vte291-0.80.1-1.fc43

List of Findings

Error: SHELLCHECK_WARNING (CWE-758): [#def1]
/etc/profile.d/vte.sh:1:1: error[SC2148]: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
#    1|-> # Copyright © 2012 Christian Persch
#    2|   #
#    3|   # This program is free software: you can redistribute it and/or modify

Error: SHELLCHECK_WARNING (CWE-477): [#def2]
/etc/profile.d/vte.sh:17:26: warning[SC2166]: Prefer [ p ] || [ q ] as [ p -o q ] is not well defined.
#   15|   
#   16|   # Not bash or zsh?
#   17|-> [ -n "${BASH_VERSION:-}" -o -n "${ZSH_VERSION:-}" ] || return 0
#   18|   
#   19|   # Not an interactive shell?

Error: SHELLCHECK_WARNING (CWE-398): [#def3]
/etc/profile.d/vte.sh:86:9: warning[SC2178]: Variable was used as an array but is now assigned a string.
#   84|           PROMPT_COMMAND+=(__vte_osc7)
#   85|       else
#   86|->         PROMPT_COMMAND="__vte_prompt_command"
#   87|       fi
#   88|       PS0=$(__vte_termprop_signal "vte.shell.preexec")

Error: SHELLCHECK_WARNING (CWE-140): [#def4]
/etc/profile.d/vte.sh:144:42: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a.
#  142|               return $errsv
#  143|           }
#  144|->         preexec_functions=(__vte_preexec $preexec $preexec_functions)
#  145|           unset preexec
#  146|       fi

Error: SHELLCHECK_WARNING (CWE-140): [#def5]
/etc/profile.d/vte.sh:144:51: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a.
#  142|               return $errsv
#  143|           }
#  144|->         preexec_functions=(__vte_preexec $preexec $preexec_functions)
#  145|           unset preexec
#  146|       fi

Error: GCC_ANALYZER_WARNING (CWE-479): [#def6]
vte-0.80.1/redhat-linux-build/../src/mev.c:50:9: warning[-Wanalyzer-unsafe-call-within-signal-handler]: call to ‘fprintf’ from within signal handler
vte-0.80.1/redhat-linux-build/../src/mev.c:348:1: enter_function: entry to ‘main’
vte-0.80.1/redhat-linux-build/../src/mev.c:354:12: branch_false: following ‘false’ branch...
vte-0.80.1/redhat-linux-build/../src/mev.c:359:9: branch_false: ...to here
vte-0.80.1/redhat-linux-build/../src/mev.c:338:1: enter_function: entry to ‘sigint_handler’
vte-0.80.1/redhat-linux-build/../src/mev.c:343:9: call_function: calling ‘reset’ from ‘sigint_handler’
#   48|   decset(int mode, gboolean value)
#   49|   {
#   50|-> 	fprintf(stdout, _VTE_CAP_CSI "?%d%c", mode, value ? 'h' : 'l');
#   51|   }
#   52|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def7]
vte-0.80.1/redhat-linux-build/../src/slowcat.c:72:12: warning[-Wanalyzer-file-leak]: leak of FILE ‘fp’
vte-0.80.1/redhat-linux-build/../src/slowcat.c:78:1: enter_function: entry to ‘main’
vte-0.80.1/redhat-linux-build/../src/slowcat.c:105:26: branch_true: following ‘true’ branch (when ‘i < argc’)...
vte-0.80.1/redhat-linux-build/../src/slowcat.c:106:50: branch_true: ...to here
vte-0.80.1/redhat-linux-build/../src/slowcat.c:109:12: branch_true: following ‘true’ branch (when ‘files’ is non-NULL)...
 branch_true: ...to here
vte-0.80.1/redhat-linux-build/../src/slowcat.c:110:36: branch_true: following ‘true’ branch (when ‘file’ is non-NULL)...
vte-0.80.1/redhat-linux-build/../src/slowcat.c:111:46: branch_true: ...to here
vte-0.80.1/redhat-linux-build/../src/slowcat.c:111:25: call_function: calling ‘catfile’ from ‘main’
#   70|   	g_free(buf);
#   71|   
#   72|-> 	if (fp != stdin) {
#   73|   		fclose(fp);
#   74|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
vte-0.80.1/redhat-linux-build/../src/slowcat.c:72:12: warning[-Wanalyzer-malloc-leak]: leak of ‘fp’
vte-0.80.1/redhat-linux-build/../src/slowcat.c:78:1: enter_function: entry to ‘main’
vte-0.80.1/redhat-linux-build/../src/slowcat.c:105:26: branch_true: following ‘true’ branch (when ‘i < argc’)...
vte-0.80.1/redhat-linux-build/../src/slowcat.c:106:50: branch_true: ...to here
vte-0.80.1/redhat-linux-build/../src/slowcat.c:109:12: branch_true: following ‘true’ branch (when ‘files’ is non-NULL)...
 branch_true: ...to here
vte-0.80.1/redhat-linux-build/../src/slowcat.c:110:36: branch_true: following ‘true’ branch (when ‘file’ is non-NULL)...
vte-0.80.1/redhat-linux-build/../src/slowcat.c:111:46: branch_true: ...to here
vte-0.80.1/redhat-linux-build/../src/slowcat.c:111:25: call_function: calling ‘catfile’ from ‘main’
#   70|   	g_free(buf);
#   71|   
#   72|-> 	if (fp != stdin) {
#   73|   		fclose(fp);
#   74|   	}

Error: COMPILER_WARNING (CWE-569): [#def9]
vte-0.80.1/src/vteaccess-gtk4.cc: scope_hint: In function ‘GBytes* vte_accessible_text_get_contents_at(GtkAccessibleText*, guint, GtkAccessibleTextGranularity, guint*, guint*)’
vte-0.80.1/src/vteaccess-gtk4.cc:502:39: warning[-Wtype-limits]: comparison of unsigned expression in ‘>= 0’ is always true
#  502 |                         while (offset >= 0 &&
#      |                                ~~~~~~~^~~~
#  500|                   if (!impl->is_word_char (ch)) {
#  501|                           /* Find the end of the previous word, updating the offset to this positio n*/
#  502|->                         while (offset >= 0 &&
#  503|                                  (ch = vte_accessible_text_contents_get_char_at (contents, offset)) &&
#  504|                                  !impl->is_word_char (ch)) {

Error: COMPILER_WARNING (CWE-569): [#def10]
vte-0.80.1/src/vteaccess-gtk4.cc:511:31: warning[-Wtype-limits]: comparison of unsigned expression in ‘>= 0’ is always true
#  511 |                 while (*start >= 0 &&
#      |                        ~~~~~~~^~~~
#  509|                   *end = offset;
#  510|   
#  511|->                 while (*start >= 0 &&
#  512|                          (ch = vte_accessible_text_contents_get_char_at (contents, *start)) &&
#  513|                          impl->is_word_char (ch)) {

Error: CPPCHECK_WARNING (CWE-457): [#def11]
vte-0.80.1/src/vteunistr.h:125: error[legacyUninitvar]: Uninitialized variable: first
#  123|           }
#  124|   
#  125|->         outbuf[0] = c | first;
#  126|   
#  127|           // GLib can do an inlined append()

Scan Properties

analyzer-version-clippy	1.86.0
analyzer-version-cppcheck	2.17.1
analyzer-version-gcc	15.0.1
analyzer-version-gcc-analyzer	15.0.1
analyzer-version-shellcheck	0.10.0
analyzer-version-unicontrol	0.0.2
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-251.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250425.124705.g1c7c448.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	vte291-0.80.1-1.fc43
store-results-to	/tmp/tmp5d_gxjmt/vte291-0.80.1-1.fc43.tar.xz
time-created	2025-04-25 16:05:33
time-finished	2025-04-25 16:08:54
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'unicontrol,cppcheck,gcc,clippy,shellcheck' '-o' '/tmp/tmp5d_gxjmt/vte291-0.80.1-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp5d_gxjmt/vte291-0.80.1-1.fc43.src.rpm'
tool-version	csmock-3.8.1.20250422.172604.g26bc3d6-1.el9