv->fd < 0) {
#  301|   		g_debug ("cannot open device file %s", device_file);
#  302|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-121): [#def5]
upower-v1.90.9/redhat-linux-build/../src/linux/up-input.c:103:17: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
upower-v1.90.9/redhat-linux-build/../src/linux/up-input.c:183:1: enter_function: entry to ‘up_input_coldplug’
upower-v1.90.9/redhat-linux-build/../src/linux/up-input.c:216:12: branch_false: following ‘false’ branch...
upower-v1.90.9/redhat-linux-build/../src/linux/up-input.c:223:20: branch_false: ...to here
upower-v1.90.9/redhat-linux-build/../src/linux/up-input.c:223:20: call_function: calling ‘up_input_str_to_bitmask’ from ‘up_input_coldplug’
#  101|   
#  102|   		val = strtoul (v[i], NULL, 16);
#  103|-> 		bitmask[j] = val;
#  104|   
#  105|   		while (val != 0) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def6]
upower-v1.90.9/redhat-linux-build/../src/up-device-battery.c:695:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘error’
upower-v1.90.9/redhat-linux-build/../src/up-device-battery.c:639:1: enter_function: entry to ‘up_device_battery_set_charge_threshold’
upower-v1.90.9/redhat-linux-build/../src/up-device-battery.c:649:28: release_memory: ‘error’ is NULL
upower-v1.90.9/redhat-linux-build/../src/up-device-battery.c:653:12: branch_false: following ‘false’ branch (when ‘self’ is non-NULL)...
upower-v1.90.9/redhat-linux-build/../src/up-device-battery.c:660:14: branch_false: ...to here
upower-v1.90.9/redhat-linux-build/../src/up-device-battery.c:660:12: branch_false: following ‘false’ branch...
upower-v1.90.9/redhat-linux-build/../src/up-device-battery.c:667:9: branch_false: ...to here
upower-v1.90.9/redhat-linux-build/../src/up-device-battery.c:674:12: branch_false: following ‘false’ branch...
upower-v1.90.9/redhat-linux-build/../src/up-device-battery.c:681:22: branch_false: ...to here
upower-v1.90.9/redhat-linux-build/../src/up-device-battery.c:682:14: call_function: calling ‘up_device_battery_charge_threshold_state_write’ from ‘up_device_battery_set_charge_threshold’
upower-v1.90.9/redhat-linux-build/../src/up-device-battery.c:682:14: return_function: returning to ‘up_device_battery_set_charge_threshold’ from ‘up_device_battery_charge_threshold_state_write’
upower-v1.90.9/redhat-linux-build/../src/up-device-battery.c:692:23: call_function: inlined call to ‘up_device_battery_set_charge_thresholds’ from ‘up_device_battery_set_charge_threshold’
upower-v1.90.9/redhat-linux-build/../src/up-device-battery.c:697:105: branch_true: ...to here
upower-v1.90.9/redhat-linux-build/../src/up-device-battery.c:697:105: release_memory: ‘error’ is NULL
upower-v1.90.9/redhat-linux-build/../src/up-device-battery.c:695:17: danger: dereference of NULL ‘error’
#  693|   
#  694|   	if (!ret) {
#  695|-> 		g_dbus_method_invocation_return_error (invocation,
#  696|   						       UP_DAEMON_ERROR, UP_DAEMON_ERROR_GENERAL,
#  697|   						       "failed on setting charging threshold: %s", error->message);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def7]
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:295:62: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(g_build_filename(dir_path, "brightness", 0), 2)’
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:256:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:264:16: branch_true: following ‘true’ branch...
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:265:21: branch_true: ...to here
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:273:12: branch_false: following ‘false’ branch (when ‘dir_path’ is non-NULL)...
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:277:20: branch_false: ...to here
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:279:12: branch_false: following ‘false’ branch...
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:284:47: branch_false: ...to here
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:292:35: acquire_resource: opened here
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:295:62: danger: ‘open(g_build_filename(dir_path, "brightness", 0), 2)’ leaks here; was opened at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#  293|   
#  294|   	/* read brightness and check if it has an acceptable value */
#  295|-> 	if (up_kbd_backlight_brightness_read (kbd_backlight, kbd_backlight->priv->fd) < 0)
#  296|   		goto out;
#  297|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def8]
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:300:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(g_build_filename(dir_path, "brightness_hw_changed", 0), 0)’
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:256:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:264:16: branch_true: following ‘true’ branch...
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:265:21: branch_true: ...to here
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:273:12: branch_false: following ‘false’ branch (when ‘dir_path’ is non-NULL)...
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:277:20: branch_false: ...to here
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:279:12: branch_false: following ‘false’ branch...
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:284:47: branch_false: ...to here
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:295:12: branch_false: following ‘false’ branch...
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:298:27: branch_false: ...to here
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:299:46: acquire_resource: opened here
upower-v1.90.9/redhat-linux-build/../src/up-kbd-backlight.c:300:13: danger: ‘open(g_build_filename(dir_path, "brightness_hw_changed", 0), 0)’ leaks here; was opened at [(11)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/10)
#  298|   	path_hw_changed = g_build_filename (dir_path, "brightness_hw_changed", NULL);
#  299|   	kbd_backlight->priv->fd_hw_changed = open (path_hw_changed, O_RDONLY);
#  300|-> 	if (kbd_backlight->priv->fd_hw_changed >= 0) {
#  301|   		kbd_backlight->priv->channel_hw_changed = g_io_channel_unix_new (kbd_backlight->priv->fd_hw_changed);
#  302|   		g_io_add_watch (kbd_backlight->priv->channel_hw_changed,
Scan Properties

analyzer-version-clippy	1.86.0
analyzer-version-cppcheck	2.17.1
analyzer-version-gcc	15.0.1
analyzer-version-gcc-analyzer	15.0.1
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-13.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	upower-1.90.9-1.fc43
store-results-to	/tmp/tmpkndzeep5/upower-1.90.9-1.fc43.tar.xz
time-created	2025-04-25 15:58:38
time-finished	2025-04-25 16:00:09
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpkndzeep5/upower-1.90.9-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpkndzeep5/upower-1.90.9-1.fc43.src.rpm'
tool-version	csmock-3.8.1.20250422.172604.g26bc3d6-1.el9