Error: SHELLCHECK_WARNING (CWE-252): [#def1] /usr/libexec/import-state:6:1: warning[SC2164]: Use 'cd ... || exit' or 'cd ... || return' in case cd fails. # 4| # Copy state into root folder: # 5| # ============================ # 6|-> cd /run/initramfs/state # 7| # 8| IFS_backup=$IFS Error: SHELLCHECK_WARNING (CWE-252): [#def2] /usr/libexec/import-state:14:3: warning[SC2164]: Use 'pushd ... || exit' or 'pushd ... || return' in case pushd fails. # 12| # 13| for dir in $dirs_found; do # 14|-> pushd "$dir" > /dev/null # 15| # 16| # Remove initial '.' char from the find's result: Error: SHELLCHECK_WARNING (CWE-252): [#def3] /usr/libexec/import-state:29:3: warning[SC2164]: Use 'popd ... || exit' or 'popd ... || return' in case popd fails. # 27| find . -mindepth 1 -maxdepth 1 -not -type d -exec cp -av -t "$dest_dir" {} \; > /dev/null # 28| # 29|-> popd > /dev/null # 30| done # 31| Error: SHELLCHECK_WARNING (CWE-156): [#def4] /usr/libexec/netconsole:99:7: warning[SC2046]: Quote this to prevent word splitting. # 97| exit 6 # 98| fi # 99|-> eval $(print_address_info $SYSLOGADDR) # 100| # 101| if [ -z "$SYSLOGMACADDR" ]; then Error: SHELLCHECK_WARNING (CWE-153): [#def5] /usr/libexec/readonly-root:119:33: warning[SC2053]: Quote the right-hand side of = in [[ ]] to prevent glob matching. # 117| prefix=0 # 118| for mount_point in "${MOUNTS[@]}"; do # 119|-> [[ $m = $mount_point ]] && continue # 120| if [[ $m =~ ^$mount_point/.* ]] ; then # 121| prefix=1 Error: SHELLCHECK_WARNING (CWE-477): [#def6] /usr/libexec/readonly-root:139:33: warning[SC2166]: Prefer [ p ] || [ q ] as [ p -o q ] is not well defined. # 137| # must be done even if we have local storage. # 138| ipaddr= # 139|-> if [ "$HOSTNAME" = "localhost" -o "$HOSTNAME" = "localhost.localdomain" ]; then # 140| ipaddr=$(ip addr show to 0.0.0.0/0 scope global | awk '/[[:space:]]inet / { print gensub("/.*","","g",$2) }') # 141| for ip in $ipaddr ; do Error: SHELLCHECK_WARNING (CWE-563): [#def7] /usr/libexec/readonly-root:141:3: warning[SC2034]: ip appears unused. Verify use (or export if used externally). # 139| if [ "$HOSTNAME" = "localhost" -o "$HOSTNAME" = "localhost.localdomain" ]; then # 140| ipaddr=$(ip addr show to 0.0.0.0/0 scope global | awk '/[[:space:]]inet / { print gensub("/.*","","g",$2) }') # 141|-> for ip in $ipaddr ; do # 142| HOSTNAME= # 143| eval $(ipcalc -h $ipaddr 2>/dev/null) Error: SHELLCHECK_WARNING (CWE-156): [#def8] /usr/libexec/readonly-root:143:9: warning[SC2046]: Quote this to prevent word splitting. # 141| for ip in $ipaddr ; do # 142| HOSTNAME= # 143|-> eval $(ipcalc -h $ipaddr 2>/dev/null) # 144| [ -n "$HOSTNAME" ] && { hostname ${HOSTNAME} ; break; } # 145| done Error: GCC_ANALYZER_WARNING (CWE-775): [#def9] initscripts-10.27/src/genhostid.c:45:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/random", 0)’ initscripts-10.27/src/genhostid.c:43:12: acquire_resource: opened here initscripts-10.27/src/genhostid.c:45:6: branch_false: following ‘false’ branch... initscripts-10.27/src/genhostid.c:45:19: branch_false: ...to here initscripts-10.27/src/genhostid.c:45:19: danger: ‘open("/dev/random", 0)’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0) # 43| int fd = open ("/dev/random", O_RDONLY); # 44| # 45|-> if (fd == -1 || read (fd, &n, sizeof (n)) != sizeof (n)) { # 46| srand48 ((long int) time (NULL) ^ (long int) getpid ()); # 47| n = lrand48 (); Error: CPPCHECK_WARNING (CWE-476): [#def10] initscripts-10.27/src/rename_device.c:228: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: tmpdev # 226| } # 227| tmpdev = calloc(1, sizeof(struct netdev)); # 228|-> tmpdev->dev = g_strstrip(g_strdup(devname)); # 229| tmpdev->hwaddr = g_strstrip(g_strdup(hwaddr)); # 230| if (ret) Error: CPPCHECK_WARNING (CWE-476): [#def11] initscripts-10.27/src/rename_device.c:229: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: tmpdev # 227| tmpdev = calloc(1, sizeof(struct netdev)); # 228| tmpdev->dev = g_strstrip(g_strdup(devname)); # 229|-> tmpdev->hwaddr = g_strstrip(g_strdup(hwaddr)); # 230| if (ret) # 231| tmpdev->next = ret; Error: CPPCHECK_WARNING (CWE-476): [#def12] initscripts-10.27/src/rename_device.c:231: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: tmpdev # 229| tmpdev->hwaddr = g_strstrip(g_strdup(hwaddr)); # 230| if (ret) # 231|-> tmpdev->next = ret; # 232| ret = tmpdev; # 233| g_free(contents); Error: GCC_ANALYZER_WARNING (CWE-401): [#def13] initscripts-10.27/src/rename_device.c:317:9: warning[-Wanalyzer-malloc-leak]: leak of ‘name’ initscripts-10.27/src/rename_device.c:293:21: branch_true: following ‘true’ branch... initscripts-10.27/src/rename_device.c:297:22: branch_true: ...to here initscripts-10.27/src/rename_device.c:313:32: acquire_memory: allocated here initscripts-10.27/src/rename_device.c:317:9: branch_true: following ‘true’ branch... initscripts-10.27/src/rename_device.c:317:9: branch_true: ...to here initscripts-10.27/src/rename_device.c:317:9: throw: if ‘g_free_sized’ throws an exception... initscripts-10.27/src/rename_device.c:317:9: danger: ‘name’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4) # 315| } # 316| } # 317|-> g_free(contents); # 318| g_strfreev(entries); # 319| return name; Error: GCC_ANALYZER_WARNING (CWE-401): [#def14] initscripts-10.27/src/rename_device.c:318:9: warning[-Wanalyzer-malloc-leak]: leak of ‘name’ initscripts-10.27/src/rename_device.c:293:21: branch_true: following ‘true’ branch... initscripts-10.27/src/rename_device.c:297:22: branch_true: ...to here initscripts-10.27/src/rename_device.c:313:32: acquire_memory: allocated here initscripts-10.27/src/rename_device.c:318:9: throw: if ‘g_strfreev’ throws an exception... initscripts-10.27/src/rename_device.c:318:9: danger: ‘name’ leaks here; was allocated at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4) # 316| } # 317| g_free(contents); # 318|-> g_strfreev(entries); # 319| return name; # 320| } Error: GCC_ANALYZER_WARNING (CWE-775): [#def15] initscripts-10.27/src/rename_device.c:350:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/.rename_device.lock", 0)’ initscripts-10.27/src/rename_device.c:329:20: branch_false: following ‘false’ branch... initscripts-10.27/src/rename_device.c:336:28: branch_false: ...to here initscripts-10.27/src/rename_device.c:336:27: branch_false: following ‘false’ branch... initscripts-10.27/src/rename_device.c:339:17: branch_false: ...to here initscripts-10.27/src/rename_device.c:341:20: branch_false: following ‘false’ branch (when ‘count <= 199’)... initscripts-10.27/src/rename_device.c:356:17: branch_false: ...to here initscripts-10.27/src/rename_device.c:329:20: branch_false: following ‘false’ branch... initscripts-10.27/src/rename_device.c:336:28: branch_false: ...to here initscripts-10.27/src/rename_device.c:336:27: branch_false: following ‘false’ branch... initscripts-10.27/src/rename_device.c:339:17: branch_false: ...to here initscripts-10.27/src/rename_device.c:329:20: branch_false: following ‘false’ branch... initscripts-10.27/src/rename_device.c:336:28: branch_false: ...to here initscripts-10.27/src/rename_device.c:336:27: branch_false: following ‘false’ branch... initscripts-10.27/src/rename_device.c:339:17: branch_false: ...to here initscripts-10.27/src/rename_device.c:346:30: acquire_resource: opened here initscripts-10.27/src/rename_device.c:347:28: branch_false: following ‘false’ branch... initscripts-10.27/src/rename_device.c:349:42: branch_false: ...to here initscripts-10.27/src/rename_device.c:350:25: danger: ‘open("/dev/.rename_device.lock", 0)’ leaks here; was opened at [(15)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/14) # 348| break; # 349| ignored_retval = read(fd,buf,32); # 350|-> close(fd); # 351| pid = atoi(buf); # 352| if (pid && pid != 1) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def16] initscripts-10.27/src/usernetctl.c:107:9: warning[-Wanalyzer-malloc-leak]: leak of ‘contents’ initscripts-10.27/src/usernetctl.c:152:1: enter_function: entry to ‘main’ initscripts-10.27/src/usernetctl.c:160:8: branch_false: following ‘false’ branch (when ‘argc == 3’)... initscripts-10.27/src/usernetctl.c:162:10: branch_false: ...to here initscripts-10.27/src/usernetctl.c:172:8: branch_false: following ‘false’ branch... initscripts-10.27/src/usernetctl.c:179:13: branch_false: ...to here initscripts-10.27/src/usernetctl.c:204:7: branch_true: following ‘true’ branch... initscripts-10.27/src/usernetctl.c:205:13: branch_true: ...to here initscripts-10.27/src/usernetctl.c:205:13: call_function: calling ‘userCtl’ from ‘main’ # 105| # 106| if (read(fd, contents, size) != size) { # 107|-> perror("error reading device configuration"); # 108| exit(1); # 109| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def17] initscripts-10.27/src/usernetctl.c:110:5: warning[-Wanalyzer-malloc-leak]: leak of ‘contents’ initscripts-10.27/src/usernetctl.c:152:1: enter_function: entry to ‘main’ initscripts-10.27/src/usernetctl.c:160:8: branch_false: following ‘false’ branch (when ‘argc == 3’)... initscripts-10.27/src/usernetctl.c:162:10: branch_false: ...to here initscripts-10.27/src/usernetctl.c:172:8: branch_false: following ‘false’ branch... initscripts-10.27/src/usernetctl.c:179:13: branch_false: ...to here initscripts-10.27/src/usernetctl.c:204:7: branch_true: following ‘true’ branch... initscripts-10.27/src/usernetctl.c:205:13: branch_true: ...to here initscripts-10.27/src/usernetctl.c:205:13: call_function: calling ‘userCtl’ from ‘main’ # 108| exit(1); # 109| } # 110|-> close(fd); # 111| # 112| contents[size] = '\n';
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-203.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | initscripts-10.27-1.fc44 |
| store-results-to | /tmp/tmppx40kirz/initscripts-10.27-1.fc44.tar.xz |
| time-created | 2026-01-08 17:12:09 |
| time-finished | 2026-01-08 17:13:22 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmppx40kirz/initscripts-10.27-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmppx40kirz/initscripts-10.27-1.fc44.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |