Error: GCC_ANALYZER_WARNING (CWE-401): [#def1] cryptsetup-2.8.3/lib/bitlk/bitlk.c:579:17: warning[-Wanalyzer-malloc-leak]: leak of 'fve_validated_block' cryptsetup-2.8.3/lib/bitlk/bitlk.c:502:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:508:13: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:508:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:515:13: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:527:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:531:20: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:531:19: branch_true: following 'true' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:539:31: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:545:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:552:13: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:552:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:560:13: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_false: following 'false' branch (when 'i == 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:571:31: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:571:31: acquire_memory: allocated here cryptsetup-2.8.3/lib/bitlk/bitlk.c:572:12: branch_false: following 'false' branch (when 'fve_validated_block' is non-NULL)... cryptsetup-2.8.3/lib/bitlk/bitlk.c:572:12: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:577:21: branch_true: following 'true' branch (when 'i != 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:579:17: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:579:17: throw: if 'device_path' throws an exception... cryptsetup-2.8.3/lib/bitlk/bitlk.c:579:17: danger: 'fve_validated_block' leaks here; was allocated at [(21)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/20) # 577| for (i = 0; i < 3; i++) { # 578| /* iterate over FVE metadata copies and pick the valid one */ # 579|-> log_dbg(cd, "Reading BITLK FVE metadata copy #%d of size %zu on device %s, offset %" PRIu64 ".", # 580| i, sizeof(fve), device_path(device), params->metadata_offset[i]); # 581| Error: GCC_ANALYZER_WARNING (CWE-401): [#def2] cryptsetup-2.8.3/lib/bitlk/bitlk.c:582:21: warning[-Wanalyzer-malloc-leak]: leak of 'fve_validated_block' cryptsetup-2.8.3/lib/bitlk/bitlk.c:502:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:508:13: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:508:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:515:13: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:527:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:531:20: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:531:19: branch_true: following 'true' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:539:31: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:545:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:552:13: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:552:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:560:13: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_false: following 'false' branch (when 'i == 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:571:31: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:571:31: acquire_memory: allocated here cryptsetup-2.8.3/lib/bitlk/bitlk.c:572:12: branch_false: following 'false' branch (when 'fve_validated_block' is non-NULL)... cryptsetup-2.8.3/lib/bitlk/bitlk.c:572:12: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:577:21: branch_true: following 'true' branch (when 'i != 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:579:17: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:582:21: throw: if 'device_alignment' throws an exception... cryptsetup-2.8.3/lib/bitlk/bitlk.c:582:21: danger: 'fve_validated_block' leaks here; was allocated at [(21)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/20) # 580| i, sizeof(fve), device_path(device), params->metadata_offset[i]); # 581| # 582|-> if (read_lseek_blockwise(devfd, device_block_size(cd, device), # 583| device_alignment(device), &fve, sizeof(fve), params->metadata_offset[i]) != sizeof(fve) || # 584| !check_fve_metadata(&fve) || Error: GCC_ANALYZER_WARNING (CWE-401): [#def3] cryptsetup-2.8.3/lib/bitlk/bitlk.c:585:74: warning[-Wanalyzer-malloc-leak]: leak of 'fve_validated_block' cryptsetup-2.8.3/lib/bitlk/bitlk.c:471:5: enter_function: entry to 'BITLK_read_sb' cryptsetup-2.8.3/lib/bitlk/bitlk.c:502:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:508:13: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:508:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:515:13: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:527:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:531:20: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:531:19: branch_true: following 'true' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:539:31: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:545:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:552:13: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:552:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:560:13: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_false: following 'false' branch (when 'i == 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:571:31: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:571:31: acquire_memory: allocated here cryptsetup-2.8.3/lib/bitlk/bitlk.c:572:12: branch_false: following 'false' branch (when 'fve_validated_block' is non-NULL)... cryptsetup-2.8.3/lib/bitlk/bitlk.c:572:12: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:577:21: branch_true: following 'true' branch (when 'i != 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:579:17: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:585:74: throw: if 'device_alignment' throws an exception... cryptsetup-2.8.3/lib/bitlk/bitlk.c:585:74: danger: 'fve_validated_block' leaks here; was allocated at [(22)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/21) # 583| device_alignment(device), &fve, sizeof(fve), params->metadata_offset[i]) != sizeof(fve) || # 584| !check_fve_metadata(&fve) || # 585|-> (fve_size_real = le16_to_cpu(fve.fve_size) << 4, read_lseek_blockwise(devfd, device_block_size(cd, device), # 586| device_alignment(device), &validation, sizeof(validation), params->metadata_offset[i] + fve_size_real) != sizeof(validation)) || # 587| !check_fve_metadata_validation(&validation) || Error: GCC_ANALYZER_WARNING (CWE-401): [#def4] cryptsetup-2.8.3/lib/bitlk/bitlk.c:589:25: warning[-Wanalyzer-malloc-leak]: leak of 'fve_validated_block' cryptsetup-2.8.3/lib/bitlk/bitlk.c:471:5: enter_function: entry to 'BITLK_read_sb' cryptsetup-2.8.3/lib/bitlk/bitlk.c:502:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:508:13: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:508:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:515:13: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:527:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:531:20: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:531:19: branch_true: following 'true' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:539:31: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:545:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:552:13: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:552:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:560:13: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_false: following 'false' branch (when 'i == 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:571:31: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:571:31: acquire_memory: allocated here cryptsetup-2.8.3/lib/bitlk/bitlk.c:572:12: branch_false: following 'false' branch (when 'fve_validated_block' is non-NULL)... cryptsetup-2.8.3/lib/bitlk/bitlk.c:572:12: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:577:21: branch_true: following 'true' branch (when 'i != 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:579:17: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:582:21: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:587:26: call_function: inlined call to 'check_fve_metadata_validation' from 'BITLK_read_sb' cryptsetup-2.8.3/lib/bitlk/bitlk.c:589:25: throw: if 'device_alignment' throws an exception... cryptsetup-2.8.3/lib/bitlk/bitlk.c:589:25: danger: 'fve_validated_block' leaks here; was allocated at [(22)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/21) # 587| !check_fve_metadata_validation(&validation) || # 588| /* double-fetch is here, but we aren't validating MAC */ # 589|-> read_lseek_blockwise(devfd, device_block_size(cd, device), device_alignment(device), fve_validated_block, fve_size_real, # 590| params->metadata_offset[i]) != fve_size_real || # 591| (crypt_crc32(~0, fve_validated_block, fve_size_real) ^ ~0) != le32_to_cpu(validation.fve_crc32)) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def5] cryptsetup-2.8.3/lib/bitlk/bitlk.c:593:25: warning[-Wanalyzer-malloc-leak]: leak of 'fve_validated_block' cryptsetup-2.8.3/lib/bitlk/bitlk.c:502:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:508:13: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:508:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:515:13: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:527:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:531:20: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:531:19: branch_true: following 'true' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:539:31: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:545:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:552:13: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:552:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:560:13: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_false: following 'false' branch (when 'i == 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:571:31: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:571:31: acquire_memory: allocated here cryptsetup-2.8.3/lib/bitlk/bitlk.c:572:12: branch_false: following 'false' branch (when 'fve_validated_block' is non-NULL)... cryptsetup-2.8.3/lib/bitlk/bitlk.c:572:12: branch_false: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:577:21: branch_true: following 'true' branch (when 'i != 3')... cryptsetup-2.8.3/lib/bitlk/bitlk.c:579:17: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:582:20: branch_true: following 'true' branch... cryptsetup-2.8.3/lib/bitlk/bitlk.c:593:25: branch_true: ...to here cryptsetup-2.8.3/lib/bitlk/bitlk.c:593:25: throw: if 'device_path' throws an exception... cryptsetup-2.8.3/lib/bitlk/bitlk.c:593:25: danger: 'fve_validated_block' leaks here; was allocated at [(21)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/20) # 591| (crypt_crc32(~0, fve_validated_block, fve_size_real) ^ ~0) != le32_to_cpu(validation.fve_crc32)) { # 592| /* found an invalid FVE metadata copy, log and skip */ # 593|-> log_dbg(cd, _("Failed to read or validate BITLK FVE metadata copy #%d from %s."), i, device_path(device)); # 594| } else { # 595| /* found a valid FVE metadata copy, use it */ Error: GCC_ANALYZER_WARNING (CWE-401): [#def6] cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:807:24: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, 368)' cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3320:12: enter_function: entry to 'reencrypt_load' cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3331:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3337:13: branch_false: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3338:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_false: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_true: following 'true' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: branch_true: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: call_function: calling 'reencrypt_load_clean' from 'reencrypt_load' # 805| json_object *jobj_keyslot, *jobj_mode; # 806| # 807|-> jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, LUKS2_find_keyslot(hdr, "reencrypt")); # 808| if (!jobj_keyslot) # 809| return mi; Error: GCC_ANALYZER_WARNING (CWE-401): [#def7] cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:811:9: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, 368)' cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3320:12: enter_function: entry to 'reencrypt_load' cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3331:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3337:13: branch_false: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3338:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_false: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_true: following 'true' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: branch_true: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: call_function: calling 'reencrypt_load_clean' from 'reencrypt_load' # 809| return mi; # 810| # 811|-> json_object_object_get_ex(jobj_keyslot, "mode", &jobj_mode); # 812| mode = json_object_get_string(jobj_mode); # 813| Error: GCC_ANALYZER_WARNING (CWE-401): [#def8] cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:812:16: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, 368)' cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3320:12: enter_function: entry to 'reencrypt_load' cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3331:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3337:13: branch_false: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3338:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_false: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_true: following 'true' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: branch_true: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: call_function: calling 'reencrypt_load_clean' from 'reencrypt_load' # 810| # 811| json_object_object_get_ex(jobj_keyslot, "mode", &jobj_mode); # 812|-> mode = json_object_get_string(jobj_mode); # 813| # 814| /* validation enforces allowed values */ Error: GCC_ANALYZER_WARNING (CWE-401): [#def9] cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:829:24: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, 368)' cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3320:12: enter_function: entry to 'reencrypt_load' cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3331:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3337:13: branch_false: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3338:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_false: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_true: following 'true' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: branch_true: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: call_function: calling 'reencrypt_load_clean' from 'reencrypt_load' # 827| crypt_reencrypt_direction_info di = CRYPT_REENCRYPT_FORWARD; # 828| # 829|-> jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, LUKS2_find_keyslot(hdr, "reencrypt")); # 830| if (!jobj_keyslot) # 831| return di; Error: GCC_ANALYZER_WARNING (CWE-401): [#def10] cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:1175:29: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, 368)' cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3320:12: enter_function: entry to 'reencrypt_load' cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3331:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3337:13: branch_false: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3338:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_false: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_true: following 'true' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: branch_true: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: call_function: calling 'reencrypt_load_clean' from 'reencrypt_load' # 1173| uint64_t dummy, area_length; # 1174| # 1175|-> rh->reenc_keyslot = LUKS2_find_keyslot(hdr, "reencrypt"); # 1176| if (rh->reenc_keyslot < 0) # 1177| return -EINVAL; Error: GCC_ANALYZER_WARNING (CWE-401): [#def11] cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:1178:13: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, 368)' cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3320:12: enter_function: entry to 'reencrypt_load' cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3331:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3337:13: branch_false: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3338:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_false: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_true: following 'true' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: branch_true: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: call_function: calling 'reencrypt_load_clean' from 'reencrypt_load' # 1176| if (rh->reenc_keyslot < 0) # 1177| return -EINVAL; # 1178|-> if (LUKS2_keyslot_area(hdr, rh->reenc_keyslot, &dummy, &area_length) < 0) # 1179| return -EINVAL; # 1180| Error: GCC_ANALYZER_WARNING (CWE-401): [#def12] cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:1285:9: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, 368)' cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3320:12: enter_function: entry to 'reencrypt_load' cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3331:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3337:13: branch_false: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3338:12: branch_false: following 'false' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_false: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_true: following 'true' branch... cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: branch_true: ...to here cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: call_function: calling 'reencrypt_load_clean' from 'reencrypt_load' # 1283| return -ENOMEM; # 1284| # 1285|-> log_dbg(cd, "Loading stored reencryption context."); # 1286| # 1287| r = reencrypt_context_init(cd, hdr, tmp, device_size, max_hotzone_size, fixed_device_size);
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.92.0 |
| diffbase-analyzer-version-cppcheck | 2.19.1 |
| diffbase-analyzer-version-gcc | 16.0.0 |
| diffbase-analyzer-version-gcc-analyzer | 16.0.0 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-241.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | cryptsetup-2.8.1-1.fc43 |
| diffbase-store-results-to | /tmp/tmpmq2a_g8g/cryptsetup-2.8.1-1.fc43.tar.xz |
| diffbase-time-created | 2026-01-08 15:47:33 |
| diffbase-time-finished | 2026-01-08 15:49:48 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpmq2a_g8g/cryptsetup-2.8.1-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpmq2a_g8g/cryptsetup-2.8.1-1.fc43.src.rpm' |
| diffbase-tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-241.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | cryptsetup-2.8.3-3.fc44 |
| store-results-to | /tmp/tmpecb8z2lx/cryptsetup-2.8.3-3.fc44.tar.xz |
| time-created | 2026-01-08 15:50:17 |
| time-finished | 2026-01-08 15:52:05 |
| title | Newly introduced findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpecb8z2lx/cryptsetup-2.8.3-3.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpecb8z2lx/cryptsetup-2.8.3-3.fc44.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |