Error: GCC_ANALYZER_WARNING (CWE-476): [#def1] dtc-1.7.2/./pylibfdt/libfdt_wrap.c:724:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘iter’ dtc-1.7.2/./pylibfdt/libfdt_wrap.c:9576:22: enter_function: entry to ‘_wrap_fdt_strerror’ dtc-1.7.2/./pylibfdt/libfdt_wrap.c:9585:6: branch_false: following ‘false’ branch (when ‘args’ is non-NULL)... dtc-1.7.2/./pylibfdt/libfdt_wrap.c:9587:12: branch_false: ...to here dtc-1.7.2/./pylibfdt/libfdt_wrap.c:9587:12: call_function: calling ‘SWIG_AsVal_int’ from ‘_wrap_fdt_strerror’ dtc-1.7.2/./pylibfdt/libfdt_wrap.c:9587:12: return_function: returning to ‘_wrap_fdt_strerror’ from ‘SWIG_AsVal_int’ dtc-1.7.2/./pylibfdt/libfdt_wrap.c:9588:6: branch_false: following ‘false’ branch... dtc-1.7.2/./pylibfdt/libfdt_wrap.c:9591:3: branch_false: ...to here dtc-1.7.2/./pylibfdt/libfdt_wrap.c:9593:15: call_function: calling ‘SWIG_FromCharPtr’ from ‘_wrap_fdt_strerror’ # 722| swig_module_info *iter = start; # 723| do { # 724|-> if (iter->size) { # 725| size_t l = 0; # 726| size_t r = iter->size - 1; Error: GCC_ANALYZER_WARNING (CWE-404): [#def2] dtc-1.7.2/checks.c:100:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ dtc-1.7.2/checks.c:335:13: enter_function: entry to ‘check_node_name_format’ dtc-1.7.2/checks.c:339:17: call_function: calling ‘check_msg’ from ‘check_node_name_format’ # 98| # 99| va_start(ap, fmt); # 100|-> xavsprintf_append(&str, fmt, ap); # 101| va_end(ap); # 102| Error: GCC_ANALYZER_WARNING (CWE-401): [#def3] dtc-1.7.2/convert-dtsv0-lexer.l:198:16: warning[-Wanalyzer-malloc-leak]: leak of ‘xmalloc((long unsigned int)len + 3)’ dtc-1.7.2/convert-dtsv0-lexer.l:190:13: enter_function: entry to ‘convert_file’ dtc-1.7.2/convert-dtsv0-lexer.l:196:19: call_function: calling ‘xmalloc’ from ‘convert_file’ dtc-1.7.2/convert-dtsv0-lexer.l:196:19: return_function: returning to ‘convert_file’ from ‘xmalloc’ dtc-1.7.2/convert-dtsv0-lexer.l:198:16: danger: ‘xmalloc((long unsigned int)len + 3)’ leaks here; was allocated at [(4)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/3) # 196| newname = xmalloc(len + sizeof(suffix)); # 197| memcpy(newname, fname, len); # 198|-> memcpy(newname + len, suffix, sizeof(suffix)); # 199| # 200| yyin = fopen(fname, "r"); Error: GCC_ANALYZER_WARNING (CWE-457): [#def4] dtc-1.7.2/convert-dtsv0-lexer.lex.c:1327:33: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*yy_cp’ dtc-1.7.2/convert-dtsv0-lexer.l:216:5: enter_function: entry to ‘main’ dtc-1.7.2/convert-dtsv0-lexer.l:226:12: branch_false: following ‘false’ branch (when ‘argc > 1’)... dtc-1.7.2/convert-dtsv0-lexer.l:226:12: branch_false: ...to here dtc-1.7.2/convert-dtsv0-lexer.l:229:21: branch_true: following ‘true’ branch (when ‘i < argc’)... dtc-1.7.2/convert-dtsv0-lexer.l:230:78: branch_true: ...to here dtc-1.7.2/convert-dtsv0-lexer.l:231:17: call_function: calling ‘convert_file’ from ‘main’ # 1325| # 1326| for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) # 1327|-> { # 1328| YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); # 1329| if ( yy_accept[yy_current_state] ) Error: GCC_ANALYZER_WARNING (CWE-775): [#def5] dtc-1.7.2/convert-dtsv0-lexer.lex.c:1508:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘yyin’ dtc-1.7.2/convert-dtsv0-lexer.l:190:13: enter_function: entry to ‘convert_file’ dtc-1.7.2/convert-dtsv0-lexer.l:196:19: call_function: calling ‘xmalloc’ from ‘convert_file’ dtc-1.7.2/convert-dtsv0-lexer.l:196:19: return_function: returning to ‘convert_file’ from ‘xmalloc’ dtc-1.7.2/convert-dtsv0-lexer.l:200:16: acquire_resource: opened here dtc-1.7.2/convert-dtsv0-lexer.l:201:12: branch_false: following ‘false’ branch... dtc-1.7.2/convert-dtsv0-lexer.l:205:17: branch_false: ...to here dtc-1.7.2/convert-dtsv0-lexer.l:206:12: branch_false: following ‘false’ branch... dtc-1.7.2/convert-dtsv0-lexer.l:206:12: branch_false: ...to here dtc-1.7.2/convert-dtsv0-lexer.l:210:15: call_function: calling ‘yylex’ from ‘convert_file’ # 1506| { # 1507| (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; # 1508|-> (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; # 1509| yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; # 1510| (yy_hold_char) = *(yy_c_buf_p); Error: GCC_ANALYZER_WARNING (CWE-401): [#def6] dtc-1.7.2/convert-dtsv0-lexer.lex.c:1508:9: warning[-Wanalyzer-malloc-leak]: leak of ‘yyin’ dtc-1.7.2/convert-dtsv0-lexer.l:190:13: enter_function: entry to ‘convert_file’ dtc-1.7.2/convert-dtsv0-lexer.l:196:19: call_function: calling ‘xmalloc’ from ‘convert_file’ dtc-1.7.2/convert-dtsv0-lexer.l:196:19: return_function: returning to ‘convert_file’ from ‘xmalloc’ dtc-1.7.2/convert-dtsv0-lexer.l:200:16: acquire_memory: allocated here dtc-1.7.2/convert-dtsv0-lexer.l:201:12: branch_false: following ‘false’ branch... dtc-1.7.2/convert-dtsv0-lexer.l:205:17: branch_false: ...to here dtc-1.7.2/convert-dtsv0-lexer.l:206:12: branch_false: following ‘false’ branch... dtc-1.7.2/convert-dtsv0-lexer.l:206:12: branch_false: ...to here dtc-1.7.2/convert-dtsv0-lexer.l:210:15: call_function: calling ‘yylex’ from ‘convert_file’ # 1506| { # 1507| (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; # 1508|-> (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; # 1509| yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; # 1510| (yy_hold_char) = *(yy_c_buf_p); Error: GCC_ANALYZER_WARNING (CWE-401): [#def7] dtc-1.7.2/convert-dtsv0-lexer.lex.c:1531:54: warning[-Wanalyzer-malloc-leak]: leak of ‘yyalloc(64)’ dtc-1.7.2/convert-dtsv0-lexer.l:190:13: enter_function: entry to ‘convert_file’ dtc-1.7.2/convert-dtsv0-lexer.l:196:19: call_function: calling ‘xmalloc’ from ‘convert_file’ dtc-1.7.2/convert-dtsv0-lexer.l:196:19: return_function: returning to ‘convert_file’ from ‘xmalloc’ dtc-1.7.2/convert-dtsv0-lexer.l:201:12: branch_false: following ‘false’ branch... dtc-1.7.2/convert-dtsv0-lexer.l:205:17: branch_false: ...to here dtc-1.7.2/convert-dtsv0-lexer.l:206:12: branch_false: following ‘false’ branch... dtc-1.7.2/convert-dtsv0-lexer.l:206:12: branch_false: ...to here dtc-1.7.2/convert-dtsv0-lexer.l:210:15: call_function: calling ‘yylex’ from ‘convert_file’ # 1529| /* yy_ch_buf has to be 2 characters longer than the size given because # 1530| * we need to put in 2 end-of-buffer characters. # 1531|-> */ # 1532| b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2) ); # 1533| if ( ! b->yy_ch_buf ) Error: CPPCHECK_WARNING (CWE-476): [#def8] dtc-1.7.2/convert-dtsv0-lexer.lex.c:1572: warning[nullPointer]: Possible null pointer dereference: b # 1570| # 1571| yy_flush_buffer( b ); # 1572|-> # 1573| b->yy_input_file = file; # 1574| b->yy_fill_buffer = 1; Error: CPPCHECK_WARNING (CWE-476): [#def9] dtc-1.7.2/convert-dtsv0-lexer.lex.c:1573: warning[nullPointer]: Possible null pointer dereference: b # 1571| yy_flush_buffer( b ); # 1572| # 1573|-> b->yy_input_file = file; # 1574| b->yy_fill_buffer = 1; # 1575| Error: GCC_ANALYZER_WARNING (CWE-404): [#def10] dtc-1.7.2/dtc-lexer.l:293:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ dtc-1.7.2/dtc-lexer.l:292:9: acquire_resource: ‘va_start’ called here dtc-1.7.2/dtc-lexer.l:293:9: throw: if ‘srcpos_verror’ throws an exception... dtc-1.7.2/dtc-lexer.l:293:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0) # 291| # 292| va_start(ap, fmt); # 293|-> srcpos_verror(&yylloc, "Lexical error", fmt, ap); # 294| va_end(ap); # 295| Error: GCC_ANALYZER_WARNING (CWE-401): [#def11] dtc-1.7.2/dtc-lexer.lex.c:1745:54: warning[-Wanalyzer-malloc-leak]: leak of ‘yyalloc(64)’ dtc-1.7.2/dtc-lexer.lex.c:1732:21: enter_function: entry to ‘yy_create_buffer’ dtc-1.7.2/dtc-lexer.lex.c:1736:24: call_function: calling ‘yyalloc’ from ‘yy_create_buffer’ dtc-1.7.2/dtc-lexer.lex.c:1736:24: return_function: returning to ‘yy_create_buffer’ from ‘yyalloc’ dtc-1.7.2/dtc-lexer.lex.c:1737:12: branch_false: following ‘false’ branch... dtc-1.7.2/dtc-lexer.lex.c:1740:2: branch_false: ...to here dtc-1.7.2/dtc-lexer.lex.c:1745:54: danger: ‘yyalloc(64)’ leaks here; was allocated at [(4)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/3) # 1743| /* yy_ch_buf has to be 2 characters longer than the size given because # 1744| * we need to put in 2 end-of-buffer characters. # 1745|-> */ # 1746| b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2) ); # 1747| if ( ! b->yy_ch_buf ) Error: CPPCHECK_WARNING (CWE-476): [#def12] dtc-1.7.2/dtc-lexer.lex.c:1786: warning[nullPointer]: Possible null pointer dereference: b # 1784| # 1785| yy_flush_buffer( b ); # 1786|-> # 1787| b->yy_input_file = file; # 1788| b->yy_fill_buffer = 1; Error: CPPCHECK_WARNING (CWE-476): [#def13] dtc-1.7.2/dtc-lexer.lex.c:1787: warning[nullPointer]: Possible null pointer dereference: b # 1785| yy_flush_buffer( b ); # 1786| # 1787|-> b->yy_input_file = file; # 1788| b->yy_fill_buffer = 1; # 1789| Error: GCC_ANALYZER_WARNING (CWE-401): [#def14] dtc-1.7.2/dtc-lexer.lex.c:2000:26: warning[-Wanalyzer-malloc-leak]: leak of ‘yyalloc(n)’ dtc-1.7.2/dtc-lexer.lex.c:1984:17: enter_function: entry to ‘yy_scan_bytes’ dtc-1.7.2/dtc-lexer.lex.c:1993:24: call_function: calling ‘yyalloc’ from ‘yy_scan_bytes’ dtc-1.7.2/dtc-lexer.lex.c:1993:24: return_function: returning to ‘yy_scan_bytes’ from ‘yyalloc’ dtc-1.7.2/dtc-lexer.lex.c:1994:12: branch_false: following ‘false’ branch... dtc-1.7.2/dtc-lexer.lex.c:1994:12: branch_false: ...to here dtc-1.7.2/dtc-lexer.lex.c:2002:6: call_function: calling ‘yy_scan_buffer’ from ‘yy_scan_bytes’ # 1998| for ( i = 0; i < _yybytes_len; ++i ) # 1999| buf[i] = yybytes[i]; # 2000|-> # 2001| buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; # 2002| Error: GCC_ANALYZER_WARNING (CWE-401): [#def15] dtc-1.7.2/dtc-parser.tab.c:1251:9: warning[-Wanalyzer-malloc-leak]: leak of ‘yyptr’ dtc-1.7.2/dtc-parser.tab.c:1206:6: branch_false: following ‘false’ branch... dtc-1.7.2/dtc-parser.tab.c:1275:6: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1275:6: branch_false: following ‘false’ branch (when ‘yystate != 6’)... dtc-1.7.2/dtc-parser.tab.c:1278:3: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1290:6: branch_false: following ‘false’ branch (when ‘yyn != -46’)... dtc-1.7.2/dtc-parser.tab.c:1296:7: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1296:6: branch_true: following ‘true’ branch... dtc-1.7.2/dtc-parser.tab.c:1299:16: branch_true: ...to here dtc-1.7.2/dtc-parser.tab.c:1308:11: branch_false: following ‘false’ branch... dtc-1.7.2/dtc-parser.tab.c:1321:17: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1328:6: branch_false: following ‘false’ branch... dtc-1.7.2/dtc-parser.tab.c:1331:6: branch_false: following ‘false’ branch (when ‘yyn != 0’)... dtc-1.7.2/dtc-parser.tab.c:1341:6: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1341:6: branch_false: following ‘false’ branch (when ‘yyerrstatus == 0’)... dtc-1.7.2/dtc-parser.tab.c:1348:3: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1206:6: branch_false: following ‘false’ branch... dtc-1.7.2/dtc-parser.tab.c:1275:6: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1275:6: branch_false: following ‘false’ branch (when ‘yystate != 6’)... dtc-1.7.2/dtc-parser.tab.c:1278:3: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1290:6: branch_false: following ‘false’ branch (when ‘yyn != -46’)... dtc-1.7.2/dtc-parser.tab.c:1296:7: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1296:6: branch_true: following ‘true’ branch... dtc-1.7.2/dtc-parser.tab.c:1299:16: branch_true: ...to here dtc-1.7.2/dtc-parser.tab.c:1328:6: branch_false: following ‘false’ branch... dtc-1.7.2/dtc-parser.tab.c:1331:6: branch_false: following ‘false’ branch (when ‘yyn != 0’)... dtc-1.7.2/dtc-parser.tab.c:1341:6: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1341:6: branch_false: following ‘false’ branch (when ‘yyerrstatus == 0’)... dtc-1.7.2/dtc-parser.tab.c:1348:3: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1206:6: branch_true: following ‘true’ branch... dtc-1.7.2/dtc-parser.tab.c:1212:28: branch_true: ...to here dtc-1.7.2/dtc-parser.tab.c:1238:10: branch_false: following ‘false’ branch (when ‘yystacksize <= 9999’)... dtc-1.7.2/dtc-parser.tab.c:1240:7: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1247:11: acquire_memory: allocated here dtc-1.7.2/dtc-parser.tab.c:1249:12: branch_false: following ‘false’ branch (when ‘yyptr’ is non-NULL)... dtc-1.7.2/dtc-parser.tab.c:1251:9: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1255:12: branch_false: following ‘false’ branch... dtc-1.7.2/dtc-parser.tab.c:1255:12: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1269:10: branch_false: following ‘false’ branch... dtc-1.7.2/dtc-parser.tab.c:1275:6: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1275:6: branch_false: following ‘false’ branch (when ‘yystate != 6’)... dtc-1.7.2/dtc-parser.tab.c:1278:3: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1290:6: branch_false: following ‘false’ branch (when ‘yyn != -46’)... dtc-1.7.2/dtc-parser.tab.c:1296:7: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1296:6: branch_true: following ‘true’ branch... dtc-1.7.2/dtc-parser.tab.c:1299:16: branch_true: ...to here dtc-1.7.2/dtc-parser.tab.c:1299:16: throw: if ‘yylex’ throws an exception... dtc-1.7.2/dtc-parser.tab.c:1251:9: danger: ‘yyptr’ leaks here; was allocated at [(35)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/34) # 1249| if (! yyptr) # 1250| YYNOMEM; # 1251|-> YYSTACK_RELOCATE (yyss_alloc, yyss); # 1252| YYSTACK_RELOCATE (yyvs_alloc, yyvs); # 1253| YYSTACK_RELOCATE (yyls_alloc, yyls); Error: GCC_ANALYZER_WARNING (CWE-457): [#def16] dtc-1.7.2/dtc-parser.tab.c:1251:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyss’ dtc-1.7.2/dtc-parser.tab.c:1206:6: branch_true: following ‘true’ branch... dtc-1.7.2/dtc-parser.tab.c:1212:28: branch_true: ...to here dtc-1.7.2/dtc-parser.tab.c:1238:10: branch_false: following ‘false’ branch (when ‘yystacksize <= 9999’)... dtc-1.7.2/dtc-parser.tab.c:1240:7: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1249:12: branch_false: following ‘false’ branch (when ‘yyptr’ is non-NULL)... dtc-1.7.2/dtc-parser.tab.c:1251:9: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1251:9: danger: use of uninitialized value ‘yyss’ here # 1249| if (! yyptr) # 1250| YYNOMEM; # 1251|-> YYSTACK_RELOCATE (yyss_alloc, yyss); # 1252| YYSTACK_RELOCATE (yyvs_alloc, yyvs); # 1253| YYSTACK_RELOCATE (yyls_alloc, yyls); Error: GCC_ANALYZER_WARNING (CWE-127): [#def17] dtc-1.7.2/dtc-parser.tab.c:2106:21: warning[-Wanalyzer-out-of-bounds]: buffer under-read dtc-1.7.2/dtc-parser.tab.c:1206:6: branch_false: following ‘false’ branch... dtc-1.7.2/dtc-parser.tab.c:1275:6: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1275:6: branch_false: following ‘false’ branch (when ‘yystate != 6’)... dtc-1.7.2/dtc-parser.tab.c:1278:3: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1290:6: branch_false: following ‘false’ branch (when ‘yyn != -46’)... dtc-1.7.2/dtc-parser.tab.c:1296:7: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1296:6: branch_true: following ‘true’ branch... dtc-1.7.2/dtc-parser.tab.c:1299:16: branch_true: ...to here dtc-1.7.2/dtc-parser.tab.c:1308:11: branch_false: following ‘false’ branch... dtc-1.7.2/dtc-parser.tab.c:1321:17: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1328:6: branch_false: following ‘false’ branch... dtc-1.7.2/dtc-parser.tab.c:1385:3: branch_false: following ‘false’ branch (when ‘yylen == 0’)... dtc-1.7.2/dtc-parser.tab.c:1385:3: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:2106:21: danger: out-of-bounds read from byte -100 till byte -99 but ‘yypgoto’ starts at byte 0 # 2104| { # 2105| const int yylhs = yyr1[yyn] - YYNTOKENS; # 2106|-> const int yyi = yypgoto[yylhs] + *yyssp; # 2107| yystate = (0 <= yyi && yyi <= YYLAST && yycheck[yyi] == *yyssp # 2108| ? yytable[yyi] Error: GCC_ANALYZER_WARNING (CWE-127): [#def18] dtc-1.7.2/dtc-parser.tab.c:2109:18: warning[-Wanalyzer-out-of-bounds]: buffer under-read dtc-1.7.2/dtc-parser.tab.c:1206:6: branch_false: following ‘false’ branch... dtc-1.7.2/dtc-parser.tab.c:1275:6: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1275:6: branch_false: following ‘false’ branch (when ‘yystate != 6’)... dtc-1.7.2/dtc-parser.tab.c:1278:3: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1290:6: branch_false: following ‘false’ branch (when ‘yyn != -46’)... dtc-1.7.2/dtc-parser.tab.c:1296:7: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1296:6: branch_true: following ‘true’ branch... dtc-1.7.2/dtc-parser.tab.c:1299:16: branch_true: ...to here dtc-1.7.2/dtc-parser.tab.c:1308:11: branch_false: following ‘false’ branch... dtc-1.7.2/dtc-parser.tab.c:1321:17: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:1328:6: branch_false: following ‘false’ branch... dtc-1.7.2/dtc-parser.tab.c:1385:3: branch_false: following ‘false’ branch (when ‘yylen == 0’)... dtc-1.7.2/dtc-parser.tab.c:1385:3: branch_false: ...to here dtc-1.7.2/dtc-parser.tab.c:2109:18: danger: out-of-bounds read at byte -50 but ‘yydefgoto’ starts at byte 0 # 2107| yystate = (0 <= yyi && yyi <= YYLAST && yycheck[yyi] == *yyssp # 2108| ? yytable[yyi] # 2109|-> : yydefgoto[yylhs]); # 2110| } # 2111| Error: GCC_ANALYZER_WARNING (CWE-775): [#def19] dtc-1.7.2/dtc.c:362:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘outf’ dtc-1.7.2/dtc.c:164:5: enter_function: entry to ‘main’ dtc-1.7.2/dtc.c:276:12: branch_false: following ‘false’ branch... dtc-1.7.2/dtc.c:278:17: branch_false: ...to here dtc-1.7.2/dtc.c:287:12: branch_false: following ‘false’ branch (when ‘depname’ is NULL)... dtc-1.7.2/dtc.c:297:12: branch_false: ...to here dtc-1.7.2/dtc.c:299:12: branch_true: following ‘true’ branch (when ‘outform’ is NULL)... dtc-1.7.2/dtc.c:300:27: branch_true: ...to here dtc-1.7.2/dtc.c:301:20: branch_true: following ‘true’ branch... dtc-1.7.2/dtc.c:302:29: branch_true: ...to here dtc-1.7.2/dtc.c:329:9: call_function: calling ‘fill_fullpaths’ from ‘main’ dtc-1.7.2/dtc.c:329:9: return_function: returning to ‘main’ from ‘fill_fullpaths’ dtc-1.7.2/dtc.c:352:12: branch_false: following ‘false’ branch (when the strings are non-equal)... dtc-1.7.2/dtc.c:355:24: branch_false: ...to here dtc-1.7.2/dtc.c:355:24: acquire_resource: opened here dtc-1.7.2/dtc.c:356:20: branch_false: following ‘false’ branch... dtc-1.7.2/dtc.c:361:13: branch_false: ...to here dtc-1.7.2/dtc.c:361:12: branch_true: following ‘true’ branch (when the strings are equal)... dtc-1.7.2/dtc.c:362:17: branch_true: ...to here dtc-1.7.2/dtc.c:362:17: throw: if ‘dt_to_source’ throws an exception... dtc-1.7.2/dtc.c:362:17: danger: ‘outf’ leaks here; was opened at [(18)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/17) # 360| # 361| if (streq(outform, "dts")) { # 362|-> dt_to_source(outf, dti); # 363| #ifndef NO_YAML # 364| } else if (streq(outform, "yaml")) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def20] dtc-1.7.2/dtc.c:362:17: warning[-Wanalyzer-malloc-leak]: leak of ‘outf’ dtc-1.7.2/dtc.c:164:5: enter_function: entry to ‘main’ dtc-1.7.2/dtc.c:276:12: branch_false: following ‘false’ branch... dtc-1.7.2/dtc.c:278:17: branch_false: ...to here dtc-1.7.2/dtc.c:287:12: branch_false: following ‘false’ branch (when ‘depname’ is NULL)... dtc-1.7.2/dtc.c:297:12: branch_false: ...to here dtc-1.7.2/dtc.c:299:12: branch_true: following ‘true’ branch (when ‘outform’ is NULL)... dtc-1.7.2/dtc.c:300:27: branch_true: ...to here dtc-1.7.2/dtc.c:301:20: branch_true: following ‘true’ branch... dtc-1.7.2/dtc.c:302:29: branch_true: ...to here dtc-1.7.2/dtc.c:329:9: call_function: calling ‘fill_fullpaths’ from ‘main’ dtc-1.7.2/dtc.c:329:9: return_function: returning to ‘main’ from ‘fill_fullpaths’ dtc-1.7.2/dtc.c:352:12: branch_false: following ‘false’ branch (when the strings are non-equal)... dtc-1.7.2/dtc.c:355:24: branch_false: ...to here dtc-1.7.2/dtc.c:355:24: acquire_memory: allocated here dtc-1.7.2/dtc.c:356:20: branch_false: following ‘false’ branch... dtc-1.7.2/dtc.c:361:13: branch_false: ...to here dtc-1.7.2/dtc.c:361:12: branch_true: following ‘true’ branch (when the strings are equal)... dtc-1.7.2/dtc.c:362:17: branch_true: ...to here dtc-1.7.2/dtc.c:362:17: throw: if ‘dt_to_source’ throws an exception... dtc-1.7.2/dtc.c:362:17: danger: ‘outf’ leaks here; was allocated at [(18)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/17) # 360| # 361| if (streq(outform, "dts")) { # 362|-> dt_to_source(outf, dti); # 363| #ifndef NO_YAML # 364| } else if (streq(outform, "yaml")) { Error: GCC_ANALYZER_WARNING (CWE-775): [#def21] dtc-1.7.2/dtc.c:370:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘outf’ dtc-1.7.2/dtc.c:164:5: enter_function: entry to ‘main’ dtc-1.7.2/dtc.c:276:12: branch_false: following ‘false’ branch... dtc-1.7.2/dtc.c:278:17: branch_false: ...to here dtc-1.7.2/dtc.c:287:12: branch_false: following ‘false’ branch (when ‘depname’ is NULL)... dtc-1.7.2/dtc.c:297:12: branch_false: ...to here dtc-1.7.2/dtc.c:299:12: branch_true: following ‘true’ branch (when ‘outform’ is NULL)... dtc-1.7.2/dtc.c:300:27: branch_true: ...to here dtc-1.7.2/dtc.c:301:20: branch_true: following ‘true’ branch... dtc-1.7.2/dtc.c:302:29: branch_true: ...to here dtc-1.7.2/dtc.c:329:9: call_function: calling ‘fill_fullpaths’ from ‘main’ dtc-1.7.2/dtc.c:329:9: return_function: returning to ‘main’ from ‘fill_fullpaths’ dtc-1.7.2/dtc.c:352:12: branch_false: following ‘false’ branch (when the strings are non-equal)... dtc-1.7.2/dtc.c:355:24: branch_false: ...to here dtc-1.7.2/dtc.c:355:24: acquire_resource: opened here dtc-1.7.2/dtc.c:356:20: branch_false: following ‘false’ branch... dtc-1.7.2/dtc.c:361:13: branch_false: ...to here dtc-1.7.2/dtc.c:361:12: branch_false: following ‘false’ branch (when the strings are non-equal)... dtc-1.7.2/dtc.c:369:20: branch_false: ...to here dtc-1.7.2/dtc.c:369:19: branch_true: following ‘true’ branch (when the strings are equal)... dtc-1.7.2/dtc.c:370:17: branch_true: ...to here dtc-1.7.2/dtc.c:370:17: throw: if ‘dt_to_blob’ throws an exception... dtc-1.7.2/dtc.c:370:17: danger: ‘outf’ leaks here; was opened at [(16)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/15) # 368| #endif # 369| } else if (streq(outform, "dtb")) { # 370|-> dt_to_blob(outf, dti, outversion); # 371| } else if (streq(outform, "asm")) { # 372| dt_to_asm(outf, dti, outversion); Error: GCC_ANALYZER_WARNING (CWE-401): [#def22] dtc-1.7.2/dtc.c:370:17: warning[-Wanalyzer-malloc-leak]: leak of ‘outf’ dtc-1.7.2/dtc.c:164:5: enter_function: entry to ‘main’ dtc-1.7.2/dtc.c:276:12: branch_false: following ‘false’ branch... dtc-1.7.2/dtc.c:278:17: branch_false: ...to here dtc-1.7.2/dtc.c:287:12: branch_false: following ‘false’ branch (when ‘depname’ is NULL)... dtc-1.7.2/dtc.c:297:12: branch_false: ...to here dtc-1.7.2/dtc.c:299:12: branch_true: following ‘true’ branch (when ‘outform’ is NULL)... dtc-1.7.2/dtc.c:300:27: branch_true: ...to here dtc-1.7.2/dtc.c:301:20: branch_true: following ‘true’ branch... dtc-1.7.2/dtc.c:302:29: branch_true: ...to here dtc-1.7.2/dtc.c:329:9: call_function: calling ‘fill_fullpaths’ from ‘main’ dtc-1.7.2/dtc.c:329:9: return_function: returning to ‘main’ from ‘fill_fullpaths’ dtc-1.7.2/dtc.c:352:12: branch_false: following ‘false’ branch (when the strings are non-equal)... dtc-1.7.2/dtc.c:355:24: branch_false: ...to here dtc-1.7.2/dtc.c:355:24: acquire_memory: allocated here dtc-1.7.2/dtc.c:356:20: branch_false: following ‘false’ branch... dtc-1.7.2/dtc.c:361:13: branch_false: ...to here dtc-1.7.2/dtc.c:361:12: branch_false: following ‘false’ branch (when the strings are non-equal)... dtc-1.7.2/dtc.c:369:20: branch_false: ...to here dtc-1.7.2/dtc.c:369:19: branch_true: following ‘true’ branch (when the strings are equal)... dtc-1.7.2/dtc.c:370:17: branch_true: ...to here dtc-1.7.2/dtc.c:370:17: throw: if ‘dt_to_blob’ throws an exception... dtc-1.7.2/dtc.c:370:17: danger: ‘outf’ leaks here; was allocated at [(16)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/15) # 368| #endif # 369| } else if (streq(outform, "dtb")) { # 370|-> dt_to_blob(outf, dti, outversion); # 371| } else if (streq(outform, "asm")) { # 372| dt_to_asm(outf, dti, outversion); Error: GCC_ANALYZER_WARNING (CWE-775): [#def23] dtc-1.7.2/dtc.c:372:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘outf’ dtc-1.7.2/dtc.c:164:5: enter_function: entry to ‘main’ dtc-1.7.2/dtc.c:276:12: branch_false: following ‘false’ branch... dtc-1.7.2/dtc.c:278:17: branch_false: ...to here dtc-1.7.2/dtc.c:287:12: branch_false: following ‘false’ branch (when ‘depname’ is NULL)... dtc-1.7.2/dtc.c:297:12: branch_false: ...to here dtc-1.7.2/dtc.c:299:12: branch_true: following ‘true’ branch (when ‘outform’ is NULL)... dtc-1.7.2/dtc.c:300:27: branch_true: ...to here dtc-1.7.2/dtc.c:301:20: branch_true: following ‘true’ branch... dtc-1.7.2/dtc.c:302:29: branch_true: ...to here dtc-1.7.2/dtc.c:329:9: call_function: calling ‘fill_fullpaths’ from ‘main’ dtc-1.7.2/dtc.c:329:9: return_function: returning to ‘main’ from ‘fill_fullpaths’ dtc-1.7.2/dtc.c:352:12: branch_false: following ‘false’ branch (when the strings are non-equal)... dtc-1.7.2/dtc.c:355:24: branch_false: ...to here dtc-1.7.2/dtc.c:355:24: acquire_resource: opened here dtc-1.7.2/dtc.c:356:20: branch_false: following ‘false’ branch... dtc-1.7.2/dtc.c:361:13: branch_false: ...to here dtc-1.7.2/dtc.c:361:12: branch_false: following ‘false’ branch (when the strings are non-equal)... dtc-1.7.2/dtc.c:369:20: branch_false: ...to here dtc-1.7.2/dtc.c:369:19: branch_false: following ‘false’ branch (when the strings are non-equal)... dtc-1.7.2/dtc.c:371:20: branch_false: ...to here dtc-1.7.2/dtc.c:371:19: branch_true: following ‘true’ branch (when the strings are equal)... dtc-1.7.2/dtc.c:372:17: branch_true: ...to here dtc-1.7.2/dtc.c:372:17: throw: if ‘dt_to_asm’ throws an exception... dtc-1.7.2/dtc.c:372:17: danger: ‘outf’ leaks here; was opened at [(16)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/15) # 370| dt_to_blob(outf, dti, outversion); # 371| } else if (streq(outform, "asm")) { # 372|-> dt_to_asm(outf, dti, outversion); # 373| } else if (streq(outform, "null")) { # 374| /* do nothing */ Error: GCC_ANALYZER_WARNING (CWE-401): [#def24] dtc-1.7.2/dtc.c:372:17: warning[-Wanalyzer-malloc-leak]: leak of ‘outf’ dtc-1.7.2/dtc.c:164:5: enter_function: entry to ‘main’ dtc-1.7.2/dtc.c:276:12: branch_false: following ‘false’ branch... dtc-1.7.2/dtc.c:278:17: branch_false: ...to here dtc-1.7.2/dtc.c:287:12: branch_false: following ‘false’ branch (when ‘depname’ is NULL)... dtc-1.7.2/dtc.c:297:12: branch_false: ...to here dtc-1.7.2/dtc.c:299:12: branch_true: following ‘true’ branch (when ‘outform’ is NULL)... dtc-1.7.2/dtc.c:300:27: branch_true: ...to here dtc-1.7.2/dtc.c:301:20: branch_true: following ‘true’ branch... dtc-1.7.2/dtc.c:302:29: branch_true: ...to here dtc-1.7.2/dtc.c:329:9: call_function: calling ‘fill_fullpaths’ from ‘main’ dtc-1.7.2/dtc.c:329:9: return_function: returning to ‘main’ from ‘fill_fullpaths’ dtc-1.7.2/dtc.c:352:12: branch_false: following ‘false’ branch (when the strings are non-equal)... dtc-1.7.2/dtc.c:355:24: branch_false: ...to here dtc-1.7.2/dtc.c:355:24: acquire_memory: allocated here dtc-1.7.2/dtc.c:356:20: branch_false: following ‘false’ branch... dtc-1.7.2/dtc.c:361:13: branch_false: ...to here dtc-1.7.2/dtc.c:361:12: branch_false: following ‘false’ branch (when the strings are non-equal)... dtc-1.7.2/dtc.c:369:20: branch_false: ...to here dtc-1.7.2/dtc.c:369:19: branch_false: following ‘false’ branch (when the strings are non-equal)... dtc-1.7.2/dtc.c:371:20: branch_false: ...to here dtc-1.7.2/dtc.c:371:19: branch_true: following ‘true’ branch (when the strings are equal)... dtc-1.7.2/dtc.c:372:17: branch_true: ...to here dtc-1.7.2/dtc.c:372:17: throw: if ‘dt_to_asm’ throws an exception... dtc-1.7.2/dtc.c:372:17: danger: ‘outf’ leaks here; was allocated at [(16)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/15) # 370| dt_to_blob(outf, dti, outversion); # 371| } else if (streq(outform, "asm")) { # 372|-> dt_to_asm(outf, dti, outversion); # 373| } else if (streq(outform, "null")) { # 374| /* do nothing */ Error: GCC_ANALYZER_WARNING (CWE-401): [#def25] dtc-1.7.2/fdtoverlay.c:58:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xmalloc((long unsigned int)((((unsigned int)((const uint8_t *)overlay)[4] << 24 | (unsigned int)((const uint8_t *)overlay)[5] << 16) | (unsigned int)((const uint8_t *)overlay)[6] << 8) | (unsigned int)((const uint8_t *)overlay)[7]))’ dtc-1.7.2/fdtoverlay.c:43:14: enter_function: entry to ‘apply_one’ dtc-1.7.2/fdtoverlay.c:55:16: call_function: calling ‘xmalloc’ from ‘apply_one’ dtc-1.7.2/fdtoverlay.c:55:16: return_function: returning to ‘apply_one’ from ‘xmalloc’ dtc-1.7.2/fdtoverlay.c:58:23: call_function: calling ‘xrealloc’ from ‘apply_one’ dtc-1.7.2/fdtoverlay.c:58:23: return_function: returning to ‘apply_one’ from ‘xrealloc’ dtc-1.7.2/fdtoverlay.c:59:23: throw: if ‘fdt_open_into’ throws an exception... dtc-1.7.2/fdtoverlay.c:58:23: danger: ‘xmalloc((long unsigned int)((((unsigned int)((const uint8_t *)overlay)[4] << 24 | (unsigned int)((const uint8_t *)overlay)[5] << 16) | (unsigned int)((const uint8_t *)overlay)[6] << 8) | (unsigned int)((const uint8_t *)overlay)[7]))’ leaks here; was allocated at [(4)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/3) # 56| # 57| do { # 58|-> tmp = xrealloc(tmp, *buf_len); # 59| ret = fdt_open_into(base, tmp, *buf_len); # 60| if (ret) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def26] dtc-1.7.2/fdtoverlay.c:59:48: warning[-Wanalyzer-malloc-leak]: leak of ‘xrealloc(tmp, *buf_len)’ dtc-1.7.2/fdtoverlay.c:43:14: enter_function: entry to ‘apply_one’ dtc-1.7.2/fdtoverlay.c:55:16: call_function: calling ‘xmalloc’ from ‘apply_one’ dtc-1.7.2/fdtoverlay.c:55:16: return_function: returning to ‘apply_one’ from ‘xmalloc’ dtc-1.7.2/fdtoverlay.c:58:23: call_function: calling ‘xrealloc’ from ‘apply_one’ dtc-1.7.2/fdtoverlay.c:58:23: return_function: returning to ‘apply_one’ from ‘xrealloc’ dtc-1.7.2/fdtoverlay.c:59:23: throw: if ‘fdt_open_into’ throws an exception... dtc-1.7.2/fdtoverlay.c:59:48: danger: ‘xrealloc(tmp, *buf_len)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/8) # 57| do { # 58| tmp = xrealloc(tmp, *buf_len); # 59|-> ret = fdt_open_into(base, tmp, *buf_len); # 60| if (ret) { # 61| fprintf(stderr, Error: GCC_ANALYZER_WARNING (CWE-401): [#def27] dtc-1.7.2/fdtoverlay.c:127:29: warning[-Wanalyzer-malloc-leak]: leak of ‘xmalloc((long unsigned int)argc * 8) + (long unsigned int)i * 8’ dtc-1.7.2/fdtoverlay.c:99:12: enter_function: entry to ‘do_fdtoverlay’ dtc-1.7.2/fdtoverlay.c:109:12: branch_false: following ‘false’ branch... dtc-1.7.2/fdtoverlay.c:113:13: call_function: inlined call to ‘fdt32_ld’ from ‘do_fdtoverlay’ dtc-1.7.2/fdtoverlay.c:113:12: branch_false: following ‘false’ branch... dtc-1.7.2/fdtoverlay.c:121:18: branch_false: ...to here dtc-1.7.2/fdtoverlay.c:121:18: call_function: calling ‘xmalloc’ from ‘do_fdtoverlay’ dtc-1.7.2/fdtoverlay.c:121:18: return_function: returning to ‘do_fdtoverlay’ from ‘xmalloc’ dtc-1.7.2/fdtoverlay.c:125:21: branch_true: following ‘true’ branch (when ‘i < argc’)... dtc-1.7.2/fdtoverlay.c:127:46: branch_true: ...to here dtc-1.7.2/fdtoverlay.c:127:29: throw: if ‘utilfdt_read’ throws an exception... dtc-1.7.2/fdtoverlay.c:127:29: danger: ‘xmalloc((long unsigned int)argc * 8) + (long unsigned int)i * 8’ leaks here; was allocated at [(9)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/8) # 125| for (i = 0; i < argc; i++) { # 126| size_t ov_len; # 127|-> ovblob[i] = utilfdt_read(argv[i], &ov_len); # 128| if (!ovblob[i]) { # 129| fprintf(stderr, "\nFailed to read '%s'\n", argv[i]); Error: GCC_ANALYZER_WARNING (CWE-401): [#def28] dtc-1.7.2/fdtoverlay.c:127:46: warning[-Wanalyzer-malloc-leak]: leak of ‘xmalloc((long unsigned int)argc * 8)’ dtc-1.7.2/fdtoverlay.c:99:12: enter_function: entry to ‘do_fdtoverlay’ dtc-1.7.2/fdtoverlay.c:109:12: branch_false: following ‘false’ branch... dtc-1.7.2/fdtoverlay.c:113:13: call_function: inlined call to ‘fdt32_ld’ from ‘do_fdtoverlay’ dtc-1.7.2/fdtoverlay.c:113:12: branch_false: following ‘false’ branch... dtc-1.7.2/fdtoverlay.c:121:18: branch_false: ...to here dtc-1.7.2/fdtoverlay.c:121:18: call_function: calling ‘xmalloc’ from ‘do_fdtoverlay’ dtc-1.7.2/fdtoverlay.c:121:18: return_function: returning to ‘do_fdtoverlay’ from ‘xmalloc’ dtc-1.7.2/fdtoverlay.c:125:21: branch_true: following ‘true’ branch (when ‘i < argc’)... dtc-1.7.2/fdtoverlay.c:127:46: branch_true: ...to here dtc-1.7.2/fdtoverlay.c:128:20: branch_false: following ‘false’ branch... dtc-1.7.2/fdtoverlay.c:132:21: call_function: inlined call to ‘fdt32_ld’ from ‘do_fdtoverlay’ dtc-1.7.2/fdtoverlay.c:132:20: branch_false: following ‘false’ branch... dtc-1.7.2/fdtoverlay.c:167:1: branch_false: ...to here dtc-1.7.2/fdtoverlay.c:125:21: branch_true: following ‘true’ branch (when ‘i < argc’)... dtc-1.7.2/fdtoverlay.c:127:46: branch_true: ...to here dtc-1.7.2/fdtoverlay.c:127:29: throw: if ‘utilfdt_read’ throws an exception... dtc-1.7.2/fdtoverlay.c:127:46: danger: ‘xmalloc((long unsigned int)argc * 8)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/8) # 125| for (i = 0; i < argc; i++) { # 126| size_t ov_len; # 127|-> ovblob[i] = utilfdt_read(argv[i], &ov_len); # 128| if (!ovblob[i]) { # 129| fprintf(stderr, "\nFailed to read '%s'\n", argv[i]); Error: GCC_ANALYZER_WARNING (CWE-401): [#def29] dtc-1.7.2/fdtput.c:123:9: warning[-Wanalyzer-malloc-leak]: leak of ‘xrealloc(fdt, (long unsigned int)new_sz)’ dtc-1.7.2/fdtput.c:401:5: enter_function: entry to ‘main’ dtc-1.7.2/fdtput.c:446:12: branch_true: following ‘true’ branch... dtc-1.7.2/fdtput.c:447:33: branch_true: ...to here dtc-1.7.2/fdtput.c:448:12: branch_false: following ‘false’ branch (when ‘filename’ is non-NULL)... dtc-1.7.2/fdtput.c:451:14: branch_false: ...to here dtc-1.7.2/fdtput.c:455:20: branch_false: following ‘false’ branch (when ‘argc > 0’)... dtc-1.7.2/fdtput.c:457:20: branch_false: ...to here dtc-1.7.2/fdtput.c:457:20: branch_false: following ‘false’ branch (when ‘argc != 1’)... dtc-1.7.2/fdtput.c:461:12: branch_false: ...to here dtc-1.7.2/fdtput.c:465:13: call_function: calling ‘do_fdtput’ from ‘main’ # 121| int new_sz = fdt_totalsize(fdt) + delta; # 122| fdt = xrealloc(fdt, new_sz); # 123|-> fdt_open_into(fdt, fdt, new_sz); # 124| return fdt; # 125| } Error: COMPILER_WARNING (CWE-704): [#def30] dtc-1.7.2/fdtput.c: scope_hint: In function ‘create_node’ dtc-1.7.2/fdtput.c:235:11: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type # 235 | p = strrchr(node_name, '/'); # | ^ # 233| char *p; # 234| # 235|-> p = strrchr(node_name, '/'); # 236| if (!p) { # 237| report_error(node_name, -1, -FDT_ERR_BADPATH); Error: COMPILER_WARNING (CWE-704): [#def31] dtc-1.7.2/fdtput.c:235:11: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type # 233| char *p; # 234| # 235|-> p = strrchr(node_name, '/'); # 236| if (!p) { # 237| report_error(node_name, -1, -FDT_ERR_BADPATH); Error: GCC_ANALYZER_WARNING (CWE-457): [#def32] dtc-1.7.2/flattree.c:865:18: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*(struct fdt_header *)<unknown>.off_dt_struct’ dtc-1.7.2/flattree.c:793:17: enter_function: entry to ‘dt_from_blob’ dtc-1.7.2/flattree.c:814:12: branch_false: following ‘false’ branch... dtc-1.7.2/flattree.c:817:12: branch_false: ...to here dtc-1.7.2/flattree.c:817:12: branch_false: following ‘false’ branch (when ‘rc > 0’)... dtc-1.7.2/flattree.c:824:17: branch_false: ...to here dtc-1.7.2/flattree.c:825:12: branch_false: following ‘false’ branch... dtc-1.7.2/flattree.c:828:14: branch_false: ...to here dtc-1.7.2/flattree.c:829:12: branch_false: following ‘false’ branch... dtc-1.7.2/flattree.c:831:12: branch_false: ...to here dtc-1.7.2/flattree.c:831:12: branch_false: following ‘false’ branch (when ‘rc > 0’)... dtc-1.7.2/flattree.c:838:21: branch_false: ...to here dtc-1.7.2/flattree.c:839:12: branch_false: following ‘false’ branch... dtc-1.7.2/flattree.c:842:16: branch_false: ...to here dtc-1.7.2/flattree.c:842:16: call_function: calling ‘xmalloc’ from ‘dt_from_blob’ dtc-1.7.2/flattree.c:842:16: return_function: returning to ‘dt_from_blob’ from ‘xmalloc’ dtc-1.7.2/flattree.c:851:16: branch_false: following ‘false’ branch (when ‘sizeleft == 0’)... dtc-1.7.2/flattree.c:865:18: branch_false: ...to here dtc-1.7.2/flattree.c:865:18: danger: use of uninitialized value ‘*(struct fdt_header *)<unknown>.off_dt_struct’ here # 863| } # 864| # 865|-> off_dt = fdt32_to_cpu(fdt->off_dt_struct); # 866| off_str = fdt32_to_cpu(fdt->off_dt_strings); # 867| off_mem_rsvmap = fdt32_to_cpu(fdt->off_mem_rsvmap); Error: GCC_ANALYZER_WARNING (CWE-401): [#def33] dtc-1.7.2/fstree.c:22:16: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(dirname)’ dtc-1.7.2/fstree.c:68:17: enter_function: entry to ‘dt_from_fs’ dtc-1.7.2/fstree.c:72:16: call_function: calling ‘read_fstree’ from ‘dt_from_fs’ # 20| die("Couldn't opendir() \"%s\": %s\n", dirname, strerror(errno)); # 21| # 22|-> tree = build_node(NULL, NULL, NULL); # 23| # 24| while ((de = readdir(d)) != NULL) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def34] dtc-1.7.2/fstree.c:24:22: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(dirname)’ dtc-1.7.2/fstree.c:68:17: enter_function: entry to ‘dt_from_fs’ dtc-1.7.2/fstree.c:72:16: call_function: calling ‘read_fstree’ from ‘dt_from_fs’ # 22| tree = build_node(NULL, NULL, NULL); # 23| # 24|-> while ((de = readdir(d)) != NULL) { # 25| char *tmpname; # 26| Error: GCC_ANALYZER_WARNING (CWE-775): [#def35] dtc-1.7.2/fstree.c:48:70: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(join_path(dirname, &*<unknown>.d_name), "rb")’ dtc-1.7.2/fstree.c:68:17: enter_function: entry to ‘dt_from_fs’ dtc-1.7.2/fstree.c:72:16: call_function: calling ‘read_fstree’ from ‘dt_from_fs’ # 46| prop = build_property(de->d_name, # 47| data_copy_file(pfile, # 48|-> st.st_size), # 49| NULL); # 50| add_property(tree, prop); Error: GCC_ANALYZER_WARNING (CWE-401): [#def36] dtc-1.7.2/fstree.c:48:70: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(join_path(dirname, &*<unknown>.d_name), "rb")’ dtc-1.7.2/fstree.c:68:17: enter_function: entry to ‘dt_from_fs’ dtc-1.7.2/fstree.c:72:16: call_function: calling ‘read_fstree’ from ‘dt_from_fs’ # 46| prop = build_property(de->d_name, # 47| data_copy_file(pfile, # 48|-> st.st_size), # 49| NULL); # 50| add_property(tree, prop); Error: COMPILER_WARNING (CWE-704): [#def37] dtc-1.7.2/libfdt/fdt_overlay.c: scope_hint: In function ‘overlay_fixup_phandle’ dtc-1.7.2/libfdt/fdt_overlay.c:424:21: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type # 424 | sep = memchr(fixup_str, ':', fixup_len); # | ^ # 422| # 423| path = fixup_str; # 424|-> sep = memchr(fixup_str, ':', fixup_len); # 425| if (!sep || *sep != ':') # 426| return -FDT_ERR_BADOVERLAY; Error: COMPILER_WARNING (CWE-704): [#def38] dtc-1.7.2/libfdt/fdt_overlay.c:424:21: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type # 422| # 423| path = fixup_str; # 424|-> sep = memchr(fixup_str, ':', fixup_len); # 425| if (!sep || *sep != ':') # 426| return -FDT_ERR_BADOVERLAY; Error: COMPILER_WARNING (CWE-704): [#def39] dtc-1.7.2/libfdt/fdt_overlay.c:434:21: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type # 434 | sep = memchr(name, ':', fixup_len); # | ^ # 432| fixup_len -= path_len + 1; # 433| name = sep + 1; # 434|-> sep = memchr(name, ':', fixup_len); # 435| if (!sep || *sep != ':') # 436| return -FDT_ERR_BADOVERLAY; Error: COMPILER_WARNING (CWE-704): [#def40] dtc-1.7.2/libfdt/fdt_overlay.c:434:21: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type # 432| fixup_len -= path_len + 1; # 433| name = sep + 1; # 434|-> sep = memchr(name, ':', fixup_len); # 435| if (!sep || *sep != ':') # 436| return -FDT_ERR_BADOVERLAY; Error: GCC_ANALYZER_WARNING (CWE-401): [#def41] dtc-1.7.2/libfdt/libfdt.h:145:27: warning[-Wanalyzer-malloc-leak]: leak of ‘xmalloc((long unsigned int)argc * 8)’ dtc-1.7.2/fdtoverlay.c:99:12: enter_function: entry to ‘do_fdtoverlay’ dtc-1.7.2/fdtoverlay.c:109:12: branch_false: following ‘false’ branch... dtc-1.7.2/fdtoverlay.c:113:13: call_function: inlined call to ‘fdt32_ld’ from ‘do_fdtoverlay’ dtc-1.7.2/fdtoverlay.c:113:12: branch_false: following ‘false’ branch... dtc-1.7.2/fdtoverlay.c:121:18: branch_false: ...to here dtc-1.7.2/fdtoverlay.c:121:18: call_function: calling ‘xmalloc’ from ‘do_fdtoverlay’ dtc-1.7.2/fdtoverlay.c:121:18: return_function: returning to ‘do_fdtoverlay’ from ‘xmalloc’ dtc-1.7.2/fdtoverlay.c:125:21: branch_false: following ‘false’ branch (when ‘i >= argc’)... dtc-1.7.2/fdtoverlay.c:141:19: call_function: inlined call to ‘fdt32_ld’ from ‘do_fdtoverlay’ dtc-1.7.2/fdtoverlay.c:144:21: branch_false: following ‘false’ branch (when ‘i >= argc’)... dtc-1.7.2/fdtoverlay.c:150:9: branch_false: ...to here dtc-1.7.2/fdtoverlay.c:150:9: throw: if ‘fdt_pack’ throws an exception... dtc-1.7.2/fdtoverlay.c:141:19: call_function: inlined call to ‘fdt32_ld’ from ‘do_fdtoverlay’ # 143| const uint8_t *bp = (const uint8_t *)p; # 144| # 145|-> return ((uint32_t)bp[0] << 24) # 146| | ((uint32_t)bp[1] << 16) # 147| | ((uint32_t)bp[2] << 8) Error: GCC_ANALYZER_WARNING (CWE-401): [#def42] dtc-1.7.2/libfdt/libfdt_env.h:53:35: warning[-Wanalyzer-malloc-leak]: leak of ‘xmalloc((long unsigned int)((((unsigned int)((uint8_t*)&<unknown>)[0] << 24 | (unsigned int)((uint8_t*)&<unknown>)[1] << 16) | (unsigned int)((uint8_t*)&<unknown>)[2] << 8) | (unsigned int)((uint8_t*)&<unknown>)[3]))’ dtc-1.7.2/flattree.c:793:17: enter_function: entry to ‘dt_from_blob’ dtc-1.7.2/flattree.c:814:12: branch_false: following ‘false’ branch... dtc-1.7.2/flattree.c:817:12: branch_false: ...to here dtc-1.7.2/flattree.c:817:12: branch_false: following ‘false’ branch (when ‘rc > 0’)... dtc-1.7.2/flattree.c:824:17: branch_false: ...to here dtc-1.7.2/flattree.c:825:12: branch_false: following ‘false’ branch... dtc-1.7.2/flattree.c:828:14: branch_false: ...to here dtc-1.7.2/flattree.c:829:12: branch_false: following ‘false’ branch... dtc-1.7.2/flattree.c:831:12: branch_false: ...to here dtc-1.7.2/flattree.c:831:12: branch_false: following ‘false’ branch (when ‘rc > 0’)... dtc-1.7.2/flattree.c:838:21: branch_false: ...to here dtc-1.7.2/flattree.c:839:12: branch_false: following ‘false’ branch... dtc-1.7.2/flattree.c:842:16: branch_false: ...to here dtc-1.7.2/flattree.c:842:16: call_function: calling ‘xmalloc’ from ‘dt_from_blob’ dtc-1.7.2/flattree.c:842:16: return_function: returning to ‘dt_from_blob’ from ‘xmalloc’ dtc-1.7.2/flattree.c:851:16: branch_true: following ‘true’ branch (when ‘sizeleft != 0’)... dtc-1.7.2/flattree.c:852:21: branch_true: ...to here dtc-1.7.2/flattree.c:845:22: call_function: inlined call to ‘cpu_to_fdt32’ from ‘dt_from_blob’ # 51| static inline fdt32_t cpu_to_fdt32(uint32_t x) # 52| { # 53|-> return (FDT_FORCE fdt32_t)CPU_TO_FDT32(x); # 54| } # 55| Error: GCC_ANALYZER_WARNING (CWE-401): [#def43] dtc-1.7.2/livetree.c:46:21: warning[-Wanalyzer-malloc-leak]: leak of ‘xmalloc(64)’ dtc-1.7.2/livetree.c:620:13: enter_function: entry to ‘add_phandle_property’ dtc-1.7.2/livetree.c:633:9: call_function: calling ‘build_property’ from ‘add_phandle_property’ # 44| memset(new, 0, sizeof(*new)); # 45| # 46|-> new->name = xstrdup(name); # 47| new->val = val; # 48| new->srcpos = srcpos_copy(srcpos); Error: GCC_ANALYZER_WARNING (CWE-401): [#def44] dtc-1.7.2/livetree.c:48:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xmalloc(64)’ dtc-1.7.2/livetree.c:620:13: enter_function: entry to ‘add_phandle_property’ dtc-1.7.2/livetree.c:633:9: call_function: calling ‘build_property’ from ‘add_phandle_property’ # 46| new->name = xstrdup(name); # 47| new->val = val; # 48|-> new->srcpos = srcpos_copy(srcpos); # 49| # 50| return new; Error: GCC_ANALYZER_WARNING (CWE-401): [#def45] dtc-1.7.2/livetree.c:98:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xmalloc(104)’ dtc-1.7.2/livetree.c:830:21: enter_function: entry to ‘build_root_node’ dtc-1.7.2/livetree.c:836:22: call_function: calling ‘build_and_name_child_node’ from ‘build_root_node’ # 96| new->proplist = reverse_properties(proplist); # 97| new->children = children; # 98|-> new->srcpos = srcpos_copy(srcpos); # 99| # 100| for_each_child(new, child) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def46] dtc-1.7.2/livetree.c:121:9: warning[-Wanalyzer-malloc-leak]: leak of ‘build_node(0, 0, 0)’ dtc-1.7.2/livetree.c:830:21: enter_function: entry to ‘build_root_node’ dtc-1.7.2/livetree.c:836:22: call_function: calling ‘build_and_name_child_node’ from ‘build_root_node’ # 119| struct node *name_node(struct node *node, const char *name) # 120| { # 121|-> assert(node->name == NULL); # 122| # 123| node->name = xstrdup(name); Error: CPPCHECK_WARNING (CWE-457): [#def47] dtc-1.7.2/pylibfdt/libfdt_wrap.c:872: warning[uninitvar]: Uninitialized variable: buff # 870| *r = 0; # 871| } # 872|-> return buff; # 873| } # 874| Error: CPPCHECK_WARNING (CWE-476): [#def48] dtc-1.7.2/pylibfdt/libfdt_wrap.c:1901: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: data # 1899| SwigPyClientData *data = (SwigPyClientData *)malloc(sizeof(SwigPyClientData)); # 1900| /* the klass element */ # 1901|-> data->klass = obj; # 1902| SWIG_Py_INCREF(data->klass); # 1903| /* the newraw method and newargs arguments used to create a new raw instance */ Error: CPPCHECK_WARNING (CWE-476): [#def49] dtc-1.7.2/pylibfdt/libfdt_wrap.c:1902: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: data # 1900| /* the klass element */ # 1901| data->klass = obj; # 1902|-> SWIG_Py_INCREF(data->klass); # 1903| /* the newraw method and newargs arguments used to create a new raw instance */ # 1904| if (PyClass_Check(obj)) { Error: GCC_ANALYZER_WARNING (CWE-404): [#def50] dtc-1.7.2/srcpos.c:301:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ dtc-1.7.2/srcpos.c:391:6: enter_function: entry to ‘srcpos_error’ dtc-1.7.2/srcpos.c:396:9: acquire_resource: ‘va_start’ called here dtc-1.7.2/srcpos.c:397:9: call_function: calling ‘srcpos_verror’ from ‘srcpos_error’ # 299| # 300| if (pos->first_line != pos->last_line) # 301|-> xasprintf(&pos_str, "%s:%d.%d-%d.%d", fname, # 302| pos->first_line, pos->first_column, # 303| pos->last_line, pos->last_column); Error: GCC_ANALYZER_WARNING (CWE-404): [#def51] dtc-1.7.2/srcpos.c:305:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ dtc-1.7.2/srcpos.c:391:6: enter_function: entry to ‘srcpos_error’ dtc-1.7.2/srcpos.c:396:9: acquire_resource: ‘va_start’ called here dtc-1.7.2/srcpos.c:397:9: call_function: calling ‘srcpos_verror’ from ‘srcpos_error’ # 303| pos->last_line, pos->last_column); # 304| else if (pos->first_column != pos->last_column) # 305|-> xasprintf(&pos_str, "%s:%d.%d-%d", fname, # 306| pos->first_line, pos->first_column, # 307| pos->last_column); Error: GCC_ANALYZER_WARNING (CWE-404): [#def52] dtc-1.7.2/srcpos.c:309:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ dtc-1.7.2/srcpos.c:391:6: enter_function: entry to ‘srcpos_error’ dtc-1.7.2/srcpos.c:396:9: acquire_resource: ‘va_start’ called here dtc-1.7.2/srcpos.c:397:9: call_function: calling ‘srcpos_verror’ from ‘srcpos_error’ # 307| pos->last_column); # 308| else # 309|-> xasprintf(&pos_str, "%s:%d.%d", fname, # 310| pos->first_line, pos->first_column); # 311| Error: GCC_ANALYZER_WARNING (CWE-401): [#def53] dtc-1.7.2/srcpos.c:349:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fname’ dtc-1.7.2/srcpos.c:372:7: enter_function: entry to ‘srcpos_string_last’ dtc-1.7.2/srcpos.c:374:16: call_function: calling ‘srcpos_string_comment’ from ‘srcpos_string_last’ # 347| pos->last_line, pos->last_column); # 348| else # 349|-> xasprintf(&first, "%s:%d", fname, # 350| first_line ? pos->first_line : pos->last_line); # 351| Error: GCC_ANALYZER_WARNING (CWE-401): [#def54] dtc-1.7.2/srcpos.c:349:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fresh_fname’ dtc-1.7.2/srcpos.c:316:1: enter_function: entry to ‘srcpos_string_comment’ dtc-1.7.2/srcpos.c:321:12: branch_false: following ‘false’ branch (when ‘pos’ is non-NULL)... dtc-1.7.2/srcpos.c:330:14: branch_false: ...to here dtc-1.7.2/srcpos.c:330:12: branch_false: following ‘false’ branch... dtc-1.7.2/srcpos.c:332:19: branch_false: ...to here dtc-1.7.2/srcpos.c:332:17: branch_false: following ‘false’ branch... dtc-1.7.2/srcpos.c:334:17: branch_false: ...to here dtc-1.7.2/srcpos.c:334:17: branch_false: following ‘false’ branch (when ‘level <= 1’)... dtc-1.7.2/srcpos.c:337:31: branch_false: ...to here dtc-1.7.2/srcpos.c:337:31: call_function: calling ‘shorten_to_initial_path’ from ‘srcpos_string_comment’ dtc-1.7.2/srcpos.c:337:31: return_function: returning to ‘srcpos_string_comment’ from ‘shorten_to_initial_path’ dtc-1.7.2/srcpos.c:338:20: branch_true: following ‘true’ branch... dtc-1.7.2/srcpos.c:344:12: branch_true: ...to here dtc-1.7.2/srcpos.c:344:12: branch_false: following ‘false’ branch (when ‘level <= 1’)... dtc-1.7.2/srcpos.c:349:17: branch_false: ...to here dtc-1.7.2/srcpos.c:349:17: throw: if ‘xasprintf’ throws an exception... dtc-1.7.2/srcpos.c:349:17: danger: ‘fresh_fname’ leaks here; was allocated at [(20)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/19) # 347| pos->last_line, pos->last_column); # 348| else # 349|-> xasprintf(&first, "%s:%d", fname, # 350| first_line ? pos->first_line : pos->last_line); # 351| Error: GCC_ANALYZER_WARNING (CWE-775): [#def55] dtc-1.7.2/util.c:294:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’ dtc-1.7.2/util.c:262:5: enter_function: entry to ‘utilfdt_read_err’ dtc-1.7.2/util.c:270:12: branch_true: following ‘true’ branch (when the strings are non-equal)... dtc-1.7.2/util.c:271:22: branch_true: ...to here dtc-1.7.2/util.c:271:22: acquire_resource: opened here dtc-1.7.2/util.c:272:20: branch_false: following ‘false’ branch... dtc-1.7.2/util.c:277:15: branch_false: ...to here dtc-1.7.2/util.c:277:15: call_function: calling ‘xmalloc’ from ‘utilfdt_read_err’ dtc-1.7.2/util.c:277:15: return_function: returning to ‘utilfdt_read_err’ from ‘xmalloc’ dtc-1.7.2/util.c:280:20: branch_false: following ‘false’ branch (when ‘bufsize != offset’)... dtc-1.7.2/util.c:285:23: branch_false: ...to here dtc-1.7.2/util.c:294:9: throw: if ‘close’ throws an exception... dtc-1.7.2/util.c:294:9: danger: ‘fd’ leaks here; was opened at [(4)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/3) # 292| # 293| /* Clean up, including closing stdin; return errno on error */ # 294|-> close(fd); # 295| if (ret) # 296| free(buf); Error: GCC_ANALYZER_WARNING (CWE-401): [#def56] dtc-1.7.2/util.c:294:9: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’ dtc-1.7.2/util.c:262:5: enter_function: entry to ‘utilfdt_read_err’ dtc-1.7.2/util.c:270:12: branch_false: following ‘false’ branch (when the strings are equal)... dtc-1.7.2/util.c:277:15: branch_false: ...to here dtc-1.7.2/util.c:277:15: call_function: calling ‘xmalloc’ from ‘utilfdt_read_err’ dtc-1.7.2/util.c:277:15: return_function: returning to ‘utilfdt_read_err’ from ‘xmalloc’ dtc-1.7.2/util.c:280:20: branch_false: following ‘false’ branch (when ‘bufsize != offset’)... dtc-1.7.2/util.c:285:23: branch_false: ...to here dtc-1.7.2/util.c:294:9: throw: if ‘close’ throws an exception... dtc-1.7.2/util.c:294:9: danger: ‘buf’ leaks here; was allocated at [(6)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/5) # 292| # 293| /* Clean up, including closing stdin; return errno on error */ # 294|-> close(fd); # 295| if (ret) # 296| free(buf);
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-231.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | dtc-1.7.2-7.fc44 |
| store-results-to | /tmp/tmpfl7g56wj/dtc-1.7.2-7.fc44.tar.xz |
| time-created | 2026-01-08 16:02:49 |
| time-finished | 2026-01-08 16:04:34 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpfl7g56wj/dtc-1.7.2-7.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpfl7g56wj/dtc-1.7.2-7.fc44.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |