Error: GCC_ANALYZER_WARNING (CWE-775): [#def1] glib-2.87.0/gio/tests/fake-desktop-portal.c:476:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’ glib-2.87.0/gio/tests/fake-desktop-portal.c:470:6: branch_true: following ‘true’ branch... glib-2.87.0/gio/tests/fake-desktop-portal.c:475:12: acquire_resource: opened here glib-2.87.0/gio/tests/fake-desktop-portal.c:476:17: throw: if ‘g_unix_fd_query_path’ throws an exception... glib-2.87.0/gio/tests/fake-desktop-portal.c:476:17: danger: ‘fd’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) # 474| # 475| fd = g_open ("/dev/null", O_RDONLY); # 476|-> fd_path = g_unix_fd_query_path (fd, NULL); # 477| g_free (fd_path); # 478| g_clear_fd (&fd, NULL); Error: GCC_ANALYZER_WARNING (CWE-775): [#def2] glib-2.87.0/girepository/gdump.c:690:10: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(input_filename, "rbe")’ glib-2.87.0/girepository/gdump.c:637:1: enter_function: entry to ‘gi_repository_dump’ glib-2.87.0/girepository/gdump.c:650:6: branch_false: following ‘false’ branch... glib-2.87.0/girepository/gdump.c:660:11: branch_false: ...to here glib-2.87.0/girepository/gdump.c:660:11: acquire_resource: opened here glib-2.87.0/girepository/gdump.c:661:6: branch_false: following ‘false’ branch... glib-2.87.0/girepository/gdump.c:672:12: branch_false: ...to here glib-2.87.0/girepository/gdump.c:673:6: branch_false: following ‘false’ branch... glib-2.87.0/girepository/gdump.c:685:3: branch_false: ...to here glib-2.87.0/girepository/gdump.c:685:3: call_function: calling ‘goutput_write’ from ‘gi_repository_dump’ glib-2.87.0/girepository/gdump.c:685:3: return_function: returning to ‘gi_repository_dump’ from ‘goutput_write’ glib-2.87.0/girepository/gdump.c:686:3: call_function: calling ‘goutput_write’ from ‘gi_repository_dump’ glib-2.87.0/girepository/gdump.c:686:3: return_function: returning to ‘gi_repository_dump’ from ‘goutput_write’ glib-2.87.0/girepository/gdump.c:690:10: branch_true: following ‘true’ branch... glib-2.87.0/girepository/gdump.c:693:20: branch_true: ...to here glib-2.87.0/girepository/gdump.c:693:20: call_function: calling ‘read_line’ from ‘gi_repository_dump’ # 688| output_types = g_hash_table_new (NULL, NULL); # 689| # 690|-> while (!reached_eof) # 691| { # 692| size_t len; Error: GCC_ANALYZER_WARNING (CWE-775): [#def3] glib-2.87.0/girepository/gdump.c:690:10: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(output_filename, "wbe")’ glib-2.87.0/girepository/gdump.c:637:1: enter_function: entry to ‘gi_repository_dump’ glib-2.87.0/girepository/gdump.c:650:6: branch_false: following ‘false’ branch... glib-2.87.0/girepository/gdump.c:660:11: branch_false: ...to here glib-2.87.0/girepository/gdump.c:661:6: branch_false: following ‘false’ branch... glib-2.87.0/girepository/gdump.c:672:12: branch_false: ...to here glib-2.87.0/girepository/gdump.c:672:12: acquire_resource: opened here glib-2.87.0/girepository/gdump.c:673:6: branch_false: following ‘false’ branch... glib-2.87.0/girepository/gdump.c:685:3: branch_false: ...to here glib-2.87.0/girepository/gdump.c:685:3: call_function: calling ‘goutput_write’ from ‘gi_repository_dump’ glib-2.87.0/girepository/gdump.c:685:3: return_function: returning to ‘gi_repository_dump’ from ‘goutput_write’ glib-2.87.0/girepository/gdump.c:686:3: call_function: calling ‘goutput_write’ from ‘gi_repository_dump’ glib-2.87.0/girepository/gdump.c:686:3: return_function: returning to ‘gi_repository_dump’ from ‘goutput_write’ glib-2.87.0/girepository/gdump.c:690:10: branch_true: following ‘true’ branch... glib-2.87.0/girepository/gdump.c:693:20: branch_true: ...to here glib-2.87.0/girepository/gdump.c:693:20: call_function: calling ‘read_line’ from ‘gi_repository_dump’ # 688| output_types = g_hash_table_new (NULL, NULL); # 689| # 690|-> while (!reached_eof) # 691| { # 692| size_t len; Error: GCC_ANALYZER_WARNING (CWE-401): [#def4] glib-2.87.0/girepository/gdump.c:690:10: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(input_filename, "rbe")’ glib-2.87.0/girepository/gdump.c:637:1: enter_function: entry to ‘gi_repository_dump’ glib-2.87.0/girepository/gdump.c:650:6: branch_false: following ‘false’ branch... glib-2.87.0/girepository/gdump.c:660:11: branch_false: ...to here glib-2.87.0/girepository/gdump.c:660:11: acquire_memory: allocated here glib-2.87.0/girepository/gdump.c:661:6: branch_false: following ‘false’ branch... glib-2.87.0/girepository/gdump.c:672:12: branch_false: ...to here glib-2.87.0/girepository/gdump.c:673:6: branch_false: following ‘false’ branch... glib-2.87.0/girepository/gdump.c:685:3: branch_false: ...to here glib-2.87.0/girepository/gdump.c:685:3: call_function: calling ‘goutput_write’ from ‘gi_repository_dump’ glib-2.87.0/girepository/gdump.c:685:3: return_function: returning to ‘gi_repository_dump’ from ‘goutput_write’ glib-2.87.0/girepository/gdump.c:686:3: call_function: calling ‘goutput_write’ from ‘gi_repository_dump’ glib-2.87.0/girepository/gdump.c:686:3: return_function: returning to ‘gi_repository_dump’ from ‘goutput_write’ glib-2.87.0/girepository/gdump.c:690:10: branch_true: following ‘true’ branch... glib-2.87.0/girepository/gdump.c:693:20: branch_true: ...to here glib-2.87.0/girepository/gdump.c:693:20: call_function: calling ‘read_line’ from ‘gi_repository_dump’ # 688| output_types = g_hash_table_new (NULL, NULL); # 689| # 690|-> while (!reached_eof) # 691| { # 692| size_t len; Error: GCC_ANALYZER_WARNING (CWE-401): [#def5] glib-2.87.0/girepository/gdump.c:690:10: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(output_filename, "wbe")’ glib-2.87.0/girepository/gdump.c:637:1: enter_function: entry to ‘gi_repository_dump’ glib-2.87.0/girepository/gdump.c:650:6: branch_false: following ‘false’ branch... glib-2.87.0/girepository/gdump.c:660:11: branch_false: ...to here glib-2.87.0/girepository/gdump.c:661:6: branch_false: following ‘false’ branch... glib-2.87.0/girepository/gdump.c:672:12: branch_false: ...to here glib-2.87.0/girepository/gdump.c:672:12: acquire_memory: allocated here glib-2.87.0/girepository/gdump.c:673:6: branch_false: following ‘false’ branch... glib-2.87.0/girepository/gdump.c:685:3: branch_false: ...to here glib-2.87.0/girepository/gdump.c:685:3: call_function: calling ‘goutput_write’ from ‘gi_repository_dump’ glib-2.87.0/girepository/gdump.c:685:3: return_function: returning to ‘gi_repository_dump’ from ‘goutput_write’ glib-2.87.0/girepository/gdump.c:686:3: call_function: calling ‘goutput_write’ from ‘gi_repository_dump’ glib-2.87.0/girepository/gdump.c:686:3: return_function: returning to ‘gi_repository_dump’ from ‘goutput_write’ glib-2.87.0/girepository/gdump.c:690:10: branch_true: following ‘true’ branch... glib-2.87.0/girepository/gdump.c:693:20: branch_true: ...to here glib-2.87.0/girepository/gdump.c:693:20: call_function: calling ‘read_line’ from ‘gi_repository_dump’ # 688| output_types = g_hash_table_new (NULL, NULL); # 689| # 690|-> while (!reached_eof) # 691| { # 692| size_t len; Error: GCC_ANALYZER_WARNING (CWE-775): [#def6] glib-2.87.0/glib/grand.c:184:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/urandom", 524288)’ glib-2.87.0/glib/grand.c:672:1: enter_function: entry to ‘g_random_set_seed’ glib-2.87.0/glib/grand.c:675:3: call_function: calling ‘get_global_random’ from ‘g_random_set_seed’ # 182| do # 183| dev_urandom = g_open ("/dev/urandom", O_RDONLY | O_CLOEXEC); # 184|-> while G_UNLIKELY (dev_urandom < 0 && errno == EINTR); # 185| # 186| if (dev_urandom >= 0) Error: GCC_ANALYZER_WARNING (CWE-404): [#def7] glib-2.87.0/glib/gstrfuncs.c:585:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ glib-2.87.0/glib/gstrfuncs.c:576:6: branch_false: following ‘false’ branch (when ‘string1’ is non-NULL)... glib-2.87.0/glib/gstrfuncs.c:579:11: branch_false: ...to here glib-2.87.0/glib/gstrfuncs.c:580:3: acquire_resource: ‘va_start’ called here glib-2.87.0/glib/gstrfuncs.c:582:10: branch_true: following ‘true’ branch (when ‘s’ is non-NULL)... glib-2.87.0/glib/gstrfuncs.c:584:12: branch_true: ...to here glib-2.87.0/glib/gstrfuncs.c:585:9: throw: if ‘g_log’ throws an exception... glib-2.87.0/glib/gstrfuncs.c:585:9: danger: missing call to ‘va_end’ to match ‘va_start’ at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2) # 583| { # 584| if (!g_size_checked_add (&l, l, strlen (s))) # 585|-> g_error ("%s: overflow concatenating strings", G_STRLOC); # 586| s = va_arg (args, gchar*); # 587| } Error: GCC_ANALYZER_WARNING (CWE-404): [#def8] glib-2.87.0/glib/gstrfuncs.c:2717:13: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ glib-2.87.0/glib/gstrfuncs.c:2703:3: acquire_resource: ‘va_start’ called here glib-2.87.0/glib/gstrfuncs.c:2707:6: branch_true: following ‘true’ branch (when ‘s’ is non-NULL)... glib-2.87.0/glib/gstrfuncs.c:2710:17: branch_true: ...to here glib-2.87.0/glib/gstrfuncs.c:2713:14: branch_true: following ‘true’ branch (when ‘s’ is non-NULL)... glib-2.87.0/glib/gstrfuncs.c:2715:16: branch_true: ...to here glib-2.87.0/glib/gstrfuncs.c:2717:13: throw: if ‘g_log’ throws an exception... glib-2.87.0/glib/gstrfuncs.c:2717:13: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0) # 2715| if (!g_size_checked_add (&len, len, separator_len) || # 2716| !g_size_checked_add (&len, len, strlen (s))) # 2717|-> g_error ("%s: overflow joining strings", G_STRLOC); # 2718| s = va_arg (args, gchar*); # 2719| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def9] glib-2.87.0/glib/gutils.c:748:40: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ glib-2.87.0/glib/gutils.c:2277:1: enter_function: entry to ‘load_user_special_dirs_unlocked’ glib-2.87.0/glib/gutils.c:2282:9: release_memory: ‘data’ is NULL glib-2.87.0/glib/gutils.c:2284:16: call_function: calling ‘g_get_user_config_dir_unlocked’ from ‘load_user_special_dirs_unlocked’ # 746| name_parts = g_strsplit (gecos_fields[0], "&", 0); # 747| uppercase_pw_name = g_strdup (pw->pw_name); # 748|-> uppercase_pw_name[0] = g_ascii_toupper (uppercase_pw_name[0]); # 749| e.real_name = g_strjoinv (uppercase_pw_name, name_parts); # 750| g_strfreev (gecos_fields); Error: GCC_ANALYZER_WARNING (CWE-775): [#def10] glib-2.87.0/glib/tests/unix.c:929:3: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’ glib-2.87.0/glib/tests/unix.c:925:8: acquire_resource: opened here glib-2.87.0/glib/tests/unix.c:927:3: branch_true: following ‘true’ branch... glib-2.87.0/glib/tests/unix.c:929:3: branch_true: ...to here glib-2.87.0/glib/tests/unix.c:929:3: throw: if ‘g_test_message’ throws an exception... glib-2.87.0/glib/tests/unix.c:929:3: danger: ‘fd’ leaks here; was opened at [(1)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/0) # 927| g_assert_cmpint (fd, >=, 0); # 928| # 929|-> g_test_message ("Checking FD %d for /dev/null", fd); # 930| # 931| fd_path = g_unix_fd_query_path (fd, &error);
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.92.0 |
| diffbase-analyzer-version-cppcheck | 2.19.1 |
| diffbase-analyzer-version-gcc | 16.0.0 |
| diffbase-analyzer-version-gcc-analyzer | 16.0.0 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-213.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | glib2-2.86.0-2.fc43 |
| diffbase-store-results-to | /tmp/tmpqw7p0r3w/glib2-2.86.0-2.fc43.tar.xz |
| diffbase-time-created | 2026-01-08 16:20:06 |
| diffbase-time-finished | 2026-01-08 16:32:37 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpqw7p0r3w/glib2-2.86.0-2.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpqw7p0r3w/glib2-2.86.0-2.fc43.src.rpm' |
| diffbase-tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-213.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | glib2-2.87.0-3.fc44 |
| store-results-to | /tmp/tmpwqhefumj/glib2-2.87.0-3.fc44.tar.xz |
| time-created | 2026-01-08 16:33:48 |
| time-finished | 2026-01-08 16:46:12 |
| title | Newly introduced findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpwqhefumj/glib2-2.87.0-3.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpwqhefumj/glib2-2.87.0-3.fc44.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |