Newly introduced findings

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-476): [#def1]
gtk-4.21.1/demos/icon-editor/border-paintable.c:97:11: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘colors’
gtk-4.21.1/demos/icon-editor/border-paintable.c:206:1: enter_function: entry to ‘border_paintable_snapshot’
gtk-4.21.1/demos/icon-editor/border-paintable.c:211:3: call_function: inlined call to ‘border_paintable_snapshot_symbolic’ from ‘border_paintable_snapshot’
#   95|           {
#   96|             border_width[i] = 1;
#   97|->           border_color[i] = colors[GTK_SYMBOLIC_COLOR_FOREGROUND];
#   98|           }
#   99|   

Error: CPPCHECK_WARNING (CWE-476): [#def2]
gtk-4.21.1/demos/icon-editor/color-paintable.c:65: error[ctunullpointer]: Null pointer dereference: colors
#   63|     GdkRGBA color;
#   64|   
#   65|->   color = colors[self->symbolic];
#   66|     color.alpha *= self->alpha;
#   67|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def3]
gtk-4.21.1/demos/icon-editor/mini-graph.c:123:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘kf0’
gtk-4.21.1/demos/icon-editor/mini-graph.c:139:1: enter_function: entry to ‘create_path’
gtk-4.21.1/demos/icon-editor/mini-graph.c:144:19: branch_true: following ‘true’ branch (when ‘i <= size’)...
gtk-4.21.1/demos/icon-editor/mini-graph.c:146:17: branch_true: ...to here
gtk-4.21.1/demos/icon-editor/mini-graph.c:147:17: call_function: calling ‘compute_value’ from ‘create_path’
#  121|     g_assert (kf0 && kf1);
#  122|   
#  123|->   t_rel = (t - kf0->time) / (kf1->time - kf0->time);
#  124|   
#  125|     switch (self->mode)

Error: COMPILER_WARNING (CWE-476): [#def4]
gtk-4.21.1/demos/icon-editor/mini-graph.c:123:19: warning[-Wnull-dereference]: potential null pointer dereference
#  123 |   t_rel = (t - kf0->time) / (kf1->time - kf0->time);
#      |                ~~~^~~~~~
#  121|     g_assert (kf0 && kf1);
#  122|   
#  123|->   t_rel = (t - kf0->time) / (kf1->time - kf0->time);
#  124|   
#  125|     switch (self->mode)

Error: GCC_ANALYZER_WARNING (CWE-457): [#def5]
gtk-4.21.1/demos/icon-editor/path-paintable.h:84:1: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘paintable’
gtk-4.21.1/demos/icon-editor/icon-editor-window.c:909:1: enter_function: entry to ‘reshuffle’
gtk-4.21.1/demos/icon-editor/icon-editor-window.c:915:3: call_function: calling ‘set_random_icons’ from ‘reshuffle’
#   82|   
#   83|   #define PATH_PAINTABLE_TYPE (path_paintable_get_type ())
#   84|-> G_DECLARE_FINAL_TYPE (PathPaintable, path_paintable, PATH, PAINTABLE, GObject)
#   85|   
#   86|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def6]
gtk-4.21.1/gsk/gskpath.h:200:1: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘dot’
gtk-4.21.1/demos/icon-editor/border-paintable.c:78:6: branch_false: following ‘false’ branch...
gtk-4.21.1/demos/icon-editor/border-paintable.c:81:7: branch_false: ...to here
gtk-4.21.1/demos/icon-editor/border-paintable.c:84:6: branch_false: following ‘false’ branch...
gtk-4.21.1/demos/icon-editor/border-paintable.c:87:11: branch_false: ...to here
gtk-4.21.1/demos/icon-editor/border-paintable.c:111:6: branch_true: following ‘true’ branch...
gtk-4.21.1/demos/icon-editor/border-paintable.c:113:23: branch_true: ...to here
gtk-4.21.1/demos/icon-editor/border-paintable.c:125:10: branch_true: following ‘true’ branch...
gtk-4.21.1/demos/icon-editor/border-paintable.c:125:10: branch_true: ...to here
gtk-4.21.1/demos/icon-editor/border-paintable.c:127:36: branch_true: following ‘true’ branch...
gtk-4.21.1/demos/icon-editor/border-paintable.c:129:33: branch_true: ...to here
gtk-4.21.1/demos/icon-editor/border-paintable.c:141:19: throw: if ‘gtk_snapshot_push_stroke’ throws an exception...
gtk-4.21.1/demos/icon-editor/border-paintable.c:139:39: call_function: inlined call to ‘glib_autoptr_cleanup_GskPath’ from ‘border_paintable_snapshot_with_weight’
#  198|                                                                    gpointer                user_data);
#  199|   
#  200|-> G_DEFINE_AUTOPTR_CLEANUP_FUNC(GskPath, gsk_path_unref)
#  201|   
#  202|   G_END_DECLS

Error: GCC_ANALYZER_WARNING (CWE-457): [#def7]
gtk-4.21.1/gsk/gskpath.h:200:1: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘path’
gtk-4.21.1/demos/icon-editor/path-editor.c:478:19: throw: if ‘gtk_widget_get_root’ throws an exception...
gtk-4.21.1/demos/icon-editor/path-editor.c:476:23: call_function: inlined call to ‘glib_autoptr_cleanup_GskPath’ from ‘edit_path’
#  198|                                                                    gpointer                user_data);
#  199|   
#  200|-> G_DEFINE_AUTOPTR_CLEANUP_FUNC(GskPath, gsk_path_unref)
#  201|   
#  202|   G_END_DECLS

Error: GCC_ANALYZER_WARNING (CWE-457): [#def8]
gtk-4.21.1/gsk/gskstroke.h:86:1: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘stroke’
gtk-4.21.1/demos/icon-editor/path-editor.c:460:1: enter_function: entry to ‘edit_path’
gtk-4.21.1/demos/icon-editor/path-editor.c:476:23: call_function: inlined call to ‘glib_autoptr_cleanup_GskPath’ from ‘edit_path’
gtk-4.21.1/demos/icon-editor/path-editor.c:471:25: call_function: inlined call to ‘glib_autoptr_cleanup_GskStroke’ from ‘edit_path’
#   84|                                                                    cairo_t                *cr);
#   85|   
#   86|-> G_DEFINE_AUTOPTR_CLEANUP_FUNC(GskStroke, gsk_stroke_free)
#   87|   
#   88|   G_END_DECLS

Error: GCC_ANALYZER_WARNING (CWE-476): [#def9]
gtk-4.21.1/gtk/gtkbuilder.c:992:11: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘parameters.names’
gtk-4.21.1/gtk/gtkbuilder.c:917:1: enter_function: entry to ‘_gtk_builder_construct’
gtk-4.21.1/gtk/gtkbuilder.c:961:3: call_function: inlined call to ‘object_properties_init’ from ‘_gtk_builder_construct’
gtk-4.21.1/gtk/gtkbuilder.c:962:3: call_function: inlined call to ‘object_properties_init’ from ‘_gtk_builder_construct’
gtk-4.21.1/gtk/gtkbuilder.c:971:6: branch_true: following ‘true’ branch...
gtk-4.21.1/gtk/gtkbuilder.c:975:21: branch_true: ...to here
gtk-4.21.1/gtk/gtkbuilder.c:976:10: branch_false: following ‘false’ branch...
gtk-4.21.1/gtk/gtkbuilder.c:990:44: branch_false: ...to here
gtk-4.21.1/gtk/gtkbuilder.c:992:11: release_memory: ‘parameters.names’ is NULL
gtk-4.21.1/gtk/gtkbuilder.c:992:11: danger: dereference of NULL ‘construct_parameters.names’
#  990|                                              info->id);
#  991|         g_assert (obj != NULL);
#  992|->       if (construct_parameters.names->len > 0)
#  993|           g_warning ("Can't pass in construct-only parameters to %s", info->id);
#  994|       }

Error: GCC_ANALYZER_WARNING (CWE-457): [#def10]
gtk-4.21.1/gtk/gtkbuilder.h:205:1: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘builder’
gtk-4.21.1/demos/icon-editor/icon-editor-application.c:122:6: branch_true: following ‘true’ branch...
gtk-4.21.1/demos/icon-editor/icon-editor-application.c:124:17: branch_true: ...to here
gtk-4.21.1/demos/icon-editor/icon-editor-application.c:124:17: throw: if ‘gtk_builder_new’ throws an exception...
gtk-4.21.1/demos/icon-editor/icon-editor-application.c:116:26: call_function: inlined call to ‘glib_autoptr_cleanup_GtkBuilder’ from ‘activate_help’
#  203|                                                GError       **error);
#  204|   
#  205|-> G_DEFINE_AUTOPTR_CLEANUP_FUNC(GtkBuilder, g_object_unref)
#  206|   
#  207|   G_END_DECLS

Error: GCC_ANALYZER_WARNING (CWE-457): [#def11]
gtk-4.21.1/gtk/gtkfiledialog.h:34:1: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘dialog’
gtk-4.21.1/demos/icon-editor/icon-editor-window.c:765:1: enter_function: entry to ‘file_export’
gtk-4.21.1/demos/icon-editor/icon-editor-window.c:771:3: call_function: calling ‘show_export_filechooser’ from ‘file_export’
#   32|   
#   33|   GDK_AVAILABLE_IN_4_10
#   34|-> G_DECLARE_FINAL_TYPE (GtkFileDialog, gtk_file_dialog, GTK, FILE_DIALOG, GObject)
#   35|   
#   36|   GDK_AVAILABLE_IN_4_10

Error: COMPILER_WARNING (CWE-477): [#def12]
gtk-4.21.1/gtk/gtksvg.c: scope_hint: In function ‘gtk_svg_location_init’
gtk-4.21.1/gtk/gtksvg.c:339:3: warning[-Wdeprecated-declarations]: ‘g_markup_parse_context_get_offset’ is deprecated: Not available before 2.88
#  339 |   location->bytes = g_markup_parse_context_get_offset (context);
#      |   ^~~~~~~~
/usr/include/glib-2.0/glib.h:62: included_from: Included from here.
gtk-4.21.1/gdk/gdktypes.h:33: included_from: Included from here.
gtk-4.21.1/gdk/gdkapplaunchcontext.h:27: included_from: Included from here.
gtk-4.21.1/gdk/gdk.h:29: included_from: Included from here.
gtk-4.21.1/gtk/gtksvg.h:28: included_from: Included from here.
gtk-4.21.1/gtk/gtksvgprivate.h:24: included_from: Included from here.
gtk-4.21.1/gtk/gtksvg.c:24: included_from: Included from here.
/usr/include/glib-2.0/glib/gmarkup.h:231:22: note: declared here
#  231 | gsize                g_markup_parse_context_get_offset   (GMarkupParseContext *context);
#      |                      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  337|     location->line_chars = chars;
#  338|   #if GLIB_CHECK_VERSION (2, 87, 0)
#  339|->   location->bytes = g_markup_parse_context_get_offset (context);
#  340|   #else
#  341|     location->bytes = 0;

Error: COMPILER_WARNING (CWE-476): [#def13]
gtk-4.21.1/gtk/gtksvg.c:364:17: warning[-Wnull-dereference]: potential null pointer dereference
#  364 |   dest->element = g_strdup (src->element);
#  362|     g_assert (dest != NULL);
#  363|     g_assert (src != NULL);
#  364|->   dest->element = g_strdup (src->element);
#  365|     dest->attribute = g_strdup (src->attribute);
#  366|     dest->start = src->start;

Error: COMPILER_WARNING (CWE-476): [#def14]
gtk-4.21.1/gtk/gtksvg.c:365:19: warning[-Wnull-dereference]: potential null pointer dereference
#  365 |   dest->attribute = g_strdup (src->attribute);
#  363|     g_assert (src != NULL);
#  364|     dest->element = g_strdup (src->element);
#  365|->   dest->attribute = g_strdup (src->attribute);
#  366|     dest->start = src->start;
#  367|     dest->end = src->end;

Error: COMPILER_WARNING (CWE-476): [#def15]
gtk-4.21.1/gtk/gtksvg.c:366:15: warning[-Wnull-dereference]: potential null pointer dereference
#  366 |   dest->start = src->start;
#      |   ~~~~~~~~~~~~^~~~~~~~~~~~
#  364|     dest->element = g_strdup (src->element);
#  365|     dest->attribute = g_strdup (src->attribute);
#  366|->   dest->start = src->start;
#  367|     dest->end = src->end;
#  368|   }

Error: COMPILER_WARNING (CWE-476): [#def16]
gtk-4.21.1/gtk/gtksvg.c:367:13: warning[-Wnull-dereference]: potential null pointer dereference
#  367 |   dest->end = src->end;
#      |   ~~~~~~~~~~^~~~~~~~~~
#  365|     dest->attribute = g_strdup (src->attribute);
#  366|     dest->start = src->start;
#  367|->   dest->end = src->end;
#  368|   }
#  369|   

Error: COMPILER_WARNING (CWE-476): [#def17]
gtk-4.21.1/gtk/gtksvg.c:374:15: warning[-Wnull-dereference]: potential null pointer dereference
#  374 |   g_free (priv->element);
#  372|   {
#  373|     g_assert (priv != NULL);
#  374|->   g_free (priv->element);
#  375|     g_free (priv->attribute);
#  376|   }

Error: COMPILER_WARNING (CWE-476): [#def18]
gtk-4.21.1/gtk/gtksvg.c:375:15: warning[-Wnull-dereference]: potential null pointer dereference
#  375 |   g_free (priv->attribute);
#  373|     g_assert (priv != NULL);
#  374|     g_free (priv->element);
#  375|->   g_free (priv->attribute);
#  376|   }
#  377|   

Error: COMPILER_WARNING (CWE-476): [#def19]
gtk-4.21.1/gtk/gtksvg.c: scope_hint: In function ‘gtk_svg_error_set_element’
gtk-4.21.1/gtk/gtksvg.c:386:17: warning[-Wnull-dereference]: potential null pointer dereference
#  386 |   priv->element = g_strdup (element);
#  384|     GtkSvgErrorPrivate *priv = gtk_svg_error_get_private (error);
#  385|     g_assert (error->domain == GTK_SVG_ERROR);
#  386|->   priv->element = g_strdup (element);
#  387|   }
#  388|   

Error: COMPILER_WARNING (CWE-476): [#def20]
gtk-4.21.1/gtk/gtksvg.c: scope_hint: In function ‘gtk_svg_error_set_attribute’
gtk-4.21.1/gtk/gtksvg.c:395:19: warning[-Wnull-dereference]: potential null pointer dereference
#  395 |   priv->attribute = g_strdup (attribute);
#  393|     GtkSvgErrorPrivate *priv = gtk_svg_error_get_private (error);
#  394|     g_assert (error->domain == GTK_SVG_ERROR);
#  395|->   priv->attribute = g_strdup (attribute);
#  396|   }
#  397|   

Error: COMPILER_WARNING (CWE-476): [#def21]
gtk-4.21.1/gtk/gtksvg.c:406:17: warning[-Wnull-dereference]: potential null pointer dereference
#  406 |     priv->start = *start;
#      |     ~~~~~~~~~~~~^~~~~~~~
#  404|     g_assert (error->domain == GTK_SVG_ERROR);
#  405|     if (start)
#  406|->     priv->start = *start;
#  407|     if (end)
#  408|       priv->end = *end;

Error: COMPILER_WARNING (CWE-476): [#def22]
gtk-4.21.1/gtk/gtksvg.c:408:15: warning[-Wnull-dereference]: potential null pointer dereference
#  408 |     priv->end = *end;
#      |     ~~~~~~~~~~^~~~~~
#  406|       priv->start = *start;
#  407|     if (end)
#  408|->     priv->end = *end;
#  409|   }
#  410|   

Error: COMPILER_WARNING (CWE-476): [#def23]
gtk-4.21.1/gtk/gtksvg.c:1155:12: warning[-Wnull-dereference]: potential null pointer dereference
# 1155 |   if (value->ref_count > 1)
#      |       ~~~~~^~~~~~~~~~~
# 1153|   svg_value_unref (SvgValue *value)
# 1154|   {
# 1155|->   if (value->ref_count > 1)
# 1156|       {
# 1157|         value->ref_count -= 1;

Error: CPPCHECK_WARNING (CWE-457): [#def24]
gtk-4.21.1/gtk/gtksvg.c:8135: error[legacyUninitvar]: Uninitialized variable: direction
# 8133|     frames = g_array_new (FALSE, FALSE, sizeof (Frame));
# 8134|   
# 8135|->   construct_moving_frames (direction,
# 8136|                              da->gpa.easing,
# 8137|                              da->gpa.segment,

Scan Properties

analyzer-version-clippy	1.92.0
analyzer-version-cppcheck	2.19.1
analyzer-version-gcc	16.0.0
analyzer-version-gcc-analyzer	16.0.0
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.92.0
diffbase-analyzer-version-cppcheck	2.19.1
diffbase-analyzer-version-gcc	16.0.0
diffbase-analyzer-version-gcc-analyzer	16.0.0
diffbase-analyzer-version-shellcheck	0.11.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-74.us-west-2.compute.internal
diffbase-known-false-positives	/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
diffbase-mock-config	fedora-rawhide-x86_64
diffbase-project-name	gtk4-4.20.2-1.fc43
diffbase-store-results-to	/tmp/tmp4in9uprr/gtk4-4.20.2-1.fc43.tar.xz
diffbase-time-created	2026-01-08 17:00:31
diffbase-time-finished	2026-01-08 17:23:36
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmp4in9uprr/gtk4-4.20.2-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp4in9uprr/gtk4-4.20.2-1.fc43.src.rpm'
diffbase-tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-74.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	gtk4-4.21.1-1.fc44
store-results-to	/tmp/tmpu2zmyq0s/gtk4-4.21.1-1.fc44.tar.xz
time-created	2026-01-08 17:24:31
time-finished	2026-01-08 17:47:55
title	Newly introduced findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpu2zmyq0s/gtk4-4.21.1-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpu2zmyq0s/gtk4-4.21.1-1.fc44.src.rpm'
tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9