Error: SHELLCHECK_WARNING (CWE-563): [#def1] /usr/libexec/ebtables-helper:23:1: warning[SC2034]: EBTABLES_SAVE_ON_RESTART appears unused. Verify use (or export if used externally). # 21| # ebtables-config defaults # 22| EBTABLES_SAVE_ON_STOP="no" # 23|-> EBTABLES_SAVE_ON_RESTART="no" # 24| EBTABLES_SAVE_COUNTER="no" # 25| Error: SHELLCHECK_WARNING (CWE-153): [#def2] /usr/libexec/ebtables-helper:49:17: warning[SC2053]: Quote the right-hand side of == in [[ ]] to prevent glob matching. # 47| local found=false # 48| for t in $EBTABLES_TABLES; do # 49|-> if [[ $t == $table ]]; then # 50| found=true # 51| break Error: COMPILER_WARNING (CWE-704): [#def3] iptables-1.8.11/extensions/libxt_TCPOPTSTRIP.c: scope_hint: In function ‘parse_list’ iptables-1.8.11/extensions/libxt_TCPOPTSTRIP.c:78:19: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type # 78 | p = strchr(arg, ','); # | ^ # 76| # 77| while (true) { # 78|-> p = strchr(arg, ','); # 79| if (p != NULL) # 80| *p = '\0'; Error: COMPILER_WARNING (CWE-704): [#def4] iptables-1.8.11/extensions/libxt_TCPOPTSTRIP.c:78:19: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type # 76| # 77| while (true) { # 78|-> p = strchr(arg, ','); # 79| if (p != NULL) # 80| *p = '\0'; Error: COMPILER_WARNING (CWE-704): [#def5] iptables-1.8.11/extensions/libxt_sctp.c: scope_hint: In function ‘parse_sctp_chunk’ iptables-1.8.11/extensions/libxt_sctp.c:211:40: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type # 211 | if ((p = strchr(sctp_chunk_names[i].valid_flags, # | ^ # 209| int bit; # 210| # 211|-> if ((p = strchr(sctp_chunk_names[i].valid_flags, # 212| toupper(chunk_flags[j]))) != NULL) { # 213| bit = p - sctp_chunk_names[i].valid_flags; Error: COMPILER_WARNING (CWE-704): [#def6] iptables-1.8.11/extensions/libxt_sctp.c:211:40: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type # 209| int bit; # 210| # 211|-> if ((p = strchr(sctp_chunk_names[i].valid_flags, # 212| toupper(chunk_flags[j]))) != NULL) { # 213| bit = p - sctp_chunk_names[i].valid_flags; Error: GCC_ANALYZER_WARNING (CWE-476): [#def7] iptables-1.8.11/include/linux/netfilter_ipv4/ip_tables.h:221:28: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘fw’ iptables-1.8.11/iptables/iptables.c:659:5: enter_function: entry to ‘do_command4’ iptables-1.8.11/iptables/iptables.c:726:12: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables.c:731:13: branch_false: ...to here iptables-1.8.11/iptables/iptables.c:736:20: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables.c:741:28: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables.c:744:25: branch_false: ...to here iptables-1.8.11/iptables/iptables.c:749:20: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables.c:750:32: branch_true: ...to here iptables-1.8.11/iptables/iptables.c:767:20: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables.c:774:29: branch_true: ...to here iptables-1.8.11/iptables/iptables.c:774:28: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables.c:779:25: branch_false: ...to here iptables-1.8.11/iptables/iptables.c:811:23: call_function: calling ‘replace_entry’ from ‘do_command4’ # 219| ipt_get_target(struct ipt_entry *e) # 220| { # 221|-> return (void *)e + e->target_offset; # 222| } # 223| Error: GCC_ANALYZER_WARNING (CWE-476): [#def8] iptables-1.8.11/include/linux/netfilter_ipv6/ip6_tables.h:261:28: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘fw’ iptables-1.8.11/iptables/ip6tables.c:665:5: enter_function: entry to ‘do_command6’ iptables-1.8.11/iptables/ip6tables.c:733:12: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/ip6tables.c:738:13: branch_false: ...to here iptables-1.8.11/iptables/ip6tables.c:743:20: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/ip6tables.c:748:28: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/ip6tables.c:751:25: branch_false: ...to here iptables-1.8.11/iptables/ip6tables.c:756:20: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/ip6tables.c:757:32: branch_true: ...to here iptables-1.8.11/iptables/ip6tables.c:772:20: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/ip6tables.c:779:29: branch_true: ...to here iptables-1.8.11/iptables/ip6tables.c:779:28: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/ip6tables.c:784:25: branch_false: ...to here iptables-1.8.11/iptables/ip6tables.c:816:23: call_function: calling ‘replace_entry’ from ‘do_command6’ # 259| ip6t_get_target(struct ip6t_entry *e) # 260| { # 261|-> return (void *)e + e->target_offset; # 262| } # 263| Error: GCC_ANALYZER_WARNING (CWE-775): [#def9] iptables-1.8.11/iptables/iptables-restore.c:204:32: warning[-Wanalyzer-file-leak]: leak of FILE ‘in’ iptables-1.8.11/iptables/iptables-restore.c:401:1: enter_function: entry to ‘ip6tables_restore_main’ iptables-1.8.11/iptables/iptables-restore.c:407:12: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-restore.c:416:15: branch_false: ...to here iptables-1.8.11/iptables/iptables-restore.c:416:15: call_function: calling ‘ip46tables_restore_main’ from ‘ip6tables_restore_main’ # 202| } else if ((buffer[0] == '*') && (!in_table)) { # 203| /* Acquire a lock before we create a new table handle */ # 204|-> lock = xtables_lock_or_exit(wait); # 205| # 206| /* New table */ Error: GCC_ANALYZER_WARNING (CWE-401): [#def10] iptables-1.8.11/iptables/iptables-restore.c:204:32: warning[-Wanalyzer-malloc-leak]: leak of ‘in’ iptables-1.8.11/iptables/iptables-restore.c:401:1: enter_function: entry to ‘ip6tables_restore_main’ iptables-1.8.11/iptables/iptables-restore.c:407:12: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-restore.c:416:15: branch_false: ...to here iptables-1.8.11/iptables/iptables-restore.c:416:15: call_function: calling ‘ip46tables_restore_main’ from ‘ip6tables_restore_main’ # 202| } else if ((buffer[0] == '*') && (!in_table)) { # 203| /* Acquire a lock before we create a new table handle */ # 204|-> lock = xtables_lock_or_exit(wait); # 205| # 206| /* New table */ Error: GCC_ANALYZER_WARNING (CWE-775): [#def11] iptables-1.8.11/iptables/iptables-restore.c:212:33: warning[-Wanalyzer-file-leak]: leak of FILE ‘in’ iptables-1.8.11/iptables/iptables-restore.c:401:1: enter_function: entry to ‘ip6tables_restore_main’ iptables-1.8.11/iptables/iptables-restore.c:407:12: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-restore.c:416:15: branch_false: ...to here iptables-1.8.11/iptables/iptables-restore.c:416:15: call_function: calling ‘ip46tables_restore_main’ from ‘ip6tables_restore_main’ # 210| DEBUGP("line %u, table '%s'\n", line, table); # 211| if (!table) # 212|-> xtables_error(PARAMETER_PROBLEM, # 213| "%s: line %u table name invalid", # 214| xt_params->program_name, line); Error: GCC_ANALYZER_WARNING (CWE-401): [#def12] iptables-1.8.11/iptables/iptables-restore.c:212:33: warning[-Wanalyzer-malloc-leak]: leak of ‘in’ iptables-1.8.11/iptables/iptables-restore.c:401:1: enter_function: entry to ‘ip6tables_restore_main’ iptables-1.8.11/iptables/iptables-restore.c:407:12: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-restore.c:416:15: branch_false: ...to here iptables-1.8.11/iptables/iptables-restore.c:416:15: call_function: calling ‘ip46tables_restore_main’ from ‘ip6tables_restore_main’ # 210| DEBUGP("line %u, table '%s'\n", line, table); # 211| if (!table) # 212|-> xtables_error(PARAMETER_PROBLEM, # 213| "%s: line %u table name invalid", # 214| xt_params->program_name, line); Error: GCC_ANALYZER_WARNING (CWE-775): [#def13] iptables-1.8.11/iptables/iptables-restore.c:221:41: warning[-Wanalyzer-file-leak]: leak of FILE ‘in’ iptables-1.8.11/iptables/iptables-restore.c:401:1: enter_function: entry to ‘ip6tables_restore_main’ iptables-1.8.11/iptables/iptables-restore.c:407:12: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-restore.c:416:15: branch_false: ...to here iptables-1.8.11/iptables/iptables-restore.c:416:15: call_function: calling ‘ip46tables_restore_main’ from ‘ip6tables_restore_main’ # 219| if (tablename && strcmp(tablename, table) != 0) { # 220| if (lock >= 0) { # 221|-> xtables_unlock(lock); # 222| lock = XT_LOCK_NOT_ACQUIRED; # 223| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def14] iptables-1.8.11/iptables/iptables-restore.c:221:41: warning[-Wanalyzer-malloc-leak]: leak of ‘in’ iptables-1.8.11/iptables/iptables-restore.c:401:1: enter_function: entry to ‘ip6tables_restore_main’ iptables-1.8.11/iptables/iptables-restore.c:407:12: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-restore.c:416:15: branch_false: ...to here iptables-1.8.11/iptables/iptables-restore.c:416:15: call_function: calling ‘ip46tables_restore_main’ from ‘ip6tables_restore_main’ # 219| if (tablename && strcmp(tablename, table) != 0) { # 220| if (lock >= 0) { # 221|-> xtables_unlock(lock); # 222| lock = XT_LOCK_NOT_ACQUIRED; # 223| } Error: GCC_ANALYZER_WARNING (CWE-775): [#def15] iptables-1.8.11/iptables/iptables-save.c:62:31: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(*afinfo.proc_exists, "re")’ iptables-1.8.11/iptables/iptables-save.c:262:1: enter_function: entry to ‘ip6tables_save_main’ iptables-1.8.11/iptables/iptables-save.c:267:12: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-save.c:276:15: branch_false: ...to here iptables-1.8.11/iptables/iptables-save.c:276:15: call_function: calling ‘do_iptables_save’ from ‘ip6tables_save_main’ # 60| # 61| while (fgets(tablename, sizeof(tablename), procfile)) { # 62|-> if (tablename[strlen(tablename) - 1] != '\n') # 63| xtables_error(OTHER_PROBLEM, # 64| "Badly formed tablename `%s'", tablename); Error: GCC_ANALYZER_WARNING (CWE-401): [#def16] iptables-1.8.11/iptables/iptables-save.c:62:31: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(*afinfo.proc_exists, "re")’ iptables-1.8.11/iptables/iptables-save.c:262:1: enter_function: entry to ‘ip6tables_save_main’ iptables-1.8.11/iptables/iptables-save.c:267:12: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-save.c:276:15: branch_false: ...to here iptables-1.8.11/iptables/iptables-save.c:276:15: call_function: calling ‘do_iptables_save’ from ‘ip6tables_save_main’ # 60| # 61| while (fgets(tablename, sizeof(tablename), procfile)) { # 62|-> if (tablename[strlen(tablename) - 1] != '\n') # 63| xtables_error(OTHER_PROBLEM, # 64| "Badly formed tablename `%s'", tablename); Error: GCC_ANALYZER_WARNING (CWE-775): [#def17] iptables-1.8.11/iptables/iptables-save.c:164:28: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(optarg, "w")’ iptables-1.8.11/iptables/iptables-save.c:262:1: enter_function: entry to ‘ip6tables_save_main’ iptables-1.8.11/iptables/iptables-save.c:267:12: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-save.c:276:15: branch_false: ...to here iptables-1.8.11/iptables/iptables-save.c:276:15: call_function: calling ‘do_iptables_save’ from ‘ip6tables_save_main’ # 162| } # 163| ret = dup2(fileno(file), STDOUT_FILENO); # 164|-> if (ret == -1) { # 165| fprintf(stderr, "Failed to redirect stdout, error: %s\n", # 166| strerror(errno)); Error: GCC_ANALYZER_WARNING (CWE-401): [#def18] iptables-1.8.11/iptables/iptables-save.c:164:28: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(optarg, "w")’ iptables-1.8.11/iptables/iptables-save.c:262:1: enter_function: entry to ‘ip6tables_save_main’ iptables-1.8.11/iptables/iptables-save.c:267:12: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-save.c:276:15: branch_false: ...to here iptables-1.8.11/iptables/iptables-save.c:276:15: call_function: calling ‘do_iptables_save’ from ‘ip6tables_save_main’ # 162| } # 163| ret = dup2(fileno(file), STDOUT_FILENO); # 164|-> if (ret == -1) { # 165| fprintf(stderr, "Failed to redirect stdout, error: %s\n", # 166| strerror(errno)); Error: GCC_ANALYZER_WARNING (CWE-688): [#def19] iptables-1.8.11/iptables/iptables-xml.c:476:21: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected iptables-1.8.11/iptables/iptables-xml.c:542:1: enter_function: entry to ‘iptables_xml_main’ iptables-1.8.11/iptables/iptables-xml.c:567:12: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:574:19: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:574:19: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:578:17: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:583:16: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:586:17: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:605:27: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:619:27: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:646:27: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:648:31: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:648:31: release_memory: ‘pcnt’ is NULL iptables-1.8.11/iptables/iptables-xml.c:649:31: release_memory: ‘pcnt’ is NULL iptables-1.8.11/iptables/iptables-xml.c:660:37: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:661:58: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:666:28: branch_false: following ‘false’ branch (when ‘chain’ is non-NULL)... iptables-1.8.11/iptables/iptables-xml.c:671:25: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:672:25: call_function: calling ‘do_rule’ from ‘iptables_xml_main’ # 474| } # 475| // break when old!=new # 476|-> if (strcmp(oldargv[old], newargv[new]) != 0) { # 477| compare = 0; # 478| break; Error: GCC_ANALYZER_WARNING (CWE-775): [#def20] iptables-1.8.11/iptables/iptables-xml.c:612:33: warning[-Wanalyzer-file-leak]: leak of FILE ‘in’ iptables-1.8.11/iptables/iptables-xml.c:567:12: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:568:32: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:568:22: acquire_resource: opened here iptables-1.8.11/iptables/iptables-xml.c:569:20: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:580:9: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:583:16: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:586:17: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:605:27: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:609:33: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:611:28: branch_true: following ‘true’ branch (when ‘table’ is NULL)... iptables-1.8.11/iptables/iptables-xml.c:612:33: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:612:33: throw: if the called function throws an exception... iptables-1.8.11/iptables/iptables-xml.c:612:33: danger: ‘in’ leaks here; was opened at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2) # 610| DEBUGP("line %u, table '%s'\n", line, table); # 611| if (!table) # 612|-> xtables_error(PARAMETER_PROBLEM, # 613| "%s: line %u table name invalid", # 614| prog_name, line); Error: GCC_ANALYZER_WARNING (CWE-401): [#def21] iptables-1.8.11/iptables/iptables-xml.c:612:33: warning[-Wanalyzer-malloc-leak]: leak of ‘in’ iptables-1.8.11/iptables/iptables-xml.c:567:12: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:568:32: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:568:22: acquire_memory: allocated here iptables-1.8.11/iptables/iptables-xml.c:569:20: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:580:9: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:583:16: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:586:17: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:605:27: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:609:33: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:611:28: branch_true: following ‘true’ branch (when ‘table’ is NULL)... iptables-1.8.11/iptables/iptables-xml.c:612:33: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:612:33: throw: if the called function throws an exception... iptables-1.8.11/iptables/iptables-xml.c:612:33: danger: ‘in’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2) # 610| DEBUGP("line %u, table '%s'\n", line, table); # 611| if (!table) # 612|-> xtables_error(PARAMETER_PROBLEM, # 613| "%s: line %u table name invalid", # 614| prog_name, line); Error: GCC_ANALYZER_WARNING (CWE-775): [#def22] iptables-1.8.11/iptables/iptables-xml.c:628:33: warning[-Wanalyzer-file-leak]: leak of FILE ‘in’ iptables-1.8.11/iptables/iptables-xml.c:567:12: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:568:32: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:568:22: acquire_resource: opened here iptables-1.8.11/iptables/iptables-xml.c:569:20: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:580:9: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:583:16: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:586:17: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:605:27: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:619:27: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:619:27: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:627:28: branch_true: following ‘true’ branch (when ‘chain’ is NULL)... iptables-1.8.11/iptables/iptables-xml.c:628:33: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:628:33: throw: if the called function throws an exception... iptables-1.8.11/iptables/iptables-xml.c:628:33: danger: ‘in’ leaks here; was opened at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2) # 626| DEBUGP("line %u, chain '%s'\n", line, chain); # 627| if (!chain) # 628|-> xtables_error(PARAMETER_PROBLEM, # 629| "%s: line %u chain name invalid", # 630| prog_name, line); Error: GCC_ANALYZER_WARNING (CWE-401): [#def23] iptables-1.8.11/iptables/iptables-xml.c:628:33: warning[-Wanalyzer-malloc-leak]: leak of ‘in’ iptables-1.8.11/iptables/iptables-xml.c:567:12: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:568:32: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:568:22: acquire_memory: allocated here iptables-1.8.11/iptables/iptables-xml.c:569:20: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:580:9: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:583:16: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:586:17: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:605:27: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:619:27: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:619:27: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:627:28: branch_true: following ‘true’ branch (when ‘chain’ is NULL)... iptables-1.8.11/iptables/iptables-xml.c:628:33: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:628:33: throw: if the called function throws an exception... iptables-1.8.11/iptables/iptables-xml.c:628:33: danger: ‘in’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2) # 626| DEBUGP("line %u, chain '%s'\n", line, chain); # 627| if (!chain) # 628|-> xtables_error(PARAMETER_PROBLEM, # 629| "%s: line %u chain name invalid", # 630| prog_name, line); Error: GCC_ANALYZER_WARNING (CWE-775): [#def24] iptables-1.8.11/iptables/iptables-xml.c:637:33: warning[-Wanalyzer-file-leak]: leak of FILE ‘in’ iptables-1.8.11/iptables/iptables-xml.c:567:12: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:568:32: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:568:22: acquire_resource: opened here iptables-1.8.11/iptables/iptables-xml.c:569:20: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:580:9: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:583:16: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:586:17: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:605:27: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:619:27: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:619:27: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:627:28: branch_false: following ‘false’ branch (when ‘chain’ is non-NULL)... iptables-1.8.11/iptables/iptables-xml.c:634:34: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:636:28: branch_true: following ‘true’ branch (when ‘policy’ is NULL)... iptables-1.8.11/iptables/iptables-xml.c:637:33: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:637:33: throw: if the called function throws an exception... iptables-1.8.11/iptables/iptables-xml.c:637:33: danger: ‘in’ leaks here; was opened at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2) # 635| DEBUGP("line %u, policy '%s'\n", line, policy); # 636| if (!policy) # 637|-> xtables_error(PARAMETER_PROBLEM, # 638| "%s: line %u policy invalid", # 639| prog_name, line); Error: GCC_ANALYZER_WARNING (CWE-401): [#def25] iptables-1.8.11/iptables/iptables-xml.c:637:33: warning[-Wanalyzer-malloc-leak]: leak of ‘in’ iptables-1.8.11/iptables/iptables-xml.c:567:12: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:568:32: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:568:22: acquire_memory: allocated here iptables-1.8.11/iptables/iptables-xml.c:569:20: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:580:9: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:583:16: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:586:17: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:605:27: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:619:27: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:619:27: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:627:28: branch_false: following ‘false’ branch (when ‘chain’ is non-NULL)... iptables-1.8.11/iptables/iptables-xml.c:634:34: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:636:28: branch_true: following ‘true’ branch (when ‘policy’ is NULL)... iptables-1.8.11/iptables/iptables-xml.c:637:33: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:637:33: throw: if the called function throws an exception... iptables-1.8.11/iptables/iptables-xml.c:637:33: danger: ‘in’ leaks here; was allocated at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2) # 635| DEBUGP("line %u, policy '%s'\n", line, policy); # 636| if (!policy) # 637|-> xtables_error(PARAMETER_PROBLEM, # 638| "%s: line %u policy invalid", # 639| prog_name, line); Error: GCC_ANALYZER_WARNING (CWE-775): [#def26] iptables-1.8.11/iptables/iptables-xml.c:642:25: warning[-Wanalyzer-file-leak]: leak of FILE ‘in’ iptables-1.8.11/iptables/iptables-xml.c:567:12: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:568:32: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:568:22: acquire_resource: opened here iptables-1.8.11/iptables/iptables-xml.c:569:20: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:580:9: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:583:16: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:586:17: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:605:27: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:619:27: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:619:27: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:627:28: branch_false: following ‘false’ branch (when ‘chain’ is non-NULL)... iptables-1.8.11/iptables/iptables-xml.c:634:34: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:636:28: branch_false: following ‘false’ branch (when ‘policy’ is non-NULL)... iptables-1.8.11/iptables/iptables-xml.c:641:32: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:642:25: throw: if ‘parse_counters’ throws an exception... iptables-1.8.11/iptables/iptables-xml.c:642:25: danger: ‘in’ leaks here; was opened at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2) # 640| # 641| ctrs = strtok(NULL, " \t\n"); # 642|-> parse_counters(ctrs, &count); # 643| saveChain(chain, policy, &count); # 644| Error: GCC_ANALYZER_WARNING (CWE-401): [#def27] iptables-1.8.11/iptables/iptables-xml.c:642:25: warning[-Wanalyzer-malloc-leak]: leak of ‘in’ iptables-1.8.11/iptables/iptables-xml.c:567:12: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:568:32: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:568:22: acquire_memory: allocated here iptables-1.8.11/iptables/iptables-xml.c:569:20: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:580:9: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:583:16: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:586:17: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:605:27: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:619:27: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:619:27: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:627:28: branch_false: following ‘false’ branch (when ‘chain’ is non-NULL)... iptables-1.8.11/iptables/iptables-xml.c:634:34: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:636:28: branch_false: following ‘false’ branch (when ‘policy’ is non-NULL)... iptables-1.8.11/iptables/iptables-xml.c:641:32: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:642:25: throw: if ‘parse_counters’ throws an exception... iptables-1.8.11/iptables/iptables-xml.c:642:25: danger: ‘in’ leaks here; was allocated at [(3)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/2) # 640| # 641| ctrs = strtok(NULL, " \t\n"); # 642|-> parse_counters(ctrs, &count); # 643| saveChain(chain, policy, &count); # 644| Error: GCC_ANALYZER_WARNING (CWE-775): [#def28] iptables-1.8.11/iptables/iptables-xml.c:653:25: warning[-Wanalyzer-file-leak]: leak of FILE ‘in’ iptables-1.8.11/iptables/iptables-xml.c:567:12: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:568:32: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:568:22: acquire_resource: opened here iptables-1.8.11/iptables/iptables-xml.c:569:20: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:580:9: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:583:16: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:586:17: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:605:27: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:619:27: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:646:27: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:648:31: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:653:25: throw: if ‘tokenize_rule_counters’ throws an exception... iptables-1.8.11/iptables/iptables-xml.c:653:25: danger: ‘in’ leaks here; was opened at [(3)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/2) # 651| char *chain = NULL; # 652| # 653|-> tokenize_rule_counters(&parsestart, &pcnt, &bcnt, line); # 654| add_param_to_argv(&cur_rule, parsestart, line); # 655| Error: GCC_ANALYZER_WARNING (CWE-401): [#def29] iptables-1.8.11/iptables/iptables-xml.c:653:25: warning[-Wanalyzer-malloc-leak]: leak of ‘in’ iptables-1.8.11/iptables/iptables-xml.c:567:12: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:568:32: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:568:22: acquire_memory: allocated here iptables-1.8.11/iptables/iptables-xml.c:569:20: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:580:9: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:583:16: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:586:17: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:605:27: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:619:27: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:646:27: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:648:31: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:653:25: throw: if ‘tokenize_rule_counters’ throws an exception... iptables-1.8.11/iptables/iptables-xml.c:653:25: danger: ‘in’ leaks here; was allocated at [(3)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/2) # 651| char *chain = NULL; # 652| # 653|-> tokenize_rule_counters(&parsestart, &pcnt, &bcnt, line); # 654| add_param_to_argv(&cur_rule, parsestart, line); # 655| Error: GCC_ANALYZER_WARNING (CWE-775): [#def30] iptables-1.8.11/iptables/iptables-xml.c:654:25: warning[-Wanalyzer-file-leak]: leak of FILE ‘in’ iptables-1.8.11/iptables/iptables-xml.c:567:12: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:568:32: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:568:22: acquire_resource: opened here iptables-1.8.11/iptables/iptables-xml.c:569:20: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:580:9: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:583:16: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:586:17: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:605:27: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:619:27: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:646:27: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:648:31: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:654:25: throw: if ‘add_param_to_argv’ throws an exception... iptables-1.8.11/iptables/iptables-xml.c:654:25: danger: ‘in’ leaks here; was opened at [(3)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/2) # 652| # 653| tokenize_rule_counters(&parsestart, &pcnt, &bcnt, line); # 654|-> add_param_to_argv(&cur_rule, parsestart, line); # 655| # 656| DEBUGP("calling do_command4(%u, argv, &%s, handle):\n", Error: GCC_ANALYZER_WARNING (CWE-401): [#def31] iptables-1.8.11/iptables/iptables-xml.c:654:25: warning[-Wanalyzer-malloc-leak]: leak of ‘in’ iptables-1.8.11/iptables/iptables-xml.c:567:12: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:568:32: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:568:22: acquire_memory: allocated here iptables-1.8.11/iptables/iptables-xml.c:569:20: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:580:9: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:583:16: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:586:17: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:605:27: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/iptables-xml.c:619:27: branch_false: ...to here iptables-1.8.11/iptables/iptables-xml.c:646:27: branch_true: following ‘true’ branch... iptables-1.8.11/iptables/iptables-xml.c:648:31: branch_true: ...to here iptables-1.8.11/iptables/iptables-xml.c:654:25: throw: if ‘add_param_to_argv’ throws an exception... iptables-1.8.11/iptables/iptables-xml.c:654:25: danger: ‘in’ leaks here; was allocated at [(3)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/2) # 652| # 653| tokenize_rule_counters(&parsestart, &pcnt, &bcnt, line); # 654|-> add_param_to_argv(&cur_rule, parsestart, line); # 655| # 656| DEBUGP("calling do_command4(%u, argv, &%s, handle):\n", Error: CPPCHECK_WARNING (CWE-457): [#def32] iptables-1.8.11/iptables/nft-cache.c:207: error[uninitvar]: Uninitialized variable: c # 205| # 206| hlist_for_each_entry(c, node, chain_name_hlist(h, t, chain), hnode) { # 207|-> if (!strcmp(nftnl_chain_get_str(c->nftnl, NFTNL_CHAIN_NAME), # 208| chain)) # 209| return c; Error: GCC_ANALYZER_WARNING (CWE-476): [#def33] iptables-1.8.11/iptables/nft-ruleparse.c:870:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ iptables-1.8.11/iptables/nft-ruleparse.c:890:6: enter_function: entry to ‘nft_rule_to_iptables_command_state’ iptables-1.8.11/iptables/nft-ruleparse.c:903:12: branch_false: following ‘false’ branch... iptables-1.8.11/iptables/nft-ruleparse.c:906:16: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:907:16: branch_true: following ‘true’ branch (when ‘expr’ is non-NULL)... iptables-1.8.11/iptables/nft-ruleparse.c:909:25: branch_true: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:911:20: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:913:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:913:25: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:915:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:915:25: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:917:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:917:25: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:919:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:919:25: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:921:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:921:25: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:923:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:923:25: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:925:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:925:25: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:927:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:927:25: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:929:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:929:25: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:931:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:931:25: branch_false: following ‘false’ branch (when the strings are non-equal)... iptables-1.8.11/iptables/nft-ruleparse.c:933:26: branch_false: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:933:25: branch_true: following ‘true’ branch (when the strings are equal)... iptables-1.8.11/iptables/nft-ruleparse.c:934:25: branch_true: ...to here iptables-1.8.11/iptables/nft-ruleparse.c:934:25: call_function: calling ‘nft_parse_range’ from ‘nft_rule_to_iptables_command_state’ # 868| sreg = nft_xt_ctx_get_sreg(ctx, reg); # 869| # 870|-> switch (sreg->type) { # 871| case NFT_XT_REG_UNDEF: # 872| ctx->errmsg = "range sreg undef"; Error: CPPCHECK_WARNING (CWE-457): [#def34] iptables-1.8.11/iptables/nft.c:251: error[uninitvar]: Uninitialized variable: nlh->nlmsg_seq # 249| if (ret == -1) { # 250| mnl_err_list_node_add(&h->err_list, errno, # 251|-> nlh->nlmsg_seq); # 252| err = -1; # 253| } Error: COMPILER_WARNING (CWE-704): [#def35] iptables-1.8.11/iptables/xshared.c: scope_hint: In function ‘parse_rule_range’ iptables-1.8.11/iptables/xshared.c:912:23: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type # 912 | char *colon = strchr(argv, ':'), *buffer; # | ^~~~~~ # 910| static void parse_rule_range(struct xt_cmd_parse *p, const char *argv) # 911| { # 912|-> char *colon = strchr(argv, ':'), *buffer; # 913| # 914| if (colon) { Error: COMPILER_WARNING (CWE-704): [#def36] iptables-1.8.11/iptables/xshared.c:912:23: warning[-Wdiscarded-qualifiers]: initialization discards ‘const’ qualifier from pointer target type # 910| static void parse_rule_range(struct xt_cmd_parse *p, const char *argv) # 911| { # 912|-> char *colon = strchr(argv, ':'), *buffer; # 913| # 914| if (colon) { Error: GCC_ANALYZER_WARNING (CWE-775): [#def37] iptables-1.8.11/iptables/xtables-restore.c:381:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘p.in’ iptables-1.8.11/iptables/xtables-restore.c:405:5: enter_function: entry to ‘xtables_ip6_restore_main’ iptables-1.8.11/iptables/xtables-restore.c:407:16: call_function: calling ‘xtables_restore_main’ from ‘xtables_ip6_restore_main’ # 379| } # 380| # 381|-> if (nft_init(&h, family) < 0) { # 382| fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", # 383| xtables_globals.program_name, Error: GCC_ANALYZER_WARNING (CWE-401): [#def38] iptables-1.8.11/iptables/xtables-restore.c:381:13: warning[-Wanalyzer-malloc-leak]: leak of ‘p.in’ iptables-1.8.11/iptables/xtables-restore.c:405:5: enter_function: entry to ‘xtables_ip6_restore_main’ iptables-1.8.11/iptables/xtables-restore.c:407:16: call_function: calling ‘xtables_restore_main’ from ‘xtables_ip6_restore_main’ # 379| } # 380| # 381|-> if (nft_init(&h, family) < 0) { # 382| fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", # 383| xtables_globals.program_name, Error: GCC_ANALYZER_WARNING (CWE-775): [#def39] iptables-1.8.11/iptables/xtables-save.c:176:28: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(optarg, "w")’ iptables-1.8.11/iptables/xtables-save.c:271:5: enter_function: entry to ‘xtables_arp_save_main’ iptables-1.8.11/iptables/xtables-save.c:273:16: call_function: calling ‘xtables_save_main’ from ‘xtables_arp_save_main’ # 174| } # 175| ret = dup2(fileno(file), STDOUT_FILENO); # 176|-> if (ret == -1) { # 177| fprintf(stderr, "Failed to redirect stdout, error: %s\n", # 178| strerror(errno)); Error: GCC_ANALYZER_WARNING (CWE-401): [#def40] iptables-1.8.11/iptables/xtables-save.c:176:28: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(optarg, "w")’ iptables-1.8.11/iptables/xtables-save.c:271:5: enter_function: entry to ‘xtables_arp_save_main’ iptables-1.8.11/iptables/xtables-save.c:273:16: call_function: calling ‘xtables_save_main’ from ‘xtables_arp_save_main’ # 174| } # 175| ret = dup2(fileno(file), STDOUT_FILENO); # 176|-> if (ret == -1) { # 177| fprintf(stderr, "Failed to redirect stdout, error: %s\n", # 178| strerror(errno)); Error: GCC_ANALYZER_WARNING (CWE-775): [#def41] iptables-1.8.11/iptables/xtables-save.c:232:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘ret’ iptables-1.8.11/iptables/xtables-save.c:271:5: enter_function: entry to ‘xtables_arp_save_main’ iptables-1.8.11/iptables/xtables-save.c:273:16: call_function: calling ‘xtables_save_main’ from ‘xtables_arp_save_main’ # 230| } # 231| # 232|-> if (nft_init(&h, family) < 0) { # 233| fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", # 234| xtables_globals.program_name, Error: GCC_ANALYZER_WARNING (CWE-775): [#def42] iptables-1.8.11/iptables/xtables-save.c:240:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘ret’ iptables-1.8.11/iptables/xtables-save.c:271:5: enter_function: entry to ‘xtables_arp_save_main’ iptables-1.8.11/iptables/xtables-save.c:273:16: call_function: calling ‘xtables_save_main’ from ‘xtables_arp_save_main’ # 238| } # 239| # 240|-> nft_cache_level_set(&h, NFT_CL_RULES, NULL); # 241| nft_cache_build(&h); # 242| nft_xt_fake_builtin_chains(&h, tablename, NULL); Error: GCC_ANALYZER_WARNING (CWE-775): [#def43] iptables-1.8.11/iptables/xtables-save.c:241:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘ret’ iptables-1.8.11/iptables/xtables-save.c:271:5: enter_function: entry to ‘xtables_arp_save_main’ iptables-1.8.11/iptables/xtables-save.c:273:16: call_function: calling ‘xtables_save_main’ from ‘xtables_arp_save_main’ # 239| # 240| nft_cache_level_set(&h, NFT_CL_RULES, NULL); # 241|-> nft_cache_build(&h); # 242| nft_xt_fake_builtin_chains(&h, tablename, NULL); # 243| Error: GCC_ANALYZER_WARNING (CWE-775): [#def44] iptables-1.8.11/iptables/xtables-save.c:242:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘ret’ iptables-1.8.11/iptables/xtables-save.c:271:5: enter_function: entry to ‘xtables_arp_save_main’ iptables-1.8.11/iptables/xtables-save.c:273:16: call_function: calling ‘xtables_save_main’ from ‘xtables_arp_save_main’ # 240| nft_cache_level_set(&h, NFT_CL_RULES, NULL); # 241| nft_cache_build(&h); # 242|-> nft_xt_fake_builtin_chains(&h, tablename, NULL); # 243| # 244| ret = do_output(&h, tablename, &d); Error: GCC_ANALYZER_WARNING (CWE-775): [#def45] iptables-1.8.11/iptables/xtables-translate.c:615:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘p.in’ iptables-1.8.11/iptables/xtables-translate.c:649:5: enter_function: entry to ‘xtables_ip6_xlate_restore_main’ iptables-1.8.11/iptables/xtables-translate.c:651:16: call_function: calling ‘xtables_restore_xlate_main’ from ‘xtables_ip6_xlate_restore_main’ # 613| printf("# Translated by %s v%s on %s", # 614| argv[0], PACKAGE_VERSION, ctime(&now)); # 615|-> xtables_restore_parse(&h, &p); # 616| printf("# Completed on %s", ctime(&now)); # 617| Error: GCC_ANALYZER_WARNING (CWE-401): [#def46] iptables-1.8.11/iptables/xtables-translate.c:615:9: warning[-Wanalyzer-malloc-leak]: leak of ‘p.in’ iptables-1.8.11/iptables/xtables-translate.c:649:5: enter_function: entry to ‘xtables_ip6_xlate_restore_main’ iptables-1.8.11/iptables/xtables-translate.c:651:16: call_function: calling ‘xtables_restore_xlate_main’ from ‘xtables_ip6_xlate_restore_main’ # 613| printf("# Translated by %s v%s on %s", # 614| argv[0], PACKAGE_VERSION, ctime(&now)); # 615|-> xtables_restore_parse(&h, &p); # 616| printf("# Completed on %s", ctime(&now)); # 617| Error: GCC_ANALYZER_WARNING (CWE-688): [#def47] iptables-1.8.11/libiptc/libiptc.c:499:9: warning[-Wanalyzer-null-argument]: use of NULL '*h.chain_index' where non-null expected iptables-1.8.11/libiptc/libiptc.c:2226:1: enter_function: entry to 'ip6tc_create_chain' iptables-1.8.11/libiptc/libiptc.c:2236:12: branch_false: following 'false' branch... iptables-1.8.11/libiptc/libiptc.c:2237:16: branch_false: ...to here iptables-1.8.11/libiptc/libiptc.c:2236:13: branch_false: following 'false' branch (when the strings are non-equal)... iptables-1.8.11/libiptc/libiptc.c:2238:16: branch_false: ...to here iptables-1.8.11/libiptc/libiptc.c:2236:13: branch_false: following 'false' branch (when the strings are non-equal)... iptables-1.8.11/libiptc/libiptc.c:2239:16: branch_false: ...to here iptables-1.8.11/libiptc/libiptc.c:2236:13: branch_false: following 'false' branch (when the strings are non-equal)... iptables-1.8.11/libiptc/libiptc.c:2240:16: branch_false: ...to here iptables-1.8.11/libiptc/libiptc.c:2236:13: branch_false: following 'false' branch (when the strings are non-equal)... iptables-1.8.11/libiptc/libiptc.c:2246:13: branch_false: ...to here iptables-1.8.11/libiptc/libiptc.c:2246:12: branch_false: following 'false' branch... iptables-1.8.11/libiptc/libiptc.c:2252:13: branch_false: ...to here iptables-1.8.11/libiptc/libiptc.c:2252:13: call_function: calling 'iptcc_alloc_chain_head' from 'ip6tc_create_chain' iptables-1.8.11/libiptc/libiptc.c:2252:13: return_function: returning to 'ip6tc_create_chain' from 'iptcc_alloc_chain_head' iptables-1.8.11/libiptc/libiptc.c:2253:12: branch_false: following 'false' branch... iptables-1.8.11/libiptc/libiptc.c:2259:9: branch_false: ...to here iptables-1.8.11/libiptc/libiptc.c:2262:9: call_function: calling 'iptc_insert_chain' from 'ip6tc_create_chain' iptables-1.8.11/libiptc/libiptc.c:2262:9: return_function: returning to 'ip6tc_create_chain' from 'iptc_insert_chain' iptables-1.8.11/libiptc/libiptc.c:2272:12: branch_true: following 'true' branch (when 'exceeded > 355')... iptables-1.8.11/libiptc/libiptc.c:2275:17: branch_true: ...to here iptables-1.8.11/libiptc/libiptc.c:2275:17: call_function: calling 'iptcc_chain_index_rebuild' from 'ip6tc_create_chain' # 497| return -ENOMEM; # 498| } # 499|-> memset(h->chain_index, 0, array_mem); # 500| h->chain_index_sz = array_elems; # 501| Error: CPPCHECK_WARNING (CWE-457): [#def48] iptables-1.8.11/libxtables/xtables.c:284: warning[uninitvar]: Uninitialized variables: n.next, n.pprev # 282| # 283| for (i = 0; i < NOTARGET_HSIZE; i++) { # 284|-> hlist_for_each_entry_safe(cur, pos, n, ¬argets[i], node) { # 285| hlist_del(&cur->node); # 286| free(cur); Error: CPPCHECK_WARNING (CWE-457): [#def49] iptables-1.8.11/libxtables/xtables.c:286: warning[uninitvar]: Uninitialized variable: cur # 284| hlist_for_each_entry_safe(cur, pos, n, ¬argets[i], node) { # 285| hlist_del(&cur->node); # 286|-> free(cur); # 287| } # 288| } Error: CPPCHECK_WARNING (CWE-457): [#def50] iptables-1.8.11/libxtables/xtables.c:308: error[uninitvar]: Uninitialized variable: cur # 306| # 307| hlist_for_each_entry(cur, node, ¬argets[key], node) { # 308|-> if (!strcmp(name, cur->name)) # 309| return cur; # 310| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def51] iptables-1.8.11/libxtables/xtables.c:446:17: warning[-Wanalyzer-malloc-leak]: leak of '<unknown>' iptables-1.8.11/libxtables/xtables.c:2474:18: enter_function: entry to 'xt_xlate_alloc' iptables-1.8.11/libxtables/xtables.c:2476:31: call_function: calling 'xtables_malloc' from 'xt_xlate_alloc' iptables-1.8.11/libxtables/xtables.c:2476:31: return_function: returning to 'xt_xlate_alloc' from 'xtables_malloc' iptables-1.8.11/libxtables/xtables.c:2479:21: branch_true: following 'true' branch (when 'i != 2')... iptables-1.8.11/libxtables/xtables.c:2480:35: branch_true: ...to here iptables-1.8.11/libxtables/xtables.c:2480:35: call_function: calling 'xtables_malloc' from 'xt_xlate_alloc' iptables-1.8.11/libxtables/xtables.c:2480:35: return_function: returning to 'xt_xlate_alloc' from 'xtables_malloc' iptables-1.8.11/libxtables/xtables.c:2479:21: branch_true: following 'true' branch (when 'i != 2')... iptables-1.8.11/libxtables/xtables.c:2480:35: branch_true: ...to here iptables-1.8.11/libxtables/xtables.c:2480:35: call_function: calling 'xtables_malloc' from 'xt_xlate_alloc' # 444| # 445| if ((p = malloc(size)) == NULL) { # 446|-> perror("ip[6]tables: malloc failed"); # 447| exit(1); # 448| } Error: GCC_ANALYZER_WARNING (CWE-775): [#def52] iptables-1.8.11/libxtables/xtables.c:483:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'sockfd' iptables-1.8.11/libxtables/xtables.c:1020:5: enter_function: entry to 'xtables_compatible_revision' iptables-1.8.11/libxtables/xtables.c:1026:18: acquire_resource: socket created here iptables-1.8.11/libxtables/xtables.c:1027:12: branch_false: following 'false' branch (when 'sockfd >= 0')... iptables-1.8.11/libxtables/xtables.c:1042:9: branch_false: ...to here iptables-1.8.11/libxtables/xtables.c:1042:9: call_function: calling 'xtables_load_ko' from 'xtables_compatible_revision' # 481| int count; # 482| # 483|-> procfile = open(PROC_SYS_MODPROBE, O_RDONLY | O_CLOEXEC); # 484| if (procfile < 0) # 485| return NULL; Error: GCC_ANALYZER_WARNING (CWE-775): [#def53] iptables-1.8.11/libxtables/xtables.c:490:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open("/proc/sys/kernel/modprobe", 524288)' iptables-1.8.11/libxtables/xtables.c:561:5: enter_function: entry to 'xtables_load_ko' iptables-1.8.11/libxtables/xtables.c:574:15: call_function: calling 'xtables_insmod' from 'xtables_load_ko' # 488| if (ret) { # 489| count = read(procfile, ret, PATH_MAX); # 490|-> if (count > 0 && count < PATH_MAX) # 491| { # 492| if (ret[count - 1] == '\n') Error: GCC_ANALYZER_WARNING (CWE-775): [#def54] iptables-1.8.11/libxtables/xtables.c:496:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'sockfd' iptables-1.8.11/libxtables/xtables.c:1020:5: enter_function: entry to 'xtables_compatible_revision' iptables-1.8.11/libxtables/xtables.c:1026:18: acquire_resource: socket created here iptables-1.8.11/libxtables/xtables.c:1027:12: branch_false: following 'false' branch (when 'sockfd >= 0')... iptables-1.8.11/libxtables/xtables.c:1042:9: branch_false: ...to here iptables-1.8.11/libxtables/xtables.c:1042:9: call_function: calling 'xtables_load_ko' from 'xtables_compatible_revision' # 494| else # 495| ret[count] = '\0'; # 496|-> close(procfile); # 497| return ret; # 498| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def55] iptables-1.8.11/libxtables/xtables.c:496:25: warning[-Wanalyzer-malloc-leak]: leak of 'ret' iptables-1.8.11/libxtables/xtables.c:561:5: enter_function: entry to 'xtables_load_ko' iptables-1.8.11/libxtables/xtables.c:574:15: call_function: calling 'xtables_insmod' from 'xtables_load_ko' # 494| else # 495| ret[count] = '\0'; # 496|-> close(procfile); # 497| return ret; # 498| } Error: GCC_ANALYZER_WARNING (CWE-775): [#def56] iptables-1.8.11/libxtables/xtables.c:501:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open("/proc/sys/kernel/modprobe", 524288)' iptables-1.8.11/libxtables/xtables.c:561:5: enter_function: entry to 'xtables_load_ko' iptables-1.8.11/libxtables/xtables.c:574:15: call_function: calling 'xtables_insmod' from 'xtables_load_ko' # 499| } # 500| free(ret); # 501|-> close(procfile); # 502| return NULL; # 503| } Error: GCC_ANALYZER_WARNING (CWE-775): [#def57] iptables-1.8.11/libxtables/xtables.c:501:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'sockfd' iptables-1.8.11/libxtables/xtables.c:1020:5: enter_function: entry to 'xtables_compatible_revision' iptables-1.8.11/libxtables/xtables.c:1026:18: acquire_resource: socket created here iptables-1.8.11/libxtables/xtables.c:1027:12: branch_false: following 'false' branch (when 'sockfd >= 0')... iptables-1.8.11/libxtables/xtables.c:1042:9: branch_false: ...to here iptables-1.8.11/libxtables/xtables.c:1042:9: call_function: calling 'xtables_load_ko' from 'xtables_compatible_revision' # 499| } # 500| free(ret); # 501|-> close(procfile); # 502| return NULL; # 503| } Error: GCC_ANALYZER_WARNING (CWE-775): [#def58] iptables-1.8.11/libxtables/xtables.c:529:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'sockfd' iptables-1.8.11/libxtables/xtables.c:1020:5: enter_function: entry to 'xtables_compatible_revision' iptables-1.8.11/libxtables/xtables.c:1026:18: acquire_resource: socket created here iptables-1.8.11/libxtables/xtables.c:1027:12: branch_false: following 'false' branch (when 'sockfd >= 0')... iptables-1.8.11/libxtables/xtables.c:1042:9: branch_false: ...to here iptables-1.8.11/libxtables/xtables.c:1042:9: call_function: calling 'xtables_load_ko' from 'xtables_compatible_revision' # 527| * when switching the program thru execv. # 528| */ # 529|-> fflush(stdout); # 530| # 531| if (posix_spawn(&pid, argv[0], NULL, NULL, argv, NULL)) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def59] iptables-1.8.11/libxtables/xtables.c:529:9: warning[-Wanalyzer-malloc-leak]: leak of 'buf' iptables-1.8.11/libxtables/xtables.c:561:5: enter_function: entry to 'xtables_load_ko' iptables-1.8.11/libxtables/xtables.c:574:15: call_function: calling 'xtables_insmod' from 'xtables_load_ko' # 527| * when switching the program thru execv. # 528| */ # 529|-> fflush(stdout); # 530| # 531| if (posix_spawn(&pid, argv[0], NULL, NULL, argv, NULL)) { Error: GCC_ANALYZER_WARNING (CWE-775): [#def60] iptables-1.8.11/libxtables/xtables.c:531:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'sockfd' iptables-1.8.11/libxtables/xtables.c:1020:5: enter_function: entry to 'xtables_compatible_revision' iptables-1.8.11/libxtables/xtables.c:1026:18: acquire_resource: socket created here iptables-1.8.11/libxtables/xtables.c:1027:12: branch_false: following 'false' branch (when 'sockfd >= 0')... iptables-1.8.11/libxtables/xtables.c:1042:9: branch_false: ...to here iptables-1.8.11/libxtables/xtables.c:1042:9: call_function: calling 'xtables_load_ko' from 'xtables_compatible_revision' # 529| fflush(stdout); # 530| # 531|-> if (posix_spawn(&pid, argv[0], NULL, NULL, argv, NULL)) { # 532| free(buf); # 533| return -1; Error: GCC_ANALYZER_WARNING (CWE-401): [#def61] iptables-1.8.11/libxtables/xtables.c:531:13: warning[-Wanalyzer-malloc-leak]: leak of 'buf' iptables-1.8.11/libxtables/xtables.c:561:5: enter_function: entry to 'xtables_load_ko' iptables-1.8.11/libxtables/xtables.c:574:15: call_function: calling 'xtables_insmod' from 'xtables_load_ko' # 529| fflush(stdout); # 530| # 531|-> if (posix_spawn(&pid, argv[0], NULL, NULL, argv, NULL)) { # 532| free(buf); # 533| return -1; Error: GCC_ANALYZER_WARNING (CWE-404): [#def62] iptables-1.8.11/libxtables/xtables.c:1487:17: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' iptables-1.8.11/libxtables/xtables.c:1477:9: acquire_resource: 'va_start' called here iptables-1.8.11/libxtables/xtables.c:1483:20: branch_false: following 'false' branch... iptables-1.8.11/libxtables/xtables.c:1487:26: branch_false: ...to here iptables-1.8.11/libxtables/xtables.c:1487:17: throw: if the called function throws an exception... iptables-1.8.11/libxtables/xtables.c:1487:17: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/0) # 1485| return; # 1486| } # 1487|-> xt_params->exit_err(PARAMETER_PROBLEM, # 1488| "%s: \"%s\" option may only be specified once", # 1489| p1, p2); Error: GCC_ANALYZER_WARNING (CWE-404): [#def63] iptables-1.8.11/libxtables/xtables.c:1498:17: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' iptables-1.8.11/libxtables/xtables.c:1477:9: acquire_resource: 'va_start' called here iptables-1.8.11/libxtables/xtables.c:1494:20: branch_false: following 'false' branch... iptables-1.8.11/libxtables/xtables.c:1498:26: branch_false: ...to here iptables-1.8.11/libxtables/xtables.c:1498:17: throw: if the called function throws an exception... iptables-1.8.11/libxtables/xtables.c:1498:17: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/0) # 1496| return; # 1497| } # 1498|-> xt_params->exit_err(PARAMETER_PROBLEM, # 1499| "%s: \"%s\" option cannot be inverted", p1, p2); # 1500| break; Error: GCC_ANALYZER_WARNING (CWE-404): [#def64] iptables-1.8.11/libxtables/xtables.c:1504:17: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' iptables-1.8.11/libxtables/xtables.c:1477:9: acquire_resource: 'va_start' called here iptables-1.8.11/libxtables/xtables.c:1504:17: throw: if the called function throws an exception... iptables-1.8.11/libxtables/xtables.c:1504:17: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/0) # 1502| p2 = va_arg(args, const char *); # 1503| p3 = va_arg(args, const char *); # 1504|-> xt_params->exit_err(PARAMETER_PROBLEM, # 1505| "%s: Bad value for \"%s\" option: \"%s\"", # 1506| p1, p2, p3); Error: GCC_ANALYZER_WARNING (CWE-404): [#def65] iptables-1.8.11/libxtables/xtables.c:1514:17: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' iptables-1.8.11/libxtables/xtables.c:1477:9: acquire_resource: 'va_start' called here iptables-1.8.11/libxtables/xtables.c:1510:20: branch_false: following 'false' branch... iptables-1.8.11/libxtables/xtables.c:1514:26: branch_false: ...to here iptables-1.8.11/libxtables/xtables.c:1514:17: throw: if the called function throws an exception... iptables-1.8.11/libxtables/xtables.c:1514:17: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/0) # 1512| return; # 1513| } # 1514|-> xt_params->exit_err(PARAMETER_PROBLEM, # 1515| "%s: At most one action is possible", p1); # 1516| break; Error: GCC_ANALYZER_WARNING (CWE-404): [#def66] iptables-1.8.11/libxtables/xtables.c:1518:17: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' iptables-1.8.11/libxtables/xtables.c:1477:9: acquire_resource: 'va_start' called here iptables-1.8.11/libxtables/xtables.c:1518:17: throw: if the called function throws an exception... iptables-1.8.11/libxtables/xtables.c:1518:17: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/0) # 1516| break; # 1517| default: # 1518|-> xt_params->exit_err(status, p1, args); # 1519| break; # 1520| } Error: COMPILER_WARNING (CWE-704): [#def67] iptables-1.8.11/libxtables/xtables.c: scope_hint: In function 'xtables_ipparse_multiple' iptables-1.8.11/libxtables/xtables.c:1770:22: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type # 1770 | next = strchr(loop, ','); # | ^ # 1768| while (isspace(*loop)) # 1769| ++loop; # 1770|-> next = strchr(loop, ','); # 1771| if (next != NULL) # 1772| len = next - loop; Error: COMPILER_WARNING (CWE-704): [#def68] iptables-1.8.11/libxtables/xtables.c:1770:22: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type # 1768| while (isspace(*loop)) # 1769| ++loop; # 1770|-> next = strchr(loop, ','); # 1771| if (next != NULL) # 1772| len = next - loop; Error: COMPILER_WARNING (CWE-704): [#def69] iptables-1.8.11/libxtables/xtables.c: scope_hint: In function 'xtables_ip6parse_multiple' iptables-1.8.11/libxtables/xtables.c:2069:22: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type # 2069 | next = strchr(loop, ','); # | ^ # 2067| while (isspace(*loop)) # 2068| ++loop; # 2069|-> next = strchr(loop, ','); # 2070| if (next != NULL) # 2071| len = next - loop; Error: COMPILER_WARNING (CWE-704): [#def70] iptables-1.8.11/libxtables/xtables.c:2069:22: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type # 2067| while (isspace(*loop)) # 2068| ++loop; # 2069|-> next = strchr(loop, ','); # 2070| if (next != NULL) # 2071| len = next - loop; Error: COMPILER_WARNING (CWE-704): [#def71] iptables-1.8.11/libxtables/xtables.c: scope_hint: In function 'xtables_parse_mac_and_mask' iptables-1.8.11/libxtables/xtables.c:2310:17: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type # 2310 | if ( (p = strrchr(from, '/')) != NULL) { # | ^ # 2308| return 0; # 2309| } # 2310|-> if ( (p = strrchr(from, '/')) != NULL) { # 2311| *p = '\0'; # 2312| if (!(addr = ether_aton(p + 1))) Error: COMPILER_WARNING (CWE-704): [#def72] iptables-1.8.11/libxtables/xtables.c:2310:17: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type # 2308| return 0; # 2309| } # 2310|-> if ( (p = strrchr(from, '/')) != NULL) { # 2311| *p = '\0'; # 2312| if (!(addr = ether_aton(p + 1))) Error: GCC_ANALYZER_WARNING (CWE-401): [#def73] iptables-1.8.11/libxtables/xtables.c:2480:35: warning[-Wanalyzer-malloc-leak]: leak of 'xtables_malloc(312)' iptables-1.8.11/libxtables/xtables.c:2474:18: enter_function: entry to 'xt_xlate_alloc' iptables-1.8.11/libxtables/xtables.c:2476:31: call_function: calling 'xtables_malloc' from 'xt_xlate_alloc' iptables-1.8.11/libxtables/xtables.c:2476:31: return_function: returning to 'xt_xlate_alloc' from 'xtables_malloc' iptables-1.8.11/libxtables/xtables.c:2479:21: branch_true: following 'true' branch (when 'i != 2')... iptables-1.8.11/libxtables/xtables.c:2480:35: branch_true: ...to here iptables-1.8.11/libxtables/xtables.c:2480:35: call_function: calling 'xtables_malloc' from 'xt_xlate_alloc' # 2478| # 2479| for (i = 0; i < __XT_XLATE_MAX; i++) { # 2480|-> xl->buf[i].data = xtables_malloc(size); # 2481| xl->buf[i].data[0] = '\0'; # 2482| xl->buf[i].size = size; Error: GCC_ANALYZER_WARNING (CWE-476): [#def74] iptables-1.8.11/libxtables/xtoptions.c:766:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'p' iptables-1.8.11/libxtables/xtoptions.c:760:12: branch_false: following 'false' branch... iptables-1.8.11/libxtables/xtoptions.c:764:16: branch_false: ...to here iptables-1.8.11/libxtables/xtoptions.c:766:9: danger: dereference of NULL 'p' # 764| work = xtables_strdup(orig_arg); # 765| p = strchr(work, '/'); /* by def this can't be NULL now */ # 766|-> *p++ = '\0'; # 767| /* # 768| * Because xtopt_parse_host and xtopt_parse_plenmask would store Error: GCC_ANALYZER_WARNING (CWE-401): [#def75] iptables-1.8.11/libxtables/xtoptions.c:1164:35: warning[-Wanalyzer-malloc-leak]: leak of 'lmap_this' iptables-1.8.11/libxtables/xtoptions.c:1123:12: branch_false: following 'false' branch... iptables-1.8.11/libxtables/xtoptions.c:1123:12: branch_false: ...to here iptables-1.8.11/libxtables/xtoptions.c:1126:16: branch_true: following 'true' branch... iptables-1.8.11/libxtables/xtoptions.c:1126:16: branch_true: ...to here iptables-1.8.11/libxtables/xtoptions.c:1158:29: acquire_memory: allocated here iptables-1.8.11/libxtables/xtoptions.c:1159:20: branch_false: following 'false' branch (when 'lmap_this' is non-NULL)... iptables-1.8.11/libxtables/xtoptions.c:1163:17: branch_false: ...to here iptables-1.8.11/libxtables/xtoptions.c:1164:35: throw: if 'xtables_strdup' throws an exception... iptables-1.8.11/libxtables/xtoptions.c:1164:35: danger: 'lmap_this' leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4) # 1162| } # 1163| lmap_this->id = id; # 1164|-> lmap_this->name = xtables_strdup(cur); # 1165| lmap_this->next = NULL; # 1166| Error: GCC_ANALYZER_WARNING (CWE-775): [#def76] iptables-1.8.11/utils/nfnl_osf.c:409:21: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "r")’ iptables-1.8.11/utils/nfnl_osf.c:432:5: enter_function: entry to ‘main’ iptables-1.8.11/utils/nfnl_osf.c:437:16: branch_true: following ‘true’ branch (when ‘ch != -1’)... iptables-1.8.11/utils/nfnl_osf.c:438:17: branch_true: ...to here iptables-1.8.11/utils/nfnl_osf.c:453:12: branch_false: following ‘false’ branch (when ‘fingerprints’ is non-NULL)... iptables-1.8.11/utils/nfnl_osf.c:459:17: branch_false: ...to here iptables-1.8.11/utils/nfnl_osf.c:460:12: branch_false: following ‘false’ branch... iptables-1.8.11/utils/nfnl_osf.c:470:19: branch_false: ...to here iptables-1.8.11/utils/nfnl_osf.c:471:12: branch_false: following ‘false’ branch... iptables-1.8.11/utils/nfnl_osf.c:477:15: branch_false: ...to here iptables-1.8.11/utils/nfnl_osf.c:477:15: call_function: calling ‘osf_load_entries’ from ‘main’ # 407| lineno++; # 408| # 409|-> if (buf[0] == '#' || buf[0] == '\n' || buf[0] == '\r') # 410| continue; # 411| Error: GCC_ANALYZER_WARNING (CWE-401): [#def77] iptables-1.8.11/utils/nfnl_osf.c:409:21: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(path, "r")’ iptables-1.8.11/utils/nfnl_osf.c:432:5: enter_function: entry to ‘main’ iptables-1.8.11/utils/nfnl_osf.c:437:16: branch_true: following ‘true’ branch (when ‘ch != -1’)... iptables-1.8.11/utils/nfnl_osf.c:438:17: branch_true: ...to here iptables-1.8.11/utils/nfnl_osf.c:453:12: branch_false: following ‘false’ branch (when ‘fingerprints’ is non-NULL)... iptables-1.8.11/utils/nfnl_osf.c:459:17: branch_false: ...to here iptables-1.8.11/utils/nfnl_osf.c:460:12: branch_false: following ‘false’ branch... iptables-1.8.11/utils/nfnl_osf.c:470:19: branch_false: ...to here iptables-1.8.11/utils/nfnl_osf.c:471:12: branch_false: following ‘false’ branch... iptables-1.8.11/utils/nfnl_osf.c:477:15: branch_false: ...to here iptables-1.8.11/utils/nfnl_osf.c:477:15: call_function: calling ‘osf_load_entries’ from ‘main’ # 407| lineno++; # 408| # 409|-> if (buf[0] == '#' || buf[0] == '\n' || buf[0] == '\r') # 410| continue; # 411|
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-106.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | iptables-1.8.11-12.fc44 |
| store-results-to | /tmp/tmpp59lh9c_/iptables-1.8.11-12.fc44.tar.xz |
| time-created | 2026-01-08 17:08:55 |
| time-finished | 2026-01-08 17:10:47 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpp59lh9c_/iptables-1.8.11-12.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpp59lh9c_/iptables-1.8.11-12.fc44.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |