cryptsetup-2.8.3-3.fc44

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1]
cryptsetup-2.8.3/lib/bitlk/bitlk.c:579:17: warning[-Wanalyzer-malloc-leak]: leak of 'fve_validated_block'
cryptsetup-2.8.3/lib/bitlk/bitlk.c:502:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:508:13: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:508:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:515:13: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:527:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:531:20: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:531:19: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:539:31: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:545:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:552:13: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:552:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:560:13: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_false: following 'false' branch (when 'i == 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:571:31: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:571:31: acquire_memory: allocated here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:572:12: branch_false: following 'false' branch (when 'fve_validated_block' is non-NULL)...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:572:12: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:577:21: branch_true: following 'true' branch (when 'i != 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:579:17: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:579:17: throw: if 'device_path' throws an exception...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:579:17: danger: 'fve_validated_block' leaks here; was allocated at [(21)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/20)
#  577|   	for (i = 0; i < 3; i++) {
#  578|   		/* iterate over FVE metadata copies and pick the valid one */
#  579|-> 		log_dbg(cd, "Reading BITLK FVE metadata copy #%d of size %zu on device %s, offset %" PRIu64 ".",
#  580|   			i, sizeof(fve), device_path(device), params->metadata_offset[i]);
#  581|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def2]
cryptsetup-2.8.3/lib/bitlk/bitlk.c:582:21: warning[-Wanalyzer-malloc-leak]: leak of 'fve_validated_block'
cryptsetup-2.8.3/lib/bitlk/bitlk.c:502:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:508:13: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:508:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:515:13: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:527:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:531:20: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:531:19: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:539:31: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:545:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:552:13: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:552:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:560:13: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_false: following 'false' branch (when 'i == 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:571:31: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:571:31: acquire_memory: allocated here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:572:12: branch_false: following 'false' branch (when 'fve_validated_block' is non-NULL)...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:572:12: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:577:21: branch_true: following 'true' branch (when 'i != 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:579:17: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:582:21: throw: if 'device_alignment' throws an exception...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:582:21: danger: 'fve_validated_block' leaks here; was allocated at [(21)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/20)
#  580|   			i, sizeof(fve), device_path(device), params->metadata_offset[i]);
#  581|   
#  582|-> 		if (read_lseek_blockwise(devfd, device_block_size(cd, device),
#  583|   			device_alignment(device), &fve, sizeof(fve), params->metadata_offset[i]) != sizeof(fve) ||
#  584|   			!check_fve_metadata(&fve) ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def3]
cryptsetup-2.8.3/lib/bitlk/bitlk.c:585:74: warning[-Wanalyzer-malloc-leak]: leak of 'fve_validated_block'
cryptsetup-2.8.3/lib/bitlk/bitlk.c:471:5: enter_function: entry to 'BITLK_read_sb'
cryptsetup-2.8.3/lib/bitlk/bitlk.c:502:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:508:13: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:508:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:515:13: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:527:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:531:20: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:531:19: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:539:31: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:545:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:552:13: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:552:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:560:13: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_false: following 'false' branch (when 'i == 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:571:31: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:571:31: acquire_memory: allocated here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:572:12: branch_false: following 'false' branch (when 'fve_validated_block' is non-NULL)...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:572:12: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:577:21: branch_true: following 'true' branch (when 'i != 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:579:17: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:585:74: throw: if 'device_alignment' throws an exception...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:585:74: danger: 'fve_validated_block' leaks here; was allocated at [(22)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/21)
#  583|   			device_alignment(device), &fve, sizeof(fve), params->metadata_offset[i]) != sizeof(fve) ||
#  584|   			!check_fve_metadata(&fve) ||
#  585|-> 			(fve_size_real = le16_to_cpu(fve.fve_size) << 4, read_lseek_blockwise(devfd, device_block_size(cd, device),
#  586|   			device_alignment(device), &validation, sizeof(validation), params->metadata_offset[i] + fve_size_real) != sizeof(validation)) ||
#  587|   			!check_fve_metadata_validation(&validation) ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
cryptsetup-2.8.3/lib/bitlk/bitlk.c:589:25: warning[-Wanalyzer-malloc-leak]: leak of 'fve_validated_block'
cryptsetup-2.8.3/lib/bitlk/bitlk.c:471:5: enter_function: entry to 'BITLK_read_sb'
cryptsetup-2.8.3/lib/bitlk/bitlk.c:502:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:508:13: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:508:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:515:13: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:527:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:531:20: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:531:19: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:539:31: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:545:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:552:13: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:552:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:560:13: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_false: following 'false' branch (when 'i == 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:571:31: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:571:31: acquire_memory: allocated here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:572:12: branch_false: following 'false' branch (when 'fve_validated_block' is non-NULL)...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:572:12: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:577:21: branch_true: following 'true' branch (when 'i != 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:579:17: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:582:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:587:26: call_function: inlined call to 'check_fve_metadata_validation' from 'BITLK_read_sb'
cryptsetup-2.8.3/lib/bitlk/bitlk.c:589:25: throw: if 'device_alignment' throws an exception...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:589:25: danger: 'fve_validated_block' leaks here; was allocated at [(22)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/21)
#  587|   			!check_fve_metadata_validation(&validation) ||
#  588|   			/* double-fetch is here, but we aren't validating MAC */
#  589|-> 			read_lseek_blockwise(devfd, device_block_size(cd, device), device_alignment(device), fve_validated_block, fve_size_real,
#  590|   			params->metadata_offset[i]) != fve_size_real ||
#  591|   			(crypt_crc32(~0, fve_validated_block, fve_size_real) ^ ~0) != le32_to_cpu(validation.fve_crc32)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def5]
cryptsetup-2.8.3/lib/bitlk/bitlk.c:593:25: warning[-Wanalyzer-malloc-leak]: leak of 'fve_validated_block'
cryptsetup-2.8.3/lib/bitlk/bitlk.c:502:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:508:13: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:508:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:515:13: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:527:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:531:20: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:531:19: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:539:31: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:545:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:552:13: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:552:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:560:13: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_true: following 'true' branch (when 'i != 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:569:46: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:568:21: branch_false: following 'false' branch (when 'i == 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:571:31: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:571:31: acquire_memory: allocated here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:572:12: branch_false: following 'false' branch (when 'fve_validated_block' is non-NULL)...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:572:12: branch_false: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:577:21: branch_true: following 'true' branch (when 'i != 3')...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:579:17: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:582:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:593:25: branch_true: ...to here
cryptsetup-2.8.3/lib/bitlk/bitlk.c:593:25: throw: if 'device_path' throws an exception...
cryptsetup-2.8.3/lib/bitlk/bitlk.c:593:25: danger: 'fve_validated_block' leaks here; was allocated at [(21)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/20)
#  591|   			(crypt_crc32(~0, fve_validated_block, fve_size_real) ^ ~0) != le32_to_cpu(validation.fve_crc32)) {
#  592|   			/* found an invalid FVE metadata copy, log and skip */
#  593|-> 			log_dbg(cd, _("Failed to read or validate BITLK FVE metadata copy #%d from %s."), i, device_path(device));
#  594|   		} else {
#  595|   			/* found a valid FVE metadata copy, use it */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:70:21: warning[-Wanalyzer-malloc-leak]: leak of 'key'
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:215:5: enter_function: entry to 'crypt_cipher_check_kernel'
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:243:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:246:9: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:266:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:269:9: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:271:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:272:12: branch_false: following 'false' branch (when 'key' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:276:9: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:279:13: call_function: calling '_crypt_cipher_init' from 'crypt_cipher_check_kernel'
#   68|   	}
#   69|   
#   70|-> 	ctx->opfd = accept(ctx->tfmfd, NULL, 0);
#   71|   	if (ctx->opfd < 0) {
#   72|   		crypt_cipher_destroy_kernel(ctx);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def7]
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:207:17: warning[-Wanalyzer-malloc-leak]: leak of 'key'
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:215:5: enter_function: entry to 'crypt_cipher_check_kernel'
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:243:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:246:9: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:266:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:269:9: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:271:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:272:12: branch_false: following 'false' branch (when 'key' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:276:9: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:279:13: call_function: calling '_crypt_cipher_init' from 'crypt_cipher_check_kernel'
#  205|   {
#  206|   	if (ctx->tfmfd >= 0)
#  207|-> 		close(ctx->tfmfd);
#  208|   	if (ctx->opfd >= 0)
#  209|   		close(ctx->opfd);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:209:17: warning[-Wanalyzer-malloc-leak]: leak of 'key'
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:215:5: enter_function: entry to 'crypt_cipher_check_kernel'
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:243:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:246:9: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:266:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:269:9: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:271:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:272:12: branch_false: following 'false' branch (when 'key' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:276:9: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:279:13: call_function: calling '_crypt_cipher_init' from 'crypt_cipher_check_kernel'
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:279:13: return_function: returning to 'crypt_cipher_check_kernel' from '_crypt_cipher_init'
cryptsetup-2.8.3/lib/crypto_backend/crypto_cipher_kernel.c:280:9: call_function: calling 'crypt_cipher_destroy_kernel' from 'crypt_cipher_check_kernel'
#  207|   		close(ctx->tfmfd);
#  208|   	if (ctx->opfd >= 0)
#  209|-> 		close(ctx->opfd);
#  210|   
#  211|   	ctx->tfmfd = -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def9]
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:277:16: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:325:5: enter_function: entry to 'crypt_hash_init'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:329:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:330:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:333:17: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:334:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:339:22: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:339:22: call_function: calling 'hash_id_get' from 'crypt_hash_init'
#  275|   {
#  276|   #if OPENSSL_VERSION_MAJOR >= 3
#  277|-> 	return EVP_MD_fetch(ossl_ctx, crypt_hash_compat_name(name), NULL);
#  278|   #else
#  279|   	return EVP_get_digestbyname(crypt_hash_compat_name(name));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def10]
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:286:9: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:325:5: enter_function: entry to 'crypt_hash_init'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:329:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:330:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:333:17: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:334:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:339:22: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:340:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:346:13: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:346:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:347:17: branch_true: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:347:17: call_function: inlined call to 'hash_id_free' from 'crypt_hash_init'
#  284|   {
#  285|   #if OPENSSL_VERSION_MAJOR >= 3
#  286|-> 	EVP_MD_free(CONST_CAST(EVP_MD*)hash_id);
#  287|   #else
#  288|   	UNUSED(hash_id);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def11]
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:295:16: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:736:5: enter_function: entry to 'crypt_cipher_init'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:742:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:743:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:746:14: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:746:14: call_function: calling '_cipher_init' from 'crypt_cipher_init'
#  293|   {
#  294|   #if OPENSSL_VERSION_MAJOR >= 3
#  295|-> 	return EVP_CIPHER_fetch(ossl_ctx, name, NULL);
#  296|   #else
#  297|   	return EVP_get_cipherbyname(name);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def12]
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:304:9: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:736:5: enter_function: entry to 'crypt_cipher_init'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:742:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:743:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:746:14: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:746:14: call_function: calling '_cipher_init' from 'crypt_cipher_init'
#  302|   {
#  303|   #if OPENSSL_VERSION_MAJOR >= 3
#  304|-> 	EVP_CIPHER_free(CONST_CAST(EVP_CIPHER*)cipher_type);
#  305|   #else
#  306|   	UNUSED(cipher_type);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def13]
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:333:17: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:329:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:330:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:333:17: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:333:17: throw: if 'EVP_MD_CTX_new' throws an exception...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:333:17: danger: 'h' leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  331|   		return -ENOMEM;
#  332|   
#  333|-> 	h->md = EVP_MD_CTX_new();
#  334|   	if (!h->md) {
#  335|   		free(h);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def14]
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:341:17: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:329:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:330:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:333:17: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:334:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:339:22: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:340:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:341:17: branch_true: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:341:17: throw: if 'EVP_MD_CTX_free' throws an exception...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:341:17: danger: 'h' leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  339|   	h->hash_id = hash_id_get(name);
#  340|   	if (!h->hash_id) {
#  341|-> 		EVP_MD_CTX_free(h->md);
#  342|   		free(h);
#  343|   		return -EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def15]
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:346:13: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:329:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:330:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:333:17: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:334:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:339:22: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:340:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:346:13: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:346:13: throw: if 'EVP_DigestInit_ex' throws an exception...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:346:13: danger: 'h' leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  344|   	}
#  345|   
#  346|-> 	if (EVP_DigestInit_ex(h->md, h->hash_id, NULL) != 1) {
#  347|   		hash_id_free(h->hash_id);
#  348|   		EVP_MD_CTX_free(h->md);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def16]
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:348:17: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:329:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:330:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:333:17: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:334:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:339:22: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:340:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:346:13: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:346:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:347:17: branch_true: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:348:17: throw: if 'EVP_MD_CTX_free' throws an exception...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:348:17: danger: 'h' leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  346|   	if (EVP_DigestInit_ex(h->md, h->hash_id, NULL) != 1) {
#  347|   		hash_id_free(h->hash_id);
#  348|-> 		EVP_MD_CTX_free(h->md);
#  349|   		free(h);
#  350|   		return -EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def17]
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:424:18: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:420:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:421:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:424:18: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:424:18: throw: if 'EVP_MAC_fetch' throws an exception...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:424:18: danger: 'h' leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  422|   		return -ENOMEM;
#  423|   
#  424|-> 	h->mac = EVP_MAC_fetch(ossl_ctx, OSSL_MAC_NAME_HMAC, NULL);
#  425|   	if (!h->mac) {
#  426|   		free(h);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def18]
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:430:17: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:420:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:421:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:424:18: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:425:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:430:17: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:430:17: throw: if 'EVP_MAC_CTX_new' throws an exception...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:430:17: danger: 'h' leaks here; was allocated at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
#  428|   	}
#  429|   
#  430|-> 	h->md = EVP_MAC_CTX_new(h->mac);
#  431|   	if (!h->md) {
#  432|   		EVP_MAC_free(h->mac);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def19]
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:432:17: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:420:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:421:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:424:18: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:425:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:430:17: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:431:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:432:17: branch_true: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:432:17: throw: if 'EVP_MAC_free' throws an exception...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:432:17: danger: 'h' leaks here; was allocated at [(1)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/0)
#  430|   	h->md = EVP_MAC_CTX_new(h->mac);
#  431|   	if (!h->md) {
#  432|-> 		EVP_MAC_free(h->mac);
#  433|   		free(h);
#  434|   		return -ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def20]
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:437:13: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:420:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:421:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:424:18: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:425:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:430:17: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:431:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:437:13: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:437:13: throw: if 'EVP_MAC_init' throws an exception...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:437:13: danger: 'h' leaks here; was allocated at [(1)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/0)
#  435|   	}
#  436|   
#  437|-> 	if (EVP_MAC_init(h->md, key, key_length, params) != 1) {
#  438|   		EVP_MAC_CTX_free(h->md);
#  439|   		EVP_MAC_free(h->mac);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def21]
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:438:17: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:420:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:421:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:424:18: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:425:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:430:17: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:431:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:437:13: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:437:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:438:17: branch_true: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:438:17: throw: if 'EVP_MAC_CTX_free' throws an exception...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:438:17: danger: 'h' leaks here; was allocated at [(1)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/0)
#  436|   
#  437|   	if (EVP_MAC_init(h->md, key, key_length, params) != 1) {
#  438|-> 		EVP_MAC_CTX_free(h->md);
#  439|   		EVP_MAC_free(h->mac);
#  440|   		free(h);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def22]
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:439:17: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:420:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:421:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:424:18: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:425:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:430:17: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:431:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:437:13: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:437:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:438:17: branch_true: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:439:17: throw: if 'EVP_MAC_free' throws an exception...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:439:17: danger: 'h' leaks here; was allocated at [(1)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/0)
#  437|   	if (EVP_MAC_init(h->md, key, key_length, params) != 1) {
#  438|   		EVP_MAC_CTX_free(h->md);
#  439|-> 		EVP_MAC_free(h->mac);
#  440|   		free(h);
#  441|   		return -EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def23]
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:444:23: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:420:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:421:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:424:18: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:425:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:430:17: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:431:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:437:13: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:437:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:444:23: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:444:23: throw: if 'EVP_MAC_CTX_get_mac_size' throws an exception...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:444:23: danger: 'h' leaks here; was allocated at [(1)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/0)
#  442|   	}
#  443|   
#  444|-> 	h->hash_len = EVP_MAC_CTX_get_mac_size(h->md);
#  445|   	h->md_org = EVP_MAC_CTX_dup(h->md);
#  446|   #else

Error: GCC_ANALYZER_WARNING (CWE-401): [#def24]
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:445:21: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:420:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:421:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:424:18: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:425:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:430:17: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:431:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:437:13: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:437:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:444:23: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:445:21: throw: if 'EVP_MAC_CTX_dup' throws an exception...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:445:21: danger: 'h' leaks here; was allocated at [(1)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/0)
#  443|   
#  444|   	h->hash_len = EVP_MAC_CTX_get_mac_size(h->md);
#  445|-> 	h->md_org = EVP_MAC_CTX_dup(h->md);
#  446|   #else
#  447|   	h = malloc(sizeof(*h));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def25]
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:710:19: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:736:5: enter_function: entry to 'crypt_cipher_init'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:742:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:743:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:746:14: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:746:14: call_function: calling '_cipher_init' from 'crypt_cipher_init'
#  708|   	}
#  709|   
#  710|-> 	*hd_enc = EVP_CIPHER_CTX_new();
#  711|   	*hd_dec = EVP_CIPHER_CTX_new();
#  712|   	*iv_length = EVP_CIPHER_iv_length(type);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def26]
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:711:19: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:736:5: enter_function: entry to 'crypt_cipher_init'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:742:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:743:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:746:14: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:746:14: call_function: calling '_cipher_init' from 'crypt_cipher_init'
#  709|   
#  710|   	*hd_enc = EVP_CIPHER_CTX_new();
#  711|-> 	*hd_dec = EVP_CIPHER_CTX_new();
#  712|   	*iv_length = EVP_CIPHER_iv_length(type);
#  713|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def27]
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:719:13: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:736:5: enter_function: entry to 'crypt_cipher_init'
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:742:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:743:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:746:14: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_openssl.c:746:14: call_function: calling '_cipher_init' from 'crypt_cipher_init'
#  717|   	}
#  718|   
#  719|-> 	if (EVP_EncryptInit_ex(*hd_enc, type, NULL, key, NULL) != 1 ||
#  720|   	    EVP_DecryptInit_ex(*hd_dec, type, NULL, key, NULL) != 1) {
#  721|   		_cipher_destroy(hd_enc, hd_dec, &type);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def28]
cryptsetup-2.8.3/lib/crypto_backend/crypto_storage.c:254:13: warning[-Wanalyzer-malloc-leak]: leak of 's'
cryptsetup-2.8.3/lib/crypto_backend/crypto_storage.c:222:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_storage.c:224:27: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_storage.c:222:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_storage.c:228:14: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_storage.c:230:20: branch_false: following 'false' branch (when 'r == 2')...
cryptsetup-2.8.3/lib/crypto_backend/crypto_storage.c:232:21: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_storage.c:233:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/crypto_storage.c:243:21: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_storage.c:244:12: branch_false: following 'false' branch (when 'cipher_iv' is NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_storage.c:249:13: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_storage.c:249:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/crypto_storage.c:250:12: branch_false: following 'false' branch (when 's' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/crypto_storage.c:252:9: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/crypto_storage.c:254:13: throw: if 'crypt_cipher_init' throws an exception...
cryptsetup-2.8.3/lib/crypto_backend/crypto_storage.c:254:13: danger: 's' leaks here; was allocated at [(12)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/11)
#  252|   	memset(s, 0, sizeof(*s));
#  253|   
#  254|-> 	r = crypt_cipher_init(&s->cipher, cipher_name, mode_name, key, key_length);
#  255|   	if (r) {
#  256|   		crypt_storage_destroy(s);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def29]
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:110:21: warning[-Wanalyzer-malloc-leak]: leak of 'key'
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:195:12: enter_function: entry to 'crypt_argon2_check'
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:211:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:214:26: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:217:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:220:15: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:220:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:221:12: branch_false: following 'false' branch (when 'key' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:224:9: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:229:21: call_function: calling 'measure_argon2' from 'crypt_argon2_check'
#  108|   			return -EINVAL;
#  109|   
#  110|-> 		r = crypt_pbkdf(kdf, NULL, password, password_length, salt,
#  111|   		                salt_length, key, key_length, t_cost, m_cost, parallel);
#  112|   		if (r < 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def30]
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:304:17: warning[-Wanalyzer-malloc-leak]: leak of 'key'
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:195:12: enter_function: entry to 'crypt_argon2_check'
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:211:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:214:26: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:217:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:220:15: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:220:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:221:12: branch_false: following 'false' branch (when 'key' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:224:9: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:229:21: call_function: calling 'measure_argon2' from 'crypt_argon2_check'
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:229:21: return_function: returning to 'crypt_argon2_check' from 'measure_argon2'
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:232:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:240:20: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:240:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:241:25: branch_true: ...to here
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:304:17: throw: if 'crypt_backend_memzero' throws an exception...
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:304:17: danger: 'key' leaks here; was allocated at [(6)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/5)
#  302|   	if (key) {
#  303|   		/* Key can be derived from a real provided password */
#  304|-> 		crypt_backend_memzero(key, key_length);
#  305|   		free(key);
#  306|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def31]
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:340:21: warning[-Wanalyzer-malloc-leak]: leak of 'key'
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:325:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:328:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:329:12: branch_false: following 'false' branch (when 'key' is non-NULL)...
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:332:9: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:335:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:340:21: branch_false: ...to here
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:340:21: throw: if 'crypt_pbkdf' throws an exception...
cryptsetup-2.8.3/lib/crypto_backend/pbkdf_check.c:340:21: danger: 'key' leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  338|   		}
#  339|   
#  340|-> 		r = crypt_pbkdf(kdf, hash, password, password_length, salt,
#  341|   				salt_length, key, key_length, iterations, 0, 0);
#  342|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def32]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:187:13: warning[-Wanalyzer-malloc-leak]: leak of 'tweak'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:696:17: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:726:21: branch_true: following 'true' branch (when 'i < blocks_n')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:727:35: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:728:20: branch_false: following 'false' branch (when 'off <= 1073741824')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:21: call_function: inlined call to '_filled_with' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:744:17: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:747:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: call_function: calling '_check_crc' from '_read_encrypted_metadata'
#  185|   		return -EINVAL;
#  186|   
#  187|-> 	if (crypt_crc32c(seed, (const uint8_t *)data + crc_size,
#  188|   			data_size - crc_size) != value)
#  189|   		return -EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def33]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:262:21: warning[-Wanalyzer-malloc-leak]: leak of 'cipher_in'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:203:12: enter_function: entry to '_unwrap_key'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:226:9: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:229:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:232:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:232:21: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:233:12: branch_false: following 'false' branch (when 'cipher_in' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:238:22: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:239:12: branch_false: following 'false' branch (when 'cipher_out' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:247:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:253:31: branch_true: following 'true' branch (when 't != 0')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:258:50: call_function: inlined call to '__bswap_64' from '_unwrap_key'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:262:21: throw: if 'crypt_cipher_decrypt' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:262:21: danger: 'cipher_in' leaks here; was allocated at [(6)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/5)
#  260|   
#  261|   		/* A||R2 = CIPH^{-1}_K(...) (see steps 2a, 2b) */
#  262|-> 		r = crypt_cipher_decrypt(cipher, cipher_in, cipher_out, 16, NULL, 0);
#  263|   		if (r < 0)
#  264|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def34]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:262:21: warning[-Wanalyzer-malloc-leak]: leak of 'cipher_out'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:203:12: enter_function: entry to '_unwrap_key'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:226:9: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:229:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:232:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:233:12: branch_false: following 'false' branch (when 'cipher_in' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:238:22: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:238:22: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:239:12: branch_false: following 'false' branch (when 'cipher_out' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:247:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:253:31: branch_true: following 'true' branch (when 't != 0')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:258:50: call_function: inlined call to '__bswap_64' from '_unwrap_key'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:262:21: throw: if 'crypt_cipher_decrypt' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:262:21: danger: 'cipher_out' leaks here; was allocated at [(8)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/7)
#  260|   
#  261|   		/* A||R2 = CIPH^{-1}_K(...) (see steps 2a, 2b) */
#  262|-> 		r = crypt_cipher_decrypt(cipher, cipher_in, cipher_out, 16, NULL, 0);
#  263|   		if (r < 0)
#  264|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def35]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:320:13: warning[-Wanalyzer-malloc-leak]: leak of 'log_vol_size_str'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:442:12: enter_function: entry to '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:454:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:457:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:458:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: return_function: returning to '_parse_metadata_block_0x001a' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:462:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:464:25: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:465:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
#  318|   	}
#  319|   
#  320|-> 	if (regcomp(&regex, pattern, REG_EXTENDED) != 0) {
#  321|   		r = -EINVAL;
#  322|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def36]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:320:13: warning[-Wanalyzer-malloc-leak]: leak of 'pwk_base64'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:357:12: enter_function: entry to '_parse_metadata_block_0x0019'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:374:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:377:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:378:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x0019'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: return_function: returning to '_parse_metadata_block_0x0019' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:382:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:384:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:385:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:387:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:387:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:392:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:392:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x0019'
#  318|   	}
#  319|   
#  320|-> 	if (regcomp(&regex, pattern, REG_EXTENDED) != 0) {
#  321|   		r = -EINVAL;
#  322|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def37]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:320:13: warning[-Wanalyzer-malloc-leak]: leak of 'tweak'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:696:17: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:726:21: branch_true: following 'true' branch (when 'i < blocks_n')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:727:35: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:728:20: branch_false: following 'false' branch (when 'off <= 1073741824')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:21: call_function: inlined call to '_filled_with' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:744:17: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:747:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: call_function: calling '_check_crc' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: return_function: returning to '_read_encrypted_metadata' from '_check_crc'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:751:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:757:30: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:773:29: call_function: calling '_parse_metadata_block_0x001a' from '_read_encrypted_metadata'
#  318|   	}
#  319|   
#  320|-> 	if (regcomp(&regex, pattern, REG_EXTENDED) != 0) {
#  321|   		r = -EINVAL;
#  322|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def38]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:320:13: warning[-Wanalyzer-malloc-leak]: leak of 'xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:442:12: enter_function: entry to '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:454:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:457:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:457:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:458:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
#  318|   	}
#  319|   
#  320|-> 	if (regcomp(&regex, pattern, REG_EXTENDED) != 0) {
#  321|   		r = -EINVAL;
#  322|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def39]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:327:13: warning[-Wanalyzer-malloc-leak]: leak of 'log_vol_size_str'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:442:12: enter_function: entry to '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:454:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:457:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:458:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: return_function: returning to '_parse_metadata_block_0x001a' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:462:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:464:25: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:465:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
#  325|   	regex_ready = true;
#  326|   
#  327|-> 	if (regexec(&regex, xml, 2, match, 0) != 0) {
#  328|   		r = -EINVAL;
#  329|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def40]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:327:13: warning[-Wanalyzer-malloc-leak]: leak of 'pwk_base64'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:357:12: enter_function: entry to '_parse_metadata_block_0x0019'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:374:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:377:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:378:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x0019'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: return_function: returning to '_parse_metadata_block_0x0019' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:382:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:384:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:385:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:387:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:387:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:392:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:392:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x0019'
#  325|   	regex_ready = true;
#  326|   
#  327|-> 	if (regexec(&regex, xml, 2, match, 0) != 0) {
#  328|   		r = -EINVAL;
#  329|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def41]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:327:13: warning[-Wanalyzer-malloc-leak]: leak of 'tweak'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:696:17: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:726:21: branch_true: following 'true' branch (when 'i < blocks_n')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:727:35: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:728:20: branch_false: following 'false' branch (when 'off <= 1073741824')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:21: call_function: inlined call to '_filled_with' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:744:17: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:747:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: call_function: calling '_check_crc' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: return_function: returning to '_read_encrypted_metadata' from '_check_crc'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:751:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:757:30: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:773:29: call_function: calling '_parse_metadata_block_0x001a' from '_read_encrypted_metadata'
#  325|   	regex_ready = true;
#  326|   
#  327|-> 	if (regexec(&regex, xml, 2, match, 0) != 0) {
#  328|   		r = -EINVAL;
#  329|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def42]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:327:13: warning[-Wanalyzer-malloc-leak]: leak of 'xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:442:12: enter_function: entry to '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:454:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:457:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:457:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:458:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
#  325|   	regex_ready = true;
#  326|   
#  327|-> 	if (regexec(&regex, xml, 2, match, 0) != 0) {
#  328|   		r = -EINVAL;
#  329|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def43]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:345:17: warning[-Wanalyzer-malloc-leak]: leak of 'family_uuid_str'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:442:12: enter_function: entry to '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:454:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:457:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:458:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: return_function: returning to '_parse_metadata_block_0x001a' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:462:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:464:25: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:465:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
#  343|   	free(pattern);
#  344|   	if (regex_ready)
#  345|-> 		regfree(&regex);
#  346|   	return r;
#  347|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def44]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:345:17: warning[-Wanalyzer-malloc-leak]: leak of 'kwvk_base64'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:357:12: enter_function: entry to '_parse_metadata_block_0x0019'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:374:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:377:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:378:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x0019'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: return_function: returning to '_parse_metadata_block_0x0019' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:382:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:384:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:385:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:387:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:387:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:392:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:392:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x0019'
#  343|   	free(pattern);
#  344|   	if (regex_ready)
#  345|-> 		regfree(&regex);
#  346|   	return r;
#  347|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def45]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:345:17: warning[-Wanalyzer-malloc-leak]: leak of 'log_vol_size_str'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:442:12: enter_function: entry to '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:454:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:457:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:458:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
#  343|   	free(pattern);
#  344|   	if (regex_ready)
#  345|-> 		regfree(&regex);
#  346|   	return r;
#  347|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def46]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:345:17: warning[-Wanalyzer-malloc-leak]: leak of 'pwk_base64'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:357:12: enter_function: entry to '_parse_metadata_block_0x0019'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:374:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:377:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:378:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x0019'
#  343|   	free(pattern);
#  344|   	if (regex_ready)
#  345|-> 		regfree(&regex);
#  346|   	return r;
#  347|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def47]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:345:17: warning[-Wanalyzer-malloc-leak]: leak of 'tweak'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:696:17: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:726:21: branch_true: following 'true' branch (when 'i < blocks_n')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:727:35: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:728:20: branch_false: following 'false' branch (when 'off <= 1073741824')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:21: call_function: inlined call to '_filled_with' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:744:17: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:747:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: call_function: calling '_check_crc' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: return_function: returning to '_read_encrypted_metadata' from '_check_crc'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:751:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:757:30: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:773:29: call_function: calling '_parse_metadata_block_0x001a' from '_read_encrypted_metadata'
#  343|   	free(pattern);
#  344|   	if (regex_ready)
#  345|-> 		regfree(&regex);
#  346|   	return r;
#  347|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def48]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:345:17: warning[-Wanalyzer-malloc-leak]: leak of 'xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:442:12: enter_function: entry to '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:454:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:457:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:457:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:458:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
#  343|   	free(pattern);
#  344|   	if (regex_ready)
#  345|-> 		regfree(&regex);
#  346|   	return r;
#  347|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def49]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:384:13: warning[-Wanalyzer-malloc-leak]: leak of 'pwk_base64'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:357:12: enter_function: entry to '_parse_metadata_block_0x0019'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:374:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:377:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:378:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x0019'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: return_function: returning to '_parse_metadata_block_0x0019' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:382:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:384:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:384:13: throw: if 'crypt_base64_decode' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:384:13: danger: 'pwk_base64' leaks here; was allocated at [(14)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/13)
#  382|   	if (r < 0)
#  383|   		goto out;
#  384|-> 	r = crypt_base64_decode((char **)&pwk, &decoded_size, pwk_base64, strlen(pwk_base64));
#  385|   	if (r < 0)
#  386|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def50]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:384:13: warning[-Wanalyzer-malloc-leak]: leak of 'xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:357:12: enter_function: entry to '_parse_metadata_block_0x0019'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:374:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:377:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:377:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:378:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x0019'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: return_function: returning to '_parse_metadata_block_0x0019' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:382:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:384:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:384:13: throw: if 'crypt_base64_decode' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:384:13: danger: 'xml' leaks here; was allocated at [(4)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/3)
#  382|   	if (r < 0)
#  383|   		goto out;
#  384|-> 	r = crypt_base64_decode((char **)&pwk, &decoded_size, pwk_base64, strlen(pwk_base64));
#  385|   	if (r < 0)
#  386|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def51]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:395:13: warning[-Wanalyzer-malloc-leak]: leak of 'kwvk_base64'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:357:12: enter_function: entry to '_parse_metadata_block_0x0019'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:374:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:377:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:378:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x0019'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: return_function: returning to '_parse_metadata_block_0x0019' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:382:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:384:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:385:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:387:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:387:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:392:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:392:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x0019'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:392:13: return_function: returning to '_parse_metadata_block_0x0019' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:393:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:395:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:395:13: throw: if 'crypt_base64_decode' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:395:13: danger: 'kwvk_base64' leaks here; was allocated at [(33)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/32)
#  393|   	if (r < 0)
#  394|   		goto out;
#  395|-> 	r = crypt_base64_decode((char **)&kwvk, &decoded_size, kwvk_base64, strlen(kwvk_base64));
#  396|   	if (r < 0)
#  397|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def52]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:395:13: warning[-Wanalyzer-malloc-leak]: leak of 'pwk_base64'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:357:12: enter_function: entry to '_parse_metadata_block_0x0019'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:374:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:377:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:378:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x0019'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: return_function: returning to '_parse_metadata_block_0x0019' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:382:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:384:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:385:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:387:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:387:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:392:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:392:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x0019'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:392:13: return_function: returning to '_parse_metadata_block_0x0019' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:393:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:395:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:395:13: throw: if 'crypt_base64_decode' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:395:13: danger: 'pwk_base64' leaks here; was allocated at [(14)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/13)
#  393|   	if (r < 0)
#  394|   		goto out;
#  395|-> 	r = crypt_base64_decode((char **)&kwvk, &decoded_size, kwvk_base64, strlen(kwvk_base64));
#  396|   	if (r < 0)
#  397|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def53]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:395:13: warning[-Wanalyzer-malloc-leak]: leak of 'xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:357:12: enter_function: entry to '_parse_metadata_block_0x0019'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:374:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:377:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:377:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:378:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x0019'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:381:13: return_function: returning to '_parse_metadata_block_0x0019' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:382:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:384:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:385:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:387:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:387:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:392:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:392:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x0019'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:392:13: return_function: returning to '_parse_metadata_block_0x0019' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:393:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:395:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:395:13: throw: if 'crypt_base64_decode' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:395:13: danger: 'xml' leaks here; was allocated at [(4)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/3)
#  393|   	if (r < 0)
#  394|   		goto out;
#  395|-> 	r = crypt_base64_decode((char **)&kwvk, &decoded_size, kwvk_base64, strlen(kwvk_base64));
#  396|   	if (r < 0)
#  397|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def54]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:428:13: warning[-Wanalyzer-malloc-leak]: leak of 'family_uuid_str'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:442:12: enter_function: entry to '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:454:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:457:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:458:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: return_function: returning to '_parse_metadata_block_0x001a' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:462:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:464:25: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:465:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: return_function: returning to '_parse_metadata_block_0x001a' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:471:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:473:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:473:13: call_function: calling '_reformat_uuid' from '_parse_metadata_block_0x001a'
#  426|   	int r;
#  427|   
#  428|-> 	r = uuid_parse(uuid_in, uuid_bin);
#  429|   	if (r < 0)
#  430|   		return -EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def55]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:428:13: warning[-Wanalyzer-malloc-leak]: leak of 'log_vol_size_str'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:442:12: enter_function: entry to '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:454:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:457:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:458:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: return_function: returning to '_parse_metadata_block_0x001a' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:462:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:464:25: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:465:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: return_function: returning to '_parse_metadata_block_0x001a' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:471:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:473:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:473:13: call_function: calling '_reformat_uuid' from '_parse_metadata_block_0x001a'
#  426|   	int r;
#  427|   
#  428|-> 	r = uuid_parse(uuid_in, uuid_bin);
#  429|   	if (r < 0)
#  430|   		return -EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def56]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:428:13: warning[-Wanalyzer-malloc-leak]: leak of 'xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:442:12: enter_function: entry to '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:454:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:457:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:457:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:458:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: return_function: returning to '_parse_metadata_block_0x001a' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:462:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:464:25: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:465:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: return_function: returning to '_parse_metadata_block_0x001a' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:471:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:473:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:473:13: call_function: calling '_reformat_uuid' from '_parse_metadata_block_0x001a'
#  426|   	int r;
#  427|   
#  428|-> 	r = uuid_parse(uuid_in, uuid_bin);
#  429|   	if (r < 0)
#  430|   		return -EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def57]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:432:9: warning[-Wanalyzer-malloc-leak]: leak of 'family_uuid_str'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:442:12: enter_function: entry to '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:454:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:457:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:458:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: return_function: returning to '_parse_metadata_block_0x001a' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:462:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:464:25: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:465:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: return_function: returning to '_parse_metadata_block_0x001a' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:471:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:473:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:473:13: call_function: calling '_reformat_uuid' from '_parse_metadata_block_0x001a'
#  430|   		return -EINVAL;
#  431|   
#  432|-> 	uuid_unparse(uuid_bin, uuid_out);
#  433|   	return 0;
#  434|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def58]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:432:9: warning[-Wanalyzer-malloc-leak]: leak of 'log_vol_size_str'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:442:12: enter_function: entry to '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:454:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:457:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:458:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: return_function: returning to '_parse_metadata_block_0x001a' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:462:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:464:25: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:465:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: return_function: returning to '_parse_metadata_block_0x001a' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:471:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:473:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:473:13: call_function: calling '_reformat_uuid' from '_parse_metadata_block_0x001a'
#  430|   		return -EINVAL;
#  431|   
#  432|-> 	uuid_unparse(uuid_bin, uuid_out);
#  433|   	return 0;
#  434|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def59]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:432:9: warning[-Wanalyzer-malloc-leak]: leak of 'xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:442:12: enter_function: entry to '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:454:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:457:15: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:457:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:458:12: branch_false: following 'false' branch (when 'xml' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:461:13: return_function: returning to '_parse_metadata_block_0x001a' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:462:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:464:25: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:465:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: call_function: calling '_search_xml' from '_parse_metadata_block_0x001a'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:470:13: return_function: returning to '_parse_metadata_block_0x001a' from '_search_xml'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:471:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:473:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:473:13: call_function: calling '_reformat_uuid' from '_parse_metadata_block_0x001a'
#  430|   		return -EINVAL;
#  431|   
#  432|-> 	uuid_unparse(uuid_bin, uuid_out);
#  433|   	return 0;
#  434|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def60]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:526:9: warning[-Wanalyzer-malloc-leak]: leak of 'vol_header'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:520:22: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:521:12: branch_false: following 'false' branch (when 'vol_header' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:526:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:526:9: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:526:9: danger: 'vol_header' leaks here; was allocated at [(1)](sarif:/runs/0/results/31/codeFlows/0/threadFlows/0/locations/0)
#  524|   	}
#  525|   
#  526|-> 	log_dbg(cd, "Reading FVAULT2 volume header of size %u bytes.", FVAULT2_VOL_HEADER_SIZE);
#  527|   	if (read_blockwise(devfd, device_block_size(cd, dev),
#  528|   			device_alignment(dev), vol_header,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def61]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:527:13: warning[-Wanalyzer-malloc-leak]: leak of 'vol_header'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:520:22: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:521:12: branch_false: following 'false' branch (when 'vol_header' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:526:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:527:13: throw: if 'device_alignment' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:527:13: danger: 'vol_header' leaks here; was allocated at [(1)](sarif:/runs/0/results/32/codeFlows/0/threadFlows/0/locations/0)
#  525|   
#  526|   	log_dbg(cd, "Reading FVAULT2 volume header of size %u bytes.", FVAULT2_VOL_HEADER_SIZE);
#  527|-> 	if (read_blockwise(devfd, device_block_size(cd, dev),
#  528|   			device_alignment(dev), vol_header,
#  529|   			FVAULT2_VOL_HEADER_SIZE) != FVAULT2_VOL_HEADER_SIZE) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def62]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:617:17: warning[-Wanalyzer-malloc-leak]: leak of 'md_block'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:593:12: enter_function: entry to '_read_disklabel'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:609:20: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:610:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:615:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_disklabel'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:617:17: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:617:17: danger: 'md_block' leaks here; was allocated at [(2)](sarif:/runs/0/results/35/codeFlows/0/threadFlows/0/locations/1)
#  615|   	if (uint64_mult_overflow(&off, disklbl_blkoff, block_size) ||
#  616|   	    off > FVAULT2_MAX_OFF) {
#  617|-> 		log_dbg(cd, "Device offset overflow.");
#  618|   		r = -EINVAL;
#  619|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def63]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:622:9: warning[-Wanalyzer-malloc-leak]: leak of 'md_block'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:593:12: enter_function: entry to '_read_disklabel'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:609:20: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:610:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:615:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_disklabel'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:615:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:615:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:622:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:622:9: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:622:9: danger: 'md_block' leaks here; was allocated at [(2)](sarif:/runs/0/results/36/codeFlows/0/threadFlows/0/locations/1)
#  620|   	}
#  621|   	size = FVAULT2_MD_BLOCK_SIZE;
#  622|-> 	log_dbg(cd, "Reading FVAULT2 disk label header of size %zu bytes.", size);
#  623|   	if (read_lseek_blockwise(devfd, device_block_size(cd, dev),
#  624|   			device_alignment(dev), md_block, size, off) != size) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def64]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:623:13: warning[-Wanalyzer-malloc-leak]: leak of 'md_block'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:593:12: enter_function: entry to '_read_disklabel'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:609:20: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:610:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:615:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_disklabel'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:615:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:615:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:622:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:623:13: throw: if 'device_alignment' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:623:13: danger: 'md_block' leaks here; was allocated at [(2)](sarif:/runs/0/results/37/codeFlows/0/threadFlows/0/locations/1)
#  621|   	size = FVAULT2_MD_BLOCK_SIZE;
#  622|   	log_dbg(cd, "Reading FVAULT2 disk label header of size %zu bytes.", size);
#  623|-> 	if (read_lseek_blockwise(devfd, device_block_size(cd, dev),
#  624|   			device_alignment(dev), md_block, size, off) != size) {
#  625|   		r = -EIO;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def65]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:644:17: warning[-Wanalyzer-malloc-leak]: leak of 'vol_gr_des'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:593:12: enter_function: entry to '_read_disklabel'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:610:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:615:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_disklabel'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:615:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:615:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:622:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:623:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:629:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:629:13: call_function: calling '_check_crc' from '_read_disklabel'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:629:13: return_function: returning to '_read_disklabel' from '_check_crc'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:630:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:635:22: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:635:22: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:636:12: branch_false: following 'false' branch (when 'vol_gr_des' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:642:16: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:643:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:644:17: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:644:17: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:644:17: danger: 'vol_gr_des' leaks here; was allocated at [(22)](sarif:/runs/0/results/40/codeFlows/0/threadFlows/0/locations/21)
#  642|   	off += le32_to_cpu(md_block_11->vol_gr_des_off);
#  643|   	if (off > FVAULT2_MAX_OFF) {
#  644|-> 		log_dbg(cd, "Device offset overflow.");
#  645|   		r = -EINVAL;
#  646|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def66]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:649:9: warning[-Wanalyzer-malloc-leak]: leak of 'vol_gr_des'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:593:12: enter_function: entry to '_read_disklabel'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:610:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:615:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_disklabel'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:615:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:615:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:622:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:623:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:629:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:629:13: call_function: calling '_check_crc' from '_read_disklabel'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:629:13: return_function: returning to '_read_disklabel' from '_check_crc'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:630:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:635:22: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:635:22: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:636:12: branch_false: following 'false' branch (when 'vol_gr_des' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:642:16: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:643:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:649:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:649:9: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:649:9: danger: 'vol_gr_des' leaks here; was allocated at [(22)](sarif:/runs/0/results/41/codeFlows/0/threadFlows/0/locations/21)
#  647|   	}
#  648|   	size = sizeof(struct volume_groups_descriptor);
#  649|-> 	log_dbg(cd, "Reading FVAULT2 volume groups descriptor of size %zu bytes.", size);
#  650|   	if (read_lseek_blockwise(devfd, device_block_size(cd, dev),
#  651|   			device_alignment(dev), vol_gr_des, size, off) != size) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def67]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:650:13: warning[-Wanalyzer-malloc-leak]: leak of 'vol_gr_des'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:593:12: enter_function: entry to '_read_disklabel'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:610:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:615:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_disklabel'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:615:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:615:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:622:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:623:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:629:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:629:13: call_function: calling '_check_crc' from '_read_disklabel'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:629:13: return_function: returning to '_read_disklabel' from '_check_crc'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:630:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:635:22: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:635:22: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:636:12: branch_false: following 'false' branch (when 'vol_gr_des' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:642:16: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:643:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:649:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:650:13: throw: if 'device_alignment' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:650:13: danger: 'vol_gr_des' leaks here; was allocated at [(22)](sarif:/runs/0/results/42/codeFlows/0/threadFlows/0/locations/21)
#  648|   	size = sizeof(struct volume_groups_descriptor);
#  649|   	log_dbg(cd, "Reading FVAULT2 volume groups descriptor of size %zu bytes.", size);
#  650|-> 	if (read_lseek_blockwise(devfd, device_block_size(cd, dev),
#  651|   			device_alignment(dev), vol_gr_des, size, off) != size) {
#  652|   		r = -EIO;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def68]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:13: warning[-Wanalyzer-malloc-leak]: leak of 'md_block'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:13: throw: if 'crypt_cipher_init' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:13: danger: 'md_block' leaks here; was allocated at [(5)](sarif:/runs/0/results/47/codeFlows/0/threadFlows/0/locations/4)
#  712|   	}
#  713|   
#  714|-> 	r = crypt_cipher_init(&cipher, "aes", "xts", crypt_volume_key_get_key(key), FVAULT2_XTS_KEY_SIZE);
#  715|   	if (r < 0)
#  716|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def69]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:13: warning[-Wanalyzer-malloc-leak]: leak of 'md_block_enc'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:13: throw: if 'crypt_cipher_init' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:13: danger: 'md_block_enc' leaks here; was allocated at [(3)](sarif:/runs/0/results/46/codeFlows/0/threadFlows/0/locations/2)
#  712|   	}
#  713|   
#  714|-> 	r = crypt_cipher_init(&cipher, "aes", "xts", crypt_volume_key_get_key(key), FVAULT2_XTS_KEY_SIZE);
#  715|   	if (r < 0)
#  716|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def70]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:13: warning[-Wanalyzer-malloc-leak]: leak of 'tweak'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:696:17: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:13: throw: if 'crypt_cipher_init' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:13: danger: 'tweak' leaks here; was allocated at [(1)](sarif:/runs/0/results/45/codeFlows/0/threadFlows/0/locations/0)
#  712|   	}
#  713|   
#  714|-> 	r = crypt_cipher_init(&cipher, "aes", "xts", crypt_volume_key_get_key(key), FVAULT2_XTS_KEY_SIZE);
#  715|   	if (r < 0)
#  716|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def71]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: warning[-Wanalyzer-malloc-leak]: leak of 'md_block'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: throw: if 'crypt_volume_key_get_key' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: danger: 'md_block' leaks here; was allocated at [(5)](sarif:/runs/0/results/50/codeFlows/0/threadFlows/0/locations/4)
#  712|   	}
#  713|   
#  714|-> 	r = crypt_cipher_init(&cipher, "aes", "xts", crypt_volume_key_get_key(key), FVAULT2_XTS_KEY_SIZE);
#  715|   	if (r < 0)
#  716|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def72]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: warning[-Wanalyzer-malloc-leak]: leak of 'md_block_enc'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: throw: if 'crypt_volume_key_get_key' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: danger: 'md_block_enc' leaks here; was allocated at [(3)](sarif:/runs/0/results/49/codeFlows/0/threadFlows/0/locations/2)
#  712|   	}
#  713|   
#  714|-> 	r = crypt_cipher_init(&cipher, "aes", "xts", crypt_volume_key_get_key(key), FVAULT2_XTS_KEY_SIZE);
#  715|   	if (r < 0)
#  716|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def73]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: warning[-Wanalyzer-malloc-leak]: leak of 'tweak'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:696:17: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: throw: if 'crypt_volume_key_get_key' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: danger: 'tweak' leaks here; was allocated at [(1)](sarif:/runs/0/results/48/codeFlows/0/threadFlows/0/locations/0)
#  712|   	}
#  713|   
#  714|-> 	r = crypt_cipher_init(&cipher, "aes", "xts", crypt_volume_key_get_key(key), FVAULT2_XTS_KEY_SIZE);
#  715|   	if (r < 0)
#  716|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def74]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:720:17: warning[-Wanalyzer-malloc-leak]: leak of 'md_block'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:720:17: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:720:17: danger: 'md_block' leaks here; was allocated at [(6)](sarif:/runs/0/results/53/codeFlows/0/threadFlows/0/locations/5)
#  718|   	if (uint64_mult_overflow(&start_off, start_blkoff, block_size) ||
#  719|   	    start_off > FVAULT2_MAX_OFF) {
#  720|-> 		log_dbg(cd, "Device offset overflow.");
#  721|   		r = -EINVAL;
#  722|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def75]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:720:17: warning[-Wanalyzer-malloc-leak]: leak of 'md_block_enc'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:720:17: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:720:17: danger: 'md_block_enc' leaks here; was allocated at [(4)](sarif:/runs/0/results/52/codeFlows/0/threadFlows/0/locations/3)
#  718|   	if (uint64_mult_overflow(&start_off, start_blkoff, block_size) ||
#  719|   	    start_off > FVAULT2_MAX_OFF) {
#  720|-> 		log_dbg(cd, "Device offset overflow.");
#  721|   		r = -EINVAL;
#  722|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def76]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:720:17: warning[-Wanalyzer-malloc-leak]: leak of 'tweak'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:696:17: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:720:17: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:720:17: danger: 'tweak' leaks here; was allocated at [(2)](sarif:/runs/0/results/51/codeFlows/0/threadFlows/0/locations/1)
#  718|   	if (uint64_mult_overflow(&start_off, start_blkoff, block_size) ||
#  719|   	    start_off > FVAULT2_MAX_OFF) {
#  720|-> 		log_dbg(cd, "Device offset overflow.");
#  721|   		r = -EINVAL;
#  722|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def77]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: warning[-Wanalyzer-malloc-leak]: leak of 'md_block'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: danger: 'md_block' leaks here; was allocated at [(6)](sarif:/runs/0/results/56/codeFlows/0/threadFlows/0/locations/5)
#  723|   	}
#  724|   
#  725|-> 	log_dbg(cd, "Reading FVAULT2 encrypted metadata blocks.");
#  726|   	for (i = 0; i < blocks_n; i++) {
#  727|   		off = start_off + i * FVAULT2_MD_BLOCK_SIZE;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def78]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: warning[-Wanalyzer-malloc-leak]: leak of 'md_block_enc'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: danger: 'md_block_enc' leaks here; was allocated at [(4)](sarif:/runs/0/results/55/codeFlows/0/threadFlows/0/locations/3)
#  723|   	}
#  724|   
#  725|-> 	log_dbg(cd, "Reading FVAULT2 encrypted metadata blocks.");
#  726|   	for (i = 0; i < blocks_n; i++) {
#  727|   		off = start_off + i * FVAULT2_MD_BLOCK_SIZE;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def79]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: warning[-Wanalyzer-malloc-leak]: leak of 'tweak'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:696:17: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: danger: 'tweak' leaks here; was allocated at [(2)](sarif:/runs/0/results/54/codeFlows/0/threadFlows/0/locations/1)
#  723|   	}
#  724|   
#  725|-> 	log_dbg(cd, "Reading FVAULT2 encrypted metadata blocks.");
#  726|   	for (i = 0; i < blocks_n; i++) {
#  727|   		off = start_off + i * FVAULT2_MD_BLOCK_SIZE;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def80]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:729:25: warning[-Wanalyzer-malloc-leak]: leak of 'tweak'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:696:17: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:726:21: branch_true: following 'true' branch (when 'i < blocks_n')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:727:35: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:728:20: branch_false: following 'false' branch (when 'off <= 1073741824')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:21: call_function: inlined call to '_filled_with' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:744:17: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:747:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: call_function: calling '_check_crc' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: return_function: returning to '_read_encrypted_metadata' from '_check_crc'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:751:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:757:30: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:726:21: branch_true: following 'true' branch (when 'i < blocks_n')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:727:35: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:729:25: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:729:25: danger: 'tweak' leaks here; was allocated at [(2)](sarif:/runs/0/results/57/codeFlows/0/threadFlows/0/locations/1)
#  727|   		off = start_off + i * FVAULT2_MD_BLOCK_SIZE;
#  728|   		if (off > FVAULT2_MAX_OFF) {
#  729|-> 			log_dbg(cd, "Device offset overflow.");
#  730|   			r = -EINVAL;
#  731|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def81]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: warning[-Wanalyzer-malloc-leak]: leak of 'md_block'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:726:21: branch_true: following 'true' branch (when 'i < blocks_n')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:727:35: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:728:20: branch_false: following 'false' branch (when 'off <= 1073741824')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: throw: if 'device_alignment' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: danger: 'md_block' leaks here; was allocated at [(6)](sarif:/runs/0/results/60/codeFlows/0/threadFlows/0/locations/5)
#  731|   			goto out;
#  732|   		}
#  733|-> 		if (read_lseek_blockwise(devfd, device_block_size(cd, dev),
#  734|   				device_alignment(dev), md_block_enc,
#  735|   				FVAULT2_MD_BLOCK_SIZE, off)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def82]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: warning[-Wanalyzer-malloc-leak]: leak of 'md_block_enc'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:726:21: branch_true: following 'true' branch (when 'i < blocks_n')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:727:35: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:728:20: branch_false: following 'false' branch (when 'off <= 1073741824')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: throw: if 'device_alignment' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: danger: 'md_block_enc' leaks here; was allocated at [(4)](sarif:/runs/0/results/59/codeFlows/0/threadFlows/0/locations/3)
#  731|   			goto out;
#  732|   		}
#  733|-> 		if (read_lseek_blockwise(devfd, device_block_size(cd, dev),
#  734|   				device_alignment(dev), md_block_enc,
#  735|   				FVAULT2_MD_BLOCK_SIZE, off)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def83]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: warning[-Wanalyzer-malloc-leak]: leak of 'tweak'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:696:17: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:726:21: branch_true: following 'true' branch (when 'i < blocks_n')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:727:35: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:728:20: branch_false: following 'false' branch (when 'off <= 1073741824')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: throw: if 'device_alignment' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: danger: 'tweak' leaks here; was allocated at [(2)](sarif:/runs/0/results/58/codeFlows/0/threadFlows/0/locations/1)
#  731|   			goto out;
#  732|   		}
#  733|-> 		if (read_lseek_blockwise(devfd, device_block_size(cd, dev),
#  734|   				device_alignment(dev), md_block_enc,
#  735|   				FVAULT2_MD_BLOCK_SIZE, off)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def84]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:745:21: warning[-Wanalyzer-malloc-leak]: leak of 'md_block'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:726:21: branch_true: following 'true' branch (when 'i < blocks_n')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:727:35: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:728:20: branch_false: following 'false' branch (when 'off <= 1073741824')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:21: call_function: inlined call to '_filled_with' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:744:17: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:745:21: throw: if 'crypt_cipher_decrypt' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:745:21: danger: 'md_block' leaks here; was allocated at [(6)](sarif:/runs/0/results/67/codeFlows/0/threadFlows/0/locations/5)
#  743|   
#  744|   		*(uint64_t *)tweak = cpu_to_le64(i);
#  745|-> 		r = crypt_cipher_decrypt(cipher, md_block_enc, md_block,
#  746|   			FVAULT2_MD_BLOCK_SIZE, tweak, FVAULT2_XTS_TWEAK_SIZE);
#  747|   		if (r < 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def85]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:745:21: warning[-Wanalyzer-malloc-leak]: leak of 'tweak'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:696:17: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:726:21: branch_true: following 'true' branch (when 'i < blocks_n')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:727:35: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:728:20: branch_false: following 'false' branch (when 'off <= 1073741824')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:21: call_function: inlined call to '_filled_with' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:744:17: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:745:21: throw: if 'crypt_cipher_decrypt' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:745:21: danger: 'tweak' leaks here; was allocated at [(2)](sarif:/runs/0/results/68/codeFlows/0/threadFlows/0/locations/1)
#  743|   
#  744|   		*(uint64_t *)tweak = cpu_to_le64(i);
#  745|-> 		r = crypt_cipher_decrypt(cipher, md_block_enc, md_block,
#  746|   			FVAULT2_MD_BLOCK_SIZE, tweak, FVAULT2_XTS_TWEAK_SIZE);
#  747|   		if (r < 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def86]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:752:25: warning[-Wanalyzer-malloc-leak]: leak of 'tweak'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:696:17: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:726:21: branch_true: following 'true' branch (when 'i < blocks_n')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:727:35: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:728:20: branch_false: following 'false' branch (when 'off <= 1073741824')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:21: call_function: inlined call to '_filled_with' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:744:17: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:747:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: call_function: calling '_check_crc' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: return_function: returning to '_read_encrypted_metadata' from '_check_crc'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:751:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:752:25: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:752:25: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:752:25: danger: 'tweak' leaks here; was allocated at [(2)](sarif:/runs/0/results/69/codeFlows/0/threadFlows/0/locations/1)
#  750|   		r = _check_crc(md_block, FVAULT2_MD_BLOCK_SIZE);
#  751|   		if (r < 0) {
#  752|-> 			log_dbg(cd, "CRC mismatch.");
#  753|   			goto out;
#  754|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def87]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:760:25: warning[-Wanalyzer-malloc-leak]: leak of 'tweak'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:696:17: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:726:21: branch_true: following 'true' branch (when 'i < blocks_n')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:727:35: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:728:20: branch_false: following 'false' branch (when 'off <= 1073741824')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:21: call_function: inlined call to '_filled_with' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:744:17: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:747:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: call_function: calling '_check_crc' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: return_function: returning to '_read_encrypted_metadata' from '_check_crc'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:751:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:757:30: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:760:25: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:760:25: danger: 'tweak' leaks here; was allocated at [(2)](sarif:/runs/0/results/70/codeFlows/0/threadFlows/0/locations/1)
#  758|   		switch (block_type) {
#  759|   		case 0x0019:
#  760|-> 			log_dbg(cd, "Get FVAULT2 metadata block %" PRIu64 " type 0x0019.", i);
#  761|   			r = _parse_metadata_block_0x0019(md_block,
#  762|   				&params->pbkdf2_iters,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def88]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:772:25: warning[-Wanalyzer-malloc-leak]: leak of 'tweak'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:696:17: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:726:21: branch_true: following 'true' branch (when 'i < blocks_n')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:727:35: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:728:20: branch_false: following 'false' branch (when 'off <= 1073741824')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:21: call_function: inlined call to '_filled_with' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:744:17: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:747:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: call_function: calling '_check_crc' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: return_function: returning to '_read_encrypted_metadata' from '_check_crc'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:751:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:757:30: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:772:25: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:772:25: danger: 'tweak' leaks here; was allocated at [(2)](sarif:/runs/0/results/71/codeFlows/0/threadFlows/0/locations/1)
#  770|   
#  771|   		case 0x001A:
#  772|-> 			log_dbg(cd, "Get FVAULT2 metadata block %" PRIu64 " type 0x001A.", i);
#  773|   			r = _parse_metadata_block_0x001a(md_block,
#  774|   				&params->log_vol_size,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def89]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:782:25: warning[-Wanalyzer-malloc-leak]: leak of 'tweak'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:696:17: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:726:21: branch_true: following 'true' branch (when 'i < blocks_n')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:727:35: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:728:20: branch_false: following 'false' branch (when 'off <= 1073741824')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:21: call_function: inlined call to '_filled_with' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:744:17: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:747:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: call_function: calling '_check_crc' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: return_function: returning to '_read_encrypted_metadata' from '_check_crc'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:751:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:757:30: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:782:25: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:782:25: danger: 'tweak' leaks here; was allocated at [(2)](sarif:/runs/0/results/72/codeFlows/0/threadFlows/0/locations/1)
#  780|   
#  781|   		case 0x0305:
#  782|-> 			log_dbg(cd, "Get FVAULT2 metadata block %" PRIu64 " type 0x0305.", i);
#  783|   			r = _parse_metadata_block_0x0305(md_block,
#  784|   				&log_vol_blkoff);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def90]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:789:33: warning[-Wanalyzer-malloc-leak]: leak of 'tweak'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:696:17: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:726:21: branch_true: following 'true' branch (when 'i < blocks_n')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:727:35: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:728:20: branch_false: following 'false' branch (when 'off <= 1073741824')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:21: call_function: inlined call to '_filled_with' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:744:17: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:747:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: call_function: calling '_check_crc' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: return_function: returning to '_read_encrypted_metadata' from '_check_crc'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:751:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:757:30: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:787:29: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:789:33: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:789:33: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:789:33: danger: 'tweak' leaks here; was allocated at [(2)](sarif:/runs/0/results/73/codeFlows/0/threadFlows/0/locations/1)
#  787|   			if (uint64_mult_overflow(&params->log_vol_off,
#  788|   			    log_vol_blkoff, block_size)) {
#  789|-> 				log_dbg(cd, "Device offset overflow.");
#  790|   				r = -EINVAL;
#  791|   				goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def91]
cryptsetup-2.8.3/lib/fvault2/fvault2.c:799:17: warning[-Wanalyzer-malloc-leak]: leak of 'tweak'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:674:12: enter_function: entry to '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:696:17: acquire_memory: allocated here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:697:12: branch_false: following 'false' branch (when 'tweak' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:702:24: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:703:12: branch_false: following 'false' branch (when 'md_block_enc' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:708:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:709:12: branch_false: following 'false' branch (when 'md_block' is non-NULL)...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:714:54: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:715:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: call_function: inlined call to 'uint64_mult_overflow' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:718:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:725:9: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:726:21: branch_true: following 'true' branch (when 'i < blocks_n')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:727:35: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:728:20: branch_false: following 'false' branch (when 'off <= 1073741824')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:733:20: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:21: call_function: inlined call to '_filled_with' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:741:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:744:17: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:747:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: call_function: calling '_check_crc' from '_read_encrypted_metadata'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:750:21: return_function: returning to '_read_encrypted_metadata' from '_check_crc'
cryptsetup-2.8.3/lib/fvault2/fvault2.c:751:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:757:30: branch_false: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:798:12: branch_true: following 'true' branch (when 'status != 7')...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:799:17: branch_true: ...to here
cryptsetup-2.8.3/lib/fvault2/fvault2.c:799:17: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/fvault2/fvault2.c:799:17: danger: 'tweak' leaks here; was allocated at [(2)](sarif:/runs/0/results/74/codeFlows/0/threadFlows/0/locations/1)
#  797|   
#  798|   	if (status != FVAULT2_ENC_MD_PARSED_ALL) {
#  799|-> 		log_dbg(cd, "Necessary FVAULT2 metadata blocks not found.");
#  800|   		r = -EINVAL;
#  801|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def92]
cryptsetup-2.8.3/lib/keyslot_context.c:779:40: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, 176)'
cryptsetup-2.8.3/lib/keyslot_context.c:762:12: enter_function: entry to '_crypt_keyslot_context_init_by_passphrase'
cryptsetup-2.8.3/lib/keyslot_context.c:770:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:773:15: call_function: inlined call to 'crypt_zalloc' from '_crypt_keyslot_context_init_by_passphrase'
cryptsetup-2.8.3/lib/keyslot_context.c:774:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:777:12: branch_false: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:777:12: branch_true: following 'true' branch (when 'self_contained != 0')...
cryptsetup-2.8.3/lib/keyslot_context.c:778:20: branch_true: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:778:20: branch_true: following 'true' branch (when 'passphrase_size != 0')...
cryptsetup-2.8.3/lib/keyslot_context.c:779:40: branch_true: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:779:40: throw: if 'crypt_safe_alloc' throws an exception...
cryptsetup-2.8.3/lib/keyslot_context.c:779:40: danger: 'calloc(1, 176)' leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  777|   	if (self_contained) {
#  778|   		if (passphrase_size) {
#  779|-> 			i_passphrase = crypt_safe_alloc(passphrase_size);
#  780|   			if (!i_passphrase) {
#  781|   				free(tmp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def93]
cryptsetup-2.8.3/lib/keyslot_context.c:784:25: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, 176)'
cryptsetup-2.8.3/lib/keyslot_context.c:762:12: enter_function: entry to '_crypt_keyslot_context_init_by_passphrase'
cryptsetup-2.8.3/lib/keyslot_context.c:770:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:773:15: call_function: inlined call to 'crypt_zalloc' from '_crypt_keyslot_context_init_by_passphrase'
cryptsetup-2.8.3/lib/keyslot_context.c:774:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:777:12: branch_false: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:777:12: branch_true: following 'true' branch (when 'self_contained != 0')...
cryptsetup-2.8.3/lib/keyslot_context.c:778:20: branch_true: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:778:20: branch_true: following 'true' branch (when 'passphrase_size != 0')...
cryptsetup-2.8.3/lib/keyslot_context.c:779:40: branch_true: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:780:28: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:784:25: branch_false: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:784:25: throw: if 'crypt_safe_memcpy' throws an exception...
cryptsetup-2.8.3/lib/keyslot_context.c:784:25: danger: 'calloc(1, 176)' leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  782|   				return -ENOMEM;
#  783|   			}
#  784|-> 			crypt_safe_memcpy(i_passphrase, passphrase, passphrase_size);
#  785|   			passphrase = i_passphrase;
#  786|   		} else

Error: GCC_ANALYZER_WARNING (CWE-401): [#def94]
cryptsetup-2.8.3/lib/keyslot_context.c:904:28: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, 176)'
cryptsetup-2.8.3/lib/keyslot_context.c:886:12: enter_function: entry to '_crypt_keyslot_context_init_by_token'
cryptsetup-2.8.3/lib/keyslot_context.c:896:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:897:14: branch_false: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:896:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:900:15: call_function: inlined call to 'crypt_zalloc' from '_crypt_keyslot_context_init_by_token'
cryptsetup-2.8.3/lib/keyslot_context.c:901:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:904:28: branch_false: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:904:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:910:13: branch_false: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:910:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:911:31: branch_true: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:911:31: throw: if 'crypt_safe_alloc' throws an exception...
cryptsetup-2.8.3/lib/keyslot_context.c:904:28: danger: 'calloc(1, 176)' leaks here; was allocated at [(7)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/6)
#  902|   		return -ENOMEM;
#  903|   
#  904|-> 	if (self_contained && type) {
#  905|   		if (!(i_type = strdup(type)))
#  906|   			goto err;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def95]
cryptsetup-2.8.3/lib/keyslot_context.c:911:31: warning[-Wanalyzer-malloc-leak]: leak of 'i_type'
cryptsetup-2.8.3/lib/keyslot_context.c:886:12: enter_function: entry to '_crypt_keyslot_context_init_by_token'
cryptsetup-2.8.3/lib/keyslot_context.c:896:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:897:14: branch_false: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:896:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:900:15: call_function: inlined call to 'crypt_zalloc' from '_crypt_keyslot_context_init_by_token'
cryptsetup-2.8.3/lib/keyslot_context.c:901:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:904:28: branch_false: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:904:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:905:32: branch_true: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:905:32: acquire_memory: allocated here
cryptsetup-2.8.3/lib/keyslot_context.c:905:20: branch_false: following 'false' branch (when 'i_type' is non-NULL)...
cryptsetup-2.8.3/lib/keyslot_context.c:910:13: branch_false: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:910:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:911:31: branch_true: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:911:31: throw: if 'crypt_safe_alloc' throws an exception...
cryptsetup-2.8.3/lib/keyslot_context.c:911:31: danger: 'i_type' leaks here; was allocated at [(11)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/10)
#  909|   
#  910|   	if (self_contained && pin) {
#  911|-> 		if (!(i_pin = crypt_safe_alloc(pin_size)))
#  912|   			goto err;
#  913|   		crypt_safe_memcpy(i_pin, pin, pin_size);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def96]
cryptsetup-2.8.3/lib/keyslot_context.c:913:17: warning[-Wanalyzer-malloc-leak]: leak of 'i_type'
cryptsetup-2.8.3/lib/keyslot_context.c:886:12: enter_function: entry to '_crypt_keyslot_context_init_by_token'
cryptsetup-2.8.3/lib/keyslot_context.c:896:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:897:14: branch_false: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:896:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:900:15: call_function: inlined call to 'crypt_zalloc' from '_crypt_keyslot_context_init_by_token'
cryptsetup-2.8.3/lib/keyslot_context.c:901:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:904:28: branch_false: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:904:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:905:32: branch_true: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:905:32: acquire_memory: allocated here
cryptsetup-2.8.3/lib/keyslot_context.c:905:20: branch_false: following 'false' branch (when 'i_type' is non-NULL)...
cryptsetup-2.8.3/lib/keyslot_context.c:910:13: branch_false: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:910:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:911:31: branch_true: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:911:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:913:17: branch_false: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:913:17: throw: if 'crypt_safe_memcpy' throws an exception...
cryptsetup-2.8.3/lib/keyslot_context.c:913:17: danger: 'i_type' leaks here; was allocated at [(11)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/10)
#  911|   		if (!(i_pin = crypt_safe_alloc(pin_size)))
#  912|   			goto err;
#  913|-> 		crypt_safe_memcpy(i_pin, pin, pin_size);
#  914|   		pin = i_pin;
#  915|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def97]
cryptsetup-2.8.3/lib/keyslot_context.c:929:9: warning[-Wanalyzer-malloc-leak]: leak of 'i_type'
cryptsetup-2.8.3/lib/keyslot_context.c:886:12: enter_function: entry to '_crypt_keyslot_context_init_by_token'
cryptsetup-2.8.3/lib/keyslot_context.c:896:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:897:14: branch_false: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:896:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:900:15: call_function: inlined call to 'crypt_zalloc' from '_crypt_keyslot_context_init_by_token'
cryptsetup-2.8.3/lib/keyslot_context.c:901:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:904:28: branch_false: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:904:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:905:32: branch_true: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:905:32: acquire_memory: allocated here
cryptsetup-2.8.3/lib/keyslot_context.c:905:20: branch_false: following 'false' branch (when 'i_type' is non-NULL)...
cryptsetup-2.8.3/lib/keyslot_context.c:910:13: branch_false: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:910:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:911:31: branch_true: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:911:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:912:25: branch_true: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:929:9: throw: if 'crypt_safe_free' throws an exception...
cryptsetup-2.8.3/lib/keyslot_context.c:929:9: danger: 'i_type' leaks here; was allocated at [(11)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/10)
#  927|   	return 0;
#  928|   err:
#  929|-> 	crypt_safe_free(i_pin);
#  930|   	free(i_type);
#  931|   	free(tmp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def98]
cryptsetup-2.8.3/lib/keyslot_context.c:975:28: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, 176)'
cryptsetup-2.8.3/lib/keyslot_context.c:960:12: enter_function: entry to '_crypt_keyslot_context_init_by_volume_key'
cryptsetup-2.8.3/lib/keyslot_context.c:968:12: branch_false: following 'false' branch (when 'kc' is non-NULL)...
cryptsetup-2.8.3/lib/keyslot_context.c:971:15: call_function: inlined call to 'crypt_zalloc' from '_crypt_keyslot_context_init_by_volume_key'
cryptsetup-2.8.3/lib/keyslot_context.c:972:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:975:28: branch_false: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:975:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:976:30: branch_true: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:976:30: throw: if 'crypt_alloc_volume_key' throws an exception...
cryptsetup-2.8.3/lib/keyslot_context.c:975:28: danger: 'calloc(1, 176)' leaks here; was allocated at [(5)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/4)
#  973|   		return -ENOMEM;
#  974|   
#  975|-> 	if (self_contained && volume_key) {
#  976|   		if (!(i_vk = crypt_alloc_volume_key(volume_key_size, volume_key))) {
#  977|   			free(tmp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def99]
cryptsetup-2.8.3/lib/keyslot_context.c:1032:28: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, 176)'
cryptsetup-2.8.3/lib/keyslot_context.c:1015:12: enter_function: entry to '_crypt_keyslot_context_init_by_signed_key'
cryptsetup-2.8.3/lib/keyslot_context.c:1025:12: branch_false: following 'false' branch (when 'kc' is non-NULL)...
cryptsetup-2.8.3/lib/keyslot_context.c:1028:15: call_function: inlined call to 'crypt_zalloc' from '_crypt_keyslot_context_init_by_signed_key'
cryptsetup-2.8.3/lib/keyslot_context.c:1029:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:1032:28: branch_false: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:1032:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/keyslot_context.c:1033:30: branch_true: ...to here
cryptsetup-2.8.3/lib/keyslot_context.c:1033:30: throw: if 'crypt_alloc_volume_key' throws an exception...
cryptsetup-2.8.3/lib/keyslot_context.c:1032:28: danger: 'calloc(1, 176)' leaks here; was allocated at [(5)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/4)
# 1030|   		return -ENOMEM;
# 1031|   
# 1032|-> 	if (self_contained && volume_key) {
# 1033|   		if (!(i_vk = crypt_alloc_volume_key(volume_key_size, volume_key)))
# 1034|   			goto err;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def100]
cryptsetup-2.8.3/lib/libdevmapper.c:2315:15: warning[-Wanalyzer-malloc-leak]: leak of 'hash_name'
cryptsetup-2.8.3/lib/libdevmapper.c:2205:12: enter_function: entry to '_dm_target_query_verity'
cryptsetup-2.8.3/lib/libdevmapper.c:2222:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2223:22: call_function: inlined call to 'crypt_zalloc' from '_dm_target_query_verity'
cryptsetup-2.8.3/lib/libdevmapper.c:2224:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2228:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2234:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2236:12: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2236:12: branch_true: following 'true' branch (when 'vp' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2237:17: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2242:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2244:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2244:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2255:15: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2256:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2258:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2258:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2269:17: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2270:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2272:12: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2272:12: branch_true: following 'true' branch (when 'vp' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2273:17: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2278:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2280:12: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2280:12: branch_true: following 'true' branch (when 'vp' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2281:17: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2286:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2288:12: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2288:12: branch_true: following 'true' branch (when 'vp' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2289:17: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2294:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2296:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2301:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2303:12: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2303:12: branch_true: following 'true' branch (when 'vp' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2304:29: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2304:29: acquire_memory: allocated here
cryptsetup-2.8.3/lib/libdevmapper.c:2305:20: branch_false: following 'false' branch (when 'hash_name' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2312:15: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2313:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2315:15: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2315:15: throw: if 'crypt_hex_to_bytes' throws an exception...
cryptsetup-2.8.3/lib/libdevmapper.c:2315:15: danger: 'hash_name' leaks here; was allocated at [(37)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/36)
# 2313|   	if (!params)
# 2314|   		goto err;
# 2315|-> 	len = crypt_hex_to_bytes(str, &str2, 0);
# 2316|   	if (len < 0) {
# 2317|   		r = len;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def101]
cryptsetup-2.8.3/lib/libdevmapper.c:2333:31: warning[-Wanalyzer-malloc-leak]: leak of 'hash_name'
cryptsetup-2.8.3/lib/libdevmapper.c:2205:12: enter_function: entry to '_dm_target_query_verity'
cryptsetup-2.8.3/lib/libdevmapper.c:2222:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2223:22: call_function: inlined call to 'crypt_zalloc' from '_dm_target_query_verity'
cryptsetup-2.8.3/lib/libdevmapper.c:2224:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2228:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2234:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2236:12: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2236:12: branch_true: following 'true' branch (when 'vp' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2237:17: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2242:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2244:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2244:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2255:15: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2256:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2258:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2258:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2269:17: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2270:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2272:12: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2272:12: branch_true: following 'true' branch (when 'vp' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2273:17: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2278:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2280:12: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2280:12: branch_true: following 'true' branch (when 'vp' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2281:17: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2286:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2288:12: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2288:12: branch_true: following 'true' branch (when 'vp' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2289:17: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2294:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2296:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2301:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2303:12: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2303:12: branch_true: following 'true' branch (when 'vp' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2304:29: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2304:29: acquire_memory: allocated here
cryptsetup-2.8.3/lib/libdevmapper.c:2305:20: branch_false: following 'false' branch (when 'hash_name' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2312:15: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2313:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2315:15: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2316:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2320:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2321:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2322:17: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2328:12: branch_true: following 'true' branch (when 'vp' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2329:22: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2329:20: branch_false: following 'false' branch (when the strings are non-equal)...
cryptsetup-2.8.3/lib/libdevmapper.c:2333:31: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2333:31: throw: if 'crypt_hex_to_bytes' throws an exception...
cryptsetup-2.8.3/lib/libdevmapper.c:2333:31: danger: 'hash_name' leaks here; was allocated at [(37)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/36)
# 2331|   			vp->salt = NULL;
# 2332|   		} else {
# 2333|-> 			len = crypt_hex_to_bytes(str, &str2, 0);
# 2334|   			if (len < 0) {
# 2335|   				r = len;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def102]
cryptsetup-2.8.3/lib/libdevmapper.c:2577:39: warning[-Wanalyzer-malloc-leak]: leak of 'integrity'
cryptsetup-2.8.3/lib/libdevmapper.c:2490:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2501:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2501:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2503:17: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2504:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2506:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2511:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2515:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2516:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2535:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2537:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2540:21: branch_true: following 'true' branch (when 'i < features')...
cryptsetup-2.8.3/lib/libdevmapper.c:2542:21: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2542:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2544:23: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2554:27: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2556:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2556:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2559:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2559:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2561:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2561:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2563:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2563:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2565:27: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2565:25: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2568:28: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2569:45: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2569:45: acquire_memory: allocated here
cryptsetup-2.8.3/lib/libdevmapper.c:2570:36: branch_false: following 'false' branch (when 'integrity' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2576:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2576:28: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2577:39: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2577:39: throw: if 'crypt_hex_to_bytes' throws an exception...
cryptsetup-2.8.3/lib/libdevmapper.c:2577:39: danger: 'integrity' leaks here; was allocated at [(31)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/30)
# 2575|   
# 2576|   			if (str) {
# 2577|-> 				len = crypt_hex_to_bytes(str, &str2, 1);
# 2578|   				if (len < 0) {
# 2579|   					r = len;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def103]
cryptsetup-2.8.3/lib/libdevmapper.c:2585:46: warning[-Wanalyzer-malloc-leak]: leak of 'integrity'
cryptsetup-2.8.3/lib/libdevmapper.c:2490:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2501:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2501:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2503:17: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2504:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2506:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2511:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2515:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2516:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2535:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2537:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2540:21: branch_true: following 'true' branch (when 'i < features')...
cryptsetup-2.8.3/lib/libdevmapper.c:2542:21: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2542:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2544:23: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2554:27: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2556:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2556:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2559:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2559:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2561:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2561:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2563:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2563:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2565:27: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2565:25: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2568:28: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2569:45: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2569:45: acquire_memory: allocated here
cryptsetup-2.8.3/lib/libdevmapper.c:2570:36: branch_false: following 'false' branch (when 'integrity' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2576:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2576:28: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2577:39: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2578:36: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2584:37: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2584:36: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2585:46: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2585:46: throw: if 'crypt_alloc_volume_key' throws an exception...
cryptsetup-2.8.3/lib/libdevmapper.c:2585:46: danger: 'integrity' leaks here; was allocated at [(31)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/30)
# 2583|   				r = 0;
# 2584|   				if (get_flags & DM_ACTIVE_CRYPT_KEY) {
# 2585|-> 					vk = crypt_alloc_volume_key(len, str2);
# 2586|   					if (!vk)
# 2587|   						r = -ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def104]
cryptsetup-2.8.3/lib/libdevmapper.c:2589:46: warning[-Wanalyzer-malloc-leak]: leak of 'integrity'
cryptsetup-2.8.3/lib/libdevmapper.c:2490:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2501:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2501:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2503:17: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2504:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2506:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2511:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2515:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2516:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2535:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2537:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2540:21: branch_true: following 'true' branch (when 'i < features')...
cryptsetup-2.8.3/lib/libdevmapper.c:2542:21: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2542:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2544:23: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2554:27: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2556:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2556:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2559:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2559:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2561:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2561:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2563:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2563:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2565:27: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2565:25: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2568:28: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2569:45: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2569:45: acquire_memory: allocated here
cryptsetup-2.8.3/lib/libdevmapper.c:2570:36: branch_false: following 'false' branch (when 'integrity' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2576:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2576:28: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2577:39: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2578:36: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2584:37: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2584:36: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2588:44: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2588:43: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2589:46: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2589:46: throw: if 'crypt_alloc_volume_key' throws an exception...
cryptsetup-2.8.3/lib/libdevmapper.c:2589:46: danger: 'integrity' leaks here; was allocated at [(31)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/30)
# 2587|   						r = -ENOMEM;
# 2588|   				} else if (get_flags & DM_ACTIVE_CRYPT_KEYSIZE) {
# 2589|-> 					vk = crypt_alloc_volume_key(len, NULL);
# 2590|   					if (!vk)
# 2591|   						r = -ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def105]
cryptsetup-2.8.3/lib/libdevmapper.c:2617:39: warning[-Wanalyzer-malloc-leak]: leak of 'journal_crypt'
cryptsetup-2.8.3/lib/libdevmapper.c:2490:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2501:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2501:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2503:17: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2504:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2506:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2511:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2515:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2516:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2535:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2537:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2540:21: branch_true: following 'true' branch (when 'i < features')...
cryptsetup-2.8.3/lib/libdevmapper.c:2542:21: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2542:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2544:23: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2554:27: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2556:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2556:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2559:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2559:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2561:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2561:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2563:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2563:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2565:27: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2565:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2597:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2597:27: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2605:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2605:27: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2608:28: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2609:49: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2609:49: acquire_memory: allocated here
cryptsetup-2.8.3/lib/libdevmapper.c:2610:36: branch_false: following 'false' branch (when 'journal_crypt' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2616:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2616:28: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2617:39: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2617:39: throw: if 'crypt_hex_to_bytes' throws an exception...
cryptsetup-2.8.3/lib/libdevmapper.c:2617:39: danger: 'journal_crypt' leaks here; was allocated at [(35)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/34)
# 2615|   
# 2616|   			if (str) {
# 2617|-> 				len = crypt_hex_to_bytes(str, &str2, 1);
# 2618|   				if (len < 0) {
# 2619|   					r = len;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def106]
cryptsetup-2.8.3/lib/libdevmapper.c:2625:61: warning[-Wanalyzer-malloc-leak]: leak of 'journal_crypt'
cryptsetup-2.8.3/lib/libdevmapper.c:2490:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2501:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2501:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2503:17: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2504:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2506:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2511:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2515:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2516:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2535:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2537:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2540:21: branch_true: following 'true' branch (when 'i < features')...
cryptsetup-2.8.3/lib/libdevmapper.c:2542:21: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2542:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2544:23: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2554:27: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2556:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2556:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2559:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2559:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2561:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2561:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2563:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2563:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2565:27: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2565:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2597:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2597:27: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2605:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2605:27: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2608:28: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2609:49: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2609:49: acquire_memory: allocated here
cryptsetup-2.8.3/lib/libdevmapper.c:2610:36: branch_false: following 'false' branch (when 'journal_crypt' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2616:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2616:28: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2617:39: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2618:36: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2624:37: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2624:36: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2625:61: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2625:61: throw: if 'crypt_alloc_volume_key' throws an exception...
cryptsetup-2.8.3/lib/libdevmapper.c:2625:61: danger: 'journal_crypt' leaks here; was allocated at [(35)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/34)
# 2623|   				r = 0;
# 2624|   				if (get_flags & DM_ACTIVE_JOURNAL_CRYPT_KEY) {
# 2625|-> 					journal_crypt_key = crypt_alloc_volume_key(len, str2);
# 2626|   					if (!journal_crypt_key)
# 2627|   						r = -ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def107]
cryptsetup-2.8.3/lib/libdevmapper.c:2629:61: warning[-Wanalyzer-malloc-leak]: leak of 'journal_crypt'
cryptsetup-2.8.3/lib/libdevmapper.c:2490:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2501:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2501:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2503:17: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2504:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2506:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2511:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2515:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2516:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2535:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2537:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2540:21: branch_true: following 'true' branch (when 'i < features')...
cryptsetup-2.8.3/lib/libdevmapper.c:2542:21: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2542:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2544:23: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2554:27: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2556:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2556:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2559:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2559:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2561:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2561:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2563:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2563:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2565:27: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2565:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2597:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2597:27: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2605:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2605:27: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2608:28: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2609:49: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2609:49: acquire_memory: allocated here
cryptsetup-2.8.3/lib/libdevmapper.c:2610:36: branch_false: following 'false' branch (when 'journal_crypt' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2616:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2616:28: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2617:39: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2618:36: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2624:37: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2624:36: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2628:44: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2628:43: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2629:61: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2629:61: throw: if 'crypt_alloc_volume_key' throws an exception...
cryptsetup-2.8.3/lib/libdevmapper.c:2629:61: danger: 'journal_crypt' leaks here; was allocated at [(35)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/34)
# 2627|   						r = -ENOMEM;
# 2628|   				} else if (get_flags & DM_ACTIVE_JOURNAL_CRYPT_KEYSIZE) {
# 2629|-> 					journal_crypt_key = crypt_alloc_volume_key(len, NULL);
# 2630|   					if (!journal_crypt_key)
# 2631|   						r = -ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def108]
cryptsetup-2.8.3/lib/libdevmapper.c:2649:39: warning[-Wanalyzer-malloc-leak]: leak of 'journal_integrity'
cryptsetup-2.8.3/lib/libdevmapper.c:2490:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2501:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2501:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2503:17: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2504:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2506:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2511:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2515:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2516:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2535:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2537:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2540:21: branch_true: following 'true' branch (when 'i < features')...
cryptsetup-2.8.3/lib/libdevmapper.c:2542:21: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2542:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2544:23: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2554:27: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2556:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2556:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2559:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2559:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2561:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2561:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2563:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2563:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2565:27: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2565:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2597:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2597:27: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2605:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2605:27: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2637:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2637:27: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2640:28: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2641:53: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2641:53: acquire_memory: allocated here
cryptsetup-2.8.3/lib/libdevmapper.c:2642:36: branch_false: following 'false' branch (when 'journal_integrity' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2648:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2648:28: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2649:39: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2649:39: throw: if 'crypt_hex_to_bytes' throws an exception...
cryptsetup-2.8.3/lib/libdevmapper.c:2649:39: danger: 'journal_integrity' leaks here; was allocated at [(37)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/36)
# 2647|   
# 2648|   			if (str) {
# 2649|-> 				len = crypt_hex_to_bytes(str, &str2, 1);
# 2650|   				if (len < 0) {
# 2651|   					r = len;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def109]
cryptsetup-2.8.3/lib/libdevmapper.c:2657:65: warning[-Wanalyzer-malloc-leak]: leak of 'journal_integrity'
cryptsetup-2.8.3/lib/libdevmapper.c:2490:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2501:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2501:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2503:17: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2504:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2506:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2511:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2515:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2516:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2535:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2537:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2540:21: branch_true: following 'true' branch (when 'i < features')...
cryptsetup-2.8.3/lib/libdevmapper.c:2542:21: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2542:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2544:23: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2554:27: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2556:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2556:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2559:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2559:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2561:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2561:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2563:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2563:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2565:27: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2565:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2597:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2597:27: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2605:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2605:27: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2637:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2637:27: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2640:28: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2641:53: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2641:53: acquire_memory: allocated here
cryptsetup-2.8.3/lib/libdevmapper.c:2642:36: branch_false: following 'false' branch (when 'journal_integrity' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2648:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2648:28: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2649:39: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2650:36: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2656:37: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2656:36: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2657:65: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2657:65: throw: if 'crypt_alloc_volume_key' throws an exception...
cryptsetup-2.8.3/lib/libdevmapper.c:2657:65: danger: 'journal_integrity' leaks here; was allocated at [(37)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/36)
# 2655|   				r = 0;
# 2656|   				if (get_flags & DM_ACTIVE_JOURNAL_MAC_KEY) {
# 2657|-> 					journal_integrity_key = crypt_alloc_volume_key(len, str2);
# 2658|   					if (!journal_integrity_key)
# 2659|   						r = -ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def110]
cryptsetup-2.8.3/lib/libdevmapper.c:2661:65: warning[-Wanalyzer-malloc-leak]: leak of 'journal_integrity'
cryptsetup-2.8.3/lib/libdevmapper.c:2490:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2501:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2501:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2503:17: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2504:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2506:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2511:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2515:13: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2516:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2535:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2537:9: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2540:21: branch_true: following 'true' branch (when 'i < features')...
cryptsetup-2.8.3/lib/libdevmapper.c:2542:21: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2542:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2544:23: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2554:27: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2556:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2556:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2559:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2559:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2561:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2561:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2563:26: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2563:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2565:27: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2565:25: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2597:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2597:27: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2605:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2605:27: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2637:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2637:27: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2640:28: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2641:53: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2641:53: acquire_memory: allocated here
cryptsetup-2.8.3/lib/libdevmapper.c:2642:36: branch_false: following 'false' branch (when 'journal_integrity' is non-NULL)...
cryptsetup-2.8.3/lib/libdevmapper.c:2648:29: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2648:28: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2649:39: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2650:36: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2656:37: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2656:36: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2660:44: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2660:43: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2661:65: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2661:65: throw: if 'crypt_alloc_volume_key' throws an exception...
cryptsetup-2.8.3/lib/libdevmapper.c:2661:65: danger: 'journal_integrity' leaks here; was allocated at [(37)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/36)
# 2659|   						r = -ENOMEM;
# 2660|   				} else if (get_flags & DM_ACTIVE_JOURNAL_MAC_KEYSIZE) {
# 2661|-> 					journal_integrity_key = crypt_alloc_volume_key(len, NULL);
# 2662|   					if (!journal_integrity_key)
# 2663|   						r = -ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def111]
cryptsetup-2.8.3/lib/libdevmapper.c:2901:9: warning[-Wanalyzer-malloc-leak]: leak of 'dmd.segment.next'
cryptsetup-2.8.3/lib/libdevmapper.c:2928:12: enter_function: entry to '_process_deps'
cryptsetup-2.8.3/lib/libdevmapper.c:2937:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2937:12: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2940:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2941:25: branch_true: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2946:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/libdevmapper.c:2949:17: branch_false: ...to here
cryptsetup-2.8.3/lib/libdevmapper.c:2950:21: call_function: calling '_dm_query_device' from '_process_deps'
# 2899|   	r = (dmi.open_count > 0);
# 2900|   out:
# 2901|-> 	dm_task_destroy(dmt);
# 2902|   
# 2903|   	if (r < 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def112]
cryptsetup-2.8.3/lib/luks1/keyencryption.c:113:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(&path,  mode | 1069056)'
cryptsetup-2.8.3/lib/luks1/keyencryption.c:57:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks1/keyencryption.c:60:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks1/keyencryption.c:69:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks1/keyencryption.c:71:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks1/keyencryption.c:71:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks1/keyencryption.c:73:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks1/keyencryption.c:73:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks1/keyencryption.c:76:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks1/keyencryption.c:78:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks1/keyencryption.c:84:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks1/keyencryption.c:84:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks1/keyencryption.c:90:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks1/keyencryption.c:93:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks1/keyencryption.c:96:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks1/keyencryption.c:97:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks1/keyencryption.c:106:17: branch_false: ...to here
cryptsetup-2.8.3/lib/luks1/keyencryption.c:106:17: acquire_resource: opened here
cryptsetup-2.8.3/lib/luks1/keyencryption.c:107:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks1/keyencryption.c:113:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks1/keyencryption.c:113:13: throw: if the called function throws an exception...
cryptsetup-2.8.3/lib/luks1/keyencryption.c:113:13: danger: 'open(&path,  mode | 1069056)' leaks here; was opened at [(17)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/16)
#  111|   	}
#  112|   
#  113|-> 	r = func(devfd, bsize, alignment, src, srcLength);
#  114|   	if (r < 0) {
#  115|   		log_err(ctx, _("Failed to access temporary keystore device."));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def113]
cryptsetup-2.8.3/lib/luks1/keymanage.c:584:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(backup_file, 0)'
cryptsetup-2.8.3/lib/luks1/keymanage.c:578:17: acquire_resource: opened here
cryptsetup-2.8.3/lib/luks1/keymanage.c:579:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks1/keymanage.c:584:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks1/keymanage.c:584:13: throw: if 'read_buffer' throws an exception...
cryptsetup-2.8.3/lib/luks1/keymanage.c:584:13: danger: 'open(backup_file, 0)' leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  582|   	}
#  583|   
#  584|-> 	if (read_buffer(devfd, hdr, hdr_size) < hdr_size)
#  585|   		r = -EIO;
#  586|   	else

Error: GCC_ANALYZER_WARNING (CWE-401): [#def114]
cryptsetup-2.8.3/lib/luks2/luks2_digest.c:411:13: warning[-Wanalyzer-malloc-leak]: leak of 'desc'
cryptsetup-2.8.3/lib/luks2/luks2_digest.c:397:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_digest.c:400:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_digest.c:401:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_digest.c:405:15: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_digest.c:407:16: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_digest.c:408:12: branch_false: following 'false' branch (when 'desc' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_digest.c:411:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_digest.c:411:13: throw: if 'crypt_get_uuid' throws an exception...
cryptsetup-2.8.3/lib/luks2/luks2_digest.c:411:13: danger: 'desc' leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  409|   	       return NULL;
#  410|   
#  411|-> 	r = snprintf(desc, len, "%s:%s-%s", "cryptsetup", crypt_get_uuid(cd), digest_str);
#  412|   	if (r < 0 || (size_t)r >= len) {
#  413|   	       free(desc);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def115]
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:455:45: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, json_area_len)'
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:403:5: enter_function: entry to 'LUKS2_disk_hdr_write'
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:410:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:415:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:416:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:422:50: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:423:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:431:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:439:21: call_function: inlined call to 'crypt_zalloc' from 'LUKS2_disk_hdr_write'
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:440:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:455:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:462:12: branch_true: following 'true' branch (when 'seqid_check != 0')...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:463:21: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:463:21: call_function: calling 'LUKS2_device_write_lock' from 'LUKS2_disk_hdr_write'
#  453|   	 * (hdr->on_disk_json_end_offset == 0).
#  454|   	 */
#  455|-> 	if (seqid_check && (json_data_len < hdr->on_disk_json_end_offset))
#  456|   		json_area_write_len = hdr->on_disk_json_end_offset;
#  457|   	else if (!seqid_check || !hdr->on_disk_json_end_offset)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def116]
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:465:21: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, json_area_len)'
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:403:5: enter_function: entry to 'LUKS2_disk_hdr_write'
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:410:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:415:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:416:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:422:50: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:423:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:431:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:439:21: call_function: inlined call to 'crypt_zalloc' from 'LUKS2_disk_hdr_write'
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:440:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:455:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:462:12: branch_false: following 'false' branch (when 'seqid_check == 0')...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:465:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:465:21: throw: if 'device_write_lock' throws an exception...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:465:21: danger: 'calloc(1, json_area_len)' leaks here; was allocated at [(11)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/10)
#  463|   		r = LUKS2_device_write_lock(cd, hdr, device);
#  464|   	else
#  465|-> 		r = device_write_lock(cd, device);
#  466|   	if (r < 0) {
#  467|   		free(json_area);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def117]
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:472:9: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, json_area_len)'
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:403:5: enter_function: entry to 'LUKS2_disk_hdr_write'
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:410:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:415:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:416:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:422:50: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:423:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:431:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:439:21: call_function: inlined call to 'crypt_zalloc' from 'LUKS2_disk_hdr_write'
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:440:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:455:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:462:12: branch_false: following 'false' branch (when 'seqid_check == 0')...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:465:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:466:12: branch_false: following 'false' branch (when 'r >= 0')...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:472:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:475:13: call_function: calling 'hdr_write_disk' from 'LUKS2_disk_hdr_write'
#  470|   
#  471|   	/* Increase sequence id before writing it to disk. */
#  472|-> 	hdr->seqid++;
#  473|   
#  474|   	/* Write primary and secondary header */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def118]
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:831:29: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(device_path(device), flags)'
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:820:17: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:823:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:823:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:827:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:830:17: acquire_resource: opened here
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:831:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:831:29: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:831:29: throw: if 'device_alignment' throws an exception...
cryptsetup-2.8.3/lib/luks2/luks2_disk_metadata.c:831:29: danger: 'open(device_path(device), flags)' leaks here; was opened at [(5)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/4)
#  829|   
#  830|   	devfd = open(device_path(device), flags);
#  831|-> 	if (devfd != -1 && (read_lseek_blockwise(devfd, device_block_size(cd, device),
#  832|   	     device_alignment(device), &hdr, sizeof(hdr), 0) == sizeof(hdr)) &&
#  833|   	    !memcmp(hdr.magic, LUKS2_MAGIC_1ST, LUKS2_MAGIC_L))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def119]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:221:24: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:873:12: enter_function: entry to 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:880:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:888:25: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:893:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:902:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_true: following 'true' branch (when 'entrykey' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: call_function: inlined call to 'lh_entry_k' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: call_function: calling 'json_contains' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: return_function: returning to 'hdr_validate_areas' from 'json_contains'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:913:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:914:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:64: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:22: call_function: calling 'json_str_to_uint64' from 'hdr_validate_areas'
#  219|   
#  220|   	errno = 0;
#  221|-> 	tmp = strtoull(json_object_get_string(jobj), &endptr, 10);
#  222|   	if (*endptr || errno) {
#  223|   		*value = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def120]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:262:25: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:873:12: enter_function: entry to 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:880:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:888:25: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:893:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:902:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_true: following 'true' branch (when 'entrykey' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: call_function: inlined call to 'lh_entry_k' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: call_function: calling 'json_contains' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: return_function: returning to 'hdr_validate_areas' from 'json_contains'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:913:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:913:22: call_function: calling 'numbered' from 'hdr_validate_areas'
#  260|   	for (i = 0; key[i]; i++)
#  261|   		if (!isdigit(key[i])) {
#  262|-> 			log_dbg(cd, "%s \"%s\" is not in numbered form.", name, key);
#  263|   			return false;
#  264|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def121]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:273:14: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:873:12: enter_function: entry to 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:880:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:888:25: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:893:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:902:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_true: following 'true' branch (when 'entrykey' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: call_function: inlined call to 'lh_entry_k' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: call_function: calling 'json_contains' from 'hdr_validate_areas'
#  271|   	json_object *sobj;
#  272|   
#  273|-> 	if (!json_object_object_get_ex(jobj, key, &sobj) ||
#  274|   	    !json_object_is_type(sobj, type)) {
#  275|   		log_dbg(cd, "%s \"%s\" is missing \"%s\" (%s) specification.",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def122]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:274:14: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:873:12: enter_function: entry to 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:880:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:888:25: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:893:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:902:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_true: following 'true' branch (when 'entrykey' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: call_function: inlined call to 'lh_entry_k' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: call_function: calling 'json_contains' from 'hdr_validate_areas'
#  272|   
#  273|   	if (!json_object_object_get_ex(jobj, key, &sobj) ||
#  274|-> 	    !json_object_is_type(sobj, type)) {
#  275|   		log_dbg(cd, "%s \"%s\" is missing \"%s\" (%s) specification.",
#  276|   			section, name, key, json_type_to_name(type));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def123]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:275:17: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:873:12: enter_function: entry to 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:880:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:888:25: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:893:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:902:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_true: following 'true' branch (when 'entrykey' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: call_function: inlined call to 'lh_entry_k' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: call_function: calling 'json_contains' from 'hdr_validate_areas'
#  273|   	if (!json_object_object_get_ex(jobj, key, &sobj) ||
#  274|   	    !json_object_is_type(sobj, type)) {
#  275|-> 		log_dbg(cd, "%s \"%s\" is missing \"%s\" (%s) specification.",
#  276|   			section, name, key, json_type_to_name(type));
#  277|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def124]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:291:20: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:873:12: enter_function: entry to 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:880:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:888:25: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:893:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:902:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_true: following 'true' branch (when 'entrykey' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: call_function: inlined call to 'lh_entry_k' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: call_function: calling 'json_contains' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: return_function: returning to 'hdr_validate_areas' from 'json_contains'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
#  289|   		return NULL;
#  290|   
#  291|-> 	if (strlen(json_object_get_string(sobj)) < 1)
#  292|   		return NULL;
#  293|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def125]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:375:25: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:873:12: enter_function: entry to 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:880:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:888:25: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:893:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:902:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: call_function: calling 'json_contains' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: return_function: returning to 'hdr_validate_areas' from 'json_contains'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:913:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:914:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:64: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:921:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:927:17: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: following 'false' branch (when 'entrykey' is NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:930:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:930:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:935:15: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:935:15: call_function: calling 'validate_intervals' from 'hdr_validate_areas'
#  373|   		/* Offset cannot be inside primary or secondary JSON area */
#  374|   		if (ix[i].offset < 2 * metadata_size) {
#  375|-> 			log_dbg(cd, "Illegal area offset: %" PRIu64 ".", ix[i].offset);
#  376|   			return false;
#  377|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def126]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:380:25: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:873:12: enter_function: entry to 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:880:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:888:25: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:893:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:902:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: call_function: calling 'json_contains' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: return_function: returning to 'hdr_validate_areas' from 'json_contains'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:913:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:914:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:64: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:921:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:927:17: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: following 'false' branch (when 'entrykey' is NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:930:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:930:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:935:15: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:935:15: call_function: calling 'validate_intervals' from 'hdr_validate_areas'
#  378|   
#  379|   		if (!ix[i].length) {
#  380|-> 			log_dbg(cd, "Area length must be greater than zero.");
#  381|   			return false;
#  382|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def127]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:385:25: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:873:12: enter_function: entry to 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:880:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:888:25: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:893:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:902:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: call_function: calling 'json_contains' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: return_function: returning to 'hdr_validate_areas' from 'json_contains'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:913:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:914:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:64: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:921:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:927:17: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: following 'false' branch (when 'entrykey' is NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:930:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:930:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:935:15: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:935:15: call_function: calling 'validate_intervals' from 'hdr_validate_areas'
#  383|   
#  384|   		if (ix[i].offset > (UINT64_MAX - ix[i].length)) {
#  385|-> 			log_dbg(cd, "Interval offset+length overflow.");
#  386|   			return false;
#  387|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def128]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:390:25: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:873:12: enter_function: entry to 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:880:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:888:25: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:893:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:902:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: call_function: calling 'json_contains' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: return_function: returning to 'hdr_validate_areas' from 'json_contains'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:913:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:914:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:64: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:921:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:927:17: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: following 'false' branch (when 'entrykey' is NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:930:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:930:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:935:15: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:935:15: call_function: calling 'validate_intervals' from 'hdr_validate_areas'
#  388|   
#  389|   		if ((ix[i].offset + ix[i].length) > keyslots_area_end) {
#  390|-> 			log_dbg(cd, "Area [%" PRIu64 ", %" PRIu64 "] overflows binary keyslots area (ends at offset: %" PRIu64 ").",
#  391|   				ix[i].offset, ix[i].offset + ix[i].length, keyslots_area_end);
#  392|   			return false;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def129]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:589:25: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:696:12: enter_function: entry to 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:703:31: call_function: calling 'json_contains' from 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:703:31: return_function: returning to 'hdr_validate_segments' from 'json_contains'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:703:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:706:17: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:707:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:713:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:713:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:716:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:807:12: branch_false: following 'false' branch (when 'first_backup != 0')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:813:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:813:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:818:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:818:12: branch_true: following 'true' branch (when 'first_backup < 0')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:818:12: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:822:29: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:824:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:824:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:829:21: branch_true: following 'true' branch (when 'i < first_backup')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:830:24: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:831:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:836:26: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:837:39: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:837:17: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:829:21: branch_false: following 'false' branch (when 'i >= first_backup')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:840:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:840:14: call_function: calling 'validate_segment_intervals' from 'hdr_validate_segments'
#  587|   	while (i < length) {
#  588|   		if (ix[i].length == UINT64_MAX && (i != (length - 1))) {
#  589|-> 			log_dbg(cd, "Only last regular segment is allowed to have 'dynamic' size.");
#  590|   			return false;
#  591|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def130]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:598:33: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:696:12: enter_function: entry to 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:703:31: call_function: calling 'json_contains' from 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:703:31: return_function: returning to 'hdr_validate_segments' from 'json_contains'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:703:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:706:17: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:707:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:713:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:713:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:716:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:717:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:721:37: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:721:37: call_function: calling 'json_contains_string' from 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:721:37: return_function: returning to 'hdr_validate_segments' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:721:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:722:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:722:37: call_function: calling 'json_contains_string' from 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:722:37: return_function: returning to 'hdr_validate_segments' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:721:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:723:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:723:37: call_function: calling 'json_contains_string' from 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:723:37: return_function: returning to 'hdr_validate_segments' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:721:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:726:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:726:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:729:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:729:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:735:21: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:746:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:750:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:750:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:756:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:756:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:764:21: call_function: inlined call to 'atoi' from 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:766:28: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:776:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:776:20: branch_false: following 'false' branch (when the strings are non-equal)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:781:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:716:9: branch_false: following 'false' branch (when 'entrykey' is NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:807:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:807:12: branch_false: following 'false' branch (when 'first_backup != 0')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:813:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:813:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:818:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:818:12: branch_true: following 'true' branch (when 'first_backup < 0')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:818:12: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:822:29: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:824:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:824:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:829:21: branch_true: following 'true' branch (when 'i < first_backup')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:830:24: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:831:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:836:26: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:837:39: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:837:17: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:829:21: branch_false: following 'false' branch (when 'i >= first_backup')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:840:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:840:14: call_function: calling 'validate_segment_intervals' from 'hdr_validate_segments'
#  596|   
#  597|   			if (ix[j].length != UINT64_MAX && ix[j].offset > (UINT64_MAX - ix[j].length)) {
#  598|-> 				log_dbg(cd, "Interval offset+length overflow.");
#  599|   				return false;
#  600|   			}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def131]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:603:33: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:696:12: enter_function: entry to 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:703:31: call_function: calling 'json_contains' from 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:703:31: return_function: returning to 'hdr_validate_segments' from 'json_contains'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:703:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:706:17: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:707:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:713:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:713:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:716:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:717:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:721:37: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:721:37: call_function: calling 'json_contains_string' from 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:721:37: return_function: returning to 'hdr_validate_segments' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:721:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:722:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:722:37: call_function: calling 'json_contains_string' from 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:722:37: return_function: returning to 'hdr_validate_segments' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:721:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:723:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:723:37: call_function: calling 'json_contains_string' from 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:723:37: return_function: returning to 'hdr_validate_segments' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:721:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:726:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:726:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:729:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:729:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:735:21: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:746:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:750:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:750:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:756:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:756:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:764:21: call_function: inlined call to 'atoi' from 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:766:28: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:776:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:776:20: branch_false: following 'false' branch (when the strings are non-equal)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:781:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:716:9: branch_false: following 'false' branch (when 'entrykey' is NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:807:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:807:12: branch_false: following 'false' branch (when 'first_backup != 0')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:813:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:813:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:818:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:818:12: branch_true: following 'true' branch (when 'first_backup < 0')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:818:12: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:822:29: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:824:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:824:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:829:21: branch_true: following 'true' branch (when 'i < first_backup')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:830:24: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:831:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:836:26: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:837:39: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:837:17: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:829:21: branch_false: following 'false' branch (when 'i >= first_backup')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:840:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:840:14: call_function: calling 'validate_segment_intervals' from 'hdr_validate_segments'
#  601|   
#  602|   			if ((ix[i].offset >= ix[j].offset) && (ix[j].length == UINT64_MAX || (ix[i].offset < (ix[j].offset + ix[j].length)))) {
#  603|-> 				log_dbg(cd, "Overlapping segments [%" PRIu64 ",%" PRIu64 "]%s and [%" PRIu64 ",%" PRIu64 "]%s.",
#  604|   					ix[i].offset, ix[i].offset + ix[i].length, ix[i].length == UINT64_MAX ? "(dynamic)" : "",
#  605|   					ix[j].offset, ix[j].offset + ix[j].length, ix[j].length == UINT64_MAX ? "(dynamic)" : "");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def132]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:830:24: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:696:12: enter_function: entry to 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:703:31: call_function: calling 'json_contains' from 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:703:31: return_function: returning to 'hdr_validate_segments' from 'json_contains'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:703:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:706:17: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:707:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:713:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:713:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:716:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:716:9: branch_false: following 'false' branch (when 'entrykey' is NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:807:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:807:12: branch_false: following 'false' branch (when 'first_backup != 0')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:813:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:813:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:818:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:818:12: branch_true: following 'true' branch (when 'first_backup < 0')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:818:12: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:822:29: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:824:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:824:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:829:21: branch_true: following 'true' branch (when 'i < first_backup')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:830:24: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:830:24: throw: if 'json_segments_get_segment' throws an exception...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:830:24: danger: 'intervals' leaks here; was allocated at [(23)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/22)
#  828|   
#  829|   	for (i = 0; i < first_backup; i++) {
#  830|-> 		jobj = json_segments_get_segment(jobj_segments, i);
#  831|   		if (!jobj) {
#  832|   			log_dbg(cd, "Gap at key %d in segments object.", i);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def133]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:832:25: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:696:12: enter_function: entry to 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:703:31: call_function: calling 'json_contains' from 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:703:31: return_function: returning to 'hdr_validate_segments' from 'json_contains'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:703:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:706:17: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:707:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:713:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:713:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:716:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:716:9: branch_false: following 'false' branch (when 'entrykey' is NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:807:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:807:12: branch_false: following 'false' branch (when 'first_backup != 0')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:813:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:813:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:818:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:818:12: branch_true: following 'true' branch (when 'first_backup < 0')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:818:12: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:822:29: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:824:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:824:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:829:21: branch_true: following 'true' branch (when 'i < first_backup')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:830:24: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:831:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:832:25: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:832:25: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:832:25: danger: 'intervals' leaks here; was allocated at [(23)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/22)
#  830|   		jobj = json_segments_get_segment(jobj_segments, i);
#  831|   		if (!jobj) {
#  832|-> 			log_dbg(cd, "Gap at key %d in segments object.", i);
#  833|   			free(intervals);
#  834|   			return 1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def134]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:836:39: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:696:12: enter_function: entry to 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:703:31: call_function: calling 'json_contains' from 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:703:31: return_function: returning to 'hdr_validate_segments' from 'json_contains'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:703:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:706:17: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:707:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:713:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:713:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:716:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:716:9: branch_false: following 'false' branch (when 'entrykey' is NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:807:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:807:12: branch_false: following 'false' branch (when 'first_backup != 0')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:813:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:813:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:818:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:818:12: branch_true: following 'true' branch (when 'first_backup < 0')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:818:12: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:822:29: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:824:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:824:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:829:21: branch_true: following 'true' branch (when 'i < first_backup')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:830:24: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:831:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:836:26: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:836:39: throw: if 'json_segment_get_offset' throws an exception...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:836:39: danger: 'intervals' leaks here; was allocated at [(23)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/22)
#  834|   			return 1;
#  835|   		}
#  836|-> 		intervals[i].offset = json_segment_get_offset(jobj, 0);
#  837|   		intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX;
#  838|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def135]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:837:39: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:696:12: enter_function: entry to 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:703:31: call_function: calling 'json_contains' from 'hdr_validate_segments'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:703:31: return_function: returning to 'hdr_validate_segments' from 'json_contains'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:703:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:706:17: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:707:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:713:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:713:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:716:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:716:9: branch_false: following 'false' branch (when 'entrykey' is NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:807:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:807:12: branch_false: following 'false' branch (when 'first_backup != 0')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:813:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:813:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:818:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:818:12: branch_true: following 'true' branch (when 'first_backup < 0')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:818:12: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:822:29: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:824:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:824:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:829:21: branch_true: following 'true' branch (when 'i < first_backup')...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:830:24: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:831:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:836:26: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:837:39: throw: if 'json_segment_get_size' throws an exception...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:837:39: danger: 'intervals' leaks here; was allocated at [(23)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/22)
#  835|   		}
#  836|   		intervals[i].offset = json_segment_get_offset(jobj, 0);
#  837|-> 		intervals[i].length = json_segment_get_size(jobj, 0) ?: UINT64_MAX;
#  838|   	}
#  839|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def136]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:861:9: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:873:12: enter_function: entry to 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:880:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:888:25: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:893:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:902:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: call_function: calling 'json_contains' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: return_function: returning to 'hdr_validate_areas' from 'json_contains'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:913:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:914:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:64: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:921:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:927:17: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: following 'false' branch (when 'entrykey' is NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:930:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:930:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:935:15: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:935:15: call_function: calling 'LUKS2_hdr_and_areas_size_jobj' from 'hdr_validate_areas'
#  859|   	uint64_t json_size;
#  860|   
#  861|-> 	json_object_object_get_ex(jobj, "config", &jobj1);
#  862|   	json_object_object_get_ex(jobj1, "json_size", &jobj2);
#  863|   	json_str_to_uint64(jobj2, &json_size);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def137]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:862:9: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:873:12: enter_function: entry to 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:880:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:888:25: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:893:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:902:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: call_function: calling 'json_contains' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: return_function: returning to 'hdr_validate_areas' from 'json_contains'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:913:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:914:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:64: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:921:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:927:17: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: following 'false' branch (when 'entrykey' is NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:930:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:930:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:935:15: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:935:15: call_function: calling 'LUKS2_hdr_and_areas_size_jobj' from 'hdr_validate_areas'
#  860|   
#  861|   	json_object_object_get_ex(jobj, "config", &jobj1);
#  862|-> 	json_object_object_get_ex(jobj1, "json_size", &jobj2);
#  863|   	json_str_to_uint64(jobj2, &json_size);
#  864|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def138]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:913:22: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:873:12: enter_function: entry to 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:880:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:888:25: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:893:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:902:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_true: following 'true' branch (when 'entrykey' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: call_function: inlined call to 'lh_entry_k' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: call_function: calling 'json_contains' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: return_function: returning to 'hdr_validate_areas' from 'json_contains'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:913:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:913:22: throw: if 'json_object_get_string' throws an exception...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:913:22: danger: 'intervals' leaks here; was allocated at [(10)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/9)
#  911|   		    !(jobj_offset = json_contains_string(cd, jobj_area, key, "Keyslot", "offset")) ||
#  912|   		    !(jobj_length = json_contains_string(cd, jobj_area, key, "Keyslot", "size")) ||
#  913|-> 		    !numbered(cd, "offset", json_object_get_string(jobj_offset)) ||
#  914|   		    !numbered(cd, "size", json_object_get_string(jobj_length))) {
#  915|   			free(intervals);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def139]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:914:22: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:873:12: enter_function: entry to 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:880:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:888:25: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:893:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:902:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_true: following 'true' branch (when 'entrykey' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: call_function: inlined call to 'lh_entry_k' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: call_function: calling 'json_contains' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: return_function: returning to 'hdr_validate_areas' from 'json_contains'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:913:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:914:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:914:22: throw: if 'json_object_get_string' throws an exception...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:914:22: danger: 'intervals' leaks here; was allocated at [(10)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/9)
#  912|   		    !(jobj_length = json_contains_string(cd, jobj_area, key, "Keyslot", "size")) ||
#  913|   		    !numbered(cd, "offset", json_object_get_string(jobj_offset)) ||
#  914|-> 		    !numbered(cd, "size", json_object_get_string(jobj_length))) {
#  915|   			free(intervals);
#  916|   			return 1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def140]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:922:25: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:873:12: enter_function: entry to 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:880:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:888:25: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:893:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:902:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_true: following 'true' branch (when 'entrykey' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: call_function: inlined call to 'lh_entry_k' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: call_function: calling 'json_contains' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: return_function: returning to 'hdr_validate_areas' from 'json_contains'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:913:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:914:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:64: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:922:25: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:922:25: danger: 'intervals' leaks here; was allocated at [(10)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/9)
#  920|   		if (!json_str_to_uint64(jobj_offset, &intervals[i].offset) ||
#  921|   		    !json_str_to_uint64(jobj_length, &intervals[i].length)) {
#  922|-> 			log_dbg(cd, "Illegal keyslot area values.");
#  923|   			free(intervals);
#  924|   			return 1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def141]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1314:9: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:873:12: enter_function: entry to 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:880:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:888:25: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:893:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:902:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: call_function: calling 'json_contains' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: return_function: returning to 'hdr_validate_areas' from 'json_contains'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:913:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:914:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:64: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:921:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:927:17: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: following 'false' branch (when 'entrykey' is NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:930:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:930:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:935:15: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:935:15: call_function: calling 'LUKS2_hdr_and_areas_size_jobj' from 'hdr_validate_areas'
# 1312|   	uint64_t keyslots_size;
# 1313|   
# 1314|-> 	json_object_object_get_ex(jobj, "config", &jobj1);
# 1315|   	json_object_object_get_ex(jobj1, "keyslots_size", &jobj2);
# 1316|   	json_str_to_uint64(jobj2, &keyslots_size);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def142]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1315:9: warning[-Wanalyzer-malloc-leak]: leak of 'intervals'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:873:12: enter_function: entry to 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:880:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:14: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:884:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:888:25: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:893:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:896:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:901:21: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:902:12: branch_false: following 'false' branch (when 'intervals' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: call_function: calling 'json_contains' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:35: return_function: returning to 'hdr_validate_areas' from 'json_contains'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:910:22: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:911:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: call_function: calling 'json_contains_string' from 'hdr_validate_areas'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:912:37: return_function: returning to 'hdr_validate_areas' from 'json_contains_string'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:913:22: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:914:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:909:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:64: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:921:22: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:920:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:927:17: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:907:9: branch_false: following 'false' branch (when 'entrykey' is NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:930:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:930:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:935:15: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:935:15: call_function: calling 'LUKS2_hdr_and_areas_size_jobj' from 'hdr_validate_areas'
# 1313|   
# 1314|   	json_object_object_get_ex(jobj, "config", &jobj1);
# 1315|-> 	json_object_object_get_ex(jobj1, "keyslots_size", &jobj2);
# 1316|   	json_str_to_uint64(jobj2, &keyslots_size);
# 1317|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def143]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1352:9: warning[-Wanalyzer-malloc-leak]: leak of 'buffer'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1348:18: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1349:12: branch_false: following 'false' branch (when 'buffer' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1352:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1352:9: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1352:9: danger: 'buffer' leaks here; was allocated at [(1)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/0)
# 1350|   		return -ENOMEM;
# 1351|   
# 1352|-> 	log_dbg(cd, "Storing backup of header (%zu bytes).", hdr_size);
# 1353|   	log_dbg(cd, "Output backup file size: %zu bytes.", buffer_size);
# 1354|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def144]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1353:9: warning[-Wanalyzer-malloc-leak]: leak of 'buffer'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1348:18: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1349:12: branch_false: following 'false' branch (when 'buffer' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1352:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1353:9: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1353:9: danger: 'buffer' leaks here; was allocated at [(1)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/0)
# 1351|   
# 1352|   	log_dbg(cd, "Storing backup of header (%zu bytes).", hdr_size);
# 1353|-> 	log_dbg(cd, "Output backup file size: %zu bytes.", buffer_size);
# 1354|   
# 1355|   	r = device_read_lock(cd, device);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def145]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1355:13: warning[-Wanalyzer-malloc-leak]: leak of 'buffer'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1348:18: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1349:12: branch_false: following 'false' branch (when 'buffer' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1352:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1355:13: throw: if 'device_read_lock' throws an exception...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1355:13: danger: 'buffer' leaks here; was allocated at [(1)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/0)
# 1353|   	log_dbg(cd, "Output backup file size: %zu bytes.", buffer_size);
# 1354|   
# 1355|-> 	r = device_read_lock(cd, device);
# 1356|   	if (r) {
# 1357|   		log_err(cd, _("Failed to acquire read lock on device %s."),

Error: GCC_ANALYZER_WARNING (CWE-401): [#def146]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1357:17: warning[-Wanalyzer-malloc-leak]: leak of 'buffer'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1348:18: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1349:12: branch_false: following 'false' branch (when 'buffer' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1352:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1356:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1357:17: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1357:17: throw: if 'device_path' throws an exception...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1357:17: danger: 'buffer' leaks here; was allocated at [(1)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/0)
# 1355|   	r = device_read_lock(cd, device);
# 1356|   	if (r) {
# 1357|-> 		log_err(cd, _("Failed to acquire read lock on device %s."),
# 1358|   			device_path(crypt_metadata_device(cd)));
# 1359|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def147]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1362:17: warning[-Wanalyzer-malloc-leak]: leak of 'buffer'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1348:18: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1349:12: branch_false: following 'false' branch (when 'buffer' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1352:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1356:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1362:17: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1362:17: throw: if 'device_open_locked' throws an exception...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1362:17: danger: 'buffer' leaks here; was allocated at [(1)](sarif:/runs/0/results/31/codeFlows/0/threadFlows/0/locations/0)
# 1360|   	}
# 1361|   
# 1362|-> 	devfd = device_open_locked(cd, device, O_RDONLY);
# 1363|   	if (devfd < 0) {
# 1364|   		device_read_unlock(cd, device);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def148]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1364:17: warning[-Wanalyzer-malloc-leak]: leak of 'buffer'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1348:18: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1349:12: branch_false: following 'false' branch (when 'buffer' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1352:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1356:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1362:17: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1363:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1364:17: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1364:17: throw: if 'device_read_unlock' throws an exception...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1364:17: danger: 'buffer' leaks here; was allocated at [(1)](sarif:/runs/0/results/32/codeFlows/0/threadFlows/0/locations/0)
# 1362|   	devfd = device_open_locked(cd, device, O_RDONLY);
# 1363|   	if (devfd < 0) {
# 1364|-> 		device_read_unlock(cd, device);
# 1365|   		log_err(cd, _("Device %s is not a valid LUKS device."), device_path(device));
# 1366|   		r = (devfd == -1) ? -EINVAL : devfd;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def149]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1365:17: warning[-Wanalyzer-malloc-leak]: leak of 'buffer'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1348:18: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1349:12: branch_false: following 'false' branch (when 'buffer' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1352:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1356:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1362:17: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1363:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1364:17: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1365:17: throw: if 'device_path' throws an exception...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1365:17: danger: 'buffer' leaks here; was allocated at [(1)](sarif:/runs/0/results/33/codeFlows/0/threadFlows/0/locations/0)
# 1363|   	if (devfd < 0) {
# 1364|   		device_read_unlock(cd, device);
# 1365|-> 		log_err(cd, _("Device %s is not a valid LUKS device."), device_path(device));
# 1366|   		r = (devfd == -1) ? -EINVAL : devfd;
# 1367|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def150]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1370:13: warning[-Wanalyzer-malloc-leak]: leak of 'buffer'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1348:18: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1349:12: branch_false: following 'false' branch (when 'buffer' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1352:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1356:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1362:17: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1363:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1370:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1370:13: throw: if 'device_alignment' throws an exception...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1370:13: danger: 'buffer' leaks here; was allocated at [(1)](sarif:/runs/0/results/35/codeFlows/0/threadFlows/0/locations/0)
# 1368|   	}
# 1369|   
# 1370|-> 	if (read_lseek_blockwise(devfd, device_block_size(cd, device),
# 1371|   			   device_alignment(device), buffer, hdr_size, 0) < hdr_size) {
# 1372|   		device_read_unlock(cd, device);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def151]
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1396:9: warning[-Wanalyzer-malloc-leak]: leak of 'buffer'
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1348:18: acquire_memory: allocated here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1349:12: branch_false: following 'false' branch (when 'buffer' is non-NULL)...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1352:9: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1396:9: throw: if 'crypt_safe_memzero' throws an exception...
cryptsetup-2.8.3/lib/luks2/luks2_json_metadata.c:1396:9: danger: 'buffer' leaks here; was allocated at [(1)](sarif:/runs/0/results/38/codeFlows/0/threadFlows/0/locations/0)
# 1394|   		r = 0;
# 1395|   out:
# 1396|-> 	crypt_safe_memzero(buffer, buffer_size);
# 1397|   	free(buffer);
# 1398|   	return r;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def152]
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:807:24: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, 368)'
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3320:12: enter_function: entry to 'reencrypt_load'
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3331:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3337:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3338:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: call_function: calling 'reencrypt_load_clean' from 'reencrypt_load'
#  805|   	json_object *jobj_keyslot, *jobj_mode;
#  806|   
#  807|-> 	jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, LUKS2_find_keyslot(hdr, "reencrypt"));
#  808|   	if (!jobj_keyslot)
#  809|   		return mi;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def153]
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:811:9: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, 368)'
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3320:12: enter_function: entry to 'reencrypt_load'
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3331:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3337:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3338:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: call_function: calling 'reencrypt_load_clean' from 'reencrypt_load'
#  809|   		return mi;
#  810|   
#  811|-> 	json_object_object_get_ex(jobj_keyslot, "mode", &jobj_mode);
#  812|   	mode = json_object_get_string(jobj_mode);
#  813|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def154]
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:812:16: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, 368)'
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3320:12: enter_function: entry to 'reencrypt_load'
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3331:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3337:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3338:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: call_function: calling 'reencrypt_load_clean' from 'reencrypt_load'
#  810|   
#  811|   	json_object_object_get_ex(jobj_keyslot, "mode", &jobj_mode);
#  812|-> 	mode = json_object_get_string(jobj_mode);
#  813|   
#  814|   	/* validation enforces allowed values */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def155]
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:829:24: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, 368)'
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3320:12: enter_function: entry to 'reencrypt_load'
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3331:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3337:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3338:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: call_function: calling 'reencrypt_load_clean' from 'reencrypt_load'
#  827|   	crypt_reencrypt_direction_info di = CRYPT_REENCRYPT_FORWARD;
#  828|   
#  829|-> 	jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, LUKS2_find_keyslot(hdr, "reencrypt"));
#  830|   	if (!jobj_keyslot)
#  831|   		return di;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def156]
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:1175:29: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, 368)'
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3320:12: enter_function: entry to 'reencrypt_load'
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3331:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3337:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3338:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: call_function: calling 'reencrypt_load_clean' from 'reencrypt_load'
# 1173|   	uint64_t dummy, area_length;
# 1174|   
# 1175|-> 	rh->reenc_keyslot = LUKS2_find_keyslot(hdr, "reencrypt");
# 1176|   	if (rh->reenc_keyslot < 0)
# 1177|   		return -EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def157]
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:1178:13: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, 368)'
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3320:12: enter_function: entry to 'reencrypt_load'
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3331:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3337:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3338:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: call_function: calling 'reencrypt_load_clean' from 'reencrypt_load'
# 1176|   	if (rh->reenc_keyslot < 0)
# 1177|   		return -EINVAL;
# 1178|-> 	if (LUKS2_keyslot_area(hdr, rh->reenc_keyslot, &dummy, &area_length) < 0)
# 1179|   		return -EINVAL;
# 1180|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def158]
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:1285:9: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, 368)'
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3320:12: enter_function: entry to 'reencrypt_load'
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3331:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3334:19: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3337:13: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3338:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_false: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3341:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: branch_true: ...to here
cryptsetup-2.8.3/lib/luks2/luks2_reencrypt.c:3342:21: call_function: calling 'reencrypt_load_clean' from 'reencrypt_load'
# 1283|   		return -ENOMEM;
# 1284|   
# 1285|-> 	log_dbg(cd, "Loading stored reencryption context.");
# 1286|   
# 1287|   	r = reencrypt_context_init(cd, hdr, tmp, device_size, max_hotzone_size, fixed_device_size);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def159]
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:488:14: warning[-Wanalyzer-malloc-leak]: leak of 'data'
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:636:5: enter_function: entry to 'TCRYPT_read_phdr'
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:666:12: branch_false: following 'false' branch (when 'devfd >= 0')...
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:673:13: branch_false: ...to here
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:673:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:674:21: branch_true: ...to here
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:674:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:677:29: branch_true: ...to here
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:677:29: call_function: calling 'TCRYPT_init_hdr' from 'TCRYPT_read_phdr'
#  486|   	memset(data, 0, TCRYPT_KEYFILE_LEN);
#  487|   
#  488|-> 	fd = open(keyfile, O_RDONLY);
#  489|   	if (fd < 0) {
#  490|   		log_err(cd, _("Failed to open key file."));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def160]
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:490:17: warning[-Wanalyzer-malloc-leak]: leak of 'data'
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:636:5: enter_function: entry to 'TCRYPT_read_phdr'
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:666:12: branch_false: following 'false' branch (when 'devfd >= 0')...
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:673:13: branch_false: ...to here
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:673:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:674:21: branch_true: ...to here
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:674:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:677:29: branch_true: ...to here
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:677:29: call_function: calling 'TCRYPT_init_hdr' from 'TCRYPT_read_phdr'
#  488|   	fd = open(keyfile, O_RDONLY);
#  489|   	if (fd < 0) {
#  490|-> 		log_err(cd, _("Failed to open key file."));
#  491|   		goto out;
#  492|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def161]
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:494:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(keyfile, 0)'
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:636:5: enter_function: entry to 'TCRYPT_read_phdr'
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:666:12: branch_false: following 'false' branch (when 'devfd >= 0')...
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:673:13: branch_false: ...to here
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:673:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:674:21: branch_true: ...to here
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:674:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:677:29: branch_true: ...to here
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:677:29: call_function: calling 'TCRYPT_init_hdr' from 'TCRYPT_read_phdr'
#  492|   	}
#  493|   
#  494|-> 	data_size = read_buffer(fd, data, TCRYPT_KEYFILE_LEN);
#  495|   	close(fd);
#  496|   	if (data_size < 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def162]
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:494:21: warning[-Wanalyzer-malloc-leak]: leak of 'data'
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:636:5: enter_function: entry to 'TCRYPT_read_phdr'
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:666:12: branch_false: following 'false' branch (when 'devfd >= 0')...
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:673:13: branch_false: ...to here
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:673:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:674:21: branch_true: ...to here
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:674:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:677:29: branch_true: ...to here
cryptsetup-2.8.3/lib/tcrypt/tcrypt.c:677:29: call_function: calling 'TCRYPT_init_hdr' from 'TCRYPT_read_phdr'
#  492|   	}
#  493|   
#  494|-> 	data_size = read_buffer(fd, data, TCRYPT_KEYFILE_LEN);
#  495|   	close(fd);
#  496|   	if (data_size < 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def163]
cryptsetup-2.8.3/lib/utils.c:87:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open("/proc/meminfo", 0)'
cryptsetup-2.8.3/lib/utils.c:83:19: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils.c:83:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:86:16: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:87:9: danger: 'open("/proc/meminfo", 0)' leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   85|   
#   86|   	size = read(fd, buf, sizeof(buf));
#   87|-> 	close(fd);
#   88|   	if (size < 1)
#   89|   		return true;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def164]
cryptsetup-2.8.3/lib/utils.c:212:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'fd'
cryptsetup-2.8.3/lib/utils.c:195:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:198:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:201:12: branch_true: following 'true' branch (when 'keyfile' is non-NULL)...
cryptsetup-2.8.3/lib/utils.c:202:22: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:202:22: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils.c:203:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:211:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:211:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils.c:212:17: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:212:17: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/utils.c:212:17: danger: 'fd' leaks here; was opened at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  210|   
#  211|   	if (isatty(fd)) {
#  212|-> 		log_err(cd, _("Cannot read keyfile from a terminal."));
#  213|   		goto out;
#  214|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def165]
cryptsetup-2.8.3/lib/utils.c:228:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'fd'
cryptsetup-2.8.3/lib/utils.c:195:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:198:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:201:12: branch_true: following 'true' branch (when 'keyfile' is non-NULL)...
cryptsetup-2.8.3/lib/utils.c:202:22: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:202:22: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils.c:203:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:211:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:211:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:217:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:226:12: branch_true: following 'true' branch (when 'keyfile' is non-NULL)...
cryptsetup-2.8.3/lib/utils.c:227:21: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:227:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils.c:228:25: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:228:25: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/utils.c:228:25: danger: 'fd' leaks here; was opened at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#  226|   	if (keyfile) {
#  227|   		if (stat(keyfile, &st) < 0) {
#  228|-> 			log_err(cd, _("Failed to stat key file."));
#  229|   			goto out;
#  230|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def166]
cryptsetup-2.8.3/lib/utils.c:236:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'fd'
cryptsetup-2.8.3/lib/utils.c:195:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:198:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:201:12: branch_true: following 'true' branch (when 'keyfile' is non-NULL)...
cryptsetup-2.8.3/lib/utils.c:202:22: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:202:22: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils.c:203:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:211:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:211:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:217:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:226:12: branch_true: following 'true' branch (when 'keyfile' is non-NULL)...
cryptsetup-2.8.3/lib/utils.c:227:21: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:227:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:231:21: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:231:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils.c:233:52: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:235:28: branch_true: following 'true' branch (when 'file_read_size < keyfile_offset')...
cryptsetup-2.8.3/lib/utils.c:236:33: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:236:33: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/utils.c:236:33: danger: 'fd' leaks here; was opened at [(5)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/4)
#  234|   
#  235|   			if (keyfile_offset > file_read_size) {
#  236|-> 				log_err(cd, _("Cannot seek to requested keyfile offset."));
#  237|   				goto out;
#  238|   			}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def167]
cryptsetup-2.8.3/lib/utils.c:249:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'fd'
cryptsetup-2.8.3/lib/utils.c:195:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:198:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:201:12: branch_true: following 'true' branch (when 'keyfile' is non-NULL)...
cryptsetup-2.8.3/lib/utils.c:202:22: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:202:22: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils.c:203:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:211:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:211:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:217:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:226:12: branch_true: following 'true' branch (when 'keyfile' is non-NULL)...
cryptsetup-2.8.3/lib/utils.c:227:21: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:227:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:231:21: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:249:16: throw: if 'crypt_safe_alloc' throws an exception...
cryptsetup-2.8.3/lib/utils.c:249:16: danger: 'fd' leaks here; was opened at [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4)
#  247|   	}
#  248|   
#  249|-> 	pass = crypt_safe_alloc(buflen);
#  250|   	if (!pass) {
#  251|   		log_err(cd, _("Out of memory while reading passphrase."));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def168]
cryptsetup-2.8.3/lib/utils.c:251:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'fd'
cryptsetup-2.8.3/lib/utils.c:195:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:198:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:201:12: branch_true: following 'true' branch (when 'keyfile' is non-NULL)...
cryptsetup-2.8.3/lib/utils.c:202:22: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:202:22: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils.c:203:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:211:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:211:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:217:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:226:12: branch_true: following 'true' branch (when 'keyfile' is non-NULL)...
cryptsetup-2.8.3/lib/utils.c:227:21: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:227:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:231:21: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:250:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils.c:251:17: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:251:17: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/utils.c:251:17: danger: 'fd' leaks here; was opened at [(5)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/4)
#  249|   	pass = crypt_safe_alloc(buflen);
#  250|   	if (!pass) {
#  251|-> 		log_err(cd, _("Out of memory while reading passphrase."));
#  252|   		goto out;
#  253|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def169]
cryptsetup-2.8.3/lib/utils.c:303:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'fd'
cryptsetup-2.8.3/lib/utils.c:195:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:198:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:201:12: branch_true: following 'true' branch (when 'keyfile' is non-NULL)...
cryptsetup-2.8.3/lib/utils.c:202:22: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:202:22: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils.c:203:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:211:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:211:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:217:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:226:12: branch_true: following 'true' branch (when 'keyfile' is non-NULL)...
cryptsetup-2.8.3/lib/utils.c:227:21: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:227:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:231:21: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:250:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:256:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:256:12: branch_false: following 'false' branch (when 'keyfile_offset == 0')...
cryptsetup-2.8.3/lib/utils.c:261:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:261:34: branch_false: following 'false' branch (when 'key_size <= i')...
cryptsetup-2.8.3/lib/utils.c:302:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:302:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils.c:303:17: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/utils.c:303:17: danger: 'fd' leaks here; was opened at [(5)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/4)
#  301|   	/* Fail if piped input dies reading nothing */
#  302|   	if (!i && !regular_file && !newline) {
#  303|-> 		log_err(cd, _("Nothing to read on input."));
#  304|   		r = -EPIPE;
#  305|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def170]
cryptsetup-2.8.3/lib/utils.c:315:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'fd'
cryptsetup-2.8.3/lib/utils.c:195:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:198:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:201:12: branch_true: following 'true' branch (when 'keyfile' is non-NULL)...
cryptsetup-2.8.3/lib/utils.c:202:22: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:202:22: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils.c:203:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:211:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:211:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:217:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:226:12: branch_true: following 'true' branch (when 'keyfile' is non-NULL)...
cryptsetup-2.8.3/lib/utils.c:227:21: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:227:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:231:21: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:235:28: branch_false: following 'false' branch (when 'file_read_size >= keyfile_offset')...
cryptsetup-2.8.3/lib/utils.c:239:25: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:250:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:256:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:256:12: branch_false: following 'false' branch (when 'keyfile_offset == 0')...
cryptsetup-2.8.3/lib/utils.c:261:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:261:34: branch_false: following 'false' branch (when 'key_size <= i')...
cryptsetup-2.8.3/lib/utils.c:302:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:302:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:309:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:309:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:309:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:314:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils.c:315:17: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:315:17: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/utils.c:315:17: danger: 'fd' leaks here; was opened at [(5)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/4)
#  313|   
#  314|   	if (!unlimited_read && i != key_size) {
#  315|-> 		log_err(cd, _("Cannot read requested amount of data."));
#  316|   		goto out;
#  317|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def171]
cryptsetup-2.8.3/lib/utils.c:324:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'fd'
cryptsetup-2.8.3/lib/utils.c:195:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:198:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:201:12: branch_true: following 'true' branch (when 'keyfile' is non-NULL)...
cryptsetup-2.8.3/lib/utils.c:202:22: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:202:22: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils.c:203:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils.c:211:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils.c:211:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils.c:212:17: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:323:12: branch_true: following 'true' branch (when 'close_fd != 0')...
cryptsetup-2.8.3/lib/utils.c:324:17: branch_true: ...to here
cryptsetup-2.8.3/lib/utils.c:324:17: throw: if 'close' throws an exception...
cryptsetup-2.8.3/lib/utils.c:324:17: danger: 'fd' leaks here; was opened at [(5)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/4)
#  322|   out:
#  323|   	if (close_fd)
#  324|-> 		close(fd);
#  325|   
#  326|   	if (r)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def172]
cryptsetup-2.8.3/lib/utils_benchmark.c:49:17: warning[-Wanalyzer-malloc-leak]: leak of 'iv'
cryptsetup-2.8.3/lib/utils_benchmark.c:27:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_benchmark.c:31:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_benchmark.c:35:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_benchmark.c:35:13: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils_benchmark.c:35:13: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_benchmark.c:45:12: branch_true: following 'true' branch (when 'iv_size != 0')...
cryptsetup-2.8.3/lib/utils_benchmark.c:46:22: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_benchmark.c:46:22: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_benchmark.c:47:20: branch_false: following 'false' branch (when 'iv' is non-NULL)...
cryptsetup-2.8.3/lib/utils_benchmark.c:49:17: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_benchmark.c:49:17: throw: if 'crypt_random_get' throws an exception...
cryptsetup-2.8.3/lib/utils_benchmark.c:49:17: danger: 'iv' leaks here; was allocated at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#   47|   		if (!iv)
#   48|   			goto out;
#   49|-> 		crypt_random_get(cd, iv, iv_size, CRYPT_RND_NORMAL);
#   50|   	}
#   51|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def173]
cryptsetup-2.8.3/lib/utils_benchmark.c:56:9: warning[-Wanalyzer-malloc-leak]: leak of 'key'
cryptsetup-2.8.3/lib/utils_benchmark.c:27:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_benchmark.c:31:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_benchmark.c:35:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_benchmark.c:35:13: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils_benchmark.c:35:13: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_benchmark.c:45:12: branch_false: following 'false' branch (when 'iv_size == 0')...
cryptsetup-2.8.3/lib/utils_benchmark.c:52:15: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_benchmark.c:52:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_benchmark.c:53:12: branch_false: following 'false' branch (when 'key' is non-NULL)...
cryptsetup-2.8.3/lib/utils_benchmark.c:56:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_benchmark.c:56:9: throw: if 'crypt_random_get' throws an exception...
cryptsetup-2.8.3/lib/utils_benchmark.c:56:9: danger: 'key' leaks here; was allocated at [(9)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/8)
#   54|   		goto out;
#   55|   
#   56|-> 	crypt_random_get(cd, key, volume_key_size, CRYPT_RND_NORMAL);
#   57|   
#   58|   	strncpy(mode, cipher_mode, sizeof(mode)-1);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def174]
cryptsetup-2.8.3/lib/utils_blkid.c:82:19: warning[-Wanalyzer-malloc-leak]: leak of 'tmp'
cryptsetup-2.8.3/lib/utils_blkid.c:76:36: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_blkid.c:77:12: branch_false: following 'false' branch (when 'tmp' is non-NULL)...
cryptsetup-2.8.3/lib/utils_blkid.c:80:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_blkid.c:82:19: throw: if 'blkid_new_probe_from_filename' throws an exception...
cryptsetup-2.8.3/lib/utils_blkid.c:82:19: danger: 'tmp' leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   80|   	tmp->fd = -1;
#   81|   
#   82|-> 	tmp->pr = blkid_new_probe_from_filename(path);
#   83|   	if (!tmp->pr) {
#   84|   		free(tmp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def175]
cryptsetup-2.8.3/lib/utils_blkid.c:82:19: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp’
cryptsetup-2.8.3/lib/utils_blkid.c:76:36: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_blkid.c:77:12: branch_false: following ‘false’ branch (when ‘tmp’ is non-NULL)...
cryptsetup-2.8.3/lib/utils_blkid.c:80:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_blkid.c:82:19: throw: if ‘blkid_new_probe_from_filename’ throws an exception...
cryptsetup-2.8.3/lib/utils_blkid.c:82:19: danger: ‘tmp’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   80|   	tmp->fd = -1;
#   81|   
#   82|-> 	tmp->pr = blkid_new_probe_from_filename(path);
#   83|   	if (!tmp->pr) {
#   84|   		free(tmp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def176]
cryptsetup-2.8.3/lib/utils_blkid.c:98:19: warning[-Wanalyzer-malloc-leak]: leak of 'tmp'
cryptsetup-2.8.3/lib/utils_blkid.c:94:36: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_blkid.c:95:12: branch_false: following 'false' branch (when 'tmp' is non-NULL)...
cryptsetup-2.8.3/lib/utils_blkid.c:98:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_blkid.c:98:19: throw: if 'blkid_new_probe' throws an exception...
cryptsetup-2.8.3/lib/utils_blkid.c:98:19: danger: 'tmp' leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   96|   		return -ENOMEM;
#   97|   
#   98|-> 	tmp->pr = blkid_new_probe();
#   99|   	if (!tmp->pr) {
#  100|   		free(tmp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def177]
cryptsetup-2.8.3/lib/utils_blkid.c:98:19: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp’
cryptsetup-2.8.3/lib/utils_blkid.c:94:36: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_blkid.c:95:12: branch_false: following ‘false’ branch (when ‘tmp’ is non-NULL)...
cryptsetup-2.8.3/lib/utils_blkid.c:98:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_blkid.c:98:19: throw: if ‘blkid_new_probe’ throws an exception...
cryptsetup-2.8.3/lib/utils_blkid.c:98:19: danger: ‘tmp’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   96|   		return -ENOMEM;
#   97|   
#   98|-> 	tmp->pr = blkid_new_probe();
#   99|   	if (!tmp->pr) {
#  100|   		free(tmp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def178]
cryptsetup-2.8.3/lib/utils_blkid.c:104:13: warning[-Wanalyzer-malloc-leak]: leak of 'tmp'
cryptsetup-2.8.3/lib/utils_blkid.c:94:36: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_blkid.c:95:12: branch_false: following 'false' branch (when 'tmp' is non-NULL)...
cryptsetup-2.8.3/lib/utils_blkid.c:98:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_blkid.c:99:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_blkid.c:104:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_blkid.c:104:13: throw: if 'blkid_probe_set_device' throws an exception...
cryptsetup-2.8.3/lib/utils_blkid.c:104:13: danger: 'tmp' leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  102|   	}
#  103|   
#  104|-> 	if (blkid_probe_set_device(tmp->pr, fd, 0, 0)) {
#  105|   		blkid_free_probe(tmp->pr);
#  106|   		free(tmp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def179]
cryptsetup-2.8.3/lib/utils_blkid.c:104:13: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp’
cryptsetup-2.8.3/lib/utils_blkid.c:94:36: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_blkid.c:95:12: branch_false: following ‘false’ branch (when ‘tmp’ is non-NULL)...
cryptsetup-2.8.3/lib/utils_blkid.c:98:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_blkid.c:99:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/lib/utils_blkid.c:104:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_blkid.c:104:13: throw: if ‘blkid_probe_set_device’ throws an exception...
cryptsetup-2.8.3/lib/utils_blkid.c:104:13: danger: ‘tmp’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  102|   	}
#  103|   
#  104|-> 	if (blkid_probe_set_device(tmp->pr, fd, 0, 0)) {
#  105|   		blkid_free_probe(tmp->pr);
#  106|   		free(tmp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def180]
cryptsetup-2.8.3/lib/utils_blkid.c:105:17: warning[-Wanalyzer-malloc-leak]: leak of 'tmp'
cryptsetup-2.8.3/lib/utils_blkid.c:94:36: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_blkid.c:95:12: branch_false: following 'false' branch (when 'tmp' is non-NULL)...
cryptsetup-2.8.3/lib/utils_blkid.c:98:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_blkid.c:99:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_blkid.c:104:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_blkid.c:104:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils_blkid.c:105:17: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_blkid.c:105:17: throw: if 'blkid_free_probe' throws an exception...
cryptsetup-2.8.3/lib/utils_blkid.c:105:17: danger: 'tmp' leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  103|   
#  104|   	if (blkid_probe_set_device(tmp->pr, fd, 0, 0)) {
#  105|-> 		blkid_free_probe(tmp->pr);
#  106|   		free(tmp);
#  107|   		return -EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def181]
cryptsetup-2.8.3/lib/utils_blkid.c:105:17: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp’
cryptsetup-2.8.3/lib/utils_blkid.c:94:36: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_blkid.c:95:12: branch_false: following ‘false’ branch (when ‘tmp’ is non-NULL)...
cryptsetup-2.8.3/lib/utils_blkid.c:98:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_blkid.c:99:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/lib/utils_blkid.c:104:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_blkid.c:104:12: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/lib/utils_blkid.c:105:17: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_blkid.c:105:17: throw: if ‘blkid_free_probe’ throws an exception...
cryptsetup-2.8.3/lib/utils_blkid.c:105:17: danger: ‘tmp’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  103|   
#  104|   	if (blkid_probe_set_device(tmp->pr, fd, 0, 0)) {
#  105|-> 		blkid_free_probe(tmp->pr);
#  106|   		free(tmp);
#  107|   		return -EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def182]
cryptsetup-2.8.3/lib/utils_device.c:79:33: warning[-Wanalyzer-malloc-leak]: leak of 'dev'
cryptsetup-2.8.3/lib/utils_device.c:420:5: enter_function: entry to 'device_alloc'
cryptsetup-2.8.3/lib/utils_device.c:425:13: call_function: calling 'device_alloc_no_check' from 'device_alloc'
cryptsetup-2.8.3/lib/utils_device.c:425:13: return_function: returning to 'device_alloc' from 'device_alloc_no_check'
cryptsetup-2.8.3/lib/utils_device.c:426:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device.c:429:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device.c:429:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils_device.c:430:21: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_device.c:430:21: call_function: calling 'device_ready' from 'device_alloc'
#   77|   	else {
#   78|   		if (ioctl(fd, BLKSSZGET, &arg) < 0)
#   79|-> 			bsize = crypt_getpagesize();
#   80|   		else
#   81|   			bsize = (size_t)arg;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def183]
cryptsetup-2.8.3/lib/utils_device.c:156:13: warning[-Wanalyzer-malloc-leak]: leak of 'dev'
cryptsetup-2.8.3/lib/utils_device.c:420:5: enter_function: entry to 'device_alloc'
cryptsetup-2.8.3/lib/utils_device.c:425:13: call_function: calling 'device_alloc_no_check' from 'device_alloc'
cryptsetup-2.8.3/lib/utils_device.c:425:13: return_function: returning to 'device_alloc' from 'device_alloc_no_check'
cryptsetup-2.8.3/lib/utils_device.c:426:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device.c:429:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device.c:429:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils_device.c:430:21: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_device.c:430:21: call_function: calling 'device_ready' from 'device_alloc'
#  154|   		minsize = sizeof(buffer);
#  155|   
#  156|-> 	if (read_blockwise(devfd, blocksize, alignment, buffer, minsize) == (ssize_t)minsize) {
#  157|   		log_dbg(cd, "Direct-io read works.");
#  158|   		r = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def184]
cryptsetup-2.8.3/lib/utils_device.c:157:17: warning[-Wanalyzer-malloc-leak]: leak of 'dev'
cryptsetup-2.8.3/lib/utils_device.c:420:5: enter_function: entry to 'device_alloc'
cryptsetup-2.8.3/lib/utils_device.c:425:13: call_function: calling 'device_alloc_no_check' from 'device_alloc'
cryptsetup-2.8.3/lib/utils_device.c:425:13: return_function: returning to 'device_alloc' from 'device_alloc_no_check'
cryptsetup-2.8.3/lib/utils_device.c:426:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device.c:429:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device.c:429:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils_device.c:430:21: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_device.c:430:21: call_function: calling 'device_ready' from 'device_alloc'
#  155|   
#  156|   	if (read_blockwise(devfd, blocksize, alignment, buffer, minsize) == (ssize_t)minsize) {
#  157|-> 		log_dbg(cd, "Direct-io read works.");
#  158|   		r = 0;
#  159|   	} else {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def185]
cryptsetup-2.8.3/lib/utils_device.c:160:17: warning[-Wanalyzer-malloc-leak]: leak of 'dev'
cryptsetup-2.8.3/lib/utils_device.c:420:5: enter_function: entry to 'device_alloc'
cryptsetup-2.8.3/lib/utils_device.c:425:13: call_function: calling 'device_alloc_no_check' from 'device_alloc'
cryptsetup-2.8.3/lib/utils_device.c:425:13: return_function: returning to 'device_alloc' from 'device_alloc_no_check'
cryptsetup-2.8.3/lib/utils_device.c:426:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device.c:429:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device.c:429:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils_device.c:430:21: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_device.c:430:21: call_function: calling 'device_ready' from 'device_alloc'
#  158|   		r = 0;
#  159|   	} else {
#  160|-> 		log_dbg(cd, "Direct-io read failed.");
#  161|   		r = -EIO;
#  162|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def186]
cryptsetup-2.8.3/lib/utils_device.c:164:9: warning[-Wanalyzer-malloc-leak]: leak of 'dev'
cryptsetup-2.8.3/lib/utils_device.c:420:5: enter_function: entry to 'device_alloc'
cryptsetup-2.8.3/lib/utils_device.c:425:13: call_function: calling 'device_alloc_no_check' from 'device_alloc'
cryptsetup-2.8.3/lib/utils_device.c:425:13: return_function: returning to 'device_alloc' from 'device_alloc_no_check'
cryptsetup-2.8.3/lib/utils_device.c:426:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device.c:429:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device.c:429:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils_device.c:430:21: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_device.c:430:21: call_function: calling 'device_ready' from 'device_alloc'
#  162|   	}
#  163|   
#  164|-> 	crypt_safe_memzero(buffer, sizeof(buffer));
#  165|   	return r;
#  166|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def187]
cryptsetup-2.8.3/lib/utils_device.c:186:17: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
cryptsetup-2.8.3/lib/utils_device.c:420:5: enter_function: entry to 'device_alloc'
cryptsetup-2.8.3/lib/utils_device.c:425:13: call_function: calling 'device_alloc_no_check' from 'device_alloc'
cryptsetup-2.8.3/lib/utils_device.c:425:13: return_function: returning to 'device_alloc' from 'device_alloc_no_check'
cryptsetup-2.8.3/lib/utils_device.c:426:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device.c:429:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device.c:429:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils_device.c:430:21: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_device.c:430:21: call_function: calling 'device_ready' from 'device_alloc'
#  184|   
#  185|   	if (device->o_direct) {
#  186|-> 		log_dbg(cd, "Trying to open device %s with direct-io.",
#  187|   			device_path(device));
#  188|   		device->o_direct = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def188]
cryptsetup-2.8.3/lib/utils_device.c:186:17: warning[-Wanalyzer-malloc-leak]: leak of 'dev'
cryptsetup-2.8.3/lib/utils_device.c:420:5: enter_function: entry to 'device_alloc'
cryptsetup-2.8.3/lib/utils_device.c:425:13: call_function: calling 'device_alloc_no_check' from 'device_alloc'
cryptsetup-2.8.3/lib/utils_device.c:425:13: return_function: returning to 'device_alloc' from 'device_alloc_no_check'
cryptsetup-2.8.3/lib/utils_device.c:426:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device.c:429:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device.c:429:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils_device.c:430:21: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_device.c:430:21: call_function: calling 'device_ready' from 'device_alloc'
#  184|   
#  185|   	if (device->o_direct) {
#  186|-> 		log_dbg(cd, "Trying to open device %s with direct-io.",
#  187|   			device_path(device));
#  188|   		device->o_direct = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def189]
cryptsetup-2.8.3/lib/utils_device.c:189:25: warning[-Wanalyzer-malloc-leak]: leak of 'dev'
cryptsetup-2.8.3/lib/utils_device.c:420:5: enter_function: entry to 'device_alloc'
cryptsetup-2.8.3/lib/utils_device.c:425:13: call_function: calling 'device_alloc_no_check' from 'device_alloc'
cryptsetup-2.8.3/lib/utils_device.c:425:13: return_function: returning to 'device_alloc' from 'device_alloc_no_check'
cryptsetup-2.8.3/lib/utils_device.c:426:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device.c:429:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device.c:429:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils_device.c:430:21: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_device.c:430:21: call_function: calling 'device_ready' from 'device_alloc'
#  187|   			device_path(device));
#  188|   		device->o_direct = 0;
#  189|-> 		devfd = open(device_path(device), O_RDONLY | O_DIRECT);
#  190|   		if (devfd >= 0) {
#  191|   			if (device_read_test(cd, devfd) == 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def190]
cryptsetup-2.8.3/lib/utils_device.c:254:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(device_path(device), flags)'
cryptsetup-2.8.3/lib/utils_device.c:236:12: enter_function: entry to '_open_locked'
cryptsetup-2.8.3/lib/utils_device.c:240:12: branch_false: following 'false' branch (when 'device' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device.c:243:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device.c:243:9: call_function: calling 'device_path' from '_open_locked'
cryptsetup-2.8.3/lib/utils_device.c:243:9: return_function: returning to '_open_locked' from 'device_path'
cryptsetup-2.8.3/lib/utils_device.c:250:14: call_function: calling 'device_path' from '_open_locked'
cryptsetup-2.8.3/lib/utils_device.c:250:14: return_function: returning to '_open_locked' from 'device_path'
cryptsetup-2.8.3/lib/utils_device.c:250:14: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils_device.c:251:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device.c:254:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device.c:254:13: throw: if 'device_locked_verify' throws an exception...
cryptsetup-2.8.3/lib/utils_device.c:254:13: danger: 'open(device_path(device), flags)' leaks here; was opened at [(14)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/13)
#  252|   		return -errno;
#  253|   
#  254|-> 	if (device_locked_verify(cd, fd, device->lh)) {
#  255|   		/* fd doesn't correspond to a locked resource */
#  256|   		close(fd);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def191]
cryptsetup-2.8.3/lib/utils_device.c:778:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'fd'
cryptsetup-2.8.3/lib/utils_device.c:724:12: branch_false: following 'false' branch (when 'device' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device.c:727:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device.c:730:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device.c:736:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device.c:741:14: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils_device.c:742:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device.c:747:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device.c:747:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device.c:752:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device.c:752:12: branch_false: following 'false' branch (when 'fd != -1')...
cryptsetup-2.8.3/lib/utils_device.c:758:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device.c:758:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils_device.c:760:39: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_device.c:777:12: branch_true: following 'true' branch (when 'fd != -1')...
cryptsetup-2.8.3/lib/utils_device.c:778:17: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_device.c:778:17: throw: if 'close' throws an exception...
cryptsetup-2.8.3/lib/utils_device.c:778:17: danger: 'fd' leaks here; was opened at [(5)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/4)
#  776|   out:
#  777|   	if (fd != -1)
#  778|-> 		close(fd);
#  779|   
#  780|   	switch (r) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def192]
cryptsetup-2.8.3/lib/utils_device_locking.c:84:17: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
cryptsetup-2.8.3/lib/utils_device_locking.c:286:12: enter_function: entry to 'acquire_and_verify'
cryptsetup-2.8.3/lib/utils_device_locking.c:291:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:21: branch_false: following 'false' branch (when 'device' is NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: call_function: calling 'acquire_lock_handle_by_name' from 'acquire_and_verify'
#   82|   	int dirfd, lockdfd;
#   83|   
#   84|-> 	dirfd = open(dir, O_RDONLY | O_DIRECTORY | O_CLOEXEC);
#   85|   	if (dirfd < 0) {
#   86|   		log_dbg(cd, "Failed to open directory %s: (%d: %s).", dir, errno, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def193]
cryptsetup-2.8.3/lib/utils_device_locking.c:84:17: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/utils_device_locking.c:286:12: enter_function: entry to 'acquire_and_verify'
cryptsetup-2.8.3/lib/utils_device_locking.c:291:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:21: branch_false: following 'false' branch (when 'device' is NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: call_function: calling 'acquire_lock_handle_by_name' from 'acquire_and_verify'
#   82|   	int dirfd, lockdfd;
#   83|   
#   84|-> 	dirfd = open(dir, O_RDONLY | O_DIRECTORY | O_CLOEXEC);
#   85|   	if (dirfd < 0) {
#   86|   		log_dbg(cd, "Failed to open directory %s: (%d: %s).", dir, errno, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def194]
cryptsetup-2.8.3/lib/utils_device_locking.c:86:17: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
cryptsetup-2.8.3/lib/utils_device_locking.c:286:12: enter_function: entry to 'acquire_and_verify'
cryptsetup-2.8.3/lib/utils_device_locking.c:291:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:21: branch_false: following 'false' branch (when 'device' is NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: call_function: calling 'acquire_lock_handle_by_name' from 'acquire_and_verify'
#   84|   	dirfd = open(dir, O_RDONLY | O_DIRECTORY | O_CLOEXEC);
#   85|   	if (dirfd < 0) {
#   86|-> 		log_dbg(cd, "Failed to open directory %s: (%d: %s).", dir, errno, strerror(errno));
#   87|   		if (errno == ENOTDIR || errno == ENOENT)
#   88|   			log_err(cd, _("Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."), dir, base);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def195]
cryptsetup-2.8.3/lib/utils_device_locking.c:86:17: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/utils_device_locking.c:286:12: enter_function: entry to 'acquire_and_verify'
cryptsetup-2.8.3/lib/utils_device_locking.c:291:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:21: branch_false: following 'false' branch (when 'device' is NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: call_function: calling 'acquire_lock_handle_by_name' from 'acquire_and_verify'
#   84|   	dirfd = open(dir, O_RDONLY | O_DIRECTORY | O_CLOEXEC);
#   85|   	if (dirfd < 0) {
#   86|-> 		log_dbg(cd, "Failed to open directory %s: (%d: %s).", dir, errno, strerror(errno));
#   87|   		if (errno == ENOTDIR || errno == ENOENT)
#   88|   			log_err(cd, _("Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."), dir, base);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def196]
cryptsetup-2.8.3/lib/utils_device_locking.c:88:25: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
cryptsetup-2.8.3/lib/utils_device_locking.c:286:12: enter_function: entry to 'acquire_and_verify'
cryptsetup-2.8.3/lib/utils_device_locking.c:291:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:21: branch_false: following 'false' branch (when 'device' is NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: call_function: calling 'acquire_lock_handle_by_name' from 'acquire_and_verify'
#   86|   		log_dbg(cd, "Failed to open directory %s: (%d: %s).", dir, errno, strerror(errno));
#   87|   		if (errno == ENOTDIR || errno == ENOENT)
#   88|-> 			log_err(cd, _("Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."), dir, base);
#   89|   		return -EINVAL;
#   90|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def197]
cryptsetup-2.8.3/lib/utils_device_locking.c:88:25: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/utils_device_locking.c:286:12: enter_function: entry to 'acquire_and_verify'
cryptsetup-2.8.3/lib/utils_device_locking.c:291:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:21: branch_false: following 'false' branch (when 'device' is NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: call_function: calling 'acquire_lock_handle_by_name' from 'acquire_and_verify'
#   86|   		log_dbg(cd, "Failed to open directory %s: (%d: %s).", dir, errno, strerror(errno));
#   87|   		if (errno == ENOTDIR || errno == ENOENT)
#   88|-> 			log_err(cd, _("Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."), dir, base);
#   89|   		return -EINVAL;
#   90|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def198]
cryptsetup-2.8.3/lib/utils_device_locking.c:92:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(dir, 589824)'
cryptsetup-2.8.3/lib/utils_device_locking.c:84:17: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils_device_locking.c:85:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device_locking.c:92:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:92:19: throw: if 'openat' throws an exception...
cryptsetup-2.8.3/lib/utils_device_locking.c:92:19: danger: 'open(dir, 589824)' leaks here; was opened at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#   90|   	}
#   91|   
#   92|-> 	lockdfd = openat(dirfd, base, O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC);
#   93|   	if (lockdfd < 0) {
#   94|   		if (errno == ENOENT) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def199]
cryptsetup-2.8.3/lib/utils_device_locking.c:92:19: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
cryptsetup-2.8.3/lib/utils_device_locking.c:286:12: enter_function: entry to 'acquire_and_verify'
cryptsetup-2.8.3/lib/utils_device_locking.c:291:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:21: branch_false: following 'false' branch (when 'device' is NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: call_function: calling 'acquire_lock_handle_by_name' from 'acquire_and_verify'
#   90|   	}
#   91|   
#   92|-> 	lockdfd = openat(dirfd, base, O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC);
#   93|   	if (lockdfd < 0) {
#   94|   		if (errno == ENOENT) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def200]
cryptsetup-2.8.3/lib/utils_device_locking.c:92:19: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/utils_device_locking.c:286:12: enter_function: entry to 'acquire_and_verify'
cryptsetup-2.8.3/lib/utils_device_locking.c:291:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:21: branch_false: following 'false' branch (when 'device' is NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: call_function: calling 'acquire_lock_handle_by_name' from 'acquire_and_verify'
#   90|   	}
#   91|   
#   92|-> 	lockdfd = openat(dirfd, base, O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC);
#   93|   	if (lockdfd < 0) {
#   94|   		if (errno == ENOENT) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def201]
cryptsetup-2.8.3/lib/utils_device_locking.c:95:25: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
cryptsetup-2.8.3/lib/utils_device_locking.c:286:12: enter_function: entry to 'acquire_and_verify'
cryptsetup-2.8.3/lib/utils_device_locking.c:291:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:21: branch_false: following 'false' branch (when 'device' is NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: call_function: calling 'acquire_lock_handle_by_name' from 'acquire_and_verify'
#   93|   	if (lockdfd < 0) {
#   94|   		if (errno == ENOENT) {
#   95|-> 			log_dbg(cd, "Locking directory %s/%s will be created with default compiled-in permissions.", dir, base);
#   96|   
#   97|   			/* success or failure w/ errno == EEXIST either way just try to open the 'base' directory again */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def202]
cryptsetup-2.8.3/lib/utils_device_locking.c:95:25: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/utils_device_locking.c:286:12: enter_function: entry to 'acquire_and_verify'
cryptsetup-2.8.3/lib/utils_device_locking.c:291:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:21: branch_false: following 'false' branch (when 'device' is NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: call_function: calling 'acquire_lock_handle_by_name' from 'acquire_and_verify'
#   93|   	if (lockdfd < 0) {
#   94|   		if (errno == ENOENT) {
#   95|-> 			log_dbg(cd, "Locking directory %s/%s will be created with default compiled-in permissions.", dir, base);
#   96|   
#   97|   			/* success or failure w/ errno == EEXIST either way just try to open the 'base' directory again */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def203]
cryptsetup-2.8.3/lib/utils_device_locking.c:99:33: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
cryptsetup-2.8.3/lib/utils_device_locking.c:286:12: enter_function: entry to 'acquire_and_verify'
cryptsetup-2.8.3/lib/utils_device_locking.c:291:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:21: branch_false: following 'false' branch (when 'device' is NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: call_function: calling 'acquire_lock_handle_by_name' from 'acquire_and_verify'
#   97|   			/* success or failure w/ errno == EEXIST either way just try to open the 'base' directory again */
#   98|   			if (mkdirat(dirfd, base, DEFAULT_LUKS2_LOCK_DIR_PERMS) && errno != EEXIST)
#   99|-> 				log_dbg(cd, "Failed to create directory %s in %s (%d: %s).", base, dir, errno, strerror(errno));
#  100|   			else
#  101|   				lockdfd = openat(dirfd, base, O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def204]
cryptsetup-2.8.3/lib/utils_device_locking.c:99:33: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/utils_device_locking.c:286:12: enter_function: entry to 'acquire_and_verify'
cryptsetup-2.8.3/lib/utils_device_locking.c:291:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:21: branch_false: following 'false' branch (when 'device' is NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: call_function: calling 'acquire_lock_handle_by_name' from 'acquire_and_verify'
#   97|   			/* success or failure w/ errno == EEXIST either way just try to open the 'base' directory again */
#   98|   			if (mkdirat(dirfd, base, DEFAULT_LUKS2_LOCK_DIR_PERMS) && errno != EEXIST)
#   99|-> 				log_dbg(cd, "Failed to create directory %s in %s (%d: %s).", base, dir, errno, strerror(errno));
#  100|   			else
#  101|   				lockdfd = openat(dirfd, base, O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def205]
cryptsetup-2.8.3/lib/utils_device_locking.c:101:43: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
cryptsetup-2.8.3/lib/utils_device_locking.c:286:12: enter_function: entry to 'acquire_and_verify'
cryptsetup-2.8.3/lib/utils_device_locking.c:291:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:21: branch_false: following 'false' branch (when 'device' is NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: call_function: calling 'acquire_lock_handle_by_name' from 'acquire_and_verify'
#   99|   				log_dbg(cd, "Failed to create directory %s in %s (%d: %s).", base, dir, errno, strerror(errno));
#  100|   			else
#  101|-> 				lockdfd = openat(dirfd, base, O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC);
#  102|   		} else {
#  103|   			log_dbg(cd, "Failed to open directory %s/%s: (%d: %s)", dir, base, errno, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def206]
cryptsetup-2.8.3/lib/utils_device_locking.c:101:43: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/utils_device_locking.c:286:12: enter_function: entry to 'acquire_and_verify'
cryptsetup-2.8.3/lib/utils_device_locking.c:291:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:21: branch_false: following 'false' branch (when 'device' is NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: call_function: calling 'acquire_lock_handle_by_name' from 'acquire_and_verify'
#   99|   				log_dbg(cd, "Failed to create directory %s in %s (%d: %s).", base, dir, errno, strerror(errno));
#  100|   			else
#  101|-> 				lockdfd = openat(dirfd, base, O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC);
#  102|   		} else {
#  103|   			log_dbg(cd, "Failed to open directory %s/%s: (%d: %s)", dir, base, errno, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def207]
cryptsetup-2.8.3/lib/utils_device_locking.c:103:25: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>'
cryptsetup-2.8.3/lib/utils_device_locking.c:286:12: enter_function: entry to 'acquire_and_verify'
cryptsetup-2.8.3/lib/utils_device_locking.c:291:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:21: branch_false: following 'false' branch (when 'device' is NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: call_function: calling 'acquire_lock_handle_by_name' from 'acquire_and_verify'
#  101|   				lockdfd = openat(dirfd, base, O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC);
#  102|   		} else {
#  103|-> 			log_dbg(cd, "Failed to open directory %s/%s: (%d: %s)", dir, base, errno, strerror(errno));
#  104|   			if (errno == ENOTDIR || errno == ELOOP)
#  105|   				log_err(cd, _("Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."), dir, base, base);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def208]
cryptsetup-2.8.3/lib/utils_device_locking.c:103:25: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/utils_device_locking.c:286:12: enter_function: entry to 'acquire_and_verify'
cryptsetup-2.8.3/lib/utils_device_locking.c:291:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:21: branch_false: following 'false' branch (when 'device' is NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:67: call_function: calling 'acquire_lock_handle_by_name' from 'acquire_and_verify'
#  101|   				lockdfd = openat(dirfd, base, O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC);
#  102|   		} else {
#  103|-> 			log_dbg(cd, "Failed to open directory %s/%s: (%d: %s)", dir, base, errno, strerror(errno));
#  104|   			if (errno == ENOTDIR || errno == ELOOP)
#  105|   				log_err(cd, _("Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."), dir, base, base);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def209]
cryptsetup-2.8.3/lib/utils_device_locking.c:138:18: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/utils_device_locking.c:286:12: enter_function: entry to 'acquire_and_verify'
cryptsetup-2.8.3/lib/utils_device_locking.c:291:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:21: branch_true: following 'true' branch (when 'device' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:298:30: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:30: call_function: calling 'acquire_lock_handle' from 'acquire_and_verify'
#  136|   	struct stat st;
#  137|   
#  138|-> 	dev_fd = open(device_path(device), O_RDONLY | O_NONBLOCK | O_CLOEXEC);
#  139|   	if (dev_fd < 0)
#  140|   		return -EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def210]
cryptsetup-2.8.3/lib/utils_device_locking.c:143:17: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/utils_device_locking.c:286:12: enter_function: entry to 'acquire_and_verify'
cryptsetup-2.8.3/lib/utils_device_locking.c:291:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:21: branch_true: following 'true' branch (when 'device' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:298:30: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:30: call_function: calling 'acquire_lock_handle' from 'acquire_and_verify'
#  141|   
#  142|   	if (fstat(dev_fd, &st)) {
#  143|-> 		close(dev_fd);
#  144|   		return -EINVAL;
#  145|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def211]
cryptsetup-2.8.3/lib/utils_device_locking.c:149:25: warning[-Wanalyzer-malloc-leak]: leak of 'h'
cryptsetup-2.8.3/lib/utils_device_locking.c:286:12: enter_function: entry to 'acquire_and_verify'
cryptsetup-2.8.3/lib/utils_device_locking.c:291:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:19: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: following 'false' branch (when 'h' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:294:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:21: branch_true: following 'true' branch (when 'device' is non-NULL)...
cryptsetup-2.8.3/lib/utils_device_locking.c:298:30: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_device_locking.c:298:30: call_function: calling 'acquire_lock_handle' from 'acquire_and_verify'
#  147|   	if (S_ISBLK(st.st_mode)) {
#  148|   		if (resource_by_devno(res, sizeof(res), st.st_rdev, 0)) {
#  149|-> 			close(dev_fd);
#  150|   			return -EINVAL;
#  151|   		}

Error: CPPCHECK_WARNING (CWE-476): [#def212]
cryptsetup-2.8.3/lib/utils_device_locking.c:185: error[ctunullpointer]: Null pointer dereference: name
#  183|   	int fd;
#  184|   
#  185|-> 	h->u.name.name = strdup(name);
#  186|   	if (!h->u.name.name)
#  187|   		return -ENOMEM;

Error: CPPCHECK_WARNING (CWE-476): [#def213]
cryptsetup-2.8.3/lib/utils_device_locking.c:185: warning[nullPointer]: Possible null pointer dereference: name
#  183|   	int fd;
#  184|   
#  185|-> 	h->u.name.name = strdup(name);
#  186|   	if (!h->u.name.name)
#  187|   		return -ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def214]
cryptsetup-2.8.3/lib/utils_devpath.c:48:24: warning[-Wanalyzer-malloc-leak]: leak of 'opendir(path)'
cryptsetup-2.8.3/lib/utils_devpath.c:113:7: enter_function: entry to 'crypt_lookup_dev'
cryptsetup-2.8.3/lib/utils_devpath.c:120:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:123:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:123:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:126:15: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:127:12: branch_true: following 'true' branch (when 'len < 0')...
cryptsetup-2.8.3/lib/utils_devpath.c:129:21: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:129:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:130:32: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:130:32: call_function: calling 'lookup_dev_old' from 'crypt_lookup_dev'
#   46|   		return NULL;
#   47|   
#   48|-> 	while((entry = readdir(dir))) {
#   49|   		if (entry->d_name[0] == '.' ||
#   50|   		    !strncmp(entry->d_name, "..", 2))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def215]
cryptsetup-2.8.3/lib/utils_devpath.c:79:9: warning[-Wanalyzer-malloc-leak]: leak of 'result'
cryptsetup-2.8.3/lib/utils_devpath.c:113:7: enter_function: entry to 'crypt_lookup_dev'
cryptsetup-2.8.3/lib/utils_devpath.c:120:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:123:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:123:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:126:15: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:127:12: branch_true: following 'true' branch (when 'len < 0')...
cryptsetup-2.8.3/lib/utils_devpath.c:129:21: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:129:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:130:32: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:130:32: call_function: calling 'lookup_dev_old' from 'crypt_lookup_dev'
#   77|   	}
#   78|   
#   79|-> 	closedir(dir);
#   80|   	return result;
#   81|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def216]
cryptsetup-2.8.3/lib/utils_devpath.c:167:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(sysfs_path, 0)'
cryptsetup-2.8.3/lib/utils_devpath.c:164:19: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils_devpath.c:164:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:166:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:167:9: danger: 'open(sysfs_path, 0)' leaks here; was opened at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  165|   		return 0;
#  166|   	r = read(fd, tmp, sizeof(tmp));
#  167|-> 	close(fd);
#  168|   
#  169|   	if (r <= 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def217]
cryptsetup-2.8.3/lib/utils_devpath.c:212:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(&path, 0)'
cryptsetup-2.8.3/lib/utils_devpath.c:205:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:209:19: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:209:19: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils_devpath.c:209:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:211:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:212:9: danger: 'open(&path, 0)' leaks here; was opened at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  210|   		return 0;
#  211|   	r = read(fd, buf, buf_size);
#  212|-> 	close(fd);
#  213|   
#  214|   	return r < 0 ? 0 : r;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def218]
cryptsetup-2.8.3/lib/utils_devpath.c:353:17: warning[-Wanalyzer-malloc-leak]: leak of 'opendir(&path)'
cryptsetup-2.8.3/lib/utils_devpath.c:337:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:340:14: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:340:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:343:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:343:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:347:15: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:347:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_devpath.c:348:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:351:15: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:352:12: branch_true: following 'true' branch (when 'len < 0')...
cryptsetup-2.8.3/lib/utils_devpath.c:353:17: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:353:17: danger: 'opendir(&path)' leaks here; was allocated at [(7)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/6)
#  351|   	len = readlink(path, link, sizeof(link) - 1);
#  352|   	if (len < 0) {
#  353|-> 		closedir(dir);
#  354|   		return NULL;
#  355|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def219]
cryptsetup-2.8.3/lib/utils_devpath.c:361:17: warning[-Wanalyzer-malloc-leak]: leak of 'opendir(&path)'
cryptsetup-2.8.3/lib/utils_devpath.c:337:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:340:14: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:340:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:343:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:343:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:347:15: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:347:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_devpath.c:348:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:351:15: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:352:12: branch_false: following 'false' branch (when 'len >= 0')...
cryptsetup-2.8.3/lib/utils_devpath.c:358:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:360:12: branch_true: following 'true' branch (when 'devname' is NULL)...
cryptsetup-2.8.3/lib/utils_devpath.c:361:17: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:361:17: danger: 'opendir(&path)' leaks here; was allocated at [(7)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/6)
#  359|   	devname = strrchr(link, '/');
#  360|   	if (!devname) {
#  361|-> 		closedir(dir);
#  362|   		return NULL;
#  363|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def220]
cryptsetup-2.8.3/lib/utils_devpath.c:367:13: warning[-Wanalyzer-malloc-leak]: leak of 'opendir(&path)'
cryptsetup-2.8.3/lib/utils_devpath.c:337:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:340:14: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:340:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:343:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:343:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:347:15: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:347:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_devpath.c:348:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:351:15: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:352:12: branch_false: following 'false' branch (when 'len >= 0')...
cryptsetup-2.8.3/lib/utils_devpath.c:358:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:360:12: branch_false: following 'false' branch (when 'devname' is non-NULL)...
cryptsetup-2.8.3/lib/utils_devpath.c:364:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:367:13: throw: if 'dm_is_dm_kernel_name' throws an exception...
cryptsetup-2.8.3/lib/utils_devpath.c:367:13: danger: 'opendir(&path)' leaks here; was allocated at [(7)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/6)
#  365|   
#  366|   	/* DM devices do not use kernel partitions. */
#  367|-> 	if (dm_is_dm_kernel_name(devname)) {
#  368|   		closedir(dir);
#  369|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def221]
cryptsetup-2.8.3/lib/utils_devpath.c:368:17: warning[-Wanalyzer-malloc-leak]: leak of 'opendir(&path)'
cryptsetup-2.8.3/lib/utils_devpath.c:337:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:340:14: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:340:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:343:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:343:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:347:15: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:347:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_devpath.c:348:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:351:15: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:352:12: branch_false: following 'false' branch (when 'len >= 0')...
cryptsetup-2.8.3/lib/utils_devpath.c:358:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:360:12: branch_false: following 'false' branch (when 'devname' is non-NULL)...
cryptsetup-2.8.3/lib/utils_devpath.c:364:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:367:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:368:17: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:368:17: danger: 'opendir(&path)' leaks here; was allocated at [(7)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/6)
#  366|   	/* DM devices do not use kernel partitions. */
#  367|   	if (dm_is_dm_kernel_name(devname)) {
#  368|-> 		closedir(dir);
#  369|   		return NULL;
#  370|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def222]
cryptsetup-2.8.3/lib/utils_devpath.c:373:24: warning[-Wanalyzer-malloc-leak]: leak of 'opendir(&path)'
cryptsetup-2.8.3/lib/utils_devpath.c:337:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:340:14: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:340:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:343:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:343:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:347:15: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:347:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_devpath.c:348:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:351:15: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:352:12: branch_false: following 'false' branch (when 'len >= 0')...
cryptsetup-2.8.3/lib/utils_devpath.c:358:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:360:12: branch_false: following 'false' branch (when 'devname' is non-NULL)...
cryptsetup-2.8.3/lib/utils_devpath.c:364:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:367:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:372:23: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:373:24: throw: if 'readdir' throws an exception...
cryptsetup-2.8.3/lib/utils_devpath.c:373:24: danger: 'opendir(&path)' leaks here; was allocated at [(7)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/6)
#  371|   
#  372|   	devname_len = strlen(devname);
#  373|-> 	while((entry = readdir(dir))) {
#  374|   		if (strncmp(entry->d_name, devname, devname_len))
#  375|   			continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def223]
cryptsetup-2.8.3/lib/utils_devpath.c:453:25: warning[-Wanalyzer-malloc-leak]: leak of 'opendir("/dev/disk/by-id")'
cryptsetup-2.8.3/lib/utils_devpath.c:447:20: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_devpath.c:449:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:449:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:453:25: throw: if 'readdir' throws an exception...
cryptsetup-2.8.3/lib/utils_devpath.c:453:25: danger: 'opendir("/dev/disk/by-id")' leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  451|   		return errno == ENOTDIR ? -ENOENT : -errno;
#  452|   
#  453|-> 	while ((entry = readdir(dir))) {
#  454|   		if (entry->d_name[0] == '.' ||
#  455|   		    !strncmp(entry->d_name, "..", 2))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def224]
cryptsetup-2.8.3/lib/utils_devpath.c:491:35: warning[-Wanalyzer-malloc-leak]: leak of 'opendir("/sys/block/")'
cryptsetup-2.8.3/lib/utils_devpath.c:485:20: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_devpath.c:487:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_devpath.c:487:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:491:16: branch_true: following 'true' branch (when 'r != 1')...
cryptsetup-2.8.3/lib/utils_devpath.c:491:35: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_devpath.c:491:35: throw: if 'readdir' throws an exception...
cryptsetup-2.8.3/lib/utils_devpath.c:491:35: danger: 'opendir("/sys/block/")' leaks here; was allocated at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
#  489|   		return errno == ENOTDIR ? -ENOENT : -errno;
#  490|   
#  491|-> 	while (r != 1 && (entry = readdir(dir))) {
#  492|   		if (entry->d_name[0] == '.' ||
#  493|   		    !strncmp(entry->d_name, "..", 2))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def225]
cryptsetup-2.8.3/lib/utils_keyring.c:160:13: warning[-Wanalyzer-malloc-leak]: leak of 'name_copy'
cryptsetup-2.8.3/lib/utils_keyring.c:331:14: enter_function: entry to 'keyring_find_key_id_by_name'
cryptsetup-2.8.3/lib/utils_keyring.c:337:9: branch_true: following 'true' branch (when 'key_name' is non-NULL)...
cryptsetup-2.8.3/lib/utils_keyring.c:339:13: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_keyring.c:339:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_keyring.c:352:21: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_keyring.c:352:21: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_keyring.c:353:12: branch_false: following 'false' branch (when 'name_copy' is non-NULL)...
cryptsetup-2.8.3/lib/utils_keyring.c:357:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_keyring.c:357:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils_keyring.c:360:17: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_keyring.c:361:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_keyring.c:364:20: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_keyring.c:375:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_keyring.c:378:22: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_keyring.c:378:22: call_function: calling 'find_key_by_type_and_desc' from 'keyring_find_key_id_by_name'
#  158|   		return id;
#  159|   
#  160|-> 	f = open("/proc/keys", O_RDONLY);
#  161|   	if (f < 0)
#  162|   		return 0;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def226]
cryptsetup-2.8.3/lib/utils_keyring.c:164:47: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open("/proc/keys", 0)'
cryptsetup-2.8.3/lib/utils_keyring.c:154:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils_keyring.c:154:23: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_keyring.c:154:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_keyring.c:160:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_keyring.c:160:13: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils_keyring.c:161:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_keyring.c:161:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_keyring.c:164:47: danger: 'open("/proc/keys", 0)' leaks here; was opened at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  162|   		return 0;
#  163|   
#  164|-> 	while ((n = read(f, buf + buffer_len, sizeof(buf) - buffer_len - 1)) > 0) {
#  165|   		/* coverity[overflow:FALSE] */
#  166|   		buffer_len += (size_t)n;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def227]
cryptsetup-2.8.3/lib/utils_keyring.c:179:33: warning[-Wanalyzer-malloc-leak]: leak of 'name_copy'
cryptsetup-2.8.3/lib/utils_keyring.c:331:14: enter_function: entry to 'keyring_find_key_id_by_name'
cryptsetup-2.8.3/lib/utils_keyring.c:337:9: branch_true: following 'true' branch (when 'key_name' is non-NULL)...
cryptsetup-2.8.3/lib/utils_keyring.c:339:13: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_keyring.c:339:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_keyring.c:352:21: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_keyring.c:352:21: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_keyring.c:353:12: branch_false: following 'false' branch (when 'name_copy' is non-NULL)...
cryptsetup-2.8.3/lib/utils_keyring.c:357:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_keyring.c:357:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils_keyring.c:360:17: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_keyring.c:361:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_keyring.c:364:20: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_keyring.c:375:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_keyring.c:378:22: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_keyring.c:378:22: call_function: calling 'find_key_by_type_and_desc' from 'keyring_find_key_id_by_name'
#  177|   			buffer_len -= newline - buf + 1;
#  178|   			if (buffer_len >= sizeof(buf)) {
#  179|-> 				close(f);
#  180|   				return 0;
#  181|   			}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def228]
cryptsetup-2.8.3/lib/utils_keyring.c:188:9: warning[-Wanalyzer-malloc-leak]: leak of 'name_copy'
cryptsetup-2.8.3/lib/utils_keyring.c:331:14: enter_function: entry to 'keyring_find_key_id_by_name'
cryptsetup-2.8.3/lib/utils_keyring.c:337:9: branch_true: following 'true' branch (when 'key_name' is non-NULL)...
cryptsetup-2.8.3/lib/utils_keyring.c:339:13: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_keyring.c:339:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_keyring.c:352:21: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_keyring.c:352:21: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_keyring.c:353:12: branch_false: following 'false' branch (when 'name_copy' is non-NULL)...
cryptsetup-2.8.3/lib/utils_keyring.c:357:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_keyring.c:357:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils_keyring.c:360:17: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_keyring.c:361:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_keyring.c:364:20: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_keyring.c:375:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_keyring.c:378:22: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_keyring.c:378:22: call_function: calling 'find_key_by_type_and_desc' from 'keyring_find_key_id_by_name'
#  186|   	}
#  187|   
#  188|-> 	close(f);
#  189|   	return 0;
#  190|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def229]
cryptsetup-2.8.3/lib/utils_loop.c:64:27: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'file_fd'
cryptsetup-2.8.3/lib/utils_loop.c:105:5: enter_function: entry to 'crypt_loop_attach'
cryptsetup-2.8.3/lib/utils_loop.c:115:19: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils_loop.c:116:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_loop.c:123:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:134:16: branch_true: following 'true' branch (when 'loop_fd == -1')...
cryptsetup-2.8.3/lib/utils_loop.c:135:25: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:135:25: call_function: calling 'crypt_loop_get_device' from 'crypt_loop_attach'
#   62|   		sprintf(dev, "/dev/loop%d", i);
#   63|   
#   64|-> 		loop_fd = open(dev, O_RDONLY);
#   65|   		if (loop_fd < 0)
#   66|   			return NULL;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def230]
cryptsetup-2.8.3/lib/utils_loop.c:64:27: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘file_fd’
cryptsetup-2.8.3/lib/utils_loop.c:105:5: enter_function: entry to ‘crypt_loop_attach’
cryptsetup-2.8.3/lib/utils_loop.c:115:19: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils_loop.c:116:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/lib/utils_loop.c:123:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:134:16: branch_true: following ‘true’ branch (when ‘loop_fd == -1’)...
cryptsetup-2.8.3/lib/utils_loop.c:135:25: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:135:25: call_function: calling ‘crypt_loop_get_device’ from ‘crypt_loop_attach’
#   62|   		sprintf(dev, "/dev/loop%d", i);
#   63|   
#   64|-> 		loop_fd = open(dev, O_RDONLY);
#   65|   		if (loop_fd < 0)
#   66|   			return NULL;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def231]
cryptsetup-2.8.3/lib/utils_loop.c:70:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'file_fd'
cryptsetup-2.8.3/lib/utils_loop.c:105:5: enter_function: entry to 'crypt_loop_attach'
cryptsetup-2.8.3/lib/utils_loop.c:115:19: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils_loop.c:116:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_loop.c:123:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:134:16: branch_true: following 'true' branch (when 'loop_fd == -1')...
cryptsetup-2.8.3/lib/utils_loop.c:135:25: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:135:25: call_function: calling 'crypt_loop_get_device' from 'crypt_loop_attach'
#   68|   		if (ioctl(loop_fd, LOOP_GET_STATUS64, &lo64) &&
#   69|   		    errno == ENXIO) {
#   70|-> 			close(loop_fd);
#   71|   			return strdup(dev);
#   72|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def232]
cryptsetup-2.8.3/lib/utils_loop.c:70:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘file_fd’
cryptsetup-2.8.3/lib/utils_loop.c:105:5: enter_function: entry to ‘crypt_loop_attach’
cryptsetup-2.8.3/lib/utils_loop.c:115:19: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils_loop.c:116:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/lib/utils_loop.c:123:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:134:16: branch_true: following ‘true’ branch (when ‘loop_fd == -1’)...
cryptsetup-2.8.3/lib/utils_loop.c:135:25: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:135:25: call_function: calling ‘crypt_loop_get_device’ from ‘crypt_loop_attach’
#   68|   		if (ioctl(loop_fd, LOOP_GET_STATUS64, &lo64) &&
#   69|   		    errno == ENXIO) {
#   70|-> 			close(loop_fd);
#   71|   			return strdup(dev);
#   72|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def233]
cryptsetup-2.8.3/lib/utils_loop.c:73:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'file_fd'
cryptsetup-2.8.3/lib/utils_loop.c:105:5: enter_function: entry to 'crypt_loop_attach'
cryptsetup-2.8.3/lib/utils_loop.c:115:19: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils_loop.c:116:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_loop.c:123:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:134:16: branch_true: following 'true' branch (when 'loop_fd == -1')...
cryptsetup-2.8.3/lib/utils_loop.c:135:25: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:135:25: call_function: calling 'crypt_loop_get_device' from 'crypt_loop_attach'
#   71|   			return strdup(dev);
#   72|   		}
#   73|-> 		close(loop_fd);
#   74|   	}
#   75|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def234]
cryptsetup-2.8.3/lib/utils_loop.c:73:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘file_fd’
cryptsetup-2.8.3/lib/utils_loop.c:105:5: enter_function: entry to ‘crypt_loop_attach’
cryptsetup-2.8.3/lib/utils_loop.c:115:19: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils_loop.c:116:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/lib/utils_loop.c:123:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:134:16: branch_true: following ‘true’ branch (when ‘loop_fd == -1’)...
cryptsetup-2.8.3/lib/utils_loop.c:135:25: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:135:25: call_function: calling ‘crypt_loop_get_device’ from ‘crypt_loop_attach’
#   71|   			return strdup(dev);
#   72|   		}
#   73|-> 		close(loop_fd);
#   74|   	}
#   75|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def235]
cryptsetup-2.8.3/lib/utils_loop.c:85:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'file_fd'
cryptsetup-2.8.3/lib/utils_loop.c:105:5: enter_function: entry to 'crypt_loop_attach'
cryptsetup-2.8.3/lib/utils_loop.c:115:19: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils_loop.c:116:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_loop.c:123:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:134:16: branch_true: following 'true' branch (when 'loop_fd == -1')...
cryptsetup-2.8.3/lib/utils_loop.c:135:25: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:135:25: call_function: calling 'crypt_loop_get_device' from 'crypt_loop_attach'
#   83|   	struct stat st;
#   84|   
#   85|-> 	loop_fd = open("/dev/loop-control", O_RDONLY);
#   86|   	if (loop_fd < 0)
#   87|   		return crypt_loop_get_device_old();

Error: GCC_ANALYZER_WARNING (CWE-775): [#def236]
cryptsetup-2.8.3/lib/utils_loop.c:85:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘file_fd’
cryptsetup-2.8.3/lib/utils_loop.c:105:5: enter_function: entry to ‘crypt_loop_attach’
cryptsetup-2.8.3/lib/utils_loop.c:115:19: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils_loop.c:116:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/lib/utils_loop.c:123:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:134:16: branch_true: following ‘true’ branch (when ‘loop_fd == -1’)...
cryptsetup-2.8.3/lib/utils_loop.c:135:25: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:135:25: call_function: calling ‘crypt_loop_get_device’ from ‘crypt_loop_attach’
#   83|   	struct stat st;
#   84|   
#   85|-> 	loop_fd = open("/dev/loop-control", O_RDONLY);
#   86|   	if (loop_fd < 0)
#   87|   		return crypt_loop_get_device_old();

Error: GCC_ANALYZER_WARNING (CWE-775): [#def237]
cryptsetup-2.8.3/lib/utils_loop.c:91:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'file_fd'
cryptsetup-2.8.3/lib/utils_loop.c:105:5: enter_function: entry to 'crypt_loop_attach'
cryptsetup-2.8.3/lib/utils_loop.c:115:19: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils_loop.c:116:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_loop.c:123:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:134:16: branch_true: following 'true' branch (when 'loop_fd == -1')...
cryptsetup-2.8.3/lib/utils_loop.c:135:25: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:135:25: call_function: calling 'crypt_loop_get_device' from 'crypt_loop_attach'
#   89|   	i = ioctl(loop_fd, LOOP_CTL_GET_FREE);
#   90|   	if (i < 0) {
#   91|-> 		close(loop_fd);
#   92|   		return NULL;
#   93|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def238]
cryptsetup-2.8.3/lib/utils_loop.c:91:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘file_fd’
cryptsetup-2.8.3/lib/utils_loop.c:105:5: enter_function: entry to ‘crypt_loop_attach’
cryptsetup-2.8.3/lib/utils_loop.c:115:19: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils_loop.c:116:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/lib/utils_loop.c:123:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:134:16: branch_true: following ‘true’ branch (when ‘loop_fd == -1’)...
cryptsetup-2.8.3/lib/utils_loop.c:135:25: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:135:25: call_function: calling ‘crypt_loop_get_device’ from ‘crypt_loop_attach’
#   89|   	i = ioctl(loop_fd, LOOP_CTL_GET_FREE);
#   90|   	if (i < 0) {
#   91|-> 		close(loop_fd);
#   92|   		return NULL;
#   93|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def239]
cryptsetup-2.8.3/lib/utils_loop.c:287:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open(&buf, 0)'
cryptsetup-2.8.3/lib/utils_loop.c:275:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_loop.c:278:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_loop.c:282:14: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:282:14: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils_loop.c:283:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_loop.c:286:15: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:287:9: danger: 'open(&buf, 0)' leaks here; was opened at [(5)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/4)
#  285|   
#  286|   	len = read(fd, buf, PATH_MAX);
#  287|-> 	close(fd);
#  288|   	if (len < 2)
#  289|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def240]
cryptsetup-2.8.3/lib/utils_loop.c:287:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&buf, 0)’
cryptsetup-2.8.3/lib/utils_loop.c:275:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/lib/utils_loop.c:278:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/lib/utils_loop.c:282:14: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:282:14: acquire_resource: opened here
cryptsetup-2.8.3/lib/utils_loop.c:283:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/lib/utils_loop.c:286:15: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_loop.c:287:9: danger: ‘open(&buf, 0)’ leaks here; was opened at [(5)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/4)
#  285|   
#  286|   	len = read(fd, buf, PATH_MAX);
#  287|-> 	close(fd);
#  288|   	if (len < 2)
#  289|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def241]
cryptsetup-2.8.3/lib/utils_safe_memory.c:53:9: warning[-Wanalyzer-malloc-leak]: leak of 'alloc'
cryptsetup-2.8.3/lib/utils_safe_memory.c:46:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_safe_memory.c:49:24: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_safe_memory.c:49:17: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_safe_memory.c:50:12: branch_false: following 'false' branch (when 'alloc' is non-NULL)...
cryptsetup-2.8.3/lib/utils_safe_memory.c:53:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_safe_memory.c:53:9: throw: if 'crypt_backend_memzero' throws an exception...
cryptsetup-2.8.3/lib/utils_safe_memory.c:53:9: danger: 'alloc' leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   51|   		return NULL;
#   52|   
#   53|-> 	crypt_backend_memzero(alloc, size + OVERHEAD);
#   54|   	alloc->size = size;
#   55|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def242]
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:52:13: warning[-Wanalyzer-malloc-leak]: leak of 'w'
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:141:5: enter_function: entry to 'crypt_storage_wrapper_init'
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:156:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:162:35: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:164:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:165:12: branch_false: following 'false' branch (when 'w' is non-NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:168:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:172:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:179:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:191:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:191:12: branch_false: following 'false' branch (when 'vk' is non-NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:197:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:197:13: call_function: calling 'crypt_storage_backend_init' from 'crypt_storage_wrapper_init'
#   50|   
#   51|   	/* iv_start, sector_size */
#   52|-> 	r = crypt_storage_init(&s, sector_size, cipher, cipher_mode,
#   53|   			       crypt_volume_key_get_key(vk),
#   54|   			       crypt_volume_key_length(vk), flags & LARGE_IV);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def243]
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:53:32: warning[-Wanalyzer-malloc-leak]: leak of 'w'
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:141:5: enter_function: entry to 'crypt_storage_wrapper_init'
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:156:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:162:35: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:164:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:165:12: branch_false: following 'false' branch (when 'w' is non-NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:168:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:172:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:179:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:191:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:191:12: branch_false: following 'false' branch (when 'vk' is non-NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:197:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:197:13: call_function: calling 'crypt_storage_backend_init' from 'crypt_storage_wrapper_init'
#   51|   	/* iv_start, sector_size */
#   52|   	r = crypt_storage_init(&s, sector_size, cipher, cipher_mode,
#   53|-> 			       crypt_volume_key_get_key(vk),
#   54|   			       crypt_volume_key_length(vk), flags & LARGE_IV);
#   55|   	if (r)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def244]
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:58:40: warning[-Wanalyzer-malloc-leak]: leak of 'w'
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:141:5: enter_function: entry to 'crypt_storage_wrapper_init'
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:156:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:162:35: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:164:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:165:12: branch_false: following 'false' branch (when 'w' is non-NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:168:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:172:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:179:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:191:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:191:12: branch_false: following 'false' branch (when 'vk' is non-NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:197:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:197:13: call_function: calling 'crypt_storage_backend_init' from 'crypt_storage_wrapper_init'
#   56|   		return r;
#   57|   
#   58|-> 	if ((flags & DISABLE_KCAPI) && crypt_storage_kernel_only(s)) {
#   59|   		log_dbg(cd, "Could not initialize userspace block cipher and kernel fallback is disabled.");
#   60|   		crypt_storage_destroy(s);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def245]
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:59:17: warning[-Wanalyzer-malloc-leak]: leak of 'w'
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:141:5: enter_function: entry to 'crypt_storage_wrapper_init'
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:156:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:162:35: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:164:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:165:12: branch_false: following 'false' branch (when 'w' is non-NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:168:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:172:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:179:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:191:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:191:12: branch_false: following 'false' branch (when 'vk' is non-NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:197:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:197:13: call_function: calling 'crypt_storage_backend_init' from 'crypt_storage_wrapper_init'
#   57|   
#   58|   	if ((flags & DISABLE_KCAPI) && crypt_storage_kernel_only(s)) {
#   59|-> 		log_dbg(cd, "Could not initialize userspace block cipher and kernel fallback is disabled.");
#   60|   		crypt_storage_destroy(s);
#   61|   		return -ENOTSUP;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def246]
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:60:17: warning[-Wanalyzer-malloc-leak]: leak of 'w'
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:141:5: enter_function: entry to 'crypt_storage_wrapper_init'
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:156:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:162:35: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:164:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:165:12: branch_false: following 'false' branch (when 'w' is non-NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:168:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:172:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:179:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:191:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:191:12: branch_false: following 'false' branch (when 'vk' is non-NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:197:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:197:13: call_function: calling 'crypt_storage_backend_init' from 'crypt_storage_wrapper_init'
#   58|   	if ((flags & DISABLE_KCAPI) && crypt_storage_kernel_only(s)) {
#   59|   		log_dbg(cd, "Could not initialize userspace block cipher and kernel fallback is disabled.");
#   60|-> 		crypt_storage_destroy(s);
#   61|   		return -ENOTSUP;
#   62|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def247]
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:89:9: warning[-Wanalyzer-malloc-leak]: leak of 'w'
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:141:5: enter_function: entry to 'crypt_storage_wrapper_init'
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:156:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:162:35: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:164:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:165:12: branch_false: following 'false' branch (when 'w' is non-NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:168:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:172:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:179:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:191:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:191:12: branch_false: following 'false' branch (when 'vk' is non-NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:197:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:198:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:203:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:205:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:208:13: call_function: calling 'crypt_storage_dmcrypt_init' from 'crypt_storage_wrapper_init'
#   87|   	int mode, r, fd = -1;
#   88|   
#   89|-> 	log_dbg(cd, "Using temporary dmcrypt to access data.");
#   90|   
#   91|   	if (snprintf(cw->u.dm.name, sizeof(cw->u.dm.name), "temporary-cryptsetup-%d-%d", getpid(), counter++) < 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def248]
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:170:28: warning[-Wanalyzer-malloc-leak]: leak of 'w'
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:156:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:162:35: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:164:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:165:12: branch_false: following 'false' branch (when 'w' is non-NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:168:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:170:28: throw: if 'device_alignment' throws an exception...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:170:28: danger: 'w' leaks here; was allocated at [(5)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/4)
#  168|   	memset(w, 0, sizeof(*w));
#  169|   	w->data_offset = data_offset;
#  170|-> 	w->mem_alignment = device_alignment(device);
#  171|   	w->block_size = device_block_size(cd, device);
#  172|   	if (!w->block_size || !w->mem_alignment) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def249]
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:171:25: warning[-Wanalyzer-malloc-leak]: leak of 'w'
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:156:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:162:35: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:164:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:165:12: branch_false: following 'false' branch (when 'w' is non-NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:168:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:171:25: throw: if 'device_block_size' throws an exception...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:171:25: danger: 'w' leaks here; was allocated at [(5)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/4)
#  169|   	w->data_offset = data_offset;
#  170|   	w->mem_alignment = device_alignment(device);
#  171|-> 	w->block_size = device_block_size(cd, device);
#  172|   	if (!w->block_size || !w->mem_alignment) {
#  173|   		log_dbg(cd, "block size or alignment error.");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def250]
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:173:17: warning[-Wanalyzer-malloc-leak]: leak of 'w'
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:156:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:162:35: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:164:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:165:12: branch_false: following 'false' branch (when 'w' is non-NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:168:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:173:17: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:173:17: danger: 'w' leaks here; was allocated at [(5)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/4)
#  171|   	w->block_size = device_block_size(cd, device);
#  172|   	if (!w->block_size || !w->mem_alignment) {
#  173|-> 		log_dbg(cd, "block size or alignment error.");
#  174|   		r = -EINVAL;
#  175|   		goto err;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def251]
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:178:21: warning[-Wanalyzer-malloc-leak]: leak of 'w'
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:156:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:162:35: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:164:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:165:12: branch_false: following 'false' branch (when 'w' is non-NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:168:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:172:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:178:21: throw: if 'device_open' throws an exception...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:178:21: danger: 'w' leaks here; was allocated at [(5)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/4)
#  176|   	}
#  177|   
#  178|-> 	w->dev_fd = device_open(cd, device, open_flags);
#  179|   	if (w->dev_fd < 0) {
#  180|   		r = -EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def252]
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:13: warning[-Wanalyzer-malloc-leak]: leak of 'w'
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:156:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:162:35: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:164:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:165:12: branch_false: following 'false' branch (when 'w' is non-NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:168:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:172:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:179:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:13: throw: if 'crypt_is_cipher_null' throws an exception...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:13: danger: 'w' leaks here; was allocated at [(5)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/4)
#  182|   	}
#  183|   
#  184|-> 	if (crypt_is_cipher_null(_cipher)) {
#  185|   		log_dbg(cd, "Requested cipher_null, switching to noop wrapper.");
#  186|   		w->type = NONE;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def253]
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:185:17: warning[-Wanalyzer-malloc-leak]: leak of 'w'
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:156:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:162:35: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:164:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:165:12: branch_false: following 'false' branch (when 'w' is non-NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:168:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:172:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:179:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:185:17: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:185:17: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:185:17: danger: 'w' leaks here; was allocated at [(5)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/4)
#  183|   
#  184|   	if (crypt_is_cipher_null(_cipher)) {
#  185|-> 		log_dbg(cd, "Requested cipher_null, switching to noop wrapper.");
#  186|   		w->type = NONE;
#  187|   		*cw = w;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def254]
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:192:17: warning[-Wanalyzer-malloc-leak]: leak of 'w'
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:156:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:162:35: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:164:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:165:12: branch_false: following 'false' branch (when 'w' is non-NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:168:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:172:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:179:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:191:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:191:12: branch_true: following 'true' branch (when 'vk' is NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:192:17: branch_true: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:192:17: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:192:17: danger: 'w' leaks here; was allocated at [(5)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/4)
#  190|   
#  191|   	if (!vk) {
#  192|-> 		log_dbg(cd, "no key passed.");
#  193|   		r = -EINVAL;
#  194|   		goto err;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def255]
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:203:9: warning[-Wanalyzer-malloc-leak]: leak of 'w'
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:156:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:159:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:162:35: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:164:13: acquire_memory: allocated here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:165:12: branch_false: following 'false' branch (when 'w' is non-NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:168:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:172:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:179:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:184:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:191:12: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:191:12: branch_false: following 'false' branch (when 'vk' is non-NULL)...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:197:13: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:198:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:203:9: branch_false: ...to here
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:203:9: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/utils_storage_wrappers.c:203:9: danger: 'w' leaks here; was allocated at [(5)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/4)
#  201|   	}
#  202|   
#  203|-> 	log_dbg(cd, "Failed to initialize userspace block cipher.");
#  204|   
#  205|   	if ((r != -ENOTSUP && r != -ENOENT) || (flags & DISABLE_DMCRYPT))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def256]
cryptsetup-2.8.3/lib/verity/verity_fec.c:86:25: warning[-Wanalyzer-malloc-leak]: leak of 'buf'
cryptsetup-2.8.3/lib/verity/verity_fec.c:94:12: enter_function: entry to 'FEC_process_inputs'
cryptsetup-2.8.3/lib/verity/verity_fec.c:117:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:123:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:134:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_fec.c:135:12: branch_false: following 'false' branch (when 'buf' is non-NULL)...
cryptsetup-2.8.3/lib/verity/verity_fec.c:135:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:142:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:142:21: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:144:29: call_function: calling 'FEC_read_interleaved' from 'FEC_process_inputs'
#   84|   		if (lseek(ctx->inputs[n].fd, ctx->inputs[n].start + offset, SEEK_SET) < 0)
#   85|   			return -1;
#   86|-> 		return (read_buffer(ctx->inputs[n].fd, output, count) == (ssize_t)count) ? 0 : -1;
#   87|   	}
#   88|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def257]
cryptsetup-2.8.3/lib/verity/verity_fec.c:146:33: warning[-Wanalyzer-malloc-leak]: leak of 'buf'
cryptsetup-2.8.3/lib/verity/verity_fec.c:94:12: enter_function: entry to 'FEC_process_inputs'
cryptsetup-2.8.3/lib/verity/verity_fec.c:117:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:123:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:134:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_fec.c:135:12: branch_false: following 'false' branch (when 'buf' is non-NULL)...
cryptsetup-2.8.3/lib/verity/verity_fec.c:135:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:142:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:142:21: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:144:29: call_function: calling 'FEC_read_interleaved' from 'FEC_process_inputs'
cryptsetup-2.8.3/lib/verity/verity_fec.c:144:29: return_function: returning to 'FEC_process_inputs' from 'FEC_read_interleaved'
cryptsetup-2.8.3/lib/verity/verity_fec.c:144:28: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:146:33: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:146:33: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/verity/verity_fec.c:146:33: danger: 'buf' leaks here; was allocated at [(4)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/3)
#  144|   			if (FEC_read_interleaved(&ctx, n * ctx.rsn * ctx.block_size + i,
#  145|   						 &buf[i * ctx.block_size], ctx.block_size)) {
#  146|-> 				log_err(cd, _("Failed to read RS block %" PRIu64 " byte %d."), n, i);
#  147|   				r = -EIO;
#  148|   				goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def258]
cryptsetup-2.8.3/lib/verity/verity_fec.c:158:37: warning[-Wanalyzer-malloc-leak]: leak of 'buf'
cryptsetup-2.8.3/lib/verity/verity_fec.c:117:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:123:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:134:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_fec.c:135:12: branch_false: following 'false' branch (when 'buf' is non-NULL)...
cryptsetup-2.8.3/lib/verity/verity_fec.c:135:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:142:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:142:21: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:153:37: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:157:28: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:157:28: branch_true: following 'true' branch (when 'decode != 0')...
cryptsetup-2.8.3/lib/verity/verity_fec.c:158:37: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:158:37: throw: if 'read_buffer' throws an exception...
cryptsetup-2.8.3/lib/verity/verity_fec.c:158:37: danger: 'buf' leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  156|   			/* decoding from parity device */
#  157|   			if (decode) {
#  158|-> 				if (read_buffer(fd, &rs_block[ctx.rsn], ctx.roots) < 0) {
#  159|   					log_err(cd, _("Failed to read parity for RS block %" PRIu64 "."), n);
#  160|   					r = -EIO;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def259]
cryptsetup-2.8.3/lib/verity/verity_fec.c:159:41: warning[-Wanalyzer-malloc-leak]: leak of 'buf'
cryptsetup-2.8.3/lib/verity/verity_fec.c:117:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:123:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:134:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_fec.c:135:12: branch_false: following 'false' branch (when 'buf' is non-NULL)...
cryptsetup-2.8.3/lib/verity/verity_fec.c:135:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:142:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:142:21: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:159:41: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/verity/verity_fec.c:159:41: danger: 'buf' leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  157|   			if (decode) {
#  158|   				if (read_buffer(fd, &rs_block[ctx.rsn], ctx.roots) < 0) {
#  159|-> 					log_err(cd, _("Failed to read parity for RS block %" PRIu64 "."), n);
#  160|   					r = -EIO;
#  161|   					goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def260]
cryptsetup-2.8.3/lib/verity/verity_fec.c:165:37: warning[-Wanalyzer-malloc-leak]: leak of 'buf'
cryptsetup-2.8.3/lib/verity/verity_fec.c:117:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:123:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:134:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_fec.c:135:12: branch_false: following 'false' branch (when 'buf' is non-NULL)...
cryptsetup-2.8.3/lib/verity/verity_fec.c:135:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:142:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:142:21: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:153:37: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:157:28: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:157:28: branch_true: following 'true' branch (when 'decode != 0')...
cryptsetup-2.8.3/lib/verity/verity_fec.c:158:37: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:158:36: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:165:37: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:165:37: throw: if 'decode_rs_char' throws an exception...
cryptsetup-2.8.3/lib/verity/verity_fec.c:165:37: danger: 'buf' leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  163|   
#  164|   				/* coverity[tainted_data] */
#  165|-> 				r = decode_rs_char(rs, rs_block);
#  166|   				if (r < 0) {
#  167|   					log_err(cd, _("Failed to repair parity for block %" PRIu64 "."), n);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def261]
cryptsetup-2.8.3/lib/verity/verity_fec.c:167:41: warning[-Wanalyzer-malloc-leak]: leak of 'buf'
cryptsetup-2.8.3/lib/verity/verity_fec.c:117:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:123:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:134:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_fec.c:135:12: branch_false: following 'false' branch (when 'buf' is non-NULL)...
cryptsetup-2.8.3/lib/verity/verity_fec.c:135:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:142:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:142:21: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:158:36: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:165:37: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:167:41: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/verity/verity_fec.c:167:41: danger: 'buf' leaks here; was allocated at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#  165|   				r = decode_rs_char(rs, rs_block);
#  166|   				if (r < 0) {
#  167|-> 					log_err(cd, _("Failed to repair parity for block %" PRIu64 "."), n);
#  168|   					r = -EPERM;
#  169|   					goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def262]
cryptsetup-2.8.3/lib/verity/verity_fec.c:177:33: warning[-Wanalyzer-malloc-leak]: leak of 'buf'
cryptsetup-2.8.3/lib/verity/verity_fec.c:117:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:123:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:134:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_fec.c:135:12: branch_false: following 'false' branch (when 'buf' is non-NULL)...
cryptsetup-2.8.3/lib/verity/verity_fec.c:135:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:142:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:142:21: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:177:33: throw: if 'encode_rs_char' throws an exception...
cryptsetup-2.8.3/lib/verity/verity_fec.c:177:33: danger: 'buf' leaks here; was allocated at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2)
#  175|   			} else {
#  176|   				/* encoding and writing parity data to fec device */
#  177|-> 				encode_rs_char(rs, rs_block, &rs_block[ctx.rsn]);
#  178|   				if (write_buffer(fd, &rs_block[ctx.rsn], ctx.roots) < 0) {
#  179|   					log_err(cd, _("Failed to write parity for RS block %" PRIu64 "."), n);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def263]
cryptsetup-2.8.3/lib/verity/verity_fec.c:178:37: warning[-Wanalyzer-malloc-leak]: leak of 'buf'
cryptsetup-2.8.3/lib/verity/verity_fec.c:117:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:123:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:134:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_fec.c:135:12: branch_false: following 'false' branch (when 'buf' is non-NULL)...
cryptsetup-2.8.3/lib/verity/verity_fec.c:135:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:142:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:142:21: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:178:37: throw: if 'write_buffer' throws an exception...
cryptsetup-2.8.3/lib/verity/verity_fec.c:178:37: danger: 'buf' leaks here; was allocated at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
#  176|   				/* encoding and writing parity data to fec device */
#  177|   				encode_rs_char(rs, rs_block, &rs_block[ctx.rsn]);
#  178|-> 				if (write_buffer(fd, &rs_block[ctx.rsn], ctx.roots) < 0) {
#  179|   					log_err(cd, _("Failed to write parity for RS block %" PRIu64 "."), n);
#  180|   					r = -EIO;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def264]
cryptsetup-2.8.3/lib/verity/verity_fec.c:179:41: warning[-Wanalyzer-malloc-leak]: leak of 'buf'
cryptsetup-2.8.3/lib/verity/verity_fec.c:117:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:123:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:134:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_fec.c:135:12: branch_false: following 'false' branch (when 'buf' is non-NULL)...
cryptsetup-2.8.3/lib/verity/verity_fec.c:135:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:142:21: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:142:21: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:179:41: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/verity/verity_fec.c:179:41: danger: 'buf' leaks here; was allocated at [(3)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/2)
#  177|   				encode_rs_char(rs, rs_block, &rs_block[ctx.rsn]);
#  178|   				if (write_buffer(fd, &rs_block[ctx.rsn], ctx.roots) < 0) {
#  179|-> 					log_err(cd, _("Failed to write parity for RS block %" PRIu64 "."), n);
#  180|   					r = -EIO;
#  181|   					goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def265]
cryptsetup-2.8.3/lib/verity/verity_fec.c:187:9: warning[-Wanalyzer-malloc-leak]: leak of 'buf'
cryptsetup-2.8.3/lib/verity/verity_fec.c:117:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_fec.c:123:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:134:15: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_fec.c:135:12: branch_false: following 'false' branch (when 'buf' is non-NULL)...
cryptsetup-2.8.3/lib/verity/verity_fec.c:135:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_fec.c:187:9: throw: if 'free_rs_char' throws an exception...
cryptsetup-2.8.3/lib/verity/verity_fec.c:187:9: danger: 'buf' leaks here; was allocated at [(3)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/2)
#  185|   	}
#  186|   out:
#  187|-> 	free_rs_char(rs);
#  188|   	free(buf);
#  189|   	return r;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def266]
cryptsetup-2.8.3/lib/verity/verity_hash.c:47:17: warning[-Wanalyzer-malloc-leak]: leak of 'block'
cryptsetup-2.8.3/lib/verity/verity_hash.c:42:17: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_hash.c:43:12: branch_false: following 'false' branch (when 'block' is non-NULL)...
cryptsetup-2.8.3/lib/verity/verity_hash.c:46:13: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:46:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:47:17: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:47:17: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/verity/verity_hash.c:47:17: danger: 'block' leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   45|   
#   46|   	if (fread(block, bytes, 1, wr) != 1) {
#   47|-> 		log_dbg(cd, "EIO while reading spare area.");
#   48|   		r = -EIO;
#   49|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def267]
cryptsetup-2.8.3/lib/verity/verity_hash.c:47:17: warning[-Wanalyzer-malloc-leak]: leak of 'data_buffer'
cryptsetup-2.8.3/lib/verity/verity_hash.c:131:12: enter_function: entry to 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:149:12: branch_false: following 'false' branch (when 'digest_size <= 1024')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:152:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:153:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:13: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:168:22: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:169:23: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_hash.c:170:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:175:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: following 'true' branch (when 'blocks_to_write != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:178:29: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:179:28: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:179:28: branch_true: following 'true' branch (when 'blocks == 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:234:21: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:234:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:235:28: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:235:28: branch_true: following 'true' branch (when 'verify != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:236:37: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:236:37: call_function: calling 'verify_zero' from 'create_or_verify'
#   45|   
#   46|   	if (fread(block, bytes, 1, wr) != 1) {
#   47|-> 		log_dbg(cd, "EIO while reading spare area.");
#   48|   		r = -EIO;
#   49|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def268]
cryptsetup-2.8.3/lib/verity/verity_hash.c:47:17: warning[-Wanalyzer-malloc-leak]: leak of 'left_block'
cryptsetup-2.8.3/lib/verity/verity_hash.c:131:12: enter_function: entry to 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:149:12: branch_false: following 'false' branch (when 'digest_size <= 1024')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:152:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:153:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:13: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:168:22: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:168:22: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_hash.c:170:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:175:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: following 'true' branch (when 'blocks_to_write != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:178:29: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:179:28: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:179:28: branch_true: following 'true' branch (when 'blocks == 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:234:21: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:234:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:235:28: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:235:28: branch_true: following 'true' branch (when 'verify != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:236:37: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:236:37: call_function: calling 'verify_zero' from 'create_or_verify'
#   45|   
#   46|   	if (fread(block, bytes, 1, wr) != 1) {
#   47|-> 		log_dbg(cd, "EIO while reading spare area.");
#   48|   		r = -EIO;
#   49|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def269]
cryptsetup-2.8.3/lib/verity/verity_hash.c:53:25: warning[-Wanalyzer-malloc-leak]: leak of 'block'
cryptsetup-2.8.3/lib/verity/verity_hash.c:42:17: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_hash.c:43:12: branch_false: following 'false' branch (when 'block' is non-NULL)...
cryptsetup-2.8.3/lib/verity/verity_hash.c:46:13: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:46:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:46:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:51:21: branch_true: following 'true' branch (when 'i < bytes')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:52:26: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:53:25: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/verity/verity_hash.c:53:25: danger: 'block' leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#   51|   	for (i = 0; i < bytes; i++)
#   52|   		if (block[i]) {
#   53|-> 			log_err(cd, _("Spare area is not zeroed at position %" PRIu64 "."),
#   54|   				ftello(wr) - bytes);
#   55|   			r = -EPERM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def270]
cryptsetup-2.8.3/lib/verity/verity_hash.c:53:25: warning[-Wanalyzer-malloc-leak]: leak of 'data_buffer'
cryptsetup-2.8.3/lib/verity/verity_hash.c:131:12: enter_function: entry to 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:149:12: branch_false: following 'false' branch (when 'digest_size <= 1024')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:152:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:153:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:13: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:168:22: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:169:23: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_hash.c:170:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:175:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: following 'true' branch (when 'blocks_to_write != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:178:29: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:179:28: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:179:28: branch_true: following 'true' branch (when 'blocks == 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:234:21: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:234:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:235:28: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:235:28: branch_true: following 'true' branch (when 'verify != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:236:37: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:236:37: call_function: calling 'verify_zero' from 'create_or_verify'
#   51|   	for (i = 0; i < bytes; i++)
#   52|   		if (block[i]) {
#   53|-> 			log_err(cd, _("Spare area is not zeroed at position %" PRIu64 "."),
#   54|   				ftello(wr) - bytes);
#   55|   			r = -EPERM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def271]
cryptsetup-2.8.3/lib/verity/verity_hash.c:53:25: warning[-Wanalyzer-malloc-leak]: leak of 'left_block'
cryptsetup-2.8.3/lib/verity/verity_hash.c:131:12: enter_function: entry to 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:149:12: branch_false: following 'false' branch (when 'digest_size <= 1024')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:152:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:153:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:13: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:13: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:168:22: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:168:22: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_hash.c:170:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:175:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: following 'true' branch (when 'blocks_to_write != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:178:29: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:179:28: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:179:28: branch_true: following 'true' branch (when 'blocks == 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:234:21: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:234:20: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:235:28: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:235:28: branch_true: following 'true' branch (when 'verify != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:236:37: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:236:37: call_function: calling 'verify_zero' from 'create_or_verify'
#   51|   	for (i = 0; i < bytes; i++)
#   52|   		if (block[i]) {
#   53|-> 			log_err(cd, _("Spare area is not zeroed at position %" PRIu64 "."),
#   54|   				ftello(wr) - bytes);
#   55|   			r = -EPERM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def272]
cryptsetup-2.8.3/lib/verity/verity_hash.c:72:13: warning[-Wanalyzer-malloc-leak]: leak of 'data_buffer'
cryptsetup-2.8.3/lib/verity/verity_hash.c:131:12: enter_function: entry to 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:149:12: branch_false: following 'false' branch (when 'digest_size <= 1024')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:152:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:153:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:13: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:169:23: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_hash.c:170:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:175:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: following 'true' branch (when 'blocks_to_write != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:178:29: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:179:28: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:182:28: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: call_function: calling 'verify_hash_block' from 'create_or_verify'
#   70|   	int r;
#   71|   
#   72|-> 	if (crypt_hash_init(&ctx, hash_name))
#   73|   		return -EINVAL;
#   74|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def273]
cryptsetup-2.8.3/lib/verity/verity_hash.c:72:13: warning[-Wanalyzer-malloc-leak]: leak of 'left_block'
cryptsetup-2.8.3/lib/verity/verity_hash.c:131:12: enter_function: entry to 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:149:12: branch_false: following 'false' branch (when 'digest_size <= 1024')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:152:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:153:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:13: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:168:22: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_hash.c:170:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:175:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: following 'true' branch (when 'blocks_to_write != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:178:29: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:179:28: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:182:28: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: call_function: calling 'verify_hash_block' from 'create_or_verify'
#   70|   	int r;
#   71|   
#   72|-> 	if (crypt_hash_init(&ctx, hash_name))
#   73|   		return -EINVAL;
#   74|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def274]
cryptsetup-2.8.3/lib/verity/verity_hash.c:75:34: warning[-Wanalyzer-malloc-leak]: leak of 'data_buffer'
cryptsetup-2.8.3/lib/verity/verity_hash.c:131:12: enter_function: entry to 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:149:12: branch_false: following 'false' branch (when 'digest_size <= 1024')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:152:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:153:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:13: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:169:23: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_hash.c:170:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:175:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: following 'true' branch (when 'blocks_to_write != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:178:29: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:179:28: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:182:28: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: call_function: calling 'verify_hash_block' from 'create_or_verify'
#   73|   		return -EINVAL;
#   74|   
#   75|-> 	if (version == 1 && (r = crypt_hash_write(ctx, salt, salt_size)))
#   76|   		goto out;
#   77|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def275]
cryptsetup-2.8.3/lib/verity/verity_hash.c:75:34: warning[-Wanalyzer-malloc-leak]: leak of 'left_block'
cryptsetup-2.8.3/lib/verity/verity_hash.c:131:12: enter_function: entry to 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:149:12: branch_false: following 'false' branch (when 'digest_size <= 1024')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:152:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:153:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:13: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:168:22: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_hash.c:170:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:175:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: following 'true' branch (when 'blocks_to_write != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:178:29: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:179:28: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:182:28: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: call_function: calling 'verify_hash_block' from 'create_or_verify'
#   73|   		return -EINVAL;
#   74|   
#   75|-> 	if (version == 1 && (r = crypt_hash_write(ctx, salt, salt_size)))
#   76|   		goto out;
#   77|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def276]
cryptsetup-2.8.3/lib/verity/verity_hash.c:78:18: warning[-Wanalyzer-malloc-leak]: leak of 'data_buffer'
cryptsetup-2.8.3/lib/verity/verity_hash.c:131:12: enter_function: entry to 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:149:12: branch_false: following 'false' branch (when 'digest_size <= 1024')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:152:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:153:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:13: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:169:23: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_hash.c:170:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:175:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: following 'true' branch (when 'blocks_to_write != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:178:29: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:179:28: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:182:28: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: call_function: calling 'verify_hash_block' from 'create_or_verify'
#   76|   		goto out;
#   77|   
#   78|-> 	if ((r = crypt_hash_write(ctx, data, data_size)))
#   79|   		goto out;
#   80|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def277]
cryptsetup-2.8.3/lib/verity/verity_hash.c:78:18: warning[-Wanalyzer-malloc-leak]: leak of 'left_block'
cryptsetup-2.8.3/lib/verity/verity_hash.c:131:12: enter_function: entry to 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:149:12: branch_false: following 'false' branch (when 'digest_size <= 1024')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:152:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:153:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:13: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:168:22: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_hash.c:170:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:175:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: following 'true' branch (when 'blocks_to_write != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:178:29: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:179:28: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:182:28: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: call_function: calling 'verify_hash_block' from 'create_or_verify'
#   76|   		goto out;
#   77|   
#   78|-> 	if ((r = crypt_hash_write(ctx, data, data_size)))
#   79|   		goto out;
#   80|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def278]
cryptsetup-2.8.3/lib/verity/verity_hash.c:81:34: warning[-Wanalyzer-malloc-leak]: leak of 'data_buffer'
cryptsetup-2.8.3/lib/verity/verity_hash.c:131:12: enter_function: entry to 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:149:12: branch_false: following 'false' branch (when 'digest_size <= 1024')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:152:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:153:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:13: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:169:23: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_hash.c:170:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:175:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: following 'true' branch (when 'blocks_to_write != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:178:29: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:179:28: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:182:28: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: call_function: calling 'verify_hash_block' from 'create_or_verify'
#   79|   		goto out;
#   80|   
#   81|-> 	if (version == 0 && (r = crypt_hash_write(ctx, salt, salt_size)))
#   82|   		goto out;
#   83|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def279]
cryptsetup-2.8.3/lib/verity/verity_hash.c:81:34: warning[-Wanalyzer-malloc-leak]: leak of 'left_block'
cryptsetup-2.8.3/lib/verity/verity_hash.c:131:12: enter_function: entry to 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:149:12: branch_false: following 'false' branch (when 'digest_size <= 1024')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:152:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:153:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:13: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:168:22: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_hash.c:170:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:175:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: following 'true' branch (when 'blocks_to_write != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:178:29: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:179:28: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:182:28: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: call_function: calling 'verify_hash_block' from 'create_or_verify'
#   79|   		goto out;
#   80|   
#   81|-> 	if (version == 0 && (r = crypt_hash_write(ctx, salt, salt_size)))
#   82|   		goto out;
#   83|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def280]
cryptsetup-2.8.3/lib/verity/verity_hash.c:84:13: warning[-Wanalyzer-malloc-leak]: leak of 'data_buffer'
cryptsetup-2.8.3/lib/verity/verity_hash.c:131:12: enter_function: entry to 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:149:12: branch_false: following 'false' branch (when 'digest_size <= 1024')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:152:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:153:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:13: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:169:23: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_hash.c:170:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:175:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: following 'true' branch (when 'blocks_to_write != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:178:29: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:179:28: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:182:28: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: call_function: calling 'verify_hash_block' from 'create_or_verify'
#   82|   		goto out;
#   83|   
#   84|-> 	r = crypt_hash_final(ctx, hash, hash_size);
#   85|   out:
#   86|   	crypt_hash_destroy(ctx);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def281]
cryptsetup-2.8.3/lib/verity/verity_hash.c:84:13: warning[-Wanalyzer-malloc-leak]: leak of 'left_block'
cryptsetup-2.8.3/lib/verity/verity_hash.c:131:12: enter_function: entry to 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:149:12: branch_false: following 'false' branch (when 'digest_size <= 1024')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:152:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:153:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:13: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:168:22: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_hash.c:170:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:175:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: following 'true' branch (when 'blocks_to_write != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:178:29: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:179:28: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:182:28: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: call_function: calling 'verify_hash_block' from 'create_or_verify'
#   82|   		goto out;
#   83|   
#   84|-> 	r = crypt_hash_final(ctx, hash, hash_size);
#   85|   out:
#   86|   	crypt_hash_destroy(ctx);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def282]
cryptsetup-2.8.3/lib/verity/verity_hash.c:86:9: warning[-Wanalyzer-malloc-leak]: leak of 'data_buffer'
cryptsetup-2.8.3/lib/verity/verity_hash.c:131:12: enter_function: entry to 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:149:12: branch_false: following 'false' branch (when 'digest_size <= 1024')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:152:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:153:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:13: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:169:23: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_hash.c:170:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:175:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: following 'true' branch (when 'blocks_to_write != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:178:29: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:179:28: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:182:28: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: call_function: calling 'verify_hash_block' from 'create_or_verify'
#   84|   	r = crypt_hash_final(ctx, hash, hash_size);
#   85|   out:
#   86|-> 	crypt_hash_destroy(ctx);
#   87|   	return r;
#   88|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def283]
cryptsetup-2.8.3/lib/verity/verity_hash.c:86:9: warning[-Wanalyzer-malloc-leak]: leak of 'left_block'
cryptsetup-2.8.3/lib/verity/verity_hash.c:131:12: enter_function: entry to 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:149:12: branch_false: following 'false' branch (when 'digest_size <= 1024')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:152:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:153:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:13: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:168:22: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_hash.c:170:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:175:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: following 'true' branch (when 'blocks_to_write != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:178:29: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:179:28: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:182:28: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:188:29: call_function: calling 'verify_hash_block' from 'create_or_verify'
#   84|   	r = crypt_hash_final(ctx, hash, hash_size);
#   85|   out:
#   86|-> 	crypt_hash_destroy(ctx);
#   87|   	return r;
#   88|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def284]
cryptsetup-2.8.3/lib/verity/verity_hash.c:183:33: warning[-Wanalyzer-malloc-leak]: leak of 'data_buffer'
cryptsetup-2.8.3/lib/verity/verity_hash.c:131:12: enter_function: entry to 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:149:12: branch_false: following 'false' branch (when 'digest_size <= 1024')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:152:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:153:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:13: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:169:23: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_hash.c:170:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:175:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: following 'true' branch (when 'blocks_to_write != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:183:33: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/verity/verity_hash.c:183:33: danger: 'data_buffer' leaks here; was allocated at [(16)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/15)
#  181|   			blocks--;
#  182|   			if (fread(data_buffer, data_block_size, 1, rd) != 1) {
#  183|-> 				log_dbg(cd, "Cannot read data device block.");
#  184|   				r = -EIO;
#  185|   				goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def285]
cryptsetup-2.8.3/lib/verity/verity_hash.c:183:33: warning[-Wanalyzer-malloc-leak]: leak of 'left_block'
cryptsetup-2.8.3/lib/verity/verity_hash.c:131:12: enter_function: entry to 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:149:12: branch_false: following 'false' branch (when 'digest_size <= 1024')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:152:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:153:13: call_function: inlined call to 'uint64_mult_overflow' from 'create_or_verify'
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:13: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:158:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:163:12: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:168:22: acquire_memory: allocated here
cryptsetup-2.8.3/lib/verity/verity_hash.c:170:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/verity/verity_hash.c:175:9: branch_false: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: following 'true' branch (when 'blocks_to_write != 0')...
cryptsetup-2.8.3/lib/verity/verity_hash.c:176:16: branch_true: ...to here
cryptsetup-2.8.3/lib/verity/verity_hash.c:183:33: throw: if 'crypt_logf' throws an exception...
cryptsetup-2.8.3/lib/verity/verity_hash.c:183:33: danger: 'left_block' leaks here; was allocated at [(16)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/15)
#  181|   			blocks--;
#  182|   			if (fread(data_buffer, data_block_size, 1, rd) != 1) {
#  183|-> 				log_dbg(cd, "Cannot read data device block.");
#  184|   				r = -EIO;
#  185|   				goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def286]
cryptsetup-2.8.3/lib/volumekey.c:44:27: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, 48)'
cryptsetup-2.8.3/lib/volumekey.c:26:20: enter_function: entry to 'crypt_alloc_volume_key'
cryptsetup-2.8.3/lib/volumekey.c:30:12: branch_false: following 'false' branch (when 'keylength <= 18446744073709551567')...
cryptsetup-2.8.3/lib/volumekey.c:33:14: call_function: inlined call to 'crypt_zalloc' from 'crypt_alloc_volume_key'
cryptsetup-2.8.3/lib/volumekey.c:34:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/volumekey.c:37:9: branch_false: ...to here
cryptsetup-2.8.3/lib/volumekey.c:43:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/volumekey.c:44:27: throw: if 'crypt_safe_alloc' throws an exception...
cryptsetup-2.8.3/lib/volumekey.c:44:27: danger: 'calloc(1, 48)' leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#   42|   	/* keylength 0 is valid => no key */
#   43|   	if (vk->keylength && key) {
#   44|-> 		vk->key = crypt_safe_alloc(keylength);
#   45|   		if (!vk->key) {
#   46|   			free(vk);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def287]
cryptsetup-2.8.3/lib/volumekey.c:49:17: warning[-Wanalyzer-malloc-leak]: leak of 'calloc(1, 48)'
cryptsetup-2.8.3/lib/volumekey.c:26:20: enter_function: entry to 'crypt_alloc_volume_key'
cryptsetup-2.8.3/lib/volumekey.c:30:12: branch_false: following 'false' branch (when 'keylength <= 18446744073709551567')...
cryptsetup-2.8.3/lib/volumekey.c:33:14: call_function: inlined call to 'crypt_zalloc' from 'crypt_alloc_volume_key'
cryptsetup-2.8.3/lib/volumekey.c:34:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/volumekey.c:37:9: branch_false: ...to here
cryptsetup-2.8.3/lib/volumekey.c:43:12: branch_true: following 'true' branch...
cryptsetup-2.8.3/lib/volumekey.c:45:20: branch_false: following 'false' branch...
cryptsetup-2.8.3/lib/volumekey.c:49:17: branch_false: ...to here
cryptsetup-2.8.3/lib/volumekey.c:49:17: throw: if 'crypt_safe_memcpy' throws an exception...
cryptsetup-2.8.3/lib/volumekey.c:49:17: danger: 'calloc(1, 48)' leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#   47|   			return NULL;
#   48|   		}
#   49|-> 		crypt_safe_memcpy(vk->key, key, keylength);
#   50|   	}
#   51|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def288]
cryptsetup-2.8.3/src/utils_blockdev.c:68:35: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(&data_dev_dir)’
cryptsetup-2.8.3/src/utils_blockdev.c:48:12: enter_function: entry to ‘lookup_holder_dm_name’
cryptsetup-2.8.3/src/utils_blockdev.c:57:12: branch_false: following ‘false’ branch (when ‘r_dm_name’ is non-NULL)...
cryptsetup-2.8.3/src/utils_blockdev.c:60:15: call_function: inlined call to ‘gnu_dev_minor’ from ‘lookup_holder_dm_name’
cryptsetup-2.8.3/src/utils_blockdev.c:61:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_blockdev.c:64:21: branch_false: ...to here
cryptsetup-2.8.3/src/utils_blockdev.c:64:21: acquire_memory: allocated here
cryptsetup-2.8.3/src/utils_blockdev.c:64:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_blockdev.c:64:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_blockdev.c:68:16: branch_true: following ‘true’ branch (when ‘r != 1’)...
cryptsetup-2.8.3/src/utils_blockdev.c:68:35: branch_true: ...to here
cryptsetup-2.8.3/src/utils_blockdev.c:68:35: throw: if ‘readdir’ throws an exception...
cryptsetup-2.8.3/src/utils_blockdev.c:68:35: danger: ‘opendir(&data_dev_dir)’ leaks here; was allocated at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#   66|   		return errno == ENOTDIR ? -ENOENT : -errno;
#   67|   
#   68|-> 	while (r != 1 && (entry = readdir(dir))) {
#   69|   		if (entry->d_name[0] == '.' ||
#   70|   		    !strncmp(entry->d_name, "..", 2))

Error: GCC_ANALYZER_WARNING (CWE-775): [#def289]
cryptsetup-2.8.3/src/utils_blockdev.c:291:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(path,  flags)’
cryptsetup-2.8.3/src/utils_blockdev.c:266:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_blockdev.c:271:13: branch_false: ...to here
cryptsetup-2.8.3/src/utils_blockdev.c:271:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_blockdev.c:277:13: branch_false: ...to here
cryptsetup-2.8.3/src/utils_blockdev.c:282:14: acquire_resource: opened here
cryptsetup-2.8.3/src/utils_blockdev.c:283:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_blockdev.c:291:18: branch_false: ...to here
cryptsetup-2.8.3/src/utils_blockdev.c:291:18: throw: if ‘blk_init_by_fd’ throws an exception...
cryptsetup-2.8.3/src/utils_blockdev.c:291:18: danger: ‘open(path,  flags)’ leaks here; was opened at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  289|   	}
#  290|   
#  291|-> 	if ((r = blk_init_by_fd(&h, fd))) {
#  292|   		log_err(_("Failed to initialize device signature probes."));
#  293|   		r = -EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def290]
cryptsetup-2.8.3/src/utils_key_description.c:131:25: warning[-Wanalyzer-malloc-leak]: leak of ‘key_part_out2’
cryptsetup-2.8.3/src/utils_key_description.c:104:5: enter_function: entry to ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:114:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:115:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:115:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:115:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:119:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count != 1’)...
cryptsetup-2.8.3/src/utils_key_description.c:123:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:123:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:123:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:127:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:130:22: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:130:20: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:131:25: throw: if ‘crypt_logf’ throws an exception...
cryptsetup-2.8.3/src/utils_key_description.c:131:25: danger: ‘key_part_out2’ leaks here; was allocated at [(40)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/39)
#  129|   
#  130|   		if ((type_part_out1 && type_part_out2) && strcmp(type_part_out1, type_part_out2)) {
#  131|-> 			log_err(_("Key types have to be the same for both volume keys."));
#  132|   			r = -EINVAL;
#  133|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def291]
cryptsetup-2.8.3/src/utils_key_description.c:131:25: warning[-Wanalyzer-malloc-leak]: leak of ‘keyring_part_out2’
cryptsetup-2.8.3/src/utils_key_description.c:104:5: enter_function: entry to ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:114:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:115:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:115:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:115:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:119:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count != 1’)...
cryptsetup-2.8.3/src/utils_key_description.c:123:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:123:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:123:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:127:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:130:22: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:130:20: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:131:25: throw: if ‘crypt_logf’ throws an exception...
cryptsetup-2.8.3/src/utils_key_description.c:131:25: danger: ‘keyring_part_out2’ leaks here; was allocated at [(38)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/37)
#  129|   
#  130|   		if ((type_part_out1 && type_part_out2) && strcmp(type_part_out1, type_part_out2)) {
#  131|-> 			log_err(_("Key types have to be the same for both volume keys."));
#  132|   			r = -EINVAL;
#  133|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def292]
cryptsetup-2.8.3/src/utils_key_description.c:131:25: warning[-Wanalyzer-malloc-leak]: leak of ‘type_part_out2’
cryptsetup-2.8.3/src/utils_key_description.c:104:5: enter_function: entry to ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:114:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:115:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:115:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:115:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:119:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count != 1’)...
cryptsetup-2.8.3/src/utils_key_description.c:123:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:123:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:123:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:127:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:130:22: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:130:20: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:131:25: throw: if ‘crypt_logf’ throws an exception...
cryptsetup-2.8.3/src/utils_key_description.c:131:25: danger: ‘type_part_out2’ leaks here; was allocated at [(44)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/43)
#  129|   
#  130|   		if ((type_part_out1 && type_part_out2) && strcmp(type_part_out1, type_part_out2)) {
#  131|-> 			log_err(_("Key types have to be the same for both volume keys."));
#  132|   			r = -EINVAL;
#  133|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def293]
cryptsetup-2.8.3/src/utils_key_description.c:136:25: warning[-Wanalyzer-malloc-leak]: leak of ‘key_part_out2’
cryptsetup-2.8.3/src/utils_key_description.c:104:5: enter_function: entry to ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:114:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:115:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:115:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:115:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:119:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count != 1’)...
cryptsetup-2.8.3/src/utils_key_description.c:123:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:123:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:123:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:127:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:130:22: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:135:20: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:136:25: throw: if ‘crypt_logf’ throws an exception...
cryptsetup-2.8.3/src/utils_key_description.c:136:25: danger: ‘key_part_out2’ leaks here; was allocated at [(37)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/36)
#  134|   		}
#  135|   		if ((keyring_part_out1 && keyring_part_out2) && strcmp(keyring_part_out1, keyring_part_out2)) {
#  136|-> 			log_err(_("Both volume keys have to be linked to the same keyring."));
#  137|   			r = -EINVAL;
#  138|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def294]
cryptsetup-2.8.3/src/utils_key_description.c:136:25: warning[-Wanalyzer-malloc-leak]: leak of ‘keyring_part_out2’
cryptsetup-2.8.3/src/utils_key_description.c:104:5: enter_function: entry to ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:114:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:115:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:115:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:115:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:119:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count != 1’)...
cryptsetup-2.8.3/src/utils_key_description.c:123:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:123:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:123:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:127:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:130:22: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:135:20: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:136:25: throw: if ‘crypt_logf’ throws an exception...
cryptsetup-2.8.3/src/utils_key_description.c:136:25: danger: ‘keyring_part_out2’ leaks here; was allocated at [(35)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/34)
#  134|   		}
#  135|   		if ((keyring_part_out1 && keyring_part_out2) && strcmp(keyring_part_out1, keyring_part_out2)) {
#  136|-> 			log_err(_("Both volume keys have to be linked to the same keyring."));
#  137|   			r = -EINVAL;
#  138|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def295]
cryptsetup-2.8.3/src/utils_key_description.c:136:25: warning[-Wanalyzer-malloc-leak]: leak of ‘type_part_out2’
cryptsetup-2.8.3/src/utils_key_description.c:104:5: enter_function: entry to ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:114:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:115:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:115:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:115:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:119:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count != 1’)...
cryptsetup-2.8.3/src/utils_key_description.c:123:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:123:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:123:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:127:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:130:22: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:135:20: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:136:25: throw: if ‘crypt_logf’ throws an exception...
cryptsetup-2.8.3/src/utils_key_description.c:136:25: danger: ‘type_part_out2’ leaks here; was allocated at [(44)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/43)
#  134|   		}
#  135|   		if ((keyring_part_out1 && keyring_part_out2) && strcmp(keyring_part_out1, keyring_part_out2)) {
#  136|-> 			log_err(_("Both volume keys have to be linked to the same keyring."));
#  137|   			r = -EINVAL;
#  138|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def296]
cryptsetup-2.8.3/src/utils_key_description.c:143:21: warning[-Wanalyzer-malloc-leak]: leak of ‘key_part_out1’
cryptsetup-2.8.3/src/utils_key_description.c:104:5: enter_function: entry to ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:114:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:115:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:115:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:115:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:119:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: following ‘false’ branch (when ‘keyring_key_links_count == 1’)...
cryptsetup-2.8.3/src/utils_key_description.c:142:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:142:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:143:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:143:21: throw: if ‘crypt_set_keyring_to_link’ throws an exception...
cryptsetup-2.8.3/src/utils_key_description.c:143:21: danger: ‘key_part_out1’ leaks here; was allocated at [(15)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/14)
#  141|   
#  142|   	if (keyring_key_links_count > 0) {
#  143|-> 		r = crypt_set_keyring_to_link(cd, key_part_out1, key_part_out2,
#  144|   				type_part_out1, keyring_part_out1);
#  145|   		if (r == -EAGAIN)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def297]
cryptsetup-2.8.3/src/utils_key_description.c:143:21: warning[-Wanalyzer-malloc-leak]: leak of ‘key_part_out2’
cryptsetup-2.8.3/src/utils_key_description.c:104:5: enter_function: entry to ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:114:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:115:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:115:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:115:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:119:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count != 1’)...
cryptsetup-2.8.3/src/utils_key_description.c:123:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:123:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:123:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:127:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:130:22: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:142:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:143:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:143:21: throw: if ‘crypt_set_keyring_to_link’ throws an exception...
cryptsetup-2.8.3/src/utils_key_description.c:143:21: danger: ‘key_part_out2’ leaks here; was allocated at [(37)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/36)
#  141|   
#  142|   	if (keyring_key_links_count > 0) {
#  143|-> 		r = crypt_set_keyring_to_link(cd, key_part_out1, key_part_out2,
#  144|   				type_part_out1, keyring_part_out1);
#  145|   		if (r == -EAGAIN)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def298]
cryptsetup-2.8.3/src/utils_key_description.c:143:21: warning[-Wanalyzer-malloc-leak]: leak of ‘keyring_part_out1’
cryptsetup-2.8.3/src/utils_key_description.c:104:5: enter_function: entry to ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:114:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:115:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:115:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:115:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:119:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: following ‘false’ branch (when ‘keyring_key_links_count == 1’)...
cryptsetup-2.8.3/src/utils_key_description.c:142:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:142:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:143:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:143:21: throw: if ‘crypt_set_keyring_to_link’ throws an exception...
cryptsetup-2.8.3/src/utils_key_description.c:143:21: danger: ‘keyring_part_out1’ leaks here; was allocated at [(13)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/12)
#  141|   
#  142|   	if (keyring_key_links_count > 0) {
#  143|-> 		r = crypt_set_keyring_to_link(cd, key_part_out1, key_part_out2,
#  144|   				type_part_out1, keyring_part_out1);
#  145|   		if (r == -EAGAIN)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def299]
cryptsetup-2.8.3/src/utils_key_description.c:143:21: warning[-Wanalyzer-malloc-leak]: leak of ‘type_part_out1’
cryptsetup-2.8.3/src/utils_key_description.c:104:5: enter_function: entry to ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:114:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:115:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:115:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:115:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:119:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: following ‘false’ branch (when ‘keyring_key_links_count == 1’)...
cryptsetup-2.8.3/src/utils_key_description.c:142:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:142:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:143:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:143:21: throw: if ‘crypt_set_keyring_to_link’ throws an exception...
cryptsetup-2.8.3/src/utils_key_description.c:143:21: danger: ‘type_part_out1’ leaks here; was allocated at [(24)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/23)
#  141|   
#  142|   	if (keyring_key_links_count > 0) {
#  143|-> 		r = crypt_set_keyring_to_link(cd, key_part_out1, key_part_out2,
#  144|   				type_part_out1, keyring_part_out1);
#  145|   		if (r == -EAGAIN)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def300]
cryptsetup-2.8.3/src/utils_key_description.c:146:25: warning[-Wanalyzer-malloc-leak]: leak of ‘key_part_out1’
cryptsetup-2.8.3/src/utils_key_description.c:104:5: enter_function: entry to ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:114:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:115:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:115:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:115:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:119:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: following ‘false’ branch (when ‘keyring_key_links_count == 1’)...
cryptsetup-2.8.3/src/utils_key_description.c:142:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:142:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:143:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:145:20: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:146:25: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:146:25: throw: if ‘crypt_logf’ throws an exception...
cryptsetup-2.8.3/src/utils_key_description.c:146:25: danger: ‘key_part_out1’ leaks here; was allocated at [(15)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/14)
#  144|   				type_part_out1, keyring_part_out1);
#  145|   		if (r == -EAGAIN)
#  146|-> 			log_err(_("You need to supply more key names."));
#  147|   	}
#  148|   out:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def301]
cryptsetup-2.8.3/src/utils_key_description.c:146:25: warning[-Wanalyzer-malloc-leak]: leak of ‘key_part_out2’
cryptsetup-2.8.3/src/utils_key_description.c:104:5: enter_function: entry to ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:114:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:115:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:115:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:115:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:119:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count != 1’)...
cryptsetup-2.8.3/src/utils_key_description.c:123:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:123:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:123:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:127:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:130:22: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:142:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:143:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:145:20: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:146:25: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:146:25: throw: if ‘crypt_logf’ throws an exception...
cryptsetup-2.8.3/src/utils_key_description.c:146:25: danger: ‘key_part_out2’ leaks here; was allocated at [(37)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/36)
#  144|   				type_part_out1, keyring_part_out1);
#  145|   		if (r == -EAGAIN)
#  146|-> 			log_err(_("You need to supply more key names."));
#  147|   	}
#  148|   out:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def302]
cryptsetup-2.8.3/src/utils_key_description.c:146:25: warning[-Wanalyzer-malloc-leak]: leak of ‘keyring_part_out1’
cryptsetup-2.8.3/src/utils_key_description.c:104:5: enter_function: entry to ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:114:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:115:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:115:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:115:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:119:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: following ‘false’ branch (when ‘keyring_key_links_count == 1’)...
cryptsetup-2.8.3/src/utils_key_description.c:142:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:142:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:143:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:145:20: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:146:25: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:146:25: throw: if ‘crypt_logf’ throws an exception...
cryptsetup-2.8.3/src/utils_key_description.c:146:25: danger: ‘keyring_part_out1’ leaks here; was allocated at [(13)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/12)
#  144|   				type_part_out1, keyring_part_out1);
#  145|   		if (r == -EAGAIN)
#  146|-> 			log_err(_("You need to supply more key names."));
#  147|   	}
#  148|   out:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def303]
cryptsetup-2.8.3/src/utils_key_description.c:146:25: warning[-Wanalyzer-malloc-leak]: leak of ‘type_part_out1’
cryptsetup-2.8.3/src/utils_key_description.c:104:5: enter_function: entry to ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:114:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:115:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:115:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:115:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:119:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: following ‘false’ branch (when ‘keyring_key_links_count == 1’)...
cryptsetup-2.8.3/src/utils_key_description.c:142:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:142:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:143:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:145:20: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:146:25: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:146:25: throw: if ‘crypt_logf’ throws an exception...
cryptsetup-2.8.3/src/utils_key_description.c:146:25: danger: ‘type_part_out1’ leaks here; was allocated at [(24)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/23)
#  144|   				type_part_out1, keyring_part_out1);
#  145|   		if (r == -EAGAIN)
#  146|-> 			log_err(_("You need to supply more key names."));
#  147|   	}
#  148|   out:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def304]
cryptsetup-2.8.3/src/utils_key_description.c:150:17: warning[-Wanalyzer-malloc-leak]: leak of ‘key_part_out1’
cryptsetup-2.8.3/src/utils_key_description.c:104:5: enter_function: entry to ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:114:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:115:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:115:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:115:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:119:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:142:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:143:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:149:12: branch_true: following ‘true’ branch (when ‘r == -22’)...
cryptsetup-2.8.3/src/utils_key_description.c:150:17: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:150:17: throw: if ‘crypt_logf’ throws an exception...
cryptsetup-2.8.3/src/utils_key_description.c:150:17: danger: ‘key_part_out1’ leaks here; was allocated at [(17)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/16)
#  148|   out:
#  149|   	if (r == -EINVAL)
#  150|-> 		log_err(_("Invalid --link-vk-to-keyring value."));
#  151|   	free(keyring_part_out1);
#  152|   	free(key_part_out1);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def305]
cryptsetup-2.8.3/src/utils_key_description.c:150:17: warning[-Wanalyzer-malloc-leak]: leak of ‘key_part_out2’
cryptsetup-2.8.3/src/utils_key_description.c:104:5: enter_function: entry to ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:114:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:115:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:115:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:115:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:119:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count != 1’)...
cryptsetup-2.8.3/src/utils_key_description.c:123:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:123:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:123:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:127:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:130:22: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:135:20: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:150:17: throw: if ‘crypt_logf’ throws an exception...
cryptsetup-2.8.3/src/utils_key_description.c:150:17: danger: ‘key_part_out2’ leaks here; was allocated at [(37)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/36)
#  148|   out:
#  149|   	if (r == -EINVAL)
#  150|-> 		log_err(_("Invalid --link-vk-to-keyring value."));
#  151|   	free(keyring_part_out1);
#  152|   	free(key_part_out1);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def306]
cryptsetup-2.8.3/src/utils_key_description.c:150:17: warning[-Wanalyzer-malloc-leak]: leak of ‘type_part_out2’
cryptsetup-2.8.3/src/utils_key_description.c:104:5: enter_function: entry to ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:114:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count > 0’)...
cryptsetup-2.8.3/src/utils_key_description.c:115:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:115:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:115:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:119:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:122:12: branch_true: following ‘true’ branch (when ‘keyring_key_links_count != 1’)...
cryptsetup-2.8.3/src/utils_key_description.c:123:21: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:123:21: call_function: calling ‘parse_single_vk_and_keyring_description’ from ‘tools_parse_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:123:21: return_function: returning to ‘tools_parse_vk_and_keyring_description’ from ‘parse_single_vk_and_keyring_description’
cryptsetup-2.8.3/src/utils_key_description.c:127:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:130:22: branch_false: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:130:21: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_key_description.c:130:59: branch_true: ...to here
cryptsetup-2.8.3/src/utils_key_description.c:150:17: throw: if ‘crypt_logf’ throws an exception...
cryptsetup-2.8.3/src/utils_key_description.c:150:17: danger: ‘type_part_out2’ leaks here; was allocated at [(46)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/45)
#  148|   out:
#  149|   	if (r == -EINVAL)
#  150|-> 		log_err(_("Invalid --link-vk-to-keyring value."));
#  151|   	free(keyring_part_out1);
#  152|   	free(key_part_out1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def307]
cryptsetup-2.8.3/src/utils_keyslot_check.c:149:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(device, 0)’
cryptsetup-2.8.3/src/utils_keyslot_check.c:140:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:145:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:145:14: acquire_resource: opened here
cryptsetup-2.8.3/src/utils_keyslot_check.c:146:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:146:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:149:25: throw: if ‘crypt_get_type’ throws an exception...
cryptsetup-2.8.3/src/utils_keyslot_check.c:149:25: danger: ‘open(device, 0)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  147|   		return;
#  148|   
#  149|-> 	for (i = 0; i < crypt_keyslot_max(crypt_get_type(cd)); i++) {
#  150|   
#  151|   		ki = crypt_keyslot_status(cd, i);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def308]
cryptsetup-2.8.3/src/utils_keyslot_check.c:151:22: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(device, 0)’
cryptsetup-2.8.3/src/utils_keyslot_check.c:140:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:145:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:145:14: acquire_resource: opened here
cryptsetup-2.8.3/src/utils_keyslot_check.c:146:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:146:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:149:21: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:151:22: branch_true: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:151:22: throw: if ‘crypt_keyslot_status’ throws an exception...
cryptsetup-2.8.3/src/utils_keyslot_check.c:151:22: danger: ‘open(device, 0)’ leaks here; was opened at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  149|   	for (i = 0; i < crypt_keyslot_max(crypt_get_type(cd)); i++) {
#  150|   
#  151|-> 		ki = crypt_keyslot_status(cd, i);
#  152|   		if (ki <= CRYPT_SLOT_INACTIVE || ki == CRYPT_SLOT_UNBOUND)
#  153|   			continue;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def309]
cryptsetup-2.8.3/src/utils_keyslot_check.c:152:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(device, 0)’
cryptsetup-2.8.3/src/utils_keyslot_check.c:140:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:145:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:145:14: acquire_resource: opened here
cryptsetup-2.8.3/src/utils_keyslot_check.c:146:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:146:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:149:21: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:151:22: branch_true: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:155:21: throw: if ‘crypt_keyslot_area’ throws an exception...
cryptsetup-2.8.3/src/utils_keyslot_check.c:152:21: danger: ‘open(device, 0)’ leaks here; was opened at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  150|   
#  151|   		ki = crypt_keyslot_status(cd, i);
#  152|-> 		if (ki <= CRYPT_SLOT_INACTIVE || ki == CRYPT_SLOT_UNBOUND)
#  153|   			continue;
#  154|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def310]
cryptsetup-2.8.3/src/utils_keyslot_check.c:178:25: warning[-Wanalyzer-malloc-leak]: leak of ‘buffer’
cryptsetup-2.8.3/src/utils_keyslot_check.c:140:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:145:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:146:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:146:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:149:21: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:151:22: branch_true: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:156:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:159:21: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:160:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:164:20: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:173:26: acquire_memory: allocated here
cryptsetup-2.8.3/src/utils_keyslot_check.c:174:20: branch_false: following ‘false’ branch (when ‘buffer’ is non-NULL)...
cryptsetup-2.8.3/src/utils_keyslot_check.c:177:21: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:177:20: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:178:25: branch_true: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:178:25: throw: if ‘crypt_logf’ throws an exception...
cryptsetup-2.8.3/src/utils_keyslot_check.c:178:25: danger: ‘buffer’ leaks here; was allocated at [(11)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/10)
#  176|   
#  177|   		if (lseek(fd, (off_t)start, SEEK_SET) == -1) {
#  178|-> 			log_err(_("Keyslot %d cannot be read from the device."), i);
#  179|   			goto out;
#  180|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def311]
cryptsetup-2.8.3/src/utils_keyslot_check.c:182:21: warning[-Wanalyzer-malloc-leak]: leak of ‘buffer’
cryptsetup-2.8.3/src/utils_keyslot_check.c:140:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:145:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:146:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:146:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:149:21: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:151:22: branch_true: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:156:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:159:21: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:160:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:164:20: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:173:26: acquire_memory: allocated here
cryptsetup-2.8.3/src/utils_keyslot_check.c:174:20: branch_false: following ‘false’ branch (when ‘buffer’ is non-NULL)...
cryptsetup-2.8.3/src/utils_keyslot_check.c:177:21: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:177:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:182:21: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:182:21: throw: if ‘read_buffer’ throws an exception...
cryptsetup-2.8.3/src/utils_keyslot_check.c:182:21: danger: ‘buffer’ leaks here; was allocated at [(11)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/10)
#  180|   		}
#  181|   
#  182|-> 		if (read_buffer(fd, buffer, data_length) != (ssize_t)data_length) {
#  183|   			log_err(_("Keyslot %d cannot be read from the device."), i);
#  184|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def312]
cryptsetup-2.8.3/src/utils_keyslot_check.c:193:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(device, 0)’
cryptsetup-2.8.3/src/utils_keyslot_check.c:140:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:145:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:145:14: acquire_resource: opened here
cryptsetup-2.8.3/src/utils_keyslot_check.c:146:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:146:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:193:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:195:1: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:193:13: danger: ‘open(device, 0)’ leaks here; was opened at [(3)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/2)
#  191|   	}
#  192|   
#  193|-> 	if (hexdump_hint)
#  194|   		log_std(_("You can use hexdump -v -C -n 128 -s <offset_0xXXXX> \"%s\" to inspect the data.\n"), device);
#  195|   out:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def313]
cryptsetup-2.8.3/src/utils_keyslot_check.c:197:17: warning[-Wanalyzer-malloc-leak]: leak of ‘buffer’
cryptsetup-2.8.3/src/utils_keyslot_check.c:140:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:145:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:146:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:146:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:149:21: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:151:22: branch_true: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:156:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:159:21: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:160:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_keyslot_check.c:164:20: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:173:26: acquire_memory: allocated here
cryptsetup-2.8.3/src/utils_keyslot_check.c:174:20: branch_false: following ‘false’ branch (when ‘buffer’ is non-NULL)...
cryptsetup-2.8.3/src/utils_keyslot_check.c:177:21: branch_false: ...to here
cryptsetup-2.8.3/src/utils_keyslot_check.c:197:17: throw: if ‘close’ throws an exception...
cryptsetup-2.8.3/src/utils_keyslot_check.c:197:17: danger: ‘buffer’ leaks here; was allocated at [(11)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/10)
#  195|   out:
#  196|   	if (fd != -1)
#  197|-> 		close(fd);
#  198|   	free(buffer);
#  199|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def314]
cryptsetup-2.8.3/src/utils_luks.c:193:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
cryptsetup-2.8.3/src/utils_luks.c:172:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_luks.c:176:17: branch_false: ...to here
cryptsetup-2.8.3/src/utils_luks.c:177:22: acquire_resource: opened here
cryptsetup-2.8.3/src/utils_luks.c:178:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_luks.c:186:15: branch_false: ...to here
cryptsetup-2.8.3/src/utils_luks.c:187:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
cryptsetup-2.8.3/src/utils_luks.c:192:13: branch_false: ...to here
cryptsetup-2.8.3/src/utils_luks.c:192:12: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_luks.c:192:13: branch_true: ...to here
cryptsetup-2.8.3/src/utils_luks.c:192:13: branch_false: following ‘false’ branch (when ‘batch_mode == 0’)...
cryptsetup-2.8.3/src/utils_luks.c:193:17: branch_false: ...to here
cryptsetup-2.8.3/src/utils_luks.c:193:17: throw: if ‘crypt_logf’ throws an exception...
cryptsetup-2.8.3/src/utils_luks.c:193:17: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  191|   
#  192|   	if (isatty(fd) && !batch_mode)
#  193|-> 		log_std(_("Provide valid LUKS2 token JSON:\n"));
#  194|   
#  195|   	/* we expect JSON (string) */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def315]
cryptsetup-2.8.3/src/utils_luks.c:193:17: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
cryptsetup-2.8.3/src/utils_luks.c:172:12: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_luks.c:174:17: branch_true: ...to here
cryptsetup-2.8.3/src/utils_luks.c:186:15: acquire_memory: allocated here
cryptsetup-2.8.3/src/utils_luks.c:187:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
cryptsetup-2.8.3/src/utils_luks.c:192:13: branch_false: ...to here
cryptsetup-2.8.3/src/utils_luks.c:192:12: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_luks.c:192:13: branch_true: ...to here
cryptsetup-2.8.3/src/utils_luks.c:192:13: branch_false: following ‘false’ branch (when ‘batch_mode == 0’)...
cryptsetup-2.8.3/src/utils_luks.c:193:17: branch_false: ...to here
cryptsetup-2.8.3/src/utils_luks.c:193:17: throw: if ‘crypt_logf’ throws an exception...
cryptsetup-2.8.3/src/utils_luks.c:193:17: danger: ‘buf’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  191|   
#  192|   	if (isatty(fd) && !batch_mode)
#  193|-> 		log_std(_("Provide valid LUKS2 token JSON:\n"));
#  194|   
#  195|   	/* we expect JSON (string) */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def316]
cryptsetup-2.8.3/src/utils_luks.c:197:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
cryptsetup-2.8.3/src/utils_luks.c:172:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_luks.c:176:17: branch_false: ...to here
cryptsetup-2.8.3/src/utils_luks.c:177:22: acquire_resource: opened here
cryptsetup-2.8.3/src/utils_luks.c:178:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_luks.c:186:15: branch_false: ...to here
cryptsetup-2.8.3/src/utils_luks.c:187:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
cryptsetup-2.8.3/src/utils_luks.c:192:13: branch_false: ...to here
cryptsetup-2.8.3/src/utils_luks.c:192:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_luks.c:196:9: branch_false: ...to here
cryptsetup-2.8.3/src/utils_luks.c:197:15: throw: if ‘read_buffer_intr’ throws an exception...
cryptsetup-2.8.3/src/utils_luks.c:197:15: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  195|   	/* we expect JSON (string) */
#  196|   	r = 0;
#  197|-> 	ret = read_buffer_intr(fd, buf, LUKS2_MAX_MDA_SIZE - 1, &quit);
#  198|   	if (ret < 0) {
#  199|   		r = -EIO;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def317]
cryptsetup-2.8.3/src/utils_luks.c:197:15: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
cryptsetup-2.8.3/src/utils_luks.c:172:12: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_luks.c:174:17: branch_true: ...to here
cryptsetup-2.8.3/src/utils_luks.c:186:15: acquire_memory: allocated here
cryptsetup-2.8.3/src/utils_luks.c:187:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
cryptsetup-2.8.3/src/utils_luks.c:192:13: branch_false: ...to here
cryptsetup-2.8.3/src/utils_luks.c:192:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_luks.c:196:9: branch_false: ...to here
cryptsetup-2.8.3/src/utils_luks.c:197:15: throw: if ‘read_buffer_intr’ throws an exception...
cryptsetup-2.8.3/src/utils_luks.c:197:15: danger: ‘buf’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  195|   	/* we expect JSON (string) */
#  196|   	r = 0;
#  197|-> 	ret = read_buffer_intr(fd, buf, LUKS2_MAX_MDA_SIZE - 1, &quit);
#  198|   	if (ret < 0) {
#  199|   		r = -EIO;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def318]
cryptsetup-2.8.3/src/utils_luks.c:216:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
cryptsetup-2.8.3/src/utils_luks.c:172:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_luks.c:176:17: branch_false: ...to here
cryptsetup-2.8.3/src/utils_luks.c:177:22: acquire_resource: opened here
cryptsetup-2.8.3/src/utils_luks.c:178:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_luks.c:186:15: branch_false: ...to here
cryptsetup-2.8.3/src/utils_luks.c:187:12: branch_true: following ‘true’ branch (when ‘buf’ is NULL)...
cryptsetup-2.8.3/src/utils_luks.c:188:17: branch_true: ...to here
cryptsetup-2.8.3/src/utils_luks.c:215:12: branch_true: following ‘true’ branch (when ‘close_fd != 0’)...
cryptsetup-2.8.3/src/utils_luks.c:216:17: branch_true: ...to here
cryptsetup-2.8.3/src/utils_luks.c:216:17: throw: if ‘close’ throws an exception...
cryptsetup-2.8.3/src/utils_luks.c:216:17: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  214|   		set_int_block(1);
#  215|   	if (close_fd)
#  216|-> 		close(fd);
#  217|   	if (r && buf) {
#  218|   		memset(buf, 0, LUKS2_MAX_MDA_SIZE);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def319]
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:108:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1221:5: enter_function: entry to ‘reencrypt_luks1’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1227:12: branch_false: following ‘false’ branch (when ‘rc’ is non-NULL)...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1230:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1240:18: call_function: calling ‘initialize_context’ from ‘reencrypt_luks1’
#  106|   
#  107|   	if (stat(device, &st)) {
#  108|-> 		log_err(_("Cannot open device %s."), device);
#  109|   		return -EINVAL;
#  110|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def320]
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:108:17: warning[-Wanalyzer-malloc-leak]: leak of ‘rc’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1221:5: enter_function: entry to ‘reencrypt_luks1’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1226:14: acquire_memory: allocated here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1227:12: branch_false: following ‘false’ branch (when ‘rc’ is non-NULL)...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1230:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1240:18: call_function: calling ‘initialize_context’ from ‘reencrypt_luks1’
#  106|   
#  107|   	if (stat(device, &st)) {
#  108|-> 		log_err(_("Cannot open device %s."), device);
#  109|   		return -EINVAL;
#  110|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def321]
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:113:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1221:5: enter_function: entry to ‘reencrypt_luks1’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1227:12: branch_false: following ‘false’ branch (when ‘rc’ is non-NULL)...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1230:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1240:18: call_function: calling ‘initialize_context’ from ‘reencrypt_luks1’
#  111|   
#  112|   	/* coverity[toctou] */
#  113|-> 	devfd = open(device, O_RDWR | ((S_ISBLK(st.st_mode) && exclusive) ? O_EXCL : 0)); /* lgtm[cpp/toctou-race-condition] */
#  114|   	if (devfd == -1) {
#  115|   		if (errno == EBUSY) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def322]
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:113:17: warning[-Wanalyzer-malloc-leak]: leak of ‘rc’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1221:5: enter_function: entry to ‘reencrypt_luks1’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1226:14: acquire_memory: allocated here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1227:12: branch_false: following ‘false’ branch (when ‘rc’ is non-NULL)...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1230:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1240:18: call_function: calling ‘initialize_context’ from ‘reencrypt_luks1’
#  111|   
#  112|   	/* coverity[toctou] */
#  113|-> 	devfd = open(device, O_RDWR | ((S_ISBLK(st.st_mode) && exclusive) ? O_EXCL : 0)); /* lgtm[cpp/toctou-race-condition] */
#  114|   	if (devfd == -1) {
#  115|   		if (errno == EBUSY) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def323]
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:116:25: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1221:5: enter_function: entry to ‘reencrypt_luks1’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1227:12: branch_false: following ‘false’ branch (when ‘rc’ is non-NULL)...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1230:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1240:18: call_function: calling ‘initialize_context’ from ‘reencrypt_luks1’
#  114|   	if (devfd == -1) {
#  115|   		if (errno == EBUSY) {
#  116|-> 			log_err(_("Cannot exclusively open %s, device in use."),
#  117|   				device);
#  118|   			return -EBUSY;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def324]
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:116:25: warning[-Wanalyzer-malloc-leak]: leak of ‘rc’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1221:5: enter_function: entry to ‘reencrypt_luks1’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1226:14: acquire_memory: allocated here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1227:12: branch_false: following ‘false’ branch (when ‘rc’ is non-NULL)...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1230:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1240:18: call_function: calling ‘initialize_context’ from ‘reencrypt_luks1’
#  114|   	if (devfd == -1) {
#  115|   		if (errno == EBUSY) {
#  116|-> 			log_err(_("Cannot exclusively open %s, device in use."),
#  117|   				device);
#  118|   			return -EBUSY;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def325]
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:120:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1221:5: enter_function: entry to ‘reencrypt_luks1’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1227:12: branch_false: following ‘false’ branch (when ‘rc’ is non-NULL)...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1230:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1240:18: call_function: calling ‘initialize_context’ from ‘reencrypt_luks1’
#  118|   			return -EBUSY;
#  119|   		}
#  120|-> 		log_err(_("Cannot open device %s."), device);
#  121|   		return -EINVAL;
#  122|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def326]
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:120:17: warning[-Wanalyzer-malloc-leak]: leak of ‘rc’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1221:5: enter_function: entry to ‘reencrypt_luks1’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1226:14: acquire_memory: allocated here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1227:12: branch_false: following ‘false’ branch (when ‘rc’ is non-NULL)...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1230:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1240:18: call_function: calling ‘initialize_context’ from ‘reencrypt_luks1’
#  118|   			return -EBUSY;
#  119|   		}
#  120|-> 		log_err(_("Cannot open device %s."), device);
#  121|   		return -EINVAL;
#  122|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def327]
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:176:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(device,  <unknown>)’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:107:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:113:41: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:113:17: acquire_resource: opened here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:114:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:124:12: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:124:12: branch_true: following ‘true’ branch (when ‘set_magic == 3’)...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:126:17: branch_true: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:176:9: danger: ‘open(device,  <unknown>)’ leaks here; was opened at [(3)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/2)
#  174|   		memset(buf, 0, buf_size);
#  175|   	free(buf);
#  176|-> 	close(devfd);
#  177|   	return r;
#  178|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def328]
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:176:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1221:5: enter_function: entry to ‘reencrypt_luks1’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1227:12: branch_false: following ‘false’ branch (when ‘rc’ is non-NULL)...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1230:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1240:18: call_function: calling ‘initialize_context’ from ‘reencrypt_luks1’
#  174|   		memset(buf, 0, buf_size);
#  175|   	free(buf);
#  176|-> 	close(devfd);
#  177|   	return r;
#  178|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def329]
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:176:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rc’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1221:5: enter_function: entry to ‘reencrypt_luks1’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1226:14: acquire_memory: allocated here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1227:12: branch_false: following ‘false’ branch (when ‘rc’ is non-NULL)...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1230:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1240:18: call_function: calling ‘initialize_context’ from ‘reencrypt_luks1’
#  174|   		memset(buf, 0, buf_size);
#  175|   	free(buf);
#  176|-> 	close(devfd);
#  177|   	return r;
#  178|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def330]
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:292:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rc’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1221:5: enter_function: entry to ‘reencrypt_luks1’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1226:14: acquire_memory: allocated here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1227:12: branch_false: following ‘false’ branch (when ‘rc’ is non-NULL)...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1230:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1240:18: call_function: calling ‘initialize_context’ from ‘reencrypt_luks1’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1240:18: return_function: returning to ‘reencrypt_luks1’ from ‘initialize_context’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1240:12: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1241:17: branch_true: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1285:9: call_function: calling ‘destroy_context’ from ‘reencrypt_luks1’
#  290|   static void close_log(struct reenc_ctx *rc)
#  291|   {
#  292|-> 	log_dbg("Closing LUKS reencryption log file %s.", rc->log_file);
#  293|   	if (rc->log_fd != -1)
#  294|   		close(rc->log_fd);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def331]
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:656:60: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(*rc.device_header, 1)’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:646:12: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:648:20: branch_false: following ‘false’ branch (when ‘r != -1’)...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:651:29: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:651:27: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:652:25: branch_true: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:651:28: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:654:35: branch_true: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:654:30: acquire_resource: opened here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:655:28: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:656:60: branch_true: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:656:37: throw: if ‘posix_fallocate’ throws an exception...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:656:60: danger: ‘open(*rc.device_header, 1)’ leaks here; was opened at [(9)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/8)
#  654|   			fd = open(rc->device_header, O_WRONLY);
#  655|   			if (fd != -1) {
#  656|-> 				if (posix_fallocate(fd, 0, st.st_size)) {};
#  657|   				close(fd);
#  658|   			}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def332]
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:859:55: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&*rc.crypt_path_org,  <unknown>)’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:845:29: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:845:29: branch_true: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:853:18: acquire_resource: opened here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:854:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:859:55: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:859:18: throw: if ‘open’ throws an exception...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:859:55: danger: ‘open(&*rc.crypt_path_org,  <unknown>)’ leaks here; was opened at [(3)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/2)
#  857|   	}
#  858|   
#  859|-> 	fd_new = open(rc->crypt_path_new, O_WRONLY | (ARG_SET(OPT_USE_DIRECTIO_ID) ? O_DIRECT : 0));
#  860|   	if (fd_new == -1) {
#  861|   		log_err(_("Cannot open temporary LUKS device."));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def333]
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:865:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(&*rc.crypt_path_new,  <unknown>)’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:845:29: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:845:29: branch_true: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:854:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:859:55: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:859:18: acquire_resource: opened here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:860:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:865:13: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:865:12: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:866:17: branch_true: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:866:17: throw: if ‘crypt_logf’ throws an exception...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:865:13: danger: ‘open(&*rc.crypt_path_new,  <unknown>)’ leaks here; was opened at [(5)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/4)
#  863|   	}
#  864|   
#  865|-> 	if (ioctl(fd_old, BLKGETSIZE64, &rc->device_size_org_real) < 0) {
#  866|   		log_err(_("Cannot get device size."));
#  867|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def334]
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:918:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd_new’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:845:29: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:845:29: branch_true: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:854:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:859:55: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:859:18: acquire_resource: opened here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:860:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:865:13: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:865:12: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:866:17: branch_true: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:917:12: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:918:17: branch_true: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:918:17: throw: if ‘close’ throws an exception...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:918:17: danger: ‘fd_new’ leaks here; was opened at [(5)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/4)
#  916|   out:
#  917|   	if (fd_old != -1)
#  918|-> 		close(fd_old);
#  919|   	if (fd_new != -1)
#  920|   		close(fd_new);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def335]
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:920:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd_new’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:845:29: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:845:29: branch_true: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:854:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:859:55: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:859:18: acquire_resource: opened here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:860:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:865:13: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:865:12: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:866:17: branch_true: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:917:12: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:918:17: branch_true: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:919:12: branch_true: following ‘true’ branch (when ‘fd_new != -1’)...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:920:17: branch_true: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:920:17: throw: if ‘close’ throws an exception...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:920:17: danger: ‘fd_new’ leaks here; was opened at [(5)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/4)
#  918|   		close(fd_old);
#  919|   	if (fd_new != -1)
#  920|-> 		close(fd_new);
#  921|   	free(buf);
#  922|   	return r;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def336]
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1119:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rc’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1221:5: enter_function: entry to ‘reencrypt_luks1’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1226:14: acquire_memory: allocated here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1227:12: branch_false: following ‘false’ branch (when ‘rc’ is non-NULL)...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1230:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1240:18: call_function: calling ‘initialize_context’ from ‘reencrypt_luks1’
# 1117|   static int initialize_context(struct reenc_ctx *rc, const char *device)
# 1118|   {
# 1119|-> 	log_dbg("Initialising reencryption context.");
# 1120|   
# 1121|   	memset(rc, 0, sizeof(*rc));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def337]
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1202:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rc’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1221:5: enter_function: entry to ‘reencrypt_luks1’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1226:14: acquire_memory: allocated here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1227:12: branch_false: following ‘false’ branch (when ‘rc’ is non-NULL)...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1230:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1240:18: call_function: calling ‘initialize_context’ from ‘reencrypt_luks1’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1240:18: return_function: returning to ‘reencrypt_luks1’ from ‘initialize_context’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1240:12: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1241:17: branch_true: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1285:9: call_function: calling ‘destroy_context’ from ‘reencrypt_luks1’
# 1200|   	int i;
# 1201|   
# 1202|-> 	log_dbg("Destroying reencryption context.");
# 1203|   
# 1204|   	close_log(rc);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def338]
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1231:17: warning[-Wanalyzer-malloc-leak]: leak of ‘rc’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1226:14: acquire_memory: allocated here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1227:12: branch_false: following ‘false’ branch (when ‘rc’ is non-NULL)...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1230:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1230:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1231:17: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1231:17: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1231:17: throw: if ‘crypt_logf’ throws an exception...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1231:17: danger: ‘rc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/0)
# 1229|   
# 1230|   	if (!ARG_SET(OPT_BATCH_MODE_ID))
# 1231|-> 		log_verbose(_("Reencryption will change: %s%s%s%s%s%s."),
# 1232|   			ARG_SET(OPT_KEEP_KEY_ID) ? "" :  _("volume key"),
# 1233|   			(!ARG_SET(OPT_KEEP_KEY_ID) && ARG_SET(OPT_HASH_ID)) ? ", " : "",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def339]
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1238:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rc’
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1226:14: acquire_memory: allocated here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1227:12: branch_false: following ‘false’ branch (when ‘rc’ is non-NULL)...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1230:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1238:9: throw: if ‘set_int_handler’ throws an exception...
cryptsetup-2.8.3/src/utils_reencrypt_luks1.c:1238:9: danger: ‘rc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/0)
# 1236|   	/* FIXME: block all non pbkdf2 pkdfs */
# 1237|   
# 1238|-> 	set_int_handler(0);
# 1239|   
# 1240|   	if ((r = initialize_context(rc, device)))

Error: GCC_ANALYZER_WARNING (CWE-775): [#def340]
cryptsetup-2.8.3/src/utils_tools.c:384:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(file, 0)’
cryptsetup-2.8.3/src/utils_tools.c:371:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_tools.c:374:16: branch_false: ...to here
cryptsetup-2.8.3/src/utils_tools.c:375:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_tools.c:378:14: branch_false: ...to here
cryptsetup-2.8.3/src/utils_tools.c:378:14: acquire_resource: opened here
cryptsetup-2.8.3/src/utils_tools.c:379:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/utils_tools.c:384:13: branch_false: ...to here
cryptsetup-2.8.3/src/utils_tools.c:384:13: throw: if ‘read_buffer’ throws an exception...
cryptsetup-2.8.3/src/utils_tools.c:384:13: danger: ‘open(file, 0)’ leaks here; was opened at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  382|   	}
#  383|   
#  384|-> 	if (read_buffer(fd, *key, keysize) != keysize) {
#  385|   		log_err(_("Cannot read %d bytes from keyfile %s."), keysize, file);
#  386|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def341]
cryptsetup-2.8.3/src/veritysetup.c:117:21: warning[-Wanalyzer-malloc-leak]: leak of ‘root_hash_bytes’
cryptsetup-2.8.3/src/veritysetup.c:62:12: enter_function: entry to ‘action_format’
cryptsetup-2.8.3/src/veritysetup.c:73:13: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/veritysetup.c:81:13: branch_false: ...to here
cryptsetup-2.8.3/src/veritysetup.c:92:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/veritysetup.c:95:13: branch_false: ...to here
cryptsetup-2.8.3/src/veritysetup.c:98:13: call_function: calling ‘_prepare_format’ from ‘action_format’
cryptsetup-2.8.3/src/veritysetup.c:98:13: return_function: returning to ‘action_format’ from ‘_prepare_format’
cryptsetup-2.8.3/src/veritysetup.c:99:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/veritysetup.c:102:56: branch_false: ...to here
cryptsetup-2.8.3/src/veritysetup.c:102:56: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/veritysetup.c:102:56: branch_true: ...to here
cryptsetup-2.8.3/src/veritysetup.c:103:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/veritysetup.c:106:9: branch_false: ...to here
cryptsetup-2.8.3/src/veritysetup.c:109:12: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/veritysetup.c:110:34: branch_true: ...to here
cryptsetup-2.8.3/src/veritysetup.c:111:35: acquire_memory: allocated here
cryptsetup-2.8.3/src/veritysetup.c:112:20: branch_false: following ‘false’ branch (when ‘root_hash_bytes’ is non-NULL)...
cryptsetup-2.8.3/src/veritysetup.c:117:21: branch_false: ...to here
cryptsetup-2.8.3/src/veritysetup.c:117:21: throw: if ‘crypt_volume_key_get’ throws an exception...
cryptsetup-2.8.3/src/veritysetup.c:117:21: danger: ‘root_hash_bytes’ leaks here; was allocated at [(37)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/36)
#  115|   		}
#  116|   
#  117|-> 		r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, root_hash_bytes, &root_hash_size, NULL, 0);
#  118|   		if (r < 0)
#  119|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def342]
cryptsetup-2.8.3/src/veritysetup.c:222:21: warning[-Wanalyzer-malloc-leak]: leak of ‘root_hash_from_file’
cryptsetup-2.8.3/src/veritysetup.c:161:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/veritysetup.c:164:13: branch_false: ...to here
cryptsetup-2.8.3/src/veritysetup.c:183:43: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/veritysetup.c:183:43: branch_true: ...to here
cryptsetup-2.8.3/src/veritysetup.c:184:42: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/veritysetup.c:184:42: branch_true: ...to here
cryptsetup-2.8.3/src/veritysetup.c:185:37: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/veritysetup.c:185:37: branch_true: ...to here
cryptsetup-2.8.3/src/veritysetup.c:186:36: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/veritysetup.c:186:36: branch_true: ...to here
cryptsetup-2.8.3/src/veritysetup.c:203:12: branch_true: following ‘true’ branch (when ‘root_hash’ is NULL)...
cryptsetup-2.8.3/src/veritysetup.c:204:37: branch_true: ...to here
cryptsetup-2.8.3/src/veritysetup.c:204:37: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/veritysetup.c:204:37: branch_true: ...to here
cryptsetup-2.8.3/src/veritysetup.c:205:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/veritysetup.c:210:21: branch_false: ...to here
cryptsetup-2.8.3/src/veritysetup.c:210:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/veritysetup.c:216:39: acquire_memory: allocated here
cryptsetup-2.8.3/src/veritysetup.c:217:20: branch_false: following ‘false’ branch (when ‘root_hash_from_file’ is non-NULL)...
cryptsetup-2.8.3/src/veritysetup.c:222:21: branch_false: ...to here
cryptsetup-2.8.3/src/veritysetup.c:222:21: throw: if ‘read_buffer’ throws an exception...
cryptsetup-2.8.3/src/veritysetup.c:222:21: danger: ‘root_hash_from_file’ leaks here; was allocated at [(19)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/18)
#  220|   		}
#  221|   
#  222|-> 		if (read_buffer(root_hash_fd, root_hash_from_file, hash_size_hex) != hash_size_hex) {
#  223|   			log_err(_("Cannot read root hash file %s."), root_hash_from_file);
#  224|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def343]
cryptsetup-2.8.3/src/veritysetup.c:422:29: warning[-Wanalyzer-malloc-leak]: leak of ‘root_hash’
cryptsetup-2.8.3/src/veritysetup.c:338:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/veritysetup.c:338:12: branch_false: ...to here
cryptsetup-2.8.3/src/veritysetup.c:363:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/veritysetup.c:366:17: branch_false: ...to here
cryptsetup-2.8.3/src/veritysetup.c:369:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/veritysetup.c:373:21: branch_false: ...to here
cryptsetup-2.8.3/src/veritysetup.c:374:20: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/src/veritysetup.c:377:17: branch_false: ...to here
cryptsetup-2.8.3/src/veritysetup.c:421:20: branch_true: following ‘true’ branch...
cryptsetup-2.8.3/src/veritysetup.c:421:56: branch_true: ...to here
cryptsetup-2.8.3/src/veritysetup.c:421:56: acquire_memory: allocated here
cryptsetup-2.8.3/src/veritysetup.c:421:21: branch_true: following ‘true’ branch (when ‘root_hash’ is non-NULL)...
cryptsetup-2.8.3/src/veritysetup.c:422:29: branch_true: ...to here
cryptsetup-2.8.3/src/veritysetup.c:422:29: throw: if ‘crypt_volume_key_get’ throws an exception...
cryptsetup-2.8.3/src/veritysetup.c:422:29: danger: ‘root_hash’ leaks here; was allocated at [(14)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/13)
#  420|   		root_hash_size = crypt_get_volume_key_size(cd);
#  421|   		if (root_hash_size > 0 && (root_hash = malloc(root_hash_size))) {
#  422|-> 			r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, root_hash, &root_hash_size, NULL, 0);
#  423|   			if (!r) {
#  424|   				log_std("  root hash:   ");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def344]
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:66:13: warning[-Wanalyzer-malloc-leak]: leak of 'pass'
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:32:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:38:13: branch_false: ...to here
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:39:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:44:16: branch_false: ...to here
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:45:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:51:21: branch_false: ...to here
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:52:12: branch_false: following 'false' branch...
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:58:20: branch_false: ...to here
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:59:16: acquire_memory: allocated here
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:60:12: branch_false: following 'false' branch (when 'pass' is non-NULL)...
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:66:13: branch_false: ...to here
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:66:13: throw: if 'sftp_read' throws an exception...
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:66:13: danger: 'pass' leaks here; was allocated at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#   64|   	}
#   65|   
#   66|-> 	r = sftp_read(file, pass, pass_len);
#   67|   	if (r < 0 || (size_t)r != pass_len) {
#   68|   		crypt_log(cd, CRYPT_LOG_ERROR, _("Cannot read remote key: "));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def345]
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:66:13: warning[-Wanalyzer-malloc-leak]: leak of ‘pass’
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:32:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:38:13: branch_false: ...to here
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:39:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:44:16: branch_false: ...to here
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:45:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:51:21: branch_false: ...to here
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:52:12: branch_false: following ‘false’ branch...
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:58:20: branch_false: ...to here
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:59:16: acquire_memory: allocated here
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:60:12: branch_false: following ‘false’ branch (when ‘pass’ is non-NULL)...
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:66:13: branch_false: ...to here
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:66:13: throw: if ‘sftp_read’ throws an exception...
cryptsetup-2.8.3/tokens/ssh/ssh-utils.c:66:13: danger: ‘pass’ leaks here; was allocated at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#   64|   	}
#   65|   
#   66|-> 	r = sftp_read(file, pass, pass_len);
#   67|   	if (r < 0 || (size_t)r != pass_len) {
#   68|   		crypt_log(cd, CRYPT_LOG_ERROR, _("Cannot read remote key: "));