Error: GCC_ANALYZER_WARNING (CWE-401): [#def1] coreutils-9.9/lib/findprog-in.c:258:15: warning[-Wanalyzer-malloc-leak]: leak of 'path_rest' coreutils-9.9/lib/findprog-in.c:89:8: branch_false: following 'false' branch (when 'has_slash == 0')... coreutils-9.9/lib/findprog-in.c:215:6: branch_false: ...to here coreutils-9.9/lib/findprog-in.c:222:23: acquire_memory: allocated here coreutils-9.9/lib/findprog-in.c:223:8: branch_false: following 'false' branch (when 'path_copy' is non-NULL)... coreutils-9.9/lib/findprog-in.c:223:8: branch_false: ...to here coreutils-9.9/lib/findprog-in.c:245:30: branch_false: following 'false' branch... coreutils-9.9/lib/findprog-in.c:248:9: branch_false: ...to here coreutils-9.9/lib/findprog-in.c:251:12: branch_true: following 'true' branch (when 'path_rest == cp')... coreutils-9.9/lib/findprog-in.c:251:12: branch_true: ...to here coreutils-9.9/lib/findprog-in.c:255:12: branch_true: following 'true' branch... coreutils-9.9/lib/findprog-in.c:258:15: throw: if 'concatenated_filename' throws an exception... coreutils-9.9/lib/findprog-in.c:258:15: danger: 'path_rest' leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) # 256| { # 257| dir_as_prefix_to_free = # 258|-> concatenated_filename (directory, dir, NULL); # 259| if (dir_as_prefix_to_free == NULL) # 260| { Error: GCC_ANALYZER_WARNING (CWE-401): [#def2] coreutils-9.9/lib/findprog-in.c:286:19: warning[-Wanalyzer-malloc-leak]: leak of 'path_rest' coreutils-9.9/lib/findprog-in.c:89:8: branch_false: following 'false' branch (when 'has_slash == 0')... coreutils-9.9/lib/findprog-in.c:215:6: branch_false: ...to here coreutils-9.9/lib/findprog-in.c:222:23: acquire_memory: allocated here coreutils-9.9/lib/findprog-in.c:223:8: branch_false: following 'false' branch (when 'path_copy' is non-NULL)... coreutils-9.9/lib/findprog-in.c:223:8: branch_false: ...to here coreutils-9.9/lib/findprog-in.c:245:30: branch_false: following 'false' branch... coreutils-9.9/lib/findprog-in.c:248:9: branch_false: ...to here coreutils-9.9/lib/findprog-in.c:251:12: branch_true: following 'true' branch (when 'path_rest == cp')... coreutils-9.9/lib/findprog-in.c:251:12: branch_true: ...to here coreutils-9.9/lib/findprog-in.c:255:12: branch_false: following 'false' branch (when 'directory' is NULL)... coreutils-9.9/lib/findprog-in.c:274:9: branch_false: ...to here coreutils-9.9/lib/findprog-in.c:274:21: branch_true: following 'true' branch (when 'i == 0')... coreutils-9.9/lib/findprog-in.c:286:19: branch_true: ...to here coreutils-9.9/lib/findprog-in.c:286:19: throw: if 'concatenated_filename' throws an exception... coreutils-9.9/lib/findprog-in.c:286:19: danger: 'path_rest' leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2) # 284| /* Concatenate dir_as_prefix, progname, and suffix. */ # 285| char *progpathname = # 286|-> concatenated_filename (dir_as_prefix, progname, suffix); # 287| # 288| if (progpathname == NULL) Error: GCC_ANALYZER_WARNING (CWE-401): [#def3] coreutils-9.9/lib/sha3-stream.c:57:9: warning[-Wanalyzer-malloc-leak]: leak of 'buffer' coreutils-9.9/lib/sha3-stream.c:166:1: enter_function: entry to 'sha3_512_stream' coreutils-9.9/lib/sha3-stream.c:168:10: call_function: calling 'sha3_xxx_stream' from 'sha3_512_stream' # 55| # 56| struct sha3_ctx ctx; # 57|-> if (! init_ctx (&ctx)) # 58| { # 59| free (buffer); Error: GCC_ANALYZER_WARNING (CWE-401): [#def4] coreutils-9.9/src/basenc.c:1465:9: warning[-Wanalyzer-malloc-leak]: leak of 'outbuf' coreutils-9.9/src/basenc.c:1472:1: enter_function: entry to 'do_encode' coreutils-9.9/src/basenc.c:1501:10: branch_false: following 'false' branch (when 'sum <= 0')... coreutils-9.9/src/basenc.c:1523:11: call_function: inlined call to 'feof_unlocked' from 'do_encode' coreutils-9.9/src/basenc.c:1539:6: branch_false: following 'false' branch... coreutils-9.9/src/basenc.c:1542:3: branch_false: ...to here coreutils-9.9/src/basenc.c:1542:3: call_function: calling 'finish_and_exit' from 'do_encode' # 1463| error (EXIT_FAILURE, errno, _("closing standard input")); # 1464| else # 1465|-> error (EXIT_FAILURE, errno, "%s", quotef (infile)); # 1466| } # 1467| Error: GCC_ANALYZER_WARNING (CWE-401): [#def5] coreutils-9.9/src/basenc.c:1486:5: warning[-Wanalyzer-malloc-leak]: leak of 'outbuf' coreutils-9.9/src/basenc.c:1485:6: branch_true: following 'true' branch... coreutils-9.9/src/basenc.c:1486:5: branch_true: ...to here coreutils-9.9/src/basenc.c:1486:5: throw: if the called function throws an exception... coreutils-9.9/src/basenc.c:1486:5: danger: 'outbuf' leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0) # 1484| bool use_ctx = (base_encode_ctx_init != nullptr); # 1485| if (use_ctx) # 1486|-> base_encode_ctx_init (&encode_ctx); # 1487| #endif # 1488| Error: GCC_ANALYZER_WARNING (CWE-401): [#def6] coreutils-9.9/src/basenc.c:1507:15: warning[-Wanalyzer-malloc-leak]: leak of 'outbuf' coreutils-9.9/src/basenc.c:1504:14: branch_true: following 'true' branch... coreutils-9.9/src/basenc.c:1506:21: branch_true: ...to here coreutils-9.9/src/basenc.c:1507:15: throw: if the called function throws an exception... coreutils-9.9/src/basenc.c:1507:15: danger: 'outbuf' leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0) # 1505| { # 1506| idx_t outlen = 0; # 1507|-> base_encode_ctx (&encode_ctx, inbuf, sum, outbuf, &outlen); # 1508| # 1509| wrap_write (outbuf, outlen, wrap_column, ¤t_column, out); Error: GCC_ANALYZER_WARNING (CWE-401): [#def7] coreutils-9.9/src/basenc.c:1516:15: warning[-Wanalyzer-malloc-leak]: leak of 'outbuf' coreutils-9.9/src/basenc.c:1504:14: branch_false: following 'false' branch... coreutils-9.9/src/basenc.c:1516:15: branch_false: ...to here coreutils-9.9/src/basenc.c:1516:15: throw: if the called function throws an exception... coreutils-9.9/src/basenc.c:1516:15: danger: 'outbuf' leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0) # 1514| /* Process input one block at a time. Note that ENC_BLOCKSIZE # 1515| is sized so that no pad chars will appear in output. */ # 1516|-> base_encode (inbuf, sum, outbuf, BASE_LENGTH (sum)); # 1517| # 1518| wrap_write (outbuf, BASE_LENGTH (sum), wrap_column, Error: GCC_ANALYZER_WARNING (CWE-401): [#def8] coreutils-9.9/src/basenc.c:1528:22: warning[-Wanalyzer-malloc-leak]: leak of 'outbuf' coreutils-9.9/src/basenc.c:1472:1: enter_function: entry to 'do_encode' coreutils-9.9/src/basenc.c:1501:10: branch_false: following 'false' branch (when 'sum <= 0')... coreutils-9.9/src/basenc.c:1523:11: call_function: inlined call to 'feof_unlocked' from 'do_encode' coreutils-9.9/src/basenc.c:1526:6: branch_true: following 'true' branch... coreutils-9.9/src/basenc.c:1528:22: throw: if the called function throws an exception... coreutils-9.9/src/basenc.c:1528:22: danger: 'outbuf' leaks here; was allocated at [(2)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/1) # 1526| if (use_ctx && base_encode_ctx_finalize) # 1527| { # 1528|-> idx_t outlen = BASE_LENGTH (ENC_BLOCKSIZE); # 1529| base_encode_ctx_finalize (&encode_ctx, &outbuf, &outlen); # 1530| Error: GCC_ANALYZER_WARNING (CWE-401): [#def9] coreutils-9.9/src/basenc.c:1529:7: warning[-Wanalyzer-malloc-leak]: leak of 'outbuf' coreutils-9.9/src/basenc.c:1472:1: enter_function: entry to 'do_encode' coreutils-9.9/src/basenc.c:1501:10: branch_false: following 'false' branch (when 'sum <= 0')... coreutils-9.9/src/basenc.c:1523:11: call_function: inlined call to 'feof_unlocked' from 'do_encode' coreutils-9.9/src/basenc.c:1526:6: branch_true: following 'true' branch... coreutils-9.9/src/basenc.c:1529:7: throw: if the called function throws an exception... coreutils-9.9/src/basenc.c:1529:7: danger: 'outbuf' leaks here; was allocated at [(2)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/1) # 1527| { # 1528| idx_t outlen = BASE_LENGTH (ENC_BLOCKSIZE); # 1529|-> base_encode_ctx_finalize (&encode_ctx, &outbuf, &outlen); # 1530| # 1531| wrap_write (outbuf, outlen, wrap_column, ¤t_column, out); Error: GCC_ANALYZER_WARNING (CWE-401): [#def10] coreutils-9.9/src/basenc.c:1558:3: warning[-Wanalyzer-malloc-leak]: leak of 'outbuf' coreutils-9.9/src/basenc.c:1558:3: throw: if the called function throws an exception... coreutils-9.9/src/basenc.c:1558:3: danger: 'outbuf' leaks here; was allocated at [(1)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/0) # 1556| ctx.inbuf = nullptr; # 1557| #endif # 1558|-> base_decode_ctx_init (&ctx); # 1559| # 1560| do Error: GCC_ANALYZER_WARNING (CWE-401): [#def11] coreutils-9.9/src/basenc.c:1567:21: warning[-Wanalyzer-malloc-leak]: leak of 'outbuf' coreutils-9.9/src/basenc.c:1567:21: throw: if the called function throws an exception... coreutils-9.9/src/basenc.c:1567:21: danger: 'outbuf' leaks here; was allocated at [(1)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/0) # 1565| do # 1566| { # 1567|-> idx_t n = fread (inbuf + sum, # 1568| 1, BASE_LENGTH (DEC_BLOCKSIZE) - sum, in); # 1569| Error: GCC_ANALYZER_WARNING (CWE-401): [#def12] coreutils-9.9/src/basenc.c:1574:23: warning[-Wanalyzer-malloc-leak]: leak of 'outbuf' coreutils-9.9/src/basenc.c:1570:14: branch_true: following 'true' branch (when 'ignore_garbage != 0')... coreutils-9.9/src/basenc.c:1570:14: branch_true: ...to here coreutils-9.9/src/basenc.c:1574:23: throw: if the called function throws an exception... coreutils-9.9/src/basenc.c:1574:23: danger: 'outbuf' leaks here; was allocated at [(1)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/0) # 1572| for (idx_t i = 0; n > 0 && i < n;) # 1573| { # 1574|-> if (isubase (inbuf[sum + i]) # 1575| || (REQUIRED_PADDING (1) && inbuf[sum + i] == '=')) # 1576| i++; Error: GCC_ANALYZER_WARNING (CWE-401): [#def13] coreutils-9.9/src/basenc.c:1575:27: warning[-Wanalyzer-malloc-leak]: leak of 'outbuf' coreutils-9.9/src/basenc.c:1570:14: branch_true: following 'true' branch (when 'ignore_garbage != 0')... coreutils-9.9/src/basenc.c:1570:14: branch_true: ...to here coreutils-9.9/src/basenc.c:1574:22: branch_false: following 'false' branch... coreutils-9.9/src/basenc.c:1575:27: branch_false: ...to here coreutils-9.9/src/basenc.c:1575:27: throw: if the called function throws an exception... coreutils-9.9/src/basenc.c:1575:27: danger: 'outbuf' leaks here; was allocated at [(1)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/0) # 1573| { # 1574| if (isubase (inbuf[sum + i]) # 1575|-> || (REQUIRED_PADDING (1) && inbuf[sum + i] == '=')) # 1576| i++; # 1577| else Error: GCC_ANALYZER_WARNING (CWE-401): [#def14] coreutils-9.9/src/basenc.c:1587:20: warning[-Wanalyzer-malloc-leak]: leak of 'outbuf' coreutils-9.9/src/basenc.c:1570:14: branch_true: following 'true' branch (when 'ignore_garbage != 0')... coreutils-9.9/src/basenc.c:1570:14: branch_true: ...to here coreutils-9.9/src/basenc.c:1572:33: branch_false: following 'false' branch... coreutils-9.9/src/basenc.c:1582:11: branch_false: ...to here coreutils-9.9/src/basenc.c:1584:14: branch_false: following 'false' branch... coreutils-9.9/src/basenc.c:1587:20: branch_false: ...to here coreutils-9.9/src/basenc.c:1587:20: throw: if the called function throws an exception... coreutils-9.9/src/basenc.c:1587:20: danger: 'outbuf' leaks here; was allocated at [(1)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/0) # 1585| error (EXIT_FAILURE, errno, _("read error")); # 1586| } # 1587|-> while (sum < BASE_LENGTH (DEC_BLOCKSIZE) && !feof (in)); # 1588| # 1589| while (sum || feof (in)) Error: GCC_ANALYZER_WARNING (CWE-401): [#def15] coreutils-9.9/src/basenc.c:1593:18: warning[-Wanalyzer-malloc-leak]: leak of 'outbuf' coreutils-9.9/src/basenc.c:1546:1: enter_function: entry to 'do_decode' coreutils-9.9/src/basenc.c:1570:14: branch_true: following 'true' branch (when 'ignore_garbage != 0')... coreutils-9.9/src/basenc.c:1570:14: branch_true: ...to here coreutils-9.9/src/basenc.c:1584:14: branch_false: following 'false' branch... coreutils-9.9/src/basenc.c:1587:14: branch_false: ...to here coreutils-9.9/src/basenc.c:1587:14: branch_true: following 'true' branch (when 'sum <= 4095')... coreutils-9.9/src/basenc.c:1587:52: call_function: inlined call to 'feof_unlocked' from 'do_decode' coreutils-9.9/src/basenc.c:1589:14: branch_true: following 'true' branch (when 'sum != 0')... coreutils-9.9/src/basenc.c:1591:17: branch_true: ...to here coreutils-9.9/src/basenc.c:1593:18: throw: if 'base64_decode_ctx' throws an exception... coreutils-9.9/src/basenc.c:1593:18: danger: 'outbuf' leaks here; was allocated at [(2)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/1) # 1591| idx_t n = DEC_BLOCKSIZE; # 1592| if (sum) # 1593|-> ok = base_decode_ctx (&ctx, inbuf, sum, outbuf, &n); # 1594| else # 1595| ok = base_decode_ctx_finalize (&ctx, &outbuf, &n); Error: GCC_ANALYZER_WARNING (CWE-401): [#def16] coreutils-9.9/src/basenc.c:1595:18: warning[-Wanalyzer-malloc-leak]: leak of 'outbuf' coreutils-9.9/src/basenc.c:1546:1: enter_function: entry to 'do_decode' coreutils-9.9/src/basenc.c:1570:14: branch_true: following 'true' branch (when 'ignore_garbage != 0')... coreutils-9.9/src/basenc.c:1570:14: branch_true: ...to here coreutils-9.9/src/basenc.c:1572:33: branch_false: following 'false' branch... coreutils-9.9/src/basenc.c:1582:11: branch_false: ...to here coreutils-9.9/src/basenc.c:1584:14: branch_false: following 'false' branch... coreutils-9.9/src/basenc.c:1587:20: branch_false: ...to here coreutils-9.9/src/basenc.c:1589:14: branch_false: following 'false' branch (when 'sum == 0')... coreutils-9.9/src/basenc.c:1589:21: call_function: inlined call to 'feof_unlocked' from 'do_decode' coreutils-9.9/src/basenc.c:1589:14: branch_true: following 'true' branch... coreutils-9.9/src/basenc.c:1591:17: branch_true: ...to here coreutils-9.9/src/basenc.c:1595:18: throw: if the called function throws an exception... coreutils-9.9/src/basenc.c:1595:18: danger: 'outbuf' leaks here; was allocated at [(2)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/1) # 1593| ok = base_decode_ctx (&ctx, inbuf, sum, outbuf, &n); # 1594| else # 1595|-> ok = base_decode_ctx_finalize (&ctx, &outbuf, &n); # 1596| # 1597| if (fwrite (outbuf, 1, n, out) < n) Error: GCC_ANALYZER_WARNING (CWE-401): [#def17] coreutils-9.9/src/date.c:364:5: warning[-Wanalyzer-malloc-leak]: leak of 'ret' coreutils-9.9/src/date.c:362:15: branch_true: following 'true' branch... coreutils-9.9/src/date.c:363:6: branch_true: following 'true' branch (when 'locale' is non-NULL)... coreutils-9.9/src/date.c:364:5: branch_true: ...to here coreutils-9.9/src/date.c:364:5: throw: if 'xsetenv' throws an exception... coreutils-9.9/src/date.c:364:5: danger: 'ret' leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2) # 362| char *ret = (value == nullptr || *value == '\0' ? nullptr : xstrdup (value)); # 363| if (locale != nullptr) # 364|-> xsetenv ("LC_TIME", locale, 1); # 365| else # 366| unsetenv ("LC_TIME"); Error: GCC_ANALYZER_WARNING (CWE-401): [#def18] coreutils-9.9/src/df.c:451:15: warning[-Wanalyzer-malloc-leak]: leak of 'xstrdup(arg)' coreutils-9.9/src/df.c:1584:1: enter_function: entry to 'main' coreutils-9.9/src/df.c:1617:10: branch_false: following 'false' branch (when 'c != -1')... coreutils-9.9/src/df.c:1620:7: branch_false: ...to here coreutils-9.9/src/df.c:1700:14: branch_false: following 'false' branch... coreutils-9.9/src/df.c:1705:14: branch_false: ...to here coreutils-9.9/src/df.c:1705:14: branch_false: following 'false' branch (when 'posix_format == 0')... coreutils-9.9/src/df.c:1710:15: branch_false: ...to here coreutils-9.9/src/df.c:1710:14: branch_false: following 'false' branch... coreutils-9.9/src/df.c:1715:11: branch_false: ...to here coreutils-9.9/src/df.c:1716:14: branch_true: following 'true' branch... coreutils-9.9/src/df.c:1717:13: branch_true: ...to here coreutils-9.9/src/df.c:1717:13: call_function: calling 'decode_output_arg' from 'main' # 449| for (idx_t i = 0; i < countof (field_data); i++) # 450| { # 451|-> if (streq (field_data[i].arg, s)) # 452| { # 453| field = i; Error: GCC_ANALYZER_WARNING (CWE-835): [#def19] coreutils-9.9/src/digest.c:959:10: warning[-Wanalyzer-infinite-loop]: infinite loop coreutils-9.9/src/digest.c:959:10: danger: infinite loop here coreutils-9.9/src/digest.c:959:10: branch_true: if it ever follows 'true' branch, it will always do so... coreutils-9.9/src/digest.c:959:27: branch_true: ...to here # 957| size_t digest_base64_bytes = digest_hex_bytes; # 958| size_t trailing_equals = 0; # 959|-> for (; isubase64 (*hp); ++hp, ++digest_base64_bytes) # 960| ; # 961| for (; *hp == '='; ++hp, ++trailing_equals) Error: GCC_ANALYZER_WARNING (CWE-775): [#def20] coreutils-9.9/src/fold.c:174:3: warning[-Wanalyzer-file-leak]: leak of FILE 'istream' coreutils-9.9/src/fold.c:280:1: enter_function: entry to 'main' coreutils-9.9/src/fold.c:341:6: branch_true: following 'true' branch... coreutils-9.9/src/fold.c:342:10: branch_true: ...to here coreutils-9.9/src/fold.c:342:10: call_function: calling 'fold_file' from 'main' # 172| } # 173| # 174|-> fadvise (istream, FADVISE_SEQUENTIAL); # 175| mbbuf_init (&mbbuf, line_in, sizeof line_in, istream); # 176| Error: GCC_ANALYZER_WARNING (CWE-401): [#def21] coreutils-9.9/src/fold.c:174:3: warning[-Wanalyzer-malloc-leak]: leak of 'istream' coreutils-9.9/src/fold.c:280:1: enter_function: entry to 'main' coreutils-9.9/src/fold.c:341:6: branch_true: following 'true' branch... coreutils-9.9/src/fold.c:342:10: branch_true: ...to here coreutils-9.9/src/fold.c:342:10: call_function: calling 'fold_file' from 'main' # 172| } # 173| # 174|-> fadvise (istream, FADVISE_SEQUENTIAL); # 175| mbbuf_init (&mbbuf, line_in, sizeof line_in, istream); # 176| Error: COMPILER_WARNING (CWE-704): [#def22] coreutils-9.9/src/numfmt.c: scope_hint: In function 'mbsmbchr' coreutils-9.9/src/numfmt.c:1390:12: warning[-Wdiscarded-qualifiers]: return discards 'const' qualifier from pointer target type # 1390 | return strchr (s, uc); # | ^~~~~~ # 1388| /* GB18030 is the most restrictive for the 0x30 optimization below. */ # 1389| if (uc < 0x30 || MB_CUR_MAX == 1) # 1390|-> return strchr (s, uc); # 1391| else if (is_utf8_charset ()) # 1392| return uc < 0x80 ? strchr (s, uc) : strstr (s, c); Error: COMPILER_WARNING (CWE-704): [#def23] coreutils-9.9/src/numfmt.c:1392:39: warning[-Wdiscarded-qualifiers]: return discards 'const' qualifier from pointer target type # 1392 | return uc < 0x80 ? strchr (s, uc) : strstr (s, c); # | ^ # 1390| return strchr (s, uc); # 1391| else if (is_utf8_charset ()) # 1392|-> return uc < 0x80 ? strchr (s, uc) : strstr (s, c); # 1393| else # 1394| return *(c + 1) == '\0' ? mbschr (s, uc) : (char *) mbsstr (s, c); Error: CPPCHECK_WARNING (CWE-823): [#def24] coreutils-9.9/src/od.c:777: error[arrayIndexOutOfBounds]: Array 'integral_type_size[2]' accessed at index 8, which is out of bounds. # 775| } # 776| # 777|-> size_spec = integral_type_size[size]; # 778| # 779| switch (c) Error: GCC_ANALYZER_WARNING (CWE-401): [#def25] coreutils-9.9/src/paste.c:194:25: warning[-Wanalyzer-malloc-leak]: leak of 'xnmalloc(nfiles + 1, 8)' coreutils-9.9/src/paste.c:451:1: enter_function: entry to 'main' coreutils-9.9/src/paste.c:500:7: call_function: calling 'collapse_escapes' from 'main' coreutils-9.9/src/paste.c:500:7: return_function: returning to 'main' from 'collapse_escapes' coreutils-9.9/src/paste.c:500:6: branch_false: following 'false' branch... coreutils-9.9/src/paste.c:509:28: branch_false: ...to here coreutils-9.9/src/paste.c:509:14: branch_false: following 'false' branch... coreutils-9.9/src/paste.c:509:14: branch_false: ...to here coreutils-9.9/src/paste.c:509:13: call_function: calling 'paste_parallel' from 'main' # 192| for (files_open = 0; files_open < nfiles; ++files_open) # 193| { # 194|-> if (streq (fnamptr[files_open], "-")) # 195| { # 196| have_read_stdin = true; Error: GCC_ANALYZER_WARNING (CWE-401): [#def26] coreutils-9.9/src/rmdir.c:275:27: warning[-Wanalyzer-malloc-leak]: leak of 'xstrdup(dir)' coreutils-9.9/src/rmdir.c:233:6: branch_false: following 'false' branch... coreutils-9.9/src/rmdir.c:233:6: branch_false: ...to here coreutils-9.9/src/rmdir.c:239:10: branch_true: following 'true' branch... coreutils-9.9/src/rmdir.c:241:23: branch_true: ...to here coreutils-9.9/src/rmdir.c:247:10: branch_true: following 'true' branch... coreutils-9.9/src/rmdir.c:249:29: branch_true: ...to here coreutils-9.9/src/rmdir.c:250:14: branch_false: following 'false' branch... coreutils-9.9/src/rmdir.c:259:14: branch_false: ...to here coreutils-9.9/src/rmdir.c:259:14: branch_true: following 'true' branch (when 'rmdir_errno == 20')... coreutils-9.9/src/rmdir.c:261:45: branch_true: ...to here coreutils-9.9/src/rmdir.c:262:18: branch_true: following 'true' branch... coreutils-9.9/src/rmdir.c:268:26: branch_true: following 'true' branch... coreutils-9.9/src/rmdir.c:271:39: branch_true: ...to here coreutils-9.9/src/rmdir.c:273:26: branch_true: following 'true' branch... coreutils-9.9/src/rmdir.c:275:27: branch_true: ...to here coreutils-9.9/src/rmdir.c:275:27: throw: if 'quotearg_style' throws an exception... coreutils-9.9/src/rmdir.c:275:27: danger: 'xstrdup(dir)' leaks here; was allocated at [(15)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/14) # 273| if (issymlink (dir) == 1) # 274| { # 275|-> error (0, 0, # 276| _("failed to remove %s:" # 277| " Symbolic link not followed"), Error: GCC_ANALYZER_WARNING (CWE-401): [#def27] coreutils-9.9/src/seq.c:478:14: warning[-Wanalyzer-malloc-leak]: leak of 's1' coreutils-9.9/src/seq.c:547:1: enter_function: entry to 'main' coreutils-9.9/src/seq.c:609:6: branch_false: following 'false' branch (when 'n_args > 0')... coreutils-9.9/src/seq.c:615:6: branch_false: ...to here coreutils-9.9/src/seq.c:615:6: branch_false: following 'false' branch (when 'n_args <= 3')... coreutils-9.9/src/seq.c:621:6: branch_false: ...to here coreutils-9.9/src/seq.c:621:6: branch_false: following 'false' branch (when 'format_str' is NULL)... coreutils-9.9/src/seq.c:631:28: branch_false: ...to here coreutils-9.9/src/seq.c:658:10: call_function: calling 'scan_arg' from 'main' coreutils-9.9/src/seq.c:658:10: return_function: returning to 'main' from 'scan_arg' coreutils-9.9/src/seq.c:681:6: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:681:7: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:681:7: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:681:7: branch_false: following 'false' branch... coreutils-9.9/src/seq.c:681:7: branch_false: ...to here coreutils-9.9/src/seq.c:681:7: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:688:10: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:689:14: branch_true: ...to here coreutils-9.9/src/seq.c:692:10: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:693:14: branch_true: ...to here coreutils-9.9/src/seq.c:697:10: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:698:9: call_function: calling 'seq_fast' from 'main' # 476| # 477| /* Copy A (sans NUL) to end of new buffer. */ # 478|-> char *p0 = xmalloc (inc_size); # 479| char *endp = p0 + inc_size; # 480| char *p = memcpy (endp - p_len, a, p_len); Error: GCC_ANALYZER_WARNING (CWE-401): [#def28] coreutils-9.9/src/seq.c:530:11: warning[-Wanalyzer-malloc-leak]: leak of 's1' coreutils-9.9/src/seq.c:547:1: enter_function: entry to 'main' coreutils-9.9/src/seq.c:609:6: branch_false: following 'false' branch (when 'n_args > 0')... coreutils-9.9/src/seq.c:615:6: branch_false: ...to here coreutils-9.9/src/seq.c:615:6: branch_false: following 'false' branch (when 'n_args <= 3')... coreutils-9.9/src/seq.c:621:6: branch_false: ...to here coreutils-9.9/src/seq.c:621:6: branch_false: following 'false' branch (when 'format_str' is NULL)... coreutils-9.9/src/seq.c:631:28: branch_false: ...to here coreutils-9.9/src/seq.c:658:10: call_function: calling 'scan_arg' from 'main' coreutils-9.9/src/seq.c:658:10: return_function: returning to 'main' from 'scan_arg' coreutils-9.9/src/seq.c:681:6: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:681:7: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:681:7: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:681:7: branch_false: following 'false' branch... coreutils-9.9/src/seq.c:681:7: branch_false: ...to here coreutils-9.9/src/seq.c:681:7: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:688:10: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:689:14: branch_true: ...to here coreutils-9.9/src/seq.c:692:10: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:693:14: branch_true: ...to here coreutils-9.9/src/seq.c:697:10: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:698:9: call_function: calling 'seq_fast' from 'main' # 528| { # 529| bufp[-1] = *terminator; # 530|-> if (full_write (STDOUT_FILENO, buf, remaining) != remaining) # 531| write_error (); # 532| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def29] coreutils-9.9/src/seq.c:530:11: warning[-Wanalyzer-malloc-leak]: leak of 's2' coreutils-9.9/src/seq.c:547:1: enter_function: entry to 'main' coreutils-9.9/src/seq.c:609:6: branch_false: following 'false' branch (when 'n_args > 0')... coreutils-9.9/src/seq.c:615:6: branch_false: ...to here coreutils-9.9/src/seq.c:615:6: branch_false: following 'false' branch (when 'n_args <= 3')... coreutils-9.9/src/seq.c:621:6: branch_false: ...to here coreutils-9.9/src/seq.c:621:6: branch_false: following 'false' branch (when 'format_str' is NULL)... coreutils-9.9/src/seq.c:631:28: branch_false: ...to here coreutils-9.9/src/seq.c:658:10: call_function: calling 'scan_arg' from 'main' coreutils-9.9/src/seq.c:658:10: return_function: returning to 'main' from 'scan_arg' coreutils-9.9/src/seq.c:681:6: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:681:7: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:681:7: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:681:7: branch_false: following 'false' branch... coreutils-9.9/src/seq.c:681:7: branch_false: ...to here coreutils-9.9/src/seq.c:681:7: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:688:10: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:689:14: branch_true: ...to here coreutils-9.9/src/seq.c:692:10: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:693:14: branch_true: ...to here coreutils-9.9/src/seq.c:697:10: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:698:9: call_function: calling 'seq_fast' from 'main' # 528| { # 529| bufp[-1] = *terminator; # 530|-> if (full_write (STDOUT_FILENO, buf, remaining) != remaining) # 531| write_error (); # 532| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def30] coreutils-9.9/src/seq.c:693:14: warning[-Wanalyzer-malloc-leak]: leak of 's1' coreutils-9.9/src/seq.c:547:1: enter_function: entry to 'main' coreutils-9.9/src/seq.c:609:6: branch_false: following 'false' branch (when 'n_args > 0')... coreutils-9.9/src/seq.c:615:6: branch_false: ...to here coreutils-9.9/src/seq.c:615:6: branch_false: following 'false' branch (when 'n_args <= 3')... coreutils-9.9/src/seq.c:621:6: branch_false: ...to here coreutils-9.9/src/seq.c:621:6: branch_false: following 'false' branch (when 'format_str' is NULL)... coreutils-9.9/src/seq.c:631:28: branch_false: ...to here coreutils-9.9/src/seq.c:658:10: call_function: calling 'scan_arg' from 'main' coreutils-9.9/src/seq.c:658:10: return_function: returning to 'main' from 'scan_arg' coreutils-9.9/src/seq.c:681:6: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:681:7: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:681:7: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:681:7: branch_false: following 'false' branch... coreutils-9.9/src/seq.c:681:7: branch_false: ...to here coreutils-9.9/src/seq.c:681:7: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:688:10: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:689:14: branch_true: ...to here coreutils-9.9/src/seq.c:692:10: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:693:14: branch_true: ...to here coreutils-9.9/src/seq.c:693:14: throw: if 'xstrdup' throws an exception... coreutils-9.9/src/seq.c:693:14: danger: 's1' leaks here; was allocated at [(28)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/27) # 691| xalloc_die (); # 692| if (! isfinite (last.value)) # 693|-> s2 = xstrdup ("inf"); /* Ensure "inf" is used. */ # 694| else if (asprintf (&s2, "%0.Lf", last.value) < 0) # 695| xalloc_die (); Error: GCC_ANALYZER_WARNING (CWE-401): [#def31] coreutils-9.9/src/seq.c:695:9: warning[-Wanalyzer-malloc-leak]: leak of 's1' coreutils-9.9/src/seq.c:547:1: enter_function: entry to 'main' coreutils-9.9/src/seq.c:609:6: branch_false: following 'false' branch (when 'n_args > 0')... coreutils-9.9/src/seq.c:615:6: branch_false: ...to here coreutils-9.9/src/seq.c:615:6: branch_false: following 'false' branch (when 'n_args <= 3')... coreutils-9.9/src/seq.c:621:6: branch_false: ...to here coreutils-9.9/src/seq.c:621:6: branch_false: following 'false' branch (when 'format_str' is NULL)... coreutils-9.9/src/seq.c:631:28: branch_false: ...to here coreutils-9.9/src/seq.c:658:10: call_function: calling 'scan_arg' from 'main' coreutils-9.9/src/seq.c:658:10: return_function: returning to 'main' from 'scan_arg' coreutils-9.9/src/seq.c:681:6: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:681:7: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:681:7: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:681:7: branch_false: following 'false' branch... coreutils-9.9/src/seq.c:681:7: branch_false: ...to here coreutils-9.9/src/seq.c:681:7: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:688:10: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:689:14: branch_true: ...to here coreutils-9.9/src/seq.c:692:10: branch_false: following 'false' branch... coreutils-9.9/src/seq.c:694:16: call_function: inlined call to 'asprintf' from 'main' coreutils-9.9/src/seq.c:694:15: branch_true: following 'true' branch... coreutils-9.9/src/seq.c:695:9: branch_true: ...to here coreutils-9.9/src/seq.c:695:9: throw: if 'xalloc_die' throws an exception... coreutils-9.9/src/seq.c:695:9: danger: 's1' leaks here; was allocated at [(28)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/27) # 693| s2 = xstrdup ("inf"); /* Ensure "inf" is used. */ # 694| else if (asprintf (&s2, "%0.Lf", last.value) < 0) # 695|-> xalloc_die (); # 696| # 697| if (*s1 != '-' && *s2 != '-') Error: GCC_ANALYZER_WARNING (CWE-401): [#def32] coreutils-9.9/src/shred.c:1253:11: warning[-Wanalyzer-malloc-leak]: leak of 'xstrdup(quotearg_n_style_colon(0, 3, *<unknown>))' coreutils-9.9/src/shred.c:1159:1: enter_function: entry to 'main' coreutils-9.9/src/shred.c:1238:6: branch_false: following 'false' branch (when 'n_files != 0')... coreutils-9.9/src/shred.c:1244:20: branch_false: ...to here coreutils-9.9/src/shred.c:1245:6: branch_false: following 'false' branch... coreutils-9.9/src/shred.c:1248:3: branch_false: ...to here coreutils-9.9/src/shred.c:1250:15: branch_true: following 'true' branch (when 'i < n_files')... coreutils-9.9/src/shred.c:1252:30: branch_true: ...to here coreutils-9.9/src/shred.c:1253:10: branch_false: following 'false' branch (when the strings are non-equal)... coreutils-9.9/src/shred.c:1260:17: branch_false: ...to here coreutils-9.9/src/shred.c:1260:17: call_function: calling 'wipefile' from 'main' # 1251| { # 1252| char *qname = xstrdup (quotef (file[i])); # 1253|-> if (streq (file[i], "-")) # 1254| { # 1255| ok &= wipefd (STDOUT_FILENO, qname, randint_source, &flags); Error: GCC_ANALYZER_WARNING (CWE-775): [#def33] coreutils-9.9/src/split.c:558:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'fd_pair[0]' coreutils-9.9/src/split.c:1094:1: enter_function: entry to 'ofile_open' coreutils-9.9/src/split.c:1098:6: branch_true: following 'true' branch... coreutils-9.9/src/split.c:1101:24: branch_true: ...to here coreutils-9.9/src/split.c:1108:14: branch_true: following 'true' branch... coreutils-9.9/src/split.c:1109:26: branch_true: ...to here coreutils-9.9/src/split.c:1109:18: call_function: calling 'create' from 'ofile_open' # 556| filter_command, nullptr }; # 557| # 558|-> result = posix_spawn (&child_pid, shell_prog, &actions, &attr, # 559| (char * const *) argv, environ); # 560| if (result != 0) Error: GCC_ANALYZER_WARNING (CWE-401): [#def34] coreutils-9.9/src/tail.c:547:25: warning[-Wanalyzer-malloc-leak]: leak of 'ximalloc(bufsize)' coreutils-9.9/src/tail.c:1907:1: enter_function: entry to 'tail_lines' coreutils-9.9/src/tail.c:1910:6: branch_false: following 'false' branch... coreutils-9.9/src/tail.c:1930:26: branch_false: ...to here coreutils-9.9/src/tail.c:1930:25: branch_false: following 'false' branch... coreutils-9.9/src/tail.c:1930:49: branch_false: ...to here coreutils-9.9/src/tail.c:1933:23: branch_true: following 'true' branch (when 'start_pos >= 0')... coreutils-9.9/src/tail.c:1933:44: branch_true: ...to here coreutils-9.9/src/tail.c:1934:14: branch_false: following 'false' branch (when 'end_pos >= 0')... coreutils-9.9/src/tail.c:1936:17: branch_false: ...to here coreutils-9.9/src/tail.c:1936:17: branch_true: following 'true' branch (when 'end_pos > start_pos')... coreutils-9.9/src/tail.c:1937:17: branch_true: ...to here coreutils-9.9/src/tail.c:1937:17: call_function: calling 'file_lines' from 'tail_lines' # 545| /* Set 'bytes_read' to the size of the last, probably partial, buffer; # 546| 0 < 'bytes_read' <= 'bufsize'. */ # 547|-> idx_t bytes_to_read = (pos - start_pos) % bufsize; # 548| if (bytes_to_read == 0) # 549| bytes_to_read = bufsize; Error: GCC_ANALYZER_WARNING (CWE-401): [#def35] coreutils-9.9/src/tail.c:696:7: warning[-Wanalyzer-malloc-leak]: leak of 'first' coreutils-9.9/src/tail.c:1907:1: enter_function: entry to 'tail_lines' coreutils-9.9/src/tail.c:1910:6: branch_false: following 'false' branch... coreutils-9.9/src/tail.c:1930:26: branch_false: ...to here coreutils-9.9/src/tail.c:1935:17: call_function: calling 'pipe_lines' from 'tail_lines' # 694| { # 695| ret = -1 - errno; # 696|-> error (0, errno, _("error reading %s"), quoteaf (prettyname)); # 697| goto free_lbuffers; # 698| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def36] coreutils-9.9/src/tail.c:828:7: warning[-Wanalyzer-malloc-leak]: leak of 'first' coreutils-9.9/src/tail.c:1824:1: enter_function: entry to 'tail_bytes' coreutils-9.9/src/tail.c:1832:6: branch_false: following 'false' branch... coreutils-9.9/src/tail.c:1847:10: branch_false: ...to here coreutils-9.9/src/tail.c:1893:10: branch_true: following 'true' branch (when 'end_pos < 0')... coreutils-9.9/src/tail.c:1894:16: branch_true: ...to here coreutils-9.9/src/tail.c:1894:16: call_function: calling 'pipe_bytes' from 'tail_bytes' # 826| { # 827| read_pos = -1 - errno; # 828|-> error (0, errno, _("error reading %s"), quoteaf (prettyname)); # 829| goto free_cbuffers; # 830| } Error: CPPCHECK_WARNING (CWE-758): [#def37] coreutils-9.9/src/tail.c:2372: warning[objectIndex]: The address of variable 'dummy_stdin' might be accessed at non-zero index. # 2370| # 2371| for (int i = 0; i < n_files; i++) # 2372|-> if (streq (file[i], "-")) # 2373| found_hyphen = true; # 2374| Error: COMPILER_WARNING: [#def38] coreutils-9.9/src/wc_avx512.c:32:11: warning[-Wpsabi]: AVX512F vector return without AVX512F enabled changes the ABI # 30| intmax_t bytes = 0; # 31| # 32|-> __m512i endlines = _mm512_set1_epi8 ('\n'); # 33| # 34| while (true) Error: COMPILER_WARNING: [#def39] coreutils-9.9/src/wc_avx512.c:32:22: note[note]: called from here # 30| intmax_t bytes = 0; # 31| # 32|-> __m512i endlines = _mm512_set1_epi8 ('\n'); # 33| # 34| while (true) Error: COMPILER_WARNING: [#def40] coreutils-9.9/src/wc_avx512.c:46:31: note[note]: called from here # 44| while (bytes_read >= 64) # 45| { # 46|-> __m512i to_match = _mm512_load_si512 (datap); # 47| long long matches = _mm512_cmpeq_epi8_mask (to_match, endlines); # 48| lines += __builtin_popcountll (matches); Error: COMPILER_WARNING: [#def41] coreutils-9.9/src/wc_avx512.c:47:32: note[note]: called from here # 45| { # 46| __m512i to_match = _mm512_load_si512 (datap); # 47|-> long long matches = _mm512_cmpeq_epi8_mask (to_match, endlines); # 48| lines += __builtin_popcountll (matches); # 49| datap += 1;
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.92.0 |
| diffbase-analyzer-version-cppcheck | 2.19.1 |
| diffbase-analyzer-version-gcc | 16.0.0 |
| diffbase-analyzer-version-gcc-analyzer | 16.0.0 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-198.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | coreutils-9.7-6.fc43 |
| diffbase-store-results-to | /tmp/tmpii1bet1g/coreutils-9.7-6.fc43.tar.xz |
| diffbase-time-created | 2026-01-08 15:48:05 |
| diffbase-time-finished | 2026-01-08 15:54:10 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpii1bet1g/coreutils-9.7-6.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpii1bet1g/coreutils-9.7-6.fc43.src.rpm' |
| diffbase-tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-198.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | coreutils-9.9-1.fc44 |
| store-results-to | /tmp/tmpebfnyatg/coreutils-9.9-1.fc44.tar.xz |
| time-created | 2026-01-08 15:54:34 |
| time-finished | 2026-01-08 16:00:19 |
| title | Newly introduced findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpebfnyatg/coreutils-9.9-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpebfnyatg/coreutils-9.9-1.fc44.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |