Error: GCC_ANALYZER_WARNING (CWE-457): [#def1] flatpak-1.17.2/common/flatpak-docker-reference-private.h:18:1: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘docker_reference’ flatpak-1.17.2/common/flatpak-image-source.c:236:1: enter_function: entry to ‘flatpak_image_source_new_for_location’ flatpak-1.17.2/common/flatpak-image-source.c:240:6: branch_false: following ‘false’ branch (when ‘__result == 0’)... flatpak-1.17.2/common/flatpak-image-source.c:249:12: branch_false: ...to here flatpak-1.17.2/common/flatpak-image-source.c:249:11: branch_false: following ‘false’ branch (when ‘__result == 0’)... flatpak-1.17.2/common/flatpak-image-source.c:263:12: branch_false: ...to here flatpak-1.17.2/common/flatpak-image-source.c:263:11: branch_true: following ‘true’ branch (when ‘__result != 0’)... flatpak-1.17.2/common/flatpak-image-source.c:267:24: branch_true: ...to here flatpak-1.17.2/common/flatpak-image-source.c:270:12: branch_true: following ‘true’ branch (when ‘location’ is NULL)... flatpak-1.17.2/common/flatpak-image-source.c:270:12: branch_true: ...to here flatpak-1.17.2/common/flatpak-image-source.c:270:12: throw: if ‘g_str_has_prefix’ throws an exception... flatpak-1.17.2/common/flatpak-image-source.c:267:24: call_function: calling ‘g_autoptr_cleanup_generic_gfree’ from ‘flatpak_image_source_new_for_location’ flatpak-1.17.2/common/flatpak-image-source.c:266:41: call_function: inlined call to ‘glib_autoptr_cleanup_FlatpakDockerReference’ from ‘flatpak_image_source_new_for_location’ # 16| void flatpak_docker_reference_free (FlatpakDockerReference *reference); # 17| # 18|-> G_DEFINE_AUTOPTR_CLEANUP_FUNC(FlatpakDockerReference, flatpak_docker_reference_free); # 19| # 20| #endif /* __FLATPAK_DOCKER_REFERENCE_H__ */ Error: GCC_ANALYZER_WARNING (CWE-457): [#def2] flatpak-1.17.2/common/flatpak-docker-reference-private.h:18:1: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘reference’ flatpak-1.17.2/common/flatpak-docker-reference.c:65:1: enter_function: entry to ‘flatpak_docker_reference_parse’ flatpak-1.17.2/common/flatpak-docker-reference.c:69:19: call_function: calling ‘get_remainder_tag_and_digest_regex’ from ‘flatpak_docker_reference_parse’ flatpak-1.17.2/common/flatpak-docker-reference.c:68:37: call_function: inlined call to ‘glib_autoptr_cleanup_FlatpakDockerReference’ from ‘flatpak_docker_reference_parse’ # 16| void flatpak_docker_reference_free (FlatpakDockerReference *reference); # 17| # 18|-> G_DEFINE_AUTOPTR_CLEANUP_FUNC(FlatpakDockerReference, flatpak_docker_reference_free); # 19| # 20| #endif /* __FLATPAK_DOCKER_REFERENCE_H__ */ Error: GCC_ANALYZER_WARNING (CWE-457): [#def3] flatpak-1.17.2/common/flatpak-image-source-private.h:30:1: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘self’ flatpak-1.17.2/common/flatpak-image-source.c:236:1: enter_function: entry to ‘flatpak_image_source_new_for_location’ flatpak-1.17.2/common/flatpak-image-source.c:240:6: branch_false: following ‘false’ branch (when ‘__result == 0’)... flatpak-1.17.2/common/flatpak-image-source.c:249:12: branch_false: ...to here flatpak-1.17.2/common/flatpak-image-source.c:249:11: branch_false: following ‘false’ branch (when ‘__result == 0’)... flatpak-1.17.2/common/flatpak-image-source.c:263:12: branch_false: ...to here flatpak-1.17.2/common/flatpak-image-source.c:263:11: branch_true: following ‘true’ branch (when ‘__result != 0’)... flatpak-1.17.2/common/flatpak-image-source.c:267:24: branch_true: ...to here flatpak-1.17.2/common/flatpak-image-source.c:270:10: branch_false: following ‘false’ branch (when ‘__result != 0’)... flatpak-1.17.2/common/flatpak-image-source.c:276:26: branch_false: ...to here flatpak-1.17.2/common/flatpak-image-source.c:277:10: branch_false: following ‘false’ branch... flatpak-1.17.2/common/flatpak-image-source.c:280:18: branch_false: ...to here flatpak-1.17.2/common/flatpak-image-source.c:282:10: branch_false: following ‘false’ branch... flatpak-1.17.2/common/flatpak-image-source.c:285:20: branch_false: ...to here flatpak-1.17.2/common/flatpak-image-source.c:330:14: call_function: calling ‘flatpak_image_source_new’ from ‘flatpak_image_source_new_for_location’ # 28| # 29| #define FLATPAK_TYPE_IMAGE_SOURCE flatpak_image_source_get_type () # 30|-> G_DECLARE_FINAL_TYPE (FlatpakImageSource, # 31| flatpak_image_source, # 32| FLATPAK, IMAGE_SOURCE, Error: GCC_ANALYZER_WARNING (CWE-457): [#def4] flatpak-1.17.2/common/flatpak-installed-ref.h:52:1: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘installed_ref’ flatpak-1.17.2/portal/flatpak-portal.c:1945:1: enter_function: entry to ‘check_for_updates’ flatpak-1.17.2/portal/flatpak-portal.c:1963:18: call_function: calling ‘lookup_installation_for_path’ from ‘check_for_updates’ flatpak-1.17.2/portal/flatpak-portal.c:1963:18: return_function: returning to ‘check_for_updates’ from ‘lookup_installation_for_path’ flatpak-1.17.2/portal/flatpak-portal.c:1964:6: branch_true: following ‘true’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1966:7: branch_true: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1955:21: call_function: inlined call to ‘glib_autoptr_cleanup_GError’ from ‘check_for_updates’ flatpak-1.17.2/portal/flatpak-portal.c:1950:34: call_function: inlined call to ‘glib_autoptr_cleanup_FlatpakInstalledRef’ from ‘check_for_updates’ # 50| # 51| #ifdef G_DEFINE_AUTOPTR_CLEANUP_FUNC # 52|-> G_DEFINE_AUTOPTR_CLEANUP_FUNC (FlatpakInstalledRef, g_object_unref) # 53| #endif # 54| Error: GCC_ANALYZER_WARNING (CWE-457): [#def5] flatpak-1.17.2/common/flatpak-json-oci-private.h:257:1: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘signature’ flatpak-1.17.2/common/flatpak-oci-signatures.c:382:1: enter_function: entry to ‘flatpak_oci_signatures_verify’ flatpak-1.17.2/common/flatpak-oci-signatures.c:395:6: branch_false: following ‘false’ branch... flatpak-1.17.2/common/flatpak-oci-signatures.c:401:9: branch_false: ...to here flatpak-1.17.2/common/flatpak-oci-signatures.c:402:6: branch_false: following ‘false’ branch... flatpak-1.17.2/common/flatpak-oci-signatures.c:405:10: branch_false: ...to here flatpak-1.17.2/common/flatpak-oci-signatures.c:409:23: branch_false: following ‘false’ branch... flatpak-1.17.2/common/flatpak-oci-signatures.c:409:23: branch_false: ...to here flatpak-1.17.2/common/flatpak-oci-signatures.c:414:21: branch_true: following ‘true’ branch... flatpak-1.17.2/common/flatpak-oci-signatures.c:417:25: branch_true: ...to here flatpak-1.17.2/common/flatpak-oci-signatures.c:419:19: call_function: calling ‘flatpak_oci_verify_signature’ from ‘flatpak_oci_signatures_verify’ flatpak-1.17.2/common/flatpak-oci-signatures.c:419:19: return_function: returning to ‘flatpak_oci_signatures_verify’ from ‘flatpak_oci_verify_signature’ flatpak-1.17.2/common/flatpak-oci-signatures.c:423:10: branch_true: following ‘true’ branch... flatpak-1.17.2/common/flatpak-oci-signatures.c:425:11: branch_true: ...to here flatpak-1.17.2/common/flatpak-oci-signatures.c:425:11: throw: if ‘g_log’ throws an exception... flatpak-1.17.2/common/flatpak-oci-signatures.c:417:25: call_function: inlined call to ‘glib_autoptr_cleanup_GError’ from ‘flatpak_oci_signatures_verify’ flatpak-1.17.2/common/flatpak-oci-signatures.c:416:38: call_function: inlined call to ‘glib_autoptr_cleanup_FlatpakOciSignature’ from ‘flatpak_oci_signatures_verify’ # 255| # 256| #define FLATPAK_TYPE_OCI_SIGNATURE flatpak_oci_signature_get_type () # 257|-> G_DECLARE_FINAL_TYPE (FlatpakOciSignature, flatpak_oci_signature, FLATPAK, OCI_SIGNATURE, FlatpakJson) # 258| # 259| typedef struct Error: GCC_ANALYZER_WARNING (CWE-476): [#def6] flatpak-1.17.2/common/flatpak-oci-signatures.c:425:11: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘local_error’ flatpak-1.17.2/common/flatpak-oci-signatures.c:382:1: enter_function: entry to ‘flatpak_oci_signatures_verify’ flatpak-1.17.2/common/flatpak-oci-signatures.c:395:6: branch_false: following ‘false’ branch... flatpak-1.17.2/common/flatpak-oci-signatures.c:401:9: branch_false: ...to here flatpak-1.17.2/common/flatpak-oci-signatures.c:402:6: branch_false: following ‘false’ branch... flatpak-1.17.2/common/flatpak-oci-signatures.c:405:10: branch_false: ...to here flatpak-1.17.2/common/flatpak-oci-signatures.c:409:23: branch_false: following ‘false’ branch... flatpak-1.17.2/common/flatpak-oci-signatures.c:409:23: branch_false: ...to here flatpak-1.17.2/common/flatpak-oci-signatures.c:414:21: branch_true: following ‘true’ branch... flatpak-1.17.2/common/flatpak-oci-signatures.c:417:25: branch_true: ...to here flatpak-1.17.2/common/flatpak-oci-signatures.c:417:25: release_memory: ‘local_error’ is NULL flatpak-1.17.2/common/flatpak-oci-signatures.c:419:19: call_function: calling ‘flatpak_oci_verify_signature’ from ‘flatpak_oci_signatures_verify’ flatpak-1.17.2/common/flatpak-oci-signatures.c:419:19: return_function: returning to ‘flatpak_oci_signatures_verify’ from ‘flatpak_oci_verify_signature’ flatpak-1.17.2/common/flatpak-oci-signatures.c:423:10: branch_true: following ‘true’ branch... flatpak-1.17.2/common/flatpak-oci-signatures.c:425:11: branch_true: ...to here flatpak-1.17.2/common/flatpak-oci-signatures.c:425:11: release_memory: ‘local_error’ is NULL flatpak-1.17.2/common/flatpak-oci-signatures.c:425:11: danger: dereference of NULL ‘local_error’ # 423| if (signature == NULL) # 424| { # 425|-> g_info ("Couldn't verify signature: %s", local_error->message); # 426| continue; # 427| } Error: GCC_ANALYZER_WARNING (CWE-457): [#def7] flatpak-1.17.2/common/flatpak-remote-ref.h:59:1: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘remote_ref’ flatpak-1.17.2/portal/flatpak-portal.c:1945:1: enter_function: entry to ‘check_for_updates’ flatpak-1.17.2/portal/flatpak-portal.c:1959:23: call_function: calling ‘update_monitor_get_installation_path’ from ‘check_for_updates’ flatpak-1.17.2/portal/flatpak-portal.c:1955:21: call_function: inlined call to ‘glib_autoptr_cleanup_GError’ from ‘check_for_updates’ flatpak-1.17.2/portal/flatpak-portal.c:1951:31: call_function: inlined call to ‘glib_autoptr_cleanup_FlatpakRemoteRef’ from ‘check_for_updates’ # 57| # 58| #ifdef G_DEFINE_AUTOPTR_CLEANUP_FUNC # 59|-> G_DEFINE_AUTOPTR_CLEANUP_FUNC (FlatpakRemoteRef, g_object_unref) # 60| #endif # 61| Error: GCC_ANALYZER_WARNING (CWE-465): [#def8] flatpak-1.17.2/portal/flatpak-portal.c:1531:6: warning[-Wanalyzer-deref-before-check]: check of ‘arg_cwd_path’ for NULL after already dereferencing it flatpak-1.17.2/portal/flatpak-portal.c:746:1: enter_function: entry to ‘handle_spawn’ flatpak-1.17.2/portal/flatpak-portal.c:808:6: branch_false: following ‘false’ branch (when ‘fd_list’ is NULL)... flatpak-1.17.2/portal/flatpak-portal.c:811:14: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:812:3: branch_true: following ‘true’ branch... flatpak-1.17.2/portal/flatpak-portal.c:814:12: branch_true: ...to here flatpak-1.17.2/portal/flatpak-portal.c:817:3: branch_true: following ‘true’ branch... flatpak-1.17.2/portal/flatpak-portal.c:819:3: branch_true: ...to here flatpak-1.17.2/portal/flatpak-portal.c:830:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:838:7: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:838:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:841:6: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:841:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:849:6: branch_false: following ‘false’ branch (when ‘arg_flags <= 511’)... flatpak-1.17.2/portal/flatpak-portal.c:856:6: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:856:6: branch_false: following ‘false’ branch (when ‘testing == 0’)... flatpak-1.17.2/portal/flatpak-portal.c:859:19: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:863:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:870:19: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:910:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:917:6: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:973:6: branch_false: following ‘false’ branch (when ‘fds’ is NULL)... flatpak-1.17.2/portal/flatpak-portal.c:976:12: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:979:15: branch_false: following ‘false’ branch (when ‘i >= n_fds’)... flatpak-1.17.2/portal/flatpak-portal.c:1017:6: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1017:6: branch_false: following ‘false’ branch (when ‘testing == 0’)... flatpak-1.17.2/portal/flatpak-portal.c:1023:21: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1028:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1036:14: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1037:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1045:18: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1046:36: call_function: inlined call to ‘g_strdup_inline’ from ‘handle_spawn’ flatpak-1.17.2/portal/flatpak-portal.c:1097:6: branch_true: following ‘true’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1099:38: call_function: inlined call to ‘g_strdup_inline’ from ‘handle_spawn’ flatpak-1.17.2/portal/flatpak-portal.c:1162:10: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1207:12: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1208:15: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1236:7: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1319:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1346:6: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1358:6: branch_true: following ‘true’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1358:6: branch_true: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1362:26: call_function: calling ‘filesystem_sandbox_arg’ from ‘handle_spawn’ flatpak-1.17.2/portal/flatpak-portal.c:1362:26: return_function: returning to ‘handle_spawn’ from ‘filesystem_sandbox_arg’ flatpak-1.17.2/portal/flatpak-portal.c:1374:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1411:6: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1411:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1448:15: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1450:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1486:11: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1486:11: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1491:6: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1491:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1520:34: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1531:6: danger: pointer ‘arg_cwd_path’ is checked for NULL here but it was already dereferenced at [(10)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/9) # 1529| } # 1530| # 1531|-> if (arg_cwd_path != NULL) # 1532| g_ptr_array_add (flatpak_argv, g_strdup_printf ("--cwd=%s", arg_cwd_path)); # 1533| Error: GCC_ANALYZER_WARNING (CWE-775): [#def9] flatpak-1.17.2/portal/flatpak-portal.c:1632:1: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipe_fds[0]’ flatpak-1.17.2/portal/flatpak-portal.c:746:1: enter_function: entry to ‘handle_spawn’ flatpak-1.17.2/portal/flatpak-portal.c:812:3: branch_true: following ‘true’ branch... flatpak-1.17.2/portal/flatpak-portal.c:814:12: branch_true: ...to here flatpak-1.17.2/portal/flatpak-portal.c:817:3: branch_true: following ‘true’ branch... flatpak-1.17.2/portal/flatpak-portal.c:819:3: branch_true: ...to here flatpak-1.17.2/portal/flatpak-portal.c:830:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:838:7: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:841:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:849:6: branch_false: following ‘false’ branch (when ‘arg_flags <= 511’)... flatpak-1.17.2/portal/flatpak-portal.c:856:6: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:856:6: branch_false: following ‘false’ branch (when ‘testing == 0’)... flatpak-1.17.2/portal/flatpak-portal.c:859:19: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:863:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:870:19: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:910:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:917:6: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:973:6: branch_false: following ‘false’ branch (when ‘fds’ is NULL)... flatpak-1.17.2/portal/flatpak-portal.c:976:12: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:979:15: branch_false: following ‘false’ branch (when ‘i >= n_fds’)... flatpak-1.17.2/portal/flatpak-portal.c:1017:6: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1017:6: branch_false: following ‘false’ branch (when ‘testing == 0’)... flatpak-1.17.2/portal/flatpak-portal.c:1023:21: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1028:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1036:14: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1037:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1045:18: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1046:36: call_function: inlined call to ‘g_strdup_inline’ from ‘handle_spawn’ flatpak-1.17.2/portal/flatpak-portal.c:1097:6: branch_true: following ‘true’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1099:38: call_function: inlined call to ‘g_strdup_inline’ from ‘handle_spawn’ flatpak-1.17.2/portal/flatpak-portal.c:1162:10: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1207:12: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1208:15: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1236:7: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1319:6: branch_true: following ‘true’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1322:11: branch_true: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1322:10: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1332:33: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1332:33: throw: if ‘g_unix_input_stream_new’ throws an exception... flatpak-1.17.2/portal/flatpak-portal.c:1632:1: danger: ‘pipe_fds[0]’ leaks here # 1630| portal_flatpak_complete_spawn (object, invocation, NULL, pid); # 1631| return G_DBUS_METHOD_INVOCATION_HANDLED; # 1632|-> } # 1633| # 1634| static gboolean Error: GCC_ANALYZER_WARNING (CWE-775): [#def10] flatpak-1.17.2/portal/flatpak-portal.c:1632:1: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipe_fds[1]’ flatpak-1.17.2/portal/flatpak-portal.c:746:1: enter_function: entry to ‘handle_spawn’ flatpak-1.17.2/portal/flatpak-portal.c:812:3: branch_true: following ‘true’ branch... flatpak-1.17.2/portal/flatpak-portal.c:814:12: branch_true: ...to here flatpak-1.17.2/portal/flatpak-portal.c:817:3: branch_true: following ‘true’ branch... flatpak-1.17.2/portal/flatpak-portal.c:819:3: branch_true: ...to here flatpak-1.17.2/portal/flatpak-portal.c:830:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:838:7: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:841:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:849:6: branch_false: following ‘false’ branch (when ‘arg_flags <= 511’)... flatpak-1.17.2/portal/flatpak-portal.c:856:6: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:856:6: branch_false: following ‘false’ branch (when ‘testing == 0’)... flatpak-1.17.2/portal/flatpak-portal.c:859:19: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:863:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:870:19: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:910:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:917:6: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:973:6: branch_false: following ‘false’ branch (when ‘fds’ is NULL)... flatpak-1.17.2/portal/flatpak-portal.c:976:12: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:979:15: branch_false: following ‘false’ branch (when ‘i >= n_fds’)... flatpak-1.17.2/portal/flatpak-portal.c:1017:6: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1017:6: branch_false: following ‘false’ branch (when ‘testing == 0’)... flatpak-1.17.2/portal/flatpak-portal.c:1023:21: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1028:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1036:14: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1037:6: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1045:18: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1046:36: call_function: inlined call to ‘g_strdup_inline’ from ‘handle_spawn’ flatpak-1.17.2/portal/flatpak-portal.c:1097:6: branch_true: following ‘true’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1099:38: call_function: inlined call to ‘g_strdup_inline’ from ‘handle_spawn’ flatpak-1.17.2/portal/flatpak-portal.c:1162:10: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1207:12: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1208:15: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1236:7: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1319:6: branch_true: following ‘true’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1322:11: branch_true: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1322:10: branch_false: following ‘false’ branch... flatpak-1.17.2/portal/flatpak-portal.c:1332:33: branch_false: ...to here flatpak-1.17.2/portal/flatpak-portal.c:1332:33: throw: if ‘g_unix_input_stream_new’ throws an exception... flatpak-1.17.2/portal/flatpak-portal.c:1632:1: danger: ‘pipe_fds[1]’ leaks here # 1630| portal_flatpak_complete_spawn (object, invocation, NULL, pid); # 1631| return G_DBUS_METHOD_INVOCATION_HANDLED; # 1632|-> } # 1633| # 1634| static gboolean Error: GCC_ANALYZER_WARNING (CWE-457): [#def11] flatpak-1.17.2/redhat-linux-build/portal/flatpak-portal-dbus.h:512:1: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘monitor’ flatpak-1.17.2/portal/flatpak-portal.c:2139:1: enter_function: entry to ‘handle_create_update_monitor’ flatpak-1.17.2/portal/flatpak-portal.c:2170:52: call_function: calling ‘create_update_monitor’ from ‘handle_create_update_monitor’ flatpak-1.17.2/portal/flatpak-portal.c:2170:52: return_function: returning to ‘handle_create_update_monitor’ from ‘create_update_monitor’ flatpak-1.17.2/portal/flatpak-portal.c:2171:6: branch_true: following ‘true’ branch... flatpak-1.17.2/portal/flatpak-portal.c:2173:7: branch_true: ...to here flatpak-1.17.2/portal/flatpak-portal.c:2148:20: call_function: calling ‘g_autoptr_cleanup_generic_gfree’ from ‘handle_create_update_monitor’ flatpak-1.17.2/portal/flatpak-portal.c:2147:20: call_function: calling ‘g_autoptr_cleanup_generic_gfree’ from ‘handle_create_update_monitor’ flatpak-1.17.2/portal/flatpak-portal.c:2146:20: call_function: calling ‘g_autoptr_cleanup_generic_gfree’ from ‘handle_create_update_monitor’ flatpak-1.17.2/portal/flatpak-portal.c:2144:49: call_function: inlined call to ‘glib_autoptr_cleanup_PortalFlatpakUpdateMonitorSkeleton’ from ‘handle_create_update_monitor’ # 510| # 511| #if GLIB_CHECK_VERSION(2, 44, 0) # 512|-> G_DEFINE_AUTOPTR_CLEANUP_FUNC (PortalFlatpakUpdateMonitorSkeleton, g_object_unref) # 513| #endif # 514|
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.92.0 |
| diffbase-analyzer-version-cppcheck | 2.19.1 |
| diffbase-analyzer-version-gcc | 16.0.0 |
| diffbase-analyzer-version-gcc-analyzer | 16.0.0 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-136.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | flatpak-1.16.1-1.fc43 |
| diffbase-store-results-to | /tmp/tmpzftwbftc/flatpak-1.16.1-1.fc43.tar.xz |
| diffbase-time-created | 2026-01-08 16:21:48 |
| diffbase-time-finished | 2026-01-08 16:26:22 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpzftwbftc/flatpak-1.16.1-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpzftwbftc/flatpak-1.16.1-1.fc43.src.rpm' |
| diffbase-tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-136.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | flatpak-1.17.2-1.fc44 |
| store-results-to | /tmp/tmpu65bgz7j/flatpak-1.17.2-1.fc44.tar.xz |
| time-created | 2026-01-08 16:26:56 |
| time-finished | 2026-01-08 16:31:08 |
| title | Newly introduced findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpu65bgz7j/flatpak-1.17.2-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpu65bgz7j/flatpak-1.17.2-1.fc44.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |