git-2.52.0-1.fc44

List of Findings

Error: SHELLCHECK_WARNING (CWE-569): [#def1]
/usr/bin/gitk:10:5: error[SC1035]: You need a space after the [ and before the ].
#    8|   # either version 2, or (at your option) any later version.
#    9|   
#   10|-> if {[catch {package require Tcl 8.6-} err]} {
#   11|       catch {wm withdraw .}
#   12|       tk_messageBox \

Error: SHELLCHECK_WARNING: [#def2]
/usr/bin/gitk:10:5: error[SC1054]: You need a space after the '{'.
#    8|   # either version 2, or (at your option) any later version.
#    9|   
#   10|-> if {[catch {package require Tcl 8.6-} err]} {
#   11|       catch {wm withdraw .}
#   12|       tk_messageBox \

Error: SHELLCHECK_WARNING (CWE-398): [#def3]
/usr/bin/gitk:10:5: error[SC1073]: Couldn't parse this test expression. Fix to allow more checks.
#    8|   # either version 2, or (at your option) any later version.
#    9|   
#   10|-> if {[catch {package require Tcl 8.6-} err]} {
#   11|       catch {wm withdraw .}
#   12|       tk_messageBox \

Error: SHELLCHECK_WARNING (CWE-398): [#def4]
/usr/bin/gitk:10:12: error[SC1072]: Expected test to end here (don't wrap commands in []/[[]]). Fix any mentioned problems and try again.
#    8|   # either version 2, or (at your option) any later version.
#    9|   
#   10|-> if {[catch {package require Tcl 8.6-} err]} {
#   11|       catch {wm withdraw .}
#   12|       tk_messageBox \

Error: SHELLCHECK_WARNING (CWE-563): [#def5]
/usr/libexec/git-core/git-difftool--helper:8:1: warning[SC2034]: TOOL_MODE appears unused. Verify use (or export if used externally).
#    6|   # Copyright (c) 2009, 2010 David Aguilar
#    7|   
#    8|-> TOOL_MODE=diff
#    9|   . git-mergetool--lib
#   10|   

Error: SHELLCHECK_WARNING (CWE-456): [#def6]
/usr/libexec/git-core/git-difftool--helper:8:1: warning[SC2209]: Use var=$(command) to assign output (or quote to assign string).
#    6|   # Copyright (c) 2009, 2010 David Aguilar
#    7|   
#    8|-> TOOL_MODE=diff
#    9|   . git-mergetool--lib
#   10|   

Error: SHELLCHECK_WARNING (CWE-563): [#def7]
/usr/libexec/git-core/git-difftool--helper:86:2: warning[SC2034]: LOCAL appears unused. Verify use (or export if used externally).
#   84|   if test -n "$GIT_DIFFTOOL_DIRDIFF"
#   85|   then
#   86|-> 	LOCAL="$1"
#   87|   	REMOTE="$2"
#   88|   	initialize_merge_tool "$merge_tool" || exit 1

Error: SHELLCHECK_WARNING (CWE-563): [#def8]
/usr/libexec/git-core/git-difftool--helper:87:2: warning[SC2034]: REMOTE appears unused. Verify use (or export if used externally).
#   85|   then
#   86|   	LOCAL="$1"
#   87|-> 	REMOTE="$2"
#   88|   	initialize_merge_tool "$merge_tool" || exit 1
#   89|   	run_merge_tool "$merge_tool" false

Error: SHELLCHECK_WARNING (CWE-563): [#def9]
/usr/libexec/git-core/git-filter-branch:100:1: warning[SC2034]: USAGE appears unused. Verify use (or export if used externally).
#   98|   fi
#   99|   
#  100|-> USAGE="[--setup <command>] [--subdirectory-filter <directory>] [--env-filter <command>]
#  101|   	[--tree-filter <command>] [--index-filter <command>]
#  102|   	[--parent-filter <command>] [--msg-filter <command>]

Error: SHELLCHECK_WARNING (CWE-563): [#def10]
/usr/libexec/git-core/git-filter-branch:108:1: warning[SC2034]: OPTIONS_SPEC appears unused. Verify use (or export if used externally).
#  106|   	[--] [<rev-list options>...]"
#  107|   
#  108|-> OPTIONS_SPEC=
#  109|   . git-sh-setup
#  110|   

Error: SHELLCHECK_WARNING (CWE-456): [#def11]
/usr/libexec/git-core/git-filter-branch:121:1: warning[SC2209]: Use var=$(command) to assign output (or quote to assign string).
#  119|   filter_index=
#  120|   filter_parent=
#  121|-> filter_msg=cat
#  122|   filter_commit=
#  123|   filter_tag_name=

Error: SHELLCHECK_WARNING (CWE-480): [#def12]
/usr/libexec/git-core/git-filter-branch:368:10: warning[SC1007]: Remove space after = if trying to assign a value (for empty string, use var='' ... ).
#  366|   git_filter_branch__commit_count=0
#  367|   
#  368|-> progress= start_timestamp=
#  369|   if date '+%s' 2>/dev/null | grep -q '^[0-9][0-9]*$'
#  370|   then

Error: SHELLCHECK_WARNING (CWE-156): [#def13]
/usr/libexec/git-core/git-filter-branch:498:28: warning[SC2046]: Quote this to prevent word splitting.
#  496|   		test -f "$workdir"/../map/$sha1 && continue
#  497|   		ancestor=$(git rev-list --simplify-merges -1 "$ref" "$@")
#  498|-> 		test "$ancestor" && echo $(map $ancestor) >"$workdir"/../map/$sha1
#  499|   	done < "$tempdir"/heads
#  500|   fi

Error: SHELLCHECK_WARNING (CWE-156): [#def14]
/usr/libexec/git-core/git-filter-branch:527:12: warning[SC2046]: Quote this to prevent word splitting.
#  525|   		if ! git update-ref -m "filter-branch: rewrite" \
#  526|   					"$ref" $rewritten $sha1 2>/dev/null; then
#  527|-> 			if test $(git cat-file -t "$ref") = tag; then
#  528|   				if test -z "$filter_tag_name"; then
#  529|   					warn "WARNING: You said to rewrite tagged commits, but not the corresponding tag."

Error: SHELLCHECK_WARNING (CWE-477): [#def15]
/usr/libexec/git-core/git-filter-branch:551:28: warning[SC2166]: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
#  549|   		ref="${ref#refs/tags/}"
#  550|   		# XXX: Rewrite tagged trees as well?
#  551|-> 		if [ "$type" != "commit" -a "$type" != "tag" ]; then
#  552|   			continue;
#  553|   		fi

Error: SHELLCHECK_WARNING (CWE-569): [#def16]
/usr/libexec/git-core/git-filter-branch:558:37: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it.
#  556|   			# Dereference to a commit
#  557|   			sha1t="$sha1"
#  558|-> 			sha1="$(git rev-parse -q "$sha1"^{commit})" || continue
#  559|   		fi
#  560|   

Error: SHELLCHECK_WARNING (CWE-569): [#def17]
/usr/libexec/git-core/git-filter-branch:558:44: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it.
#  556|   			# Dereference to a commit
#  557|   			sha1t="$sha1"
#  558|-> 			sha1="$(git rev-parse -q "$sha1"^{commit})" || continue
#  559|   		fi
#  560|   

Error: SHELLCHECK_WARNING (CWE-252): [#def18]
/usr/libexec/git-core/git-filter-branch:656:1: warning[SC2164]: Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
#  654|   fi
#  655|   
#  656|-> cd "$orig_dir"
#  657|   rm -rf "$tempdir"
#  658|   

Error: SHELLCHECK_WARNING (CWE-561): [#def19]
/usr/libexec/git-core/git-gui:10:2: warning[SC2093]: Remove "exec " if script should continue after this command.
#    8|    fi; \
#    9|    argv0=$0; \
#   10|->  exec 'wish' "$argv0" -- "$@"
#   11|   
#   12|   set appvers {0.21.0.252.g7ef77e}

Error: SHELLCHECK_WARNING (CWE-456): [#def20]
/usr/libexec/git-core/git-gui:12:5: warning[SC2121]: To assign a variable, use just 'var=value', no 'set ..'.
#   10|    exec 'wish' "$argv0" -- "$@"
#   11|   
#   12|-> set appvers {0.21.0.252.g7ef77e}
#   13|   set copyright [string map [list (c) \u00a9] {
#   14|   Copyright (c) 2006-2010 Shawn Pearce, et. al.

Error: SHELLCHECK_WARNING (CWE-569): [#def21]
/usr/libexec/git-core/git-gui:12:13: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it.
#   10|    exec 'wish' "$argv0" -- "$@"
#   11|   
#   12|-> set appvers {0.21.0.252.g7ef77e}
#   13|   set copyright [string map [list (c) \u00a9] {
#   14|   Copyright (c) 2006-2010 Shawn Pearce, et. al.

Error: SHELLCHECK_WARNING (CWE-569): [#def22]
/usr/libexec/git-core/git-gui:12:32: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it.
#   10|    exec 'wish' "$argv0" -- "$@"
#   11|   
#   12|-> set appvers {0.21.0.252.g7ef77e}
#   13|   set copyright [string map [list (c) \u00a9] {
#   14|   Copyright (c) 2006-2010 Shawn Pearce, et. al.

Error: SHELLCHECK_WARNING (CWE-456): [#def23]
/usr/libexec/git-core/git-gui:13:5: warning[SC2121]: To assign a variable, use just 'var=value', no 'set ..'.
#   11|   
#   12|   set appvers {0.21.0.252.g7ef77e}
#   13|-> set copyright [string map [list (c) \u00a9] {
#   14|   Copyright (c) 2006-2010 Shawn Pearce, et. al.
#   15|   

Error: SHELLCHECK_WARNING (CWE-398): [#def24]
/usr/libexec/git-core/git-gui:13:33: error[SC1036]: '(' is invalid here. Did you forget to escape it?
#   11|   
#   12|   set appvers {0.21.0.252.g7ef77e}
#   13|-> set copyright [string map [list (c) \u00a9] {
#   14|   Copyright (c) 2006-2010 Shawn Pearce, et. al.
#   15|   

Error: SHELLCHECK_WARNING (CWE-398): [#def25]
/usr/libexec/git-core/git-gui:13:33: error[SC1088]: Parsing stopped here. Invalid use of parentheses?
#   11|   
#   12|   set appvers {0.21.0.252.g7ef77e}
#   13|-> set copyright [string map [list (c) \u00a9] {
#   14|   Copyright (c) 2006-2010 Shawn Pearce, et. al.
#   15|   

Error: SHELLCHECK_WARNING: [#def26]
/usr/libexec/git-core/git-gui--askpass:14:1: error[SC1049]: Did you forget the 'then' for this 'if'?
#   12|   set rc     255
#   13|   
#   14|-> if {$argc < 1} {
#   15|   	set prompt "Enter your OpenSSH passphrase:"
#   16|   } else {

Error: SHELLCHECK_WARNING (CWE-398): [#def27]
/usr/libexec/git-core/git-gui--askpass:14:1: error[SC1073]: Couldn't parse this if expression. Fix to allow more checks.
#   12|   set rc     255
#   13|   
#   14|-> if {$argc < 1} {
#   15|   	set prompt "Enter your OpenSSH passphrase:"
#   16|   } else {

Error: SHELLCHECK_WARNING: [#def28]
/usr/libexec/git-core/git-gui--askpass:14:5: error[SC1054]: You need a space after the '{'.
#   12|   set rc     255
#   13|   
#   14|-> if {$argc < 1} {
#   15|   	set prompt "Enter your OpenSSH passphrase:"
#   16|   } else {

Error: SHELLCHECK_WARNING (CWE-569): [#def29]
/usr/libexec/git-core/git-gui--askpass:14:14: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it.
#   12|   set rc     255
#   13|   
#   14|-> if {$argc < 1} {
#   15|   	set prompt "Enter your OpenSSH passphrase:"
#   16|   } else {

Error: SHELLCHECK_WARNING (CWE-569): [#def30]
/usr/libexec/git-core/git-gui--askpass:14:16: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it.
#   12|   set rc     255
#   13|   
#   14|-> if {$argc < 1} {
#   15|   	set prompt "Enter your OpenSSH passphrase:"
#   16|   } else {

Error: SHELLCHECK_WARNING: [#def31]
/usr/libexec/git-core/git-gui--askpass:16:3: error[SC1050]: Expected 'then'.
#   14|   if {$argc < 1} {
#   15|   	set prompt "Enter your OpenSSH passphrase:"
#   16|-> } else {
#   17|   	set prompt [join $argv " "]
#   18|   	if {[regexp -nocase {\(yes\/no\)\?\s*$} $prompt]} {

Error: SHELLCHECK_WARNING (CWE-398): [#def32]
/usr/libexec/git-core/git-gui--askpass:16:8: error[SC1072]: Unexpected . Fix any mentioned problems and try again.
#   14|   if {$argc < 1} {
#   15|   	set prompt "Enter your OpenSSH passphrase:"
#   16|-> } else {
#   17|   	set prompt [join $argv " "]
#   18|   	if {[regexp -nocase {\(yes\/no\)\?\s*$} $prompt]} {

Error: SHELLCHECK_WARNING: [#def33]
/usr/libexec/git-core/git-gui--askyesno:15:5: error[SC1054]: You need a space after the '{'.
#   13|   set NS {}
#   14|   set use_ttk [package vsatisfies [package provide Tk] 8.5]
#   15|-> if {$use_ttk} {
#   16|   	set NS ttk
#   17|   }

Error: SHELLCHECK_WARNING (CWE-569): [#def34]
/usr/libexec/git-core/git-gui--askyesno:15:13: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it.
#   13|   set NS {}
#   14|   set use_ttk [package vsatisfies [package provide Tk] 8.5]
#   15|-> if {$use_ttk} {
#   16|   	set NS ttk
#   17|   }

Error: SHELLCHECK_WARNING (CWE-569): [#def35]
/usr/libexec/git-core/git-gui--askyesno:15:15: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it.
#   13|   set NS {}
#   14|   set use_ttk [package vsatisfies [package provide Tk] 8.5]
#   15|-> if {$use_ttk} {
#   16|   	set NS ttk
#   17|   }

Error: SHELLCHECK_WARNING: [#def36]
/usr/libexec/git-core/git-gui--askyesno:20:1: error[SC1049]: Did you forget the 'then' for this 'if'?
#   18|   
#   19|   set title "Question?"
#   20|-> if {$argc < 1} {
#   21|   	puts stderr "Usage: $argv0 <question>"
#   22|   	exit 1

Error: SHELLCHECK_WARNING (CWE-398): [#def37]
/usr/libexec/git-core/git-gui--askyesno:20:1: error[SC1073]: Couldn't parse this if expression. Fix to allow more checks.
#   18|   
#   19|   set title "Question?"
#   20|-> if {$argc < 1} {
#   21|   	puts stderr "Usage: $argv0 <question>"
#   22|   	exit 1

Error: SHELLCHECK_WARNING: [#def38]
/usr/libexec/git-core/git-gui--askyesno:20:5: error[SC1054]: You need a space after the '{'.
#   18|   
#   19|   set title "Question?"
#   20|-> if {$argc < 1} {
#   21|   	puts stderr "Usage: $argv0 <question>"
#   22|   	exit 1

Error: SHELLCHECK_WARNING (CWE-569): [#def39]
/usr/libexec/git-core/git-gui--askyesno:20:14: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it.
#   18|   
#   19|   set title "Question?"
#   20|-> if {$argc < 1} {
#   21|   	puts stderr "Usage: $argv0 <question>"
#   22|   	exit 1

Error: SHELLCHECK_WARNING (CWE-569): [#def40]
/usr/libexec/git-core/git-gui--askyesno:20:16: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it.
#   18|   
#   19|   set title "Question?"
#   20|-> if {$argc < 1} {
#   21|   	puts stderr "Usage: $argv0 <question>"
#   22|   	exit 1

Error: SHELLCHECK_WARNING: [#def41]
/usr/libexec/git-core/git-gui--askyesno:23:3: error[SC1050]: Expected 'then'.
#   21|   	puts stderr "Usage: $argv0 <question>"
#   22|   	exit 1
#   23|-> } else {
#   24|   	if {$argc > 2 && [lindex $argv 0] == "--title"} {
#   25|   		set title [lindex $argv 1]

Error: SHELLCHECK_WARNING (CWE-398): [#def42]
/usr/libexec/git-core/git-gui--askyesno:23:8: error[SC1072]: Unexpected . Fix any mentioned problems and try again.
#   21|   	puts stderr "Usage: $argv0 <question>"
#   22|   	exit 1
#   23|-> } else {
#   24|   	if {$argc > 2 && [lindex $argv 0] == "--title"} {
#   25|   		set title [lindex $argv 1]

Error: SHELLCHECK_WARNING (CWE-563): [#def43]
/usr/libexec/git-core/git-instaweb:7:1: warning[SC2034]: OPTIONS_KEEPDASHDASH appears unused. Verify use (or export if used externally).
#    5|   
#    6|   PERL='/usr/bin/perl'
#    7|-> OPTIONS_KEEPDASHDASH=
#    8|   OPTIONS_STUCKLONG=
#    9|   OPTIONS_SPEC="\

Error: SHELLCHECK_WARNING (CWE-563): [#def44]
/usr/libexec/git-core/git-instaweb:8:1: warning[SC2034]: OPTIONS_STUCKLONG appears unused. Verify use (or export if used externally).
#    6|   PERL='/usr/bin/perl'
#    7|   OPTIONS_KEEPDASHDASH=
#    8|-> OPTIONS_STUCKLONG=
#    9|   OPTIONS_SPEC="\
#   10|   git instaweb [options] (--start | --stop | --restart)

Error: SHELLCHECK_WARNING (CWE-563): [#def45]
/usr/libexec/git-core/git-instaweb:9:1: warning[SC2034]: OPTIONS_SPEC appears unused. Verify use (or export if used externally).
#    7|   OPTIONS_KEEPDASHDASH=
#    8|   OPTIONS_STUCKLONG=
#    9|-> OPTIONS_SPEC="\
#   10|   git instaweb [options] (--start | --stop | --restart)
#   11|   --

Error: SHELLCHECK_WARNING (CWE-563): [#def46]
/usr/libexec/git-core/git-instaweb:23:1: warning[SC2034]: SUBDIRECTORY_OK appears unused. Verify use (or export if used externally).
#   21|   "
#   22|   
#   23|-> SUBDIRECTORY_OK=Yes
#   24|   . git-sh-setup
#   25|   

Error: SHELLCHECK_WARNING (CWE-156): [#def47]
/usr/libexec/git-core/git-instaweb:146:34: warning[SC2046]: Quote this to prevent word splitting.
#  144|   
#  145|   stop_httpd () {
#  146|-> 	test -f "$fqgitdir/pid" && kill $(cat "$fqgitdir/pid")
#  147|   	rm -f "$fqgitdir/pid"
#  148|   }

Error: SHELLCHECK_WARNING (CWE-457): [#def48]
/usr/libexec/git-core/git-instaweb:562:27: warning[SC2154]: fd is referenced but not assigned.
#  560|   	};
#  561|   	# gitweb currently doesn't work with $SIG{CHLD} set to 'IGNORE',
#  562|-> 	# because it uses 'close $fd or die...' on piped filehandle $fh
#  563|   	# (which causes the parent process to wait for child to finish).
#  564|   	enable_if { \$SIG{'CHLD'} eq 'IGNORE' } sub {

Error: SHELLCHECK_WARNING (CWE-457): [#def49]
/usr/libexec/git-core/git-instaweb:562:62: warning[SC2154]: fh is referenced but not assigned.
#  560|   	};
#  561|   	# gitweb currently doesn't work with $SIG{CHLD} set to 'IGNORE',
#  562|-> 	# because it uses 'close $fd or die...' on piped filehandle $fh
#  563|   	# (which causes the parent process to wait for child to finish).
#  564|   	enable_if { \$SIG{'CHLD'} eq 'IGNORE' } sub {

Error: SHELLCHECK_WARNING (CWE-480): [#def50]
/usr/libexec/git-core/git-merge-octopus:14:7: warning[SC1007]: Remove space after = if trying to assign a value (for empty string, use var='' ... ).
#   12|   
#   13|   # The first parameters up to -- are merge bases; the rest are heads.
#   14|-> bases= head= remotes= sep_seen=
#   15|   for arg
#   16|   do

Error: SHELLCHECK_WARNING (CWE-480): [#def51]
/usr/libexec/git-core/git-merge-octopus:14:13: warning[SC1007]: Remove space after = if trying to assign a value (for empty string, use var='' ... ).
#   12|   
#   13|   # The first parameters up to -- are merge bases; the rest are heads.
#   14|-> bases= head= remotes= sep_seen=
#   15|   for arg
#   16|   do

Error: SHELLCHECK_WARNING (CWE-480): [#def52]
/usr/libexec/git-core/git-merge-octopus:14:22: warning[SC1007]: Remove space after = if trying to assign a value (for empty string, use var='' ... ).
#   12|   
#   13|   # The first parameters up to -- are merge bases; the rest are heads.
#   14|-> bases= head= remotes= sep_seen=
#   15|   for arg
#   16|   do

Error: SHELLCHECK_WARNING (CWE-569): [#def53]
/usr/libexec/git-core/git-merge-octopus:66:21: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it.
#   64|   	esac
#   65|   
#   66|-> 	eval pretty_name=\${GITHEAD_$SHA1:-$SHA1}
#   67|   	if test "$SHA1" = "$pretty_name"
#   68|   	then

Error: SHELLCHECK_WARNING (CWE-569): [#def54]
/usr/libexec/git-core/git-merge-octopus:66:42: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it.
#   64|   	esac
#   65|   
#   66|-> 	eval pretty_name=\${GITHEAD_$SHA1:-$SHA1}
#   67|   	if test "$SHA1" = "$pretty_name"
#   68|   	then

Error: SHELLCHECK_WARNING (CWE-457): [#def55]
/usr/libexec/git-core/git-merge-octopus:67:21: warning[SC2154]: pretty_name is referenced but not assigned.
#   65|   
#   66|   	eval pretty_name=\${GITHEAD_$SHA1:-$SHA1}
#   67|-> 	if test "$SHA1" = "$pretty_name"
#   68|   	then
#   69|   		SHA1_UP="$(echo "$SHA1" | tr a-z A-Z)"

Error: SHELLCHECK_WARNING (CWE-569): [#def56]
/usr/libexec/git-core/git-merge-octopus:70:22: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it.
#   68|   	then
#   69|   		SHA1_UP="$(echo "$SHA1" | tr a-z A-Z)"
#   70|-> 		eval pretty_name=\${GITHEAD_$SHA1_UP:-$pretty_name}
#   71|   	fi
#   72|   	common=$(git merge-base --all $SHA1 $MRC) ||

Error: SHELLCHECK_WARNING (CWE-569): [#def57]
/usr/libexec/git-core/git-merge-octopus:70:53: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it.
#   68|   	then
#   69|   		SHA1_UP="$(echo "$SHA1" | tr a-z A-Z)"
#   70|-> 		eval pretty_name=\${GITHEAD_$SHA1_UP:-$pretty_name}
#   71|   	fi
#   72|   	common=$(git merge-base --all $SHA1 $MRC) ||

Error: SHELLCHECK_WARNING (CWE-563): [#def58]
/usr/libexec/git-core/git-merge-one-file:25:1: warning[SC2034]: SUBDIRECTORY_OK appears unused. Verify use (or export if used externally).
#   23|   Blob ids and modes should be empty for missing files."
#   24|   
#   25|-> SUBDIRECTORY_OK=Yes
#   26|   . git-sh-setup
#   27|   cd_to_toplevel

Error: SHELLCHECK_WARNING (CWE-156): [#def59]
/usr/libexec/git-core/git-merge-one-file:123:26: warning[SC2046]: Quote this to prevent word splitting.
#  121|   	'')
#  122|   		echo "Added $4 in both, but differently."
#  123|-> 		orig=$(git unpack-file $(git hash-object /dev/null))
#  124|   		;;
#  125|   	*)

Error: SHELLCHECK_WARNING (CWE-480): [#def60]
/usr/libexec/git-core/git-merge-resolve:19:7: warning[SC1007]: Remove space after = if trying to assign a value (for empty string, use var='' ... ).
#   17|   
#   18|   # The first parameters up to -- are merge bases; the rest are heads.
#   19|-> bases= head= remotes= sep_seen=
#   20|   for arg
#   21|   do

Error: SHELLCHECK_WARNING (CWE-480): [#def61]
/usr/libexec/git-core/git-merge-resolve:19:13: warning[SC1007]: Remove space after = if trying to assign a value (for empty string, use var='' ... ).
#   17|   
#   18|   # The first parameters up to -- are merge bases; the rest are heads.
#   19|-> bases= head= remotes= sep_seen=
#   20|   for arg
#   21|   do

Error: SHELLCHECK_WARNING (CWE-480): [#def62]
/usr/libexec/git-core/git-merge-resolve:19:22: warning[SC1007]: Remove space after = if trying to assign a value (for empty string, use var='' ... ).
#   17|   
#   18|   # The first parameters up to -- are merge bases; the rest are heads.
#   19|-> bases= head= remotes= sep_seen=
#   20|   for arg
#   21|   do

Error: SHELLCHECK_WARNING (CWE-563): [#def63]
/usr/libexec/git-core/git-merge-resolve:53:4: warning[SC2034]: result_tree appears unused. Verify use (or export if used externally).
#   51|   git read-tree -u -m --aggressive $bases $head $remotes || exit 2
#   52|   echo "Trying simple merge."
#   53|-> if result_tree=$(git write-tree 2>/dev/null)
#   54|   then
#   55|   	exit 0

Error: SHELLCHECK_WARNING (CWE-563): [#def64]
/usr/libexec/git-core/git-mergetool:12:1: warning[SC2034]: USAGE appears unused. Verify use (or export if used externally).
#   10|   #
#   11|   
#   12|-> USAGE='[--tool=tool] [--tool-help] [-y|--no-prompt|--prompt] [-g|--gui|--no-gui] [-O<orderfile>] [file to merge] ...'
#   13|   SUBDIRECTORY_OK=Yes
#   14|   NONGIT_OK=Yes

Error: SHELLCHECK_WARNING (CWE-563): [#def65]
/usr/libexec/git-core/git-mergetool:13:1: warning[SC2034]: SUBDIRECTORY_OK appears unused. Verify use (or export if used externally).
#   11|   
#   12|   USAGE='[--tool=tool] [--tool-help] [-y|--no-prompt|--prompt] [-g|--gui|--no-gui] [-O<orderfile>] [file to merge] ...'
#   13|-> SUBDIRECTORY_OK=Yes
#   14|   NONGIT_OK=Yes
#   15|   OPTIONS_SPEC=

Error: SHELLCHECK_WARNING (CWE-563): [#def66]
/usr/libexec/git-core/git-mergetool:14:1: warning[SC2034]: NONGIT_OK appears unused. Verify use (or export if used externally).
#   12|   USAGE='[--tool=tool] [--tool-help] [-y|--no-prompt|--prompt] [-g|--gui|--no-gui] [-O<orderfile>] [file to merge] ...'
#   13|   SUBDIRECTORY_OK=Yes
#   14|-> NONGIT_OK=Yes
#   15|   OPTIONS_SPEC=
#   16|   TOOL_MODE=merge

Error: SHELLCHECK_WARNING (CWE-563): [#def67]
/usr/libexec/git-core/git-mergetool:15:1: warning[SC2034]: OPTIONS_SPEC appears unused. Verify use (or export if used externally).
#   13|   SUBDIRECTORY_OK=Yes
#   14|   NONGIT_OK=Yes
#   15|-> OPTIONS_SPEC=
#   16|   TOOL_MODE=merge
#   17|   . git-sh-setup

Error: SHELLCHECK_WARNING (CWE-569): [#def68]
/usr/libexec/git-core/git-mergetool:238:3: warning[SC2188]: This redirection doesn't have a command. Move to its command (or use 'true' as no-op).
#  236|   		mv -- "$(git rev-parse --show-cdup)$tmpfile" "$3"
#  237|   	else
#  238|-> 		>"$3"
#  239|   	fi
#  240|   }

Error: SHELLCHECK_WARNING (CWE-480): [#def69]
/usr/libexec/git-core/git-mergetool:293:12: warning[SC1007]: Remove space after = if trying to assign a value (for empty string, use var='' ... ).
#  291|   	BASE="$MERGETOOL_TMPDIR/${BASE}_BASE_$$$ext"
#  292|   
#  293|-> 	base_mode= local_mode= remote_mode=
#  294|   
#  295|   	# here, $IFS is just a LF

Error: SHELLCHECK_WARNING (CWE-480): [#def70]
/usr/libexec/git-core/git-mergetool:293:24: warning[SC1007]: Remove space after = if trying to assign a value (for empty string, use var='' ... ).
#  291|   	BASE="$MERGETOOL_TMPDIR/${BASE}_BASE_$$$ext"
#  292|   
#  293|-> 	base_mode= local_mode= remote_mode=
#  294|   
#  295|   	# here, $IFS is just a LF

Error: SHELLCHECK_WARNING (CWE-563): [#def71]
/usr/libexec/git-core/git-mergetool:462:4: warning[SC2034]: TOOL_MODE appears unused. Verify use (or export if used externally).
#  460|   		case "$1" in
#  461|   		--tool-help=*)
#  462|-> 			TOOL_MODE=${1#--tool-help=}
#  463|   			show_tool_help
#  464|   			;;

Error: SHELLCHECK_WARNING (CWE-563): [#def72]
/usr/libexec/git-core/git-mergetool:484:4: warning[SC2034]: GIT_MERGETOOL_GUI appears unused. Verify use (or export if used externally).
#  482|   			;;
#  483|   		-g|--gui)
#  484|-> 			GIT_MERGETOOL_GUI=true
#  485|   			;;
#  486|   		-y|--no-prompt)

Error: SHELLCHECK_WARNING (CWE-156): [#def73]
/usr/libexec/git-core/git-mergetool:540:10: warning[SC2046]: Quote this to prevent word splitting.
#  538|   	if test $# -eq 0 && test -e "$GIT_DIR/MERGE_RR"
#  539|   	then
#  540|-> 		set -- $(git rerere remaining)
#  541|   		if test $# -eq 0
#  542|   		then

Error: SHELLCHECK_WARNING (CWE-563): [#def74]
/usr/libexec/git-core/git-quiltimport:2:1: warning[SC2034]: OPTIONS_KEEPDASHDASH appears unused. Verify use (or export if used externally).
#    1|   #!/usr/bin/sh
#    2|-> OPTIONS_KEEPDASHDASH=
#    3|   OPTIONS_STUCKLONG=
#    4|   OPTIONS_SPEC="\

Error: SHELLCHECK_WARNING (CWE-563): [#def75]
/usr/libexec/git-core/git-quiltimport:3:1: warning[SC2034]: OPTIONS_STUCKLONG appears unused. Verify use (or export if used externally).
#    1|   #!/usr/bin/sh
#    2|   OPTIONS_KEEPDASHDASH=
#    3|-> OPTIONS_STUCKLONG=
#    4|   OPTIONS_SPEC="\
#    5|   git quiltimport [options]

Error: SHELLCHECK_WARNING (CWE-563): [#def76]
/usr/libexec/git-core/git-quiltimport:4:1: warning[SC2034]: OPTIONS_SPEC appears unused. Verify use (or export if used externally).
#    2|   OPTIONS_KEEPDASHDASH=
#    3|   OPTIONS_STUCKLONG=
#    4|-> OPTIONS_SPEC="\
#    5|   git quiltimport [options]
#    6|   --

Error: SHELLCHECK_WARNING (CWE-563): [#def77]
/usr/libexec/git-core/git-quiltimport:13:1: warning[SC2034]: SUBDIRECTORY_ON appears unused. Verify use (or export if used externally).
#   11|   keep-non-patch Pass -b to git mailinfo
#   12|   "
#   13|-> SUBDIRECTORY_ON=Yes
#   14|   . git-sh-setup
#   15|   

Error: SHELLCHECK_WARNING (CWE-563): [#def78]
/usr/libexec/git-core/git-request-pull:7:1: warning[SC2034]: SUBDIRECTORY_OK appears unused. Verify use (or export if used externally).
#    5|   # at the discretion of Linus Torvalds.
#    6|   
#    7|-> SUBDIRECTORY_OK='Yes'
#    8|   OPTIONS_KEEPDASHDASH=
#    9|   OPTIONS_STUCKLONG=

Error: SHELLCHECK_WARNING (CWE-563): [#def79]
/usr/libexec/git-core/git-request-pull:8:1: warning[SC2034]: OPTIONS_KEEPDASHDASH appears unused. Verify use (or export if used externally).
#    6|   
#    7|   SUBDIRECTORY_OK='Yes'
#    8|-> OPTIONS_KEEPDASHDASH=
#    9|   OPTIONS_STUCKLONG=
#   10|   OPTIONS_SPEC='git request-pull [options] start url [end]

Error: SHELLCHECK_WARNING (CWE-563): [#def80]
/usr/libexec/git-core/git-request-pull:9:1: warning[SC2034]: OPTIONS_STUCKLONG appears unused. Verify use (or export if used externally).
#    7|   SUBDIRECTORY_OK='Yes'
#    8|   OPTIONS_KEEPDASHDASH=
#    9|-> OPTIONS_STUCKLONG=
#   10|   OPTIONS_SPEC='git request-pull [options] start url [end]
#   11|   --

Error: SHELLCHECK_WARNING (CWE-563): [#def81]
/usr/libexec/git-core/git-request-pull:10:1: warning[SC2034]: OPTIONS_SPEC appears unused. Verify use (or export if used externally).
#    8|   OPTIONS_KEEPDASHDASH=
#    9|   OPTIONS_STUCKLONG=
#   10|-> OPTIONS_SPEC='git request-pull [options] start url [end]
#   11|   --
#   12|   p    show patch text as well

Error: SHELLCHECK_WARNING (CWE-457): [#def82]
/usr/libexec/git-core/git-request-pull:72:29: warning[SC2154]: headref is referenced but not assigned (did you mean 'headrev'?).
#   70|   # Was it a branch with a description?
#   71|   branch_name=${head#refs/heads/}
#   72|-> if test "z$branch_name" = "z$headref" ||
#   73|   	! git config "branch.$branch_name.description" >/dev/null
#   74|   then

Error: SHELLCHECK_WARNING (CWE-456): [#def83]
/usr/libexec/git-core/git-request-pull:121:5: warning[SC2121]: To assign a variable, use just 'var=value', no 'set ..'.
#  119|   # Find a ref with the same name as $remote that exists at the remote
#  120|   # and points to the same commit as the local object.
#  121|-> set fnord $(git ls-remote "$url" | find_matching_ref)
#  122|   remote_sha1=$2
#  123|   ref=$3

Error: SHELLCHECK_WARNING (CWE-156): [#def84]
/usr/libexec/git-core/git-request-pull:121:11: warning[SC2046]: Quote this to prevent word splitting.
#  119|   # Find a ref with the same name as $remote that exists at the remote
#  120|   # and points to the same commit as the local object.
#  121|-> set fnord $(git ls-remote "$url" | find_matching_ref)
#  122|   remote_sha1=$2
#  123|   ref=$3

Error: SHELLCHECK_WARNING (CWE-156): [#def85]
/usr/libexec/git-core/git-request-pull:159:9: warning[SC2046]: Quote this to prevent word splitting.
#  157|   ----------------------------------------------------------------' $headrev &&
#  158|   
#  159|-> if test $(git cat-file -t "$head") = tag
#  160|   then
#  161|   	git cat-file tag "$head" |

Error: SHELLCHECK_WARNING (CWE-563): [#def86]
/usr/libexec/git-core/git-submodule:8:1: warning[SC2034]: USAGE appears unused. Verify use (or export if used externally).
#    6|   
#    7|   dashless=$(basename "$0" | sed -e 's/-/ /')
#    8|-> USAGE="[--quiet] [--cached]
#    9|      or: $dashless [--quiet] add [-b <branch>] [-f|--force] [--name <name>] [--reference <repository>] [--] <repository> [<path>]
#   10|      or: $dashless [--quiet] status [--cached] [--recursive] [--] [<path>...]

Error: SHELLCHECK_WARNING (CWE-563): [#def87]
/usr/libexec/git-core/git-submodule:20:1: warning[SC2034]: OPTIONS_SPEC appears unused. Verify use (or export if used externally).
#   18|      or: $dashless [--quiet] sync [--recursive] [--] [<path>...]
#   19|      or: $dashless [--quiet] absorbgitdirs [--] [<path>...]"
#   20|-> OPTIONS_SPEC=
#   21|   SUBDIRECTORY_OK=Yes
#   22|   . git-sh-setup

Error: SHELLCHECK_WARNING (CWE-563): [#def88]
/usr/libexec/git-core/git-submodule:21:1: warning[SC2034]: SUBDIRECTORY_OK appears unused. Verify use (or export if used externally).
#   19|      or: $dashless [--quiet] absorbgitdirs [--] [<path>...]"
#   20|   OPTIONS_SPEC=
#   21|-> SUBDIRECTORY_OK=Yes
#   22|   . git-sh-setup
#   23|   require_work_tree

Error: SHELLCHECK_WARNING (CWE-685): [#def89]
/usr/libexec/git-core/git-subtree:279:1: warning[SC2120]: cache_setup references arguments, but none are ever passed.
#  277|   
#  278|   # Usage: cache_setup
#  279|-> cache_setup () {
#  280|   	assert test $# = 0
#  281|   	cachedir="$GIT_DIR/subtree-cache/$$"

Error: SHELLCHECK_WARNING: [#def90]
/usr/libexec/git-core/git-subtree:317:2: warning[SC3043]: In POSIX sh, 'local' is undefined.
#  315|   check_parents () {
#  316|   	missed=$(cache_miss "$@") || exit $?
#  317|-> 	local indent=$(($indent + 1))
#  318|   	for miss in $missed
#  319|   	do

Error: SHELLCHECK_WARNING: [#def91]
/usr/libexec/git-core/git-subtree:413:2: warning[SC3043]: In POSIX sh, 'local' is undefined.
#  411|   	fi
#  412|   	debug "Looking for latest squash (dir=$dir, repository=$repository)..."
#  413|-> 	local indent=$(($indent + 1))
#  414|   
#  415|   	sq=

Error: SHELLCHECK_WARNING: [#def92]
/usr/libexec/git-core/git-subtree:461:2: warning[SC3043]: In POSIX sh, 'local' is undefined.
#  459|   	assert test $# -le 3
#  460|   	debug "Looking for prior splits..."
#  461|-> 	local indent=$(($indent + 1))
#  462|   
#  463|   	dir="$1"

Error: SHELLCHECK_WARNING: [#def93]
/usr/libexec/git-core/git-subtree:472:2: warning[SC3043]: In POSIX sh, 'local' is undefined.
#  470|   	main=
#  471|   	sub=
#  472|-> 	local grep_format="^git-subtree-dir: $dir/*\$"
#  473|   	if test -n "$arg_split_ignore_joins"
#  474|   	then

Error: SHELLCHECK_WARNING (CWE-563): [#def94]
/usr/libexec/git-core/git-subtree:639:13: warning[SC2034]: mode appears unused. Verify use (or export if used externally).
#  637|   	dir="$2"
#  638|   	git ls-tree "$commit" -- "$dir" |
#  639|-> 	while read mode type tree name
#  640|   	do
#  641|   		assert test "$name" = "$dir"

Error: SHELLCHECK_WARNING (CWE-685): [#def95]
/usr/libexec/git-core/git-subtree:769:1: warning[SC2120]: ensure_clean references arguments, but none are ever passed.
#  767|   
#  768|   # Usage: ensure_clean
#  769|-> ensure_clean () {
#  770|   	assert test $# = 0
#  771|   	if ! git diff-index HEAD --exit-code --quiet 2>&1

Error: SHELLCHECK_WARNING: [#def96]
/usr/libexec/git-core/git-subtree:827:2: warning[SC3043]: In POSIX sh, 'local' is undefined.
#  825|   process_split_commit () {
#  826|   	assert test $# = 2
#  827|-> 	local rev="$1"
#  828|   	local parents="$2"
#  829|   

Error: SHELLCHECK_WARNING: [#def97]
/usr/libexec/git-core/git-subtree:828:2: warning[SC3043]: In POSIX sh, 'local' is undefined.
#  826|   	assert test $# = 2
#  827|   	local rev="$1"
#  828|-> 	local parents="$2"
#  829|   
#  830|   	if test $indent -eq 0

Error: SHELLCHECK_WARNING: [#def98]
/usr/libexec/git-core/git-subtree:843:2: warning[SC3043]: In POSIX sh, 'local' is undefined.
#  841|   
#  842|   	debug "Processing commit: $rev"
#  843|-> 	local indent=$(($indent + 1))
#  844|   	exists=$(cache_get "$rev") || exit $?
#  845|   	if test -n "$exists"

Error: SHELLCHECK_WARNING (CWE-563): [#def99]
/usr/libexec/git-core/git-subtree:996:2: warning[SC2034]: unrevs appears unused. Verify use (or export if used externally).
#  994|   	fi
#  995|   
#  996|-> 	unrevs="$(find_existing_splits "$dir" "$rev" "$repository")" || exit $?
#  997|   
#  998|   	# We can't restrict rev-list to only $dir here, because some of our

Error: SHELLCHECK_WARNING (CWE-563): [#def100]
/usr/libexec/git-core/git-web--browse:19:1: warning[SC2034]: USAGE appears unused. Verify use (or export if used externally).
#   17|   #
#   18|   
#   19|-> USAGE='[--browser=browser|--tool=browser] [--config=conf.var] url/file ...'
#   20|   
#   21|   # This must be capable of running outside of git directory, so

Error: SHELLCHECK_WARNING (CWE-563): [#def101]
/usr/libexec/git-core/git-web--browse:23:1: warning[SC2034]: NONGIT_OK appears unused. Verify use (or export if used externally).
#   21|   # This must be capable of running outside of git directory, so
#   22|   # the vanilla git-sh-setup should not be used.
#   23|-> NONGIT_OK=Yes
#   24|   . git-sh-setup
#   25|   

Error: SHELLCHECK_WARNING (CWE-140): [#def102]
/usr/share/doc/git/contrib/completion/git-completion.bash:387:13: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a.
#  385|   	local IFS=$'\n'
#  386|   
#  387|-> 	COMPREPLY=($1)
#  388|   }
#  389|   

Error: SHELLCHECK_WARNING (CWE-140): [#def103]
/usr/share/doc/git/contrib/completion/git-completion.bash:400:14: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a.
#  398|   	local IFS=$'\n'
#  399|   
#  400|-> 	COMPREPLY+=($1)
#  401|   }
#  402|   

Error: SHELLCHECK_WARNING (CWE-569): [#def104]
/usr/share/doc/git/contrib/completion/git-completion.bash:475:10: error[SC2296]: Parameter expansions can't start with (. Double check syntax.
#  473|   # the completion script.
#  474|   if [[ -n ${ZSH_VERSION-} ]]; then
#  475|-> 	unset ${(M)${(k)parameters[@]}:#__gitcomp_builtin_*} 2>/dev/null
#  476|   else
#  477|   	unset $(compgen -v __gitcomp_builtin_)

Error: SHELLCHECK_WARNING (CWE-569): [#def105]
/usr/share/doc/git/contrib/completion/git-completion.bash:475:15: error[SC2296]: Parameter expansions can't start with (. Double check syntax.
#  473|   # the completion script.
#  474|   if [[ -n ${ZSH_VERSION-} ]]; then
#  475|-> 	unset ${(M)${(k)parameters[@]}:#__gitcomp_builtin_*} 2>/dev/null
#  476|   else
#  477|   	unset $(compgen -v __gitcomp_builtin_)

Error: SHELLCHECK_WARNING (CWE-156): [#def106]
/usr/share/doc/git/contrib/completion/git-completion.bash:477:8: warning[SC2046]: Quote this to prevent word splitting.
#  475|   	unset ${(M)${(k)parameters[@]}:#__gitcomp_builtin_*} 2>/dev/null
#  476|   else
#  477|-> 	unset $(compgen -v __gitcomp_builtin_)
#  478|   fi
#  479|   

Error: SHELLCHECK_WARNING (CWE-140): [#def107]
/usr/share/doc/git/contrib/completion/git-completion.bash:572:13: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a.
#  570|   	local IFS=$'\n'
#  571|   
#  572|-> 	COMPREPLY=($1)
#  573|   
#  574|   	# use a hack to enable file mode in bash < 4

Error: SHELLCHECK_WARNING: [#def108]
/usr/share/doc/git/contrib/completion/git-completion.bash:928:9: warning[SC2194]: This word is constant. Did you forget the $ on a variable?
#  926|   	*)
#  927|   		if [ "$list_refs_from" = remote ]; then
#  928|-> 			case "HEAD" in
#  929|   			$match*|$umatch*)	echo "${pfx}HEAD$sfx" ;;
#  930|   			esac

Error: SHELLCHECK_WARNING (CWE-571): [#def109]
/usr/share/doc/git/contrib/completion/git-completion.bash:931:10: warning[SC2155]: Declare and assign separately to avoid masking return values.
#  929|   			$match*|$umatch*)	echo "${pfx}HEAD$sfx" ;;
#  930|   			esac
#  931|-> 			local strip="$(__git_count_path_components "refs/remotes/$remote")"
#  932|   			__git for-each-ref --format="$fer_pfx%(refname:strip=$strip)$sfx" \
#  933|   				${GIT_COMPLETION_IGNORE_CASE+--ignore-case} \

Error: SHELLCHECK_WARNING: [#def110]
/usr/share/doc/git/contrib/completion/git-completion.bash:938:9: warning[SC2194]: This word is constant. Did you forget the $ on a variable?
#  936|   		else
#  937|   			local query_symref
#  938|-> 			case "HEAD" in
#  939|   			$match*|$umatch*)	query_symref="HEAD" ;;
#  940|   			esac

Error: SHELLCHECK_WARNING (CWE-480): [#def111]
/usr/share/doc/git/contrib/completion/git-completion.bash:973:15: warning[SC1007]: Remove space after = if trying to assign a value (for empty string, use var='' ... ).
#  971|   __git_complete_refs ()
#  972|   {
#  973|-> 	local remote= dwim= pfx= cur_="$cur" sfx=" " mode="refs"
#  974|   
#  975|   	while test $# != 0; do

Error: SHELLCHECK_WARNING (CWE-480): [#def112]
/usr/share/doc/git/contrib/completion/git-completion.bash:973:21: warning[SC1007]: Remove space after = if trying to assign a value (for empty string, use var='' ... ).
#  971|   __git_complete_refs ()
#  972|   {
#  973|-> 	local remote= dwim= pfx= cur_="$cur" sfx=" " mode="refs"
#  974|   
#  975|   	while test $# != 0; do

Error: SHELLCHECK_WARNING (CWE-480): [#def113]
/usr/share/doc/git/contrib/completion/git-completion.bash:973:26: warning[SC1007]: Remove space after = if trying to assign a value (for empty string, use var='' ... ).
#  971|   __git_complete_refs ()
#  972|   {
#  973|-> 	local remote= dwim= pfx= cur_="$cur" sfx=" " mode="refs"
#  974|   
#  975|   	while test $# != 0; do

Error: SHELLCHECK_WARNING (CWE-563): [#def114]
/usr/share/doc/git/contrib/completion/git-completion.bash:1041:16: warning[SC2034]: hash appears unused. Verify use (or export if used externally).
# 1039|   	local i hash
# 1040|   	__git ls-remote "$1" 'refs/heads/*' | \
# 1041|-> 	while read -r hash i; do
# 1042|   		echo "$i:refs/remotes/$1/${i#refs/heads/}"
# 1043|   	done

Error: SHELLCHECK_WARNING (CWE-480): [#def115]
/usr/share/doc/git/contrib/completion/git-completion.bash:1281:25: warning[SC1007]: Remove space after = if trying to assign a value (for empty string, use var='' ... ).
# 1279|   __git_aliased_command ()
# 1280|   {
# 1281|-> 	local cur=$1 last list= word cmdline
# 1282|   
# 1283|   	while [[ -n "$cur" ]]; do

Error: SHELLCHECK_WARNING (CWE-569): [#def116]
/usr/share/doc/git/contrib/completion/git-completion.bash:1305:4: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it.
# 1303|   			git)	: git itself ;;
# 1304|   			\(\))   : skip parens of shell function definition ;;
# 1305|-> 			{)	: skip start of shell helper function ;;
# 1306|   			:)	: skip null command ;;
# 1307|   			\'*)	: skip opening quote after sh -c ;;

Error: SHELLCHECK_WARNING (CWE-480): [#def117]
/usr/share/doc/git/contrib/completion/git-completion.bash:1405:15: warning[SC1007]: Remove space after = if trying to assign a value (for empty string, use var='' ... ).
# 1403|   {
# 1404|   	local c short_opt long_opt val
# 1405|-> 	local result= values config_key word
# 1406|   
# 1407|   	short_opt="$1"

Error: SHELLCHECK_WARNING (CWE-571): [#def118]
/usr/share/doc/git/contrib/completion/git-completion.bash:1594:8: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 1592|   	local all_subcommands="$completable_subcommands view"
# 1593|   
# 1594|-> 	local subcommand="$(__git_find_on_cmdline "$all_subcommands")"
# 1595|   
# 1596|   	if [ -z "$subcommand" ]; then

Error: SHELLCHECK_WARNING (CWE-477): [#def119]
/usr/share/doc/git/contrib/completion/git-completion.bash:1659:30: warning[SC2166]: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
# 1657|   		;;
# 1658|   	*)
# 1659|-> 		if [ $only_local_ref = "y" -a $has_r = "n" ]; then
# 1660|   			__gitcomp_direct "$(__git_heads "" "$cur" " ")"
# 1661|   		else

Error: SHELLCHECK_WARNING (CWE-571): [#def120]
/usr/share/doc/git/contrib/completion/git-completion.bash:1739:8: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 1737|   	__git_has_doubledash && return
# 1738|   
# 1739|-> 	local dwim_opt="$(__git_checkout_default_dwim_mode)"
# 1740|   
# 1741|   	case "$prev" in

Error: SHELLCHECK_WARNING (CWE-156): [#def121]
/usr/share/doc/git/contrib/completion/git-completion.bash:2396:7: warning[SC2046]: Quote this to prevent word splitting.
# 2394|   	esac
# 2395|   
# 2396|-> 	if [ $(__git_count_arguments "mv") -gt 0 ]; then
# 2397|   		# We need to show both cached and untracked files (including
# 2398|   		# empty directories) since this may not be the last argument.

Error: SHELLCHECK_WARNING (CWE-571): [#def122]
/usr/share/doc/git/contrib/completion/git-completion.bash:2408:8: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 2406|   {
# 2407|   	local subcommands='add append copy edit get-ref list merge prune remove show'
# 2408|-> 	local subcommand="$(__git_find_on_cmdline "$subcommands")"
# 2409|   
# 2410|   	case "$subcommand,$cur" in

Error: SHELLCHECK_WARNING (CWE-571): [#def123]
/usr/share/doc/git/contrib/completion/git-completion.bash:2691:8: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 2689|   _git_switch ()
# 2690|   {
# 2691|-> 	local dwim_opt="$(__git_checkout_default_dwim_mode)"
# 2692|   
# 2693|   	case "$prev" in

Error: SHELLCHECK_WARNING (CWE-480): [#def124]
/usr/share/doc/git/contrib/completion/git-completion.bash:2742:34: warning[SC1007]: Remove space after = if trying to assign a value (for empty string, use var='' ... ).
# 2740|   __git_config_get_set_variables ()
# 2741|   {
# 2742|-> 	local prevword word config_file= c=$cword
# 2743|   	while [ $c -gt "$__git_cmd_idx" ]; do
# 2744|   		word="${words[c]}"

Error: SHELLCHECK_WARNING (CWE-571): [#def125]
/usr/share/doc/git/contrib/completion/git-completion.bash:3079:8: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 3077|   		get-url set-url show prune update
# 3078|   		"
# 3079|-> 	local subcommand="$(__git_find_on_cmdline "$subcommands")"
# 3080|   	if [ -z "$subcommand" ]; then
# 3081|   		case "$cur" in

Error: SHELLCHECK_WARNING (CWE-571): [#def126]
/usr/share/doc/git/contrib/completion/git-completion.bash:3146:8: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 3144|   {
# 3145|   	local subcommands="clear forget diff remaining status gc"
# 3146|-> 	local subcommand="$(__git_find_on_cmdline "$subcommands")"
# 3147|   	if test -z "$subcommand"
# 3148|   	then

Error: SHELLCHECK_WARNING (CWE-670): [#def127]
/usr/share/doc/git/contrib/completion/git-completion.bash:3307:11: warning[SC2128]: Expanding an array without an index only gives the first element.
# 3305|   	# that's fine too.
# 3306|   	[[ "$cur" =~ .*/ ]]
# 3307|-> 	_tmp_dir=$BASH_REMATCH
# 3308|   
# 3309|   	# Find possible directory completions, adding trailing '/' characters,

Error: SHELLCHECK_WARNING (CWE-140): [#def128]
/usr/share/doc/git/contrib/completion/git-completion.bash:3403:14: warning[SC2206]: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a.
# 3401|   		# We found some completions; return them
# 3402|   		local IFS=$'\n'
# 3403|-> 		COMPREPLY=($completions)
# 3404|   	else
# 3405|   		# Do NOT fall back to bash-style all-local-files-and-dirs

Error: SHELLCHECK_WARNING (CWE-571): [#def129]
/usr/share/doc/git/contrib/completion/git-completion.bash:3437:8: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 3435|   {
# 3436|   	local subcommands="list init set disable add reapply"
# 3437|-> 	local subcommand="$(__git_find_on_cmdline "$subcommands")"
# 3438|   	local using_cone=true
# 3439|   	if [ -z "$subcommand" ]; then

Error: SHELLCHECK_WARNING (CWE-571): [#def130]
/usr/share/doc/git/contrib/completion/git-completion.bash:3468:8: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 3466|   {
# 3467|   	local subcommands='push list show apply clear drop pop create branch'
# 3468|-> 	local subcommand="$(__git_find_on_cmdline "$subcommands save")"
# 3469|   
# 3470|   	if [ -z "$subcommand" ]; then

Error: SHELLCHECK_WARNING (CWE-571): [#def131]
/usr/share/doc/git/contrib/completion/git-completion.bash:3516:8: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 3514|   
# 3515|   	local subcommands="add status init deinit update set-branch set-url summary foreach sync absorbgitdirs"
# 3516|-> 	local subcommand="$(__git_find_on_cmdline "$subcommands")"
# 3517|   	if [ -z "$subcommand" ]; then
# 3518|   		case "$cur" in

Error: SHELLCHECK_WARNING (CWE-571): [#def132]
/usr/share/doc/git/contrib/completion/git-completion.bash:3568:8: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 3566|   		migrate mkdirs reset gc
# 3567|   		"
# 3568|-> 	local subcommand="$(__git_find_on_cmdline "$subcommands")"
# 3569|   	if [ -z "$subcommand" ]; then
# 3570|   		__gitcomp "$subcommands"

Error: SHELLCHECK_WARNING (CWE-571): [#def133]
/usr/share/doc/git/contrib/completion/git-completion.bash:3939:8: warning[SC2155]: Declare and assign separately to avoid masking return values.
# 3937|   	__git_complete_command "$command" && return
# 3938|   
# 3939|-> 	local expansion=$(__git_aliased_command "$command")
# 3940|   	if [ -n "$expansion" ]; then
# 3941|   		words[1]=$expansion

Error: SHELLCHECK_WARNING (CWE-758): [#def134]
/usr/share/doc/git/contrib/completion/git-prompt.sh:1:1: error[SC2148]: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
#    1|-> # bash/zsh git prompt support
#    2|   #
#    3|   # Copyright (C) 2006,2007 Shawn O. Pearce <spearce@spearce.org>

Error: SHELLCHECK_WARNING (CWE-563): [#def135]
/usr/share/doc/git/contrib/completion/git-prompt.sh:159:48: warning[SC2034]: n appears unused. Verify use (or export if used externally).
#  157|   {
#  158|   	local key value
#  159|-> 	local svn_remotes="" svn_url_pattern="" count n
#  160|   	local upstream_type=git legacy="" verbose="" name=""
#  161|   	local LF="$__git_LF"

Error: SHELLCHECK_WARNING (CWE-457): [#def136]
/usr/share/doc/git/contrib/completion/git-prompt.sh:161:12: warning[SC2154]: __git_LF is referenced but not assigned.
#  159|   	local svn_remotes="" svn_url_pattern="" count n
#  160|   	local upstream_type=git legacy="" verbose="" name=""
#  161|-> 	local LF="$__git_LF"
#  162|   
#  163|   	# get some config options from git-config

Error: SHELLCHECK_WARNING (CWE-571): [#def137]
/usr/share/doc/git/contrib/completion/git-prompt.sh:164:8: warning[SC2155]: Declare and assign separately to avoid masking return values.
#  162|   
#  163|   	# get some config options from git-config
#  164|-> 	local output="$(git config -z --get-regexp '^(svn-remote\..*\.url|bash\.showupstream)$' 2>/dev/null | tr '\0\n' '\n ')"
#  165|   	while read -r key value; do
#  166|   		case "$key" in

Error: SHELLCHECK_WARNING (CWE-571): [#def138]
/usr/share/doc/git/contrib/completion/git-prompt.sh:207:9: warning[SC2155]: Declare and assign separately to avoid masking return values.
#  205|   		# get upstream from "git-svn-id: UPSTRM@N HASH" in a commit message
#  206|   		# (git-svn uses essentially the same procedure internally)
#  207|-> 		local svn_upstream="$(
#  208|   			git log --first-parent -1 \
#  209|   				--grep="^git-svn-id: \(${svn_url_pattern#??}\)" 2>/dev/null

Error: SHELLCHECK_WARNING (CWE-457): [#def139]
/usr/share/doc/git/contrib/completion/git-prompt.sh:317:47: warning[SC2154]: __git_ESC is referenced but not assigned.
#  315|   		# which bash/readline identify while calculating the prompt
#  316|   		# on-screen width - to exclude 0-screen-width esc sequences.
#  317|-> 		local c_pre="${GIT_PS1_COLOR_PRE-$__git_SOH}${__git_ESC}["
#  318|   		local c_post="m${GIT_PS1_COLOR_POST-$__git_STX}"
#  319|   

Error: SHELLCHECK_WARNING (CWE-457): [#def140]
/usr/share/doc/git/contrib/completion/git-prompt.sh:359:22: warning[SC2154]: __git_CRLF is referenced but not assigned.
#  357|   __git_eread ()
#  358|   {
#  359|-> 	test -r "$1" && IFS=$__git_CRLF read -r "$2" <"$1"
#  360|   }
#  361|   

Error: SHELLCHECK_WARNING (CWE-569): [#def141]
/usr/share/doc/git/contrib/completion/git-prompt.sh:575:6: warning[SC2221]: This pattern always overrides a later one on line 575.
#  573|   				(describe)
#  574|   					git describe HEAD ;;
#  575|-> 				(* | default)
#  576|   					git describe --tags --exact-match HEAD ;;
#  577|   				esac 2>/dev/null)" ||

Error: SHELLCHECK_WARNING (CWE-569): [#def142]
/usr/share/doc/git/contrib/completion/git-prompt.sh:575:10: warning[SC2222]: This pattern never matches because of a previous pattern on line 575.
#  573|   				(describe)
#  574|   					git describe HEAD ;;
#  575|-> 				(* | default)
#  576|   					git describe --tags --exact-match HEAD ;;
#  577|   				esac 2>/dev/null)" ||

Error: SHELLCHECK_WARNING (CWE-569): [#def143]
/usr/share/doc/git/contrib/coverage-diff.sh:48:1: warning[SC2188]: This redirection doesn't have a command. Move to its command (or use 'true' as no-op).
#   46|   
#   47|   # create empty file
#   48|-> >coverage-data.txt
#   49|   
#   50|   for file in $files

Error: SHELLCHECK_WARNING (CWE-477): [#def144]
/usr/share/doc/git/contrib/fast-import/git-import.sh:7:14: warning[SC2166]: Prefer [ p ] || [ q ] as [ p -o q ] is not well defined.
#    5|   # but is meant to be a simple fast-import example.
#    6|   
#    7|-> if [ -z "$1" -o -z "$2" ]; then
#    8|   	echo "usage: git-import branch import-message"
#    9|   	exit 1

Error: SHELLCHECK_WARNING (CWE-477): [#def145]
/usr/share/doc/git/contrib/fast-import/git-import.sh:15:21: warning[SC2166]: Prefer [ p ] || [ q ] as [ p -o q ] is not well defined.
#   13|   EMAIL="$(git config user.email)"
#   14|   
#   15|-> if [ -z "$USERNAME" -o -z "$EMAIL" ]; then
#   16|   	echo "You need to set user name and email"
#   17|   	exit 1

Error: SHELLCHECK_WARNING (CWE-156): [#def146]
/usr/share/doc/git/contrib/fast-import/git-import.sh:33:13: warning[SC2046]: Quote this to prevent word splitting.
#   31|   	find * -type f|while read i;do
#   32|   		echo "M 100644 inline $i"
#   33|-> 		echo data $(stat -c '%s' "$i")
#   34|   		cat "$i"
#   35|   		echo

Error: SHELLCHECK_WARNING (CWE-563): [#def147]
/usr/share/doc/git/contrib/rerere-train.sh:14:1: warning[SC2034]: SUBDIRECTORY_OK appears unused. Verify use (or export if used externally).
#   12|   )
#   13|   
#   14|-> SUBDIRECTORY_OK=Yes
#   15|   
#   16|   overwrite=0

Error: SHELLCHECK_WARNING (CWE-252): [#def148]
/usr/share/doc/git/contrib/update-unicode/update_unicode.sh:8:1: warning[SC2164]: Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
#    6|   #Cf Format          a format control character
#    7|   #
#    8|-> cd "$(dirname "$0")"
#    9|   UNICODEWIDTH_H=$(git rev-parse --show-toplevel)/unicode-width.h
#   10|   

Error: SHELLCHECK_WARNING (CWE-758): [#def149]
/usr/share/git-core/contrib/completion/git-prompt.sh:1:1: error[SC2148]: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
#    1|-> # bash/zsh git prompt support
#    2|   #
#    3|   # Copyright (C) 2006,2007 Shawn O. Pearce <spearce@spearce.org>

Error: SHELLCHECK_WARNING (CWE-563): [#def150]
/usr/share/git-core/contrib/completion/git-prompt.sh:159:48: warning[SC2034]: n appears unused. Verify use (or export if used externally).
#  157|   {
#  158|   	local key value
#  159|-> 	local svn_remotes="" svn_url_pattern="" count n
#  160|   	local upstream_type=git legacy="" verbose="" name=""
#  161|   	local LF="$__git_LF"

Error: SHELLCHECK_WARNING (CWE-457): [#def151]
/usr/share/git-core/contrib/completion/git-prompt.sh:161:12: warning[SC2154]: __git_LF is referenced but not assigned.
#  159|   	local svn_remotes="" svn_url_pattern="" count n
#  160|   	local upstream_type=git legacy="" verbose="" name=""
#  161|-> 	local LF="$__git_LF"
#  162|   
#  163|   	# get some config options from git-config

Error: SHELLCHECK_WARNING (CWE-571): [#def152]
/usr/share/git-core/contrib/completion/git-prompt.sh:164:8: warning[SC2155]: Declare and assign separately to avoid masking return values.
#  162|   
#  163|   	# get some config options from git-config
#  164|-> 	local output="$(git config -z --get-regexp '^(svn-remote\..*\.url|bash\.showupstream)$' 2>/dev/null | tr '\0\n' '\n ')"
#  165|   	while read -r key value; do
#  166|   		case "$key" in

Error: SHELLCHECK_WARNING (CWE-571): [#def153]
/usr/share/git-core/contrib/completion/git-prompt.sh:207:9: warning[SC2155]: Declare and assign separately to avoid masking return values.
#  205|   		# get upstream from "git-svn-id: UPSTRM@N HASH" in a commit message
#  206|   		# (git-svn uses essentially the same procedure internally)
#  207|-> 		local svn_upstream="$(
#  208|   			git log --first-parent -1 \
#  209|   				--grep="^git-svn-id: \(${svn_url_pattern#??}\)" 2>/dev/null

Error: SHELLCHECK_WARNING (CWE-457): [#def154]
/usr/share/git-core/contrib/completion/git-prompt.sh:317:47: warning[SC2154]: __git_ESC is referenced but not assigned.
#  315|   		# which bash/readline identify while calculating the prompt
#  316|   		# on-screen width - to exclude 0-screen-width esc sequences.
#  317|-> 		local c_pre="${GIT_PS1_COLOR_PRE-$__git_SOH}${__git_ESC}["
#  318|   		local c_post="m${GIT_PS1_COLOR_POST-$__git_STX}"
#  319|   

Error: SHELLCHECK_WARNING (CWE-457): [#def155]
/usr/share/git-core/contrib/completion/git-prompt.sh:359:22: warning[SC2154]: __git_CRLF is referenced but not assigned.
#  357|   __git_eread ()
#  358|   {
#  359|-> 	test -r "$1" && IFS=$__git_CRLF read -r "$2" <"$1"
#  360|   }
#  361|   

Error: SHELLCHECK_WARNING (CWE-569): [#def156]
/usr/share/git-core/contrib/completion/git-prompt.sh:575:6: warning[SC2221]: This pattern always overrides a later one on line 575.
#  573|   				(describe)
#  574|   					git describe HEAD ;;
#  575|-> 				(* | default)
#  576|   					git describe --tags --exact-match HEAD ;;
#  577|   				esac 2>/dev/null)" ||

Error: SHELLCHECK_WARNING (CWE-569): [#def157]
/usr/share/git-core/contrib/completion/git-prompt.sh:575:10: warning[SC2222]: This pattern never matches because of a previous pattern on line 575.
#  573|   				(describe)
#  574|   					git describe HEAD ;;
#  575|-> 				(* | default)
#  576|   					git describe --tags --exact-match HEAD ;;
#  577|   				esac 2>/dev/null)" ||

Error: SHELLCHECK_WARNING (CWE-156): [#def158]
/usr/share/git-core/templates/hooks/pre-commit.sample:31:7: warning[SC2046]: Quote this to prevent word splitting.
#   29|   	# even required, for portability to Solaris 10's /usr/bin/tr), since
#   30|   	# the square bracket bytes happen to fall in the designated range.
#   31|-> 	test $(git diff-index --cached --name-only --diff-filter=A -z $against |
#   32|   	  LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0
#   33|   then

Error: SHELLCHECK_WARNING (CWE-563): [#def159]
/usr/share/git-core/templates/hooks/pre-push.sample:22:1: warning[SC2034]: remote appears unused. Verify use (or export if used externally).
#   20|   # with "WIP" (work in progress).
#   21|   
#   22|-> remote="$1"
#   23|   url="$2"
#   24|   

Error: SHELLCHECK_WARNING (CWE-563): [#def160]
/usr/share/git-core/templates/hooks/pre-push.sample:23:1: warning[SC2034]: url appears unused. Verify use (or export if used externally).
#   21|   
#   22|   remote="$1"
#   23|-> url="$2"
#   24|   
#   25|   zero=$(git hash-object --stdin </dev/null | tr '[0-9a-f]' '0')

Error: SHELLCHECK_WARNING (CWE-563): [#def161]
/usr/share/git-core/templates/hooks/pre-push.sample:27:32: warning[SC2034]: remote_ref appears unused. Verify use (or export if used externally).
#   25|   zero=$(git hash-object --stdin </dev/null | tr '[0-9a-f]' '0')
#   26|   
#   27|-> while read local_ref local_oid remote_ref remote_oid
#   28|   do
#   29|   	if test "$local_oid" = "$zero"

Error: SHELLCHECK_WARNING (CWE-563): [#def162]
/usr/share/git-core/templates/hooks/pre-rebase.sample:19:1: warning[SC2034]: basebranch appears unused. Verify use (or export if used externally).
#   17|   
#   18|   publish=next
#   19|-> basebranch="$1"
#   20|   if test "$#" = 2
#   21|   then

Error: SHELLCHECK_WARNING (CWE-569): [#def163]
/usr/share/git-core/templates/hooks/pre-rebase.sample:91:1: warning[SC2188]: This redirection doesn't have a command. Move to its command (or use 'true' as no-op).
#   89|   fi
#   90|   
#   91|-> <<\DOC_END
#   92|   
#   93|   This sample hook safeguards topic branches that have been

Error: SHELLCHECK_WARNING (CWE-457): [#def164]
/usr/share/git-core/templates/hooks/pre-receive.sample:15:9: warning[SC2154]: value is referenced but not assigned.
#   13|   	do
#   14|   		eval "value=\$GIT_PUSH_OPTION_$i"
#   15|-> 		case "$value" in
#   16|   		echoback=*)
#   17|   			echo "echo from the pre-receive-hook: ${value#*=}" >&2

Error: SHELLCHECK_WARNING (CWE-563): [#def165]
/usr/share/git-core/templates/hooks/prepare-commit-msg.sample:24:1: warning[SC2034]: COMMIT_SOURCE appears unused. Verify use (or export if used externally).
#   22|   
#   23|   COMMIT_MSG_FILE=$1
#   24|-> COMMIT_SOURCE=$2
#   25|   SHA1=$3
#   26|   

Error: SHELLCHECK_WARNING (CWE-563): [#def166]
/usr/share/git-core/templates/hooks/prepare-commit-msg.sample:25:1: warning[SC2034]: SHA1 appears unused. Verify use (or export if used externally).
#   23|   COMMIT_MSG_FILE=$1
#   24|   COMMIT_SOURCE=$2
#   25|-> SHA1=$3
#   26|   
#   27|   /usr/bin/perl -i.bak -ne 'print unless(m/^. Please enter the commit message/..m/^#$/)' "$COMMIT_MSG_FILE"

Error: SHELLCHECK_WARNING (CWE-477): [#def167]
/usr/share/git-core/templates/hooks/update.sample:40:20: warning[SC2166]: Prefer [ p ] || [ q ] as [ p -o q ] is not well defined.
#   38|   fi
#   39|   
#   40|-> if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
#   41|   	echo "usage: $0 <ref> <oldrev> <newrev>" >&2
#   42|   	exit 1

Error: SHELLCHECK_WARNING (CWE-477): [#def168]
/usr/share/git-core/templates/hooks/update.sample:40:36: warning[SC2166]: Prefer [ p ] || [ q ] as [ p -o q ] is not well defined.
#   38|   fi
#   39|   
#   40|-> if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
#   41|   	echo "usage: $0 <ref> <oldrev> <newrev>" >&2
#   42|   	exit 1

Error: SHELLCHECK_WARNING (CWE-477): [#def169]
/usr/share/git-core/templates/hooks/update.sample:98:28: warning[SC2166]: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
#   96|   	refs/heads/*,commit)
#   97|   		# branch
#   98|-> 		if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then
#   99|   			echo "*** Creating a branch is not allowed in this repository" >&2
#  100|   			exit 1

Error: GCC_ANALYZER_WARNING (CWE-476): [#def170]
git-2.52.0/abspath.h:30:27: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
git-2.52.0/worktree.c:612:13: enter_function: entry to ‘repair_gitfile’
git-2.52.0/worktree.c:626:12: branch_false: following ‘false’ branch...
git-2.52.0/worktree.c:629:27: branch_false: ...to here
git-2.52.0/worktree.c:629:12: branch_false: following ‘false’ branch...
git-2.52.0/worktree.c:634:16: branch_false: ...to here
git-2.52.0/worktree.c:649:12: branch_false: following ‘false’ branch...
git-2.52.0/worktree.c:651:17: branch_false: ...to here
git-2.52.0/worktree.c:651:17: branch_false: following ‘false’ branch...
git-2.52.0/worktree.c:653:42: branch_false: ...to here
git-2.52.0/worktree.c:653:17: branch_false: following ‘false’ branch...
git-2.52.0/worktree.c:655:40: call_function: inlined call to ‘is_absolute_path’ from ‘repair_gitfile’
#   28|   static inline int is_absolute_path(const char *path)
#   29|   {
#   30|-> 	return is_dir_sep(path[0]) || has_dos_drive_prefix(path);
#   31|   }
#   32|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def171]
git-2.52.0/add-patch.c:316:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/add-patch.c:314:9: acquire_resource: ‘va_start’ called here
git-2.52.0/add-patch.c:315:16: branch_true: following ‘true’ branch (when ‘arg’ is non-NULL)...
git-2.52.0/add-patch.c:316:17: branch_true: ...to here
git-2.52.0/add-patch.c:316:17: throw: if ‘strvec_push’ throws an exception...
git-2.52.0/add-patch.c:316:17: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  314|   	va_start(ap, cp);
#  315|   	while ((arg = va_arg(ap, const char *)))
#  316|-> 		strvec_push(&cp->args, arg);
#  317|   	va_end(ap);
#  318|   

Error: COMPILER_WARNING (CWE-704): [#def172]
git-2.52.0/add-patch.c: scope_hint: In function ‘parse_hunk_header’
git-2.52.0/add-patch.c:345:21: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  345 |         char *eol = memchr(p, '\n', s->plain.len - hunk->start);
#      |                     ^~~~~~
#  343|   	struct hunk_header *header = &hunk->header;
#  344|   	const char *line = s->plain.buf + hunk->start, *p = line;
#  345|-> 	char *eol = memchr(p, '\n', s->plain.len - hunk->start);
#  346|   
#  347|   	if (!eol)

Error: COMPILER_WARNING (CWE-704): [#def173]
git-2.52.0/add-patch.c:345:21: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  343|   	struct hunk_header *header = &hunk->header;
#  344|   	const char *line = s->plain.buf + hunk->start, *p = line;
#  345|-> 	char *eol = memchr(p, '\n', s->plain.len - hunk->start);
#  346|   
#  347|   	if (!eol)

Error: COMPILER_WARNING (CWE-704): [#def174]
git-2.52.0/add-patch.c:369:13: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  369 |         eol = memchr(line, '\n', s->colored.len - hunk->colored_start);
#      |             ^
#  367|   	/* Now find the extra text in the colored diff */
#  368|   	line = s->colored.buf + hunk->colored_start;
#  369|-> 	eol = memchr(line, '\n', s->colored.len - hunk->colored_start);
#  370|   	if (!eol)
#  371|   		eol = s->colored.buf + s->colored.len;

Error: COMPILER_WARNING (CWE-704): [#def175]
git-2.52.0/add-patch.c:369:13: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  367|   	/* Now find the extra text in the colored diff */
#  368|   	line = s->colored.buf + hunk->colored_start;
#  369|-> 	eol = memchr(line, '\n', s->colored.len - hunk->colored_start);
#  370|   	if (!eol)
#  371|   		eol = s->colored.buf + s->colored.len;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def176]
git-2.52.0/add-patch.c:533:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘file_diff’
git-2.52.0/add-patch.c:414:12: enter_function: entry to ‘parse_diff’
git-2.52.0/add-patch.c:447:9: call_function: calling ‘setup_child_process’ from ‘parse_diff’
git-2.52.0/add-patch.c:447:9: return_function: returning to ‘parse_diff’ from ‘setup_child_process’
git-2.52.0/add-patch.c:450:12: branch_false: following ‘false’ branch...
git-2.52.0/add-patch.c:454:14: branch_false: ...to here
git-2.52.0/add-patch.c:454:12: branch_false: following ‘false’ branch...
git-2.52.0/add-patch.c:458:9: call_function: inlined call to ‘strbuf_complete_line’ from ‘parse_diff’
git-2.52.0/add-patch.c:460:12: branch_false: following ‘false’ branch...
git-2.52.0/add-patch.c:494:9: branch_false: ...to here
git-2.52.0/add-patch.c:499:16: branch_true: following ‘true’ branch (when ‘p != pend’)...
git-2.52.0/add-patch.c:500:29: branch_true: ...to here
git-2.52.0/add-patch.c:502:27: call_function: inlined call to ‘normalize_marker’ from ‘parse_diff’
git-2.52.0/add-patch.c:504:20: branch_true: following ‘true’ branch (when ‘eol’ is NULL)...
git-2.52.0/add-patch.c:504:20: branch_true: ...to here
git-2.52.0/add-patch.c:507:20: branch_false: following ‘false’ branch...
git-2.52.0/add-patch.c:508:21: branch_false: ...to here
git-2.52.0/add-patch.c:507:21: branch_false: following ‘false’ branch...
git-2.52.0/add-patch.c:518:33: branch_false: ...to here
git-2.52.0/add-patch.c:518:27: branch_false: following ‘false’ branch...
git-2.52.0/add-patch.c:521:26: branch_false: ...to here
git-2.52.0/add-patch.c:521:25: branch_false: following ‘false’ branch...
git-2.52.0/add-patch.c:523:26: branch_false: ...to here
git-2.52.0/add-patch.c:523:25: branch_true: following ‘true’ branch...
git-2.52.0/add-patch.c:526:29: branch_true: ...to here
git-2.52.0/add-patch.c:526:28: branch_false: following ‘false’ branch...
git-2.52.0/add-patch.c:533:25: branch_false: ...to here
git-2.52.0/add-patch.c:533:25: danger: dereference of NULL ‘file_diff’
#  531|   				hunk->splittable_into++;
#  532|   
#  533|-> 			ALLOC_GROW_BY(file_diff->hunk, file_diff->hunk_nr, 1,
#  534|   				   file_diff->hunk_alloc);
#  535|   			hunk = file_diff->hunk + file_diff->hunk_nr - 1;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def177]
git-2.52.0/add-patch.c:610:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘hunk’
git-2.52.0/add-patch.c:414:12: enter_function: entry to ‘parse_diff’
git-2.52.0/add-patch.c:447:9: call_function: calling ‘setup_child_process’ from ‘parse_diff’
git-2.52.0/add-patch.c:447:9: return_function: returning to ‘parse_diff’ from ‘setup_child_process’
git-2.52.0/add-patch.c:450:12: branch_false: following ‘false’ branch...
git-2.52.0/add-patch.c:454:14: branch_false: ...to here
git-2.52.0/add-patch.c:454:12: branch_false: following ‘false’ branch...
git-2.52.0/add-patch.c:458:9: call_function: inlined call to ‘strbuf_complete_line’ from ‘parse_diff’
git-2.52.0/add-patch.c:460:12: branch_false: following ‘false’ branch...
git-2.52.0/add-patch.c:494:9: branch_false: ...to here
git-2.52.0/add-patch.c:499:16: branch_true: following ‘true’ branch (when ‘p != pend’)...
git-2.52.0/add-patch.c:500:29: branch_true: ...to here
git-2.52.0/add-patch.c:502:27: call_function: inlined call to ‘normalize_marker’ from ‘parse_diff’
git-2.52.0/add-patch.c:504:20: branch_true: following ‘true’ branch (when ‘eol’ is NULL)...
git-2.52.0/add-patch.c:504:20: branch_true: ...to here
git-2.52.0/add-patch.c:507:20: branch_false: following ‘false’ branch...
git-2.52.0/add-patch.c:508:21: branch_false: ...to here
git-2.52.0/add-patch.c:507:21: branch_false: following ‘false’ branch...
git-2.52.0/add-patch.c:518:33: branch_false: ...to here
git-2.52.0/add-patch.c:518:27: branch_false: following ‘false’ branch...
git-2.52.0/add-patch.c:521:26: branch_false: ...to here
git-2.52.0/add-patch.c:597:20: branch_false: following ‘false’ branch...
git-2.52.0/add-patch.c:604:22: branch_false: ...to here
git-2.52.0/add-patch.c:604:20: branch_false: following ‘false’ branch...
git-2.52.0/add-patch.c:606:21: branch_false: ...to here
git-2.52.0/add-patch.c:606:20: branch_false: following ‘false’ branch...
git-2.52.0/add-patch.c:609:21: branch_false: ...to here
git-2.52.0/add-patch.c:609:21: branch_false: following ‘false’ branch (when ‘eol == pend’)...
git-2.52.0/add-patch.c:610:33: branch_false: ...to here
git-2.52.0/add-patch.c:610:17: danger: dereference of NULL ‘hunk’
#  608|   
#  609|   		p = eol == pend ? pend : eol + 1;
#  610|-> 		hunk->end = p - plain->buf;
#  611|   
#  612|   		if (colored) {

Error: GCC_ANALYZER_WARNING (CWE-404): [#def178]
git-2.52.0/advice.c:106:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/advice.c:242:15: enter_function: entry to ‘die_ff_impossible’
git-2.52.0/advice.c:244:9: call_function: calling ‘_’ from ‘die_ff_impossible’
git-2.52.0/advice.c:244:9: return_function: returning to ‘die_ff_impossible’ from ‘_’
git-2.52.0/advice.c:244:9: call_function: calling ‘advise_if_enabled’ from ‘die_ff_impossible’
#  104|   	const char *cp, *np;
#  105|   
#  106|-> 	strbuf_vaddf(&buf, advice, params);
#  107|   
#  108|   	if (display_instructions)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def179]
git-2.52.0/apply.c:194:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(prefix_filename(*state.prefix,  arg), 0)’
git-2.52.0/apply.c:4970:5: enter_function: entry to ‘apply_all_patches’
git-2.52.0/apply.c:4980:21: branch_true: following ‘true’ branch (when ‘i < argc’)...
git-2.52.0/apply.c:4981:39: branch_true: ...to here
git-2.52.0/apply.c:4985:20: branch_false: following ‘false’ branch (when the strings are non-equal)...
git-2.52.0/apply.c:4993:41: branch_false: ...to here
git-2.52.0/apply.c:4995:22: acquire_resource: opened here
git-2.52.0/apply.c:4996:20: branch_false: following ‘false’ branch...
git-2.52.0/apply.c:5003:17: branch_false: ...to here
git-2.52.0/apply.c:5004:23: call_function: calling ‘apply_patch’ from ‘apply_all_patches’
#  192|   static void set_default_whitespace_mode(struct apply_state *state)
#  193|   {
#  194|-> 	if (!state->whitespace_option && !apply_default_whitespace)
#  195|   		state->ws_error_action = (state->apply ? warn_on_ws_error : nowarn_ws_error);
#  196|   }

Error: COMPILER_WARNING (CWE-704): [#def180]
git-2.52.0/apply.c: scope_hint: In function ‘preimage_oid_in_gitlink_patch’
git-2.52.0/apply.c:4115:23: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 4115 |             (preimage = memchr(hunk->patch, '\n', hunk->size)) != NULL &&
#      |                       ^
# 4113|   	    hunk->oldpos == 1 && hunk->oldlines == 1 &&
# 4114|   	    /* does preimage begin with the heading? */
# 4115|-> 	    (preimage = memchr(hunk->patch, '\n', hunk->size)) != NULL &&
# 4116|   	    starts_with(++preimage, heading) &&
# 4117|   	    /* does it record full SHA-1? */

Error: COMPILER_WARNING (CWE-704): [#def181]
git-2.52.0/apply.c:4115:23: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 4113|   	    hunk->oldpos == 1 && hunk->oldlines == 1 &&
# 4114|   	    /* does preimage begin with the heading? */
# 4115|-> 	    (preimage = memchr(hunk->patch, '\n', hunk->size)) != NULL &&
# 4116|   	    starts_with(++preimage, heading) &&
# 4117|   	    /* does it record full SHA-1? */

Error: GCC_ANALYZER_WARNING: [#def182]
git-2.52.0/archive-tar.c:511:13: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘1’
git-2.52.0/archive-tar.c:481:12: branch_false: following ‘false’ branch...
git-2.52.0/archive-tar.c:484:14: branch_false: ...to here
git-2.52.0/archive-tar.c:484:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
git-2.52.0/archive-tar.c:499:9: branch_false: ...to here
git-2.52.0/archive-tar.c:508:12: branch_false: following ‘false’ branch...
git-2.52.0/archive-tar.c:510:9: branch_false: ...to here
git-2.52.0/archive-tar.c:510:9: release_resource: closed here
git-2.52.0/archive-tar.c:511:13: danger: ‘1’ could be invalid
#  509|   		die_errno(_("unable to start '%s' filter"), cmd.buf);
#  510|   	close(1);
#  511|-> 	if (dup2(filter.in, 1) < 0)
#  512|   		die_errno(_("unable to redirect descriptor"));
#  513|   	close(filter.in);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def183]
git-2.52.0/blame.c:159:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(git_path_merge_head(r), 0)’
git-2.52.0/blame.c:2765:6: enter_function: entry to ‘setup_scoreboard’
git-2.52.0/blame.c:2778:12: branch_false: following ‘false’ branch...
git-2.52.0/blame.c:2781:12: branch_false: ...to here
git-2.52.0/blame.c:2781:12: branch_true: following ‘true’ branch...
git-2.52.0/blame.c:2782:29: branch_true: ...to here
git-2.52.0/blame.c:2782:29: call_function: calling ‘find_single_final’ from ‘setup_scoreboard’
git-2.52.0/blame.c:2782:29: return_function: returning to ‘setup_scoreboard’ from ‘find_single_final’
git-2.52.0/blame.c:2792:12: branch_true: following ‘true’ branch...
git-2.52.0/blame.c:2807:21: branch_true: ...to here
git-2.52.0/blame.c:2807:20: branch_true: following ‘true’ branch...
git-2.52.0/blame.c:2808:25: branch_true: ...to here
git-2.52.0/blame.c:2815:20: branch_false: following ‘false’ branch...
git-2.52.0/blame.c:2818:29: branch_false: ...to here
git-2.52.0/blame.c:2818:29: call_function: calling ‘fake_working_tree_commit’ from ‘setup_scoreboard’
#  157|   	}
#  158|   
#  159|-> 	while (!strbuf_getwholeline_fd(&line, merge_head, '\n')) {
#  160|   		struct object_id oid;
#  161|   		if (get_oid_hex(line.buf, &oid))

Error: COMPILER_WARNING: [#def184]
git-2.52.0/blame.c: scope_hint: In function ‘blame_coalesce’
git-2.52.0/blame.c:1200:36: warning[-Wuse-after-free]: pointer ‘ent_20’ used after ‘free’
# 1200 |                         ent->score = 0;
#      |                         ~~~~~~~~~~~^~~
git-2.52.0/blame.c:1199:25: note: call to ‘free’ here
# 1199 |                         free(next);
#      |                         ^~~~~~~~~~
# 1198|   			blame_origin_decref(next->suspect);
# 1199|   			free(next);
# 1200|-> 			ent->score = 0;
# 1201|   			next = ent; /* again */
# 1202|   		}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def185]
git-2.52.0/blame.c:2843:24: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘c’
git-2.52.0/blame.c:2765:6: enter_function: entry to ‘setup_scoreboard’
git-2.52.0/blame.c:2778:12: branch_false: following ‘false’ branch...
git-2.52.0/blame.c:2781:12: branch_false: ...to here
git-2.52.0/blame.c:2781:12: branch_true: following ‘true’ branch...
git-2.52.0/blame.c:2782:29: branch_true: ...to here
git-2.52.0/blame.c:2782:29: call_function: calling ‘find_single_final’ from ‘setup_scoreboard’
git-2.52.0/blame.c:2782:29: return_function: returning to ‘setup_scoreboard’ from ‘find_single_final’
git-2.52.0/blame.c:2792:12: branch_false: following ‘false’ branch...
git-2.52.0/blame.c:2836:12: branch_false: following ‘false’ branch...
git-2.52.0/blame.c:2839:13: branch_false: ...to here
git-2.52.0/blame.c:2839:12: branch_true: following ‘true’ branch...
git-2.52.0/blame.c:2843:24: danger: dereference of NULL ‘c’
# 2841|   
# 2842|   		sb->revs->children.name = "children";
# 2843|-> 		while (c->parents &&
# 2844|   		       !oideq(&c->object.oid, &sb->final->object.oid)) {
# 2845|   			struct commit_list *l = xcalloc(1, sizeof(*l));

Error: COMPILER_WARNING (CWE-704): [#def186]
git-2.52.0/bloom.c: scope_hint: In function ‘get_or_compute_bloom_filter’
git-2.52.0/bloom.c:515:52: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  515 |                                 char *last_slash = strrchr(path, '/');
#      |                                                    ^~~~~~~
#  513|   			 */
#  514|   			do {
#  515|-> 				char *last_slash = strrchr(path, '/');
#  516|   
#  517|   				FLEX_ALLOC_STR(e, path, path);

Error: COMPILER_WARNING (CWE-704): [#def187]
git-2.52.0/bloom.c:515:52: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  513|   			 */
#  514|   			do {
#  515|-> 				char *last_slash = strrchr(path, '/');
#  516|   
#  517|   				FLEX_ALLOC_STR(e, path, path);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def188]
git-2.52.0/branch.c:168:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
git-2.52.0/branch.c:91:12: enter_function: entry to ‘install_branch_config_multiple_remotes’
git-2.52.0/branch.c:99:12: branch_false: following ‘false’ branch...
git-2.52.0/branch.c:101:12: branch_false: ...to here
git-2.52.0/branch.c:119:12: branch_false: following ‘false’ branch...
git-2.52.0/branch.c:122:9: branch_false: ...to here
git-2.52.0/branch.c:122:9: call_function: calling ‘strbuf_setlen’ from ‘install_branch_config_multiple_remotes’
git-2.52.0/branch.c:122:9: return_function: returning to ‘install_branch_config_multiple_remotes’ from ‘strbuf_setlen’
git-2.52.0/branch.c:130:12: branch_false: following ‘false’ branch...
git-2.52.0/branch.c:132:9: branch_false: ...to here
git-2.52.0/branch.c:144:12: branch_true: following ‘true’ branch...
git-2.52.0/branch.c:145:31: branch_true: ...to here
git-2.52.0/branch.c:163:20: branch_true: following ‘true’ branch...
git-2.52.0/branch.c:171:40: branch_true: ...to here
git-2.52.0/branch.c:171:40: release_memory: using NULL here
git-2.52.0/branch.c:168:25: danger: dereference of NULL ‘friendly_ref_names.items’
#  166|   			 * upstream branch.
#  167|   			 */
#  168|-> 			printf_ln(rebasing ?
#  169|   				_("branch '%s' set up to track '%s' by rebasing.") :
#  170|   				_("branch '%s' set up to track '%s'."),

Error: GCC_ANALYZER_WARNING (CWE-775): [#def189]
git-2.52.0/builtin/archive.c:16:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(xopen(output_file, 577, 438), 1)’
git-2.52.0/builtin/archive.c:15:12: branch_true: following ‘true’ branch...
git-2.52.0/builtin/archive.c:16:21: branch_true: ...to here
git-2.52.0/builtin/archive.c:16:21: acquire_resource: opened here
git-2.52.0/builtin/archive.c:16:20: danger: ‘dup2(xopen(output_file, 577, 438), 1)’ leaks here; was opened at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#   14|   	int output_fd = xopen(output_file, O_CREAT | O_WRONLY | O_TRUNC, 0666);
#   15|   	if (output_fd != 1) {
#   16|-> 		if (dup2(output_fd, 1) < 0)
#   17|   			die_errno(_("could not redirect output"));
#   18|   		else

Error: GCC_ANALYZER_WARNING (CWE-775): [#def190]
git-2.52.0/builtin/bisect.c:1022:18: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(git_path_bisect_log(), 0)’
git-2.52.0/builtin/bisect.c:1372:12: enter_function: entry to ‘cmd_bisect__log’
git-2.52.0/builtin/bisect.c:1376:16: call_function: calling ‘bisect_log’ from ‘cmd_bisect__log’
# 1020|   		return BISECT_FAILED;
# 1021|   
# 1022|-> 	status = copy_fd(fd, STDOUT_FILENO);
# 1023|   	close(fd);
# 1024|   	return status ? BISECT_FAILED : BISECT_OK;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def191]
git-2.52.0/builtin/cat-file.c:152:36: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘type’
git-2.52.0/builtin/cat-file.c:1019:5: enter_function: entry to ‘cmd_cat_file’
git-2.52.0/builtin/cat-file.c:1167:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/cat-file.c:1181:13: branch_false: ...to here
git-2.52.0/builtin/cat-file.c:1181:12: branch_true: following ‘true’ branch...
git-2.52.0/builtin/cat-file.c:1182:20: branch_true: ...to here
git-2.52.0/builtin/cat-file.c:1190:25: branch_false: following ‘false’ branch...
git-2.52.0/builtin/cat-file.c:1193:25: branch_false: ...to here
git-2.52.0/builtin/cat-file.c:1193:25: branch_true: following ‘true’ branch...
git-2.52.0/builtin/cat-file.c:1194:25: branch_true: ...to here
git-2.52.0/builtin/cat-file.c:1208:15: call_function: calling ‘cat_one_file’ from ‘cmd_cat_file’
#  150|   			die("git cat-file: could not get object info");
#  151|   
#  152|-> 		if (use_mailmap && (type == OBJ_COMMIT || type == OBJ_TAG)) {
#  153|   			size_t s = size;
#  154|   			buf = replace_idents_using_mailmap(buf, &s);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def192]
git-2.52.0/builtin/clone.c:121:31: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(*path.buf, 0)’
git-2.52.0/builtin/clone.c:98:20: enter_function: entry to ‘get_repo_path_1’
git-2.52.0/builtin/clone.c:106:21: branch_true: following ‘true’ branch (when ‘i != 4’)...
git-2.52.0/builtin/clone.c:107:17: branch_true: ...to here
git-2.52.0/builtin/clone.c:107:17: call_function: calling ‘strbuf_setlen’ from ‘get_repo_path_1’
git-2.52.0/builtin/clone.c:107:17: return_function: returning to ‘get_repo_path_1’ from ‘strbuf_setlen’
git-2.52.0/builtin/clone.c:114:27: branch_true: following ‘true’ branch...
git-2.52.0/builtin/clone.c:118:39: acquire_resource: opened here
git-2.52.0/builtin/clone.c:119:28: branch_false: following ‘false’ branch...
git-2.52.0/builtin/clone.c:121:31: branch_false: ...to here
git-2.52.0/builtin/clone.c:121:31: throw: if ‘read_in_full’ throws an exception...
git-2.52.0/builtin/clone.c:121:31: danger: ‘open(*path.buf, 0)’ leaks here; was opened at [(13)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/12)
#  119|   			if (fd < 0)
#  120|   				continue;
#  121|-> 			len = read_in_full(fd, signature, 8);
#  122|   			close(fd);
#  123|   			if (len != 8 || strncmp(signature, "gitdir: ", 8))

Error: COMPILER_WARNING (CWE-704): [#def193]
git-2.52.0/builtin/commit.c: scope_hint: In function ‘prepare_to_commit’
git-2.52.0/builtin/commit.c:819:24: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  819 |                 buffer = strstr(use_message_buffer, "\n\n");
#      |                        ^
#  817|   	} else if (use_message) {
#  818|   		char *buffer;
#  819|-> 		buffer = strstr(use_message_buffer, "\n\n");
#  820|   		if (buffer)
#  821|   			strbuf_addstr(&sb, skip_blank_lines(buffer + 2));

Error: COMPILER_WARNING (CWE-704): [#def194]
git-2.52.0/builtin/commit.c:819:24: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  817|   	} else if (use_message) {
#  818|   		char *buffer;
#  819|-> 		buffer = strstr(use_message_buffer, "\n\n");
#  820|   		if (buffer)
#  821|   			strbuf_addstr(&sb, skip_blank_lines(buffer + 2));

Error: COMPILER_WARNING (CWE-704): [#def195]
git-2.52.0/builtin/config.c: scope_hint: In function ‘get_urlmatch’
git-2.52.0/builtin/config.c:698:22: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  698 |         section_tail = strchr(config.section, '.');
#      |                      ^
#  696|   
#  697|   	config.section = xstrdup_tolower(var);
#  698|-> 	section_tail = strchr(config.section, '.');
#  699|   	if (section_tail) {
#  700|   		*section_tail = '\0';

Error: COMPILER_WARNING (CWE-704): [#def196]
git-2.52.0/builtin/config.c:698:22: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  696|   
#  697|   	config.section = xstrdup_tolower(var);
#  698|-> 	section_tail = strchr(config.section, '.');
#  699|   	if (section_tail) {
#  700|   		*section_tail = '\0';

Error: GCC_ANALYZER_WARNING (CWE-775): [#def197]
git-2.52.0/builtin/credential-cache--daemon.c:222:22: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘client2’
git-2.52.0/builtin/credential-cache--daemon.c:195:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/credential-cache--daemon.c:198:9: branch_false: ...to here
git-2.52.0/builtin/credential-cache--daemon.c:200:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/credential-cache--daemon.c:206:13: branch_false: ...to here
git-2.52.0/builtin/credential-cache--daemon.c:206:12: branch_true: following ‘true’ branch...
git-2.52.0/builtin/credential-cache--daemon.c:210:26: branch_true: ...to here
git-2.52.0/builtin/credential-cache--daemon.c:211:20: branch_false: following ‘false’ branch...
git-2.52.0/builtin/credential-cache--daemon.c:215:27: branch_false: ...to here
git-2.52.0/builtin/credential-cache--daemon.c:215:27: acquire_resource: opened here
git-2.52.0/builtin/credential-cache--daemon.c:216:20: branch_false: following ‘false’ branch (when ‘client2 >= 0’)...
git-2.52.0/builtin/credential-cache--daemon.c:222:22: branch_false: ...to here
git-2.52.0/builtin/credential-cache--daemon.c:222:22: throw: if ‘xfdopen’ throws an exception...
git-2.52.0/builtin/credential-cache--daemon.c:222:22: danger: ‘client2’ leaks here; was opened at [(9)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/8)
#  220|   		}
#  221|   
#  222|-> 		in = xfdopen(client, "r");
#  223|   		out = xfdopen(client2, "w");
#  224|   		serve_one_client(in, out);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def198]
git-2.52.0/builtin/credential-cache--daemon.c:223:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘client2’
git-2.52.0/builtin/credential-cache--daemon.c:195:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/credential-cache--daemon.c:198:9: branch_false: ...to here
git-2.52.0/builtin/credential-cache--daemon.c:200:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/credential-cache--daemon.c:206:13: branch_false: ...to here
git-2.52.0/builtin/credential-cache--daemon.c:206:12: branch_true: following ‘true’ branch...
git-2.52.0/builtin/credential-cache--daemon.c:210:26: branch_true: ...to here
git-2.52.0/builtin/credential-cache--daemon.c:211:20: branch_false: following ‘false’ branch...
git-2.52.0/builtin/credential-cache--daemon.c:215:27: branch_false: ...to here
git-2.52.0/builtin/credential-cache--daemon.c:215:27: acquire_resource: opened here
git-2.52.0/builtin/credential-cache--daemon.c:216:20: branch_false: following ‘false’ branch (when ‘client2 >= 0’)...
git-2.52.0/builtin/credential-cache--daemon.c:222:22: branch_false: ...to here
git-2.52.0/builtin/credential-cache--daemon.c:223:23: throw: if ‘xfdopen’ throws an exception...
git-2.52.0/builtin/credential-cache--daemon.c:223:23: danger: ‘client2’ leaks here; was opened at [(9)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/8)
#  221|   
#  222|   		in = xfdopen(client, "r");
#  223|-> 		out = xfdopen(client2, "w");
#  224|   		serve_one_client(in, out);
#  225|   		fclose(in);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def199]
git-2.52.0/builtin/difftool.c:134:22: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(buf.buf, 0)’
git-2.52.0/builtin/difftool.c:118:12: enter_function: entry to ‘use_wt_file’
git-2.52.0/builtin/difftool.c:127:9: call_function: calling ‘add_path’ from ‘use_wt_file’
git-2.52.0/builtin/difftool.c:127:9: return_function: returning to ‘use_wt_file’ from ‘add_path’
git-2.52.0/builtin/difftool.c:129:12: branch_true: following ‘true’ branch...
git-2.52.0/builtin/difftool.c:131:26: acquire_resource: opened here
git-2.52.0/builtin/difftool.c:133:20: branch_true: following ‘true’ branch...
git-2.52.0/builtin/difftool.c:134:22: branch_true: ...to here
git-2.52.0/builtin/difftool.c:134:22: danger: ‘open(buf.buf, 0)’ leaks here; was opened at [(14)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/13)
#  132|   
#  133|   		if (fd >= 0 &&
#  134|-> 		    !index_fd(repo->index, &wt_oid, fd, &st, OBJ_BLOB, name, 0)) {
#  135|   			if (is_null_oid(oid)) {
#  136|   				oidcpy(oid, &wt_oid);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def200]
git-2.52.0/builtin/gc.c:397:16: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(repo_git_path_replace(the_repository, & buf, "worktrees"))’
git-2.52.0/builtin/gc.c:385:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/gc.c:390:31: branch_false: ...to here
git-2.52.0/builtin/gc.c:390:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/gc.c:393:15: branch_false: ...to here
git-2.52.0/builtin/gc.c:393:15: acquire_memory: allocated here
git-2.52.0/builtin/gc.c:394:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/gc.c:394:12: branch_false: ...to here
git-2.52.0/builtin/gc.c:397:16: branch_true: following ‘true’ branch...
git-2.52.0/builtin/gc.c:397:30: branch_true: ...to here
git-2.52.0/builtin/gc.c:397:30: throw: if ‘readdir_skip_dot_and_dotdot’ throws an exception...
git-2.52.0/builtin/gc.c:397:16: danger: ‘opendir(repo_git_path_replace(the_repository, & buf, "worktrees"))’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  395|   		goto out;
#  396|   
#  397|-> 	while (limit && (d = readdir_skip_dot_and_dotdot(dir))) {
#  398|   		char *wtpath;
#  399|   		strbuf_reset(&buf);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def201]
git-2.52.0/builtin/gc.c:443:23: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(path.buf)’
git-2.52.0/builtin/gc.c:430:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/gc.c:439:9: branch_false: ...to here
git-2.52.0/builtin/gc.c:440:15: acquire_memory: allocated here
git-2.52.0/builtin/gc.c:441:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/gc.c:443:23: branch_false: ...to here
git-2.52.0/builtin/gc.c:443:23: throw: if ‘readdir_skip_dot_and_dotdot’ throws an exception...
git-2.52.0/builtin/gc.c:443:23: danger: ‘opendir(path.buf)’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  441|   	if (!dir)
#  442|   		goto out;
#  443|-> 	should_gc = !!readdir_skip_dot_and_dotdot(dir);
#  444|   
#  445|   out:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def202]
git-2.52.0/builtin/gc.c:474:26: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(repo_git_path(the_repository, "objects/17"))’
git-2.52.0/builtin/gc.c:469:15: acquire_memory: allocated here
git-2.52.0/builtin/gc.c:471:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/gc.c:474:26: branch_false: ...to here
git-2.52.0/builtin/gc.c:475:23: throw: if ‘readdir’ throws an exception...
git-2.52.0/builtin/gc.c:474:26: danger: ‘opendir(repo_git_path(the_repository, "objects/17"))’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  472|   		return 0;
#  473|   
#  474|-> 	auto_threshold = DIV_ROUND_UP(limit, 256);
#  475|   	while ((ent = readdir(dir)) != NULL) {
#  476|   		if (strspn(ent->d_name, "0123456789abcdef") != hexsz_loose ||

Error: GCC_ANALYZER_WARNING (CWE-688): [#def203]
git-2.52.0/builtin/index-pack.c:789:21: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
git-2.52.0/builtin/index-pack.c:885:13: enter_function: entry to ‘sha1_object’
git-2.52.0/builtin/index-pack.c:892:9: branch_true: following ‘true’ branch...
git-2.52.0/builtin/index-pack.c:894:25: branch_true: ...to here
git-2.52.0/builtin/index-pack.c:901:12: branch_true: following ‘true’ branch...
git-2.52.0/builtin/index-pack.c:902:17: call_function: inlined call to ‘lock_mutex’ from ‘sha1_object’
git-2.52.0/builtin/index-pack.c:903:22: call_function: calling ‘check_collison’ from ‘sha1_object’
#  787|   			die(_("unable to read %s"),
#  788|   			    oid_to_hex(&data->entry->idx.oid));
#  789|-> 		if (memcmp(buf, data->buf, len))
#  790|   			die(_("SHA1 COLLISION FOUND WITH %s !"),
#  791|   			    oid_to_hex(&data->entry->idx.oid));

Error: GCC_ANALYZER_WARNING (CWE-688): [#def204]
git-2.52.0/builtin/interpret-trailers.c:105:13: warning[-Wanalyzer-null-argument]: use of NULL ‘file’ where non-null expected
git-2.52.0/builtin/interpret-trailers.c:194:5: enter_function: entry to ‘cmd_interpret_trailers’
git-2.52.0/builtin/interpret-trailers.c:235:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/interpret-trailers.c:240:21: branch_false: ...to here
git-2.52.0/builtin/interpret-trailers.c:240:20: branch_false: following ‘false’ branch...
git-2.52.0/builtin/interpret-trailers.c:242:17: branch_false: ...to here
git-2.52.0/builtin/interpret-trailers.c:242:17: call_function: calling ‘interpret_trailers’ from ‘cmd_interpret_trailers’
#  103|   	FILE *outfile;
#  104|   
#  105|-> 	if (stat(file, &st))
#  106|   		die_errno(_("could not stat %s"), file);
#  107|   	if (!S_ISREG(st.st_mode))

Error: GCC_ANALYZER_WARNING (CWE-688): [#def205]
git-2.52.0/builtin/ls-files.c:339:25: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
git-2.52.0/builtin/ls-files.c:576:5: enter_function: entry to ‘cmd_ls_files’
git-2.52.0/builtin/ls-files.c:667:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/ls-files.c:670:16: branch_false: ...to here
git-2.52.0/builtin/ls-files.c:730:12: branch_true: following ‘true’ branch...
git-2.52.0/builtin/ls-files.c:734:26: branch_true: ...to here
git-2.52.0/builtin/ls-files.c:734:26: call_function: calling ‘get_common_prefix_len’ from ‘cmd_ls_files’
git-2.52.0/builtin/ls-files.c:734:26: return_function: returning to ‘cmd_ls_files’ from ‘get_common_prefix_len’
git-2.52.0/builtin/ls-files.c:736:9: call_function: calling ‘prune_index’ from ‘cmd_ls_files’
git-2.52.0/builtin/ls-files.c:736:9: return_function: returning to ‘cmd_ls_files’ from ‘prune_index’
git-2.52.0/builtin/ls-files.c:763:9: call_function: calling ‘show_files’ from ‘cmd_ls_files’
#  337|   
#  338|   		if (!show_stage) {
#  339|-> 			fputs(tag, stdout);
#  340|   		} else {
#  341|   			printf("%s%06o %s %d\t",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def206]
git-2.52.0/builtin/mailsplit.c:133:32: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(xstrfmt("%s/%s", path, *sub))’
git-2.52.0/builtin/mailsplit.c:274:5: enter_function: entry to ‘cmd_mailsplit’
git-2.52.0/builtin/mailsplit.c:285:9: branch_false: following ‘false’ branch (when ‘prefix’ is NULL)...
git-2.52.0/builtin/mailsplit.c:287:9: branch_false: ...to here
git-2.52.0/builtin/mailsplit.c:318:12: branch_true: following ‘true’ branch (when ‘dir’ is NULL)...
git-2.52.0/builtin/mailsplit.c:321:25: branch_true: ...to here
git-2.52.0/builtin/mailsplit.c:340:16: branch_true: following ‘true’ branch...
git-2.52.0/builtin/mailsplit.c:341:36: branch_true: ...to here
git-2.52.0/builtin/mailsplit.c:356:20: branch_false: following ‘false’ branch...
git-2.52.0/builtin/mailsplit.c:361:21: branch_false: ...to here
git-2.52.0/builtin/mailsplit.c:361:20: branch_true: following ‘true’ branch...
git-2.52.0/builtin/mailsplit.c:362:31: branch_true: ...to here
git-2.52.0/builtin/mailsplit.c:362:31: call_function: calling ‘split_maildir’ from ‘cmd_mailsplit’
#  131|   		}
#  132|   
#  133|-> 		while ((dent = readdir(dir)) != NULL) {
#  134|   			if (dent->d_name[0] == '.')
#  135|   				continue;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def207]
git-2.52.0/builtin/name-rev.c:226:46: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
git-2.52.0/builtin/name-rev.c:419:13: enter_function: entry to ‘name_tips’
git-2.52.0/builtin/name-rev.c:428:21: branch_true: following ‘true’ branch...
git-2.52.0/builtin/name-rev.c:429:46: branch_true: ...to here
git-2.52.0/builtin/name-rev.c:430:20: branch_true: following ‘true’ branch...
git-2.52.0/builtin/name-rev.c:432:47: branch_true: ...to here
git-2.52.0/builtin/name-rev.c:431:25: call_function: calling ‘name_rev’ from ‘name_tips’
#  224|   				distance = name->distance + MERGE_TRAVERSAL_WEIGHT;
#  225|   			} else {
#  226|-> 				generation = name->generation + 1;
#  227|   				distance = name->distance + 1;
#  228|   			}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def208]
git-2.52.0/builtin/prune.c:147:22: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(path)’
git-2.52.0/builtin/prune.c:140:15: acquire_memory: allocated here
git-2.52.0/builtin/prune.c:141:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/prune.c:141:12: branch_false: ...to here
git-2.52.0/builtin/prune.c:147:22: throw: if ‘readdir’ throws an exception...
git-2.52.0/builtin/prune.c:147:22: danger: ‘opendir(path)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  145|   		return;
#  146|   	}
#  147|-> 	while ((de = readdir(dir)) != NULL)
#  148|   		if (starts_with(de->d_name, "tmp_"))
#  149|   			prune_tmp_file(mkpath("%s/%s", path, de->d_name));

Error: GCC_ANALYZER_WARNING (CWE-688): [#def209]
git-2.52.0/builtin/pull.c:772:22: warning[-Wanalyzer-null-argument]: use of NULL ‘remote’ where non-null expected
git-2.52.0/builtin/pull.c:998:5: enter_function: entry to ‘cmd_pull’
git-2.52.0/builtin/pull.c:1035:9: call_function: inlined call to ‘parse_repo_refspecs’ from ‘cmd_pull’
git-2.52.0/builtin/pull.c:1037:13: branch_false: ...to here
git-2.52.0/builtin/pull.c:1059:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/pull.c:1062:13: branch_false: ...to here
git-2.52.0/builtin/pull.c:1062:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/pull.c:1065:13: branch_false: ...to here
git-2.52.0/builtin/pull.c:1068:12: branch_true: following ‘true’ branch...
git-2.52.0/builtin/pull.c:1069:21: branch_true: ...to here
git-2.52.0/builtin/pull.c:1080:21: call_function: calling ‘get_rebase_fork_point’ from ‘cmd_pull’
#  770|   
#  771|   	if (*spec_src) {
#  772|-> 		if (!strcmp(remote, "."))
#  773|   			merge_branch = mkpath("refs/heads/%s", spec_src);
#  774|   		else

Error: GCC_ANALYZER_WARNING (CWE-775): [#def210]
git-2.52.0/builtin/rebase.c:707:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘am.in’
git-2.52.0/builtin/rebase.c:622:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/rebase.c:633:12: branch_false: ...to here
git-2.52.0/builtin/rebase.c:633:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/rebase.c:642:12: branch_false: ...to here
git-2.52.0/builtin/rebase.c:642:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/rebase.c:647:27: branch_false: ...to here
git-2.52.0/builtin/rebase.c:650:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/rebase.c:658:9: branch_false: ...to here
git-2.52.0/builtin/rebase.c:678:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/rebase.c:698:17: branch_false: ...to here
git-2.52.0/builtin/rebase.c:698:17: acquire_resource: opened here
git-2.52.0/builtin/rebase.c:699:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/rebase.c:707:9: branch_false: ...to here
git-2.52.0/builtin/rebase.c:707:9: throw: if ‘strvec_pushv’ throws an exception...
git-2.52.0/builtin/rebase.c:707:9: danger: ‘am.in’ leaks here; was opened at [(11)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/10)
#  705|   	}
#  706|   
#  707|-> 	strvec_pushv(&am.args, opts->git_am_opts.v);
#  708|   	strvec_push(&am.args, "--rebasing");
#  709|   	strvec_pushf(&am.args, "--resolvemsg=%s", rebase_resolvemsg);

Error: COMPILER_WARNING (CWE-704): [#def211]
git-2.52.0/builtin/receive-pack.c: scope_hint: In function ‘proc_receive_ref_append’
git-2.52.0/builtin/receive-pack.c:400:11: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  400 |         p = strchr(prefix, ':');
#      |           ^
#  398|   
#  399|   	CALLOC_ARRAY(ref_pattern, 1);
#  400|-> 	p = strchr(prefix, ':');
#  401|   	if (p) {
#  402|   		while (prefix < p) {

Error: COMPILER_WARNING (CWE-704): [#def212]
git-2.52.0/builtin/receive-pack.c:400:11: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  398|   
#  399|   	CALLOC_ARRAY(ref_pattern, 1);
#  400|-> 	p = strchr(prefix, ':');
#  401|   	if (p) {
#  402|   		while (prefix < p) {

Error: GCC_ANALYZER_WARNING (CWE-404): [#def213]
git-2.52.0/builtin/receive-pack.c:471:14: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/builtin/receive-pack.c:493:13: enter_function: entry to ‘rp_error’
git-2.52.0/builtin/receive-pack.c:496:9: acquire_resource: ‘va_start’ called here
git-2.52.0/builtin/receive-pack.c:497:9: call_function: calling ‘report_message’ from ‘rp_error’
#  469|   	char msg[4096];
#  470|   
#  471|-> 	sz = xsnprintf(msg, sizeof(msg), "%s", prefix);
#  472|   	sz += vsnprintf(msg + sz, sizeof(msg) - sz, err, params);
#  473|   	if (sz > (sizeof(msg) - 1))

Error: COMPILER_WARNING (CWE-704): [#def214]
git-2.52.0/builtin/receive-pack.c: scope_hint: In function ‘read_proc_receive_report’
git-2.52.0/builtin/receive-pack.c:1009:19: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1009 |                 p = strchr(head, ' ');
#      |                   ^
# 1007|   
# 1008|   		head = reader->line;
# 1009|-> 		p = strchr(head, ' ');
# 1010|   		if (!p) {
# 1011|   			strbuf_addf(errmsg, "proc-receive reported incomplete status line: '%s'\n", head);

Error: COMPILER_WARNING (CWE-704): [#def215]
git-2.52.0/builtin/receive-pack.c:1009:19: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1007|   
# 1008|   		head = reader->line;
# 1009|-> 		p = strchr(head, ' ');
# 1010|   		if (!p) {
# 1011|   			strbuf_addf(errmsg, "proc-receive reported incomplete status line: '%s'\n", head);

Error: COMPILER_WARNING (CWE-704): [#def216]
git-2.52.0/builtin/receive-pack.c:1039:27: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1039 |                         p = strchr(key, ' ');
#      |                           ^
# 1037|   			}
# 1038|   			key = p;
# 1039|-> 			p = strchr(key, ' ');
# 1040|   			if (p)
# 1041|   				*p++ = '\0';

Error: COMPILER_WARNING (CWE-704): [#def217]
git-2.52.0/builtin/receive-pack.c:1039:27: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1037|   			}
# 1038|   			key = p;
# 1039|-> 			p = strchr(key, ' ');
# 1040|   			if (p)
# 1041|   				*p++ = '\0';

Error: COMPILER_WARNING (CWE-704): [#def218]
git-2.52.0/builtin/receive-pack.c:1062:19: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1062 |                 p = strchr(refname, ' ');
#      |                   ^
# 1060|   		new_report = 0;
# 1061|   		refname = p;
# 1062|-> 		p = strchr(refname, ' ');
# 1063|   		if (p)
# 1064|   			*p++ = '\0';

Error: COMPILER_WARNING (CWE-704): [#def219]
git-2.52.0/builtin/receive-pack.c:1062:19: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1060|   		new_report = 0;
# 1061|   		refname = p;
# 1062|-> 		p = strchr(refname, ' ');
# 1063|   		if (p)
# 1064|   			*p++ = '\0';

Error: COMPILER_WARNING (CWE-704): [#def220]
git-2.52.0/builtin/remote.c: scope_hint: In function ‘config_read_branches’
git-2.52.0/builtin/remote.c:335:31: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  335 |                 char *space = strchr(value, ' ');
#      |                               ^~~~~~
#  333|   		break;
#  334|   	case MERGE: {
#  335|-> 		char *space = strchr(value, ' ');
#  336|   		value = abbrev_branch(value);
#  337|   		while (space) {

Error: COMPILER_WARNING (CWE-704): [#def221]
git-2.52.0/builtin/remote.c:335:31: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  333|   		break;
#  334|   	case MERGE: {
#  335|-> 		char *space = strchr(value, ' ');
#  336|   		value = abbrev_branch(value);
#  337|   		while (space) {

Error: COMPILER_WARNING (CWE-704): [#def222]
git-2.52.0/builtin/remote.c:342:31: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  342 |                         space = strchr(value, ' ');
#      |                               ^
#  340|   			string_list_append(&info->merge, merge);
#  341|   			value = abbrev_branch(space + 1);
#  342|-> 			space = strchr(value, ' ');
#  343|   		}
#  344|   		string_list_append(&info->merge, xstrdup(value));

Error: COMPILER_WARNING (CWE-704): [#def223]
git-2.52.0/builtin/remote.c:342:31: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  340|   			string_list_append(&info->merge, merge);
#  341|   			value = abbrev_branch(space + 1);
#  342|-> 			space = strchr(value, ' ');
#  343|   		}
#  344|   		string_list_append(&info->merge, xstrdup(value));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def224]
git-2.52.0/builtin/replace.c:275:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(filename, 0)’
git-2.52.0/builtin/replace.c:271:14: acquire_resource: opened here
git-2.52.0/builtin/replace.c:272:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/replace.c:275:13: branch_false: ...to here
git-2.52.0/builtin/replace.c:275:12: branch_true: following ‘true’ branch...
git-2.52.0/builtin/replace.c:276:38: branch_true: ...to here
git-2.52.0/builtin/replace.c:279:17: throw: if ‘strvec_push’ throws an exception...
git-2.52.0/builtin/replace.c:275:13: danger: ‘open(filename, 0)’ leaks here; was opened at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  273|   		return error_errno(_("unable to open %s for reading"), filename);
#  274|   
#  275|-> 	if (!raw && type == OBJ_TREE) {
#  276|   		struct child_process cmd = CHILD_PROCESS_INIT;
#  277|   		struct strbuf result = STRBUF_INIT;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def225]
git-2.52.0/builtin/replace.c:284:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘cmd.in’
git-2.52.0/builtin/replace.c:271:14: acquire_resource: opened here
git-2.52.0/builtin/replace.c:272:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/replace.c:275:13: branch_false: ...to here
git-2.52.0/builtin/replace.c:275:12: branch_true: following ‘true’ branch...
git-2.52.0/builtin/replace.c:276:38: branch_true: ...to here
git-2.52.0/builtin/replace.c:284:21: throw: if ‘start_command’ throws an exception...
git-2.52.0/builtin/replace.c:284:21: danger: ‘cmd.in’ leaks here; was opened at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  282|   		cmd.out = -1;
#  283|   
#  284|-> 		if (start_command(&cmd)) {
#  285|   			close(fd);
#  286|   			return error(_("unable to spawn mktree"));

Error: GCC_ANALYZER_WARNING (CWE-404): [#def226]
git-2.52.0/builtin/repo.c:213:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/builtin/repo.c:229:13: enter_function: entry to ‘stats_table_addf’
git-2.52.0/builtin/repo.c:233:9: acquire_resource: ‘va_start’ called here
git-2.52.0/builtin/repo.c:234:9: call_function: calling ‘stats_table_vaddf’ from ‘stats_table_addf’
#  211|   	int name_width;
#  212|   
#  213|-> 	strbuf_vaddf(&buf, format, ap);
#  214|   	formatted_name = strbuf_detach(&buf, NULL);
#  215|   	name_width = utf8_strwidth(formatted_name);

Error: COMPILER_WARNING (CWE-704): [#def227]
git-2.52.0/builtin/rev-parse.c: scope_hint: In function ‘try_difference’
git-2.52.0/builtin/rev-parse.c:280:22: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  280 |         if (!(dotdot = strstr(arg, "..")))
#      |                      ^
#  278|   	static const char head_by_default[] = "HEAD";
#  279|   
#  280|-> 	if (!(dotdot = strstr(arg, "..")))
#  281|   		return 0;
#  282|   	end = dotdot + 2;

Error: COMPILER_WARNING (CWE-704): [#def228]
git-2.52.0/builtin/rev-parse.c:280:22: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  278|   	static const char head_by_default[] = "HEAD";
#  279|   
#  280|-> 	if (!(dotdot = strstr(arg, "..")))
#  281|   		return 0;
#  282|   	end = dotdot + 2;

Error: COMPILER_WARNING (CWE-704): [#def229]
git-2.52.0/builtin/rev-parse.c: scope_hint: In function ‘try_parent_shorthands’
git-2.52.0/builtin/rev-parse.c:341:21: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  341 |         if ((dotdot = strstr(arg, "^!"))) {
#      |                     ^
#  339|   	int exclude_parent = 0;
#  340|   
#  341|-> 	if ((dotdot = strstr(arg, "^!"))) {
#  342|   		include_rev = 1;
#  343|   		if (dotdot[2])

Error: COMPILER_WARNING (CWE-704): [#def230]
git-2.52.0/builtin/rev-parse.c:341:21: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  339|   	int exclude_parent = 0;
#  340|   
#  341|-> 	if ((dotdot = strstr(arg, "^!"))) {
#  342|   		include_rev = 1;
#  343|   		if (dotdot[2])

Error: COMPILER_WARNING (CWE-704): [#def231]
git-2.52.0/builtin/rev-parse.c:345:28: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  345 |         } else if ((dotdot = strstr(arg, "^@"))) {
#      |                            ^
#  343|   		if (dotdot[2])
#  344|   			return 0;
#  345|-> 	} else if ((dotdot = strstr(arg, "^@"))) {
#  346|   		include_parents = 1;
#  347|   		if (dotdot[2])

Error: COMPILER_WARNING (CWE-704): [#def232]
git-2.52.0/builtin/rev-parse.c:345:28: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  343|   		if (dotdot[2])
#  344|   			return 0;
#  345|-> 	} else if ((dotdot = strstr(arg, "^@"))) {
#  346|   		include_parents = 1;
#  347|   		if (dotdot[2])

Error: COMPILER_WARNING (CWE-704): [#def233]
git-2.52.0/builtin/rev-parse.c:349:28: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  349 |         } else if ((dotdot = strstr(arg, "^-"))) {
#      |                            ^
#  347|   		if (dotdot[2])
#  348|   			return 0;
#  349|-> 	} else if ((dotdot = strstr(arg, "^-"))) {
#  350|   		include_rev = 1;
#  351|   		exclude_parent = 1;

Error: COMPILER_WARNING (CWE-704): [#def234]
git-2.52.0/builtin/rev-parse.c:349:28: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  347|   		if (dotdot[2])
#  348|   			return 0;
#  349|-> 	} else if ((dotdot = strstr(arg, "^-"))) {
#  350|   		include_rev = 1;
#  351|   		exclude_parent = 1;

Error: COMPILER_WARNING (CWE-704): [#def235]
git-2.52.0/builtin/shortlog.c: scope_hint: In function ‘insert_one_record’
git-2.52.0/builtin/shortlog.c:79:37: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#   79 |                         char *eob = strchr(oneline, ']');
#      |                                     ^~~~~~
#   77|   			eol = oneline + strlen(oneline);
#   78|   		if (starts_with(oneline, "[PATCH")) {
#   79|-> 			char *eob = strchr(oneline, ']');
#   80|   			if (eob && (!eol || eob < eol))
#   81|   				oneline = eob + 1;

Error: COMPILER_WARNING (CWE-704): [#def236]
git-2.52.0/builtin/shortlog.c:79:37: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#   77|   			eol = oneline + strlen(oneline);
#   78|   		if (starts_with(oneline, "[PATCH")) {
#   79|-> 			char *eob = strchr(oneline, ']');
#   80|   			if (eob && (!eol || eob < eol))
#   81|   				oneline = eob + 1;

Error: GCC_ANALYZER_WARNING (CWE-617): [#def237]
git-2.52.0/builtin/show-index.c:59:25: warning[-Wanalyzer-tainted-assertion]: use of attacked-controlled value in condition for assertion
git-2.52.0/builtin/show-index.c:54:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/show-index.c:56:13: branch_false: ...to here
git-2.52.0/builtin/show-index.c:56:12: branch_true: following ‘true’ branch...
git-2.52.0/builtin/show-index.c:57:27: branch_true: ...to here
git-2.52.0/builtin/show-index.c:58:20: branch_true: following ‘true’ branch...
git-2.52.0/builtin/show-index.c:59:25: branch_true: ...to here
git-2.52.0/builtin/show-index.c:59:25: danger: treating ‘die’ as an assertion failure handler due to ‘__attribute__((__noreturn__))’
#   57|   		version = ntohl(top_index[1]);
#   58|   		if (version < 2 || version > 2)
#   59|-> 			die("unknown index version");
#   60|   		if (fread(top_index, 256 * 4, 1, stdin) != 1)
#   61|   			die("unable to read index");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def238]
git-2.52.0/builtin/submodule--helper.c:1066:43: warning[-Wanalyzer-malloc-leak]: leak of ‘temp’
git-2.52.0/builtin/submodule--helper.c:1060:21: branch_true: following ‘true’ branch...
git-2.52.0/builtin/submodule--helper.c:1061:43: branch_true: ...to here
git-2.52.0/builtin/submodule--helper.c:1060:21: branch_true: following ‘true’ branch...
git-2.52.0/builtin/submodule--helper.c:1061:43: branch_true: ...to here
git-2.52.0/builtin/submodule--helper.c:1066:43: acquire_memory: allocated here
git-2.52.0/builtin/submodule--helper.c:1074:17: branch_false: following ‘false’ branch...
git-2.52.0/builtin/submodule--helper.c:1075:17: branch_false: ...to here
git-2.52.0/builtin/submodule--helper.c:1060:21: branch_true: following ‘true’ branch...
git-2.52.0/builtin/submodule--helper.c:1061:43: branch_true: ...to here
git-2.52.0/builtin/submodule--helper.c:1066:43: danger: ‘temp’ leaks here; was allocated at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
# 1064|   		if (!S_ISGITLINK(p->one->mode) && !S_ISGITLINK(p->two->mode))
# 1065|   			continue;
# 1066|-> 		temp = (struct module_cb*)malloc(sizeof(struct module_cb));
# 1067|   		temp->mod_src = p->one->mode;
# 1068|   		temp->mod_dst = p->two->mode;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def239]
git-2.52.0/builtin/submodule--helper.c:1067:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘temp’
git-2.52.0/builtin/submodule--helper.c:1060:21: branch_true: following ‘true’ branch...
git-2.52.0/builtin/submodule--helper.c:1061:43: branch_true: ...to here
git-2.52.0/builtin/submodule--helper.c:1066:43: acquire_memory: this call could return NULL
git-2.52.0/builtin/submodule--helper.c:1067:17: danger: ‘temp’ could be NULL: unchecked value from [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
# 1065|   			continue;
# 1066|   		temp = (struct module_cb*)malloc(sizeof(struct module_cb));
# 1067|-> 		temp->mod_src = p->one->mode;
# 1068|   		temp->mod_dst = p->two->mode;
# 1069|   		temp->oid_src = p->one->oid;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def240]
git-2.52.0/builtin/submodule--helper.c:1072:33: warning[-Wanalyzer-malloc-leak]: leak of ‘temp’
git-2.52.0/builtin/submodule--helper.c:1060:21: branch_true: following ‘true’ branch...
git-2.52.0/builtin/submodule--helper.c:1061:43: branch_true: ...to here
git-2.52.0/builtin/submodule--helper.c:1066:43: acquire_memory: allocated here
git-2.52.0/builtin/submodule--helper.c:1072:33: throw: if ‘xstrdup’ throws an exception...
git-2.52.0/builtin/submodule--helper.c:1072:33: danger: ‘temp’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
# 1070|   		temp->oid_dst = p->two->oid;
# 1071|   		temp->status = p->status;
# 1072|-> 		temp->sm_path = xstrdup(p->one->path);
# 1073|   
# 1074|   		ALLOC_GROW(list->entries, list->nr + 1, list->alloc);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def241]
git-2.52.0/builtin/submodule--helper.c:1074:17: warning[-Wanalyzer-malloc-leak]: leak of ‘temp’
git-2.52.0/builtin/submodule--helper.c:1054:13: enter_function: entry to ‘submodule_summary_callback’
git-2.52.0/builtin/submodule--helper.c:1060:21: branch_true: following ‘true’ branch...
git-2.52.0/builtin/submodule--helper.c:1061:43: branch_true: ...to here
git-2.52.0/builtin/submodule--helper.c:1066:43: acquire_memory: allocated here
git-2.52.0/builtin/submodule--helper.c:1074:17: branch_true: following ‘true’ branch...
git-2.52.0/builtin/submodule--helper.c:1074:17: branch_true: ...to here
git-2.52.0/builtin/submodule--helper.c:1074:17: call_function: inlined call to ‘st_mult’ from ‘submodule_summary_callback’
git-2.52.0/builtin/submodule--helper.c:1074:17: throw: if ‘xrealloc’ throws an exception...
git-2.52.0/builtin/submodule--helper.c:1074:17: danger: ‘temp’ leaks here; was allocated at [(4)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/3)
# 1072|   		temp->sm_path = xstrdup(p->one->path);
# 1073|   
# 1074|-> 		ALLOC_GROW(list->entries, list->nr + 1, list->alloc);
# 1075|   		list->entries[list->nr++] = temp;
# 1076|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def242]
git-2.52.0/builtin/submodule--helper.c:1077:1: warning[-Wanalyzer-malloc-leak]: leak of ‘temp’
git-2.52.0/builtin/submodule--helper.c:1060:21: branch_true: following ‘true’ branch...
git-2.52.0/builtin/submodule--helper.c:1061:43: branch_true: ...to here
git-2.52.0/builtin/submodule--helper.c:1060:21: branch_true: following ‘true’ branch...
git-2.52.0/builtin/submodule--helper.c:1061:43: branch_true: ...to here
git-2.52.0/builtin/submodule--helper.c:1066:43: acquire_memory: allocated here
git-2.52.0/builtin/submodule--helper.c:1074:17: branch_false: following ‘false’ branch...
git-2.52.0/builtin/submodule--helper.c:1075:17: branch_false: ...to here
git-2.52.0/builtin/submodule--helper.c:1077:1: danger: ‘temp’ leaks here; was allocated at [(5)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/4)
# 1075|   		list->entries[list->nr++] = temp;
# 1076|   	}
# 1077|-> }
# 1078|   
# 1079|   static const char *get_diff_cmd(enum diff_cmd diff_cmd)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def243]
git-2.52.0/builtin/submodule--helper.c:1675:13: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(path)’
git-2.52.0/builtin/submodule--helper.c:1668:20: acquire_memory: allocated here
git-2.52.0/builtin/submodule--helper.c:1672:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/submodule--helper.c:1675:13: branch_false: ...to here
git-2.52.0/builtin/submodule--helper.c:1675:13: throw: if ‘readdir_skip_dot_and_dotdot’ throws an exception...
git-2.52.0/builtin/submodule--helper.c:1675:13: danger: ‘opendir(path)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
# 1673|   		return 0;
# 1674|   
# 1675|-> 	e = readdir_skip_dot_and_dotdot(dir);
# 1676|   	if (!e)
# 1677|   		ret = 0;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def244]
git-2.52.0/builtin/upload-archive.c:68:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/builtin/upload-archive.c:67:9: acquire_resource: ‘va_start’ called here
git-2.52.0/builtin/upload-archive.c:68:9: throw: if ‘strbuf_vaddf’ throws an exception...
git-2.52.0/builtin/upload-archive.c:68:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   66|   
#   67|   	va_start(params, fmt);
#   68|-> 	strbuf_vaddf(&buf, fmt, params);
#   69|   	va_end(params);
#   70|   	send_sideband(1, 3, buf.buf, buf.len, LARGE_PACKET_MAX);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def245]
git-2.52.0/builtin/worktree.c:226:21: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(repo_git_path(the_repository, "worktrees"))’
git-2.52.0/builtin/worktree.c:222:15: acquire_memory: allocated here
git-2.52.0/builtin/worktree.c:224:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/worktree.c:224:12: branch_false: ...to here
git-2.52.0/builtin/worktree.c:226:21: throw: if ‘readdir_skip_dot_and_dotdot’ throws an exception...
git-2.52.0/builtin/worktree.c:226:21: danger: ‘opendir(repo_git_path(the_repository, "worktrees"))’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  224|   	if (!dir)
#  225|   		return;
#  226|-> 	while ((d = readdir_skip_dot_and_dotdot(dir)) != NULL) {
#  227|   		char *path;
#  228|   		strbuf_reset(&reason);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def246]
git-2.52.0/bundle-uri.c:344:9: warning[-Wanalyzer-malloc-leak]: leak of ‘child_in’
git-2.52.0/bundle-uri.c:740:12: enter_function: entry to ‘fetch_bundle_uri_internal’
git-2.52.0/bundle-uri.c:748:12: branch_false: following ‘false’ branch...
git-2.52.0/bundle-uri.c:754:14: branch_false: ...to here
git-2.52.0/bundle-uri.c:754:12: branch_false: following ‘false’ branch...
git-2.52.0/bundle-uri.c:760:54: branch_false: ...to here
git-2.52.0/bundle-uri.c:760:23: call_function: calling ‘copy_uri_to_file’ from ‘fetch_bundle_uri_internal’
#  342|   
#  343|   	fprintf(child_in, "capabilities\n");
#  344|-> 	fflush(child_in);
#  345|   
#  346|   	while (!strbuf_getline(&line, child_out)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def247]
git-2.52.0/bundle-uri.c:344:9: warning[-Wanalyzer-malloc-leak]: leak of ‘child_out’
git-2.52.0/bundle-uri.c:740:12: enter_function: entry to ‘fetch_bundle_uri_internal’
git-2.52.0/bundle-uri.c:748:12: branch_false: following ‘false’ branch...
git-2.52.0/bundle-uri.c:754:14: branch_false: ...to here
git-2.52.0/bundle-uri.c:754:12: branch_false: following ‘false’ branch...
git-2.52.0/bundle-uri.c:760:54: branch_false: ...to here
git-2.52.0/bundle-uri.c:760:23: call_function: calling ‘copy_uri_to_file’ from ‘fetch_bundle_uri_internal’
#  342|   
#  343|   	fprintf(child_in, "capabilities\n");
#  344|-> 	fflush(child_in);
#  345|   
#  346|   	while (!strbuf_getline(&line, child_out)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def248]
git-2.52.0/bundle-uri.c:346:17: warning[-Wanalyzer-malloc-leak]: leak of ‘child_in’
git-2.52.0/bundle-uri.c:740:12: enter_function: entry to ‘fetch_bundle_uri_internal’
git-2.52.0/bundle-uri.c:748:12: branch_false: following ‘false’ branch...
git-2.52.0/bundle-uri.c:754:14: branch_false: ...to here
git-2.52.0/bundle-uri.c:754:12: branch_false: following ‘false’ branch...
git-2.52.0/bundle-uri.c:760:54: branch_false: ...to here
git-2.52.0/bundle-uri.c:760:23: call_function: calling ‘copy_uri_to_file’ from ‘fetch_bundle_uri_internal’
#  344|   	fflush(child_in);
#  345|   
#  346|-> 	while (!strbuf_getline(&line, child_out)) {
#  347|   		if (!line.len)
#  348|   			break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def249]
git-2.52.0/bundle-uri.c:346:17: warning[-Wanalyzer-malloc-leak]: leak of ‘child_out’
git-2.52.0/bundle-uri.c:740:12: enter_function: entry to ‘fetch_bundle_uri_internal’
git-2.52.0/bundle-uri.c:748:12: branch_false: following ‘false’ branch...
git-2.52.0/bundle-uri.c:754:14: branch_false: ...to here
git-2.52.0/bundle-uri.c:754:12: branch_false: following ‘false’ branch...
git-2.52.0/bundle-uri.c:760:54: branch_false: ...to here
git-2.52.0/bundle-uri.c:760:23: call_function: calling ‘copy_uri_to_file’ from ‘fetch_bundle_uri_internal’
#  344|   	fflush(child_in);
#  345|   
#  346|-> 	while (!strbuf_getline(&line, child_out)) {
#  347|   		if (!line.len)
#  348|   			break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def250]
git-2.52.0/bundle-uri.c:352:9: warning[-Wanalyzer-malloc-leak]: leak of ‘child_in’
git-2.52.0/bundle-uri.c:740:12: enter_function: entry to ‘fetch_bundle_uri_internal’
git-2.52.0/bundle-uri.c:748:12: branch_false: following ‘false’ branch...
git-2.52.0/bundle-uri.c:754:14: branch_false: ...to here
git-2.52.0/bundle-uri.c:754:12: branch_false: following ‘false’ branch...
git-2.52.0/bundle-uri.c:760:54: branch_false: ...to here
git-2.52.0/bundle-uri.c:760:23: call_function: calling ‘copy_uri_to_file’ from ‘fetch_bundle_uri_internal’
#  350|   			found_get = 1;
#  351|   	}
#  352|-> 	strbuf_release(&line);
#  353|   
#  354|   	if (!found_get) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def251]
git-2.52.0/bundle-uri.c:355:26: warning[-Wanalyzer-malloc-leak]: leak of ‘child_in’
git-2.52.0/bundle-uri.c:740:12: enter_function: entry to ‘fetch_bundle_uri_internal’
git-2.52.0/bundle-uri.c:748:12: branch_false: following ‘false’ branch...
git-2.52.0/bundle-uri.c:754:14: branch_false: ...to here
git-2.52.0/bundle-uri.c:754:12: branch_false: following ‘false’ branch...
git-2.52.0/bundle-uri.c:760:54: branch_false: ...to here
git-2.52.0/bundle-uri.c:760:23: call_function: calling ‘copy_uri_to_file’ from ‘fetch_bundle_uri_internal’
#  353|   
#  354|   	if (!found_get) {
#  355|-> 		result = error(_("insufficient capabilities"));
#  356|   		goto cleanup;
#  357|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def252]
git-2.52.0/bundle.c:84:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(path, 0)’
git-2.52.0/bundle.c:153:5: enter_function: entry to ‘read_bundle_header’
git-2.52.0/bundle.c:155:18: acquire_resource: opened here
git-2.52.0/bundle.c:157:12: branch_false: following ‘false’ branch...
git-2.52.0/bundle.c:159:16: branch_false: ...to here
git-2.52.0/bundle.c:159:16: call_function: calling ‘read_bundle_header_fd’ from ‘read_bundle_header’
#   82|   
#   83|   	/* The bundle header begins with the signature */
#   84|-> 	if (strbuf_getwholeline_fd(&buf, fd, '\n') ||
#   85|   	    parse_bundle_signature(header, buf.buf)) {
#   86|   		if (report_path)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def253]
git-2.52.0/bundle.c:358:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pack_objects.out’
git-2.52.0/bundle.c:349:12: branch_true: following ‘true’ branch (when ‘bundle_fd > 1’)...
git-2.52.0/bundle.c:350:36: branch_true: ...to here
git-2.52.0/bundle.c:350:36: acquire_resource: opened here
git-2.52.0/bundle.c:351:20: branch_false: following ‘false’ branch...
git-2.52.0/bundle.c:358:13: branch_false: ...to here
git-2.52.0/bundle.c:358:13: throw: if ‘start_command’ throws an exception...
git-2.52.0/bundle.c:358:13: danger: ‘pack_objects.out’ leaks here; was opened at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  356|   	}
#  357|   
#  358|-> 	if (start_command(&pack_objects))
#  359|   		return error(_("Could not spawn pack-objects"));
#  360|   

Error: GCC_ANALYZER_WARNING: [#def254]
git-2.52.0/column.c:395:9: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘1’
git-2.52.0/column.c:370:12: branch_false: following ‘false’ branch...
git-2.52.0/column.c:373:9: branch_false: ...to here
git-2.52.0/column.c:390:12: branch_false: following ‘false’ branch...
git-2.52.0/column.c:393:18: branch_false: ...to here
git-2.52.0/column.c:394:9: release_resource: closed here
git-2.52.0/column.c:395:9: danger: ‘1’ could be invalid
#  393|   	fd_out = dup(1);
#  394|   	close(1);
#  395|-> 	dup2(column_process.in, 1);
#  396|   	close(column_process.in);
#  397|   	return 0;

Error: GCC_ANALYZER_WARNING: [#def255]
git-2.52.0/column.c:408:9: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘1’
git-2.52.0/column.c:402:12: branch_false: following ‘false’ branch...
git-2.52.0/column.c:405:9: branch_false: ...to here
git-2.52.0/column.c:406:9: release_resource: closed here
git-2.52.0/column.c:408:9: danger: ‘1’ could be invalid
#  406|   	close(1);
#  407|   	finish_command(&column_process);
#  408|-> 	dup2(fd_out, 1);
#  409|   	close(fd_out);
#  410|   	fd_out = -1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def256]
git-2.52.0/combine-diff.c:1073:46: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(*elem.path, 0)’
git-2.52.0/combine-diff.c:1032:12: branch_false: following ‘false’ branch...
git-2.52.0/combine-diff.c:1036:12: branch_false: ...to here
git-2.52.0/combine-diff.c:1036:12: branch_false: following ‘false’ branch (when ‘working_tree_file != 0’)...
git-2.52.0/combine-diff.c:1044:27: branch_false: ...to here
git-2.52.0/combine-diff.c:1044:20: branch_false: following ‘false’ branch...
git-2.52.0/combine-diff.c:1047:21: branch_false: ...to here
git-2.52.0/combine-diff.c:1047:20: branch_false: following ‘false’ branch...
git-2.52.0/combine-diff.c:1057:27: branch_false: ...to here
git-2.52.0/combine-diff.c:1057:27: branch_false: following ‘false’ branch...
git-2.52.0/combine-diff.c:1067:27: branch_false: ...to here
git-2.52.0/combine-diff.c:1067:27: branch_false: following ‘false’ branch (when ‘textconv’ is NULL)...
git-2.52.0/combine-diff.c:1072:44: branch_false: ...to here
git-2.52.0/combine-diff.c:1072:39: acquire_resource: opened here
git-2.52.0/combine-diff.c:1072:27: branch_true: following ‘true’ branch...
git-2.52.0/combine-diff.c:1073:46: branch_true: ...to here
git-2.52.0/combine-diff.c:1073:46: danger: ‘open(*elem.path, 0)’ leaks here; was opened at [(13)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/12)
# 1071|   			free_filespec(df);
# 1072|   		} else if (0 <= (fd = open(elem->path, O_RDONLY))) {
# 1073|-> 			size_t len = xsize_t(st.st_size);
# 1074|   			ssize_t done;
# 1075|   			int is_file, i;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def257]
git-2.52.0/commit-graph.c:2287:40: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘g’
git-2.52.0/commit-graph.c:2261:12: branch_true: following ‘true’ branch...
git-2.52.0/commit-graph.c:2261:12: branch_true: ...to here
git-2.52.0/commit-graph.c:2263:24: branch_false: following ‘false’ branch (when ‘g’ is NULL)...
git-2.52.0/commit-graph.c:2280:12: branch_false: ...to here
git-2.52.0/commit-graph.c:2280:12: branch_true: following ‘true’ branch (when ‘flags != 2’)...
git-2.52.0/commit-graph.c:2281:17: branch_true: ...to here
git-2.52.0/commit-graph.c:2281:17: release_memory: ‘g’ is NULL
git-2.52.0/commit-graph.c:2286:12: branch_true: following ‘true’ branch...
git-2.52.0/commit-graph.c:2287:40: branch_true: ...to here
git-2.52.0/commit-graph.c:2287:40: danger: dereference of NULL ‘g’
# 2285|   
# 2286|   	if (ctx->num_commit_graphs_after == 2) {
# 2287|-> 		char *old_graph_name = get_commit_graph_filename(g->odb_source);
# 2288|   
# 2289|   		if (!strcmp(g->filename, old_graph_name) &&

Error: GCC_ANALYZER_WARNING (CWE-404): [#def258]
git-2.52.0/commit.c:1965:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/commit.c:1963:9: acquire_resource: ‘va_start’ called here
git-2.52.0/commit.c:1964:16: branch_true: following ‘true’ branch (when ‘arg’ is non-NULL)...
git-2.52.0/commit.c:1965:17: branch_true: ...to here
git-2.52.0/commit.c:1965:17: throw: if ‘strvec_push’ throws an exception...
git-2.52.0/commit.c:1965:17: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
# 1963|   	va_start(args, name);
# 1964|   	while ((arg = va_arg(args, const char *)))
# 1965|-> 		strvec_push(&opt.args, arg);
# 1966|   	va_end(args);
# 1967|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def259]
git-2.52.0/compat/disk.h:39:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stdout_fd’
git-2.52.0/diagnose.c:181:5: enter_function: entry to ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:198:12: branch_false: following ‘false’ branch (when ‘mode != 0’)...
git-2.52.0/diagnose.c:203:21: branch_false: ...to here
git-2.52.0/diagnose.c:203:21: acquire_resource: opened here
git-2.52.0/diagnose.c:204:12: branch_false: following ‘false’ branch (when ‘stdout_fd >= 0’)...
git-2.52.0/diagnose.c:209:29: branch_false: ...to here
git-2.52.0/diagnose.c:210:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:215:9: branch_false: ...to here
git-2.52.0/diagnose.c:218:9: call_function: calling ‘strbuf_setlen’ from ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:218:9: return_function: returning to ‘create_diagnostics_archive’ from ‘strbuf_setlen’
git-2.52.0/diagnose.c:223:9: call_function: calling ‘get_disk_info’ from ‘create_diagnostics_archive’
#   37|   	struct statvfs stat;
#   38|   
#   39|-> 	strbuf_realpath(&buf, ".", 1);
#   40|   	if (statvfs(buf.buf, &stat) < 0) {
#   41|   		error_errno(_("could not determine free disk size for '%s'"),

Error: GCC_ANALYZER_WARNING (CWE-775): [#def260]
git-2.52.0/compat/disk.h:41:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stdout_fd’
git-2.52.0/diagnose.c:181:5: enter_function: entry to ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:198:12: branch_false: following ‘false’ branch (when ‘mode != 0’)...
git-2.52.0/diagnose.c:203:21: branch_false: ...to here
git-2.52.0/diagnose.c:203:21: acquire_resource: opened here
git-2.52.0/diagnose.c:204:12: branch_false: following ‘false’ branch (when ‘stdout_fd >= 0’)...
git-2.52.0/diagnose.c:209:29: branch_false: ...to here
git-2.52.0/diagnose.c:210:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:215:9: branch_false: ...to here
git-2.52.0/diagnose.c:218:9: call_function: calling ‘strbuf_setlen’ from ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:218:9: return_function: returning to ‘create_diagnostics_archive’ from ‘strbuf_setlen’
git-2.52.0/diagnose.c:223:9: call_function: calling ‘get_disk_info’ from ‘create_diagnostics_archive’
#   39|   	strbuf_realpath(&buf, ".", 1);
#   40|   	if (statvfs(buf.buf, &stat) < 0) {
#   41|-> 		error_errno(_("could not determine free disk size for '%s'"),
#   42|   			    buf.buf);
#   43|   		res = -1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def261]
git-2.52.0/compat/disk.h:47:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stdout_fd’
git-2.52.0/diagnose.c:181:5: enter_function: entry to ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:198:12: branch_false: following ‘false’ branch (when ‘mode != 0’)...
git-2.52.0/diagnose.c:203:21: branch_false: ...to here
git-2.52.0/diagnose.c:203:21: acquire_resource: opened here
git-2.52.0/diagnose.c:204:12: branch_false: following ‘false’ branch (when ‘stdout_fd >= 0’)...
git-2.52.0/diagnose.c:209:29: branch_false: ...to here
git-2.52.0/diagnose.c:210:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:215:9: branch_false: ...to here
git-2.52.0/diagnose.c:218:9: call_function: calling ‘strbuf_setlen’ from ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:218:9: return_function: returning to ‘create_diagnostics_archive’ from ‘strbuf_setlen’
git-2.52.0/diagnose.c:223:9: call_function: calling ‘get_disk_info’ from ‘create_diagnostics_archive’
#   45|   	}
#   46|   
#   47|-> 	strbuf_addf(out, "Available space on '%s': ", buf.buf);
#   48|   	strbuf_humanise_bytes(out, (off_t)stat.f_bsize * (off_t)stat.f_bavail);
#   49|   	strbuf_addf(out, " (mount flags 0x%lx)\n", stat.f_flag);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def262]
git-2.52.0/compat/disk.h:48:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stdout_fd’
git-2.52.0/diagnose.c:181:5: enter_function: entry to ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:198:12: branch_false: following ‘false’ branch (when ‘mode != 0’)...
git-2.52.0/diagnose.c:203:21: branch_false: ...to here
git-2.52.0/diagnose.c:203:21: acquire_resource: opened here
git-2.52.0/diagnose.c:204:12: branch_false: following ‘false’ branch (when ‘stdout_fd >= 0’)...
git-2.52.0/diagnose.c:209:29: branch_false: ...to here
git-2.52.0/diagnose.c:210:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:215:9: branch_false: ...to here
git-2.52.0/diagnose.c:218:9: call_function: calling ‘strbuf_setlen’ from ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:218:9: return_function: returning to ‘create_diagnostics_archive’ from ‘strbuf_setlen’
git-2.52.0/diagnose.c:223:9: call_function: calling ‘get_disk_info’ from ‘create_diagnostics_archive’
#   46|   
#   47|   	strbuf_addf(out, "Available space on '%s': ", buf.buf);
#   48|-> 	strbuf_humanise_bytes(out, (off_t)stat.f_bsize * (off_t)stat.f_bavail);
#   49|   	strbuf_addf(out, " (mount flags 0x%lx)\n", stat.f_flag);
#   50|   #endif

Error: GCC_ANALYZER_WARNING (CWE-775): [#def263]
git-2.52.0/compat/disk.h:49:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stdout_fd’
git-2.52.0/diagnose.c:181:5: enter_function: entry to ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:198:12: branch_false: following ‘false’ branch (when ‘mode != 0’)...
git-2.52.0/diagnose.c:203:21: branch_false: ...to here
git-2.52.0/diagnose.c:203:21: acquire_resource: opened here
git-2.52.0/diagnose.c:204:12: branch_false: following ‘false’ branch (when ‘stdout_fd >= 0’)...
git-2.52.0/diagnose.c:209:29: branch_false: ...to here
git-2.52.0/diagnose.c:210:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:215:9: branch_false: ...to here
git-2.52.0/diagnose.c:218:9: call_function: calling ‘strbuf_setlen’ from ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:218:9: return_function: returning to ‘create_diagnostics_archive’ from ‘strbuf_setlen’
git-2.52.0/diagnose.c:223:9: call_function: calling ‘get_disk_info’ from ‘create_diagnostics_archive’
#   47|   	strbuf_addf(out, "Available space on '%s': ", buf.buf);
#   48|   	strbuf_humanise_bytes(out, (off_t)stat.f_bsize * (off_t)stat.f_bavail);
#   49|-> 	strbuf_addf(out, " (mount flags 0x%lx)\n", stat.f_flag);
#   50|   #endif
#   51|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def264]
git-2.52.0/compat/disk.h:53:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stdout_fd’
git-2.52.0/diagnose.c:181:5: enter_function: entry to ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:198:12: branch_false: following ‘false’ branch (when ‘mode != 0’)...
git-2.52.0/diagnose.c:203:21: branch_false: ...to here
git-2.52.0/diagnose.c:203:21: acquire_resource: opened here
git-2.52.0/diagnose.c:204:12: branch_false: following ‘false’ branch (when ‘stdout_fd >= 0’)...
git-2.52.0/diagnose.c:209:29: branch_false: ...to here
git-2.52.0/diagnose.c:210:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:215:9: branch_false: ...to here
git-2.52.0/diagnose.c:218:9: call_function: calling ‘strbuf_setlen’ from ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:218:9: return_function: returning to ‘create_diagnostics_archive’ from ‘strbuf_setlen’
git-2.52.0/diagnose.c:223:9: call_function: calling ‘get_disk_info’ from ‘create_diagnostics_archive’
#   51|   
#   52|   cleanup:
#   53|-> 	strbuf_release(&buf);
#   54|   	return res;
#   55|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def265]
git-2.52.0/compat/open.c:47:37: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
git-2.52.0/compat/open.c:34:14: acquire_resource: opened here
git-2.52.0/compat/open.c:35:12: branch_false: following ‘false’ branch...
git-2.52.0/compat/open.c:45:21: branch_false: ...to here
git-2.52.0/compat/open.c:45:20: branch_true: following ‘true’ branch...
git-2.52.0/compat/open.c:45:21: branch_true: ...to here
git-2.52.0/compat/open.c:45:21: branch_true: following ‘true’ branch...
git-2.52.0/compat/open.c:47:37: throw: if ‘fcntl’ throws an exception...
git-2.52.0/compat/open.c:47:37: danger: ‘fd’ leaks here; was opened at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   45|   		if (!o_cloexec && 0 <= fd && fd_cloexec) {
#   46|   			/* Opened w/o O_CLOEXEC?  try with fcntl(2) to add it */
#   47|-> 			int flags = fcntl(fd, F_GETFD);
#   48|   			if (fcntl(fd, F_SETFD, flags | fd_cloexec))
#   49|   				fd_cloexec = 0;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def266]
git-2.52.0/config.c:2521:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/config.c:2518:12: branch_true: following ‘true’ branch (when ‘err’ is non-NULL)...
git-2.52.0/config.c:2520:17: branch_true: ...to here
git-2.52.0/config.c:2520:17: acquire_resource: ‘va_start’ called here
git-2.52.0/config.c:2521:17: throw: if the called function throws an exception...
git-2.52.0/config.c:2521:17: danger: missing call to ‘va_end’ to match ‘va_start’ at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
# 2519|   		va_list params;
# 2520|   		va_start(params, err);
# 2521|-> 		error_fn(err, params);
# 2522|   		va_end(params);
# 2523|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def267]
git-2.52.0/connect.c:847:22: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sockfd’
git-2.52.0/connect.c:811:12: enter_function: entry to ‘git_tcp_connect_sock’
git-2.52.0/connect.c:820:9: call_function: calling ‘get_host_and_port’ from ‘git_tcp_connect_sock’
git-2.52.0/connect.c:820:9: return_function: returning to ‘git_tcp_connect_sock’ from ‘get_host_and_port’
git-2.52.0/connect.c:836:12: branch_false: following ‘false’ branch...
git-2.52.0/connect.c:839:12: branch_false: ...to here
git-2.52.0/connect.c:843:24: branch_true: following ‘true’ branch...
git-2.52.0/connect.c:844:26: branch_true: ...to here
git-2.52.0/connect.c:844:26: acquire_resource: socket created here
git-2.52.0/connect.c:846:20: branch_false: following ‘false’ branch (when ‘sockfd >= 0’)...
git-2.52.0/connect.c:847:53: branch_false: ...to here
git-2.52.0/connect.c:847:22: throw: if ‘connect’ throws an exception...
git-2.52.0/connect.c:847:22: danger: ‘sockfd’ leaks here
#  845|   				ai->ai_socktype, ai->ai_protocol);
#  846|   		if ((sockfd < 0) ||
#  847|-> 		    (connect(sockfd, ai->ai_addr, ai->ai_addrlen) < 0)) {
#  848|   			strbuf_addf(&error_message, "%s[%d: %s]: errno=%s\n",
#  849|   				    host, cnt, ai_name(ai), strerror(errno));

Error: COMPILER_WARNING (CWE-704): [#def268]
git-2.52.0/convert.c: scope_hint: In function ‘ident_to_git’
git-2.52.0/convert.c:1138:24: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1138 |                 dollar = memchr(src, '$', len);
#      |                        ^
# 1136|   	dst = buf->buf;
# 1137|   	for (;;) {
# 1138|-> 		dollar = memchr(src, '$', len);
# 1139|   		if (!dollar)
# 1140|   			break;

Error: COMPILER_WARNING (CWE-704): [#def269]
git-2.52.0/convert.c:1138:24: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1136|   	dst = buf->buf;
# 1137|   	for (;;) {
# 1138|-> 		dollar = memchr(src, '$', len);
# 1139|   		if (!dollar)
# 1140|   			break;

Error: COMPILER_WARNING (CWE-704): [#def270]
git-2.52.0/convert.c:1147:32: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1147 |                         dollar = memchr(src + 3, '$', len - 3);
#      |                                ^
# 1145|   
# 1146|   		if (len > 3 && !memcmp(src, "Id:", 3)) {
# 1147|-> 			dollar = memchr(src + 3, '$', len - 3);
# 1148|   			if (!dollar)
# 1149|   				break;

Error: COMPILER_WARNING (CWE-704): [#def271]
git-2.52.0/convert.c:1147:32: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1145|   
# 1146|   		if (len > 3 && !memcmp(src, "Id:", 3)) {
# 1147|-> 			dollar = memchr(src + 3, '$', len - 3);
# 1148|   			if (!dollar)
# 1149|   				break;

Error: COMPILER_WARNING (CWE-704): [#def272]
git-2.52.0/convert.c: scope_hint: In function ‘ident_to_worktree’
git-2.52.0/convert.c:1188:24: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1188 |                 dollar = memchr(src, '$', len);
#      |                        ^
# 1186|   	for (;;) {
# 1187|   		/* step 1: run to the next '$' */
# 1188|-> 		dollar = memchr(src, '$', len);
# 1189|   		if (!dollar)
# 1190|   			break;

Error: COMPILER_WARNING (CWE-704): [#def273]
git-2.52.0/convert.c:1188:24: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1186|   	for (;;) {
# 1187|   		/* step 1: run to the next '$' */
# 1188|-> 		dollar = memchr(src, '$', len);
# 1189|   		if (!dollar)
# 1190|   			break;

Error: COMPILER_WARNING (CWE-704): [#def274]
git-2.52.0/convert.c:1211:32: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1211 |                         dollar = memchr(src + 3, '$', len - 3);
#      |                                ^
# 1209|   			 * for git-style ids.
# 1210|   			 */
# 1211|-> 			dollar = memchr(src + 3, '$', len - 3);
# 1212|   			if (!dollar) {
# 1213|   				/* incomplete keyword, no more '$', so just quit the loop */

Error: COMPILER_WARNING (CWE-704): [#def275]
git-2.52.0/convert.c:1211:32: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1209|   			 * for git-style ids.
# 1210|   			 */
# 1211|-> 			dollar = memchr(src + 3, '$', len - 3);
# 1212|   			if (!dollar) {
# 1213|   				/* incomplete keyword, no more '$', so just quit the loop */

Error: COMPILER_WARNING (CWE-704): [#def276]
git-2.52.0/convert.c:1222:29: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1222 |                         spc = memchr(src + 4, ' ', dollar - src - 4);
#      |                             ^
# 1220|   			}
# 1221|   
# 1222|-> 			spc = memchr(src + 4, ' ', dollar - src - 4);
# 1223|   			if (spc && spc < dollar-1) {
# 1224|   				/* There are spaces in unexpected places.

Error: COMPILER_WARNING (CWE-704): [#def277]
git-2.52.0/convert.c:1222:29: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1220|   			}
# 1221|   
# 1222|-> 			spc = memchr(src + 4, ' ', dollar - src - 4);
# 1223|   			if (spc && spc < dollar-1) {
# 1224|   				/* There are spaces in unexpected places.

Error: GCC_ANALYZER_WARNING (CWE-775): [#def278]
git-2.52.0/copy.c:14:31: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(src, 0)’
git-2.52.0/copy.c:38:5: enter_function: entry to ‘copy_file’
git-2.52.0/copy.c:43:20: acquire_resource: opened here
git-2.52.0/copy.c:43:12: branch_false: following ‘false’ branch...
git-2.52.0/copy.c:45:20: branch_false: ...to here
git-2.52.0/copy.c:45:12: branch_false: following ‘false’ branch...
git-2.52.0/copy.c:49:18: branch_false: ...to here
git-2.52.0/copy.c:49:18: call_function: calling ‘copy_fd’ from ‘copy_file’
#   12|   	while (1) {
#   13|   		char buffer[8192];
#   14|-> 		ssize_t len = xread(ifd, buffer, sizeof(buffer));
#   15|   		if (!len)
#   16|   			break;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def279]
git-2.52.0/copy.c:45:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(src, 0)’
git-2.52.0/copy.c:43:20: acquire_resource: opened here
git-2.52.0/copy.c:43:12: branch_false: following ‘false’ branch...
git-2.52.0/copy.c:45:20: branch_false: ...to here
git-2.52.0/copy.c:45:20: throw: if ‘open’ throws an exception...
git-2.52.0/copy.c:45:20: danger: ‘open(src, 0)’ leaks here; was opened at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#   43|   	if ((fdi = open(src, O_RDONLY)) < 0)
#   44|   		return fdi;
#   45|-> 	if ((fdo = open(dst, O_WRONLY | O_CREAT | O_EXCL, mode)) < 0) {
#   46|   		close(fdi);
#   47|   		return fdo;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def280]
git-2.52.0/copy.c:46:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(src, 0)’
git-2.52.0/copy.c:43:20: acquire_resource: opened here
git-2.52.0/copy.c:43:12: branch_false: following ‘false’ branch...
git-2.52.0/copy.c:45:20: branch_false: ...to here
git-2.52.0/copy.c:45:12: branch_true: following ‘true’ branch...
git-2.52.0/copy.c:46:17: branch_true: ...to here
git-2.52.0/copy.c:46:17: danger: ‘open(src, 0)’ leaks here; was opened at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#   44|   		return fdi;
#   45|   	if ((fdo = open(dst, O_WRONLY | O_CREAT | O_EXCL, mode)) < 0) {
#   46|-> 		close(fdi);
#   47|   		return fdo;
#   48|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def281]
git-2.52.0/daemon.c:101:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sockfd’
git-2.52.0/daemon.c:1097:13: enter_function: entry to ‘socksetup’
git-2.52.0/daemon.c:1099:12: branch_true: following ‘true’ branch...
git-2.52.0/daemon.c:1100:17: branch_true: ...to here
git-2.52.0/daemon.c:1100:17: call_function: calling ‘setup_named_sock’ from ‘socksetup’
#   99|   		char buf[1024];
#  100|   		vsnprintf(buf, sizeof(buf), err, params);
#  101|-> 		syslog(priority, "%s", buf);
#  102|   		break;
#  103|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def282]
git-2.52.0/daemon.c:113:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sockfd’
git-2.52.0/daemon.c:1097:13: enter_function: entry to ‘socksetup’
git-2.52.0/daemon.c:1099:12: branch_true: following ‘true’ branch...
git-2.52.0/daemon.c:1100:17: branch_true: ...to here
git-2.52.0/daemon.c:1100:17: call_function: calling ‘setup_named_sock’ from ‘socksetup’
#  111|   		vfprintf(stderr, err, params);
#  112|   		fputc('\n', stderr);
#  113|-> 		fflush(stderr);
#  114|   		break;
#  115|   	case LOG_DESTINATION_NONE:

Error: GCC_ANALYZER_WARNING (CWE-404): [#def283]
git-2.52.0/daemon.c:113:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/daemon.c:725:13: enter_function: entry to ‘set_keep_alive’
git-2.52.0/daemon.c:730:20: branch_true: following ‘true’ branch...
git-2.52.0/daemon.c:731:25: branch_true: ...to here
git-2.52.0/daemon.c:731:25: call_function: calling ‘logerror’ from ‘set_keep_alive’
#  111|   		vfprintf(stderr, err, params);
#  112|   		fputc('\n', stderr);
#  113|-> 		fflush(stderr);
#  114|   		break;
#  115|   	case LOG_DESTINATION_NONE:

Error: GCC_ANALYZER_WARNING (CWE-775): [#def284]
git-2.52.0/daemon.c:118:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sockfd’
git-2.52.0/daemon.c:1097:13: enter_function: entry to ‘socksetup’
git-2.52.0/daemon.c:1099:12: branch_true: following ‘true’ branch...
git-2.52.0/daemon.c:1100:17: branch_true: ...to here
git-2.52.0/daemon.c:1100:17: call_function: calling ‘setup_named_sock’ from ‘socksetup’
#  116|   		break;
#  117|   	case LOG_DESTINATION_UNSET:
#  118|-> 		BUG("log destination not initialized correctly");
#  119|   	}
#  120|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def285]
git-2.52.0/daemon.c:118:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/daemon.c:725:13: enter_function: entry to ‘set_keep_alive’
git-2.52.0/daemon.c:730:20: branch_true: following ‘true’ branch...
git-2.52.0/daemon.c:731:25: branch_true: ...to here
git-2.52.0/daemon.c:731:25: call_function: calling ‘logerror’ from ‘set_keep_alive’
#  116|   		break;
#  117|   	case LOG_DESTINATION_UNSET:
#  118|-> 		BUG("log destination not initialized correctly");
#  119|   	}
#  120|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def286]
git-2.52.0/daemon.c:957:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sockfd’
git-2.52.0/daemon.c:1097:13: enter_function: entry to ‘socksetup’
git-2.52.0/daemon.c:1099:12: branch_true: following ‘true’ branch...
git-2.52.0/daemon.c:1100:17: branch_true: ...to here
git-2.52.0/daemon.c:1100:17: call_function: calling ‘setup_named_sock’ from ‘socksetup’
#  955|   		break;
#  956|   	default:
#  957|-> 		xsnprintf(ip, sizeof(ip), "<unknown>");
#  958|   	}
#  959|   	return ip;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def287]
git-2.52.0/daemon.c:1020:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sockfd’
git-2.52.0/daemon.c:1097:13: enter_function: entry to ‘socksetup’
git-2.52.0/daemon.c:1099:12: branch_true: following ‘true’ branch...
git-2.52.0/daemon.c:1100:17: branch_true: ...to here
git-2.52.0/daemon.c:1100:17: call_function: calling ‘setup_named_sock’ from ‘socksetup’
# 1018|   				 ip2str(ai->ai_family, ai->ai_addr, ai->ai_addrlen),
# 1019|   				 strerror(errno));
# 1020|-> 			close(sockfd);
# 1021|   			continue;	/* not fatal */
# 1022|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def288]
git-2.52.0/daemon.c:1024:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sockfd’
git-2.52.0/daemon.c:1097:13: enter_function: entry to ‘socksetup’
git-2.52.0/daemon.c:1099:12: branch_true: following ‘true’ branch...
git-2.52.0/daemon.c:1100:17: branch_true: ...to here
git-2.52.0/daemon.c:1100:17: call_function: calling ‘setup_named_sock’ from ‘socksetup’
# 1022|   		}
# 1023|   
# 1024|-> 		flags = fcntl(sockfd, F_GETFD, 0);
# 1025|   		if (flags >= 0)
# 1026|   			fcntl(sockfd, F_SETFD, flags | FD_CLOEXEC);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def289]
git-2.52.0/diagnose.c:83:21: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(*path.buf)’
git-2.52.0/diagnose.c:76:20: acquire_memory: allocated here
git-2.52.0/diagnose.c:80:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:80:12: branch_false: ...to here
git-2.52.0/diagnose.c:83:21: throw: if ‘readdir_skip_dot_and_dotdot’ throws an exception...
git-2.52.0/diagnose.c:83:21: danger: ‘opendir(*path.buf)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/0)
#   81|   		return 0;
#   82|   
#   83|-> 	while ((e = readdir_skip_dot_and_dotdot(dir)) != NULL)
#   84|   		if (get_dtype(e, path, 0) == DT_REG)
#   85|   			count++;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def290]
git-2.52.0/diagnose.c:105:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(path)’
git-2.52.0/diagnose.c:93:20: acquire_memory: allocated here
git-2.52.0/diagnose.c:101:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:104:9: branch_false: ...to here
git-2.52.0/diagnose.c:105:9: throw: if ‘strbuf_add_absolute_path’ throws an exception...
git-2.52.0/diagnose.c:105:9: danger: ‘opendir(path)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/0)
#  103|   
#  104|   	strbuf_addstr(buf, "Object directory stats for ");
#  105|-> 	strbuf_add_absolute_path(buf, path);
#  106|   	strbuf_addstr(buf, ":\n");
#  107|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def291]
git-2.52.0/diagnose.c:108:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(path)’
git-2.52.0/diagnose.c:93:20: acquire_memory: allocated here
git-2.52.0/diagnose.c:101:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:104:9: branch_false: ...to here
git-2.52.0/diagnose.c:108:9: throw: if ‘strbuf_add_absolute_path’ throws an exception...
git-2.52.0/diagnose.c:108:9: danger: ‘opendir(path)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/0)
#  106|   	strbuf_addstr(buf, ":\n");
#  107|   
#  108|-> 	strbuf_add_absolute_path(&count_path, path);
#  109|   	strbuf_addch(&count_path, '/');
#  110|   	base_path_len = count_path.len;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def292]
git-2.52.0/diagnose.c:148:17: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(<unknown>)’
git-2.52.0/diagnose.c:138:15: acquire_memory: allocated here
git-2.52.0/diagnose.c:139:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:147:12: branch_false: ...to here
git-2.52.0/diagnose.c:147:12: branch_true: following ‘true’ branch...
git-2.52.0/diagnose.c:148:17: branch_true: ...to here
git-2.52.0/diagnose.c:148:17: throw: if ‘strbuf_addf’ throws an exception...
git-2.52.0/diagnose.c:148:17: danger: ‘opendir(<unknown>)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/0)
#  146|   
#  147|   	if (!at_root)
#  148|-> 		strbuf_addf(&buf, "%s/", path);
#  149|   	len = buf.len;
#  150|   	strvec_pushf(archiver_args, "--prefix=%s", buf.buf);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def293]
git-2.52.0/diagnose.c:150:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(<unknown>)’
git-2.52.0/diagnose.c:138:15: acquire_memory: allocated here
git-2.52.0/diagnose.c:139:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:147:12: branch_false: ...to here
git-2.52.0/diagnose.c:150:9: throw: if ‘strvec_pushf’ throws an exception...
git-2.52.0/diagnose.c:150:9: danger: ‘opendir(<unknown>)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/0)
#  148|   		strbuf_addf(&buf, "%s/", path);
#  149|   	len = buf.len;
#  150|-> 	strvec_pushf(archiver_args, "--prefix=%s", buf.buf);
#  151|   
#  152|   	while (!res && (e = readdir_skip_dot_and_dotdot(dir))) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def294]
git-2.52.0/diagnose.c:209:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stdout_fd’
git-2.52.0/diagnose.c:198:12: branch_false: following ‘false’ branch (when ‘mode != 0’)...
git-2.52.0/diagnose.c:203:21: branch_false: ...to here
git-2.52.0/diagnose.c:203:21: acquire_resource: opened here
git-2.52.0/diagnose.c:204:12: branch_false: following ‘false’ branch (when ‘stdout_fd >= 0’)...
git-2.52.0/diagnose.c:209:29: branch_false: ...to here
git-2.52.0/diagnose.c:209:23: throw: if ‘xopen’ throws an exception...
git-2.52.0/diagnose.c:209:23: danger: ‘stdout_fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/2)
#  207|   	}
#  208|   
#  209|-> 	archiver_fd = xopen(zip_path->buf, O_CREAT | O_WRONLY | O_TRUNC, 0666);
#  210|   	if (dup2(archiver_fd, STDOUT_FILENO) < 0) {
#  211|   		res = error_errno(_("could not redirect output"));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def295]
git-2.52.0/diagnose.c:210:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(xopen(*zip_path.buf, 577, 438), 1)’
git-2.52.0/diagnose.c:198:12: branch_false: following ‘false’ branch (when ‘mode != 0’)...
git-2.52.0/diagnose.c:203:21: branch_false: ...to here
git-2.52.0/diagnose.c:204:12: branch_false: following ‘false’ branch (when ‘stdout_fd >= 0’)...
git-2.52.0/diagnose.c:209:29: branch_false: ...to here
git-2.52.0/diagnose.c:210:13: acquire_resource: opened here
git-2.52.0/diagnose.c:210:12: danger: ‘dup2(xopen(*zip_path.buf, 577, 438), 1)’ leaks here; was opened at [(5)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/4)
#  208|   
#  209|   	archiver_fd = xopen(zip_path->buf, O_CREAT | O_WRONLY | O_TRUNC, 0666);
#  210|-> 	if (dup2(archiver_fd, STDOUT_FILENO) < 0) {
#  211|   		res = error_errno(_("could not redirect output"));
#  212|   		goto diagnose_cleanup;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def296]
git-2.52.0/diagnose.c:211:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stdout_fd’
git-2.52.0/diagnose.c:181:5: enter_function: entry to ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:198:12: branch_false: following ‘false’ branch (when ‘mode != 0’)...
git-2.52.0/diagnose.c:203:21: branch_false: ...to here
git-2.52.0/diagnose.c:203:21: acquire_resource: opened here
git-2.52.0/diagnose.c:204:12: branch_false: following ‘false’ branch (when ‘stdout_fd >= 0’)...
git-2.52.0/diagnose.c:209:29: branch_false: ...to here
git-2.52.0/diagnose.c:210:12: branch_true: following ‘true’ branch...
git-2.52.0/diagnose.c:211:23: branch_true: ...to here
git-2.52.0/diagnose.c:211:23: call_function: calling ‘_’ from ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:211:23: return_function: returning to ‘create_diagnostics_archive’ from ‘_’
git-2.52.0/diagnose.c:211:23: throw: if ‘error_errno’ throws an exception...
git-2.52.0/diagnose.c:211:23: danger: ‘stdout_fd’ leaks here; was opened at [(4)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/3)
#  209|   	archiver_fd = xopen(zip_path->buf, O_CREAT | O_WRONLY | O_TRUNC, 0666);
#  210|   	if (dup2(archiver_fd, STDOUT_FILENO) < 0) {
#  211|-> 		res = error_errno(_("could not redirect output"));
#  212|   		goto diagnose_cleanup;
#  213|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def297]
git-2.52.0/diagnose.c:215:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stdout_fd’
git-2.52.0/diagnose.c:198:12: branch_false: following ‘false’ branch (when ‘mode != 0’)...
git-2.52.0/diagnose.c:203:21: branch_false: ...to here
git-2.52.0/diagnose.c:203:21: acquire_resource: opened here
git-2.52.0/diagnose.c:204:12: branch_false: following ‘false’ branch (when ‘stdout_fd >= 0’)...
git-2.52.0/diagnose.c:209:29: branch_false: ...to here
git-2.52.0/diagnose.c:210:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:215:9: branch_false: ...to here
git-2.52.0/diagnose.c:215:9: throw: if ‘init_zip_archiver’ throws an exception...
git-2.52.0/diagnose.c:215:9: danger: ‘stdout_fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/2)
#  213|   	}
#  214|   
#  215|-> 	init_zip_archiver();
#  216|   	strvec_pushl(&archiver_args, "git-diagnose", "--format=zip", NULL);
#  217|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def298]
git-2.52.0/diagnose.c:216:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stdout_fd’
git-2.52.0/diagnose.c:198:12: branch_false: following ‘false’ branch (when ‘mode != 0’)...
git-2.52.0/diagnose.c:203:21: branch_false: ...to here
git-2.52.0/diagnose.c:203:21: acquire_resource: opened here
git-2.52.0/diagnose.c:204:12: branch_false: following ‘false’ branch (when ‘stdout_fd >= 0’)...
git-2.52.0/diagnose.c:209:29: branch_false: ...to here
git-2.52.0/diagnose.c:210:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:215:9: branch_false: ...to here
git-2.52.0/diagnose.c:216:9: throw: if ‘strvec_pushl’ throws an exception...
git-2.52.0/diagnose.c:216:9: danger: ‘stdout_fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/2)
#  214|   
#  215|   	init_zip_archiver();
#  216|-> 	strvec_pushl(&archiver_args, "git-diagnose", "--format=zip", NULL);
#  217|   
#  218|   	strbuf_reset(&buf);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def299]
git-2.52.0/diagnose.c:220:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stdout_fd’
git-2.52.0/diagnose.c:181:5: enter_function: entry to ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:198:12: branch_false: following ‘false’ branch (when ‘mode != 0’)...
git-2.52.0/diagnose.c:203:21: branch_false: ...to here
git-2.52.0/diagnose.c:203:21: acquire_resource: opened here
git-2.52.0/diagnose.c:204:12: branch_false: following ‘false’ branch (when ‘stdout_fd >= 0’)...
git-2.52.0/diagnose.c:209:29: branch_false: ...to here
git-2.52.0/diagnose.c:210:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:215:9: branch_false: ...to here
git-2.52.0/diagnose.c:218:9: call_function: calling ‘strbuf_setlen’ from ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:218:9: return_function: returning to ‘create_diagnostics_archive’ from ‘strbuf_setlen’
git-2.52.0/diagnose.c:220:9: throw: if ‘get_version_info’ throws an exception...
git-2.52.0/diagnose.c:220:9: danger: ‘stdout_fd’ leaks here; was opened at [(4)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/3)
#  218|   	strbuf_reset(&buf);
#  219|   	strbuf_addstr(&buf, "Collecting diagnostic info\n\n");
#  220|-> 	get_version_info(&buf, 1);
#  221|   
#  222|   	strbuf_addf(&buf, "Repository root: %s\n", r->worktree);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def300]
git-2.52.0/diagnose.c:222:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stdout_fd’
git-2.52.0/diagnose.c:181:5: enter_function: entry to ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:198:12: branch_false: following ‘false’ branch (when ‘mode != 0’)...
git-2.52.0/diagnose.c:203:21: branch_false: ...to here
git-2.52.0/diagnose.c:203:21: acquire_resource: opened here
git-2.52.0/diagnose.c:204:12: branch_false: following ‘false’ branch (when ‘stdout_fd >= 0’)...
git-2.52.0/diagnose.c:209:29: branch_false: ...to here
git-2.52.0/diagnose.c:210:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:215:9: branch_false: ...to here
git-2.52.0/diagnose.c:218:9: call_function: calling ‘strbuf_setlen’ from ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:218:9: return_function: returning to ‘create_diagnostics_archive’ from ‘strbuf_setlen’
git-2.52.0/diagnose.c:222:9: throw: if ‘strbuf_addf’ throws an exception...
git-2.52.0/diagnose.c:222:9: danger: ‘stdout_fd’ leaks here; was opened at [(4)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/3)
#  220|   	get_version_info(&buf, 1);
#  221|   
#  222|-> 	strbuf_addf(&buf, "Repository root: %s\n", r->worktree);
#  223|   	get_disk_info(&buf);
#  224|   	write_or_die(stdout_fd, buf.buf, buf.len);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def301]
git-2.52.0/diagnose.c:224:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stdout_fd’
git-2.52.0/diagnose.c:181:5: enter_function: entry to ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:198:12: branch_false: following ‘false’ branch (when ‘mode != 0’)...
git-2.52.0/diagnose.c:203:21: branch_false: ...to here
git-2.52.0/diagnose.c:203:21: acquire_resource: opened here
git-2.52.0/diagnose.c:204:12: branch_false: following ‘false’ branch (when ‘stdout_fd >= 0’)...
git-2.52.0/diagnose.c:209:29: branch_false: ...to here
git-2.52.0/diagnose.c:210:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:215:9: branch_false: ...to here
git-2.52.0/diagnose.c:218:9: call_function: calling ‘strbuf_setlen’ from ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:218:9: return_function: returning to ‘create_diagnostics_archive’ from ‘strbuf_setlen’
git-2.52.0/diagnose.c:224:9: throw: if ‘write_or_die’ throws an exception...
git-2.52.0/diagnose.c:224:9: danger: ‘stdout_fd’ leaks here; was opened at [(4)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/3)
#  222|   	strbuf_addf(&buf, "Repository root: %s\n", r->worktree);
#  223|   	get_disk_info(&buf);
#  224|-> 	write_or_die(stdout_fd, buf.buf, buf.len);
#  225|   	strvec_pushf(&archiver_args,
#  226|   		     "--add-virtual-file=diagnostics.log:%.*s",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def302]
git-2.52.0/diagnose.c:274:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stdout_fd’
git-2.52.0/diagnose.c:181:5: enter_function: entry to ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:198:12: branch_false: following ‘false’ branch (when ‘mode != 0’)...
git-2.52.0/diagnose.c:203:21: branch_false: ...to here
git-2.52.0/diagnose.c:203:21: acquire_resource: opened here
git-2.52.0/diagnose.c:204:12: branch_false: following ‘false’ branch (when ‘stdout_fd >= 0’)...
git-2.52.0/diagnose.c:209:29: branch_false: ...to here
git-2.52.0/diagnose.c:210:12: branch_true: following ‘true’ branch...
git-2.52.0/diagnose.c:211:23: branch_true: ...to here
git-2.52.0/diagnose.c:211:23: call_function: calling ‘_’ from ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:211:23: return_function: returning to ‘create_diagnostics_archive’ from ‘_’
git-2.52.0/diagnose.c:272:12: branch_true: following ‘true’ branch...
git-2.52.0/diagnose.c:273:17: branch_true: ...to here
git-2.52.0/diagnose.c:274:17: throw: if ‘close’ throws an exception...
git-2.52.0/diagnose.c:274:17: danger: ‘stdout_fd’ leaks here; was opened at [(4)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/3)
#  272|   	if (archiver_fd >= 0) {
#  273|   		dup2(stdout_fd, STDOUT_FILENO);
#  274|-> 		close(stdout_fd);
#  275|   		close(archiver_fd);
#  276|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def303]
git-2.52.0/diagnose.c:278:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stdout_fd’
git-2.52.0/diagnose.c:181:5: enter_function: entry to ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:198:12: branch_false: following ‘false’ branch (when ‘mode != 0’)...
git-2.52.0/diagnose.c:203:21: branch_false: ...to here
git-2.52.0/diagnose.c:203:21: acquire_resource: opened here
git-2.52.0/diagnose.c:204:12: branch_false: following ‘false’ branch (when ‘stdout_fd >= 0’)...
git-2.52.0/diagnose.c:209:29: branch_false: ...to here
git-2.52.0/diagnose.c:210:12: branch_true: following ‘true’ branch...
git-2.52.0/diagnose.c:211:23: branch_true: ...to here
git-2.52.0/diagnose.c:211:23: call_function: calling ‘_’ from ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:211:23: return_function: returning to ‘create_diagnostics_archive’ from ‘_’
git-2.52.0/diagnose.c:272:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:277:9: branch_false: ...to here
git-2.52.0/diagnose.c:278:9: throw: if ‘strvec_clear’ throws an exception...
git-2.52.0/diagnose.c:278:9: danger: ‘stdout_fd’ leaks here; was opened at [(4)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/3)
#  276|   	}
#  277|   	free(argv_copy);
#  278|-> 	strvec_clear(&archiver_args);
#  279|   	strbuf_release(&buf);
#  280|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def304]
git-2.52.0/diagnose.c:279:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stdout_fd’
git-2.52.0/diagnose.c:181:5: enter_function: entry to ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:198:12: branch_false: following ‘false’ branch (when ‘mode != 0’)...
git-2.52.0/diagnose.c:203:21: branch_false: ...to here
git-2.52.0/diagnose.c:203:21: acquire_resource: opened here
git-2.52.0/diagnose.c:204:12: branch_false: following ‘false’ branch (when ‘stdout_fd >= 0’)...
git-2.52.0/diagnose.c:209:29: branch_false: ...to here
git-2.52.0/diagnose.c:210:12: branch_true: following ‘true’ branch...
git-2.52.0/diagnose.c:211:23: branch_true: ...to here
git-2.52.0/diagnose.c:211:23: call_function: calling ‘_’ from ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:211:23: return_function: returning to ‘create_diagnostics_archive’ from ‘_’
git-2.52.0/diagnose.c:272:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:277:9: branch_false: ...to here
git-2.52.0/diagnose.c:279:9: throw: if ‘strbuf_release’ throws an exception...
git-2.52.0/diagnose.c:279:9: danger: ‘stdout_fd’ leaks here; was opened at [(4)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/3)
#  277|   	free(argv_copy);
#  278|   	strvec_clear(&archiver_args);
#  279|-> 	strbuf_release(&buf);
#  280|   
#  281|   	return res;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def305]
git-2.52.0/diagnose.c:281:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stdout_fd’
git-2.52.0/diagnose.c:181:5: enter_function: entry to ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:198:12: branch_false: following ‘false’ branch (when ‘mode != 0’)...
git-2.52.0/diagnose.c:203:21: branch_false: ...to here
git-2.52.0/diagnose.c:203:21: acquire_resource: opened here
git-2.52.0/diagnose.c:204:12: branch_false: following ‘false’ branch (when ‘stdout_fd >= 0’)...
git-2.52.0/diagnose.c:209:29: branch_false: ...to here
git-2.52.0/diagnose.c:210:12: branch_true: following ‘true’ branch...
git-2.52.0/diagnose.c:211:23: branch_true: ...to here
git-2.52.0/diagnose.c:211:23: call_function: calling ‘_’ from ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:211:23: return_function: returning to ‘create_diagnostics_archive’ from ‘_’
git-2.52.0/diagnose.c:272:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:277:9: branch_false: ...to here
git-2.52.0/diagnose.c:281:16: danger: ‘stdout_fd’ leaks here; was opened at [(4)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/3)
#  279|   	strbuf_release(&buf);
#  280|   
#  281|-> 	return res;
#  282|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def306]
git-2.52.0/diff-lib.c:316:22: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ce’
git-2.52.0/diff-lib.c:437:13: enter_function: entry to ‘do_oneway_diff’
git-2.52.0/diff-lib.c:448:12: branch_true: following ‘true’ branch...
git-2.52.0/diff-lib.c:449:13: branch_true: ...to here
git-2.52.0/diff-lib.c:448:13: branch_true: following ‘true’ branch...
git-2.52.0/diff-lib.c:448:13: branch_true: ...to here
git-2.52.0/diff-lib.c:457:18: branch_true: following ‘true’ branch...
git-2.52.0/diff-lib.c:457:18: branch_true: ...to here
git-2.52.0/diff-lib.c:462:12: branch_false: following ‘false’ branch...
git-2.52.0/diff-lib.c:474:12: branch_false: ...to here
git-2.52.0/diff-lib.c:474:12: branch_true: following ‘true’ branch (when ‘tree’ is NULL)...
git-2.52.0/diff-lib.c:475:17: branch_true: ...to here
git-2.52.0/diff-lib.c:475:17: call_function: calling ‘show_new_file’ from ‘do_oneway_diff’
#  314|   {
#  315|   	const struct object_id *oid = &ce->oid;
#  316|-> 	unsigned int mode = ce->ce_mode;
#  317|   
#  318|   	if (!cached && !ce_uptodate(ce)) {

Error: COMPILER_WARNING (CWE-704): [#def307]
git-2.52.0/diff.c: scope_hint: In function ‘fn_out_diff_words_write_helper’
git-2.52.0/diff.c:1933:27: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
# 1933 |                 char *p = memchr(buf, '\n', count);
#      |                           ^~~~~~
# 1931|   
# 1932|   	while (count) {
# 1933|-> 		char *p = memchr(buf, '\n', count);
# 1934|   		if (print)
# 1935|   			strbuf_addstr(&sb, diff_line_prefix(o));

Error: COMPILER_WARNING (CWE-704): [#def308]
git-2.52.0/diff.c:1933:27: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
# 1931|   
# 1932|   	while (count) {
# 1933|-> 		char *p = memchr(buf, '\n', count);
# 1934|   		if (print)
# 1935|   			strbuf_addstr(&sb, diff_line_prefix(o));

Error: COMPILER_WARNING (CWE-704): [#def309]
git-2.52.0/diff.c: scope_hint: In function ‘gather_dirstat’
git-2.52.0/diff.c:3022:23: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 3022 |                 slash = strchr(f->name + baselen, '/');
#      |                       ^
# 3020|   		if (memcmp(f->name, base, baselen))
# 3021|   			break;
# 3022|-> 		slash = strchr(f->name + baselen, '/');
# 3023|   		if (slash) {
# 3024|   			int newbaselen = slash + 1 - f->name;

Error: COMPILER_WARNING (CWE-704): [#def310]
git-2.52.0/diff.c:3022:23: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 3020|   		if (memcmp(f->name, base, baselen))
# 3021|   			break;
# 3022|-> 		slash = strchr(f->name + baselen, '/');
# 3023|   		if (slash) {
# 3024|   			int newbaselen = slash + 1 - f->name;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def311]
git-2.52.0/diff.c:4223:39: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(*s.path, 0)’
git-2.52.0/diff.c:633:12: enter_function: entry to ‘fill_mmfile’
git-2.52.0/diff.c:641:18: call_function: calling ‘diff_populate_filespec’ from ‘fill_mmfile’
# 4221|   		if (fd < 0)
# 4222|   			goto err_empty;
# 4223|-> 		s->data = xmmap(NULL, s->size, PROT_READ, MAP_PRIVATE, fd, 0);
# 4224|   		close(fd);
# 4225|   		s->should_munmap = 1;

Error: COMPILER_WARNING (CWE-704): [#def312]
git-2.52.0/diffcore-rename.c: scope_hint: In function ‘get_dirname’
git-2.52.0/diffcore-rename.c:382:23: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  382 |         char *slash = strrchr(filename, '/');
#      |                       ^~~~~~~
#  380|   static char *get_dirname(const char *filename)
#  381|   {
#  382|-> 	char *slash = strrchr(filename, '/');
#  383|   	return slash ? xstrndup(filename, slash - filename) : xstrdup("");
#  384|   }

Error: COMPILER_WARNING (CWE-704): [#def313]
git-2.52.0/diffcore-rename.c:382:23: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  380|   static char *get_dirname(const char *filename)
#  381|   {
#  382|-> 	char *slash = strrchr(filename, '/');
#  383|   	return slash ? xstrndup(filename, slash - filename) : xstrdup("");
#  384|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def314]
git-2.52.0/dir.c:84:21: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(path)’
git-2.52.0/dir.c:3253:5: enter_function: entry to ‘is_empty_dir’
git-2.52.0/dir.c:3255:20: acquire_memory: allocated here
git-2.52.0/dir.c:3259:12: branch_false: following ‘false’ branch...
git-2.52.0/dir.c:3262:13: branch_false: ...to here
git-2.52.0/dir.c:3262:13: call_function: calling ‘readdir_skip_dot_and_dotdot’ from ‘is_empty_dir’
#   82|   	struct dirent *e;
#   83|   
#   84|-> 	while ((e = readdir(dirp)) != NULL) {
#   85|   		if (!is_dot_or_dotdot(e->d_name))
#   86|   			break;

Error: COMPILER_WARNING (CWE-704): [#def315]
git-2.52.0/dir.c: scope_hint: In function ‘remove_path’
git-2.52.0/dir.c:3524:15: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 3524 |         slash = strrchr(name, '/');
#      |               ^
# 3522|   		return -1;
# 3523|   
# 3524|-> 	slash = strrchr(name, '/');
# 3525|   	if (slash) {
# 3526|   		char *dirs = xstrdup(name);

Error: COMPILER_WARNING (CWE-704): [#def316]
git-2.52.0/dir.c:3524:15: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 3522|   		return -1;
# 3523|   
# 3524|-> 	slash = strrchr(name, '/');
# 3525|   	if (slash) {
# 3526|   		char *dirs = xstrdup(name);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def317]
git-2.52.0/dir.c:3960:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ucd’
git-2.52.0/dir.c:3990:12: enter_function: entry to ‘invalidate_one_component’
git-2.52.0/dir.c:3996:12: branch_true: following ‘true’ branch (when ‘rest’ is non-NULL)...
git-2.52.0/dir.c:3997:37: branch_true: ...to here
git-2.52.0/dir.c:3999:25: call_function: calling ‘lookup_untracked’ from ‘invalidate_one_component’
git-2.52.0/dir.c:3999:25: return_function: returning to ‘invalidate_one_component’ from ‘lookup_untracked’
git-2.52.0/dir.c:4001:25: call_function: calling ‘invalidate_one_component’ from ‘invalidate_one_component’
# 3958|   {
# 3959|   	uc->dir_invalidated++;
# 3960|-> 	ucd->valid = 0;
# 3961|   	for (size_t i = 0; i < ucd->untracked_nr; i++)
# 3962|   		free(ucd->untracked[i]);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def318]
git-2.52.0/entry.c:64:23: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(*path.buf)’
git-2.52.0/entry.c:482:5: enter_function: entry to ‘checkout_entry_ca’
git-2.52.0/entry.c:501:12: branch_false: following ‘false’ branch (when ‘topath’ is NULL)...
git-2.52.0/entry.c:509:9: branch_false: ...to here
git-2.52.0/entry.c:509:9: call_function: calling ‘strbuf_setlen’ from ‘checkout_entry_ca’
git-2.52.0/entry.c:509:9: return_function: returning to ‘checkout_entry_ca’ from ‘strbuf_setlen’
git-2.52.0/entry.c:513:12: branch_true: following ‘true’ branch...
git-2.52.0/entry.c:515:50: branch_true: ...to here
git-2.52.0/entry.c:522:20: branch_false: following ‘false’ branch...
git-2.52.0/entry.c:539:20: branch_false: ...to here
git-2.52.0/entry.c:539:20: branch_false: following ‘false’ branch...
git-2.52.0/entry.c:541:21: branch_false: ...to here
git-2.52.0/entry.c:541:20: branch_false: following ‘false’ branch...
git-2.52.0/entry.c:549:21: branch_false: ...to here
git-2.52.0/entry.c:558:20: branch_true: following ‘true’ branch...
git-2.52.0/entry.c:560:29: branch_true: ...to here
git-2.52.0/entry.c:560:28: branch_false: following ‘false’ branch...
git-2.52.0/entry.c:574:29: branch_false: ...to here
git-2.52.0/entry.c:576:25: call_function: calling ‘remove_subtree’ from ‘checkout_entry_ca’
#   62|   	DIR *dir = opendir(path->buf);
#   63|   	struct dirent *de;
#   64|-> 	int origlen = path->len;
#   65|   
#   66|   	if (!dir)

Error: COMPILER_WARNING (CWE-704): [#def319]
git-2.52.0/fmt-merge-msg.c: scope_hint: In function ‘record_person_from_buf’
git-2.52.0/fmt-merge-msg.c:254:14: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  254 |         name = strstr(buffer, field);
#      |              ^
#  252|   
#  253|   	field = (which == 'a') ? "\nauthor " : "\ncommitter ";
#  254|-> 	name = strstr(buffer, field);
#  255|   	if (!name)
#  256|   		return;

Error: COMPILER_WARNING (CWE-704): [#def320]
git-2.52.0/fmt-merge-msg.c:254:14: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  252|   
#  253|   	field = (which == 'a') ? "\nauthor " : "\ncommitter ";
#  254|-> 	name = strstr(buffer, field);
#  255|   	if (!name)
#  256|   		return;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def321]
git-2.52.0/fsck.c:55:27: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/fsck.c:1157:12: enter_function: entry to ‘fsck_blob’
git-2.52.0/fsck.c:1165:12: branch_true: following ‘true’ branch...
git-2.52.0/fsck.c:1166:39: branch_true: ...to here
git-2.52.0/fsck.c:1171:20: branch_true: following ‘true’ branch (when ‘buf’ is NULL)...
git-2.52.0/fsck.c:1177:32: branch_true: ...to here
git-2.52.0/fsck.c:1177:32: call_function: calling ‘report’ from ‘fsck_blob’
#   53|   		const char *p = msg_id_info[i].id_string;
#   54|   		int len = strlen(p);
#   55|-> 		char *q = xmalloc(len);
#   56|   
#   57|   		msg_id_info[i].downcased = q;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def322]
git-2.52.0/fsck.c:252:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/fsck.c:1157:12: enter_function: entry to ‘fsck_blob’
git-2.52.0/fsck.c:1165:12: branch_true: following ‘true’ branch...
git-2.52.0/fsck.c:1166:39: branch_true: ...to here
git-2.52.0/fsck.c:1171:20: branch_true: following ‘true’ branch (when ‘buf’ is NULL)...
git-2.52.0/fsck.c:1177:32: branch_true: ...to here
git-2.52.0/fsck.c:1177:32: call_function: calling ‘report’ from ‘fsck_blob’
#  250|   
#  251|   	prepare_msg_ids();
#  252|-> 	strbuf_addf(&sb, "%s: ", msg_id_info[msg_id].camelcased);
#  253|   
#  254|   	strbuf_vaddf(&sb, fmt, ap);

Error: COMPILER_WARNING (CWE-704): [#def323]
git-2.52.0/fsck.c: scope_hint: In function ‘fsck_tag_standalone’
git-2.52.0/fsck.c:1029:13: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1029 |         eol = memchr(buffer, '\n', buffer_end - buffer);
#      |             ^
# 1027|   		goto done;
# 1028|   	}
# 1029|-> 	eol = memchr(buffer, '\n', buffer_end - buffer);
# 1030|   	if (!eol) {
# 1031|   		ret = report(options, oid, OBJ_TAG, FSCK_MSG_MISSING_TYPE, "invalid format - unexpected end after 'type' line");

Error: COMPILER_WARNING (CWE-704): [#def324]
git-2.52.0/fsck.c:1029:13: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1027|   		goto done;
# 1028|   	}
# 1029|-> 	eol = memchr(buffer, '\n', buffer_end - buffer);
# 1030|   	if (!eol) {
# 1031|   		ret = report(options, oid, OBJ_TAG, FSCK_MSG_MISSING_TYPE, "invalid format - unexpected end after 'type' line");

Error: COMPILER_WARNING (CWE-704): [#def325]
git-2.52.0/fsck.c:1045:13: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1045 |         eol = memchr(buffer, '\n', buffer_end - buffer);
#      |             ^
# 1043|   		goto done;
# 1044|   	}
# 1045|-> 	eol = memchr(buffer, '\n', buffer_end - buffer);
# 1046|   	if (!eol) {
# 1047|   		ret = report(options, oid, OBJ_TAG, FSCK_MSG_MISSING_TAG, "invalid format - unexpected end after 'type' line");

Error: COMPILER_WARNING (CWE-704): [#def326]
git-2.52.0/fsck.c:1045:13: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1043|   		goto done;
# 1044|   	}
# 1045|-> 	eol = memchr(buffer, '\n', buffer_end - buffer);
# 1046|   	if (!eol) {
# 1047|   		ret = report(options, oid, OBJ_TAG, FSCK_MSG_MISSING_TAG, "invalid format - unexpected end after 'type' line");

Error: COMPILER_WARNING (CWE-704): [#def327]
git-2.52.0/fsck.c:1071:21: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1071 |                 eol = memchr(buffer, '\n', buffer_end - buffer);
#      |                     ^
# 1069|   
# 1070|   	if (buffer < buffer_end && (skip_prefix(buffer, "gpgsig ", &buffer) || skip_prefix(buffer, "gpgsig-sha256 ", &buffer))) {
# 1071|-> 		eol = memchr(buffer, '\n', buffer_end - buffer);
# 1072|   		if (!eol) {
# 1073|   			ret = report(options, oid, OBJ_TAG, FSCK_MSG_BAD_GPGSIG, "invalid format - unexpected end after 'gpgsig' or 'gpgsig-sha256' line");

Error: COMPILER_WARNING (CWE-704): [#def328]
git-2.52.0/fsck.c:1071:21: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1069|   
# 1070|   	if (buffer < buffer_end && (skip_prefix(buffer, "gpgsig ", &buffer) || skip_prefix(buffer, "gpgsig-sha256 ", &buffer))) {
# 1071|-> 		eol = memchr(buffer, '\n', buffer_end - buffer);
# 1072|   		if (!eol) {
# 1073|   			ret = report(options, oid, OBJ_TAG, FSCK_MSG_BAD_GPGSIG, "invalid format - unexpected end after 'gpgsig' or 'gpgsig-sha256' line");

Error: COMPILER_WARNING (CWE-704): [#def329]
git-2.52.0/fsck.c:1079:29: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1079 |                         eol = memchr(buffer, '\n', buffer_end - buffer);
#      |                             ^
# 1077|   
# 1078|   		while (buffer < buffer_end && starts_with(buffer, " ")) {
# 1079|-> 			eol = memchr(buffer, '\n', buffer_end - buffer);
# 1080|   			if (!eol) {
# 1081|   				ret = report(options, oid, OBJ_TAG, FSCK_MSG_BAD_HEADER_CONTINUATION, "invalid format - unexpected end in 'gpgsig' or 'gpgsig-sha256' continuation line");

Error: COMPILER_WARNING (CWE-704): [#def330]
git-2.52.0/fsck.c:1079:29: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1077|   
# 1078|   		while (buffer < buffer_end && starts_with(buffer, " ")) {
# 1079|-> 			eol = memchr(buffer, '\n', buffer_end - buffer);
# 1080|   			if (!eol) {
# 1081|   				ret = report(options, oid, OBJ_TAG, FSCK_MSG_BAD_HEADER_CONTINUATION, "invalid format - unexpected end in 'gpgsig' or 'gpgsig-sha256' continuation line");

Error: COMPILER_WARNING (CWE-704): [#def331]
git-2.52.0/base85.c:1: included_from: Included from here.
git-2.52.0/git-compat-util.h: scope_hint: In function ‘git_find_last_dir_sep’
git-2.52.0/git-compat-util.h:373:16: warning[-Wdiscarded-qualifiers]: return discards ‘const’ qualifier from pointer target type
#  373 |         return strrchr(path, '/');
#      |                ^~~~~~~
#  371|   static inline char *git_find_last_dir_sep(const char *path)
#  372|   {
#  373|-> 	return strrchr(path, '/');
#  374|   }
#  375|   #define find_last_dir_sep git_find_last_dir_sep

Error: COMPILER_WARNING (CWE-704): [#def332]
git-2.52.0/git-compat-util.h:373:16: warning[-Wdiscarded-qualifiers]: return discards ‘const’ qualifier from pointer target type
#  371|   static inline char *git_find_last_dir_sep(const char *path)
#  372|   {
#  373|-> 	return strrchr(path, '/');
#  374|   }
#  375|   #define find_last_dir_sep git_find_last_dir_sep

Error: GCC_ANALYZER_WARNING (CWE-401): [#def333]
git-2.52.0/git-compat-util.h:626:17: warning[-Wanalyzer-malloc-leak]: leak of ‘temp’
git-2.52.0/builtin/submodule--helper.c:1054:13: enter_function: entry to ‘submodule_summary_callback’
git-2.52.0/builtin/submodule--helper.c:1060:21: branch_true: following ‘true’ branch...
git-2.52.0/builtin/submodule--helper.c:1061:43: branch_true: ...to here
git-2.52.0/builtin/submodule--helper.c:1066:43: acquire_memory: allocated here
git-2.52.0/builtin/submodule--helper.c:1074:17: branch_true: following ‘true’ branch...
git-2.52.0/builtin/submodule--helper.c:1074:17: branch_true: ...to here
git-2.52.0/builtin/submodule--helper.c:1074:17: call_function: inlined call to ‘st_mult’ from ‘submodule_summary_callback’
#  624|   {
#  625|   	if (unsigned_mult_overflows(a, b))
#  626|-> 		die("size_t overflow: %"PRIuMAX" * %"PRIuMAX,
#  627|   		    (uintmax_t)a, (uintmax_t)b);
#  628|   	return a * b;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def334]
git-2.52.0/git-compat-util.h:626:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/strvec.c:42:6: enter_function: entry to ‘strvec_pushl’
git-2.52.0/strvec.c:47:9: acquire_resource: ‘va_start’ called here
git-2.52.0/strvec.c:48:16: branch_true: following ‘true’ branch (when ‘arg’ is non-NULL)...
git-2.52.0/strvec.c:49:17: branch_true: ...to here
git-2.52.0/strvec.c:49:17: call_function: calling ‘strvec_push’ from ‘strvec_pushl’
#  624|   {
#  625|   	if (unsigned_mult_overflows(a, b))
#  626|-> 		die("size_t overflow: %"PRIuMAX" * %"PRIuMAX,
#  627|   		    (uintmax_t)a, (uintmax_t)b);
#  628|   	return a * b;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def335]
git-2.52.0/git-compat-util.h:735:17: warning[-Wanalyzer-null-argument]: use of NULL ‘dst’ where non-null expected
git-2.52.0/line-log.c:1099:12: enter_function: entry to ‘process_all_files’
git-2.52.0/line-log.c:1106:22: call_function: calling ‘line_log_data_copy’ from ‘process_all_files’
#  733|   {
#  734|   	if (n)
#  735|-> 		memcpy(dst, src, st_mult(size, n));
#  736|   }
#  737|   

Error: COMPILER_WARNING (CWE-704): [#def336]
git-2.52.0/gpg-interface.c: scope_hint: In function ‘parse_ssh_output’
git-2.52.0/gpg-interface.c:444:13: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  444 |         key = strstr(line, "key ");
#      |             ^
#  442|   	}
#  443|   
#  444|-> 	key = strstr(line, "key ");
#  445|   	if (key) {
#  446|   		sigc->fingerprint = xstrdup(key + 4);

Error: COMPILER_WARNING (CWE-704): [#def337]
git-2.52.0/gpg-interface.c:444:13: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  442|   	}
#  443|   
#  444|-> 	key = strstr(line, "key ");
#  445|   	if (key) {
#  446|   		sigc->fingerprint = xstrdup(key + 4);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def338]
git-2.52.0/graph.c:1115:46: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘parents’
git-2.52.0/graph.c:1519:6: enter_function: entry to ‘graph_show_commit_msg’
git-2.52.0/graph.c:1528:9: call_function: calling ‘graph_show_strbuf’ from ‘graph_show_commit_msg’
# 1113|   
# 1114|   			for (j = 0; j < graph->num_parents; j++) {
# 1115|-> 				par_column = graph_find_new_column_by_commit(graph, parents->item);
# 1116|   				assert(par_column >= 0);
# 1117|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def339]
git-2.52.0/graph.c:1148:35: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
git-2.52.0/graph.c:1519:6: enter_function: entry to ‘graph_show_commit_msg’
git-2.52.0/graph.c:1528:9: call_function: calling ‘graph_show_strbuf’ from ‘graph_show_commit_msg’
# 1146|   		}
# 1147|   
# 1148|-> 		if (col_commit == first_parent->item)
# 1149|   			parent_col = col;
# 1150|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def340]
git-2.52.0/grep.c:1963:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(filename, 0)’
git-2.52.0/grep.c:1943:12: enter_function: entry to ‘grep_source_load_file’
git-2.52.0/grep.c:1951:12: branch_false: following ‘false’ branch...
git-2.52.0/grep.c:1957:14: branch_false: ...to here
git-2.52.0/grep.c:1957:12: branch_false: following ‘false’ branch...
git-2.52.0/grep.c:1959:24: branch_false: ...to here
git-2.52.0/grep.c:1959:16: call_function: inlined call to ‘xsize_t’ from ‘grep_source_load_file’
git-2.52.0/grep.c:1960:13: acquire_resource: opened here
git-2.52.0/grep.c:1961:12: branch_false: following ‘false’ branch...
git-2.52.0/grep.c:1963:16: branch_false: ...to here
git-2.52.0/grep.c:1963:16: throw: if ‘xmallocz’ throws an exception...
git-2.52.0/grep.c:1963:16: danger: ‘open(filename, 0)’ leaks here; was opened at [(9)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/8)
# 1961|   	if (i < 0)
# 1962|   		goto err_ret;
# 1963|-> 	data = xmallocz(size);
# 1964|   	if (st.st_size != read_in_full(i, data, size)) {
# 1965|   		error_errno(_("'%s': short read"), filename);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def341]
git-2.52.0/grep.c:1964:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(filename, 0)’
git-2.52.0/grep.c:1943:12: enter_function: entry to ‘grep_source_load_file’
git-2.52.0/grep.c:1951:12: branch_false: following ‘false’ branch...
git-2.52.0/grep.c:1957:14: branch_false: ...to here
git-2.52.0/grep.c:1957:12: branch_false: following ‘false’ branch...
git-2.52.0/grep.c:1959:24: branch_false: ...to here
git-2.52.0/grep.c:1959:16: call_function: inlined call to ‘xsize_t’ from ‘grep_source_load_file’
git-2.52.0/grep.c:1960:13: acquire_resource: opened here
git-2.52.0/grep.c:1961:12: branch_false: following ‘false’ branch...
git-2.52.0/grep.c:1963:16: branch_false: ...to here
git-2.52.0/grep.c:1964:27: throw: if ‘read_in_full’ throws an exception...
git-2.52.0/grep.c:1964:13: danger: ‘open(filename, 0)’ leaks here; was opened at [(9)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/8)
# 1962|   		goto err_ret;
# 1963|   	data = xmallocz(size);
# 1964|-> 	if (st.st_size != read_in_full(i, data, size)) {
# 1965|   		error_errno(_("'%s': short read"), filename);
# 1966|   		close(i);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def342]
git-2.52.0/help.c:261:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(path)’
git-2.52.0/help.c:639:7: enter_function: entry to ‘help_unknown_cmd’
git-2.52.0/help.c:655:12: branch_false: following ‘false’ branch...
git-2.52.0/help.c:660:9: branch_false: ...to here
git-2.52.0/help.c:660:9: call_function: calling ‘load_command_list’ from ‘help_unknown_cmd’
#  259|   		prefix = "git-";
#  260|   
#  261|-> 	strbuf_addf(&buf, "%s/", path);
#  262|   	len = buf.len;
#  263|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def343]
git-2.52.0/help.c:262:15: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(path)’
git-2.52.0/help.c:639:7: enter_function: entry to ‘help_unknown_cmd’
git-2.52.0/help.c:655:12: branch_false: following ‘false’ branch...
git-2.52.0/help.c:660:9: branch_false: ...to here
git-2.52.0/help.c:660:9: call_function: calling ‘load_command_list’ from ‘help_unknown_cmd’
#  260|   
#  261|   	strbuf_addf(&buf, "%s/", path);
#  262|-> 	len = buf.len;
#  263|   
#  264|   	while ((de = readdir(dir)) != NULL) {

Error: COMPILER_WARNING (CWE-704): [#def344]
git-2.52.0/help.c: scope_hint: In function ‘append_similar_ref’
git-2.52.0/help.c:859:24: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  859 |         char *branch = strrchr(refname, '/') + 1;
#      |                        ^~~~~~~
#  857|   {
#  858|   	struct similar_ref_cb *cb = (struct similar_ref_cb *)(cb_data);
#  859|-> 	char *branch = strrchr(refname, '/') + 1;
#  860|   
#  861|   	/* A remote branch of the same name is deemed similar */

Error: COMPILER_WARNING (CWE-704): [#def345]
git-2.52.0/help.c:859:24: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  857|   {
#  858|   	struct similar_ref_cb *cb = (struct similar_ref_cb *)(cb_data);
#  859|-> 	char *branch = strrchr(refname, '/') + 1;
#  860|   
#  861|   	/* A remote branch of the same name is deemed similar */

Error: GCC_ANALYZER_WARNING (CWE-404): [#def346]
git-2.52.0/hook.c:191:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/hook.c:189:9: acquire_resource: ‘va_start’ called here
git-2.52.0/hook.c:190:16: branch_true: following ‘true’ branch (when ‘arg’ is non-NULL)...
git-2.52.0/hook.c:191:17: branch_true: ...to here
git-2.52.0/hook.c:191:17: throw: if ‘strvec_push’ throws an exception...
git-2.52.0/hook.c:191:17: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  189|   	va_start(ap, hook_name);
#  190|   	while ((arg = va_arg(ap, const char *)))
#  191|-> 		strvec_push(&opt.args, arg);
#  192|   	va_end(ap);
#  193|   

Error: COMPILER_WARNING (CWE-704): [#def347]
git-2.52.0/http-push.c: scope_hint: In function ‘cmd_main’
git-2.52.0/http-push.c:1770:38: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
# 1770 |                         char *path = strstr(arg, "//");
#      |                                      ^~~~~~
# 1768|   		}
# 1769|   		if (!repo->url) {
# 1770|-> 			char *path = strstr(arg, "//");
# 1771|   			str_end_url_with_slash(arg, &repo->url);
# 1772|   			repo->path_len = strlen(repo->url);

Error: COMPILER_WARNING (CWE-704): [#def348]
git-2.52.0/http-push.c:1770:38: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
# 1768|   		}
# 1769|   		if (!repo->url) {
# 1770|-> 			char *path = strstr(arg, "//");
# 1771|   			str_end_url_with_slash(arg, &repo->url);
# 1772|   			repo->path_len = strlen(repo->url);

Error: COMPILER_WARNING (CWE-704): [#def349]
git-2.52.0/http.c: scope_hint: In function ‘redact_sensitive_header’
git-2.52.0/http.c:755:43: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  755 |                         char *semicolon = strstr(cookie, "; ");
#      |                                           ^~~~~~
#  753|   		while (cookie) {
#  754|   			char *equals;
#  755|-> 			char *semicolon = strstr(cookie, "; ");
#  756|   			if (semicolon)
#  757|   				*semicolon = 0;

Error: COMPILER_WARNING (CWE-704): [#def350]
git-2.52.0/http.c:755:43: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  753|   		while (cookie) {
#  754|   			char *equals;
#  755|-> 			char *semicolon = strstr(cookie, "; ");
#  756|   			if (semicolon)
#  757|   				*semicolon = 0;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def351]
git-2.52.0/http.c:2721:37: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(prevfile.buf, 0)’
git-2.52.0/http.c:2657:29: enter_function: entry to ‘new_http_object_request’
git-2.52.0/http.c:2702:12: branch_false: following ‘false’ branch...
git-2.52.0/http.c:2708:9: branch_false: ...to here
git-2.52.0/http.c:2712:21: call_function: calling ‘get_remote_object_url’ from ‘new_http_object_request’
git-2.52.0/http.c:2712:21: return_function: returning to ‘new_http_object_request’ from ‘get_remote_object_url’
git-2.52.0/http.c:2718:21: acquire_resource: opened here
git-2.52.0/http.c:2719:12: branch_true: following ‘true’ branch...
git-2.52.0/http.c:2719:12: branch_true: ...to here
git-2.52.0/http.c:2721:37: throw: if ‘xread’ throws an exception...
git-2.52.0/http.c:2721:37: danger: ‘open(prevfile.buf, 0)’ leaks here; was opened at [(12)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/11)
# 2719|   	if (prevlocal != -1) {
# 2720|   		do {
# 2721|-> 			prev_read = xread(prevlocal, prev_buf, PREV_BUF_SIZE);
# 2722|   			if (prev_read>0) {
# 2723|   				if (fwrite_sha1_file(prev_buf,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def352]
git-2.52.0/imap-send.c:460:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘s’
git-2.52.0/imap-send.c:1779:5: enter_function: entry to ‘cmd_main’
git-2.52.0/imap-send.c:1794:12: branch_false: following ‘false’ branch...
git-2.52.0/imap-send.c:1799:12: branch_false: ...to here
git-2.52.0/imap-send.c:1799:12: branch_false: following ‘false’ branch...
git-2.52.0/imap-send.c:1814:14: branch_false: ...to here
git-2.52.0/imap-send.c:1817:12: branch_false: following ‘false’ branch...
git-2.52.0/imap-send.c:1828:13: branch_false: ...to here
git-2.52.0/imap-send.c:1828:12: branch_true: following ‘true’ branch...
git-2.52.0/imap-send.c:1829:21: branch_true: ...to here
git-2.52.0/imap-send.c:1829:20: branch_true: following ‘true’ branch...
git-2.52.0/imap-send.c:1830:31: branch_true: ...to here
git-2.52.0/imap-send.c:1830:31: call_function: calling ‘list_imap_folders’ from ‘cmd_main’
#  458|   		vprintf(msg, va);
#  459|   		va_end(va);
#  460|-> 		fflush(stdout);
#  461|   	}
#  462|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def353]
git-2.52.0/imap-send.c:515:15: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/imap-send.c:1779:5: enter_function: entry to ‘cmd_main’
git-2.52.0/imap-send.c:1794:12: branch_false: following ‘false’ branch...
git-2.52.0/imap-send.c:1799:12: branch_false: ...to here
git-2.52.0/imap-send.c:1799:12: branch_false: following ‘false’ branch...
git-2.52.0/imap-send.c:1814:14: branch_false: ...to here
git-2.52.0/imap-send.c:1817:12: branch_false: following ‘false’ branch...
git-2.52.0/imap-send.c:1828:13: branch_false: ...to here
git-2.52.0/imap-send.c:1828:12: branch_true: following ‘true’ branch...
git-2.52.0/imap-send.c:1829:21: branch_true: ...to here
git-2.52.0/imap-send.c:1829:20: branch_true: following ‘true’ branch...
git-2.52.0/imap-send.c:1830:31: branch_true: ...to here
git-2.52.0/imap-send.c:1830:31: call_function: calling ‘list_imap_folders’ from ‘cmd_main’
#  513|   	struct strbuf buf = STRBUF_INIT;
#  514|   
#  515|-> 	cmd = xmalloc(sizeof(struct imap_cmd));
#  516|   	cmd->cmd = xstrvfmt(fmt, ap);
#  517|   	cmd->tag = ++imap->nexttag;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def354]
git-2.52.0/imap-send.c:516:20: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/imap-send.c:1779:5: enter_function: entry to ‘cmd_main’
git-2.52.0/imap-send.c:1794:12: branch_false: following ‘false’ branch...
git-2.52.0/imap-send.c:1799:12: branch_false: ...to here
git-2.52.0/imap-send.c:1799:12: branch_false: following ‘false’ branch...
git-2.52.0/imap-send.c:1814:14: branch_false: ...to here
git-2.52.0/imap-send.c:1817:12: branch_false: following ‘false’ branch...
git-2.52.0/imap-send.c:1828:13: branch_false: ...to here
git-2.52.0/imap-send.c:1828:12: branch_true: following ‘true’ branch...
git-2.52.0/imap-send.c:1829:21: branch_true: ...to here
git-2.52.0/imap-send.c:1829:20: branch_true: following ‘true’ branch...
git-2.52.0/imap-send.c:1830:31: branch_true: ...to here
git-2.52.0/imap-send.c:1830:31: call_function: calling ‘list_imap_folders’ from ‘cmd_main’
#  514|   
#  515|   	cmd = xmalloc(sizeof(struct imap_cmd));
#  516|-> 	cmd->cmd = xstrvfmt(fmt, ap);
#  517|   	cmd->tag = ++imap->nexttag;
#  518|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def355]
git-2.52.0/imap-send.c:1193:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘s’
git-2.52.0/imap-send.c:1779:5: enter_function: entry to ‘cmd_main’
git-2.52.0/imap-send.c:1794:12: branch_false: following ‘false’ branch...
git-2.52.0/imap-send.c:1799:12: branch_false: ...to here
git-2.52.0/imap-send.c:1799:12: branch_false: following ‘false’ branch...
git-2.52.0/imap-send.c:1814:14: branch_false: ...to here
git-2.52.0/imap-send.c:1817:12: branch_false: following ‘false’ branch...
git-2.52.0/imap-send.c:1828:13: branch_false: ...to here
git-2.52.0/imap-send.c:1828:12: branch_true: following ‘true’ branch...
git-2.52.0/imap-send.c:1829:21: branch_true: ...to here
git-2.52.0/imap-send.c:1829:20: branch_true: following ‘true’ branch...
git-2.52.0/imap-send.c:1830:31: branch_true: ...to here
git-2.52.0/imap-send.c:1830:31: call_function: calling ‘list_imap_folders’ from ‘cmd_main’
# 1191|   				continue;
# 1192|   
# 1193|-> 			getnameinfo(ai->ai_addr, ai->ai_addrlen, addr,
# 1194|   				    sizeof(addr), NULL, 0, NI_NUMERICHOST);
# 1195|   			imap_info("Connecting to [%s]:%s... ", addr, portstr);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def356]
git-2.52.0/imap-send.c:1197:29: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘s’
git-2.52.0/imap-send.c:1779:5: enter_function: entry to ‘cmd_main’
git-2.52.0/imap-send.c:1794:12: branch_false: following ‘false’ branch...
git-2.52.0/imap-send.c:1799:12: branch_false: ...to here
git-2.52.0/imap-send.c:1799:12: branch_false: following ‘false’ branch...
git-2.52.0/imap-send.c:1814:14: branch_false: ...to here
git-2.52.0/imap-send.c:1817:12: branch_false: following ‘false’ branch...
git-2.52.0/imap-send.c:1828:13: branch_false: ...to here
git-2.52.0/imap-send.c:1828:12: branch_true: following ‘true’ branch...
git-2.52.0/imap-send.c:1829:21: branch_true: ...to here
git-2.52.0/imap-send.c:1829:20: branch_true: following ‘true’ branch...
git-2.52.0/imap-send.c:1830:31: branch_true: ...to here
git-2.52.0/imap-send.c:1830:31: call_function: calling ‘list_imap_folders’ from ‘cmd_main’
# 1195|   			imap_info("Connecting to [%s]:%s... ", addr, portstr);
# 1196|   
# 1197|-> 			if (connect(s, ai->ai_addr, ai->ai_addrlen) < 0) {
# 1198|   				close(s);
# 1199|   				s = -1;

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def357]
git-2.52.0/loose.c:201:9: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘open(path.buf, 1089, 438)’
git-2.52.0/loose.c:169:12: enter_function: entry to ‘write_one_object’
git-2.52.0/loose.c:182:12: branch_false: following ‘false’ branch...
git-2.52.0/loose.c:184:13: branch_false: ...to here
git-2.52.0/loose.c:184:12: branch_false: following ‘false’ branch...
git-2.52.0/loose.c:186:14: branch_false: ...to here
git-2.52.0/loose.c:190:12: branch_false: following ‘false’ branch...
git-2.52.0/loose.c:192:13: branch_false: ...to here
git-2.52.0/loose.c:192:13: release_resource: first ‘close’ here
git-2.52.0/loose.c:192:12: branch_true: following ‘true’ branch...
git-2.52.0/loose.c:193:17: branch_true: ...to here
git-2.52.0/loose.c:200:9: call_function: calling ‘_’ from ‘write_one_object’
git-2.52.0/loose.c:200:9: return_function: returning to ‘write_one_object’ from ‘_’
git-2.52.0/loose.c:201:9: danger: second ‘close’ here; first ‘close’ was at [(8)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/7)
#  199|   errout:
#  200|   	error_errno(_("failed to write loose object index %s"), path.buf);
#  201|-> 	close(fd);
#  202|   	rollback_lock_file(&lock);
#  203|   	strbuf_release(&buf);

Error: COMPILER_WARNING (CWE-704): [#def358]
git-2.52.0/mailinfo.c: scope_hint: In function ‘output_header_lines’
git-2.52.0/mailinfo.c:1144:28: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
# 1144 |                 char *ep = strchr(sp, '\n');
#      |                            ^~~~~~
# 1142|   	const char *sp = data->buf;
# 1143|   	while (1) {
# 1144|-> 		char *ep = strchr(sp, '\n');
# 1145|   		int len;
# 1146|   		if (!ep)

Error: COMPILER_WARNING (CWE-704): [#def359]
git-2.52.0/mailinfo.c:1144:28: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
# 1142|   	const char *sp = data->buf;
# 1143|   	while (1) {
# 1144|-> 		char *ep = strchr(sp, '\n');
# 1145|   		int len;
# 1146|   		if (!ep)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def360]
git-2.52.0/mailmap.c:165:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
git-2.52.0/mailmap.c:212:5: enter_function: entry to ‘read_mailmap’
git-2.52.0/mailmap.c:223:24: call_function: calling ‘read_mailmap_file’ from ‘read_mailmap’
#  163|   		return error_errno("unable to open mailmap at %s", filename);
#  164|   	}
#  165|-> 	f = xfdopen(fd, "r");
#  166|   
#  167|   	while (fgets(buffer, sizeof(buffer), f) != NULL)

Error: COMPILER_WARNING (CWE-704): [#def361]
git-2.52.0/mem-pool.c: scope_hint: In function ‘mem_pool_strndup’
git-2.52.0/mem-pool.c:172:19: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  172 |         char *p = memchr(str, '\0', len);
#      |                   ^~~~~~
#  170|   char *mem_pool_strndup(struct mem_pool *pool, const char *str, size_t len)
#  171|   {
#  172|-> 	char *p = memchr(str, '\0', len);
#  173|   	size_t actual_len = (p ? p - str : len);
#  174|   	char *ret = mem_pool_alloc(pool, actual_len+1);

Error: COMPILER_WARNING (CWE-704): [#def362]
git-2.52.0/mem-pool.c:172:19: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  170|   char *mem_pool_strndup(struct mem_pool *pool, const char *str, size_t len)
#  171|   {
#  172|-> 	char *p = memchr(str, '\0', len);
#  173|   	size_t actual_len = (p ? p - str : len);
#  174|   	char *ret = mem_pool_alloc(pool, actual_len+1);

Error: COMPILER_WARNING (CWE-704): [#def363]
git-2.52.0/merge-ort.c: scope_hint: In function ‘apply_directory_rename_modifications’
git-2.52.0/merge-ort.c:2701:36: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
# 2701 |                 char *last_slash = strrchr(cur_path, '/');
#      |                                    ^~~~~~~
# 2699|   	while (1) {
# 2700|   		/* Find the parent directory of cur_path */
# 2701|-> 		char *last_slash = strrchr(cur_path, '/');
# 2702|   		if (last_slash) {
# 2703|   			parent_name = mem_pool_strndup(&opt->priv->pool,

Error: GCC_ANALYZER_WARNING (CWE-1341): [#def364]
git-2.52.0/midx.c:225:17: warning[-Wanalyzer-fd-double-close]: double ‘close’ of file descriptor ‘git_open_cloexec(midx_name, 0)’
git-2.52.0/midx.c:102:33: enter_function: entry to ‘load_multi_pack_index_one’
git-2.52.0/midx.c:118:12: branch_false: following ‘false’ branch...
git-2.52.0/midx.c:120:13: branch_false: ...to here
git-2.52.0/midx.c:120:12: branch_false: following ‘false’ branch...
git-2.52.0/midx.c:125:29: branch_false: ...to here
git-2.52.0/midx.c:125:21: call_function: inlined call to ‘xsize_t’ from ‘load_multi_pack_index_one’
git-2.52.0/midx.c:127:12: branch_false: following ‘false’ branch...
git-2.52.0/midx.c:132:20: branch_false: ...to here
git-2.52.0/midx.c:133:9: release_resource: first ‘close’ here
git-2.52.0/midx.c:141:12: branch_false: following ‘false’ branch...
git-2.52.0/midx.c:145:22: branch_false: ...to here
git-2.52.0/midx.c:146:12: branch_false: following ‘false’ branch...
git-2.52.0/midx.c:150:24: branch_false: ...to here
git-2.52.0/midx.c:152:17: call_function: calling ‘_’ from ‘load_multi_pack_index_one’
git-2.52.0/midx.c:152:17: return_function: returning to ‘load_multi_pack_index_one’ from ‘_’
git-2.52.0/midx.c:222:12: branch_true: following ‘true’ branch (when ‘midx_map’ is non-NULL)...
git-2.52.0/midx.c:223:17: branch_true: ...to here
git-2.52.0/midx.c:224:12: branch_true: following ‘true’ branch...
git-2.52.0/midx.c:225:17: branch_true: ...to here
git-2.52.0/midx.c:225:17: danger: second ‘close’ here; first ‘close’ was at [(11)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/10)
#  223|   		munmap(midx_map, midx_size);
#  224|   	if (0 <= fd)
#  225|-> 		close(fd);
#  226|   	return NULL;
#  227|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def365]
git-2.52.0/object-file.c:1612:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(path, 0)’
git-2.52.0/object-file.c:1637:5: enter_function: entry to ‘index_path’
git-2.52.0/object-file.c:1646:22: acquire_resource: opened here
git-2.52.0/object-file.c:1647:20: branch_false: following ‘false’ branch...
git-2.52.0/object-file.c:1649:21: branch_false: ...to here
git-2.52.0/object-file.c:1649:21: call_function: calling ‘index_fd’ from ‘index_path’
# 1610|   	 * die() for large files.
# 1611|   	 */
# 1612|-> 	if (type == OBJ_BLOB && path && would_convert_to_git_filter_fd(istate, path)) {
# 1613|   		ret = index_stream_convert_blob(istate, oid, fd, path, flags);
# 1614|   	} else if (!S_ISREG(st->st_mode)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def366]
git-2.52.0/object-file.c:1715:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(*path.buf)’
git-2.52.0/object-file.c:1686:12: enter_function: entry to ‘for_each_file_in_obj_subdir’
git-2.52.0/object-file.c:1700:12: branch_false: following ‘false’ branch (when ‘subdir_nr <= 255’)...
git-2.52.0/object-file.c:1703:9: branch_false: ...to here
git-2.52.0/object-file.c:1707:15: acquire_memory: allocated here
git-2.52.0/object-file.c:1708:12: branch_false: following ‘false’ branch...
git-2.52.0/object-file.c:1715:9: branch_false: ...to here
git-2.52.0/object-file.c:1716:9: call_function: calling ‘strbuf_addch’ from ‘for_each_file_in_obj_subdir’
# 1713|   	}
# 1714|   
# 1715|-> 	oid.hash[0] = subdir_nr;
# 1716|   	strbuf_addch(path, '/');
# 1717|   	baselen = path->len;

Error: COMPILER_WARNING (CWE-704): [#def367]
git-2.52.0/object-name.c: scope_hint: In function ‘repo_interpret_branch_name’
git-2.52.0/object-name.c:1782:18: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1782 |              (at = memchr(start, '@', namelen - (start - name)));
#      |                  ^
# 1780|   
# 1781|   	for (start = name;
# 1782|-> 	     (at = memchr(start, '@', namelen - (start - name)));
# 1783|   	     start = at + 1) {
# 1784|   

Error: COMPILER_WARNING (CWE-704): [#def368]
git-2.52.0/object-name.c:1782:18: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1780|   
# 1781|   	for (start = name;
# 1782|-> 	     (at = memchr(start, '@', namelen - (start - name)));
# 1783|   	     start = at + 1) {
# 1784|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def369]
git-2.52.0/oss-fuzz/fuzz-credential-from-url-gently.c:24:9: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
git-2.52.0/oss-fuzz/fuzz-credential-from-url-gently.c:16:15: acquire_memory: allocated here
git-2.52.0/oss-fuzz/fuzz-credential-from-url-gently.c:17:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
git-2.52.0/oss-fuzz/fuzz-credential-from-url-gently.c:20:9: branch_false: ...to here
git-2.52.0/oss-fuzz/fuzz-credential-from-url-gently.c:24:9: throw: if ‘credential_init’ throws an exception...
git-2.52.0/oss-fuzz/fuzz-credential-from-url-gently.c:24:9: danger: ‘buf’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   22|   
#   23|   	// start fuzzing
#   24|-> 	credential_init(&c);
#   25|   	credential_from_url_gently(&c, buf, 1);
#   26|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def370]
git-2.52.0/oss-fuzz/fuzz-credential-from-url-gently.c:25:9: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
git-2.52.0/oss-fuzz/fuzz-credential-from-url-gently.c:16:15: acquire_memory: allocated here
git-2.52.0/oss-fuzz/fuzz-credential-from-url-gently.c:17:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
git-2.52.0/oss-fuzz/fuzz-credential-from-url-gently.c:20:9: branch_false: ...to here
git-2.52.0/oss-fuzz/fuzz-credential-from-url-gently.c:25:9: throw: if ‘credential_from_url_gently’ throws an exception...
git-2.52.0/oss-fuzz/fuzz-credential-from-url-gently.c:25:9: danger: ‘buf’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#   23|   	// start fuzzing
#   24|   	credential_init(&c);
#   25|-> 	credential_from_url_gently(&c, buf, 1);
#   26|   
#   27|   	// cleanup

Error: GCC_ANALYZER_WARNING (CWE-401): [#def371]
git-2.52.0/oss-fuzz/fuzz-credential-from-url-gently.c:28:9: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
git-2.52.0/oss-fuzz/fuzz-credential-from-url-gently.c:16:15: acquire_memory: allocated here
git-2.52.0/oss-fuzz/fuzz-credential-from-url-gently.c:17:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
git-2.52.0/oss-fuzz/fuzz-credential-from-url-gently.c:20:9: branch_false: ...to here
git-2.52.0/oss-fuzz/fuzz-credential-from-url-gently.c:28:9: throw: if ‘credential_clear’ throws an exception...
git-2.52.0/oss-fuzz/fuzz-credential-from-url-gently.c:28:9: danger: ‘buf’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#   26|   
#   27|   	// cleanup
#   28|-> 	credential_clear(&c);
#   29|   	free(buf);
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def372]
git-2.52.0/oss-fuzz/fuzz-parse-attr-line.c:24:15: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
git-2.52.0/oss-fuzz/fuzz-parse-attr-line.c:17:15: acquire_memory: allocated here
git-2.52.0/oss-fuzz/fuzz-parse-attr-line.c:18:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
git-2.52.0/oss-fuzz/fuzz-parse-attr-line.c:21:9: branch_false: ...to here
git-2.52.0/oss-fuzz/fuzz-parse-attr-line.c:24:15: throw: if ‘parse_attr_line’ throws an exception...
git-2.52.0/oss-fuzz/fuzz-parse-attr-line.c:24:15: danger: ‘buf’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   22|   	buf[size] = 0;
#   23|   
#   24|-> 	res = parse_attr_line(buf, "dummy", 0, 0);
#   25|   
#   26|   	if (res) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def373]
git-2.52.0/oss-fuzz/fuzz-url-decode-mem.c:25:13: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
git-2.52.0/oss-fuzz/fuzz-url-decode-mem.c:17:15: acquire_memory: allocated here
git-2.52.0/oss-fuzz/fuzz-url-decode-mem.c:18:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
git-2.52.0/oss-fuzz/fuzz-url-decode-mem.c:21:9: branch_false: ...to here
git-2.52.0/oss-fuzz/fuzz-url-decode-mem.c:25:13: throw: if ‘url_decode’ throws an exception...
git-2.52.0/oss-fuzz/fuzz-url-decode-mem.c:25:13: danger: ‘buf’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   23|   
#   24|   	// start fuzzing
#   25|-> 	r = url_decode(buf);
#   26|   	free(r);
#   27|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def374]
git-2.52.0/oss-fuzz/fuzz-url-decode-mem.c:28:13: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
git-2.52.0/oss-fuzz/fuzz-url-decode-mem.c:17:15: acquire_memory: allocated here
git-2.52.0/oss-fuzz/fuzz-url-decode-mem.c:18:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
git-2.52.0/oss-fuzz/fuzz-url-decode-mem.c:21:9: branch_false: ...to here
git-2.52.0/oss-fuzz/fuzz-url-decode-mem.c:28:13: throw: if ‘url_percent_decode’ throws an exception...
git-2.52.0/oss-fuzz/fuzz-url-decode-mem.c:28:13: danger: ‘buf’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#   26|   	free(r);
#   27|   
#   28|-> 	r = url_percent_decode(buf);
#   29|   	free(r);
#   30|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def375]
git-2.52.0/oss-fuzz/fuzz-url-decode-mem.c:32:13: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
git-2.52.0/oss-fuzz/fuzz-url-decode-mem.c:17:15: acquire_memory: allocated here
git-2.52.0/oss-fuzz/fuzz-url-decode-mem.c:18:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
git-2.52.0/oss-fuzz/fuzz-url-decode-mem.c:21:9: branch_false: ...to here
git-2.52.0/oss-fuzz/fuzz-url-decode-mem.c:32:13: throw: if ‘url_decode_parameter_name’ throws an exception...
git-2.52.0/oss-fuzz/fuzz-url-decode-mem.c:32:13: danger: ‘buf’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#   30|   
#   31|   	pbuf = (const char*) buf;
#   32|-> 	r = url_decode_parameter_name(&pbuf);
#   33|   	free(r);
#   34|   

Error: COMPILER_WARNING (CWE-704): [#def376]
git-2.52.0/pack-revindex.c: scope_hint: In function ‘midx_key_to_pack_pos’
git-2.52.0/pack-revindex.c:564:15: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  564 |         found = bsearch(key, m->revindex_data, m->num_objects,
#      |               ^
#  562|   		return error(_("could not determine preferred pack"));
#  563|   
#  564|-> 	found = bsearch(key, m->revindex_data, m->num_objects,
#  565|   			sizeof(*m->revindex_data),
#  566|   			midx_pack_order_cmp);

Error: COMPILER_WARNING (CWE-704): [#def377]
git-2.52.0/pack-revindex.c:564:15: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  562|   		return error(_("could not determine preferred pack"));
#  563|   
#  564|-> 	found = bsearch(key, m->revindex_data, m->num_objects,
#  565|   			sizeof(*m->revindex_data),
#  566|   			midx_pack_order_cmp);

Error: GCC_ANALYZER_WARNING: [#def378]
git-2.52.0/pager.c:55:9: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘1’
git-2.52.0/pager.c:47:6: enter_function: entry to ‘wait_for_pager’
git-2.52.0/pager.c:49:12: branch_false: following ‘false’ branch...
git-2.52.0/pager.c:52:9: branch_false: ...to here
git-2.52.0/pager.c:52:9: call_function: calling ‘finish_pager’ from ‘wait_for_pager’
git-2.52.0/pager.c:52:9: return_function: returning to ‘wait_for_pager’ from ‘finish_pager’
git-2.52.0/pager.c:55:9: danger: ‘1’ could be invalid
#   53|   	sigchain_pop_common();
#   54|   	unsetenv("GIT_PAGER_IN_USE");
#   55|-> 	dup2(old_fd1, 1);
#   56|   	close(old_fd1);
#   57|   	old_fd1 = -1;

Error: GCC_ANALYZER_WARNING: [#def379]
git-2.52.0/pager.c:59:17: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘2’
git-2.52.0/pager.c:47:6: enter_function: entry to ‘wait_for_pager’
git-2.52.0/pager.c:49:12: branch_false: following ‘false’ branch...
git-2.52.0/pager.c:52:9: branch_false: ...to here
git-2.52.0/pager.c:52:9: call_function: calling ‘finish_pager’ from ‘wait_for_pager’
git-2.52.0/pager.c:52:9: return_function: returning to ‘wait_for_pager’ from ‘finish_pager’
git-2.52.0/pager.c:58:12: branch_true: following ‘true’ branch...
git-2.52.0/pager.c:59:17: branch_true: ...to here
git-2.52.0/pager.c:59:17: danger: ‘2’ could be invalid
#   57|   	old_fd1 = -1;
#   58|   	if (old_fd2 != -1) {
#   59|-> 		dup2(old_fd2, 2);
#   60|   		close(old_fd2);
#   61|   		old_fd2 = -1;

Error: COMPILER_WARNING (CWE-704): [#def380]
git-2.52.0/pager.c: scope_hint: In function ‘setup_pager_env’
git-2.52.0/pager.c:121:28: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  121 |                 char *cp = strchr(argv[i], '=');
#      |                            ^~~~~~
#  119|   
#  120|   	for (i = 0; i < n; i++) {
#  121|-> 		char *cp = strchr(argv[i], '=');
#  122|   
#  123|   		if (!cp)

Error: COMPILER_WARNING (CWE-704): [#def381]
git-2.52.0/pager.c:121:28: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  119|   
#  120|   	for (i = 0; i < n; i++) {
#  121|-> 		char *cp = strchr(argv[i], '=');
#  122|   
#  123|   		if (!cp)

Error: GCC_ANALYZER_WARNING (CWE-404): [#def382]
git-2.52.0/parse-options.c:1499:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/parse-options.c:1498:9: acquire_resource: ‘va_start’ called here
git-2.52.0/parse-options.c:1499:9: throw: if ‘strbuf_vaddf’ throws an exception...
git-2.52.0/parse-options.c:1499:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
# 1497|   	va_list ap;
# 1498|   	va_start(ap, options);
# 1499|-> 	strbuf_vaddf(&msg, fmt, ap);
# 1500|   	va_end(ap);
# 1501|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def383]
git-2.52.0/path.c:428:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/path.c:1683:1: enter_function: entry to ‘git_path_shallow’
git-2.52.0/path.c:1683:1: branch_true: following ‘true’ branch...
git-2.52.0/path.c:1683:1: branch_true: ...to here
git-2.52.0/path.c:1683:1: call_function: calling ‘repo_git_path’ from ‘git_path_shallow’
#  426|   		strbuf_addch(buf, '/');
#  427|   	gitdir_len = buf->len;
#  428|-> 	strbuf_vaddf(buf, fmt, args);
#  429|   	if (!wt)
#  430|   		adjust_git_path(repo, buf, gitdir_len);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def384]
git-2.52.0/pkt-line.c:154:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/pkt-line.c:693:6: enter_function: entry to ‘packet_writer_error’
git-2.52.0/pkt-line.c:697:9: acquire_resource: ‘va_start’ called here
git-2.52.0/pkt-line.c:698:9: call_function: calling ‘packet_write_fmt_1’ from ‘packet_writer_error’
#  152|   	strbuf_addstr(out, "0000");
#  153|   	strbuf_addstr(out, prefix);
#  154|-> 	strbuf_vaddf(out, fmt, args);
#  155|   	n = out->len - orig_len;
#  156|   

Error: COMPILER_WARNING (CWE-704): [#def385]
git-2.52.0/pkt-line.c: scope_hint: In function ‘find_packfile_uri_path’
git-2.52.0/pkt-line.c:401:14: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  401 |         path = strstr(buffer + len + 1, URI_MARK);
#      |              ^
#  399|   		return NULL; /* required "<hash>SP" not seen */
#  400|   
#  401|-> 	path = strstr(buffer + len + 1, URI_MARK);
#  402|   	if (!path)
#  403|   		return NULL;

Error: COMPILER_WARNING (CWE-704): [#def386]
git-2.52.0/pkt-line.c:401:14: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  399|   		return NULL; /* required "<hash>SP" not seen */
#  400|   
#  401|-> 	path = strstr(buffer + len + 1, URI_MARK);
#  402|   	if (!path)
#  403|   		return NULL;

Error: COMPILER_WARNING (CWE-704): [#def387]
git-2.52.0/pseudo-merge.c: scope_hint: In function ‘find_pseudo_merge’
git-2.52.0/pseudo-merge.c:650:16: warning[-Wdiscarded-qualifiers]: return discards ‘const’ qualifier from pointer target type
#  650 |         return bsearch(&pos, pm->commits, pm->commits_nr,
#      |                ^~~~~~~
#  648|   		return NULL;
#  649|   
#  650|-> 	return bsearch(&pos, pm->commits, pm->commits_nr,
#  651|   		       PSEUDO_MERGE_COMMIT_RAWSZ, pseudo_merge_commit_cmp);
#  652|   }

Error: COMPILER_WARNING (CWE-704): [#def388]
git-2.52.0/pseudo-merge.c:650:16: warning[-Wdiscarded-qualifiers]: return discards ‘const’ qualifier from pointer target type
#  648|   		return NULL;
#  649|   
#  650|-> 	return bsearch(&pos, pm->commits, pm->commits_nr,
#  651|   		       PSEUDO_MERGE_COMMIT_RAWSZ, pseudo_merge_commit_cmp);
#  652|   }

Error: COMPILER_WARNING (CWE-704): [#def389]
git-2.52.0/range-diff.c: scope_hint: In function ‘read_patches’
git-2.52.0/range-diff.c:109:50: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  109 |                         if (include_merges && (q = strstr(p, " (from ")))
#      |                                                  ^
#  107|   			}
#  108|   			CALLOC_ARRAY(util, 1);
#  109|-> 			if (include_merges && (q = strstr(p, " (from ")))
#  110|   				*q = '\0';
#  111|   			if (repo_get_oid(the_repository, p, &util->oid)) {

Error: COMPILER_WARNING (CWE-704): [#def390]
git-2.52.0/range-diff.c:109:50: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  107|   			}
#  108|   			CALLOC_ARRAY(util, 1);
#  109|-> 			if (include_merges && (q = strstr(p, " (from ")))
#  110|   				*q = '\0';
#  111|   			if (repo_get_oid(the_repository, p, &util->oid)) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def391]
git-2.52.0/range-diff.c:559:37: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘b_util’
git-2.52.0/range-diff.c:542:26: branch_true: following ‘true’ branch...
git-2.52.0/range-diff.c:542:38: branch_true: ...to here
git-2.52.0/range-diff.c:543:26: branch_true: following ‘true’ branch...
git-2.52.0/range-diff.c:543:38: branch_true: ...to here
git-2.52.0/range-diff.c:546:24: branch_true: following ‘true’ branch...
git-2.52.0/range-diff.c:546:37: branch_true: ...to here
git-2.52.0/range-diff.c:547:34: branch_true: following ‘true’ branch...
git-2.52.0/range-diff.c:547:48: branch_true: ...to here
git-2.52.0/range-diff.c:546:24: branch_true: following ‘true’ branch...
git-2.52.0/range-diff.c:546:37: branch_true: ...to here
git-2.52.0/range-diff.c:550:20: branch_true: following ‘true’ branch...
git-2.52.0/range-diff.c:550:34: branch_true: ...to here
git-2.52.0/range-diff.c:550:21: branch_false: following ‘false’ branch...
git-2.52.0/range-diff.c:550:21: branch_false: ...to here
git-2.52.0/range-diff.c:559:24: branch_true: following ‘true’ branch...
git-2.52.0/range-diff.c:560:28: branch_false: following ‘false’ branch...
git-2.52.0/range-diff.c:563:25: branch_false: ...to here
git-2.52.0/range-diff.c:559:24: branch_true: following ‘true’ branch...
git-2.52.0/range-diff.c:559:37: branch_true: ...to here
git-2.52.0/range-diff.c:559:37: danger: dereference of NULL ‘b_util’
#  557|   
#  558|   		/* Show unmatched RHS commits. */
#  559|-> 		while (j < b->nr && b_util->matching < 0) {
#  560|   			if (!range_diff_opts->left_only)
#  561|   				output_pair_header(&opts, patch_no_width,

Error: GCC_ANALYZER_WARNING (CWE-415): [#def392]
git-2.52.0/read-cache.c:3104:9: warning[-Wanalyzer-double-free]: double-‘free’ of ‘ieot’
git-2.52.0/read-cache.c:3313:5: enter_function: entry to ‘write_locked_index’
git-2.52.0/read-cache.c:3337:23: call_function: calling ‘do_write_locked_index’ from ‘write_locked_index’
# 3102|   	strbuf_release(&sb);
# 3103|   	free(eoie_c);
# 3104|-> 	free(ieot);
# 3105|   	return ret;
# 3106|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def393]
git-2.52.0/read-cache.h:42:31: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ce’
git-2.52.0/diff-lib.c:512:12: enter_function: entry to ‘oneway_diff’
git-2.52.0/diff-lib.c:525:12: branch_true: following ‘true’ branch...
git-2.52.0/diff-lib.c:525:12: branch_true: ...to here
git-2.52.0/diff-lib.c:528:13: branch_false: following ‘false’ branch (when ‘idx’ is NULL)...
git-2.52.0/diff-lib.c:528:13: branch_false: ...to here
git-2.52.0/diff-lib.c:528:13: call_function: calling ‘ce_path_match’ from ‘oneway_diff’
#   40|   {
#   41|   	return match_pathspec(istate, pathspec, ce->name, ce_namelen(ce), 0, seen,
#   42|-> 			      S_ISDIR(ce->ce_mode) || S_ISGITLINK(ce->ce_mode));
#   43|   }
#   44|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def394]
git-2.52.0/ref-filter.c:258:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/ref-filter.c:898:12: enter_function: entry to ‘ahead_behind_atom_parser’
git-2.52.0/ref-filter.c:903:24: call_function: calling ‘_’ from ‘ahead_behind_atom_parser’
git-2.52.0/ref-filter.c:903:24: return_function: returning to ‘ahead_behind_atom_parser’ from ‘_’
git-2.52.0/ref-filter.c:903:24: call_function: calling ‘strbuf_addf_ret’ from ‘ahead_behind_atom_parser’
#  256|   	va_list ap;
#  257|   	va_start(ap, fmt);
#  258|-> 	strbuf_vaddf(sb, fmt, ap);
#  259|   	va_end(ap);
#  260|   	return ret;

Error: COMPILER_WARNING (CWE-704): [#def395]
git-2.52.0/ref-filter.c: scope_hint: In function ‘rstrip_ref_components’
git-2.52.0/ref-filter.c:2169:27: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
# 2169 |                 char *p = strrchr(start, '/');
#      |                           ^~~~~~~
# 2167|   
# 2168|   	while (remaining-- > 0) {
# 2169|-> 		char *p = strrchr(start, '/');
# 2170|   		if (!p) {
# 2171|   			free((char *)to_free);

Error: COMPILER_WARNING (CWE-704): [#def396]
git-2.52.0/ref-filter.c:2169:27: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
# 2167|   
# 2168|   	while (remaining-- > 0) {
# 2169|-> 		char *p = strrchr(start, '/');
# 2170|   		if (!p) {
# 2171|   			free((char *)to_free);

Error: COMPILER_WARNING (CWE-704): [#def397]
git-2.52.0/reflog-walk.c: scope_hint: In function ‘add_reflog_for_walk’
git-2.52.0/reflog-walk.c:160:29: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  160 |         char *branch, *at = strchr(name, '@');
#      |                             ^~~~~~
#  158|   	struct string_list_item *item;
#  159|   	struct complete_reflogs *reflogs;
#  160|-> 	char *branch, *at = strchr(name, '@');
#  161|   	struct commit_reflog *commit_reflog;
#  162|   	enum selector_type selector = SELECTOR_NONE;

Error: COMPILER_WARNING (CWE-704): [#def398]
git-2.52.0/reflog-walk.c:160:29: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  158|   	struct string_list_item *item;
#  159|   	struct complete_reflogs *reflogs;
#  160|-> 	char *branch, *at = strchr(name, '@');
#  161|   	struct commit_reflog *commit_reflog;
#  162|   	enum selector_type selector = SELECTOR_NONE;

Error: GCC_ANALYZER_WARNING (CWE-126): [#def399]
git-2.52.0/refs.c:2601:31: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
git-2.52.0/refs.c:2733:28: enter_function: entry to ‘refs_verify_refname_available’
git-2.52.0/refs.c:2747:16: call_function: calling ‘refs_verify_refnames_available’ from ‘refs_verify_refname_available’
# 2599|   
# 2600|   	for_each_string_list_item(item, refnames) {
# 2601|-> 		const size_t *update_idx = (size_t *)item->util;
# 2602|   		const char *refname = item->string;
# 2603|   		const char *extra_refname;

Error: GCC_ANALYZER_WARNING (CWE-126): [#def400]
git-2.52.0/refs.c:2602:29: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
git-2.52.0/refs.c:2733:28: enter_function: entry to ‘refs_verify_refname_available’
git-2.52.0/refs.c:2747:16: call_function: calling ‘refs_verify_refnames_available’ from ‘refs_verify_refname_available’
# 2600|   	for_each_string_list_item(item, refnames) {
# 2601|   		const size_t *update_idx = (size_t *)item->util;
# 2602|-> 		const char *refname = item->string;
# 2603|   		const char *extra_refname;
# 2604|   		struct object_id oid;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def401]
git-2.52.0/refs/files-backend.c:374:22: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(path.buf)’
git-2.52.0/refs/files-backend.c:3701:12: enter_function: entry to ‘files_ref_store_remove_on_disk’
git-2.52.0/refs/files-backend.c:3705:17: call_function: calling ‘files_downcast’ from ‘files_ref_store_remove_on_disk’
git-2.52.0/refs/files-backend.c:3705:17: return_function: returning to ‘files_ref_store_remove_on_disk’ from ‘files_downcast’
git-2.52.0/refs/files-backend.c:3719:9: call_function: calling ‘strbuf_setlen’ from ‘files_ref_store_remove_on_disk’
git-2.52.0/refs/files-backend.c:3719:9: return_function: returning to ‘files_ref_store_remove_on_disk’ from ‘strbuf_setlen’
git-2.52.0/refs/files-backend.c:3727:9: call_function: calling ‘strbuf_setlen’ from ‘files_ref_store_remove_on_disk’
git-2.52.0/refs/files-backend.c:3727:9: return_function: returning to ‘files_ref_store_remove_on_disk’ from ‘strbuf_setlen’
git-2.52.0/refs/files-backend.c:3729:13: call_function: calling ‘for_each_root_ref’ from ‘files_ref_store_remove_on_disk’
#  372|   	dirnamelen = refname.len;
#  373|   
#  374|-> 	while ((de = readdir(d)) != NULL) {
#  375|   		unsigned char dtype;
#  376|   

Error: COMPILER_WARNING (CWE-704): [#def402]
git-2.52.0/refs/files-backend.c: scope_hint: In function ‘show_one_reflog_ent’
git-2.52.0/refs/files-backend.c:2211:25: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 2211 |             !(email_end = strchr(p, '>')) ||
#      |                         ^
# 2209|   	    parse_oid_hex_algop(p, &ooid, &p, refs->base.repo->hash_algo) || *p++ != ' ' ||
# 2210|   	    parse_oid_hex_algop(p, &noid, &p, refs->base.repo->hash_algo) || *p++ != ' ' ||
# 2211|-> 	    !(email_end = strchr(p, '>')) ||
# 2212|   	    email_end[1] != ' ' ||
# 2213|   	    !(timestamp = parse_timestamp(email_end + 2, &message, 10)) ||

Error: COMPILER_WARNING (CWE-704): [#def403]
git-2.52.0/refs/files-backend.c:2211:25: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 2209|   	    parse_oid_hex_algop(p, &ooid, &p, refs->base.repo->hash_algo) || *p++ != ' ' ||
# 2210|   	    parse_oid_hex_algop(p, &noid, &p, refs->base.repo->hash_algo) || *p++ != ' ' ||
# 2211|-> 	    !(email_end = strchr(p, '>')) ||
# 2212|   	    email_end[1] != ' ' ||
# 2213|   	    !(timestamp = parse_timestamp(email_end + 2, &message, 10)) ||

Error: GCC_ANALYZER_WARNING (CWE-476): [#def404]
git-2.52.0/refs/packed-backend.c:533:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
git-2.52.0/refs/packed-backend.c:2070:12: enter_function: entry to ‘packed_fsck’
git-2.52.0/refs/packed-backend.c:2074:41: call_function: calling ‘packed_downcast’ from ‘packed_fsck’
git-2.52.0/refs/packed-backend.c:2074:41: return_function: returning to ‘packed_fsck’ from ‘packed_downcast’
git-2.52.0/refs/packed-backend.c:2082:12: branch_false: following ‘false’ branch...
git-2.52.0/refs/packed-backend.c:2085:13: branch_false: ...to here
git-2.52.0/refs/packed-backend.c:2089:12: branch_false: following ‘false’ branch...
git-2.52.0/refs/packed-backend.c:2108:20: branch_false: ...to here
git-2.52.0/refs/packed-backend.c:2108:19: branch_false: following ‘false’ branch...
git-2.52.0/refs/packed-backend.c:2111:21: branch_false: ...to here
git-2.52.0/refs/packed-backend.c:2111:19: branch_false: following ‘false’ branch...
git-2.52.0/refs/packed-backend.c:2120:14: branch_false: ...to here
git-2.52.0/refs/packed-backend.c:2120:14: call_function: calling ‘allocate_snapshot_buffer’ from ‘packed_fsck’
#  531|   		bytes_read = read_in_full(fd, snapshot->buf, size);
#  532|   		if (bytes_read < 0 || bytes_read != size)
#  533|-> 			die_errno("couldn't read %s", snapshot->refs->path);
#  534|   		snapshot->mmapped = 0;
#  535|   	} else {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def405]
git-2.52.0/refs/packed-backend.c:574:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(*snapshot_14(D)->refs.path, 0)’
git-2.52.0/refs/packed-backend.c:558:14: acquire_resource: opened here
git-2.52.0/refs/packed-backend.c:559:12: branch_false: following ‘false’ branch...
git-2.52.0/refs/packed-backend.c:574:9: branch_false: ...to here
git-2.52.0/refs/packed-backend.c:574:9: throw: if ‘stat_validity_update’ throws an exception...
git-2.52.0/refs/packed-backend.c:574:9: danger: ‘open(*snapshot_14(D)->refs.path, 0)’ leaks here; was opened at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  572|   	}
#  573|   
#  574|-> 	stat_validity_update(&snapshot->validity, fd);
#  575|   
#  576|   	if (fstat(fd, &st) < 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def406]
git-2.52.0/reftable/basics.c:23:24: warning[-Wanalyzer-malloc-leak]: leak of ‘names’
git-2.52.0/reftable/basics.c:198:5: enter_function: entry to ‘parse_names’
git-2.52.0/reftable/basics.c:207:16: branch_true: following ‘true’ branch (when ‘p < end’)...
git-2.52.0/reftable/basics.c:208:30: branch_true: ...to here
git-2.52.0/reftable/basics.c:209:20: branch_false: following ‘false’ branch (when ‘next’ is non-NULL)...
git-2.52.0/reftable/basics.c:212:27: branch_false: ...to here
git-2.52.0/reftable/basics.c:212:27: branch_true: following ‘true’ branch (when ‘end > next’)...
git-2.52.0/reftable/basics.c:213:25: branch_true: ...to here
git-2.52.0/reftable/basics.c:218:20: branch_true: following ‘true’ branch (when ‘p < next’)...
git-2.52.0/reftable/basics.c:219:29: branch_true: ...to here
git-2.52.0/reftable/basics.c:219:28: branch_true: following ‘true’ branch...
git-2.52.0/reftable/basics.c:219:29: branch_true: ...to here
git-2.52.0/reftable/basics.c:219:29: call_function: calling ‘reftable_alloc_grow’ from ‘parse_names’
git-2.52.0/reftable/basics.c:219:29: return_function: returning to ‘parse_names’ from ‘reftable_alloc_grow’
git-2.52.0/reftable/basics.c:219:29: branch_false: following ‘false’ branch...
git-2.52.0/reftable/basics.c:225:30: branch_false: ...to here
git-2.52.0/reftable/basics.c:225:44: call_function: calling ‘reftable_strdup’ from ‘parse_names’
#   21|   		return NULL;
#   22|   	if (reftable_malloc_ptr)
#   23|-> 		return (*reftable_malloc_ptr)(sz);
#   24|   	return malloc(sz);
#   25|   }

Error: GCC_ANALYZER_WARNING (CWE-122): [#def407]
git-2.52.0/reftable/basics.c:238:9: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
git-2.52.0/reftable/basics.c:198:5: enter_function: entry to ‘parse_names’
git-2.52.0/reftable/basics.c:207:16: branch_true: following ‘true’ branch (when ‘p < end’)...
git-2.52.0/reftable/basics.c:208:30: branch_true: ...to here
git-2.52.0/reftable/basics.c:209:20: branch_false: following ‘false’ branch (when ‘next’ is non-NULL)...
git-2.52.0/reftable/basics.c:212:27: branch_false: ...to here
git-2.52.0/reftable/basics.c:212:27: branch_true: following ‘true’ branch (when ‘end > next’)...
git-2.52.0/reftable/basics.c:213:25: branch_true: ...to here
git-2.52.0/reftable/basics.c:218:20: branch_true: following ‘true’ branch (when ‘p < next’)...
git-2.52.0/reftable/basics.c:219:29: branch_true: ...to here
git-2.52.0/reftable/basics.c:219:28: branch_true: following ‘true’ branch...
git-2.52.0/reftable/basics.c:219:29: branch_true: ...to here
git-2.52.0/reftable/basics.c:219:29: call_function: calling ‘reftable_alloc_grow’ from ‘parse_names’
git-2.52.0/reftable/basics.c:219:29: return_function: returning to ‘parse_names’ from ‘reftable_alloc_grow’
git-2.52.0/reftable/basics.c:219:29: branch_false: following ‘false’ branch...
git-2.52.0/reftable/basics.c:225:30: branch_false: ...to here
git-2.52.0/reftable/basics.c:225:44: call_function: calling ‘reftable_strdup’ from ‘parse_names’
git-2.52.0/reftable/basics.c:225:44: return_function: returning to ‘parse_names’ from ‘reftable_strdup’
git-2.52.0/reftable/basics.c:226:28: branch_false: following ‘false’ branch...
git-2.52.0/reftable/basics.c:231:17: branch_false: ...to here
git-2.52.0/reftable/basics.c:234:12: branch_false: following ‘false’ branch...
git-2.52.0/reftable/basics.c:238:14: branch_false: ...to here
git-2.52.0/reftable/basics.c:238:9: danger: out-of-bounds write from byte 8 till byte 15 but region ends at byte 8
#  236|   		goto done;
#  237|   	}
#  238|-> 	names[names_len] = NULL;
#  239|   
#  240|   	*out = names;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def408]
git-2.52.0/reftable/stack.c:315:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘new_tables’
git-2.52.0/reftable/stack.c:647:5: enter_function: entry to ‘reftable_stack_reload’
git-2.52.0/reftable/stack.c:651:24: call_function: calling ‘reftable_stack_reload_maybe_reuse’ from ‘reftable_stack_reload’
#  313|   		}
#  314|   
#  315|-> 		new_tables[new_tables_len] = table;
#  316|   		new_tables_len++;
#  317|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def409]
git-2.52.0/reftable/stack.c:1783:21: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(*st.reftable_dir)’
git-2.52.0/reftable/stack.c:1777:20: acquire_memory: allocated here
git-2.52.0/reftable/stack.c:1779:12: branch_false: following ‘false’ branch...
git-2.52.0/reftable/stack.c:1779:12: branch_false: ...to here
git-2.52.0/reftable/stack.c:1783:21: throw: if ‘readdir’ throws an exception...
git-2.52.0/reftable/stack.c:1783:21: danger: ‘opendir(*st.reftable_dir)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
# 1781|   	}
# 1782|   
# 1783|-> 	while ((d = readdir(dir))) {
# 1784|   		int found = 0;
# 1785|   		if (!is_table_name(d->d_name))

Error: GCC_ANALYZER_WARNING (CWE-404): [#def410]
git-2.52.0/remote.c:1846:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/remote.c:1843:12: branch_true: following ‘true’ branch (when ‘err’ is non-NULL)...
git-2.52.0/remote.c:1845:17: branch_true: ...to here
git-2.52.0/remote.c:1845:17: acquire_resource: ‘va_start’ called here
git-2.52.0/remote.c:1846:17: throw: if ‘strbuf_vaddf’ throws an exception...
git-2.52.0/remote.c:1846:17: danger: missing call to ‘va_end’ to match ‘va_start’ at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
# 1844|   		va_list ap;
# 1845|   		va_start(ap, fmt);
# 1846|-> 		strbuf_vaddf(err, fmt, ap);
# 1847|   		va_end(ap);
# 1848|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def411]
git-2.52.0/rerere.c:139:22: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(repo_git_path(the_repository, "rr-cache/%s", &*rr_dir.name))’
git-2.52.0/rerere.c:153:27: enter_function: entry to ‘find_rerere_dir’
git-2.52.0/rerere.c:159:17: call_function: calling ‘st_add’ from ‘find_rerere_dir’
git-2.52.0/rerere.c:159:17: return_function: returning to ‘find_rerere_dir’ from ‘st_add’
git-2.52.0/rerere.c:165:17: call_function: calling ‘scan_rerere_dir’ from ‘find_rerere_dir’
#  137|   	if (!dir)
#  138|   		return;
#  139|-> 	while ((de = readdir(dir)) != NULL) {
#  140|   		int variant;
#  141|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def412]
git-2.52.0/revision.c:1145:29: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘commit’
git-2.52.0/revision.c:3937:5: enter_function: entry to ‘prepare_revision_walk’
git-2.52.0/revision.c:3947:21: branch_false: following ‘false’ branch...
git-2.52.0/revision.c:3957:9: branch_false: ...to here
git-2.52.0/revision.c:3964:12: branch_false: following ‘false’ branch...
git-2.52.0/revision.c:3969:14: branch_false: ...to here
git-2.52.0/revision.c:3969:12: branch_false: following ‘false’ branch...
git-2.52.0/revision.c:3971:13: branch_false: ...to here
git-2.52.0/revision.c:3971:12: branch_false: following ‘false’ branch...
git-2.52.0/revision.c:3973:13: branch_false: ...to here
git-2.52.0/revision.c:3973:12: branch_false: following ‘false’ branch...
git-2.52.0/revision.c:3975:13: branch_false: ...to here
git-2.52.0/revision.c:3975:12: branch_true: following ‘true’ branch...
git-2.52.0/revision.c:3976:21: branch_true: ...to here
git-2.52.0/revision.c:3976:21: call_function: calling ‘limit_list’ from ‘prepare_revision_walk’
# 1143|   			   struct commit_list **list, struct prio_queue *queue)
# 1144|   {
# 1145|-> 	struct commit_list *parent = commit->parents;
# 1146|   	unsigned pass_flags;
# 1147|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def413]
git-2.52.0/revision.c:1491:45: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘pop_commit(&original_list)’
git-2.52.0/revision.c:3937:5: enter_function: entry to ‘prepare_revision_walk’
git-2.52.0/revision.c:3947:21: branch_false: following ‘false’ branch...
git-2.52.0/revision.c:3957:9: branch_false: ...to here
git-2.52.0/revision.c:3964:12: branch_false: following ‘false’ branch...
git-2.52.0/revision.c:3969:14: branch_false: ...to here
git-2.52.0/revision.c:3969:12: branch_false: following ‘false’ branch...
git-2.52.0/revision.c:3971:13: branch_false: ...to here
git-2.52.0/revision.c:3971:12: branch_false: following ‘false’ branch...
git-2.52.0/revision.c:3973:13: branch_false: ...to here
git-2.52.0/revision.c:3973:12: branch_false: following ‘false’ branch...
git-2.52.0/revision.c:3975:13: branch_false: ...to here
git-2.52.0/revision.c:3975:12: branch_true: following ‘true’ branch...
git-2.52.0/revision.c:3976:21: branch_true: ...to here
git-2.52.0/revision.c:3976:21: call_function: calling ‘limit_list’ from ‘prepare_revision_walk’
# 1489|   			interesting_cache = NULL;
# 1490|   
# 1491|-> 		if (revs->max_age != -1 && (commit->date < revs->max_age))
# 1492|   			obj->flags |= UNINTERESTING;
# 1493|   		if (process_parents(revs, commit, &original_list, NULL) < 0)

Error: COMPILER_WARNING (CWE-704): [#def414]
git-2.52.0/revision.c: scope_hint: In function ‘handle_dotdot’
git-2.52.0/revision.c:2159:24: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
# 2159 |         char *dotdot = strstr(arg, "..");
#      |                        ^~~~~~
# 2157|   {
# 2158|   	struct object_context a_oc = {0}, b_oc = {0};
# 2159|-> 	char *dotdot = strstr(arg, "..");
# 2160|   	int ret;
# 2161|   

Error: COMPILER_WARNING (CWE-704): [#def415]
git-2.52.0/revision.c:2159:24: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
# 2157|   {
# 2158|   	struct object_context a_oc = {0}, b_oc = {0};
# 2159|-> 	char *dotdot = strstr(arg, "..");
# 2160|   	int ret;
# 2161|   

Error: COMPILER_WARNING (CWE-704): [#def416]
git-2.52.0/revision.c: scope_hint: In function ‘handle_revision_arg_1’
git-2.52.0/revision.c:2203:14: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 2203 |         mark = strstr(arg, "^@");
#      |              ^
# 2201|   	}
# 2202|   
# 2203|-> 	mark = strstr(arg, "^@");
# 2204|   	if (mark && !mark[2]) {
# 2205|   		*mark = 0;

Error: COMPILER_WARNING (CWE-704): [#def417]
git-2.52.0/revision.c:2203:14: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 2201|   	}
# 2202|   
# 2203|-> 	mark = strstr(arg, "^@");
# 2204|   	if (mark && !mark[2]) {
# 2205|   		*mark = 0;

Error: COMPILER_WARNING (CWE-704): [#def418]
git-2.52.0/revision.c:2212:14: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 2212 |         mark = strstr(arg, "^!");
#      |              ^
# 2210|   		*mark = '^';
# 2211|   	}
# 2212|-> 	mark = strstr(arg, "^!");
# 2213|   	if (mark && !mark[2]) {
# 2214|   		*mark = 0;

Error: COMPILER_WARNING (CWE-704): [#def419]
git-2.52.0/revision.c:2212:14: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 2210|   		*mark = '^';
# 2211|   	}
# 2212|-> 	mark = strstr(arg, "^!");
# 2213|   	if (mark && !mark[2]) {
# 2214|   		*mark = 0;

Error: COMPILER_WARNING (CWE-704): [#def420]
git-2.52.0/revision.c:2218:14: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 2218 |         mark = strstr(arg, "^-");
#      |              ^
# 2216|   			*mark = '^';
# 2217|   	}
# 2218|-> 	mark = strstr(arg, "^-");
# 2219|   	if (mark) {
# 2220|   		int exclude_parent = 1;

Error: COMPILER_WARNING (CWE-704): [#def421]
git-2.52.0/revision.c:2218:14: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 2216|   			*mark = '^';
# 2217|   	}
# 2218|-> 	mark = strstr(arg, "^-");
# 2219|   	if (mark) {
# 2220|   		int exclude_parent = 1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def422]
git-2.52.0/run-command.c:128:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fdin[0]’
git-2.52.0/run-command.c:1152:5: enter_function: entry to ‘start_async’
git-2.52.0/run-command.c:1159:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1160:21: branch_true: ...to here
git-2.52.0/run-command.c:1160:20: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1165:29: branch_false: ...to here
git-2.52.0/run-command.c:1169:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1170:21: branch_true: ...to here
git-2.52.0/run-command.c:1170:20: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1171:28: branch_true: ...to here
git-2.52.0/run-command.c:1171:28: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1172:33: branch_true: ...to here
git-2.52.0/run-command.c:1172:33: call_function: calling ‘close_pair’ from ‘start_async’
#  126|   static inline void close_pair(int fd[2])
#  127|   {
#  128|-> 	close(fd[0]);
#  129|   	close(fd[1]);
#  130|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def423]
git-2.52.0/run-command.c:128:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fdout[1]’
git-2.52.0/run-command.c:677:5: enter_function: entry to ‘start_command’
git-2.52.0/run-command.c:701:20: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:701:20: branch_true: ...to here
git-2.52.0/run-command.c:701:20: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:703:20: branch_true: ...to here
git-2.52.0/run-command.c:701:20: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:705:21: branch_true: ...to here
git-2.52.0/run-command.c:705:20: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:714:28: branch_false: ...to here
git-2.52.0/run-command.c:717:20: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:719:20: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:720:40: branch_true: ...to here
git-2.52.0/run-command.c:721:28: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:723:34: branch_false: ...to here
git-2.52.0/run-command.c:723:33: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:725:28: branch_false: ...to here
git-2.52.0/run-command.c:725:28: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:726:33: branch_true: ...to here
git-2.52.0/run-command.c:726:33: call_function: calling ‘close_pair’ from ‘start_command’
#  126|   static inline void close_pair(int fd[2])
#  127|   {
#  128|-> 	close(fd[0]);
#  129|   	close(fd[1]);
#  130|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def424]
git-2.52.0/run-command.c:128:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘maint.in’
git-2.52.0/run-command.c:1842:5: enter_function: entry to ‘run_auto_maintenance’
git-2.52.0/run-command.c:1845:12: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1847:16: branch_false: ...to here
git-2.52.0/run-command.c:1847:16: call_function: calling ‘run_command’ from ‘run_auto_maintenance’
#  126|   static inline void close_pair(int fd[2])
#  127|   {
#  128|-> 	close(fd[0]);
#  129|   	close(fd[1]);
#  130|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def425]
git-2.52.0/run-command.c:128:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘maint.out’
git-2.52.0/run-command.c:1842:5: enter_function: entry to ‘run_auto_maintenance’
git-2.52.0/run-command.c:1845:12: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1847:16: branch_false: ...to here
git-2.52.0/run-command.c:1847:16: call_function: calling ‘run_command’ from ‘run_auto_maintenance’
#  126|   static inline void close_pair(int fd[2])
#  127|   {
#  128|-> 	close(fd[0]);
#  129|   	close(fd[1]);
#  130|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def426]
git-2.52.0/run-command.c:129:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fdout[1]’
git-2.52.0/run-command.c:677:5: enter_function: entry to ‘start_command’
git-2.52.0/run-command.c:701:20: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:701:20: branch_true: ...to here
git-2.52.0/run-command.c:701:20: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:703:20: branch_true: ...to here
git-2.52.0/run-command.c:701:20: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:705:21: branch_true: ...to here
git-2.52.0/run-command.c:705:20: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:714:28: branch_false: ...to here
git-2.52.0/run-command.c:717:20: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:719:20: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:720:40: branch_true: ...to here
git-2.52.0/run-command.c:721:28: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:723:34: branch_false: ...to here
git-2.52.0/run-command.c:723:33: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:725:28: branch_false: ...to here
git-2.52.0/run-command.c:725:28: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:726:33: branch_true: ...to here
git-2.52.0/run-command.c:726:33: call_function: calling ‘close_pair’ from ‘start_command’
#  127|   {
#  128|   	close(fd[0]);
#  129|-> 	close(fd[1]);
#  130|   }
#  131|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def427]
git-2.52.0/run-command.c:129:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘maint.in’
git-2.52.0/run-command.c:1842:5: enter_function: entry to ‘run_auto_maintenance’
git-2.52.0/run-command.c:1845:12: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1847:16: branch_false: ...to here
git-2.52.0/run-command.c:1847:16: call_function: calling ‘run_command’ from ‘run_auto_maintenance’
#  127|   {
#  128|   	close(fd[0]);
#  129|-> 	close(fd[1]);
#  130|   }
#  131|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def428]
git-2.52.0/run-command.c:129:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘maint.out’
git-2.52.0/run-command.c:1842:5: enter_function: entry to ‘run_auto_maintenance’
git-2.52.0/run-command.c:1845:12: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1847:16: branch_false: ...to here
git-2.52.0/run-command.c:1847:16: call_function: calling ‘run_command’ from ‘run_auto_maintenance’
#  127|   {
#  128|   	close(fd[0]);
#  129|-> 	close(fd[1]);
#  130|   }
#  131|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def429]
git-2.52.0/run-command.c:343:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(fd,  to)’
git-2.52.0/run-command.c:343:13: acquire_resource: opened here
git-2.52.0/run-command.c:343:12: danger: ‘dup2(fd,  to)’ leaks here; was opened at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
#  341|   static void child_dup2(int fd, int to)
#  342|   {
#  343|-> 	if (dup2(fd, to) < 0)
#  344|   		child_die(CHILD_ERR_DUP2);
#  345|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def430]
git-2.52.0/run-command.c:553:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘proc_in’
git-2.52.0/run-command.c:1152:5: enter_function: entry to ‘start_async’
git-2.52.0/run-command.c:1159:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1160:21: branch_true: ...to here
git-2.52.0/run-command.c:1160:20: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1165:29: branch_false: ...to here
git-2.52.0/run-command.c:1169:12: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1180:12: branch_false: ...to here
git-2.52.0/run-command.c:1180:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1181:17: branch_true: ...to here
git-2.52.0/run-command.c:1187:12: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1189:18: branch_false: ...to here
git-2.52.0/run-command.c:1225:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1230:17: branch_true: ...to here
git-2.52.0/run-command.c:1238:12: branch_true: following ‘true’ branch (when ‘proc_in >= 0’)...
git-2.52.0/run-command.c:1239:17: branch_true: ...to here
git-2.52.0/run-command.c:1239:17: call_function: calling ‘set_cloexec’ from ‘start_async’
#  551|   static inline void set_cloexec(int fd)
#  552|   {
#  553|-> 	int flags = fcntl(fd, F_GETFD);
#  554|   	if (flags >= 0)
#  555|   		fcntl(fd, F_SETFD, flags | FD_CLOEXEC);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def431]
git-2.52.0/run-command.c:553:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘proc_out’
git-2.52.0/run-command.c:1152:5: enter_function: entry to ‘start_async’
git-2.52.0/run-command.c:1159:12: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1168:20: branch_false: ...to here
git-2.52.0/run-command.c:1169:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1170:21: branch_true: ...to here
git-2.52.0/run-command.c:1170:20: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1177:30: branch_false: ...to here
git-2.52.0/run-command.c:1180:12: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1182:18: branch_false: ...to here
git-2.52.0/run-command.c:1187:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1188:17: branch_true: ...to here
git-2.52.0/run-command.c:1225:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1230:17: branch_true: ...to here
git-2.52.0/run-command.c:1238:12: branch_true: following ‘true’ branch (when ‘proc_in >= 0’)...
git-2.52.0/run-command.c:1239:17: branch_true: ...to here
git-2.52.0/run-command.c:1239:17: call_function: calling ‘set_cloexec’ from ‘start_async’
#  551|   static inline void set_cloexec(int fd)
#  552|   {
#  553|-> 	int flags = fcntl(fd, F_GETFD);
#  554|   	if (flags >= 0)
#  555|   		fcntl(fd, F_SETFD, flags | FD_CLOEXEC);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def432]
git-2.52.0/run-command.c:555:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘proc_in’
git-2.52.0/run-command.c:1152:5: enter_function: entry to ‘start_async’
git-2.52.0/run-command.c:1159:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1160:21: branch_true: ...to here
git-2.52.0/run-command.c:1160:20: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1165:29: branch_false: ...to here
git-2.52.0/run-command.c:1169:12: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1180:12: branch_false: ...to here
git-2.52.0/run-command.c:1180:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1181:17: branch_true: ...to here
git-2.52.0/run-command.c:1187:12: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1189:18: branch_false: ...to here
git-2.52.0/run-command.c:1225:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1230:17: branch_true: ...to here
git-2.52.0/run-command.c:1238:12: branch_false: following ‘false’ branch (when ‘proc_in < 0’)...
git-2.52.0/run-command.c:1240:12: branch_false: ...to here
git-2.52.0/run-command.c:1240:12: branch_true: following ‘true’ branch (when ‘proc_out >= 0’)...
git-2.52.0/run-command.c:1241:17: branch_true: ...to here
git-2.52.0/run-command.c:1241:17: call_function: calling ‘set_cloexec’ from ‘start_async’
#  553|   	int flags = fcntl(fd, F_GETFD);
#  554|   	if (flags >= 0)
#  555|-> 		fcntl(fd, F_SETFD, flags | FD_CLOEXEC);
#  556|   }
#  557|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def433]
git-2.52.0/run-command.c:555:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘proc_out’
git-2.52.0/run-command.c:1152:5: enter_function: entry to ‘start_async’
git-2.52.0/run-command.c:1159:12: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1168:20: branch_false: ...to here
git-2.52.0/run-command.c:1169:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1170:21: branch_true: ...to here
git-2.52.0/run-command.c:1170:20: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1177:30: branch_false: ...to here
git-2.52.0/run-command.c:1180:12: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1182:18: branch_false: ...to here
git-2.52.0/run-command.c:1187:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1188:17: branch_true: ...to here
git-2.52.0/run-command.c:1225:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1230:17: branch_true: ...to here
git-2.52.0/run-command.c:1238:12: branch_true: following ‘true’ branch (when ‘proc_in >= 0’)...
git-2.52.0/run-command.c:1239:17: branch_true: ...to here
git-2.52.0/run-command.c:1239:17: call_function: calling ‘set_cloexec’ from ‘start_async’
#  553|   	int flags = fcntl(fd, F_GETFD);
#  554|   	if (flags >= 0)
#  555|-> 		fcntl(fd, F_SETFD, flags | FD_CLOEXEC);
#  556|   }
#  557|   

Error: COMPILER_WARNING (CWE-704): [#def434]
git-2.52.0/run-command.c: scope_hint: In function ‘trace_add_env’
git-2.52.0/run-command.c:608:32: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  608 |                 char *equals = strchr(*e, '=');
#      |                                ^~~~~~
#  606|   	for (e = deltaenv; e && *e; e++) {
#  607|   		struct strbuf key = STRBUF_INIT;
#  608|-> 		char *equals = strchr(*e, '=');
#  609|   
#  610|   		if (equals) {

Error: COMPILER_WARNING (CWE-704): [#def435]
git-2.52.0/run-command.c:608:32: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  606|   	for (e = deltaenv; e && *e; e++) {
#  607|   		struct strbuf key = STRBUF_INIT;
#  608|-> 		char *equals = strchr(*e, '=');
#  609|   
#  610|   		if (equals) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def436]
git-2.52.0/run-command.c:724:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fdout[1]’
git-2.52.0/run-command.c:701:20: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:701:20: branch_true: ...to here
git-2.52.0/run-command.c:701:20: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:703:20: branch_true: ...to here
git-2.52.0/run-command.c:701:20: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:705:21: branch_true: ...to here
git-2.52.0/run-command.c:705:20: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:714:28: branch_false: ...to here
git-2.52.0/run-command.c:717:20: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:719:20: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:720:40: branch_true: ...to here
git-2.52.0/run-command.c:721:28: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:723:34: branch_false: ...to here
git-2.52.0/run-command.c:723:33: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:724:33: branch_true: ...to here
git-2.52.0/run-command.c:724:33: throw: if ‘close’ throws an exception...
git-2.52.0/run-command.c:724:33: danger: ‘fdout[1]’ leaks here
#  722|   				close_pair(fdin);
#  723|   			else if (cmd->in)
#  724|-> 				close(cmd->in);
#  725|   			if (need_out)
#  726|   				close_pair(fdout);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def437]
git-2.52.0/run-command.c:740:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fderr[1]’
git-2.52.0/run-command.c:717:20: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:719:20: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:737:28: branch_false: ...to here
git-2.52.0/run-command.c:740:9: throw: if ‘trace2_child_start_fl’ throws an exception...
git-2.52.0/run-command.c:740:9: danger: ‘fderr[1]’ leaks here
#  738|   	}
#  739|   
#  740|-> 	trace2_child_start(cmd);
#  741|   	trace_run_command(cmd);
#  742|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def438]
git-2.52.0/run-command.c:740:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fdin[0]’
git-2.52.0/run-command.c:689:19: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:691:20: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:698:27: branch_false: ...to here
git-2.52.0/run-command.c:740:9: throw: if ‘trace2_child_start_fl’ throws an exception...
git-2.52.0/run-command.c:740:9: danger: ‘fdin[0]’ leaks here
#  738|   	}
#  739|   
#  740|-> 	trace2_child_start(cmd);
#  741|   	trace_run_command(cmd);
#  742|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def439]
git-2.52.0/run-command.c:740:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fdout[1]’
git-2.52.0/run-command.c:701:20: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:701:20: branch_true: ...to here
git-2.52.0/run-command.c:701:20: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:703:20: branch_true: ...to here
git-2.52.0/run-command.c:701:20: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:705:21: branch_true: ...to here
git-2.52.0/run-command.c:705:20: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:714:28: branch_false: ...to here
git-2.52.0/run-command.c:740:9: throw: if ‘trace2_child_start_fl’ throws an exception...
git-2.52.0/run-command.c:740:9: danger: ‘fdout[1]’ leaks here
#  738|   	}
#  739|   
#  740|-> 	trace2_child_start(cmd);
#  741|   	trace_run_command(cmd);
#  742|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def440]
git-2.52.0/run-command.c:1234:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘proc_in’
git-2.52.0/run-command.c:1159:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1160:21: branch_true: ...to here
git-2.52.0/run-command.c:1160:20: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1165:29: branch_false: ...to here
git-2.52.0/run-command.c:1169:12: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1180:12: branch_false: ...to here
git-2.52.0/run-command.c:1180:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1181:17: branch_true: ...to here
git-2.52.0/run-command.c:1187:12: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1189:18: branch_false: ...to here
git-2.52.0/run-command.c:1225:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1230:17: branch_true: ...to here
git-2.52.0/run-command.c:1234:17: throw: if ‘set_die_routine’ throws an exception...
git-2.52.0/run-command.c:1234:17: danger: ‘proc_in’ leaks here
# 1232|   		pthread_key_create(&async_key, NULL);
# 1233|   		pthread_key_create(&async_die_counter, NULL);
# 1234|-> 		set_die_routine(die_async);
# 1235|   		set_die_is_recursing_routine(async_die_is_recursing);
# 1236|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def441]
git-2.52.0/run-command.c:1234:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘proc_out’
git-2.52.0/run-command.c:1159:12: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1168:20: branch_false: ...to here
git-2.52.0/run-command.c:1169:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1170:21: branch_true: ...to here
git-2.52.0/run-command.c:1170:20: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1177:30: branch_false: ...to here
git-2.52.0/run-command.c:1180:12: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1182:18: branch_false: ...to here
git-2.52.0/run-command.c:1187:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1188:17: branch_true: ...to here
git-2.52.0/run-command.c:1225:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1230:17: branch_true: ...to here
git-2.52.0/run-command.c:1234:17: throw: if ‘set_die_routine’ throws an exception...
git-2.52.0/run-command.c:1234:17: danger: ‘proc_out’ leaks here
# 1232|   		pthread_key_create(&async_key, NULL);
# 1233|   		pthread_key_create(&async_die_counter, NULL);
# 1234|-> 		set_die_routine(die_async);
# 1235|   		set_die_is_recursing_routine(async_die_is_recursing);
# 1236|   	}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def442]
git-2.52.0/run-command.c:1235:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘proc_in’
git-2.52.0/run-command.c:1159:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1160:21: branch_true: ...to here
git-2.52.0/run-command.c:1160:20: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1165:29: branch_false: ...to here
git-2.52.0/run-command.c:1169:12: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1180:12: branch_false: ...to here
git-2.52.0/run-command.c:1180:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1181:17: branch_true: ...to here
git-2.52.0/run-command.c:1187:12: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1189:18: branch_false: ...to here
git-2.52.0/run-command.c:1225:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1230:17: branch_true: ...to here
git-2.52.0/run-command.c:1235:17: throw: if ‘set_die_is_recursing_routine’ throws an exception...
git-2.52.0/run-command.c:1235:17: danger: ‘proc_in’ leaks here
# 1233|   		pthread_key_create(&async_die_counter, NULL);
# 1234|   		set_die_routine(die_async);
# 1235|-> 		set_die_is_recursing_routine(async_die_is_recursing);
# 1236|   	}
# 1237|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def443]
git-2.52.0/run-command.c:1235:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘proc_out’
git-2.52.0/run-command.c:1159:12: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1168:20: branch_false: ...to here
git-2.52.0/run-command.c:1169:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1170:21: branch_true: ...to here
git-2.52.0/run-command.c:1170:20: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1177:30: branch_false: ...to here
git-2.52.0/run-command.c:1180:12: branch_false: following ‘false’ branch...
git-2.52.0/run-command.c:1182:18: branch_false: ...to here
git-2.52.0/run-command.c:1187:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1188:17: branch_true: ...to here
git-2.52.0/run-command.c:1225:12: branch_true: following ‘true’ branch...
git-2.52.0/run-command.c:1230:17: branch_true: ...to here
git-2.52.0/run-command.c:1235:17: throw: if ‘set_die_is_recursing_routine’ throws an exception...
git-2.52.0/run-command.c:1235:17: danger: ‘proc_out’ leaks here
# 1233|   		pthread_key_create(&async_die_counter, NULL);
# 1234|   		set_die_routine(die_async);
# 1235|-> 		set_die_is_recursing_routine(async_die_is_recursing);
# 1236|   	}
# 1237|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def444]
git-2.52.0/scalar.c:83:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/scalar.c:608:12: enter_function: entry to ‘cmd_list’
git-2.52.0/scalar.c:610:12: branch_false: following ‘false’ branch (when ‘argc == 1’)...
git-2.52.0/scalar.c:613:13: branch_false: ...to here
git-2.52.0/scalar.c:613:13: call_function: calling ‘run_git’ from ‘cmd_list’
#   81|   
#   82|   	va_start(args, arg);
#   83|-> 	strvec_push(&cmd.args, arg);
#   84|   	while ((p = va_arg(args, const char *)))
#   85|   		strvec_push(&cmd.args, p);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def445]
git-2.52.0/scalar.c:85:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/scalar.c:608:12: enter_function: entry to ‘cmd_list’
git-2.52.0/scalar.c:610:12: branch_false: following ‘false’ branch (when ‘argc == 1’)...
git-2.52.0/scalar.c:613:13: branch_false: ...to here
git-2.52.0/scalar.c:613:13: call_function: calling ‘run_git’ from ‘cmd_list’
#   83|   	strvec_push(&cmd.args, arg);
#   84|   	while ((p = va_arg(args, const char *)))
#   85|-> 		strvec_push(&cmd.args, p);
#   86|   	va_end(args);
#   87|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def446]
git-2.52.0/scalar.c:320:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/scalar.c:426:12: enter_function: entry to ‘cmd_clone’
git-2.52.0/scalar.c:460:12: branch_true: following ‘true’ branch...
git-2.52.0/scalar.c:461:17: branch_true: ...to here
git-2.52.0/scalar.c:483:12: branch_false: following ‘false’ branch...
git-2.52.0/scalar.c:486:13: branch_false: ...to here
git-2.52.0/scalar.c:491:9: call_function: calling ‘strbuf_setlen’ from ‘cmd_clone’
git-2.52.0/scalar.c:491:9: return_function: returning to ‘cmd_clone’ from ‘strbuf_setlen’
git-2.52.0/scalar.c:500:12: branch_false: following ‘false’ branch...
git-2.52.0/scalar.c:503:13: branch_false: ...to here
git-2.52.0/scalar.c:503:12: branch_false: following ‘false’ branch...
git-2.52.0/scalar.c:508:9: branch_false: ...to here
git-2.52.0/scalar.c:513:12: branch_false: following ‘false’ branch...
git-2.52.0/scalar.c:518:13: branch_false: ...to here
git-2.52.0/scalar.c:518:13: call_function: calling ‘set_config’ from ‘cmd_clone’
#  318|   
#  319|   	va_start(args, fmt);
#  320|-> 	strbuf_vaddf(&buf, fmt, args);
#  321|   	va_end(args);
#  322|   

Error: COMPILER_WARNING (CWE-704): [#def447]
git-2.52.0/send-pack.c: scope_hint: In function ‘receive_status’
git-2.52.0/send-pack.c:184:19: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  184 |                 p = strchr(head, ' ');
#      |                   ^
#  182|   			break;
#  183|   		head = reader->line;
#  184|-> 		p = strchr(head, ' ');
#  185|   		if (!p) {
#  186|   			error("invalid status line from remote: %s", reader->line);

Error: COMPILER_WARNING (CWE-704): [#def448]
git-2.52.0/send-pack.c:184:19: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  182|   			break;
#  183|   		head = reader->line;
#  184|-> 		p = strchr(head, ' ');
#  185|   		if (!p) {
#  186|   			error("invalid status line from remote: %s", reader->line);

Error: COMPILER_WARNING (CWE-704): [#def449]
git-2.52.0/send-pack.c:215:27: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  215 |                         p = strchr(key, ' ');
#      |                           ^
#  213|   			}
#  214|   			key = p;
#  215|-> 			p = strchr(key, ' ');
#  216|   			if (p)
#  217|   				*p++ = '\0';

Error: COMPILER_WARNING (CWE-704): [#def450]
git-2.52.0/send-pack.c:215:27: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  213|   			}
#  214|   			key = p;
#  215|-> 			p = strchr(key, ' ');
#  216|   			if (p)
#  217|   				*p++ = '\0';

Error: COMPILER_WARNING (CWE-704): [#def451]
git-2.52.0/send-pack.c:240:19: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  240 |                 p = strchr(refname, ' ');
#      |                   ^
#  238|   		}
#  239|   		refname = p;
#  240|-> 		p = strchr(refname, ' ');
#  241|   		if (p)
#  242|   			*p++ = '\0';

Error: COMPILER_WARNING (CWE-704): [#def452]
git-2.52.0/send-pack.c:240:19: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  238|   		}
#  239|   		refname = p;
#  240|-> 		p = strchr(refname, ' ');
#  241|   		if (p)
#  242|   			*p++ = '\0';

Error: GCC_ANALYZER_WARNING (CWE-404): [#def453]
git-2.52.0/sequencer.c:468:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/sequencer.c:5197:12: enter_function: entry to ‘commit_staged_changes’
git-2.52.0/sequencer.c:5205:37: call_function: calling ‘reflog_message’ from ‘commit_staged_changes’
#  466|   		return N_("rebase");
#  467|   	}
#  468|-> 	die(_("unknown action: %d"), opts->action);
#  469|   }
#  470|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def454]
git-2.52.0/sequencer.c:2221:25: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/sequencer.c:5197:12: enter_function: entry to ‘commit_staged_changes’
git-2.52.0/sequencer.c:5205:37: call_function: calling ‘reflog_message’ from ‘commit_staged_changes’
# 2219|   		opts->reflog_action = getenv(GIT_REFLOG_ACTION);
# 2220|   		opts->reflog_action =
# 2221|-> 			xstrdup(opts->reflog_action ? opts->reflog_action
# 2222|   						    : action_name(opts));
# 2223|   	}

Error: GCC_ANALYZER_WARNING (CWE-404): [#def455]
git-2.52.0/sequencer.c:2239:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/sequencer.c:5197:12: enter_function: entry to ‘commit_staged_changes’
git-2.52.0/sequencer.c:5205:37: call_function: calling ‘reflog_message’ from ‘commit_staged_changes’
# 2237|   	strbuf_addstr(&buf, sequencer_reflog_action(opts));
# 2238|   	if (sub_action)
# 2239|-> 		strbuf_addf(&buf, " (%s)", sub_action);
# 2240|   	if (fmt) {
# 2241|   		strbuf_addstr(&buf, ": ");

Error: GCC_ANALYZER_WARNING (CWE-404): [#def456]
git-2.52.0/sequencer.c:2242:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/sequencer.c:4804:12: enter_function: entry to ‘checkout_onto’
git-2.52.0/sequencer.c:4813:29: call_function: calling ‘reflog_message’ from ‘checkout_onto’
# 2240|   	if (fmt) {
# 2241|   		strbuf_addstr(&buf, ": ");
# 2242|-> 		strbuf_vaddf(&buf, fmt, ap);
# 2243|   	}
# 2244|   	va_end(ap);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def457]
git-2.52.0/sequencer.c:2419:21: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*item.flags’
git-2.52.0/sequencer.c:5460:12: enter_function: entry to ‘single_pick’
git-2.52.0/sequencer.c:5471:16: call_function: calling ‘do_pick_commit’ from ‘single_pick’
# 2417|   		reword = 1;
# 2418|   	else if (is_fixup(command)) {
# 2419|-> 		if (update_squash_messages(r, command, commit,
# 2420|   					   opts, item->flags)) {
# 2421|   			res = -1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def458]
git-2.52.0/sequencer.c:2940:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(path, 0)’
git-2.52.0/sequencer.c:4844:12: enter_function: entry to ‘reread_todo_if_changed’
git-2.52.0/sequencer.c:4851:13: call_function: calling ‘strbuf_read_file_or_whine’ from ‘reread_todo_if_changed’
# 2938|   	if (fd < 0)
# 2939|   		return error_errno(_("could not open '%s'"), path);
# 2940|-> 	len = strbuf_read(sb, fd, 0);
# 2941|   	close(fd);
# 2942|   	if (len < 0)

Error: GCC_ANALYZER_WARNING (CWE-404): [#def459]
git-2.52.0/sequencer.c:3893:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/sequencer.c:3883:12: branch_false: following ‘false’ branch...
git-2.52.0/sequencer.c:3886:13: branch_false: ...to here
git-2.52.0/sequencer.c:3892:9: acquire_resource: ‘va_start’ called here
git-2.52.0/sequencer.c:3893:9: throw: if ‘strbuf_vaddf’ throws an exception...
git-2.52.0/sequencer.c:3893:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(3)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/2)
# 3891|   	strbuf_complete(&buf, '\n');
# 3892|   	va_start(ap, fmt);
# 3893|-> 	strbuf_vaddf(&buf, fmt, ap);
# 3894|   	va_end(ap);
# 3895|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def460]
git-2.52.0/server-info.c:54:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/server-info.c:332:12: enter_function: entry to ‘write_pack_info_file’
git-2.52.0/server-info.c:339:13: call_function: calling ‘uic_printf’ from ‘write_pack_info_file’
#   52|   
#   53|   		strbuf_reset(cur);
#   54|-> 		strbuf_vinsertf(cur, 0, fmt, ap);
#   55|   
#   56|   		strbuf_reset(old);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def461]
git-2.52.0/setup.c:381:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(path, 0)’
git-2.52.0/setup.c:1984:13: enter_function: entry to ‘resolve_gitdir_gently’
git-2.52.0/setup.c:1986:13: call_function: calling ‘is_git_directory’ from ‘resolve_gitdir_gently’
#  379|   	if (fd < 0)
#  380|   		return -1;
#  381|-> 	len = read_in_full(fd, buffer, sizeof(buffer)-1);
#  382|   	close(fd);
#  383|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def462]
git-2.52.0/setup.c:960:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(path, 0)’
git-2.52.0/setup.c:2436:13: enter_function: entry to ‘separate_git_dir’
git-2.52.0/setup.c:2440:12: branch_true: following ‘true’ branch...
git-2.52.0/setup.c:2443:21: branch_true: ...to here
git-2.52.0/setup.c:2443:20: branch_true: following ‘true’ branch...
git-2.52.0/setup.c:2444:31: branch_true: ...to here
git-2.52.0/setup.c:2444:31: call_function: calling ‘read_gitfile_gently’ from ‘separate_git_dir’
#  958|   		goto cleanup_return;
#  959|   	}
#  960|-> 	buf = xmallocz(st.st_size);
#  961|   	len = read_in_full(fd, buf, st.st_size);
#  962|   	close(fd);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def463]
git-2.52.0/setup.c:2177:50: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(template_path.buf)’
git-2.52.0/setup.c:2151:13: enter_function: entry to ‘copy_templates’
git-2.52.0/setup.c:2162:12: branch_false: following ‘false’ branch...
git-2.52.0/setup.c:2169:15: acquire_memory: allocated here
git-2.52.0/setup.c:2170:12: branch_false: following ‘false’ branch...
git-2.52.0/setup.c:2176:9: branch_false: ...to here
git-2.52.0/setup.c:2177:9: call_function: calling ‘read_repository_format’ from ‘copy_templates’
# 2175|   	/* Make sure that template is from the correct vintage */
# 2176|   	strbuf_addstr(&template_path, "config");
# 2177|-> 	read_repository_format(&template_format, template_path.buf);
# 2178|   	strbuf_setlen(&template_path, template_len);
# 2179|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def464]
git-2.52.0/strbuf.c:111:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/strbuf.c:839:13: enter_function: entry to ‘strbuf_humanise’
git-2.52.0/strbuf.c:851:19: branch_false: following ‘false’ branch (when ‘bytes <= 1048576’)...
git-2.52.0/strbuf.c:860:19: branch_false: ...to here
git-2.52.0/strbuf.c:860:19: branch_false: following ‘false’ branch (when ‘bytes <= 1024’)...
git-2.52.0/strbuf.c:870:17: branch_false: ...to here
git-2.52.0/strbuf.c:870:17: call_function: calling ‘strbuf_addf’ from ‘strbuf_humanise’
#  109|   	if (unsigned_add_overflows(extra, 1) ||
#  110|   	    unsigned_add_overflows(sb->len, extra + 1))
#  111|-> 		die("you want to use way too much memory");
#  112|   	if (new_buf)
#  113|   		sb->buf = NULL;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def465]
git-2.52.0/strbuf.c:114:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/strbuf.c:945:7: enter_function: entry to ‘xstrfmt’
git-2.52.0/strbuf.c:950:9: acquire_resource: ‘va_start’ called here
git-2.52.0/strbuf.c:951:15: call_function: calling ‘xstrvfmt’ from ‘xstrfmt’
#  112|   	if (new_buf)
#  113|   		sb->buf = NULL;
#  114|-> 	ALLOC_GROW(sb->buf, sb->len + extra + 1, sb->alloc);
#  115|   	if (new_buf)
#  116|   		sb->buf[0] = '\0';

Error: GCC_ANALYZER_WARNING (CWE-476): [#def466]
git-2.52.0/strbuf.c:116:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
git-2.52.0/strbuf.c:1049:6: enter_function: entry to ‘strbuf_stripspace’
git-2.52.0/strbuf.c:1056:9: call_function: calling ‘strbuf_grow’ from ‘strbuf_stripspace’
#  114|   	ALLOC_GROW(sb->buf, sb->len + extra + 1, sb->alloc);
#  115|   	if (new_buf)
#  116|-> 		sb->buf[0] = '\0';
#  117|   }
#  118|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def467]
git-2.52.0/strbuf.h:145:16: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(*template_path.buf)’
git-2.52.0/setup.c:2084:13: enter_function: entry to ‘copy_templates_1’
git-2.52.0/setup.c:2099:16: branch_true: following ‘true’ branch...
git-2.52.0/setup.c:2103:17: branch_true: ...to here
git-2.52.0/setup.c:2103:17: call_function: calling ‘strbuf_setlen’ from ‘copy_templates_1’
git-2.52.0/setup.c:2103:17: return_function: returning to ‘copy_templates_1’ from ‘strbuf_setlen’
git-2.52.0/setup.c:2104:17: call_function: calling ‘strbuf_setlen’ from ‘copy_templates_1’
git-2.52.0/setup.c:2104:17: return_function: returning to ‘copy_templates_1’ from ‘strbuf_setlen’
git-2.52.0/setup.c:2117:20: branch_false: following ‘false’ branch...
git-2.52.0/setup.c:2120:21: branch_false: ...to here
git-2.52.0/setup.c:2120:20: branch_true: following ‘true’ branch...
git-2.52.0/setup.c:2121:47: branch_true: ...to here
git-2.52.0/setup.c:2121:39: acquire_memory: allocated here
git-2.52.0/setup.c:2122:28: branch_false: following ‘false’ branch...
git-2.52.0/setup.c:2124:25: branch_false: ...to here
git-2.52.0/setup.c:2124:25: call_function: calling ‘strbuf_addch’ from ‘copy_templates_1’
#  143|   static inline size_t strbuf_avail(const struct strbuf *sb)
#  144|   {
#  145|-> 	return sb->alloc ? sb->alloc - sb->len - 1 : 0;
#  146|   }
#  147|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def468]
git-2.52.0/strbuf.h:145:16: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(path)’
git-2.52.0/diagnose.c:91:13: enter_function: entry to ‘loose_objs_stats’
git-2.52.0/diagnose.c:93:20: acquire_memory: allocated here
git-2.52.0/diagnose.c:101:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:104:9: branch_false: ...to here
git-2.52.0/diagnose.c:109:9: call_function: calling ‘strbuf_addch’ from ‘loose_objs_stats’
#  143|   static inline size_t strbuf_avail(const struct strbuf *sb)
#  144|   {
#  145|-> 	return sb->alloc ? sb->alloc - sb->len - 1 : 0;
#  146|   }
#  147|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def469]
git-2.52.0/strbuf.h:145:16: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(path.buf)’
git-2.52.0/notes-merge.c:682:5: enter_function: entry to ‘notes_merge_commit’
git-2.52.0/notes-merge.c:707:12: branch_false: following ‘false’ branch...
git-2.52.0/notes-merge.c:711:15: acquire_memory: allocated here
git-2.52.0/notes-merge.c:712:12: branch_false: following ‘false’ branch...
git-2.52.0/notes-merge.c:715:9: branch_false: ...to here
git-2.52.0/notes-merge.c:715:9: call_function: calling ‘strbuf_addch’ from ‘notes_merge_commit’
#  143|   static inline size_t strbuf_avail(const struct strbuf *sb)
#  144|   {
#  145|-> 	return sb->alloc ? sb->alloc - sb->len - 1 : 0;
#  146|   }
#  147|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def470]
git-2.52.0/strbuf.h:166:32: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(path, 0)’
git-2.52.0/refs/files-backend.c:2666:35: enter_function: entry to ‘lock_ref_for_update’
git-2.52.0/refs/files-backend.c:2680:9: call_function: inlined call to ‘files_assert_main_repository’ from ‘lock_ref_for_update’
git-2.52.0/refs/files-backend.c:2682:9: branch_true: ...to here
git-2.52.0/refs/files-backend.c:2694:12: branch_false: following ‘false’ branch...
git-2.52.0/refs/files-backend.c:2697:23: branch_false: ...to here
git-2.52.0/refs/files-backend.c:2697:23: call_function: calling ‘lock_raw_ref’ from ‘lock_ref_for_update’
#  164|   static inline void strbuf_setlen(struct strbuf *sb, size_t len)
#  165|   {
#  166|-> 	if (len > (sb->alloc ? sb->alloc - 1 : 0))
#  167|   		BUG("strbuf_setlen() beyond buffer");
#  168|   	sb->len = len;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def471]
git-2.52.0/strbuf.h:167:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/pkt-line.c:693:6: enter_function: entry to ‘packet_writer_error’
git-2.52.0/pkt-line.c:697:9: acquire_resource: ‘va_start’ called here
git-2.52.0/pkt-line.c:698:9: call_function: calling ‘packet_write_fmt_1’ from ‘packet_writer_error’
#  165|   {
#  166|   	if (len > (sb->alloc ? sb->alloc - 1 : 0))
#  167|-> 		BUG("strbuf_setlen() beyond buffer");
#  168|   	sb->len = len;
#  169|   	if (sb->buf != strbuf_slopbuf)

Error: GCC_ANALYZER_WARNING (CWE-404): [#def472]
git-2.52.0/strbuf.h:235:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/path.c:1683:1: enter_function: entry to ‘git_path_shallow’
git-2.52.0/path.c:1683:1: branch_true: following ‘true’ branch...
git-2.52.0/path.c:1683:1: branch_true: ...to here
git-2.52.0/path.c:1683:1: call_function: calling ‘repo_git_path’ from ‘git_path_shallow’
#  233|   {
#  234|   	if (!strbuf_avail(sb))
#  235|-> 		strbuf_grow(sb, 1);
#  236|   	sb->buf[sb->len++] = c;
#  237|   	sb->buf[sb->len] = '\0';

Error: GCC_ANALYZER_WARNING (CWE-775): [#def473]
git-2.52.0/strbuf.h:310:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘stdout_fd’
git-2.52.0/diagnose.c:181:5: enter_function: entry to ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:198:12: branch_false: following ‘false’ branch (when ‘mode != 0’)...
git-2.52.0/diagnose.c:203:21: branch_false: ...to here
git-2.52.0/diagnose.c:203:21: acquire_resource: opened here
git-2.52.0/diagnose.c:204:12: branch_false: following ‘false’ branch (when ‘stdout_fd >= 0’)...
git-2.52.0/diagnose.c:209:29: branch_false: ...to here
git-2.52.0/diagnose.c:210:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:215:9: branch_false: ...to here
git-2.52.0/diagnose.c:218:9: call_function: calling ‘strbuf_setlen’ from ‘create_diagnostics_archive’
git-2.52.0/diagnose.c:218:9: return_function: returning to ‘create_diagnostics_archive’ from ‘strbuf_setlen’
git-2.52.0/diagnose.c:219:9: call_function: calling ‘strbuf_addstr’ from ‘create_diagnostics_archive’
#  308|   static inline void strbuf_addstr(struct strbuf *sb, const char *s)
#  309|   {
#  310|-> 	strbuf_add(sb, s, strlen(s));
#  311|   }
#  312|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def474]
git-2.52.0/strbuf.h:310:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(from_path)’
git-2.52.0/refs.c:3046:12: enter_function: entry to ‘move_files’
git-2.52.0/refs.c:3053:20: acquire_memory: allocated here
git-2.52.0/refs.c:3054:12: branch_false: following ‘false’ branch...
git-2.52.0/refs.c:3061:9: branch_false: ...to here
git-2.52.0/refs.c:3061:9: call_function: calling ‘strbuf_addstr’ from ‘move_files’
#  308|   static inline void strbuf_addstr(struct strbuf *sb, const char *s)
#  309|   {
#  310|-> 	strbuf_add(sb, s, strlen(s));
#  311|   }
#  312|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def475]
git-2.52.0/strbuf.h:310:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(path)’
git-2.52.0/diagnose.c:91:13: enter_function: entry to ‘loose_objs_stats’
git-2.52.0/diagnose.c:93:20: acquire_memory: allocated here
git-2.52.0/diagnose.c:101:12: branch_false: following ‘false’ branch...
git-2.52.0/diagnose.c:104:9: branch_false: ...to here
git-2.52.0/diagnose.c:104:9: call_function: calling ‘strbuf_addstr’ from ‘loose_objs_stats’
#  308|   static inline void strbuf_addstr(struct strbuf *sb, const char *s)
#  309|   {
#  310|-> 	strbuf_add(sb, s, strlen(s));
#  311|   }
#  312|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def476]
git-2.52.0/strbuf.h:310:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(path.buf)’
git-2.52.0/refs/files-backend.c:3701:12: enter_function: entry to ‘files_ref_store_remove_on_disk’
git-2.52.0/refs/files-backend.c:3705:17: call_function: calling ‘files_downcast’ from ‘files_ref_store_remove_on_disk’
git-2.52.0/refs/files-backend.c:3705:17: return_function: returning to ‘files_ref_store_remove_on_disk’ from ‘files_downcast’
git-2.52.0/refs/files-backend.c:3719:9: call_function: calling ‘strbuf_setlen’ from ‘files_ref_store_remove_on_disk’
git-2.52.0/refs/files-backend.c:3719:9: return_function: returning to ‘files_ref_store_remove_on_disk’ from ‘strbuf_setlen’
git-2.52.0/refs/files-backend.c:3727:9: call_function: calling ‘strbuf_setlen’ from ‘files_ref_store_remove_on_disk’
git-2.52.0/refs/files-backend.c:3727:9: return_function: returning to ‘files_ref_store_remove_on_disk’ from ‘strbuf_setlen’
git-2.52.0/refs/files-backend.c:3729:13: call_function: calling ‘for_each_root_ref’ from ‘files_ref_store_remove_on_disk’
#  308|   static inline void strbuf_addstr(struct strbuf *sb, const char *s)
#  309|   {
#  310|-> 	strbuf_add(sb, s, strlen(s));
#  311|   }
#  312|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def477]
git-2.52.0/strbuf.h:310:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(template_path.buf)’
git-2.52.0/setup.c:2151:13: enter_function: entry to ‘copy_templates’
git-2.52.0/setup.c:2162:12: branch_false: following ‘false’ branch...
git-2.52.0/setup.c:2169:15: acquire_memory: allocated here
git-2.52.0/setup.c:2170:12: branch_false: following ‘false’ branch...
git-2.52.0/setup.c:2176:9: branch_false: ...to here
git-2.52.0/setup.c:2176:9: call_function: calling ‘strbuf_addstr’ from ‘copy_templates’
#  308|   static inline void strbuf_addstr(struct strbuf *sb, const char *s)
#  309|   {
#  310|-> 	strbuf_add(sb, s, strlen(s));
#  311|   }
#  312|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def478]
git-2.52.0/strbuf.h:310:9: warning[-Wanalyzer-null-argument]: use of NULL ‘s’ where non-null expected
git-2.52.0/builtin/config.c:679:12: enter_function: entry to ‘get_urlmatch’
git-2.52.0/builtin/config.c:694:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/config.c:697:26: branch_false: ...to here
git-2.52.0/builtin/config.c:699:12: branch_true: following ‘true’ branch (when ‘section_tail’ is non-NULL)...
git-2.52.0/builtin/config.c:700:17: branch_true: ...to here
git-2.52.0/builtin/config.c:714:9: branch_true: following ‘true’ branch...
git-2.52.0/builtin/config.c:718:17: branch_false: following ‘false’ branch...
git-2.52.0/builtin/config.c:718:52: branch_false: ...to here
git-2.52.0/builtin/config.c:718:17: call_function: calling ‘format_config’ from ‘get_urlmatch’
#  308|   static inline void strbuf_addstr(struct strbuf *sb, const char *s)
#  309|   {
#  310|-> 	strbuf_add(sb, s, strlen(s));
#  311|   }
#  312|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def479]
git-2.52.0/strbuf.h:310:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/path.c:1683:1: enter_function: entry to ‘git_path_shallow’
git-2.52.0/path.c:1683:1: branch_true: following ‘true’ branch...
git-2.52.0/path.c:1683:1: branch_true: ...to here
git-2.52.0/path.c:1683:1: call_function: calling ‘repo_git_path’ from ‘git_path_shallow’
#  308|   static inline void strbuf_addstr(struct strbuf *sb, const char *s)
#  309|   {
#  310|-> 	strbuf_add(sb, s, strlen(s));
#  311|   }
#  312|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def480]
git-2.52.0/strbuf.h:632:13: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(*path.buf)’
git-2.52.0/builtin/clean.c:188:15: acquire_memory: allocated here
git-2.52.0/builtin/clean.c:189:12: branch_false: following ‘false’ branch...
git-2.52.0/builtin/clean.c:203:9: branch_false: ...to here
git-2.52.0/builtin/clean.c:206:21: throw: if ‘readdir_skip_dot_and_dotdot’ throws an exception...
git-2.52.0/strbuf.h:632:13: danger: ‘opendir(*path.buf)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  630|   static inline void strbuf_complete(struct strbuf *sb, char term)
#  631|   {
#  632|-> 	if (sb->len && sb->buf[sb->len - 1] != term)
#  633|   		strbuf_addch(sb, term);
#  634|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def481]
git-2.52.0/strbuf.h:632:13: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(from_path)’
git-2.52.0/refs.c:3046:12: enter_function: entry to ‘move_files’
git-2.52.0/refs.c:3053:20: acquire_memory: allocated here
git-2.52.0/refs.c:3054:12: branch_false: following ‘false’ branch...
git-2.52.0/refs.c:3061:9: branch_false: ...to here
git-2.52.0/refs.c:3065:9: call_function: calling ‘strbuf_addstr’ from ‘move_files’
#  630|   static inline void strbuf_complete(struct strbuf *sb, char term)
#  631|   {
#  632|-> 	if (sb->len && sb->buf[sb->len - 1] != term)
#  633|   		strbuf_addch(sb, term);
#  634|   }

Error: COMPILER_WARNING (CWE-704): [#def482]
git-2.52.0/string-list.c: scope_hint: In function ‘split_string’
git-2.52.0/string-list.c:341:29: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  341 |                         end = strpbrk(p, delim);
#      |                             ^
#  339|   			end = NULL;
#  340|   		else
#  341|-> 			end = strpbrk(p, delim);
#  342|   
#  343|   		count += append_one(list, p, end, in_place, flags);

Error: COMPILER_WARNING (CWE-704): [#def483]
git-2.52.0/string-list.c:341:29: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  339|   			end = NULL;
#  340|   		else
#  341|-> 			end = strpbrk(p, delim);
#  342|   
#  343|   		count += append_one(list, p, end, in_place, flags);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def484]
git-2.52.0/strvec.c:18:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/strvec.c:42:6: enter_function: entry to ‘strvec_pushl’
git-2.52.0/strvec.c:47:9: acquire_resource: ‘va_start’ called here
git-2.52.0/strvec.c:48:16: branch_true: following ‘true’ branch (when ‘arg’ is non-NULL)...
git-2.52.0/strvec.c:49:17: branch_true: ...to here
git-2.52.0/strvec.c:49:17: call_function: calling ‘strvec_push’ from ‘strvec_pushl’
#   16|   		array->v = NULL;
#   17|   
#   18|-> 	ALLOC_GROW(array->v, array->nr + 2, array->alloc);
#   19|   	array->v[array->nr++] = value;
#   20|   	array->v[array->nr] = NULL;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def485]
git-2.52.0/strvec.c:25:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/strvec.c:42:6: enter_function: entry to ‘strvec_pushl’
git-2.52.0/strvec.c:47:9: acquire_resource: ‘va_start’ called here
git-2.52.0/strvec.c:48:16: branch_true: following ‘true’ branch (when ‘arg’ is non-NULL)...
git-2.52.0/strvec.c:49:17: branch_true: ...to here
git-2.52.0/strvec.c:49:17: call_function: calling ‘strvec_push’ from ‘strvec_pushl’
#   23|   const char *strvec_push(struct strvec *array, const char *value)
#   24|   {
#   25|-> 	strvec_push_nodup(array, xstrdup(value));
#   26|   	return array->v[array->nr - 1];
#   27|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def486]
git-2.52.0/strvec.c:35:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/strvec.c:34:9: acquire_resource: ‘va_start’ called here
git-2.52.0/strvec.c:35:9: throw: if ‘strbuf_vaddf’ throws an exception...
git-2.52.0/strvec.c:35:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#   33|   
#   34|   	va_start(ap, fmt);
#   35|-> 	strbuf_vaddf(&v, fmt, ap);
#   36|   	va_end(ap);
#   37|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def487]
git-2.52.0/t/helper/test-hash.c:32:9: warning[-Wanalyzer-malloc-leak]: leak of ‘buffer’
git-2.52.0/t/helper/test-hash.c:25:26: acquire_memory: allocated here
git-2.52.0/t/helper/test-hash.c:32:9: throw: if the called function throws an exception...
git-2.52.0/t/helper/test-hash.c:32:9: danger: ‘buffer’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   30|   	}
#   31|   
#   32|-> 	algop->init_fn(&ctx);
#   33|   
#   34|   	while (1) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def488]
git-2.52.0/t/helper/test-hash.c:40:30: warning[-Wanalyzer-malloc-leak]: leak of ‘cp’
git-2.52.0/t/helper/test-hash.c:25:26: acquire_memory: allocated here
git-2.52.0/t/helper/test-hash.c:39:24: branch_true: following ‘true’ branch (when ‘room != 0’)...
git-2.52.0/t/helper/test-hash.c:40:30: branch_true: ...to here
git-2.52.0/t/helper/test-hash.c:40:30: throw: if ‘xread’ throws an exception...
git-2.52.0/t/helper/test-hash.c:40:30: danger: ‘cp’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#   38|   		this_sz = 0;
#   39|   		while (room) {
#   40|-> 			sz = xread(0, cp, room);
#   41|   			if (sz == 0)
#   42|   				break;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def489]
git-2.52.0/t/helper/test-pack-deltas.c:69:27: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘delta_size’
git-2.52.0/t/helper/test-pack-deltas.c:46:13: enter_function: entry to ‘write_ref_delta’
git-2.52.0/t/helper/test-pack-deltas.c:57:12: branch_false: following ‘false’ branch...
git-2.52.0/t/helper/test-pack-deltas.c:60:50: branch_false: ...to here
git-2.52.0/t/helper/test-pack-deltas.c:63:12: branch_false: following ‘false’ branch...
git-2.52.0/t/helper/test-pack-deltas.c:66:21: branch_false: ...to here
git-2.52.0/t/helper/test-pack-deltas.c:66:21: call_function: calling ‘diff_delta’ from ‘write_ref_delta’
git-2.52.0/t/helper/test-pack-deltas.c:66:21: return_function: returning to ‘write_ref_delta’ from ‘diff_delta’
git-2.52.0/t/helper/test-pack-deltas.c:69:27: danger: use of uninitialized value ‘delta_size’ here
#   67|   			       buf, size, &delta_size, 0);
#   68|   
#   69|-> 	compressed_size = do_compress(&delta_buf, delta_size);
#   70|   
#   71|   	hdrlen = encode_in_pack_object_header(header, sizeof(header),

Error: GCC_ANALYZER_WARNING (CWE-404): [#def490]
git-2.52.0/t/helper/test-parse-options.c:87:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/t/helper/test-parse-options.c:86:9: acquire_resource: ‘va_start’ called here
git-2.52.0/t/helper/test-parse-options.c:87:9: throw: if ‘strbuf_vaddf’ throws an exception...
git-2.52.0/t/helper/test-parse-options.c:87:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   85|   
#   86|   	va_start(args, fmt);
#   87|-> 	strbuf_vaddf(&buf, fmt, args);
#   88|   	va_end(args);
#   89|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def491]
git-2.52.0/t/helper/test-run-command.c:183:21: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(".")’
git-2.52.0/t/helper/test-run-command.c:180:15: acquire_memory: allocated here
git-2.52.0/t/helper/test-run-command.c:181:12: branch_false: following ‘false’ branch...
git-2.52.0/t/helper/test-run-command.c:181:12: branch_false: ...to here
git-2.52.0/t/helper/test-run-command.c:183:21: throw: if ‘readdir’ throws an exception...
git-2.52.0/t/helper/test-run-command.c:183:21: danger: ‘opendir(".")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  181|   	if (!dir)
#  182|   		die("Could not open the current directory");
#  183|-> 	while ((d = readdir(dir))) {
#  184|   		const char *p = d->d_name;
#  185|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def492]
git-2.52.0/t/unit-tests/clar/clar/fs.h:486:21: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(path)’
git-2.52.0/t/unit-tests/clar/clar/sandbox.h:121:13: enter_function: entry to ‘clar_tempdir_shutdown’
git-2.52.0/t/unit-tests/clar/clar/sandbox.h:126:9: call_function: inlined call to ‘clar__assert’ from ‘clar_tempdir_shutdown’
git-2.52.0/t/unit-tests/clar/clar/sandbox.h:128:9: branch_true: ...to here
git-2.52.0/t/unit-tests/clar/clar/sandbox.h:128:9: call_function: calling ‘fs_rm’ from ‘clar_tempdir_shutdown’
#  484|   
#  485|   		errno = 0;
#  486|-> 		d = readdir(dir);
#  487|   		if (!d)
#  488|   			break;

Error: COMPILER_WARNING (CWE-704): [#def493]
git-2.52.0/t/unit-tests/clar/clar.c:918: included_from: Included from here.
git-2.52.0/t/unit-tests/clar/clar/print.h: scope_hint: In function ‘print_escaped’
git-2.52.0/t/unit-tests/clar/clar/print.h:132:19: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  132 |         while ((c = strchr(str, '\'')) != NULL) {
#      |                   ^
#  130|   	char *c;
#  131|   
#  132|-> 	while ((c = strchr(str, '\'')) != NULL) {
#  133|   		printf("%.*s", (int)(c - str), str);
#  134|   		printf("''");

Error: COMPILER_WARNING (CWE-704): [#def494]
git-2.52.0/t/unit-tests/clar/clar/print.h:132:19: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  130|   	char *c;
#  131|   
#  132|-> 	while ((c = strchr(str, '\'')) != NULL) {
#  133|   		printf("%.*s", (int)(c - str), str);
#  134|   		printf("''");

Error: GCC_ANALYZER_WARNING (CWE-404): [#def495]
git-2.52.0/t/unit-tests/clar/clar/print.h:191:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/t/unit-tests/clar/clar/print.h:239:13: enter_function: entry to ‘clar_print_onabort’
git-2.52.0/t/unit-tests/clar/clar/print.h:242:9: acquire_resource: ‘va_start’ called here
git-2.52.0/t/unit-tests/clar/clar/print.h:243:9: call_function: calling ‘clar_print_onabortv’ from ‘clar_print_onabort’
#  189|   	printf("Bail out! ");
#  190|   	vprintf(fmt, arg);
#  191|-> 	fflush(stdout);
#  192|   }
#  193|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def496]
git-2.52.0/t/unit-tests/clar/clar/summary.h:74:12: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "w")’
git-2.52.0/t/unit-tests/clar/clar/summary.h:70:19: acquire_resource: opened here
git-2.52.0/t/unit-tests/clar/clar/summary.h:70:12: branch_false: following ‘false’ branch...
git-2.52.0/t/unit-tests/clar/clar/summary.h:74:24: branch_false: ...to here
git-2.52.0/t/unit-tests/clar/clar/summary.h:74:12: danger: ‘fopen(filename, "w")’ leaks here; was opened at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#   72|   			   filename, strerror(errno));
#   73|   
#   74|-> 	if ((summary = malloc(sizeof(struct clar_summary))) == NULL)
#   75|   		clar_abort("Failed to allocate summary.\n");
#   76|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def497]
git-2.52.0/t/unit-tests/clar/clar/summary.h:74:12: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "w")’
git-2.52.0/t/unit-tests/clar/clar/summary.h:70:19: acquire_memory: allocated here
git-2.52.0/t/unit-tests/clar/clar/summary.h:70:12: branch_false: following ‘false’ branch...
git-2.52.0/t/unit-tests/clar/clar/summary.h:74:24: branch_false: ...to here
git-2.52.0/t/unit-tests/clar/clar/summary.h:74:12: danger: ‘fopen(filename, "w")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#   72|   			   filename, strerror(errno));
#   73|   
#   74|-> 	if ((summary = malloc(sizeof(struct clar_summary))) == NULL)
#   75|   		clar_abort("Failed to allocate summary.\n");
#   76|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def498]
git-2.52.0/t/unit-tests/test-lib.c:103:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/t/unit-tests/test-lib.c:415:5: enter_function: entry to ‘check_char_loc’
git-2.52.0/t/unit-tests/test-lib.c:417:19: call_function: calling ‘test_assert’ from ‘check_char_loc’
#  101|   static void msg_with_prefix(const char *prefix, const char *format, va_list ap)
#  102|   {
#  103|-> 	fflush(stderr);
#  104|   	if (prefix)
#  105|   		fprintf(stdout, "%s", prefix);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def499]
git-2.52.0/t/unit-tests/test-lib.c:108:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/t/unit-tests/test-lib.c:415:5: enter_function: entry to ‘check_char_loc’
git-2.52.0/t/unit-tests/test-lib.c:417:19: call_function: calling ‘test_assert’ from ‘check_char_loc’
#  106|   	vprintf(format, ap); /* TODO: handle newlines */
#  107|   	putc('\n', stdout);
#  108|-> 	fflush(stdout);
#  109|   }
#  110|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def500]
git-2.52.0/t/unit-tests/u-oidtree.c:66:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/t/unit-tests/u-oidtree.c:64:9: acquire_resource: ‘va_start’ called here
git-2.52.0/t/unit-tests/u-oidtree.c:65:16: branch_true: following ‘true’ branch (when ‘arg’ is non-NULL)...
git-2.52.0/t/unit-tests/u-oidtree.c:66:17: branch_true: ...to here
git-2.52.0/t/unit-tests/u-oidtree.c:66:17: throw: if ‘strvec_push’ throws an exception...
git-2.52.0/t/unit-tests/u-oidtree.c:66:17: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   64|   	va_start(hex_args, query);
#   65|   	while ((arg = va_arg(hex_args, const char *)))
#   66|-> 		strvec_push(&hex_iter.expected_hexes, arg);
#   67|   	va_end(hex_args);
#   68|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def501]
git-2.52.0/t/unit-tests/u-reftable-basics.c:200:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
git-2.52.0/t/unit-tests/u-reftable-basics.c:192:6: enter_function: entry to ‘test_reftable_basics__alloc_grow’
git-2.52.0/t/unit-tests/u-reftable-basics.c:197:9: call_function: calling ‘reftable_alloc_grow’ from ‘test_reftable_basics__alloc_grow’
git-2.52.0/t/unit-tests/u-reftable-basics.c:197:9: return_function: returning to ‘test_reftable_basics__alloc_grow’ from ‘reftable_alloc_grow’
git-2.52.0/t/unit-tests/u-reftable-basics.c:197:9: branch_true: following ‘true’ branch...
git-2.52.0/t/unit-tests/u-reftable-basics.c:197:9: branch_true: ...to here
git-2.52.0/t/unit-tests/u-reftable-basics.c:200:9: danger: dereference of NULL ‘reftable_alloc_grow(0, 1, 4, &alloc)’
#  198|   	cl_assert(arr != NULL);
#  199|   	cl_assert(alloc >= 1);
#  200|-> 	arr[0] = 42;
#  201|   
#  202|   	old_alloc = alloc;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def502]
git-2.52.0/t/unit-tests/u-reftable-basics.c:227:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘arr’
git-2.52.0/t/unit-tests/u-reftable-basics.c:219:6: enter_function: entry to ‘test_reftable_basics__alloc_grow_or_null’
git-2.52.0/t/unit-tests/u-reftable-basics.c:224:9: call_function: calling ‘reftable_alloc_grow’ from ‘test_reftable_basics__alloc_grow_or_null’
git-2.52.0/t/unit-tests/u-reftable-basics.c:224:9: return_function: returning to ‘test_reftable_basics__alloc_grow_or_null’ from ‘reftable_alloc_grow’
git-2.52.0/t/unit-tests/u-reftable-basics.c:224:9: branch_true: following ‘true’ branch...
git-2.52.0/t/unit-tests/u-reftable-basics.c:224:9: branch_true: ...to here
git-2.52.0/t/unit-tests/u-reftable-basics.c:227:9: danger: dereference of NULL ‘arr’
#  225|   	cl_assert(arr != NULL);
#  226|   	cl_assert(alloc >= 1);
#  227|-> 	arr[0] = 42;
#  228|   
#  229|   	old_alloc = alloc;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def503]
git-2.52.0/t/unit-tests/u-reftable-stack.c:38:21: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(dirname)’
git-2.52.0/t/unit-tests/u-reftable-stack.c:32:20: acquire_memory: allocated here
git-2.52.0/t/unit-tests/u-reftable-stack.c:35:12: branch_false: following ‘false’ branch...
git-2.52.0/t/unit-tests/u-reftable-stack.c:35:12: branch_false: ...to here
git-2.52.0/t/unit-tests/u-reftable-stack.c:38:21: throw: if ‘readdir’ throws an exception...
git-2.52.0/t/unit-tests/u-reftable-stack.c:38:21: danger: ‘opendir(dirname)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   36|   		return 0;
#   37|   
#   38|-> 	while ((d = readdir(dir))) {
#   39|   		/*
#   40|   		 * Besides skipping over "." and "..", we also need to

Error: GCC_ANALYZER_WARNING (CWE-404): [#def504]
git-2.52.0/t/unit-tests/u-string-list.c:9:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/t/unit-tests/u-string-list.c:246:13: enter_function: entry to ‘t_string_list_remove_duplicates’
git-2.52.0/t/unit-tests/u-string-list.c:251:9: acquire_resource: ‘va_start’ called here
git-2.52.0/t/unit-tests/u-string-list.c:252:9: call_function: calling ‘t_vcreate_string_list_dup’ from ‘t_string_list_remove_duplicates’
#    7|   	const char *arg;
#    8|   
#    9|-> 	cl_assert(list->strdup_strings);
#   10|   
#   11|   	string_list_clear(list, free_util);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def505]
git-2.52.0/t/unit-tests/u-string-list.c:11:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/t/unit-tests/u-string-list.c:246:13: enter_function: entry to ‘t_string_list_remove_duplicates’
git-2.52.0/t/unit-tests/u-string-list.c:251:9: acquire_resource: ‘va_start’ called here
git-2.52.0/t/unit-tests/u-string-list.c:252:9: call_function: calling ‘t_vcreate_string_list_dup’ from ‘t_string_list_remove_duplicates’
#    9|   	cl_assert(list->strdup_strings);
#   10|   
#   11|-> 	string_list_clear(list, free_util);
#   12|   	while ((arg = va_arg(ap, const char *)))
#   13|   		string_list_append(list, arg);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def506]
git-2.52.0/t/unit-tests/u-string-list.c:13:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/t/unit-tests/u-string-list.c:246:13: enter_function: entry to ‘t_string_list_remove_duplicates’
git-2.52.0/t/unit-tests/u-string-list.c:251:9: acquire_resource: ‘va_start’ called here
git-2.52.0/t/unit-tests/u-string-list.c:252:9: call_function: calling ‘t_vcreate_string_list_dup’ from ‘t_string_list_remove_duplicates’
#   11|   	string_list_clear(list, free_util);
#   12|   	while ((arg = va_arg(ap, const char *)))
#   13|-> 		string_list_append(list, arg);
#   14|   }
#   15|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def507]
git-2.52.0/tempfile.c:273:9: warning[-Wanalyzer-malloc-leak]: leak of ‘fdopen(*tempfile.fd,  mode)’
git-2.52.0/tempfile.c:268:12: branch_false: following ‘false’ branch (when ‘tempfile’ is non-NULL)...
git-2.52.0/tempfile.c:270:13: branch_false: ...to here
git-2.52.0/tempfile.c:270:12: branch_false: following ‘false’ branch...
git-2.52.0/tempfile.c:273:31: branch_false: ...to here
git-2.52.0/tempfile.c:273:24: acquire_memory: allocated here
git-2.52.0/tempfile.c:273:9: danger: ‘fdopen(*tempfile.fd,  mode)’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  271|   		BUG("fdopen_tempfile() called for open object");
#  272|   
#  273|-> 	tempfile->fp = fdopen(tempfile->fd, mode);
#  274|   	return tempfile->fp;
#  275|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def508]
git-2.52.0/tempfile.c:332:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(*tempfile.filename.buf, 513)’
git-2.52.0/tempfile.c:328:12: branch_false: following ‘false’ branch (when ‘tempfile’ is non-NULL)...
git-2.52.0/tempfile.c:330:18: branch_false: ...to here
git-2.52.0/tempfile.c:330:12: branch_false: following ‘false’ branch...
git-2.52.0/tempfile.c:332:29: branch_false: ...to here
git-2.52.0/tempfile.c:332:24: acquire_resource: opened here
git-2.52.0/tempfile.c:332:9: danger: ‘open(*tempfile.filename.buf, 513)’ leaks here; was opened at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#  330|   	if (0 <= tempfile->fd)
#  331|   		BUG("reopen_tempfile called for an open object");
#  332|-> 	tempfile->fd = open(tempfile->filename.buf, O_WRONLY|O_TRUNC);
#  333|   	return tempfile->fd;
#  334|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def509]
git-2.52.0/tmp-objdir.c:202:22: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(path)’
git-2.52.0/tmp-objdir.c:198:14: acquire_memory: allocated here
git-2.52.0/tmp-objdir.c:199:12: branch_false: following ‘false’ branch...
git-2.52.0/tmp-objdir.c:199:12: branch_false: ...to here
git-2.52.0/tmp-objdir.c:202:22: throw: if ‘readdir’ throws an exception...
git-2.52.0/tmp-objdir.c:202:22: danger: ‘opendir(path)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  200|   		return -1;
#  201|   
#  202|-> 	while ((de = readdir(dh)))
#  203|   		if (de->d_name[0] != '.')
#  204|   			string_list_append(out, de->d_name);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def510]
git-2.52.0/trace.c:56:26: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/trace.c:414:13: enter_function: entry to ‘print_command_performance_atexit’
git-2.52.0/trace.c:416:9: call_function: calling ‘trace_performance_leave_fl’ from ‘print_command_performance_atexit’
#   54|   		key->fd = atoi(trace);
#   55|   	else if (is_absolute_path(trace)) {
#   56|-> 		int fd = open(trace, O_WRONLY | O_APPEND | O_CREAT, 0666);
#   57|   		if (fd == -1) {
#   58|   			warning("could not open '%s' for tracing: %s",

Error: GCC_ANALYZER_WARNING (CWE-404): [#def511]
git-2.52.0/trace.c:58:25: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/trace.c:414:13: enter_function: entry to ‘print_command_performance_atexit’
git-2.52.0/trace.c:416:9: call_function: calling ‘trace_performance_leave_fl’ from ‘print_command_performance_atexit’
#   56|   		int fd = open(trace, O_WRONLY | O_APPEND | O_CREAT, 0666);
#   57|   		if (fd == -1) {
#   58|-> 			warning("could not open '%s' for tracing: %s",
#   59|   				trace, strerror(errno));
#   60|   			trace_disable(key);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def512]
git-2.52.0/trace.c:66:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/trace.c:414:13: enter_function: entry to ‘print_command_performance_atexit’
git-2.52.0/trace.c:416:9: call_function: calling ‘trace_performance_leave_fl’ from ‘print_command_performance_atexit’
#   64|   		}
#   65|   	} else {
#   66|-> 		warning("unknown trace value for '%s': %s\n"
#   67|   			"         If you want to trace into a file, then please set %s\n"
#   68|   			"         to an absolute pathname (starting with /)",

Error: GCC_ANALYZER_WARNING (CWE-404): [#def513]
git-2.52.0/trace.c:92:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/trace.c:414:13: enter_function: entry to ‘print_command_performance_atexit’
git-2.52.0/trace.c:416:9: call_function: calling ‘trace_performance_leave_fl’ from ‘print_command_performance_atexit’
#   90|   {
#   91|   	if (key->need_close)
#   92|-> 		close(key->fd);
#   93|   	key->fd = 0;
#   94|   	key->initialized = 1;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def514]
git-2.52.0/trace2.c:808:18: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/trace2.c:838:6: enter_function: entry to ‘trace2_region_enter_printf_fl’
git-2.52.0/trace2.c:845:9: acquire_resource: ‘va_start’ called here
git-2.52.0/trace2.c:846:9: call_function: inlined call to ‘trace2_region_enter_printf_va_fl’ from ‘trace2_region_enter_printf_fl’
#  806|   		return;
#  807|   
#  808|-> 	us_now = getnanotime() / 1000;
#  809|   	us_elapsed_absolute = tr2tls_absolute_elapsed(us_now);
#  810|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def515]
git-2.52.0/trace2.c:809:31: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/trace2.c:838:6: enter_function: entry to ‘trace2_region_enter_printf_fl’
git-2.52.0/trace2.c:845:9: acquire_resource: ‘va_start’ called here
git-2.52.0/trace2.c:846:9: call_function: inlined call to ‘trace2_region_enter_printf_va_fl’ from ‘trace2_region_enter_printf_fl’
#  807|   
#  808|   	us_now = getnanotime() / 1000;
#  809|-> 	us_elapsed_absolute = tr2tls_absolute_elapsed(us_now);
#  810|   
#  811|   	/*

Error: GCC_ANALYZER_WARNING (CWE-404): [#def516]
git-2.52.0/trace2.c:818:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/trace2.c:838:6: enter_function: entry to ‘trace2_region_enter_printf_fl’
git-2.52.0/trace2.c:845:9: acquire_resource: ‘va_start’ called here
git-2.52.0/trace2.c:846:9: call_function: inlined call to ‘trace2_region_enter_printf_va_fl’ from ‘trace2_region_enter_printf_fl’
#  816|   	 * and use va_copy.
#  817|   	 */
#  818|-> 	for_each_wanted_builtin (j, tgt_j)
#  819|   		if (tgt_j->pfn_region_enter_printf_va_fl)
#  820|   			tgt_j->pfn_region_enter_printf_va_fl(

Error: GCC_ANALYZER_WARNING (CWE-404): [#def517]
git-2.52.0/trace2.c:820:25: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/trace2.c:838:6: enter_function: entry to ‘trace2_region_enter_printf_fl’
git-2.52.0/trace2.c:845:9: acquire_resource: ‘va_start’ called here
git-2.52.0/trace2.c:846:9: call_function: inlined call to ‘trace2_region_enter_printf_va_fl’ from ‘trace2_region_enter_printf_fl’
#  818|   	for_each_wanted_builtin (j, tgt_j)
#  819|   		if (tgt_j->pfn_region_enter_printf_va_fl)
#  820|-> 			tgt_j->pfn_region_enter_printf_va_fl(
#  821|   				file, line, us_elapsed_absolute, category,
#  822|   				label, repo, fmt, ap);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def518]
git-2.52.0/trace2.c:865:18: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/trace2.c:900:6: enter_function: entry to ‘trace2_region_leave_printf_fl’
git-2.52.0/trace2.c:907:9: acquire_resource: ‘va_start’ called here
git-2.52.0/trace2.c:908:9: call_function: inlined call to ‘trace2_region_leave_printf_va_fl’ from ‘trace2_region_leave_printf_fl’
#  863|   		return;
#  864|   
#  865|-> 	us_now = getnanotime() / 1000;
#  866|   	us_elapsed_absolute = tr2tls_absolute_elapsed(us_now);
#  867|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def519]
git-2.52.0/trace2.c:866:31: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/trace2.c:900:6: enter_function: entry to ‘trace2_region_leave_printf_fl’
git-2.52.0/trace2.c:907:9: acquire_resource: ‘va_start’ called here
git-2.52.0/trace2.c:908:9: call_function: inlined call to ‘trace2_region_leave_printf_va_fl’ from ‘trace2_region_leave_printf_fl’
#  864|   
#  865|   	us_now = getnanotime() / 1000;
#  866|-> 	us_elapsed_absolute = tr2tls_absolute_elapsed(us_now);
#  867|   
#  868|   	/*

Error: GCC_ANALYZER_WARNING (CWE-404): [#def520]
git-2.52.0/trace2.c:874:29: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/trace2.c:900:6: enter_function: entry to ‘trace2_region_leave_printf_fl’
git-2.52.0/trace2.c:907:9: acquire_resource: ‘va_start’ called here
git-2.52.0/trace2.c:908:9: call_function: inlined call to ‘trace2_region_leave_printf_va_fl’ from ‘trace2_region_leave_printf_fl’
#  872|   	 * it lines up with the corresponding push/enter.
#  873|   	 */
#  874|-> 	us_elapsed_region = tr2tls_region_elasped_self(us_now);
#  875|   
#  876|   	tr2tls_pop_self();

Error: GCC_ANALYZER_WARNING (CWE-404): [#def521]
git-2.52.0/trace2.c:876:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/trace2.c:900:6: enter_function: entry to ‘trace2_region_leave_printf_fl’
git-2.52.0/trace2.c:907:9: acquire_resource: ‘va_start’ called here
git-2.52.0/trace2.c:908:9: call_function: inlined call to ‘trace2_region_leave_printf_va_fl’ from ‘trace2_region_leave_printf_fl’
#  874|   	us_elapsed_region = tr2tls_region_elasped_self(us_now);
#  875|   
#  876|-> 	tr2tls_pop_self();
#  877|   
#  878|   	/*

Error: GCC_ANALYZER_WARNING (CWE-404): [#def522]
git-2.52.0/trace2.c:882:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/trace2.c:900:6: enter_function: entry to ‘trace2_region_leave_printf_fl’
git-2.52.0/trace2.c:907:9: acquire_resource: ‘va_start’ called here
git-2.52.0/trace2.c:908:9: call_function: inlined call to ‘trace2_region_leave_printf_va_fl’ from ‘trace2_region_leave_printf_fl’
#  880|   	 * and use va_copy.
#  881|   	 */
#  882|-> 	for_each_wanted_builtin (j, tgt_j)
#  883|   		if (tgt_j->pfn_region_leave_printf_va_fl)
#  884|   			tgt_j->pfn_region_leave_printf_va_fl(

Error: GCC_ANALYZER_WARNING (CWE-404): [#def523]
git-2.52.0/trace2.c:884:25: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/trace2.c:900:6: enter_function: entry to ‘trace2_region_leave_printf_fl’
git-2.52.0/trace2.c:907:9: acquire_resource: ‘va_start’ called here
git-2.52.0/trace2.c:908:9: call_function: inlined call to ‘trace2_region_leave_printf_va_fl’ from ‘trace2_region_leave_printf_fl’
#  882|   	for_each_wanted_builtin (j, tgt_j)
#  883|   		if (tgt_j->pfn_region_leave_printf_va_fl)
#  884|-> 			tgt_j->pfn_region_leave_printf_va_fl(
#  885|   				file, line, us_elapsed_absolute,
#  886|   				us_elapsed_region, category, label, repo, fmt,

Error: GCC_ANALYZER_WARNING (CWE-404): [#def524]
git-2.52.0/trace2.c:986:18: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/trace2.c:999:6: enter_function: entry to ‘trace2_printf_fl’
git-2.52.0/trace2.c:1003:9: acquire_resource: ‘va_start’ called here
git-2.52.0/trace2.c:1004:9: call_function: inlined call to ‘trace2_printf_va_fl’ from ‘trace2_printf_fl’
#  984|   		return;
#  985|   
#  986|-> 	us_now = getnanotime() / 1000;
#  987|   	us_elapsed_absolute = tr2tls_absolute_elapsed(us_now);
#  988|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def525]
git-2.52.0/trace2.c:987:31: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/trace2.c:999:6: enter_function: entry to ‘trace2_printf_fl’
git-2.52.0/trace2.c:1003:9: acquire_resource: ‘va_start’ called here
git-2.52.0/trace2.c:1004:9: call_function: inlined call to ‘trace2_printf_va_fl’ from ‘trace2_printf_fl’
#  985|   
#  986|   	us_now = getnanotime() / 1000;
#  987|-> 	us_elapsed_absolute = tr2tls_absolute_elapsed(us_now);
#  988|   
#  989|   	/*

Error: GCC_ANALYZER_WARNING (CWE-404): [#def526]
git-2.52.0/trace2.c:993:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/trace2.c:999:6: enter_function: entry to ‘trace2_printf_fl’
git-2.52.0/trace2.c:1003:9: acquire_resource: ‘va_start’ called here
git-2.52.0/trace2.c:1004:9: call_function: inlined call to ‘trace2_printf_va_fl’ from ‘trace2_printf_fl’
#  991|   	 * and use va_copy.
#  992|   	 */
#  993|-> 	for_each_wanted_builtin (j, tgt_j)
#  994|   		if (tgt_j->pfn_printf_va_fl)
#  995|   			tgt_j->pfn_printf_va_fl(file, line, us_elapsed_absolute,

Error: GCC_ANALYZER_WARNING (CWE-404): [#def527]
git-2.52.0/trace2.c:995:25: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/trace2.c:999:6: enter_function: entry to ‘trace2_printf_fl’
git-2.52.0/trace2.c:1003:9: acquire_resource: ‘va_start’ called here
git-2.52.0/trace2.c:1004:9: call_function: inlined call to ‘trace2_printf_va_fl’ from ‘trace2_printf_fl’
#  993|   	for_each_wanted_builtin (j, tgt_j)
#  994|   		if (tgt_j->pfn_printf_va_fl)
#  995|-> 			tgt_j->pfn_printf_va_fl(file, line, us_elapsed_absolute,
#  996|   						fmt, ap);
#  997|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def528]
git-2.52.0/trace2/tr2_dst.c:99:16: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(path.buf)’
git-2.52.0/trace2/tr2_dst.c:312:5: enter_function: entry to ‘tr2_dst_get_trace_fd’
git-2.52.0/trace2/tr2_dst.c:324:12: branch_false: following ‘false’ branch...
git-2.52.0/trace2/tr2_dst.c:330:12: branch_false: following ‘false’ branch...
git-2.52.0/trace2/tr2_dst.c:340:13: call_function: inlined call to ‘is_absolute_path’ from ‘tr2_dst_get_trace_fd’
git-2.52.0/trace2/tr2_dst.c:341:21: branch_true: ...to here
git-2.52.0/trace2/tr2_dst.c:341:20: branch_true: following ‘true’ branch...
git-2.52.0/trace2/tr2_dst.c:342:32: branch_true: ...to here
git-2.52.0/trace2/tr2_dst.c:342:32: call_function: calling ‘tr2_dst_try_auto_path’ from ‘tr2_dst_get_trace_fd’
#   97|   	/* check file count */
#   98|   	dirp = opendir(path.buf);
#   99|-> 	while (file_count < tr2env_max_files && dirp && readdir(dirp))
#  100|   		file_count++;
#  101|   	if (dirp)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def529]
git-2.52.0/trace2/tr2_dst.c:213:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
git-2.52.0/trace2/tr2_dst.c:312:5: enter_function: entry to ‘tr2_dst_get_trace_fd’
git-2.52.0/trace2/tr2_dst.c:324:12: branch_false: following ‘false’ branch...
git-2.52.0/trace2/tr2_dst.c:330:12: branch_false: following ‘false’ branch...
git-2.52.0/trace2/tr2_dst.c:340:13: call_function: inlined call to ‘is_absolute_path’ from ‘tr2_dst_get_trace_fd’
git-2.52.0/trace2/tr2_dst.c:348:13: branch_false: ...to here
git-2.52.0/trace2/tr2_dst.c:348:12: branch_true: following ‘true’ branch...
git-2.52.0/trace2/tr2_dst.c:349:24: branch_true: ...to here
git-2.52.0/trace2/tr2_dst.c:349:24: call_function: calling ‘tr2_dst_try_unix_domain_socket’ from ‘tr2_dst_get_trace_fd’
#  211|   
#  212|   	sa.sun_family = AF_UNIX;
#  213|-> 	strlcpy(sa.sun_path, path, sizeof(sa.sun_path));
#  214|   
#  215|   	if (connect(fd, (struct sockaddr *)&sa, sizeof(sa)) == -1) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def530]
git-2.52.0/trace2/tr2_dst.c:215:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
git-2.52.0/trace2/tr2_dst.c:312:5: enter_function: entry to ‘tr2_dst_get_trace_fd’
git-2.52.0/trace2/tr2_dst.c:324:12: branch_false: following ‘false’ branch...
git-2.52.0/trace2/tr2_dst.c:330:12: branch_false: following ‘false’ branch...
git-2.52.0/trace2/tr2_dst.c:340:13: call_function: inlined call to ‘is_absolute_path’ from ‘tr2_dst_get_trace_fd’
git-2.52.0/trace2/tr2_dst.c:348:13: branch_false: ...to here
git-2.52.0/trace2/tr2_dst.c:348:12: branch_true: following ‘true’ branch...
git-2.52.0/trace2/tr2_dst.c:349:24: branch_true: ...to here
git-2.52.0/trace2/tr2_dst.c:349:24: call_function: calling ‘tr2_dst_try_unix_domain_socket’ from ‘tr2_dst_get_trace_fd’
#  213|   	strlcpy(sa.sun_path, path, sizeof(sa.sun_path));
#  214|   
#  215|-> 	if (connect(fd, (struct sockaddr *)&sa, sizeof(sa)) == -1) {
#  216|   		int saved_errno = errno;
#  217|   		close(fd);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def531]
git-2.52.0/trace2/tr2_tgt_event.c:224:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/trace2/tr2_tgt_event.c:219:12: branch_true: following ‘true’ branch...
git-2.52.0/trace2/tr2_tgt_event.c:223:17: acquire_resource: ‘va_copy’ called here
git-2.52.0/trace2/tr2_tgt_event.c:224:17: throw: if ‘strbuf_vaddf’ throws an exception...
git-2.52.0/trace2/tr2_tgt_event.c:224:17: danger: missing call to ‘va_end’ to match ‘va_copy’ at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  222|   
#  223|   		va_copy(copy_ap, ap);
#  224|-> 		strbuf_vaddf(&buf, fmt, copy_ap);
#  225|   		va_end(copy_ap);
#  226|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def532]
git-2.52.0/trace2/tr2_tgt_normal.c:139:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/trace2/tr2_tgt_normal.c:328:13: enter_function: entry to ‘fn_printf_va_fl’
git-2.52.0/trace2/tr2_tgt_normal.c:335:9: call_function: calling ‘maybe_append_string_va’ from ‘fn_printf_va_fl’
#  137|   
#  138|   		va_copy(copy_ap, ap);
#  139|-> 		strbuf_vaddf(buf, fmt, copy_ap);
#  140|   		va_end(copy_ap);
#  141|   		return;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def533]
git-2.52.0/trace2/tr2_tgt_perf.c:231:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/trace2/tr2_tgt_perf.c:549:13: enter_function: entry to ‘fn_printf_va_fl’
git-2.52.0/trace2/tr2_tgt_perf.c:556:9: call_function: calling ‘maybe_append_string_va’ from ‘fn_printf_va_fl’
#  229|   
#  230|   		va_copy(copy_ap, ap);
#  231|-> 		strbuf_vaddf(buf, fmt, copy_ap);
#  232|   		va_end(copy_ap);
#  233|   		return;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def534]
git-2.52.0/transport-helper.c:176:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘duped’
git-2.52.0/transport-helper.c:1299:12: enter_function: entry to ‘get_bundle_uri’
git-2.52.0/transport-helper.c:1301:9: call_function: calling ‘get_helper’ from ‘get_bundle_uri’
#  174|   	if (duped < 0)
#  175|   		die_errno(_("can't dup helper output fd"));
#  176|-> 	data->out = xfdopen(duped, "r");
#  177|   
#  178|   	sigchain_push(SIGPIPE, SIG_IGN);

Error: COMPILER_WARNING (CWE-704): [#def535]
git-2.52.0/transport-helper.c: scope_hint: In function ‘push_update_ref_status’
git-2.52.0/transport-helper.c:803:19: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  803 |                 p = strchr(key, ' ');
#      |                   ^
#  801|   		}
#  802|   		key = buf->buf + 7;
#  803|-> 		p = strchr(key, ' ');
#  804|   		if (p)
#  805|   			*p++ = '\0';

Error: COMPILER_WARNING (CWE-704): [#def536]
git-2.52.0/transport-helper.c:803:19: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  801|   		}
#  802|   		key = buf->buf + 7;
#  803|-> 		p = strchr(key, ' ');
#  804|   		if (p)
#  805|   			*p++ = '\0';

Error: COMPILER_WARNING (CWE-704): [#def537]
git-2.52.0/transport.c: scope_hint: In function ‘transport_anonymize_url’
git-2.52.0/transport.c:1663:19: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1663 |         anon_part = strchr(url, '@');
#      |                   ^
# 1661|   	size_t anon_len, prefix_len = 0;
# 1662|   
# 1663|-> 	anon_part = strchr(url, '@');
# 1664|   	if (url_is_local_not_ssh(url) || !anon_part)
# 1665|   		goto literal_copy;

Error: COMPILER_WARNING (CWE-704): [#def538]
git-2.52.0/transport.c:1663:19: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1661|   	size_t anon_len, prefix_len = 0;
# 1662|   
# 1663|-> 	anon_part = strchr(url, '@');
# 1664|   	if (url_is_local_not_ssh(url) || !anon_part)
# 1665|   		goto literal_copy;

Error: COMPILER_WARNING (CWE-704): [#def539]
git-2.52.0/transport.c:1668:23: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1668 |         scheme_prefix = strstr(url, "://");
#      |                       ^
# 1666|   
# 1667|   	anon_len = strlen(++anon_part);
# 1668|-> 	scheme_prefix = strstr(url, "://");
# 1669|   	if (!scheme_prefix) {
# 1670|   		if (!strchr(anon_part, ':'))

Error: COMPILER_WARNING (CWE-704): [#def540]
git-2.52.0/transport.c:1668:23: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1666|   
# 1667|   	anon_len = strlen(++anon_part);
# 1668|-> 	scheme_prefix = strstr(url, "://");
# 1669|   	if (!scheme_prefix) {
# 1670|   		if (!strchr(anon_part, ':'))

Error: GCC_ANALYZER_WARNING (CWE-775): [#def541]
git-2.52.0/unix-socket.c:31:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
git-2.52.0/unix-socket.c:106:5: enter_function: entry to ‘unix_stream_listen’
git-2.52.0/unix-socket.c:116:13: call_function: calling ‘unix_sockaddr_init’ from ‘unix_stream_listen’
git-2.52.0/unix-socket.c:116:13: return_function: returning to ‘unix_stream_listen’ from ‘unix_sockaddr_init’
git-2.52.0/unix-socket.c:116:12: branch_false: following ‘false’ branch...
git-2.52.0/unix-socket.c:118:14: branch_false: ...to here
git-2.52.0/unix-socket.c:118:14: acquire_resource: stream socket created here
git-2.52.0/unix-socket.c:119:12: branch_false: following ‘false’ branch (when ‘fd >= 0’)...
git-2.52.0/unix-socket.c:122:13: branch_false: ...to here
git-2.52.0/unix-socket.c:122:12: branch_false: following ‘false’ branch...
git-2.52.0/unix-socket.c:125:9: branch_false: ...to here
git-2.52.0/unix-socket.c:128:12: branch_false: following ‘false’ branch...
git-2.52.0/unix-socket.c:131:9: branch_false: ...to here
git-2.52.0/unix-socket.c:131:9: call_function: calling ‘unix_sockaddr_cleanup’ from ‘unix_stream_listen’
#   29|   	 */
#   30|   	if (chdir(ctx->orig_dir) < 0)
#   31|-> 		die("unable to restore original working directory");
#   32|   	free(ctx->orig_dir);
#   33|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def542]
git-2.52.0/unix-socket.c:92:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
git-2.52.0/unix-socket.c:86:12: branch_false: following ‘false’ branch...
git-2.52.0/unix-socket.c:88:14: branch_false: ...to here
git-2.52.0/unix-socket.c:88:14: acquire_resource: stream socket created here
git-2.52.0/unix-socket.c:89:12: branch_false: following ‘false’ branch (when ‘fd >= 0’)...
git-2.52.0/unix-socket.c:92:13: branch_false: ...to here
git-2.52.0/unix-socket.c:92:13: throw: if ‘connect’ throws an exception...
git-2.52.0/unix-socket.c:92:13: danger: ‘fd’ leaks here
#   90|   		goto fail;
#   91|   
#   92|-> 	if (connect(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0)
#   93|   		goto fail;
#   94|   	unix_sockaddr_cleanup(&ctx);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def543]
git-2.52.0/unix-socket.c:137:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
git-2.52.0/unix-socket.c:116:12: branch_false: following ‘false’ branch...
git-2.52.0/unix-socket.c:118:14: branch_false: ...to here
git-2.52.0/unix-socket.c:118:14: acquire_resource: stream socket created here
git-2.52.0/unix-socket.c:119:12: branch_false: following ‘false’ branch (when ‘fd >= 0’)...
git-2.52.0/unix-socket.c:122:13: branch_false: ...to here
git-2.52.0/unix-socket.c:122:12: branch_false: following ‘false’ branch...
git-2.52.0/unix-socket.c:125:9: branch_false: ...to here
git-2.52.0/unix-socket.c:128:12: branch_true: following ‘true’ branch...
git-2.52.0/unix-socket.c:129:17: branch_true: ...to here
git-2.52.0/unix-socket.c:136:12: branch_true: following ‘true’ branch (when ‘fd != -1’)...
git-2.52.0/unix-socket.c:137:17: branch_true: ...to here
git-2.52.0/unix-socket.c:137:17: throw: if ‘close’ throws an exception...
git-2.52.0/unix-socket.c:137:17: danger: ‘fd’ leaks here
#  135|   	saved_errno = errno;
#  136|   	if (fd != -1)
#  137|-> 		close(fd);
#  138|   	unix_sockaddr_cleanup(&ctx);
#  139|   	errno = saved_errno;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def544]
git-2.52.0/unpack-trees.c:2209:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘a’
git-2.52.0/unpack-trees.c:2910:5: enter_function: entry to ‘twoway_merge’
git-2.52.0/unpack-trees.c:2917:12: branch_false: following ‘false’ branch...
git-2.52.0/unpack-trees.c:2921:24: branch_false: ...to here
git-2.52.0/unpack-trees.c:2921:12: branch_true: following ‘true’ branch...
git-2.52.0/unpack-trees.c:2921:12: branch_true: ...to here
git-2.52.0/unpack-trees.c:2923:12: branch_false: following ‘false’ branch...
git-2.52.0/unpack-trees.c:2926:12: branch_false: ...to here
git-2.52.0/unpack-trees.c:2926:12: branch_true: following ‘true’ branch (when ‘current’ is non-NULL)...
git-2.52.0/unpack-trees.c:2927:21: branch_true: ...to here
git-2.52.0/unpack-trees.c:2927:20: branch_true: following ‘true’ branch...
git-2.52.0/unpack-trees.c:2928:29: branch_true: ...to here
git-2.52.0/unpack-trees.c:2928:29: call_function: calling ‘same’ from ‘twoway_merge’
# 2207|   	if (!a && !b)
# 2208|   		return 1;
# 2209|-> 	if ((a->ce_flags | b->ce_flags) & CE_CONFLICTED)
# 2210|   		return 0;
# 2211|   	return a->ce_mode == b->ce_mode &&

Error: GCC_ANALYZER_WARNING (CWE-476): [#def545]
git-2.52.0/unpack-trees.c:2332:13: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘ce’
git-2.52.0/unpack-trees.c:2475:12: enter_function: entry to ‘verify_absent_1’
git-2.52.0/unpack-trees.c:2486:12: branch_false: following ‘false’ branch...
git-2.52.0/unpack-trees.c:2496:44: branch_false: ...to here
git-2.52.0/unpack-trees.c:2497:12: branch_false: following ‘false’ branch...
git-2.52.0/unpack-trees.c:2499:17: branch_false: ...to here
git-2.52.0/unpack-trees.c:2499:17: branch_true: following ‘true’ branch...
git-2.52.0/unpack-trees.c:2503:24: branch_true: ...to here
git-2.52.0/unpack-trees.c:2504:20: branch_false: following ‘false’ branch...
git-2.52.0/unpack-trees.c:2507:29: branch_false: ...to here
git-2.52.0/unpack-trees.c:2507:28: branch_false: following ‘false’ branch...
git-2.52.0/unpack-trees.c:2512:39: branch_false: ...to here
git-2.52.0/unpack-trees.c:2512:39: call_function: calling ‘check_ok_to_remove’ from ‘verify_absent_1’
# 2330|   	int cnt = 0;
# 2331|   
# 2332|-> 	if (S_ISGITLINK(ce->ce_mode)) {
# 2333|   		struct object_id oid;
# 2334|   		int sub_head = repo_resolve_gitlink_ref(the_repository, ce->name,

Error: GCC_ANALYZER_WARNING (CWE-404): [#def546]
git-2.52.0/upload-pack.c:1054:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/upload-pack.c:1053:9: acquire_resource: ‘va_start’ called here
git-2.52.0/upload-pack.c:1054:9: throw: if ‘strbuf_vaddf’ throws an exception...
git-2.52.0/upload-pack.c:1054:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
# 1052|   
# 1053|   	va_start(ap, fmt);
# 1054|-> 	strbuf_vaddf(&buf, fmt, ap);
# 1055|   	va_end(ap);
# 1056|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def547]
git-2.52.0/usage.c:36:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/usage.c:353:15: enter_function: entry to ‘BUG_fl’
git-2.52.0/usage.c:360:9: call_function: calling ‘BUG_vfl’ from ‘BUG_fl’
#   34|   
#   35|   	*(p++) = '\n'; /* we no longer need a NUL */
#   36|-> 	fflush(f);
#   37|   	write_in_full(fileno(f), msg, p - msg);
#   38|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def548]
git-2.52.0/usage.c:37:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/usage.c:353:15: enter_function: entry to ‘BUG_fl’
git-2.52.0/usage.c:360:9: call_function: calling ‘BUG_vfl’ from ‘BUG_fl’
#   35|   	*(p++) = '\n'; /* we no longer need a NUL */
#   36|   	fflush(f);
#   37|-> 	write_in_full(fileno(f), msg, p - msg);
#   38|   }
#   39|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def549]
git-2.52.0/usage.c:211:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/usage.c:205:12: branch_false: following ‘false’ branch...
git-2.52.0/usage.c:210:9: branch_false: ...to here
git-2.52.0/usage.c:210:9: acquire_resource: ‘va_start’ called here
git-2.52.0/usage.c:211:9: throw: if the called function throws an exception...
git-2.52.0/usage.c:211:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  209|   
#  210|   	va_start(params, err);
#  211|-> 	die_routine(err, params);
#  212|   	va_end(params);
#  213|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def550]
git-2.52.0/usage.c:251:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/usage.c:244:12: branch_false: following ‘false’ branch...
git-2.52.0/usage.c:250:9: branch_false: ...to here
git-2.52.0/usage.c:250:9: acquire_resource: ‘va_start’ called here
git-2.52.0/usage.c:251:9: throw: if the called function throws an exception...
git-2.52.0/usage.c:251:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  249|   
#  250|   	va_start(params, fmt);
#  251|-> 	die_routine(fmt_with_err(buf, sizeof(buf), fmt), params);
#  252|   	va_end(params);
#  253|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def551]
git-2.52.0/usage.c:261:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/usage.c:260:9: acquire_resource: ‘va_start’ called here
git-2.52.0/usage.c:261:9: throw: if the called function throws an exception...
git-2.52.0/usage.c:261:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  259|   
#  260|   	va_start(params, err);
#  261|-> 	die_message_routine(err, params);
#  262|   	va_end(params);
#  263|   	return 128;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def552]
git-2.52.0/usage.c:273:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/usage.c:272:9: acquire_resource: ‘va_start’ called here
git-2.52.0/usage.c:273:9: throw: if the called function throws an exception...
git-2.52.0/usage.c:273:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  271|   
#  272|   	va_start(params, fmt);
#  273|-> 	die_message_routine(fmt_with_err(buf, sizeof(buf), fmt), params);
#  274|   	va_end(params);
#  275|   	return 128;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def553]
git-2.52.0/usage.c:285:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/usage.c:284:9: acquire_resource: ‘va_start’ called here
git-2.52.0/usage.c:285:9: throw: if the called function throws an exception...
git-2.52.0/usage.c:285:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  283|   
#  284|   	va_start(params, fmt);
#  285|-> 	error_routine(fmt_with_err(buf, sizeof(buf), fmt), params);
#  286|   	va_end(params);
#  287|   	return -1;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def554]
git-2.52.0/usage.c:296:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/usage.c:295:9: acquire_resource: ‘va_start’ called here
git-2.52.0/usage.c:296:9: throw: if the called function throws an exception...
git-2.52.0/usage.c:296:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  294|   
#  295|   	va_start(params, err);
#  296|-> 	error_routine(err, params);
#  297|   	va_end(params);
#  298|   	return -1;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def555]
git-2.52.0/usage.c:307:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/usage.c:306:9: acquire_resource: ‘va_start’ called here
git-2.52.0/usage.c:307:9: throw: if the called function throws an exception...
git-2.52.0/usage.c:307:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  305|   
#  306|   	va_start(params, warn);
#  307|-> 	warn_routine(fmt_with_err(buf, sizeof(buf), warn), params);
#  308|   	va_end(params);
#  309|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def556]
git-2.52.0/usage.c:316:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/usage.c:315:9: acquire_resource: ‘va_start’ called here
git-2.52.0/usage.c:316:9: throw: if the called function throws an exception...
git-2.52.0/usage.c:316:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
#  314|   
#  315|   	va_start(params, warn);
#  316|-> 	warn_routine(warn, params);
#  317|   	va_end(params);
#  318|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def557]
git-2.52.0/usage.c:346:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/usage.c:353:15: enter_function: entry to ‘BUG_fl’
git-2.52.0/usage.c:360:9: call_function: calling ‘BUG_vfl’ from ‘BUG_fl’
#  344|   	in_bug = 1;
#  345|   
#  346|-> 	trace2_cmd_error_va(fmt, params_copy);
#  347|   
#  348|   	if (BUG_exit_code)

Error: GCC_ANALYZER_WARNING (CWE-404): [#def558]
git-2.52.0/usage.c:376:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/usage.c:365:6: enter_function: entry to ‘bug_fl’
git-2.52.0/usage.c:372:9: call_function: calling ‘BUG_vfl_common’ from ‘bug_fl’
git-2.52.0/usage.c:372:9: return_function: returning to ‘bug_fl’ from ‘BUG_vfl_common’
git-2.52.0/usage.c:375:9: acquire_resource: ‘va_start’ called here
git-2.52.0/usage.c:376:9: throw: if ‘trace2_cmd_error_va_fl’ throws an exception...
git-2.52.0/usage.c:376:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(12)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/11)
#  374|   
#  375|   	va_start(ap, fmt);
#  376|-> 	trace2_cmd_error_va(fmt, ap);
#  377|   	va_end(ap);
#  378|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def559]
git-2.52.0/utf8.c:137:20: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘s’
git-2.52.0/utf8.c:791:5: enter_function: entry to ‘is_hfs_dotmailmap’
git-2.52.0/utf8.c:793:16: call_function: calling ‘is_hfs_dot_str’ from ‘is_hfs_dotmailmap’
#  135|   	if (remainder < 1) {
#  136|   		goto invalid;
#  137|-> 	} else if (*s < 0x80) {
#  138|   		/* 0xxxxxxx */
#  139|   		ch = *s;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def560]
git-2.52.0/worktree.c:336:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/worktree.c:332:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
git-2.52.0/worktree.c:335:9: branch_false: ...to here
git-2.52.0/worktree.c:335:9: acquire_resource: ‘va_start’ called here
git-2.52.0/worktree.c:336:9: throw: if ‘strbuf_vaddf’ throws an exception...
git-2.52.0/worktree.c:336:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  334|   
#  335|   	va_start(params, fmt);
#  336|-> 	strbuf_vaddf(buf, fmt, params);
#  337|   	va_end(params);
#  338|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def561]
git-2.52.0/worktree.c:551:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(sb.buf)’
git-2.52.0/worktree.c:516:5: enter_function: entry to ‘submodule_uses_worktrees’
git-2.52.0/worktree.c:527:12: branch_false: following ‘false’ branch...
git-2.52.0/worktree.c:531:9: branch_false: ...to here
git-2.52.0/worktree.c:536:12: branch_false: following ‘false’ branch...
git-2.52.0/worktree.c:542:9: branch_false: ...to here
git-2.52.0/worktree.c:546:9: call_function: calling ‘strbuf_setlen’ from ‘submodule_uses_worktrees’
git-2.52.0/worktree.c:546:9: return_function: returning to ‘submodule_uses_worktrees’ from ‘strbuf_setlen’
git-2.52.0/worktree.c:550:15: acquire_memory: allocated here
git-2.52.0/worktree.c:551:9: throw: if ‘strbuf_release’ throws an exception...
git-2.52.0/worktree.c:551:9: danger: ‘opendir(sb.buf)’ leaks here; was allocated at [(13)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/12)
#  549|   	/* See if there is any file inside the worktrees directory. */
#  550|   	dir = opendir(sb.buf);
#  551|-> 	strbuf_release(&sb);
#  552|   
#  553|   	if (!dir)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def562]
git-2.52.0/worktree.c:556:13: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(sb.buf)’
git-2.52.0/worktree.c:516:5: enter_function: entry to ‘submodule_uses_worktrees’
git-2.52.0/worktree.c:527:12: branch_false: following ‘false’ branch...
git-2.52.0/worktree.c:531:9: branch_false: ...to here
git-2.52.0/worktree.c:536:12: branch_false: following ‘false’ branch...
git-2.52.0/worktree.c:542:9: branch_false: ...to here
git-2.52.0/worktree.c:546:9: call_function: calling ‘strbuf_setlen’ from ‘submodule_uses_worktrees’
git-2.52.0/worktree.c:546:9: return_function: returning to ‘submodule_uses_worktrees’ from ‘strbuf_setlen’
git-2.52.0/worktree.c:550:15: acquire_memory: allocated here
git-2.52.0/worktree.c:553:12: branch_false: following ‘false’ branch...
git-2.52.0/worktree.c:556:13: branch_false: ...to here
git-2.52.0/worktree.c:556:13: throw: if ‘readdir_skip_dot_and_dotdot’ throws an exception...
git-2.52.0/worktree.c:556:13: danger: ‘opendir(sb.buf)’ leaks here; was allocated at [(13)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/12)
#  554|   		return 0;
#  555|   
#  556|-> 	d = readdir_skip_dot_and_dotdot(dir);
#  557|   	if (d)
#  558|   		ret = 1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def563]
git-2.52.0/worktree.c:941:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(gitdir.buf, 0)’
git-2.52.0/worktree.c:920:12: branch_false: following ‘false’ branch...
git-2.52.0/worktree.c:925:9: branch_false: ...to here
git-2.52.0/worktree.c:926:12: branch_false: following ‘false’ branch...
git-2.52.0/worktree.c:929:18: branch_false: ...to here
git-2.52.0/worktree.c:929:12: branch_false: following ‘false’ branch...
git-2.52.0/worktree.c:934:19: branch_false: ...to here
git-2.52.0/worktree.c:934:14: acquire_resource: opened here
git-2.52.0/worktree.c:935:12: branch_false: following ‘false’ branch...
git-2.52.0/worktree.c:941:23: branch_false: ...to here
git-2.52.0/worktree.c:941:23: danger: ‘open(gitdir.buf, 0)’ leaks here; was opened at [(7)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/6)
#  939|   		goto done;
#  940|   	}
#  941|-> 	len = xsize_t(st.st_size);
#  942|   	path = xmallocz(len);
#  943|   

Error: COMPILER_WARNING (CWE-704): [#def564]
git-2.52.0/wrapper.c: scope_hint: In function ‘xstrndup’
git-2.52.0/wrapper.c:118:19: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  118 |         char *p = memchr(str, '\0', len);
#      |                   ^~~~~~
#  116|   char *xstrndup(const char *str, size_t len)
#  117|   {
#  118|-> 	char *p = memchr(str, '\0', len);
#  119|   	return xmemdupz(str, p ? p - str : len);
#  120|   }

Error: COMPILER_WARNING (CWE-704): [#def565]
git-2.52.0/wrapper.c:118:19: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type
#  116|   char *xstrndup(const char *str, size_t len)
#  117|   {
#  118|-> 	char *p = memchr(str, '\0', len);
#  119|   	return xmemdupz(str, p ? p - str : len);
#  120|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def566]
git-2.52.0/wrapper.c:697:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/wrapper.c:696:9: acquire_resource: ‘va_start’ called here
git-2.52.0/wrapper.c:697:9: throw: if ‘strbuf_vaddf’ throws an exception...
git-2.52.0/wrapper.c:697:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  695|   
#  696|   	va_start(params, fmt);
#  697|-> 	strbuf_vaddf(&sb, fmt, params);
#  698|   	va_end(params);
#  699|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def567]
git-2.52.0/wt-status.c:74:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
git-2.52.0/wt-status.c:1462:13: enter_function: entry to ‘print_rebase_state’
git-2.52.0/wt-status.c:1471:17: call_function: calling ‘_’ from ‘print_rebase_state’
git-2.52.0/wt-status.c:1471:17: return_function: returning to ‘print_rebase_state’ from ‘_’
git-2.52.0/wt-status.c:1471:17: call_function: calling ‘status_printf_ln’ from ‘print_rebase_state’
#   72|   	const char *line, *eol;
#   73|   
#   74|-> 	strbuf_vaddf(&sb, fmt, ap);
#   75|   	if (!sb.len) {
#   76|   		if (s->display_comment_prefix) {