Newly introduced findings

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1]
freetype-2.14.1/ft2demos-2.14.1/src/ftdiff.c:334:15: warning[-Wanalyzer-malloc-leak]: leak of ‘faces’
freetype-2.14.1/ft2demos-2.14.1/src/ftdiff.c:1341:3: enter_function: entry to ‘main’
freetype-2.14.1/ft2demos-2.14.1/src/ftdiff.c:1362:8: branch_false: following ‘false’ branch...
freetype-2.14.1/ft2demos-2.14.1/src/ftdiff.c:1362:8: branch_false: ...to here
freetype-2.14.1/ft2demos-2.14.1/src/ftdiff.c:1416:8: branch_false: following ‘false’ branch (when ‘argc > 0’)...
freetype-2.14.1/ft2demos-2.14.1/src/ftdiff.c:1420:8: branch_false: ...to here
freetype-2.14.1/ft2demos-2.14.1/src/ftdiff.c:1420:8: branch_false: following ‘false’ branch (when ‘textfile’ is NULL)...
freetype-2.14.1/ft2demos-2.14.1/src/ftdiff.c:1459:10: branch_false: ...to here
freetype-2.14.1/ft2demos-2.14.1/src/ftdiff.c:1459:8: branch_false: following ‘false’ branch...
freetype-2.14.1/ft2demos-2.14.1/src/ftdiff.c:1465:5: branch_false: ...to here
freetype-2.14.1/ft2demos-2.14.1/src/ftdiff.c:1471:8: branch_false: following ‘false’ branch (when ‘resolution <= 0’)...
freetype-2.14.1/ft2demos-2.14.1/src/ftdiff.c:1474:8: branch_false: ...to here
freetype-2.14.1/ft2demos-2.14.1/src/ftdiff.c:1477:5: call_function: calling ‘render_state_set_files’ from ‘main’
#  332|   
#  333|   
#  334|->       error = FT_New_Face( state->library, files[0], -1, &face );
#  335|         if ( error )
#  336|         {

Error: CPPCHECK_WARNING (CWE-758): [#def2]
freetype-2.14.1/include/freetype/internal/ftcalc.h:97: error[shiftTooManyBitsSigned]: Shifting signed 64-bit value by 63 bits is undefined behaviour
#   95|   
#   96|   
#   97|->     ab = ADD_INT64( ab, 0x8000 + ( ab >> 63 ) );  /* rounding phase */
#   98|   
#   99|       return (FT_Long)( ab >> 16 );

Error: GCC_ANALYZER_WARNING (CWE-476): [#def3]
freetype-2.14.1/src/base/ftobjs.c:5114:5: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
freetype-2.14.1/src/base/ftobjs.c:5061:3: enter_function: entry to 'FT_Add_Module'
freetype-2.14.1/src/base/ftobjs.c:5073:8: branch_false: following 'false' branch (when 'library' is non-NULL)...
freetype-2.14.1/src/base/ftobjs.c:5076:8: branch_false: ...to here
freetype-2.14.1/src/base/ftobjs.c:5076:8: branch_false: following 'false' branch (when 'clazz' is non-NULL)...
freetype-2.14.1/src/base/ftobjs.c:5080:10: branch_false: ...to here
freetype-2.14.1/src/base/ftobjs.c:5080:8: branch_false: following 'false' branch...
freetype-2.14.1/src/base/ftobjs.c:5080:8: branch_false: ...to here
freetype-2.14.1/src/base/ftobjs.c:5103:8: branch_false: following 'false' branch...
freetype-2.14.1/src/base/ftobjs.c:5110:10: branch_false: ...to here
freetype-2.14.1/src/base/ftobjs.c:5110:10: call_function: calling 'ft_mem_alloc' from 'FT_Add_Module'
freetype-2.14.1/src/base/ftobjs.c:5110:10: return_function: returning to 'FT_Add_Module' from 'ft_mem_alloc'
freetype-2.14.1/src/base/ftobjs.c:5110:8: branch_false: following 'false' branch...
freetype-2.14.1/src/base/ftobjs.c:5114:5: branch_false: ...to here
freetype-2.14.1/src/base/ftobjs.c:5114:5: danger: dereference of NULL 'ft_mem_alloc(memory, *clazz.module_size, & error)'
# 5112|   
# 5113|       /* base initialization */
# 5114|->     module->clazz   = clazz;
# 5115|       module->library = library;
# 5116|       module->memory  = memory;

Error: COMPILER_WARNING: [#def4]
freetype-2.14.1/src/tools/apinames.c:25: included_from: Included from here.
freetype-2.14.1/src/tools/vms_shorten_symbol.c: scope_hint: In function ‘vms_shorten_symbol’
freetype-2.14.1/src/tools/vms_shorten_symbol.c:188:5: warning[-Wstringop-truncation]: ‘__strncpy_chk’ output truncated before terminating nul copying as many bytes from a string as its length
#  188 |     strncpy(symbol, input_symbol, symlen);
#      |     ^
freetype-2.14.1/src/tools/vms_shorten_symbol.c:183:14: note: length computed here
#  183 |     symlen = strlen(input_symbol);
#      |              ^~~~~~~~~~~~~~~~~~~~
#  186|           return -1;
#  187|   
#  188|->     strncpy(symbol, input_symbol, symlen);
#  189|       symbol[symlen] = '\0';
#  190|   

Error: CPPCHECK_WARNING (CWE-758): [#def5]
freetype-2.14.1/src/truetype/ttinterp.c:1048: error[shiftTooManyBitsSigned]: Shifting signed 64-bit value by 63 bits is undefined behaviour
# 1046|   
# 1047|   
# 1048|->     ab = ADD_INT64( ab, 0x2000 + ( ab >> 63 ) );  /* rounding phase */
# 1049|   
# 1050|       return (FT_F26Dot6)( ab >> 14 );

Error: CPPCHECK_WARNING (CWE-758): [#def6]
freetype-2.14.1/src/truetype/ttinterp.c:1200: error[shiftTooManyBitsSigned]: Shifting signed 64-bit value by 63 bits is undefined behaviour
# 1198|   
# 1199|   
# 1200|->     c = ADD_INT64( c, 0x2000 + ( c >> 63 ) );  /* rounding phase */
# 1201|   
# 1202|       return (FT_F26Dot6)( c >> 14 );

Scan Properties

analyzer-version-clippy	1.92.0
analyzer-version-cppcheck	2.19.1
analyzer-version-gcc	16.0.0
analyzer-version-gcc-analyzer	16.0.0
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.92.0
diffbase-analyzer-version-cppcheck	2.19.1
diffbase-analyzer-version-gcc	16.0.0
diffbase-analyzer-version-gcc-analyzer	16.0.0
diffbase-analyzer-version-shellcheck	0.11.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-171.us-west-2.compute.internal
diffbase-known-false-positives	/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
diffbase-mock-config	fedora-rawhide-x86_64
diffbase-project-name	freetype-2.13.3-3.fc43
diffbase-store-results-to	/tmp/tmpeyzmte5h/freetype-2.13.3-3.fc43.tar.xz
diffbase-time-created	2026-01-08 16:10:12
diffbase-time-finished	2026-01-08 16:13:09
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpeyzmte5h/freetype-2.13.3-3.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpeyzmte5h/freetype-2.13.3-3.fc43.src.rpm'
diffbase-tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-171.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	freetype-2.14.1-1.fc44
store-results-to	/tmp/tmps104nlfc/freetype-2.14.1-1.fc44.tar.xz
time-created	2026-01-08 16:13:36
time-finished	2026-01-08 16:16:10
title	Newly introduced findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmps104nlfc/freetype-2.14.1-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmps104nlfc/freetype-2.14.1-1.fc44.src.rpm'
tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9