Error: GCC_ANALYZER_WARNING (CWE-476): [#def1] vlc-3.0.21/modules/lua/libs/net.c:315:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xmalloc((long unsigned int)i_fds * 4) + (long unsigned int)i * 4’ vlc-3.0.21/modules/lua/libs/net.c:297:12: enter_function: entry to ‘vlclua_net_poll’ vlc-3.0.21/modules/lua/libs/net.c:309:28: call_function: calling ‘xmalloc’ from ‘vlclua_net_poll’ vlc-3.0.21/modules/lua/libs/net.c:309:28: return_function: returning to ‘vlclua_net_poll’ from ‘xmalloc’ vlc-3.0.21/modules/lua/libs/net.c:310:19: call_function: calling ‘xmalloc’ from ‘vlclua_net_poll’ vlc-3.0.21/modules/lua/libs/net.c:310:19: return_function: returning to ‘vlclua_net_poll’ from ‘xmalloc’ vlc-3.0.21/modules/lua/libs/net.c:313:21: branch_true: following ‘true’ branch... vlc-3.0.21/modules/lua/libs/net.c:315:21: branch_true: ...to here vlc-3.0.21/modules/lua/libs/net.c:315:9: danger: ‘xmalloc((long unsigned int)i_fds * 4) + (long unsigned int)i * 4’ could be NULL: unchecked value from [(9)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/8) # 313| for( int i = 0; lua_next( L, 1 ); i++ ) # 314| { # 315|-> luafds[i] = luaL_checkint( L, -2 ); # 316| p_fds[i].fd = vlclua_fd_get( L, luafds[i] ); # 317| p_fds[i].events = luaL_checkinteger( L, -1 ); Error: GCC_ANALYZER_WARNING (CWE-476): [#def2] vlc-3.0.21/modules/lua/libs/net.c:337:29: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xmalloc((long unsigned int)i_fds * 4) + (long unsigned int)i * 4’ vlc-3.0.21/modules/lua/libs/net.c:297:12: enter_function: entry to ‘vlclua_net_poll’ vlc-3.0.21/modules/lua/libs/net.c:309:28: call_function: calling ‘xmalloc’ from ‘vlclua_net_poll’ vlc-3.0.21/modules/lua/libs/net.c:309:28: return_function: returning to ‘vlclua_net_poll’ from ‘xmalloc’ vlc-3.0.21/modules/lua/libs/net.c:310:19: call_function: calling ‘xmalloc’ from ‘vlclua_net_poll’ vlc-3.0.21/modules/lua/libs/net.c:310:19: return_function: returning to ‘vlclua_net_poll’ from ‘xmalloc’ vlc-3.0.21/modules/lua/libs/net.c:313:21: branch_false: following ‘false’ branch... vlc-3.0.21/modules/lua/libs/net.c:322:29: branch_false: ...to here vlc-3.0.21/modules/lua/libs/net.c:327:11: branch_true: following ‘true’ branch... branch_true: ...to here vlc-3.0.21/modules/lua/libs/net.c:335:21: branch_true: following ‘true’ branch (when ‘i_fds > i’)... vlc-3.0.21/modules/lua/libs/net.c:337:35: branch_true: ...to here vlc-3.0.21/modules/lua/libs/net.c:337:29: danger: ‘xmalloc((long unsigned int)i_fds * 4) + (long unsigned int)i * 4’ could be NULL: unchecked value from [(9)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/8) # 335| for( int i = 0; i < i_fds; i++ ) # 336| { # 337|-> lua_pushinteger( L, luafds[i] ); # 338| lua_pushinteger( L, (val >= 0) ? p_fds[i].revents : 0 ); # 339| lua_settable( L, 1 ); Error: GCC_ANALYZER_WARNING (CWE-476): [#def3] vlc-3.0.21/src/config/core.c:443:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘xmalloc(count * 8) + i * 8’ vlc-3.0.21/src/config/core.c:397:9: enter_function: entry to ‘config_GetPszChoices’ vlc-3.0.21/src/config/core.c:402:28: call_function: calling ‘config_FindConfig’ from ‘config_GetPszChoices’ vlc-3.0.21/src/config/core.c:402:28: return_function: returning to ‘config_GetPszChoices’ from ‘config_FindConfig’ vlc-3.0.21/src/config/core.c:403:8: branch_false: following ‘false’ branch... vlc-3.0.21/src/config/core.c:409:13: branch_false: ...to here vlc-3.0.21/src/config/core.c:409:5: branch_false: following ‘false’ branch... vlc-3.0.21/src/config/core.c:413:9: branch_false: ...to here vlc-3.0.21/src/config/core.c:414:16: branch_false: following ‘false’ branch... vlc-3.0.21/src/config/core.c:422:20: branch_false: ...to here vlc-3.0.21/src/config/core.c:423:8: branch_false: following ‘false’ branch (when ‘count != 0’)... vlc-3.0.21/src/config/core.c:436:28: branch_false: ...to here vlc-3.0.21/src/config/core.c:436:19: call_function: calling ‘xmalloc’ from ‘config_GetPszChoices’ vlc-3.0.21/src/config/core.c:436:19: return_function: returning to ‘config_GetPszChoices’ from ‘xmalloc’ vlc-3.0.21/src/config/core.c:437:19: call_function: calling ‘xmalloc’ from ‘config_GetPszChoices’ vlc-3.0.21/src/config/core.c:437:19: return_function: returning to ‘config_GetPszChoices’ from ‘xmalloc’ vlc-3.0.21/src/config/core.c:439:24: branch_true: following ‘true’ branch (when ‘i < count’)... vlc-3.0.21/src/config/core.c:441:29: branch_true: ...to here vlc-3.0.21/src/config/core.c:441:19: call_function: calling ‘xstrdup’ from ‘config_GetPszChoices’ vlc-3.0.21/src/config/core.c:441:19: return_function: returning to ‘config_GetPszChoices’ from ‘xstrdup’ vlc-3.0.21/src/config/core.c:443:19: branch_false: following ‘false’ branch... vlc-3.0.21/src/config/core.c:443:13: branch_false: ...to here vlc-3.0.21/src/config/core.c:443:19: call_function: calling ‘xstrdup’ from ‘config_GetPszChoices’ vlc-3.0.21/src/config/core.c:443:19: return_function: returning to ‘config_GetPszChoices’ from ‘xstrdup’ vlc-3.0.21/src/config/core.c:443:9: danger: ‘xmalloc(count * 8) + i * 8’ could be NULL: unchecked value from [(27)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/26) # 441| vals[i] = xstrdup ((cfg->list.psz[i] != NULL) ? cfg->list.psz[i] : ""); # 442| /* FIXME: use module_gettext() instead */ # 443|-> txts[i] = xstrdup ((cfg->list_text[i] != NULL) # 444| ? vlc_gettext (cfg->list_text[i]) : ""); # 445| }
| analyzer-version-clippy | 1.86.0 |
| analyzer-version-cppcheck | 2.17.1 |
| analyzer-version-gcc | 15.0.1 |
| analyzer-version-gcc-analyzer | 15.0.1 |
| analyzer-version-shellcheck | 0.10.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.86.0 |
| diffbase-analyzer-version-cppcheck | 2.17.1 |
| diffbase-analyzer-version-gcc | 15.0.1 |
| diffbase-analyzer-version-gcc-analyzer | 15.0.1 |
| diffbase-analyzer-version-shellcheck | 0.10.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-20.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | vlc-3.0.21-21.fc43 |
| diffbase-store-results-to | /tmp/tmp687yrqd4/vlc-3.0.21-21.fc43.tar.xz |
| diffbase-time-created | 2025-04-25 16:09:34 |
| diffbase-time-finished | 2025-04-25 16:23:08 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmp687yrqd4/vlc-3.0.21-21.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp687yrqd4/vlc-3.0.21-21.fc43.src.rpm' |
| diffbase-tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-20.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | vlc-3.0.21-19.fc42 |
| store-results-to | /tmp/tmpjc4qgqcg/vlc-3.0.21-19.fc42.tar.xz |
| time-created | 2025-04-25 15:54:27 |
| time-finished | 2025-04-25 16:08:39 |
| title | Fixed findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmpjc4qgqcg/vlc-3.0.21-19.fc42.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpjc4qgqcg/vlc-3.0.21-19.fc42.src.rpm' |
| tool-version | csmock-3.8.1.20250422.172604.g26bc3d6-1.el9 |