Error: SHELLCHECK_WARNING (CWE-561): [#def1] /usr/libexec/git-core/git-gui:10:2: warning[SC2093]: Remove "exec " if script should continue after this command. # 8| fi; \ # 9| argv0=$0; \ # 10|-> exec 'wish' "$argv0" -- "$@" # 11| # 12| set appvers {0.21.0.252.g7ef77e} Error: SHELLCHECK_WARNING (CWE-456): [#def2] /usr/libexec/git-core/git-gui:12:5: warning[SC2121]: To assign a variable, use just 'var=value', no 'set ..'. # 10| exec 'wish' "$argv0" -- "$@" # 11| # 12|-> set appvers {0.21.0.252.g7ef77e} # 13| set copyright [string map [list (c) \u00a9] { # 14| Copyright (c) 2006-2010 Shawn Pearce, et. al. Error: SHELLCHECK_WARNING (CWE-569): [#def3] /usr/libexec/git-core/git-gui:12:13: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it. # 10| exec 'wish' "$argv0" -- "$@" # 11| # 12|-> set appvers {0.21.0.252.g7ef77e} # 13| set copyright [string map [list (c) \u00a9] { # 14| Copyright (c) 2006-2010 Shawn Pearce, et. al. Error: SHELLCHECK_WARNING (CWE-569): [#def4] /usr/libexec/git-core/git-gui:12:32: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it. # 10| exec 'wish' "$argv0" -- "$@" # 11| # 12|-> set appvers {0.21.0.252.g7ef77e} # 13| set copyright [string map [list (c) \u00a9] { # 14| Copyright (c) 2006-2010 Shawn Pearce, et. al. Error: SHELLCHECK_WARNING: [#def5] /usr/libexec/git-core/git-gui--askyesno:15:5: error[SC1054]: You need a space after the '{'. # 13| set NS {} # 14| set use_ttk [package vsatisfies [package provide Tk] 8.5] # 15|-> if {$use_ttk} { # 16| set NS ttk # 17| } Error: SHELLCHECK_WARNING (CWE-569): [#def6] /usr/libexec/git-core/git-gui--askyesno:15:13: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it. # 13| set NS {} # 14| set use_ttk [package vsatisfies [package provide Tk] 8.5] # 15|-> if {$use_ttk} { # 16| set NS ttk # 17| } Error: SHELLCHECK_WARNING (CWE-569): [#def7] /usr/libexec/git-core/git-gui--askyesno:15:15: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it. # 13| set NS {} # 14| set use_ttk [package vsatisfies [package provide Tk] 8.5] # 15|-> if {$use_ttk} { # 16| set NS ttk # 17| } Error: SHELLCHECK_WARNING: [#def8] /usr/libexec/git-core/git-gui--askyesno:20:1: error[SC1049]: Did you forget the 'then' for this 'if'? # 18| # 19| set title "Question?" # 20|-> if {$argc < 1} { # 21| puts stderr "Usage: $argv0 <question>" # 22| exit 1 Error: SHELLCHECK_WARNING (CWE-398): [#def9] /usr/libexec/git-core/git-gui--askyesno:20:1: error[SC1073]: Couldn't parse this if expression. Fix to allow more checks. # 18| # 19| set title "Question?" # 20|-> if {$argc < 1} { # 21| puts stderr "Usage: $argv0 <question>" # 22| exit 1 Error: SHELLCHECK_WARNING: [#def10] /usr/libexec/git-core/git-gui--askyesno:20:5: error[SC1054]: You need a space after the '{'. # 18| # 19| set title "Question?" # 20|-> if {$argc < 1} { # 21| puts stderr "Usage: $argv0 <question>" # 22| exit 1 Error: SHELLCHECK_WARNING (CWE-569): [#def11] /usr/libexec/git-core/git-gui--askyesno:20:14: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it. # 18| # 19| set title "Question?" # 20|-> if {$argc < 1} { # 21| puts stderr "Usage: $argv0 <question>" # 22| exit 1 Error: SHELLCHECK_WARNING (CWE-569): [#def12] /usr/libexec/git-core/git-gui--askyesno:20:16: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it. # 18| # 19| set title "Question?" # 20|-> if {$argc < 1} { # 21| puts stderr "Usage: $argv0 <question>" # 22| exit 1 Error: SHELLCHECK_WARNING: [#def13] /usr/libexec/git-core/git-gui--askyesno:23:3: error[SC1050]: Expected 'then'. # 21| puts stderr "Usage: $argv0 <question>" # 22| exit 1 # 23|-> } else { # 24| if {$argc > 2 && [lindex $argv 0] == "--title"} { # 25| set title [lindex $argv 1] Error: SHELLCHECK_WARNING (CWE-398): [#def14] /usr/libexec/git-core/git-gui--askyesno:23:8: error[SC1072]: Unexpected . Fix any mentioned problems and try again. # 21| puts stderr "Usage: $argv0 <question>" # 22| exit 1 # 23|-> } else { # 24| if {$argc > 2 && [lindex $argv 0] == "--title"} { # 25| set title [lindex $argv 1] Error: GCC_ANALYZER_WARNING (CWE-401): [#def15] git-2.52.0/builtin/gc.c:474:26: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(repo_git_path(the_repository, "objects/17"))’ git-2.52.0/builtin/gc.c:469:15: acquire_memory: allocated here git-2.52.0/builtin/gc.c:471:12: branch_false: following ‘false’ branch... git-2.52.0/builtin/gc.c:474:26: branch_false: ...to here git-2.52.0/builtin/gc.c:475:23: throw: if ‘readdir’ throws an exception... git-2.52.0/builtin/gc.c:474:26: danger: ‘opendir(repo_git_path(the_repository, "objects/17"))’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0) # 472| return 0; # 473| # 474|-> auto_threshold = DIV_ROUND_UP(limit, 256); # 475| while ((ent = readdir(dir)) != NULL) { # 476| if (strspn(ent->d_name, "0123456789abcdef") != hexsz_loose || Error: GCC_ANALYZER_WARNING (CWE-404): [#def16] git-2.52.0/builtin/repo.c:213:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ git-2.52.0/builtin/repo.c:229:13: enter_function: entry to ‘stats_table_addf’ git-2.52.0/builtin/repo.c:233:9: acquire_resource: ‘va_start’ called here git-2.52.0/builtin/repo.c:234:9: call_function: calling ‘stats_table_vaddf’ from ‘stats_table_addf’ # 211| int name_width; # 212| # 213|-> strbuf_vaddf(&buf, format, ap); # 214| formatted_name = strbuf_detach(&buf, NULL); # 215| name_width = utf8_strwidth(formatted_name); Error: COMPILER_WARNING (CWE-704): [#def17] git-2.52.0/fsck.c:1071:21: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type # 1071 | eol = memchr(buffer, '\n', buffer_end - buffer); # | ^ # 1069| # 1070| if (buffer < buffer_end && (skip_prefix(buffer, "gpgsig ", &buffer) || skip_prefix(buffer, "gpgsig-sha256 ", &buffer))) { # 1071|-> eol = memchr(buffer, '\n', buffer_end - buffer); # 1072| if (!eol) { # 1073| ret = report(options, oid, OBJ_TAG, FSCK_MSG_BAD_GPGSIG, "invalid format - unexpected end after 'gpgsig' or 'gpgsig-sha256' line"); Error: COMPILER_WARNING (CWE-704): [#def18] git-2.52.0/fsck.c:1071:21: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type # 1069| # 1070| if (buffer < buffer_end && (skip_prefix(buffer, "gpgsig ", &buffer) || skip_prefix(buffer, "gpgsig-sha256 ", &buffer))) { # 1071|-> eol = memchr(buffer, '\n', buffer_end - buffer); # 1072| if (!eol) { # 1073| ret = report(options, oid, OBJ_TAG, FSCK_MSG_BAD_GPGSIG, "invalid format - unexpected end after 'gpgsig' or 'gpgsig-sha256' line"); Error: COMPILER_WARNING (CWE-704): [#def19] git-2.52.0/fsck.c:1079:29: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type # 1079 | eol = memchr(buffer, '\n', buffer_end - buffer); # | ^ # 1077| # 1078| while (buffer < buffer_end && starts_with(buffer, " ")) { # 1079|-> eol = memchr(buffer, '\n', buffer_end - buffer); # 1080| if (!eol) { # 1081| ret = report(options, oid, OBJ_TAG, FSCK_MSG_BAD_HEADER_CONTINUATION, "invalid format - unexpected end in 'gpgsig' or 'gpgsig-sha256' continuation line"); Error: COMPILER_WARNING (CWE-704): [#def20] git-2.52.0/fsck.c:1079:29: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type # 1077| # 1078| while (buffer < buffer_end && starts_with(buffer, " ")) { # 1079|-> eol = memchr(buffer, '\n', buffer_end - buffer); # 1080| if (!eol) { # 1081| ret = report(options, oid, OBJ_TAG, FSCK_MSG_BAD_HEADER_CONTINUATION, "invalid format - unexpected end in 'gpgsig' or 'gpgsig-sha256' continuation line"); Error: GCC_ANALYZER_WARNING (CWE-775): [#def21] git-2.52.0/object-file.c:1612:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(path, 0)’ git-2.52.0/object-file.c:1637:5: enter_function: entry to ‘index_path’ git-2.52.0/object-file.c:1646:22: acquire_resource: opened here git-2.52.0/object-file.c:1647:20: branch_false: following ‘false’ branch... git-2.52.0/object-file.c:1649:21: branch_false: ...to here git-2.52.0/object-file.c:1649:21: call_function: calling ‘index_fd’ from ‘index_path’ # 1610| * die() for large files. # 1611| */ # 1612|-> if (type == OBJ_BLOB && path && would_convert_to_git_filter_fd(istate, path)) { # 1613| ret = index_stream_convert_blob(istate, oid, fd, path, flags); # 1614| } else if (!S_ISREG(st->st_mode)) { Error: COMPILER_WARNING (CWE-704): [#def22] git-2.52.0/string-list.c: scope_hint: In function ‘split_string’ git-2.52.0/string-list.c:341:29: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type # 341 | end = strpbrk(p, delim); # | ^ # 339| end = NULL; # 340| else # 341|-> end = strpbrk(p, delim); # 342| # 343| count += append_one(list, p, end, in_place, flags); Error: COMPILER_WARNING (CWE-704): [#def23] git-2.52.0/string-list.c:341:29: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type # 339| end = NULL; # 340| else # 341|-> end = strpbrk(p, delim); # 342| # 343| count += append_one(list, p, end, in_place, flags); Error: GCC_ANALYZER_WARNING (CWE-401): [#def24] git-2.52.0/t/unit-tests/clar/clar/fs.h:486:21: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(path)’ git-2.52.0/t/unit-tests/clar/clar/sandbox.h:121:13: enter_function: entry to ‘clar_tempdir_shutdown’ git-2.52.0/t/unit-tests/clar/clar/sandbox.h:126:9: call_function: inlined call to ‘clar__assert’ from ‘clar_tempdir_shutdown’ git-2.52.0/t/unit-tests/clar/clar/sandbox.h:128:9: branch_true: ...to here git-2.52.0/t/unit-tests/clar/clar/sandbox.h:128:9: call_function: calling ‘fs_rm’ from ‘clar_tempdir_shutdown’ # 484| # 485| errno = 0; # 486|-> d = readdir(dir); # 487| if (!d) # 488| break;
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.92.0 |
| diffbase-analyzer-version-cppcheck | 2.19.1 |
| diffbase-analyzer-version-gcc | 16.0.0 |
| diffbase-analyzer-version-gcc-analyzer | 16.0.0 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-153.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | git-2.51.0-2.fc43 |
| diffbase-store-results-to | /tmp/tmp0brepch9/git-2.51.0-2.fc43.tar.xz |
| diffbase-time-created | 2026-01-08 16:18:13 |
| diffbase-time-finished | 2026-01-08 16:24:40 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmp0brepch9/git-2.51.0-2.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp0brepch9/git-2.51.0-2.fc43.src.rpm' |
| diffbase-tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-153.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | git-2.52.0-1.fc44 |
| store-results-to | /tmp/tmpsvbi0g_j/git-2.52.0-1.fc44.tar.xz |
| time-created | 2026-01-08 16:25:04 |
| time-finished | 2026-01-08 16:30:59 |
| title | Newly introduced findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpsvbi0g_j/git-2.52.0-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpsvbi0g_j/git-2.52.0-1.fc44.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |