Error: CPPCHECK_WARNING (CWE-476): [#def1] bluez-5.84/emulator/btdev.c:5459: warning[nullPointer]: Possible null pointer dereference: remote # 5457| # 5458| /* Match SID */ # 5459|-> ext_adv = queue_find(remote->le_ext_adv, match_sid, # 5460| UINT_TO_PTR(per_adv->sid)); # 5461| if (!ext_adv) Error: GCC_ANALYZER_WARNING (CWE-476): [#def2] bluez-5.84/emulator/btdev.c:5459:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘remote’ bluez-5.84/emulator/btdev.c:5803:12: enter_function: entry to ‘cmd_pa_create_sync_cancel’ bluez-5.84/emulator/btdev.c:5825:17: call_function: calling ‘le_pa_sync_estabilished’ from ‘cmd_pa_create_sync_cancel’ # 5457| # 5458| /* Match SID */ # 5459|-> ext_adv = queue_find(remote->le_ext_adv, match_sid, # 5460| UINT_TO_PTR(per_adv->sid)); # 5461| if (!ext_adv) Error: GCC_ANALYZER_WARNING (CWE-401): [#def3] bluez-5.84/src/shared/hfp.c:905:19: warning[-Wanalyzer-malloc-leak]: leak of 'lookup_prefix' bluez-5.84/src/shared/hfp.c:901:25: acquire_memory: allocated here bluez-5.84/src/shared/hfp.c:902:12: branch_false: following 'false' branch (when 'lookup_prefix' is non-NULL)... bluez-5.84/src/shared/hfp.c:905:19: branch_false: ...to here bluez-5.84/src/shared/hfp.c:905:19: throw: if 'queue_remove_if' throws an exception... bluez-5.84/src/shared/hfp.c:905:19: danger: 'lookup_prefix' leaks here; was allocated at [(1)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/0) # 903| return false; # 904| # 905|-> handler = queue_remove_if(hfp->cmd_handlers, match_handler_prefix, # 906| lookup_prefix); # 907| free(lookup_prefix); Error: GCC_ANALYZER_WARNING (CWE-401): [#def4] bluez-5.84/src/shared/hfp.c:1263:9: warning[-Wanalyzer-malloc-leak]: leak of 'tmp' bluez-5.84/src/shared/hfp.c:1201:12: branch_false: following 'false' branch... bluez-5.84/src/shared/hfp.c:1206:15: branch_false: ...to here bluez-5.84/src/shared/hfp.c:1207:16: branch_false: following 'false' branch (when 'ptr' is NULL)... bluez-5.84/src/shared/hfp.c:1225:20: branch_false: ...to here bluez-5.84/src/shared/hfp.c:1225:12: branch_false: following 'false' branch... bluez-5.84/src/shared/hfp.c:1228:16: branch_false: ...to here bluez-5.84/src/shared/hfp.c:1229:12: branch_false: following 'false' branch... bluez-5.84/src/shared/hfp.c:1232:15: branch_false: ...to here bluez-5.84/src/shared/hfp.c:1233:12: branch_true: following 'true' branch... bluez-5.84/src/shared/hfp.c:1235:23: branch_true: ...to here bluez-5.84/src/shared/hfp.c:1236:20: branch_false: following 'false' branch (when 'ptr' is non-NULL)... bluez-5.84/src/shared/hfp.c:1240:17: branch_false: ...to here bluez-5.84/src/shared/hfp.c:1242:12: branch_true: following 'true' branch (when 'count != 0')... bluez-5.84/src/shared/hfp.c:1243:17: branch_true: ...to here bluez-5.84/src/shared/hfp.c:1245:23: acquire_memory: allocated here bluez-5.84/src/shared/hfp.c:1246:20: branch_false: following 'false' branch (when 'tmp' is non-NULL)... bluez-5.84/src/shared/hfp.c:1250:17: branch_false: ...to here bluez-5.84/src/shared/hfp.c:1263:9: throw: if 'ringbuf_drain' throws an exception... bluez-5.84/src/shared/hfp.c:1263:9: danger: 'tmp' leaks here; was allocated at [(15)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/14) # 1261| # 1262| done: # 1263|-> ringbuf_drain(hfp->read_buf, offset); # 1264| # 1265| if (free_tmp) Error: GCC_ANALYZER_WARNING (CWE-404): [#def5] bluez-5.84/src/shared/hfp.c:1467:15: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' bluez-5.84/src/shared/hfp.c:1458:12: branch_false: following 'false' branch... bluez-5.84/src/shared/hfp.c:1461:12: branch_false: following 'false' branch... bluez-5.84/src/shared/hfp.c:1464:15: branch_false: ...to here bluez-5.84/src/shared/hfp.c:1466:9: acquire_resource: 'va_start' called here bluez-5.84/src/shared/hfp.c:1467:15: throw: if 'ringbuf_vprintf' throws an exception... bluez-5.84/src/shared/hfp.c:1467:15: danger: missing call to 'va_end' to match 'va_start' at [(5)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/4) # 1465| # 1466| va_start(ap, format); # 1467|-> len = ringbuf_vprintf(hfp->write_buf, fmt, ap); # 1468| va_end(ap); # 1469| Error: GCC_ANALYZER_WARNING (CWE-401): [#def6] bluez-5.84/tools/iso-tester.c:1918:17: warning[-Wanalyzer-malloc-leak]: leak of ‘addr’ bluez-5.84/tools/iso-tester.c:2894:13: enter_function: entry to ‘test_defer’ bluez-5.84/tools/iso-tester.c:2900:14: call_function: calling ‘create_iso_sock’ from ‘test_defer’ # 1916| # 1917| if (err < 0) { # 1918|-> err = -errno; # 1919| tester_warn("Can't bind socket: %s (%d)", strerror(errno), # 1920| errno); Error: GCC_ANALYZER_WARNING (CWE-401): [#def7] bluez-5.84/tools/iso-tester.c:1921:17: warning[-Wanalyzer-malloc-leak]: leak of ‘addr’ bluez-5.84/tools/iso-tester.c:2894:13: enter_function: entry to ‘test_defer’ bluez-5.84/tools/iso-tester.c:2900:14: call_function: calling ‘create_iso_sock’ from ‘test_defer’ # 1919| tester_warn("Can't bind socket: %s (%d)", strerror(errno), # 1920| errno); # 1921|-> close(sk); # 1922| return err; # 1923| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def8] bluez-5.84/tools/iso-tester.c:1926:1: warning[-Wanalyzer-malloc-leak]: leak of ‘addr’ bluez-5.84/tools/iso-tester.c:2894:13: enter_function: entry to ‘test_defer’ bluez-5.84/tools/iso-tester.c:2900:14: call_function: calling ‘create_iso_sock’ from ‘test_defer’ # 1924| # 1925| return sk; # 1926|-> } # 1927| # 1928| static int connect_iso_sock(struct test_data *data, uint8_t num, int sk) Error: GCC_ANALYZER_WARNING (CWE-401): [#def9] bluez-5.84/tools/iso-tester.c:2988:17: warning[-Wanalyzer-malloc-leak]: leak of ‘addr’ bluez-5.84/tools/iso-tester.c:2937:12: branch_false: following ‘false’ branch (when ‘sk >= 0’)... bluez-5.84/tools/iso-tester.c:2944:15: branch_false: ...to here bluez-5.84/tools/iso-tester.c:2945:12: branch_false: following ‘false’ branch... bluez-5.84/tools/iso-tester.c:2952:16: branch_false: ...to here bluez-5.84/tools/iso-tester.c:2952:16: acquire_memory: allocated here bluez-5.84/tools/iso-tester.c:2958:12: branch_false: following ‘false’ branch... bluez-5.84/tools/iso-tester.c:2983:23: branch_false: ...to here bluez-5.84/tools/iso-tester.c:2986:12: branch_true: following ‘true’ branch (when ‘err < 0’)... bluez-5.84/tools/iso-tester.c:2987:24: branch_true: ...to here bluez-5.84/tools/iso-tester.c:2988:17: throw: if ‘tester_warn’ throws an exception... bluez-5.84/tools/iso-tester.c:2988:17: danger: ‘addr’ leaks here; was allocated at [(6)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/5) # 2986| if (err < 0) { # 2987| err = -errno; # 2988|-> tester_warn("Can't bind socket: %s (%d)", strerror(errno), # 2989| errno); # 2990| goto fail; Error: GCC_ANALYZER_WARNING (CWE-775): [#def10] bluez-5.84/tools/iso-tester.c:3092:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘g_io_channel_unix_get_fd(io)’ bluez-5.84/tools/iso-tester.c:3092:12: branch_true: following ‘true’ branch... bluez-5.84/tools/iso-tester.c:3093:24: branch_true: ...to here bluez-5.84/tools/iso-tester.c:3100:21: acquire_resource: socket created here bluez-5.84/tools/iso-tester.c:3092:13: danger: ‘g_io_channel_unix_get_fd(io)’ leaks here # 3090| sk = g_io_channel_unix_get_fd(io); # 3091| # 3092|-> if (isodata->pa_bind) { # 3093| addr = malloc(sizeof(*addr) + sizeof(*addr->iso_bc)); # 3094| memset(addr, 0, sizeof(*addr) + sizeof(*addr->iso_bc)); Error: GCC_ANALYZER_WARNING (CWE-476): [#def11] bluez-5.84/tools/iso-tester.c:3095:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘addr’ bluez-5.84/tools/iso-tester.c:3092:12: branch_true: following ‘true’ branch... bluez-5.84/tools/iso-tester.c:3093:24: branch_true: ...to here bluez-5.84/tools/iso-tester.c:3093:24: acquire_memory: this call could return NULL bluez-5.84/tools/iso-tester.c:3095:17: danger: ‘addr’ could be NULL: unchecked value from [(3)](sarif:/runs/0/results/34/codeFlows/0/threadFlows/0/locations/2) # 3093| addr = malloc(sizeof(*addr) + sizeof(*addr->iso_bc)); # 3094| memset(addr, 0, sizeof(*addr) + sizeof(*addr->iso_bc)); # 3095|-> addr->iso_family = AF_BLUETOOTH; # 3096| # 3097| addr->iso_bc->bc_num_bis = 1; Error: GCC_ANALYZER_WARNING (CWE-401): [#def12] bluez-5.84/tools/iso-tester.c:3102:25: warning[-Wanalyzer-malloc-leak]: leak of ‘addr’ bluez-5.84/tools/iso-tester.c:3092:12: branch_true: following ‘true’ branch... bluez-5.84/tools/iso-tester.c:3093:24: branch_true: ...to here bluez-5.84/tools/iso-tester.c:3093:24: acquire_memory: allocated here bluez-5.84/tools/iso-tester.c:3100:20: branch_true: following ‘true’ branch... bluez-5.84/tools/iso-tester.c:3102:71: branch_true: ...to here bluez-5.84/tools/iso-tester.c:3102:25: throw: if ‘tester_warn’ throws an exception... bluez-5.84/tools/iso-tester.c:3102:25: danger: ‘addr’ leaks here; was allocated at [(3)](sarif:/runs/0/results/35/codeFlows/0/threadFlows/0/locations/2) # 3100| if (bind(sk, (struct sockaddr *) addr, sizeof(*addr) + # 3101| sizeof(*addr->iso_bc)) < 0) { # 3102|-> tester_warn("bind: %s (%d)", strerror(errno), errno); # 3103| free(addr); # 3104| return false;
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.92.0 |
| diffbase-analyzer-version-cppcheck | 2.19.1 |
| diffbase-analyzer-version-gcc | 16.0.0 |
| diffbase-analyzer-version-gcc-analyzer | 16.0.0 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-13.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | bluez-5.85-1.fc44 |
| diffbase-store-results-to | /tmp/tmp_x13q01u/bluez-5.85-1.fc44.tar.xz |
| diffbase-time-created | 2026-01-08 15:36:33 |
| diffbase-time-finished | 2026-01-08 15:40:39 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmp_x13q01u/bluez-5.85-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp_x13q01u/bluez-5.85-1.fc44.src.rpm' |
| diffbase-tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-13.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | bluez-5.84-2.fc43 |
| store-results-to | /tmp/tmpi5aaq798/bluez-5.84-2.fc43.tar.xz |
| time-created | 2026-01-08 15:31:04 |
| time-finished | 2026-01-08 15:35:37 |
| title | Fixed findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpi5aaq798/bluez-5.84-2.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpi5aaq798/bluez-5.84-2.fc43.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |