Error: SHELLCHECK_WARNING (CWE-561): [#def1] /usr/libexec/git-core/git-gui:10:2: warning[SC2093]: Remove "exec " if script should continue after this command. # 8| fi; \ # 9| argv0=$0; \ # 10|-> exec 'wish8' "$argv0" -- "$@" # 11| # 12| set appvers {0.21.GITGUI} Error: SHELLCHECK_WARNING (CWE-456): [#def2] /usr/libexec/git-core/git-gui:12:5: warning[SC2121]: To assign a variable, use just 'var=value', no 'set ..'. # 10| exec 'wish8' "$argv0" -- "$@" # 11| # 12|-> set appvers {0.21.GITGUI} # 13| set copyright [string map [list (c) \u00a9] { # 14| Copyright (c) 2006-2010 Shawn Pearce, et. al. Error: SHELLCHECK_WARNING (CWE-569): [#def3] /usr/libexec/git-core/git-gui:12:13: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it. # 10| exec 'wish8' "$argv0" -- "$@" # 11| # 12|-> set appvers {0.21.GITGUI} # 13| set copyright [string map [list (c) \u00a9] { # 14| Copyright (c) 2006-2010 Shawn Pearce, et. al. Error: SHELLCHECK_WARNING (CWE-569): [#def4] /usr/libexec/git-core/git-gui:12:25: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it. # 10| exec 'wish8' "$argv0" -- "$@" # 11| # 12|-> set appvers {0.21.GITGUI} # 13| set copyright [string map [list (c) \u00a9] { # 14| Copyright (c) 2006-2010 Shawn Pearce, et. al. Error: SHELLCHECK_WARNING: [#def5] /usr/libexec/git-core/git-subtree:807:2: warning[SC3043]: In POSIX sh, 'local' is undefined. # 805| process_split_commit () { # 806| assert test $# = 2 # 807|-> local rev="$1" # 808| local parents="$2" # 809| Error: GCC_ANALYZER_WARNING (CWE-476): [#def6] git-2.51.0/builtin/clean.c:540:30: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ git-2.51.0/builtin/clean.c:499:33: branch_true: following ‘true’ branch... git-2.51.0/builtin/clean.c:505:17: branch_true: ...to here git-2.51.0/builtin/clean.c:519:36: branch_true: following ‘true’ branch (when ‘is_range == 0’)... git-2.51.0/builtin/clean.c:517:43: branch_true: ...to here git-2.51.0/builtin/clean.c:540:30: danger: dereference of NULL ‘strchr(**ptr_41.buf, 45)’ # 538| bottom = atoi((*ptr)->buf); # 539| /* a range can be specified like 5-7 or 5- */ # 540|-> if (!*(strchr((*ptr)->buf, '-') + 1)) # 541| top = menu_stuff->nr; # 542| else Error: GCC_ANALYZER_WARNING (CWE-401): [#def7] git-2.51.0/builtin/gc.c:472:26: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(repo_git_path(the_repository, "objects/17"))’ git-2.51.0/builtin/gc.c:467:15: acquire_memory: allocated here git-2.51.0/builtin/gc.c:469:12: branch_false: following ‘false’ branch... git-2.51.0/builtin/gc.c:472:26: branch_false: ...to here git-2.51.0/builtin/gc.c:473:23: throw: if ‘readdir’ throws an exception... git-2.51.0/builtin/gc.c:472:26: danger: ‘opendir(repo_git_path(the_repository, "objects/17"))’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0) # 470| return 0; # 471| # 472|-> auto_threshold = DIV_ROUND_UP(cfg->gc_auto_threshold, 256); # 473| while ((ent = readdir(dir)) != NULL) { # 474| if (strspn(ent->d_name, "0123456789abcdef") != hexsz_loose || Error: GCC_ANALYZER_WARNING (CWE-775): [#def8] git-2.51.0/gettext.h:48:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(dest, 0)’ git-2.51.0/object-file.c:593:5: enter_function: entry to ‘finalize_object_file_flags’ git-2.51.0/object-file.c:633:20: branch_false: following ‘false’ branch (when ‘ret == 17’)... git-2.51.0/object-file.c:639:22: branch_false: ...to here git-2.51.0/object-file.c:639:20: branch_true: following ‘true’ branch... git-2.51.0/object-file.c:640:31: branch_true: ...to here git-2.51.0/object-file.c:640:31: call_function: calling ‘check_collision’ from ‘finalize_object_file_flags’ # 46| static inline FORMAT_PRESERVING(1) const char *_(const char *msgid) # 47| { # 48|-> if (!*msgid) # 49| return ""; # 50| if (!git_gettext_enabled) Error: GCC_ANALYZER_WARNING (CWE-775): [#def9] git-2.51.0/object-file.c:542:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(source, 0)’ git-2.51.0/object-file.c:593:5: enter_function: entry to ‘finalize_object_file_flags’ git-2.51.0/object-file.c:625:20: branch_true: following ‘true’ branch... git-2.51.0/object-file.c:657:1: branch_true: ...to here git-2.51.0/object-file.c:633:20: branch_false: following ‘false’ branch (when ‘ret == 17’)... git-2.51.0/object-file.c:639:22: branch_false: ...to here git-2.51.0/object-file.c:639:20: branch_true: following ‘true’ branch... git-2.51.0/object-file.c:640:31: branch_true: ...to here git-2.51.0/object-file.c:640:31: call_function: calling ‘check_collision’ from ‘finalize_object_file_flags’ # 540| } # 541| # 542|-> fd_dest = open(dest, O_RDONLY); # 543| if (fd_dest < 0) { # 544| if (errno != ENOENT) Error: GCC_ANALYZER_WARNING (CWE-775): [#def10] git-2.51.0/object-file.c:554:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(dest, 0)’ git-2.51.0/object-file.c:593:5: enter_function: entry to ‘finalize_object_file_flags’ git-2.51.0/object-file.c:625:20: branch_true: following ‘true’ branch... git-2.51.0/object-file.c:657:1: branch_true: ...to here git-2.51.0/object-file.c:633:20: branch_false: following ‘false’ branch (when ‘ret == 17’)... git-2.51.0/object-file.c:639:22: branch_false: ...to here git-2.51.0/object-file.c:639:20: branch_true: following ‘true’ branch... git-2.51.0/object-file.c:640:31: branch_true: ...to here git-2.51.0/object-file.c:640:31: call_function: calling ‘check_collision’ from ‘finalize_object_file_flags’ # 552| ssize_t sz_a, sz_b; # 553| # 554|-> sz_a = read_in_full(fd_source, buf_source, sizeof(buf_source)); # 555| if (sz_a < 0) { # 556| ret = error_errno(_("unable to read %s"), source); Error: GCC_ANALYZER_WARNING (CWE-775): [#def11] git-2.51.0/object-file.c:554:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(source, 0)’ git-2.51.0/object-file.c:593:5: enter_function: entry to ‘finalize_object_file_flags’ git-2.51.0/object-file.c:625:20: branch_true: following ‘true’ branch... git-2.51.0/object-file.c:657:1: branch_true: ...to here git-2.51.0/object-file.c:633:20: branch_false: following ‘false’ branch (when ‘ret == 17’)... git-2.51.0/object-file.c:639:22: branch_false: ...to here git-2.51.0/object-file.c:639:20: branch_true: following ‘true’ branch... git-2.51.0/object-file.c:640:31: branch_true: ...to here git-2.51.0/object-file.c:640:31: call_function: calling ‘check_collision’ from ‘finalize_object_file_flags’ # 552| ssize_t sz_a, sz_b; # 553| # 554|-> sz_a = read_in_full(fd_source, buf_source, sizeof(buf_source)); # 555| if (sz_a < 0) { # 556| ret = error_errno(_("unable to read %s"), source); Error: GCC_ANALYZER_WARNING (CWE-775): [#def12] git-2.51.0/object-file.c:560:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(dest, 0)’ git-2.51.0/object-file.c:593:5: enter_function: entry to ‘finalize_object_file_flags’ git-2.51.0/object-file.c:633:20: branch_false: following ‘false’ branch (when ‘ret == 17’)... git-2.51.0/object-file.c:639:22: branch_false: ...to here git-2.51.0/object-file.c:639:20: branch_true: following ‘true’ branch... git-2.51.0/object-file.c:640:31: branch_true: ...to here git-2.51.0/object-file.c:640:31: call_function: calling ‘check_collision’ from ‘finalize_object_file_flags’ # 558| } # 559| # 560|-> sz_b = read_in_full(fd_dest, buf_dest, sizeof(buf_dest)); # 561| if (sz_b < 0) { # 562| ret = error_errno(_("unable to read %s"), dest); Error: GCC_ANALYZER_WARNING (CWE-775): [#def13] git-2.51.0/object-file.c:578:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd_dest’ git-2.51.0/object-file.c:593:5: enter_function: entry to ‘finalize_object_file_flags’ git-2.51.0/object-file.c:633:20: branch_false: following ‘false’ branch (when ‘ret == 17’)... git-2.51.0/object-file.c:639:22: branch_false: ...to here git-2.51.0/object-file.c:639:20: branch_true: following ‘true’ branch... git-2.51.0/object-file.c:640:31: branch_true: ...to here git-2.51.0/object-file.c:640:31: call_function: calling ‘check_collision’ from ‘finalize_object_file_flags’ # 576| out: # 577| if (fd_source > -1) # 578|-> close(fd_source); # 579| if (fd_dest > -1) # 580| close(fd_dest); Error: GCC_ANALYZER_WARNING (CWE-775): [#def14] git-2.51.0/object-file.c:580:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd_dest’ git-2.51.0/object-file.c:593:5: enter_function: entry to ‘finalize_object_file_flags’ git-2.51.0/object-file.c:633:20: branch_false: following ‘false’ branch (when ‘ret == 17’)... git-2.51.0/object-file.c:639:22: branch_false: ...to here git-2.51.0/object-file.c:639:20: branch_true: following ‘true’ branch... git-2.51.0/object-file.c:640:31: branch_true: ...to here git-2.51.0/object-file.c:640:31: call_function: calling ‘check_collision’ from ‘finalize_object_file_flags’ # 578| close(fd_source); # 579| if (fd_dest > -1) # 580|-> close(fd_dest); # 581| return ret; # 582| } Error: GCC_ANALYZER_WARNING (CWE-775): [#def15] git-2.51.0/object-file.c:1256:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(path, 0)’ git-2.51.0/object-file.c:1272:5: enter_function: entry to ‘index_path’ git-2.51.0/object-file.c:1281:22: acquire_resource: opened here git-2.51.0/object-file.c:1282:20: branch_false: following ‘false’ branch... git-2.51.0/object-file.c:1284:21: branch_false: ...to here git-2.51.0/object-file.c:1284:21: call_function: calling ‘index_fd’ from ‘index_path’ # 1254| * die() for large files. # 1255| */ # 1256|-> if (type == OBJ_BLOB && path && would_convert_to_git_filter_fd(istate, path)) # 1257| ret = index_stream_convert_blob(istate, oid, fd, path, flags); # 1258| else if (!S_ISREG(st->st_mode)) Error: GCC_ANALYZER_WARNING (CWE-835): [#def16] git-2.51.0/refs.c:201:26: warning[-Wanalyzer-infinite-loop]: infinite loop # 199| # 200| for (cp = refname; ; cp++) { # 201|-> int ch = *cp & 255; # 202| unsigned char disp = refname_disposition[ch]; # 203| Error: GCC_ANALYZER_WARNING (CWE-401): [#def17] git-2.51.0/t/unit-tests/clar/clar/fs.h:489:26: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(path)’ git-2.51.0/t/unit-tests/clar/clar/sandbox.h:78:13: enter_function: entry to ‘clar_unsandbox’ git-2.51.0/t/unit-tests/clar/clar/sandbox.h:83:9: call_function: inlined call to ‘clar__assert’ from ‘clar_unsandbox’ git-2.51.0/t/unit-tests/clar/clar/sandbox.h:85:9: branch_true: ...to here git-2.51.0/t/unit-tests/clar/clar/sandbox.h:85:9: call_function: calling ‘fs_rm’ from ‘clar_unsandbox’ # 487| # 488| errno = 0; # 489|-> if ((d = readdir(dir)) == NULL) # 490| break; # 491| if (!strcmp(d->d_name, ".") || !strcmp(d->d_name, "..")) Error: GCC_ANALYZER_WARNING (CWE-688): [#def18] git-2.51.0/utf8.h:46:16: warning[-Wanalyzer-null-argument]: use of NULL ‘in’ where non-null expected git-2.51.0/builtin/fast-export.c:689:13: enter_function: entry to ‘handle_commit’ git-2.51.0/builtin/fast-export.c:710:12: branch_false: following ‘false’ branch... git-2.51.0/builtin/fast-export.c:713:9: branch_false: ...to here git-2.51.0/builtin/fast-export.c:717:12: branch_false: following ‘false’ branch... git-2.51.0/builtin/fast-export.c:720:9: branch_false: ...to here git-2.51.0/builtin/fast-export.c:730:12: branch_true: following ‘true’ branch... git-2.51.0/builtin/fast-export.c:731:28: branch_true: ...to here git-2.51.0/builtin/fast-export.c:732:20: branch_true: following ‘true’ branch... git-2.51.0/builtin/fast-export.c:733:48: branch_true: ...to here git-2.51.0/builtin/fast-export.c:736:12: branch_false: following ‘false’ branch... git-2.51.0/builtin/fast-export.c:744:19: branch_false: ...to here git-2.51.0/builtin/fast-export.c:745:12: branch_false: following ‘false’ branch (when ‘message’ is NULL)... git-2.51.0/builtin/fast-export.c:748:13: branch_false: ...to here git-2.51.0/builtin/fast-export.c:773:12: branch_false: following ‘false’ branch... git-2.51.0/builtin/fast-export.c:779:9: branch_false: ...to here git-2.51.0/builtin/fast-export.c:780:12: branch_false: following ‘false’ branch... git-2.51.0/builtin/fast-export.c:782:19: branch_false: ...to here git-2.51.0/builtin/fast-export.c:782:19: branch_true: following ‘true’ branch (when ‘encoding’ is non-NULL)... git-2.51.0/builtin/fast-export.c:784:17: branch_true: ...to here git-2.51.0/builtin/fast-export.c:787:37: call_function: calling ‘reencode_string’ from ‘handle_commit’ # 44| const char *in_encoding) # 45| { # 46|-> return reencode_string_len(in, strlen(in), # 47| out_encoding, in_encoding, # 48| NULL);
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.92.0 |
| diffbase-analyzer-version-cppcheck | 2.19.1 |
| diffbase-analyzer-version-gcc | 16.0.0 |
| diffbase-analyzer-version-gcc-analyzer | 16.0.0 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-153.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | git-2.52.0-1.fc44 |
| diffbase-store-results-to | /tmp/tmpsvbi0g_j/git-2.52.0-1.fc44.tar.xz |
| diffbase-time-created | 2026-01-08 16:25:04 |
| diffbase-time-finished | 2026-01-08 16:30:59 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpsvbi0g_j/git-2.52.0-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpsvbi0g_j/git-2.52.0-1.fc44.src.rpm' |
| diffbase-tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-153.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | git-2.51.0-2.fc43 |
| store-results-to | /tmp/tmp0brepch9/git-2.51.0-2.fc43.tar.xz |
| time-created | 2026-01-08 16:18:13 |
| time-finished | 2026-01-08 16:24:40 |
| title | Fixed findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmp0brepch9/git-2.51.0-2.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp0brepch9/git-2.51.0-2.fc43.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |