usbutils-018-3.fc43

List of Findings

Error: CPPCHECK_WARNING (CWE-457): [#def1]
usbutils-018/lsusb-t.c:517: error[uninitvar]: Uninitialized variable: pd
#  515|   	char n[MY_SYSFS_FILENAME_LEN], *p;
#  516|   
#  517|-> 	list_for_each(&usbdevlist, pd, list) {
#  518|   		if (pd == d)
#  519|   			continue;

Error: CPPCHECK_WARNING (CWE-457): [#def2]
usbutils-018/lsusb-t.c:575: error[uninitvar]: Uninitialized variable: d
#  573|   	struct usbinterface *e;
#  574|   
#  575|-> 	list_for_each(&usbdevlist, d, list) {
#  576|   		if (d->parent_portnum)
#  577|   			assign_dev_to_parent(d);

Error: CPPCHECK_WARNING (CWE-457): [#def3]
usbutils-018/lsusb-t.c:581: error[legacyUninitvar]: Uninitialized variable: e
#  579|   			assign_dev_to_bus(d);
#  580|   
#  581|-> 		list_for_each(&interfacelist, e, list) {
#  582|   			if (!e->parent)
#  583|   				assign_interface_to_parent(d, e);

Error: CPPCHECK_WARNING (CWE-457): [#def4]
usbutils-018/lsusb-t.c:726: error[uninitvar]: Uninitialized variable: device
#  724|   	struct usbbusnode *bus, *tempb;
#  725|   
#  726|-> 	list_for_each_safe(&usbdevlist, device, tempd, list) {
#  727|   		free(device);
#  728|   	}

Error: CPPCHECK_WARNING (CWE-457): [#def5]
usbutils-018/lsusb-t.c:730: error[uninitvar]: Uninitialized variable: interface
#  728|   	}
#  729|   
#  730|-> 	list_for_each_safe(&interfacelist, interface, templ, list) {
#  731|   		free(interface);
#  732|   	}

Error: GCC_ANALYZER_WARNING (CWE-127): [#def6]
usbutils-018/redhat-linux-build/../usbmisc.c:80:51: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
usbutils-018/redhat-linux-build/../usbmisc.c:104:16: enter_function: entry to ‘get_usb_device’
usbutils-018/redhat-linux-build/../usbmisc.c:112:9: call_function: calling ‘readlink_recursive’ from ‘get_usb_device’
usbutils-018/redhat-linux-build/../usbmisc.c:112:9: return_function: returning to ‘get_usb_device’ from ‘readlink_recursive’
usbutils-018/redhat-linux-build/../usbmisc.c:113:9: call_function: calling ‘get_absolute_path’ from ‘get_usb_device’
#   78|   			result_size--;
#   79|   		} else if (*ppath == '.' && *(ppath + 1) == '.' &&
#   80|-> 			   *(ppath + 2) == '/' && *(presult - 1) == '/') {
#   81|   			if ((presult - 1) != result) {
#   82|   				/* go one directory upper */

Error: GCC_ANALYZER_WARNING (CWE-127): [#def7]
usbutils-018/redhat-linux-build/../usbmisc.c:86:42: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
usbutils-018/redhat-linux-build/../usbmisc.c:104:16: enter_function: entry to ‘get_usb_device’
usbutils-018/redhat-linux-build/../usbmisc.c:112:9: call_function: calling ‘readlink_recursive’ from ‘get_usb_device’
usbutils-018/redhat-linux-build/../usbmisc.c:112:9: return_function: returning to ‘get_usb_device’ from ‘readlink_recursive’
usbutils-018/redhat-linux-build/../usbmisc.c:113:9: call_function: calling ‘get_absolute_path’ from ‘get_usb_device’
#   84|   					presult--;
#   85|   					result_size++;
#   86|-> 				} while (*(presult - 1) != '/');
#   87|   			}
#   88|   			ppath += 3;

Error: GCC_ANALYZER_WARNING (CWE-127): [#def8]
usbutils-018/redhat-linux-build/../usbmisc.c:91:28: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
usbutils-018/redhat-linux-build/../usbmisc.c:104:16: enter_function: entry to ‘get_usb_device’
usbutils-018/redhat-linux-build/../usbmisc.c:112:9: call_function: calling ‘readlink_recursive’ from ‘get_usb_device’
usbutils-018/redhat-linux-build/../usbmisc.c:112:9: return_function: returning to ‘get_usb_device’ from ‘readlink_recursive’
usbutils-018/redhat-linux-build/../usbmisc.c:113:9: call_function: calling ‘get_absolute_path’ from ‘get_usb_device’
#   89|   		} else if (*ppath == '.'  &&
#   90|   			   *(ppath + 1) == '/' &&
#   91|-> 			   *(presult - 1) == '/') {
#   92|   			ppath += 2;
#   93|   		} else {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def9]
usbutils-018/redhat-linux-build/../usbmisc.c:169:12: warning[-Wanalyzer-malloc-leak]: leak of ‘iconv_open(nl_langinfo(14), "UTF-16LE")’
usbutils-018/redhat-linux-build/../usbmisc.c:167:16: acquire_memory: allocated here
usbutils-018/redhat-linux-build/../usbmisc.c:169:12: danger: ‘iconv_open(nl_langinfo(14), "UTF-16LE")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  167|   	conv = iconv_open(nl_langinfo(CODESET), "UTF-16LE");
#  168|   
#  169|-> 	if (conv == (iconv_t) -1)
#  170|   		return NULL;
#  171|

Scan Properties

analyzer-version-clippy1.86.0
analyzer-version-cppcheck2.17.1
analyzer-version-gcc15.0.1
analyzer-version-gcc-analyzer15.0.1
analyzer-version-shellcheck0.10.0
analyzer-version-unicontrol0.0.2
enabled-pluginsclippy, cppcheck, gcc, shellcheck, unicontrol
exit-code0
hostip-172-16-1-211.us-west-2.compute.internal
known-false-positives/usr/share/csmock/known-false-positives.js
known-false-positives-rpmknown-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch
mock-configfedora-rawhide-x86_64
project-nameusbutils-018-3.fc43
store-results-to/tmp/tmpyp3l2x1p/usbutils-018-3.fc43.tar.xz
time-created2025-04-25 16:09:51
time-finished2025-04-25 16:11:03
toolcsmock
tool-args'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpyp3l2x1p/usbutils-018-3.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpyp3l2x1p/usbutils-018-3.fc43.src.rpm'
tool-versioncsmock-3.8.1.20250422.172604.g26bc3d6-1.el9