libcbor-0.13.0-1.fc44

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1]
libcbor-0.13.0/examples/cbor_sequence.c:21:27: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "wb")’
libcbor-0.13.0/examples/cbor_sequence.c:14:16: acquire_resource: opened here
libcbor-0.13.0/examples/cbor_sequence.c:15:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/cbor_sequence.c:21:27: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:21:27: throw: if ‘cbor_build_uint32’ throws an exception...
libcbor-0.13.0/examples/cbor_sequence.c:21:27: danger: ‘fopen(filename, "wb")’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   19|   
#   20|     // Create example CBOR items
#   21|->   cbor_item_t* int_item = cbor_build_uint32(42);
#   22|     cbor_item_t* string_item = cbor_build_string("Hello, CBOR!");
#   23|     cbor_item_t* array_item = cbor_new_definite_array(2);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def2]
libcbor-0.13.0/examples/cbor_sequence.c:21:27: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "wb")’
libcbor-0.13.0/examples/cbor_sequence.c:14:16: acquire_memory: allocated here
libcbor-0.13.0/examples/cbor_sequence.c:15:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/cbor_sequence.c:21:27: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:21:27: throw: if ‘cbor_build_uint32’ throws an exception...
libcbor-0.13.0/examples/cbor_sequence.c:21:27: danger: ‘fopen(filename, "wb")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   19|   
#   20|     // Create example CBOR items
#   21|->   cbor_item_t* int_item = cbor_build_uint32(42);
#   22|     cbor_item_t* string_item = cbor_build_string("Hello, CBOR!");
#   23|     cbor_item_t* array_item = cbor_new_definite_array(2);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def3]
libcbor-0.13.0/examples/cbor_sequence.c:22:30: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "wb")’
libcbor-0.13.0/examples/cbor_sequence.c:14:16: acquire_resource: opened here
libcbor-0.13.0/examples/cbor_sequence.c:15:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/cbor_sequence.c:21:27: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:22:30: throw: if ‘cbor_build_string’ throws an exception...
libcbor-0.13.0/examples/cbor_sequence.c:22:30: danger: ‘fopen(filename, "wb")’ leaks here; was opened at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#   20|     // Create example CBOR items
#   21|     cbor_item_t* int_item = cbor_build_uint32(42);
#   22|->   cbor_item_t* string_item = cbor_build_string("Hello, CBOR!");
#   23|     cbor_item_t* array_item = cbor_new_definite_array(2);
#   24|     assert(cbor_array_push(array_item, cbor_build_uint8(1)));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
libcbor-0.13.0/examples/cbor_sequence.c:22:30: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "wb")’
libcbor-0.13.0/examples/cbor_sequence.c:14:16: acquire_memory: allocated here
libcbor-0.13.0/examples/cbor_sequence.c:15:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/cbor_sequence.c:21:27: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:22:30: throw: if ‘cbor_build_string’ throws an exception...
libcbor-0.13.0/examples/cbor_sequence.c:22:30: danger: ‘fopen(filename, "wb")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#   20|     // Create example CBOR items
#   21|     cbor_item_t* int_item = cbor_build_uint32(42);
#   22|->   cbor_item_t* string_item = cbor_build_string("Hello, CBOR!");
#   23|     cbor_item_t* array_item = cbor_new_definite_array(2);
#   24|     assert(cbor_array_push(array_item, cbor_build_uint8(1)));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def5]
libcbor-0.13.0/examples/cbor_sequence.c:23:29: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "wb")’
libcbor-0.13.0/examples/cbor_sequence.c:14:16: acquire_resource: opened here
libcbor-0.13.0/examples/cbor_sequence.c:15:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/cbor_sequence.c:21:27: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:23:29: throw: if ‘cbor_new_definite_array’ throws an exception...
libcbor-0.13.0/examples/cbor_sequence.c:23:29: danger: ‘fopen(filename, "wb")’ leaks here; was opened at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#   21|     cbor_item_t* int_item = cbor_build_uint32(42);
#   22|     cbor_item_t* string_item = cbor_build_string("Hello, CBOR!");
#   23|->   cbor_item_t* array_item = cbor_new_definite_array(2);
#   24|     assert(cbor_array_push(array_item, cbor_build_uint8(1)));
#   25|     assert(cbor_array_push(array_item, cbor_build_uint8(2)));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
libcbor-0.13.0/examples/cbor_sequence.c:23:29: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "wb")’
libcbor-0.13.0/examples/cbor_sequence.c:14:16: acquire_memory: allocated here
libcbor-0.13.0/examples/cbor_sequence.c:15:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/cbor_sequence.c:21:27: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:23:29: throw: if ‘cbor_new_definite_array’ throws an exception...
libcbor-0.13.0/examples/cbor_sequence.c:23:29: danger: ‘fopen(filename, "wb")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#   21|     cbor_item_t* int_item = cbor_build_uint32(42);
#   22|     cbor_item_t* string_item = cbor_build_string("Hello, CBOR!");
#   23|->   cbor_item_t* array_item = cbor_new_definite_array(2);
#   24|     assert(cbor_array_push(array_item, cbor_build_uint8(1)));
#   25|     assert(cbor_array_push(array_item, cbor_build_uint8(2)));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def7]
libcbor-0.13.0/examples/cbor_sequence.c:31:3: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "wb")’
libcbor-0.13.0/examples/cbor_sequence.c:14:16: acquire_resource: opened here
libcbor-0.13.0/examples/cbor_sequence.c:15:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/cbor_sequence.c:21:27: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:31:3: throw: if ‘cbor_serialize_alloc’ throws an exception...
libcbor-0.13.0/examples/cbor_sequence.c:31:3: danger: ‘fopen(filename, "wb")’ leaks here; was opened at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#   29|     size_t buffer_size;
#   30|   
#   31|->   cbor_serialize_alloc(int_item, &buffer, &buffer_size);
#   32|     fwrite(buffer, 1, buffer_size, file);
#   33|     free(buffer);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
libcbor-0.13.0/examples/cbor_sequence.c:31:3: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "wb")’
libcbor-0.13.0/examples/cbor_sequence.c:14:16: acquire_memory: allocated here
libcbor-0.13.0/examples/cbor_sequence.c:15:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/cbor_sequence.c:21:27: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:31:3: throw: if ‘cbor_serialize_alloc’ throws an exception...
libcbor-0.13.0/examples/cbor_sequence.c:31:3: danger: ‘fopen(filename, "wb")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#   29|     size_t buffer_size;
#   30|   
#   31|->   cbor_serialize_alloc(int_item, &buffer, &buffer_size);
#   32|     fwrite(buffer, 1, buffer_size, file);
#   33|     free(buffer);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def9]
libcbor-0.13.0/examples/cbor_sequence.c:57:3: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "rb")’
libcbor-0.13.0/examples/cbor_sequence.c:51:16: acquire_resource: opened here
libcbor-0.13.0/examples/cbor_sequence.c:52:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/cbor_sequence.c:57:3: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:57:3: throw: if ‘fseek’ throws an exception...
libcbor-0.13.0/examples/cbor_sequence.c:57:3: danger: ‘fopen(filename, "rb")’ leaks here; was opened at [(1)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/0)
#   55|     }
#   56|   
#   57|->   fseek(file, 0, SEEK_END);
#   58|     size_t file_size = ftell(file);
#   59|     fseek(file, 0, SEEK_SET);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def10]
libcbor-0.13.0/examples/cbor_sequence.c:57:3: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "rb")’
libcbor-0.13.0/examples/cbor_sequence.c:51:16: acquire_memory: allocated here
libcbor-0.13.0/examples/cbor_sequence.c:52:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/cbor_sequence.c:57:3: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:57:3: throw: if ‘fseek’ throws an exception...
libcbor-0.13.0/examples/cbor_sequence.c:57:3: danger: ‘fopen(filename, "rb")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/0)
#   55|     }
#   56|   
#   57|->   fseek(file, 0, SEEK_END);
#   58|     size_t file_size = ftell(file);
#   59|     fseek(file, 0, SEEK_SET);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def11]
libcbor-0.13.0/examples/cbor_sequence.c:58:22: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "rb")’
libcbor-0.13.0/examples/cbor_sequence.c:51:16: acquire_resource: opened here
libcbor-0.13.0/examples/cbor_sequence.c:52:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/cbor_sequence.c:57:3: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:58:22: throw: if ‘ftell’ throws an exception...
libcbor-0.13.0/examples/cbor_sequence.c:58:22: danger: ‘fopen(filename, "rb")’ leaks here; was opened at [(1)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/0)
#   56|   
#   57|     fseek(file, 0, SEEK_END);
#   58|->   size_t file_size = ftell(file);
#   59|     fseek(file, 0, SEEK_SET);
#   60|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def12]
libcbor-0.13.0/examples/cbor_sequence.c:58:22: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "rb")’
libcbor-0.13.0/examples/cbor_sequence.c:51:16: acquire_memory: allocated here
libcbor-0.13.0/examples/cbor_sequence.c:52:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/cbor_sequence.c:57:3: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:58:22: throw: if ‘ftell’ throws an exception...
libcbor-0.13.0/examples/cbor_sequence.c:58:22: danger: ‘fopen(filename, "rb")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/0)
#   56|   
#   57|     fseek(file, 0, SEEK_END);
#   58|->   size_t file_size = ftell(file);
#   59|     fseek(file, 0, SEEK_SET);
#   60|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def13]
libcbor-0.13.0/examples/cbor_sequence.c:59:3: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "rb")’
libcbor-0.13.0/examples/cbor_sequence.c:51:16: acquire_resource: opened here
libcbor-0.13.0/examples/cbor_sequence.c:52:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/cbor_sequence.c:57:3: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:59:3: throw: if ‘fseek’ throws an exception...
libcbor-0.13.0/examples/cbor_sequence.c:59:3: danger: ‘fopen(filename, "rb")’ leaks here; was opened at [(1)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/0)
#   57|     fseek(file, 0, SEEK_END);
#   58|     size_t file_size = ftell(file);
#   59|->   fseek(file, 0, SEEK_SET);
#   60|   
#   61|     unsigned char* buffer = malloc(file_size);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def14]
libcbor-0.13.0/examples/cbor_sequence.c:59:3: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "rb")’
libcbor-0.13.0/examples/cbor_sequence.c:51:16: acquire_memory: allocated here
libcbor-0.13.0/examples/cbor_sequence.c:52:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/cbor_sequence.c:57:3: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:59:3: throw: if ‘fseek’ throws an exception...
libcbor-0.13.0/examples/cbor_sequence.c:59:3: danger: ‘fopen(filename, "rb")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/0)
#   57|     fseek(file, 0, SEEK_END);
#   58|     size_t file_size = ftell(file);
#   59|->   fseek(file, 0, SEEK_SET);
#   60|   
#   61|     unsigned char* buffer = malloc(file_size);

Error: COMPILER_WARNING (CWE-252): [#def15]
libcbor-0.13.0/examples/cbor_sequence.c: scope_hint: In function ‘read_cbor_sequence’
libcbor-0.13.0/examples/cbor_sequence.c:68:3: warning[-Wunused-result]: ignoring return value of ‘fread’ declared with attribute ‘warn_unused_result’
#   68 |   fread(buffer, 1, file_size, file);
#      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   66|     }
#   67|   
#   68|->   fread(buffer, 1, file_size, file);
#   69|     fclose(file);
#   70|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def16]
libcbor-0.13.0/examples/cbor_sequence.c:75:25: warning[-Wanalyzer-malloc-leak]: leak of ‘buffer’
libcbor-0.13.0/examples/cbor_sequence.c:52:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/cbor_sequence.c:57:3: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:61:27: acquire_memory: allocated here
libcbor-0.13.0/examples/cbor_sequence.c:62:6: branch_false: following ‘false’ branch (when ‘buffer’ is non-NULL)...
libcbor-0.13.0/examples/cbor_sequence.c:68:3: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:74:10: branch_true: following ‘true’ branch (when ‘offset < file_size’)...
libcbor-0.13.0/examples/cbor_sequence.c:75:25: branch_true: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:75:25: throw: if ‘cbor_load’ throws an exception...
libcbor-0.13.0/examples/cbor_sequence.c:75:25: danger: ‘buffer’ leaks here; was allocated at [(3)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/2)
#   73|   
#   74|     while (offset < file_size) {
#   75|->     cbor_item_t* item = cbor_load(buffer + offset, file_size - offset, &result);
#   76|       if (result.error.code != CBOR_ERR_NONE) {
#   77|         fprintf(stderr, "Error: Failed to parse CBOR item at offset %zu\n",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def17]
libcbor-0.13.0/examples/cbor_sequence.c:82:5: warning[-Wanalyzer-malloc-leak]: leak of ‘buffer’
libcbor-0.13.0/examples/cbor_sequence.c:52:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/cbor_sequence.c:57:3: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:61:27: acquire_memory: allocated here
libcbor-0.13.0/examples/cbor_sequence.c:62:6: branch_false: following ‘false’ branch (when ‘buffer’ is non-NULL)...
libcbor-0.13.0/examples/cbor_sequence.c:68:3: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:74:10: branch_true: following ‘true’ branch (when ‘offset < file_size’)...
libcbor-0.13.0/examples/cbor_sequence.c:75:25: branch_true: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:76:8: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/cbor_sequence.c:82:5: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:82:5: throw: if ‘cbor_describe’ throws an exception...
libcbor-0.13.0/examples/cbor_sequence.c:82:5: danger: ‘buffer’ leaks here; was allocated at [(3)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/2)
#   80|       }
#   81|   
#   82|->     cbor_describe(item, stdout);
#   83|       printf("\n");
#   84|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def18]
libcbor-0.13.0/examples/cbor_sequence.c:86:5: warning[-Wanalyzer-malloc-leak]: leak of ‘buffer’
libcbor-0.13.0/examples/cbor_sequence.c:52:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/cbor_sequence.c:57:3: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:61:27: acquire_memory: allocated here
libcbor-0.13.0/examples/cbor_sequence.c:62:6: branch_false: following ‘false’ branch (when ‘buffer’ is non-NULL)...
libcbor-0.13.0/examples/cbor_sequence.c:68:3: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:74:10: branch_true: following ‘true’ branch (when ‘offset < file_size’)...
libcbor-0.13.0/examples/cbor_sequence.c:75:25: branch_true: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:76:8: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/cbor_sequence.c:82:5: branch_false: ...to here
libcbor-0.13.0/examples/cbor_sequence.c:86:5: throw: if ‘cbor_decref’ throws an exception...
libcbor-0.13.0/examples/cbor_sequence.c:86:5: danger: ‘buffer’ leaks here; was allocated at [(3)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/2)
#   84|   
#   85|       offset += result.read;
#   86|->     cbor_decref(&item);
#   87|     }
#   88|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def19]
libcbor-0.13.0/examples/readfile.c:25:3: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(argv[1], "rb")’
libcbor-0.13.0/examples/readfile.c:22:6: branch_false: following ‘false’ branch (when ‘argc == 2’)...
libcbor-0.13.0/examples/readfile.c:23:13: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:23:13: acquire_resource: opened here
libcbor-0.13.0/examples/readfile.c:24:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/readfile.c:25:3: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:25:3: throw: if ‘fseek’ throws an exception...
libcbor-0.13.0/examples/readfile.c:25:3: danger: ‘fopen(argv[1], "rb")’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   23|     FILE* f = fopen(argv[1], "rb");
#   24|     if (f == NULL) usage();
#   25|->   fseek(f, 0, SEEK_END);
#   26|     size_t length = (size_t)ftell(f);
#   27|     fseek(f, 0, SEEK_SET);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def20]
libcbor-0.13.0/examples/readfile.c:25:3: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(argv[1], "rb")’
libcbor-0.13.0/examples/readfile.c:22:6: branch_false: following ‘false’ branch (when ‘argc == 2’)...
libcbor-0.13.0/examples/readfile.c:23:13: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:23:13: acquire_memory: allocated here
libcbor-0.13.0/examples/readfile.c:24:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/readfile.c:25:3: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:25:3: throw: if ‘fseek’ throws an exception...
libcbor-0.13.0/examples/readfile.c:25:3: danger: ‘fopen(argv[1], "rb")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#   23|     FILE* f = fopen(argv[1], "rb");
#   24|     if (f == NULL) usage();
#   25|->   fseek(f, 0, SEEK_END);
#   26|     size_t length = (size_t)ftell(f);
#   27|     fseek(f, 0, SEEK_SET);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def21]
libcbor-0.13.0/examples/readfile.c:26:27: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(argv[1], "rb")’
libcbor-0.13.0/examples/readfile.c:22:6: branch_false: following ‘false’ branch (when ‘argc == 2’)...
libcbor-0.13.0/examples/readfile.c:23:13: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:23:13: acquire_resource: opened here
libcbor-0.13.0/examples/readfile.c:24:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/readfile.c:25:3: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:26:27: throw: if ‘ftell’ throws an exception...
libcbor-0.13.0/examples/readfile.c:26:27: danger: ‘fopen(argv[1], "rb")’ leaks here; was opened at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#   24|     if (f == NULL) usage();
#   25|     fseek(f, 0, SEEK_END);
#   26|->   size_t length = (size_t)ftell(f);
#   27|     fseek(f, 0, SEEK_SET);
#   28|     unsigned char* buffer = malloc(length);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def22]
libcbor-0.13.0/examples/readfile.c:26:27: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(argv[1], "rb")’
libcbor-0.13.0/examples/readfile.c:22:6: branch_false: following ‘false’ branch (when ‘argc == 2’)...
libcbor-0.13.0/examples/readfile.c:23:13: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:23:13: acquire_memory: allocated here
libcbor-0.13.0/examples/readfile.c:24:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/readfile.c:25:3: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:26:27: throw: if ‘ftell’ throws an exception...
libcbor-0.13.0/examples/readfile.c:26:27: danger: ‘fopen(argv[1], "rb")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#   24|     if (f == NULL) usage();
#   25|     fseek(f, 0, SEEK_END);
#   26|->   size_t length = (size_t)ftell(f);
#   27|     fseek(f, 0, SEEK_SET);
#   28|     unsigned char* buffer = malloc(length);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def23]
libcbor-0.13.0/examples/readfile.c:27:3: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(argv[1], "rb")’
libcbor-0.13.0/examples/readfile.c:22:6: branch_false: following ‘false’ branch (when ‘argc == 2’)...
libcbor-0.13.0/examples/readfile.c:23:13: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:23:13: acquire_resource: opened here
libcbor-0.13.0/examples/readfile.c:24:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/readfile.c:25:3: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:27:3: throw: if ‘fseek’ throws an exception...
libcbor-0.13.0/examples/readfile.c:27:3: danger: ‘fopen(argv[1], "rb")’ leaks here; was opened at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#   25|     fseek(f, 0, SEEK_END);
#   26|     size_t length = (size_t)ftell(f);
#   27|->   fseek(f, 0, SEEK_SET);
#   28|     unsigned char* buffer = malloc(length);
#   29|     fread(buffer, length, 1, f);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def24]
libcbor-0.13.0/examples/readfile.c:27:3: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(argv[1], "rb")’
libcbor-0.13.0/examples/readfile.c:22:6: branch_false: following ‘false’ branch (when ‘argc == 2’)...
libcbor-0.13.0/examples/readfile.c:23:13: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:23:13: acquire_memory: allocated here
libcbor-0.13.0/examples/readfile.c:24:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/readfile.c:25:3: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:27:3: throw: if ‘fseek’ throws an exception...
libcbor-0.13.0/examples/readfile.c:27:3: danger: ‘fopen(argv[1], "rb")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#   25|     fseek(f, 0, SEEK_END);
#   26|     size_t length = (size_t)ftell(f);
#   27|->   fseek(f, 0, SEEK_SET);
#   28|     unsigned char* buffer = malloc(length);
#   29|     fread(buffer, length, 1, f);

Error: CPPCHECK_WARNING (CWE-476): [#def25]
libcbor-0.13.0/examples/readfile.c:29: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: buffer
#   27|     fseek(f, 0, SEEK_SET);
#   28|     unsigned char* buffer = malloc(length);
#   29|->   fread(buffer, length, 1, f);
#   30|   
#   31|     /* Assuming `buffer` contains `length` bytes of input data */

Error: COMPILER_WARNING (CWE-252): [#def26]
libcbor-0.13.0/examples/readfile.c: scope_hint: In function ‘main’
libcbor-0.13.0/examples/readfile.c:29:3: warning[-Wunused-result]: ignoring return value of ‘fread’ declared with attribute ‘warn_unused_result’
#   29 |   fread(buffer, length, 1, f);
#      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~
#   27|     fseek(f, 0, SEEK_SET);
#   28|     unsigned char* buffer = malloc(length);
#   29|->   fread(buffer, length, 1, f);
#   30|   
#   31|     /* Assuming `buffer` contains `length` bytes of input data */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def27]
libcbor-0.13.0/examples/readfile.c:33:23: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(argv[1], "rb")’
libcbor-0.13.0/examples/readfile.c:22:6: branch_false: following ‘false’ branch (when ‘argc == 2’)...
libcbor-0.13.0/examples/readfile.c:23:13: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:23:13: acquire_resource: opened here
libcbor-0.13.0/examples/readfile.c:24:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/readfile.c:25:3: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:33:23: throw: if ‘cbor_load’ throws an exception...
libcbor-0.13.0/examples/readfile.c:33:23: danger: ‘fopen(argv[1], "rb")’ leaks here; was opened at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2)
#   31|     /* Assuming `buffer` contains `length` bytes of input data */
#   32|     struct cbor_load_result result;
#   33|->   cbor_item_t* item = cbor_load(buffer, length, &result);
#   34|     free(buffer);
#   35|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def28]
libcbor-0.13.0/examples/readfile.c:33:23: warning[-Wanalyzer-malloc-leak]: leak of ‘buffer’
libcbor-0.13.0/examples/readfile.c:22:6: branch_false: following ‘false’ branch (when ‘argc == 2’)...
libcbor-0.13.0/examples/readfile.c:23:13: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:24:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/readfile.c:25:3: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:28:27: acquire_memory: allocated here
libcbor-0.13.0/examples/readfile.c:33:23: throw: if ‘cbor_load’ throws an exception...
libcbor-0.13.0/examples/readfile.c:33:23: danger: ‘buffer’ leaks here; was allocated at [(5)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/4)
#   31|     /* Assuming `buffer` contains `length` bytes of input data */
#   32|     struct cbor_load_result result;
#   33|->   cbor_item_t* item = cbor_load(buffer, length, &result);
#   34|     free(buffer);
#   35|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def29]
libcbor-0.13.0/examples/readfile.c:33:23: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(argv[1], "rb")’
libcbor-0.13.0/examples/readfile.c:22:6: branch_false: following ‘false’ branch (when ‘argc == 2’)...
libcbor-0.13.0/examples/readfile.c:23:13: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:23:13: acquire_memory: allocated here
libcbor-0.13.0/examples/readfile.c:24:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/readfile.c:25:3: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:33:23: throw: if ‘cbor_load’ throws an exception...
libcbor-0.13.0/examples/readfile.c:33:23: danger: ‘fopen(argv[1], "rb")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/2)
#   31|     /* Assuming `buffer` contains `length` bytes of input data */
#   32|     struct cbor_load_result result;
#   33|->   cbor_item_t* item = cbor_load(buffer, length, &result);
#   34|     free(buffer);
#   35|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def30]
libcbor-0.13.0/examples/readfile.c:36:7: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(argv[1], "rb")’
libcbor-0.13.0/examples/readfile.c:22:6: branch_false: following ‘false’ branch (when ‘argc == 2’)...
libcbor-0.13.0/examples/readfile.c:23:13: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:23:13: acquire_resource: opened here
libcbor-0.13.0/examples/readfile.c:24:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/readfile.c:25:3: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:36:7: danger: ‘fopen(argv[1], "rb")’ leaks here; was opened at [(3)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/2)
#   34|     free(buffer);
#   35|   
#   36|->   if (result.error.code != CBOR_ERR_NONE) {
#   37|       printf(
#   38|           "There was an error while reading the input near byte %zu (read %zu "

Error: GCC_ANALYZER_WARNING (CWE-401): [#def31]
libcbor-0.13.0/examples/readfile.c:36:7: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(argv[1], "rb")’
libcbor-0.13.0/examples/readfile.c:22:6: branch_false: following ‘false’ branch (when ‘argc == 2’)...
libcbor-0.13.0/examples/readfile.c:23:13: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:23:13: acquire_memory: allocated here
libcbor-0.13.0/examples/readfile.c:24:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/readfile.c:25:3: branch_false: ...to here
libcbor-0.13.0/examples/readfile.c:36:7: danger: ‘fopen(argv[1], "rb")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/2)
#   34|     free(buffer);
#   35|   
#   36|->   if (result.error.code != CBOR_ERR_NONE) {
#   37|       printf(
#   38|           "There was an error while reading the input near byte %zu (read %zu "

Error: COMPILER_WARNING (CWE-252): [#def32]
libcbor-0.13.0/examples/streaming_array.c: scope_hint: In function ‘main’
libcbor-0.13.0/examples/streaming_array.c:34:3: warning[-Wunused-result]: ignoring return value of ‘scanf’ declared with attribute ‘warn_unused_result’
#   34 |   scanf(argv[1], "%zu", &n);
#      |   ^~~~~~~~~~~~~~~~~~~~~~~~~
#   32|     if (argc != 2) usage();
#   33|     size_t n;
#   34|->   scanf(argv[1], "%zu", &n);
#   35|     out = freopen(NULL, "wb", stdout);
#   36|     if (!out) exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def33]
libcbor-0.13.0/examples/streaming_parser.c:40:3: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(argv[1], "rb")’
libcbor-0.13.0/examples/streaming_parser.c:37:6: branch_false: following ‘false’ branch (when ‘argc == 2’)...
libcbor-0.13.0/examples/streaming_parser.c:38:13: branch_false: ...to here
libcbor-0.13.0/examples/streaming_parser.c:38:13: acquire_resource: opened here
libcbor-0.13.0/examples/streaming_parser.c:39:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/streaming_parser.c:40:3: branch_false: ...to here
libcbor-0.13.0/examples/streaming_parser.c:40:3: throw: if ‘fseek’ throws an exception...
libcbor-0.13.0/examples/streaming_parser.c:40:3: danger: ‘fopen(argv[1], "rb")’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   38|     FILE* f = fopen(argv[1], "rb");
#   39|     if (f == NULL) usage();
#   40|->   fseek(f, 0, SEEK_END);
#   41|     size_t length = (size_t)ftell(f);
#   42|     fseek(f, 0, SEEK_SET);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def34]
libcbor-0.13.0/examples/streaming_parser.c:40:3: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(argv[1], "rb")’
libcbor-0.13.0/examples/streaming_parser.c:37:6: branch_false: following ‘false’ branch (when ‘argc == 2’)...
libcbor-0.13.0/examples/streaming_parser.c:38:13: branch_false: ...to here
libcbor-0.13.0/examples/streaming_parser.c:38:13: acquire_memory: allocated here
libcbor-0.13.0/examples/streaming_parser.c:39:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/streaming_parser.c:40:3: branch_false: ...to here
libcbor-0.13.0/examples/streaming_parser.c:40:3: throw: if ‘fseek’ throws an exception...
libcbor-0.13.0/examples/streaming_parser.c:40:3: danger: ‘fopen(argv[1], "rb")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#   38|     FILE* f = fopen(argv[1], "rb");
#   39|     if (f == NULL) usage();
#   40|->   fseek(f, 0, SEEK_END);
#   41|     size_t length = (size_t)ftell(f);
#   42|     fseek(f, 0, SEEK_SET);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def35]
libcbor-0.13.0/examples/streaming_parser.c:41:27: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(argv[1], "rb")’
libcbor-0.13.0/examples/streaming_parser.c:37:6: branch_false: following ‘false’ branch (when ‘argc == 2’)...
libcbor-0.13.0/examples/streaming_parser.c:38:13: branch_false: ...to here
libcbor-0.13.0/examples/streaming_parser.c:38:13: acquire_resource: opened here
libcbor-0.13.0/examples/streaming_parser.c:39:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/streaming_parser.c:40:3: branch_false: ...to here
libcbor-0.13.0/examples/streaming_parser.c:41:27: throw: if ‘ftell’ throws an exception...
libcbor-0.13.0/examples/streaming_parser.c:41:27: danger: ‘fopen(argv[1], "rb")’ leaks here; was opened at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#   39|     if (f == NULL) usage();
#   40|     fseek(f, 0, SEEK_END);
#   41|->   size_t length = (size_t)ftell(f);
#   42|     fseek(f, 0, SEEK_SET);
#   43|     unsigned char* buffer = malloc(length);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def36]
libcbor-0.13.0/examples/streaming_parser.c:41:27: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(argv[1], "rb")’
libcbor-0.13.0/examples/streaming_parser.c:37:6: branch_false: following ‘false’ branch (when ‘argc == 2’)...
libcbor-0.13.0/examples/streaming_parser.c:38:13: branch_false: ...to here
libcbor-0.13.0/examples/streaming_parser.c:38:13: acquire_memory: allocated here
libcbor-0.13.0/examples/streaming_parser.c:39:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/streaming_parser.c:40:3: branch_false: ...to here
libcbor-0.13.0/examples/streaming_parser.c:41:27: throw: if ‘ftell’ throws an exception...
libcbor-0.13.0/examples/streaming_parser.c:41:27: danger: ‘fopen(argv[1], "rb")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#   39|     if (f == NULL) usage();
#   40|     fseek(f, 0, SEEK_END);
#   41|->   size_t length = (size_t)ftell(f);
#   42|     fseek(f, 0, SEEK_SET);
#   43|     unsigned char* buffer = malloc(length);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def37]
libcbor-0.13.0/examples/streaming_parser.c:42:3: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(argv[1], "rb")’
libcbor-0.13.0/examples/streaming_parser.c:37:6: branch_false: following ‘false’ branch (when ‘argc == 2’)...
libcbor-0.13.0/examples/streaming_parser.c:38:13: branch_false: ...to here
libcbor-0.13.0/examples/streaming_parser.c:38:13: acquire_resource: opened here
libcbor-0.13.0/examples/streaming_parser.c:39:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/streaming_parser.c:40:3: branch_false: ...to here
libcbor-0.13.0/examples/streaming_parser.c:42:3: throw: if ‘fseek’ throws an exception...
libcbor-0.13.0/examples/streaming_parser.c:42:3: danger: ‘fopen(argv[1], "rb")’ leaks here; was opened at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#   40|     fseek(f, 0, SEEK_END);
#   41|     size_t length = (size_t)ftell(f);
#   42|->   fseek(f, 0, SEEK_SET);
#   43|     unsigned char* buffer = malloc(length);
#   44|     fread(buffer, length, 1, f);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def38]
libcbor-0.13.0/examples/streaming_parser.c:42:3: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(argv[1], "rb")’
libcbor-0.13.0/examples/streaming_parser.c:37:6: branch_false: following ‘false’ branch (when ‘argc == 2’)...
libcbor-0.13.0/examples/streaming_parser.c:38:13: branch_false: ...to here
libcbor-0.13.0/examples/streaming_parser.c:38:13: acquire_memory: allocated here
libcbor-0.13.0/examples/streaming_parser.c:39:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/streaming_parser.c:40:3: branch_false: ...to here
libcbor-0.13.0/examples/streaming_parser.c:42:3: throw: if ‘fseek’ throws an exception...
libcbor-0.13.0/examples/streaming_parser.c:42:3: danger: ‘fopen(argv[1], "rb")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#   40|     fseek(f, 0, SEEK_END);
#   41|     size_t length = (size_t)ftell(f);
#   42|->   fseek(f, 0, SEEK_SET);
#   43|     unsigned char* buffer = malloc(length);
#   44|     fread(buffer, length, 1, f);

Error: CPPCHECK_WARNING (CWE-476): [#def39]
libcbor-0.13.0/examples/streaming_parser.c:44: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: buffer
#   42|     fseek(f, 0, SEEK_SET);
#   43|     unsigned char* buffer = malloc(length);
#   44|->   fread(buffer, length, 1, f);
#   45|   
#   46|     struct cbor_callbacks callbacks = cbor_empty_callbacks;

Error: COMPILER_WARNING (CWE-252): [#def40]
libcbor-0.13.0/examples/streaming_parser.c: scope_hint: In function ‘main’
libcbor-0.13.0/examples/streaming_parser.c:44:3: warning[-Wunused-result]: ignoring return value of ‘fread’ declared with attribute ‘warn_unused_result’
#   44 |   fread(buffer, length, 1, f);
#      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~
#   42|     fseek(f, 0, SEEK_SET);
#   43|     unsigned char* buffer = malloc(length);
#   44|->   fread(buffer, length, 1, f);
#   45|   
#   46|     struct cbor_callbacks callbacks = cbor_empty_callbacks;

Error: CPPCHECK_WARNING (CWE-682): [#def41]
libcbor-0.13.0/examples/streaming_parser.c:51: error[nullPointerArithmeticOutOfMemory]: If memory allocation fails: pointer addition with NULL pointer.
#   49|     callbacks.string = find_string;
#   50|     while (bytes_read < length) {
#   51|->     decode_result = cbor_stream_decode(buffer + bytes_read, length - bytes_read,
#   52|                                          &callbacks, NULL);
#   53|       bytes_read += decode_result.read;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def42]
libcbor-0.13.0/examples/streaming_parser.c:51:21: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(argv[1], "rb")’
libcbor-0.13.0/examples/streaming_parser.c:37:6: branch_false: following ‘false’ branch (when ‘argc == 2’)...
libcbor-0.13.0/examples/streaming_parser.c:38:13: branch_false: ...to here
libcbor-0.13.0/examples/streaming_parser.c:38:13: acquire_resource: opened here
libcbor-0.13.0/examples/streaming_parser.c:39:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/streaming_parser.c:40:3: branch_false: ...to here
libcbor-0.13.0/examples/streaming_parser.c:50:10: branch_true: following ‘true’ branch (when ‘bytes_read < length’)...
libcbor-0.13.0/examples/streaming_parser.c:51:21: branch_true: ...to here
libcbor-0.13.0/examples/streaming_parser.c:51:21: throw: if ‘cbor_stream_decode’ throws an exception...
libcbor-0.13.0/examples/streaming_parser.c:51:21: danger: ‘fopen(argv[1], "rb")’ leaks here; was opened at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2)
#   49|     callbacks.string = find_string;
#   50|     while (bytes_read < length) {
#   51|->     decode_result = cbor_stream_decode(buffer + bytes_read, length - bytes_read,
#   52|                                          &callbacks, NULL);
#   53|       bytes_read += decode_result.read;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def43]
libcbor-0.13.0/examples/streaming_parser.c:51:21: warning[-Wanalyzer-malloc-leak]: leak of ‘buffer’
libcbor-0.13.0/examples/streaming_parser.c:37:6: branch_false: following ‘false’ branch (when ‘argc == 2’)...
libcbor-0.13.0/examples/streaming_parser.c:38:13: branch_false: ...to here
libcbor-0.13.0/examples/streaming_parser.c:39:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/streaming_parser.c:40:3: branch_false: ...to here
libcbor-0.13.0/examples/streaming_parser.c:43:27: acquire_memory: allocated here
libcbor-0.13.0/examples/streaming_parser.c:50:10: branch_true: following ‘true’ branch (when ‘bytes_read < length’)...
libcbor-0.13.0/examples/streaming_parser.c:51:21: branch_true: ...to here
libcbor-0.13.0/examples/streaming_parser.c:51:21: throw: if ‘cbor_stream_decode’ throws an exception...
libcbor-0.13.0/examples/streaming_parser.c:51:21: danger: ‘buffer’ leaks here; was allocated at [(5)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/4)
#   49|     callbacks.string = find_string;
#   50|     while (bytes_read < length) {
#   51|->     decode_result = cbor_stream_decode(buffer + bytes_read, length - bytes_read,
#   52|                                          &callbacks, NULL);
#   53|       bytes_read += decode_result.read;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def44]
libcbor-0.13.0/examples/streaming_parser.c:51:21: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(argv[1], "rb")’
libcbor-0.13.0/examples/streaming_parser.c:37:6: branch_false: following ‘false’ branch (when ‘argc == 2’)...
libcbor-0.13.0/examples/streaming_parser.c:38:13: branch_false: ...to here
libcbor-0.13.0/examples/streaming_parser.c:38:13: acquire_memory: allocated here
libcbor-0.13.0/examples/streaming_parser.c:39:6: branch_false: following ‘false’ branch...
libcbor-0.13.0/examples/streaming_parser.c:40:3: branch_false: ...to here
libcbor-0.13.0/examples/streaming_parser.c:50:10: branch_true: following ‘true’ branch (when ‘bytes_read < length’)...
libcbor-0.13.0/examples/streaming_parser.c:51:21: branch_true: ...to here
libcbor-0.13.0/examples/streaming_parser.c:51:21: throw: if ‘cbor_stream_decode’ throws an exception...
libcbor-0.13.0/examples/streaming_parser.c:51:21: danger: ‘fopen(argv[1], "rb")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/2)
#   49|     callbacks.string = find_string;
#   50|     while (bytes_read < length) {
#   51|->     decode_result = cbor_stream_decode(buffer + bytes_read, length - bytes_read,
#   52|                                          &callbacks, NULL);
#   53|       bytes_read += decode_result.read;

Error: COMPILER_WARNING (CWE-686): [#def45]
libcbor-0.13.0/redhat-linux-build/CMakeFiles/CMakeScratch/TryCompile-8rqYMg/CheckFunctionExists.c:7:3: warning[-Wbuiltin-declaration-mismatch]: conflicting types for built-in function ‘ldexp’; expected ‘double(double,  int)’

Error: CPPCHECK_WARNING (CWE-457): [#def46]
libcbor-0.13.0/src/cbor/internal/unicode.c:62: warning[uninitvar]: Uninitialized variable: *codep
#   60|     uint32_t type = utf8d[byte];
#   61|   
#   62|->   *codep = (*state != UTF8_ACCEPT) ? (byte & 0x3fu) | (*codep << 6)
#   63|                                      : (0xff >> type) & (byte);
#   64|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def47]
libcbor-0.13.0/test/cbor_serialize_test.c:132:3: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libcbor-0.13.0/test/cbor_serialize_test.c:131:25: acquire_memory: allocated here
libcbor-0.13.0/test/cbor_serialize_test.c:132:3: throw: if ‘cbor_bytestring_set_handle’ throws an exception...
libcbor-0.13.0/test/cbor_serialize_test.c:132:3: danger: ‘data’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  130|     cbor_item_t* item = cbor_new_definite_bytestring();
#  131|     unsigned char* data = malloc(256);
#  132|->   cbor_bytestring_set_handle(item, data, 256);
#  133|     memset(data, 0, 256); /* Prevent undefined behavior in comparison */
#  134|     assert_size_equal(256 + 3, cbor_serialize(item, buffer, 512));

Error: CPPCHECK_WARNING (CWE-476): [#def48]
libcbor-0.13.0/test/cbor_serialize_test.c:133: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: data
#  131|     unsigned char* data = malloc(256);
#  132|     cbor_bytestring_set_handle(item, data, 256);
#  133|->   memset(data, 0, 256); /* Prevent undefined behavior in comparison */
#  134|     assert_size_equal(256 + 3, cbor_serialize(item, buffer, 512));
#  135|     assert_memory_equal(buffer, ((unsigned char[]){0x59, 0x01, 0x00}), 3);

Error: CPPCHECK_WARNING (CWE-476): [#def49]
libcbor-0.13.0/test/cbor_serialize_test.c:146: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: data
#  144|     cbor_item_t* chunk = cbor_new_definite_bytestring();
#  145|     unsigned char* data = malloc(256);
#  146|->   memset(data, 0, 256); /* Prevent undefined behavior in comparison */
#  147|     cbor_bytestring_set_handle(chunk, data, 256);
#  148|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def50]
libcbor-0.13.0/test/cbor_serialize_test.c:146:3: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘data’ where non-null expected
libcbor-0.13.0/test/cbor_serialize_test.c:145:25: acquire_memory: this call could return NULL
libcbor-0.13.0/test/cbor_serialize_test.c:146:3: danger: argument 1 (‘data’) from [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0) could be NULL where non-null expected
#  144|     cbor_item_t* chunk = cbor_new_definite_bytestring();
#  145|     unsigned char* data = malloc(256);
#  146|->   memset(data, 0, 256); /* Prevent undefined behavior in comparison */
#  147|     cbor_bytestring_set_handle(chunk, data, 256);
#  148|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def51]
libcbor-0.13.0/test/cbor_serialize_test.c:147:3: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libcbor-0.13.0/test/cbor_serialize_test.c:145:25: acquire_memory: allocated here
libcbor-0.13.0/test/cbor_serialize_test.c:147:3: throw: if ‘cbor_bytestring_set_handle’ throws an exception...
libcbor-0.13.0/test/cbor_serialize_test.c:147:3: danger: ‘data’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  145|     unsigned char* data = malloc(256);
#  146|     memset(data, 0, 256); /* Prevent undefined behavior in comparison */
#  147|->   cbor_bytestring_set_handle(chunk, data, 256);
#  148|   
#  149|     assert_true(cbor_bytestring_add_chunk(item, cbor_move(chunk)));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def52]
libcbor-0.13.0/test/cbor_serialize_test.c:166:3: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libcbor-0.13.0/test/cbor_serialize_test.c:165:25: acquire_memory: allocated here
libcbor-0.13.0/test/cbor_serialize_test.c:166:3: throw: if ‘cbor_bytestring_set_handle’ throws an exception...
libcbor-0.13.0/test/cbor_serialize_test.c:166:3: danger: ‘data’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  164|     // Fake having a huge chunk of data
#  165|     unsigned char* data = malloc(1);
#  166|->   cbor_bytestring_set_handle(item, data, SIZE_MAX);
#  167|   
#  168|     // Would require 1 + 8 + SIZE_MAX bytes, which overflows size_t

Error: GCC_ANALYZER_WARNING (CWE-401): [#def53]
libcbor-0.13.0/test/cbor_serialize_test.c:177:3: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libcbor-0.13.0/test/cbor_serialize_test.c:176:25: acquire_memory: allocated here
libcbor-0.13.0/test/cbor_serialize_test.c:177:3: throw: if ‘cbor_bytestring_set_handle’ throws an exception...
libcbor-0.13.0/test/cbor_serialize_test.c:177:3: danger: ‘data’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  175|     cbor_item_t* item = cbor_new_definite_bytestring();
#  176|     unsigned char* data = malloc(12);
#  177|->   cbor_bytestring_set_handle(item, data, 12);
#  178|   
#  179|     assert_size_equal(cbor_serialize(item, buffer, 1), 0);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def54]
libcbor-0.13.0/test/cbor_serialize_test.c:189:3: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libcbor-0.13.0/test/cbor_serialize_test.c:188:25: acquire_memory: allocated here
libcbor-0.13.0/test/cbor_serialize_test.c:189:3: throw: if ‘cbor_bytestring_set_handle’ throws an exception...
libcbor-0.13.0/test/cbor_serialize_test.c:189:3: danger: ‘data’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  187|     cbor_item_t* chunk = cbor_new_definite_bytestring();
#  188|     unsigned char* data = malloc(256);
#  189|->   cbor_bytestring_set_handle(chunk, data, 256);
#  190|     assert_true(cbor_bytestring_add_chunk(item, cbor_move(chunk)));
#  191|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def55]
libcbor-0.13.0/test/cbor_serialize_test.c:208:3: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘data’ where non-null expected
libcbor-0.13.0/test/cbor_serialize_test.c:207:25: acquire_memory: this call could return NULL
libcbor-0.13.0/test/cbor_serialize_test.c:208:3: danger: argument 1 (‘data’) from [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0) could be NULL where non-null expected
#argument 1 of ‘__builtin_memcpy’ must be non-null
#  206|     cbor_item_t* item = cbor_new_definite_string();
#  207|     unsigned char* data = malloc(12);
#  208|->   strncpy((char*)data, "Hello world!", 12);
#  209|     cbor_string_set_handle(item, data, 12);
#  210|     assert_size_equal(1 + 12, cbor_serialize(item, buffer, 512));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def56]
libcbor-0.13.0/test/cbor_serialize_test.c:209:3: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libcbor-0.13.0/test/cbor_serialize_test.c:207:25: acquire_memory: allocated here
libcbor-0.13.0/test/cbor_serialize_test.c:209:3: throw: if ‘cbor_string_set_handle’ throws an exception...
libcbor-0.13.0/test/cbor_serialize_test.c:209:3: danger: ‘data’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  207|     unsigned char* data = malloc(12);
#  208|     strncpy((char*)data, "Hello world!", 12);
#  209|->   cbor_string_set_handle(item, data, 12);
#  210|     assert_size_equal(1 + 12, cbor_serialize(item, buffer, 512));
#  211|     assert_memory_equal(

Error: GCC_ANALYZER_WARNING (CWE-688): [#def57]
libcbor-0.13.0/test/cbor_serialize_test.c:226:3: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘data’ where non-null expected
libcbor-0.13.0/test/cbor_serialize_test.c:225:25: acquire_memory: this call could return NULL
libcbor-0.13.0/test/cbor_serialize_test.c:226:3: danger: argument 1 (‘data’) from [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0) could be NULL where non-null expected
#  224|     const size_t size = (size_t)UINT16_MAX + 1;
#  225|     unsigned char* data = malloc(size);
#  226|->   memset(data, 0, size);
#  227|     cbor_string_set_handle(item, data, size);
#  228|     assert_size_equal(cbor_serialized_size(item), 1 + 4 + size);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def58]
libcbor-0.13.0/test/cbor_serialize_test.c:227:3: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libcbor-0.13.0/test/cbor_serialize_test.c:225:25: acquire_memory: allocated here
libcbor-0.13.0/test/cbor_serialize_test.c:227:3: throw: if ‘cbor_string_set_handle’ throws an exception...
libcbor-0.13.0/test/cbor_serialize_test.c:227:3: danger: ‘data’ leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  225|     unsigned char* data = malloc(size);
#  226|     memset(data, 0, size);
#  227|->   cbor_string_set_handle(item, data, size);
#  228|     assert_size_equal(cbor_serialized_size(item), 1 + 4 + size);
#  229|     cbor_decref(&item);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def59]
libcbor-0.13.0/test/cbor_serialize_test.c:239:3: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘data’
libcbor-0.13.0/test/cbor_serialize_test.c:238:25: acquire_memory: this call could return NULL
libcbor-0.13.0/test/cbor_serialize_test.c:239:3: danger: ‘data’ could be NULL: unchecked value from [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
#  237|     const size_t size = (size_t)UINT32_MAX + 1;
#  238|     unsigned char* data = malloc(1);
#  239|->   data[0] = '\0';
#  240|     cbor_string_set_handle(item, data, 1);
#  241|     // Pretend that we have a big item to avoid the huge malloc

Error: GCC_ANALYZER_WARNING (CWE-401): [#def60]
libcbor-0.13.0/test/cbor_serialize_test.c:240:3: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libcbor-0.13.0/test/cbor_serialize_test.c:238:25: acquire_memory: allocated here
libcbor-0.13.0/test/cbor_serialize_test.c:240:3: throw: if ‘cbor_string_set_handle’ throws an exception...
libcbor-0.13.0/test/cbor_serialize_test.c:240:3: danger: ‘data’ leaks here; was allocated at [(1)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/0)
#  238|     unsigned char* data = malloc(1);
#  239|     data[0] = '\0';
#  240|->   cbor_string_set_handle(item, data, 1);
#  241|     // Pretend that we have a big item to avoid the huge malloc
#  242|     item->metadata.string_metadata.length = size;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def61]
libcbor-0.13.0/test/cbor_serialize_test.c:253:3: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘data’ where non-null expected
libcbor-0.13.0/test/cbor_serialize_test.c:252:25: acquire_memory: this call could return NULL
libcbor-0.13.0/test/cbor_serialize_test.c:253:3: danger: argument 1 (‘data’) from [(1)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/0) could be NULL where non-null expected
#argument 1 of ‘__builtin_memcpy’ must be non-null
#  251|   
#  252|     unsigned char* data = malloc(12);
#  253|->   strncpy((char*)data, "Hello world!", 12);
#  254|     cbor_string_set_handle(chunk, data, 12);
#  255|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def62]
libcbor-0.13.0/test/cbor_serialize_test.c:254:3: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libcbor-0.13.0/test/cbor_serialize_test.c:252:25: acquire_memory: allocated here
libcbor-0.13.0/test/cbor_serialize_test.c:254:3: throw: if ‘cbor_string_set_handle’ throws an exception...
libcbor-0.13.0/test/cbor_serialize_test.c:254:3: danger: ‘data’ leaks here; was allocated at [(1)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/0)
#  252|     unsigned char* data = malloc(12);
#  253|     strncpy((char*)data, "Hello world!", 12);
#  254|->   cbor_string_set_handle(chunk, data, 12);
#  255|   
#  256|     assert_true(cbor_string_add_chunk(item, cbor_move(chunk)));

Error: CPPCHECK_WARNING (CWE-476): [#def63]
libcbor-0.13.0/test/cbor_serialize_test.c:272: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: data
#  270|     cbor_item_t* item = cbor_new_definite_string();
#  271|     unsigned char* data = malloc(12);
#  272|->   memset(data, 0, 12);
#  273|     cbor_string_set_handle(item, data, 12);
#  274|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def64]
libcbor-0.13.0/test/cbor_serialize_test.c:272:3: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘data’ where non-null expected
libcbor-0.13.0/test/cbor_serialize_test.c:271:25: acquire_memory: this call could return NULL
libcbor-0.13.0/test/cbor_serialize_test.c:272:3: danger: argument 1 (‘data’) from [(1)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/0) could be NULL where non-null expected
#  270|     cbor_item_t* item = cbor_new_definite_string();
#  271|     unsigned char* data = malloc(12);
#  272|->   memset(data, 0, 12);
#  273|     cbor_string_set_handle(item, data, 12);
#  274|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def65]
libcbor-0.13.0/test/cbor_serialize_test.c:273:3: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libcbor-0.13.0/test/cbor_serialize_test.c:271:25: acquire_memory: allocated here
libcbor-0.13.0/test/cbor_serialize_test.c:273:3: throw: if ‘cbor_string_set_handle’ throws an exception...
libcbor-0.13.0/test/cbor_serialize_test.c:273:3: danger: ‘data’ leaks here; was allocated at [(1)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/0)
#  271|     unsigned char* data = malloc(12);
#  272|     memset(data, 0, 12);
#  273|->   cbor_string_set_handle(item, data, 12);
#  274|   
#  275|     assert_size_equal(cbor_serialize(item, buffer, 1), 0);

Error: CPPCHECK_WARNING (CWE-476): [#def66]
libcbor-0.13.0/test/cbor_serialize_test.c:285: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: data
#  283|     cbor_item_t* chunk = cbor_new_definite_string();
#  284|     unsigned char* data = malloc(256);
#  285|->   memset(data, 0, 256);
#  286|     cbor_string_set_handle(chunk, data, 256);
#  287|     assert_true(cbor_string_add_chunk(item, cbor_move(chunk)));

Error: GCC_ANALYZER_WARNING (CWE-688): [#def67]
libcbor-0.13.0/test/cbor_serialize_test.c:285:3: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘data’ where non-null expected
libcbor-0.13.0/test/cbor_serialize_test.c:284:25: acquire_memory: this call could return NULL
libcbor-0.13.0/test/cbor_serialize_test.c:285:3: danger: argument 1 (‘data’) from [(1)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/0) could be NULL where non-null expected
#  283|     cbor_item_t* chunk = cbor_new_definite_string();
#  284|     unsigned char* data = malloc(256);
#  285|->   memset(data, 0, 256);
#  286|     cbor_string_set_handle(chunk, data, 256);
#  287|     assert_true(cbor_string_add_chunk(item, cbor_move(chunk)));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def68]
libcbor-0.13.0/test/cbor_serialize_test.c:286:3: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libcbor-0.13.0/test/cbor_serialize_test.c:284:25: acquire_memory: allocated here
libcbor-0.13.0/test/cbor_serialize_test.c:286:3: throw: if ‘cbor_string_set_handle’ throws an exception...
libcbor-0.13.0/test/cbor_serialize_test.c:286:3: danger: ‘data’ leaks here; was allocated at [(1)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/0)
#  284|     unsigned char* data = malloc(256);
#  285|     memset(data, 0, 256);
#  286|->   cbor_string_set_handle(chunk, data, 256);
#  287|     assert_true(cbor_string_add_chunk(item, cbor_move(chunk)));
#  288|   

Error: CPPCHECK_WARNING (CWE-476): [#def69]
libcbor-0.13.0/test/fuzz_test.c:43: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: data
#   41|     unsigned char* data = malloc(length);
#   42|     for (size_t i = 0; i < length; i++) {
#   43|->     data[i] = rand() % 0xFF;
#   44|     }
#   45|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def70]
libcbor-0.13.0/test/fuzz_test.c:43:5: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘data’
libcbor-0.13.0/test/fuzz_test.c:41:25: acquire_memory: this call could return NULL
libcbor-0.13.0/test/fuzz_test.c:42:22: branch_true: following ‘true’ branch (when ‘i < length’)...
libcbor-0.13.0/test/fuzz_test.c:43:15: branch_true: ...to here
libcbor-0.13.0/test/fuzz_test.c:43:5: danger: ‘data + i’ could be NULL: unchecked value from [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   41|     unsigned char* data = malloc(length);
#   42|     for (size_t i = 0; i < length; i++) {
#   43|->     data[i] = rand() % 0xFF;
#   44|     }
#   45|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def71]
libcbor-0.13.0/test/fuzz_test.c:50:10: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libcbor-0.13.0/test/fuzz_test.c:41:25: acquire_memory: allocated here
libcbor-0.13.0/test/fuzz_test.c:42:22: branch_false: following ‘false’ branch (when ‘i >= length’)...
libcbor-0.13.0/test/fuzz_test.c:50:10: branch_false: ...to here
libcbor-0.13.0/test/fuzz_test.c:50:10: throw: if ‘cbor_load’ throws an exception...
libcbor-0.13.0/test/fuzz_test.c:50:10: danger: ‘data’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   48|   #endif
#   49|   
#   50|->   item = cbor_load(data, length, &res);
#   51|   
#   52|     if (res.error.code == CBOR_ERR_NONE) cbor_decref(&item);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def72]
libcbor-0.13.0/test/fuzz_test.c:52:40: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libcbor-0.13.0/test/fuzz_test.c:41:25: acquire_memory: allocated here
libcbor-0.13.0/test/fuzz_test.c:42:22: branch_false: following ‘false’ branch (when ‘i >= length’)...
libcbor-0.13.0/test/fuzz_test.c:50:10: branch_false: ...to here
libcbor-0.13.0/test/fuzz_test.c:52:6: branch_true: following ‘true’ branch...
libcbor-0.13.0/test/fuzz_test.c:52:40: branch_true: ...to here
libcbor-0.13.0/test/fuzz_test.c:52:40: throw: if ‘cbor_decref’ throws an exception...
libcbor-0.13.0/test/fuzz_test.c:52:40: danger: ‘data’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#   50|     item = cbor_load(data, length, &res);
#   51|   
#   52|->   if (res.error.code == CBOR_ERR_NONE) cbor_decref(&item);
#   53|     /* Otherwise there should be nothing left behind by the decoder */
#   54|   

Error: CPPCHECK_WARNING (CWE-476): [#def73]
libcbor-0.13.0/test/memory_utils_test.c:41: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: data
#   39|   static void test_realloc_multiple(void** _state _CBOR_UNUSED) {
#   40|     unsigned char* data = malloc(1);
#   41|->   data[0] = 0x2a;
#   42|   
#   43|     data = _cbor_realloc_multiple(data, /*item_size=*/1, /*item_count=*/10);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def74]
libcbor-0.13.0/test/memory_utils_test.c:41:3: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘data’
libcbor-0.13.0/test/memory_utils_test.c:40:25: acquire_memory: this call could return NULL
libcbor-0.13.0/test/memory_utils_test.c:41:3: danger: ‘data’ could be NULL: unchecked value from [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   39|   static void test_realloc_multiple(void** _state _CBOR_UNUSED) {
#   40|     unsigned char* data = malloc(1);
#   41|->   data[0] = 0x2a;
#   42|   
#   43|     data = _cbor_realloc_multiple(data, /*item_size=*/1, /*item_count=*/10);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def75]
libcbor-0.13.0/test/memory_utils_test.c:43:10: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
libcbor-0.13.0/test/memory_utils_test.c:40:25: acquire_memory: allocated here
libcbor-0.13.0/test/memory_utils_test.c:43:10: throw: if ‘_cbor_realloc_multiple’ throws an exception...
libcbor-0.13.0/test/memory_utils_test.c:43:10: danger: ‘data’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   41|     data[0] = 0x2a;
#   42|   
#   43|->   data = _cbor_realloc_multiple(data, /*item_size=*/1, /*item_count=*/10);
#   44|     assert_size_equal(data[0], 0x2a);
#   45|     data[9] = 0x2b;  // Sanitizer will stop us if not ok

Error: GCC_ANALYZER_WARNING (CWE-401): [#def76]
libcbor-0.13.0/test/pretty_printer_test.c:20:3: warning[-Wanalyzer-malloc-leak]: leak of ‘tmpfile()’
libcbor-0.13.0/test/pretty_printer_test.c:19:19: acquire_memory: allocated here
libcbor-0.13.0/test/pretty_printer_test.c:20:3: throw: if ‘cbor_describe’ throws an exception...
libcbor-0.13.0/test/pretty_printer_test.c:20:3: danger: ‘tmpfile()’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   18|     const size_t buffer_size = 512;
#   19|     FILE* outfile = tmpfile();
#   20|->   cbor_describe(item, outfile);
#   21|     rewind(outfile);
#   22|     // Treat string as null-terminated since cmocka doesn't have asserts

Error: CPPCHECK_WARNING (CWE-476): [#def77]
libcbor-0.13.0/test/pretty_printer_test.c:21: warning[nullPointerOutOfResources]: If resource allocation fails, then there is a possible null pointer dereference: outfile
#   19|     FILE* outfile = tmpfile();
#   20|     cbor_describe(item, outfile);
#   21|->   rewind(outfile);
#   22|     // Treat string as null-terminated since cmocka doesn't have asserts
#   23|     // for explicit length strings.

Error: CPPCHECK_WARNING (CWE-476): [#def78]
libcbor-0.13.0/test/pretty_printer_test.c:26: warning[nullPointerOutOfResources]: If resource allocation fails, then there is a possible null pointer dereference: outfile
#   24|     char* output = malloc(buffer_size);
#   25|     assert_non_null(output);
#   26|->   size_t output_size = fread(output, sizeof(char), buffer_size, outfile);
#   27|     output[output_size] = '\0';
#   28|     assert_string_equal(output, expected_result);

Error: CPPCHECK_WARNING (CWE-476): [#def79]
libcbor-0.13.0/test/pretty_printer_test.c:29: warning[nullPointerOutOfResources]: If resource allocation fails, then there is a possible null pointer dereference: outfile
#   27|     output[output_size] = '\0';
#   28|     assert_string_equal(output, expected_result);
#   29|->   assert_true(feof(outfile));
#   30|     free(output);
#   31|     fclose(outfile);

Error: CPPCHECK_WARNING (CWE-476): [#def80]
libcbor-0.13.0/test/pretty_printer_test.c:31: warning[nullPointerOutOfResources]: If resource allocation fails, then there is a possible null pointer dereference: outfile
#   29|     assert_true(feof(outfile));
#   30|     free(output);
#   31|->   fclose(outfile);
#   32|   #endif
#   33|   }

Error: CPPCHECK_WARNING (CWE-476): [#def81]
libcbor-0.13.0/test/stack_over_limit_test.c:8: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: *overflow_data
#    6|     *overflow_data = (unsigned char*)malloc(CBOR_MAX_STACK_SIZE + 3);
#    7|     for (i = 0; i < CBOR_MAX_STACK_SIZE + 1; i++) {
#    8|->     (*overflow_data)[i] = 0xC2;  // tag of positive bignum
#    9|     }
#   10|     (*overflow_data)[CBOR_MAX_STACK_SIZE + 1] = 0x41;  // bytestring of length 1

Error: GCC_ANALYZER_WARNING (CWE-476): [#def82]
libcbor-0.13.0/test/stack_over_limit_test.c:8:5: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*overflow_data’
libcbor-0.13.0/test/stack_over_limit_test.c:6:36: acquire_memory: this call could return NULL
libcbor-0.13.0/test/stack_over_limit_test.c:7:15: branch_true: following ‘true’ branch (when ‘i != 2049’)...
libcbor-0.13.0/test/stack_over_limit_test.c:8:5: branch_true: ...to here
libcbor-0.13.0/test/stack_over_limit_test.c:8:5: danger: ‘*overflow_data + (sizetype)i’ could be NULL: unchecked value from [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#    6|     *overflow_data = (unsigned char*)malloc(CBOR_MAX_STACK_SIZE + 3);
#    7|     for (i = 0; i < CBOR_MAX_STACK_SIZE + 1; i++) {
#    8|->     (*overflow_data)[i] = 0xC2;  // tag of positive bignum
#    9|     }
#   10|     (*overflow_data)[CBOR_MAX_STACK_SIZE + 1] = 0x41;  // bytestring of length 1

Error: GCC_ANALYZER_WARNING (CWE-476): [#def83]
libcbor-0.13.0/test/stack_over_limit_test.c:8:5: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘overflow_data’
libcbor-0.13.0/test/stack_over_limit_test.c:15:13: enter_function: entry to ‘test_stack_over_limit’
libcbor-0.13.0/test/stack_over_limit_test.c:19:23: call_function: calling ‘generate_overflow_data’ from ‘test_stack_over_limit’
#    6|     *overflow_data = (unsigned char*)malloc(CBOR_MAX_STACK_SIZE + 3);
#    7|     for (i = 0; i < CBOR_MAX_STACK_SIZE + 1; i++) {
#    8|->     (*overflow_data)[i] = 0xC2;  // tag of positive bignum
#    9|     }
#   10|     (*overflow_data)[CBOR_MAX_STACK_SIZE + 1] = 0x41;  // bytestring of length 1

Error: GCC_ANALYZER_WARNING (CWE-401): [#def84]
libcbor-0.13.0/test/stack_over_limit_test.c:20:3: warning[-Wanalyzer-malloc-leak]: leak of ‘overflow_data’
libcbor-0.13.0/test/stack_over_limit_test.c:15:13: enter_function: entry to ‘test_stack_over_limit’
libcbor-0.13.0/test/stack_over_limit_test.c:19:23: call_function: calling ‘generate_overflow_data’ from ‘test_stack_over_limit’
libcbor-0.13.0/test/stack_over_limit_test.c:19:23: return_function: returning to ‘test_stack_over_limit’ from ‘generate_overflow_data’
libcbor-0.13.0/test/stack_over_limit_test.c:20:3: throw: if ‘cbor_load’ throws an exception...
libcbor-0.13.0/test/stack_over_limit_test.c:20:3: danger: ‘overflow_data’ leaks here; was allocated at [(4)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/3)
#   18|     struct cbor_load_result res;
#   19|     overflow_data_len = generate_overflow_data(&overflow_data);
#   20|->   assert_null(cbor_load(overflow_data, overflow_data_len, &res));
#   21|     free(overflow_data);
#   22|     assert_size_equal(res.error.code, CBOR_ERR_MEMERROR);

Error: CPPCHECK_WARNING (CWE-476): [#def85]
libcbor-0.13.0/test/string_test.c:298: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: string_data
#  296|     char* test_string = "Hello";
#  297|     unsigned char* string_data = malloc(strlen(test_string));
#  298|->   memcpy(string_data, test_string, strlen(test_string));
#  299|     assert_ptr_not_equal(string_data, NULL);
#  300|     cbor_string_set_handle(string, string_data, strlen(test_string));

Error: GCC_ANALYZER_WARNING (CWE-688): [#def86]
libcbor-0.13.0/test/string_test.c:298:3: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘string_data’ where non-null expected
libcbor-0.13.0/test/string_test.c:297:32: acquire_memory: this call could return NULL
libcbor-0.13.0/test/string_test.c:298:3: danger: argument 1 (‘string_data’) from [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0) could be NULL where non-null expected
#  296|     char* test_string = "Hello";
#  297|     unsigned char* string_data = malloc(strlen(test_string));
#  298|->   memcpy(string_data, test_string, strlen(test_string));
#  299|     assert_ptr_not_equal(string_data, NULL);
#  300|     cbor_string_set_handle(string, string_data, strlen(test_string));

Error: CPPCHECK_WARNING (CWE-476): [#def87]
libcbor-0.13.0/test/string_test.c:314: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: string_data
#  312|     char* test_string = "\xc5\xa0t\xc4\x9bst\xc3\xad\xc4\x8dko";
#  313|     unsigned char* string_data = malloc(strlen(test_string));
#  314|->   memcpy(string_data, test_string, strlen(test_string));
#  315|     assert_ptr_not_equal(string_data, NULL);
#  316|     cbor_string_set_handle(string, string_data, strlen(test_string));

Error: GCC_ANALYZER_WARNING (CWE-688): [#def88]
libcbor-0.13.0/test/string_test.c:314:3: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘string_data’ where non-null expected
libcbor-0.13.0/test/string_test.c:313:32: acquire_memory: this call could return NULL
libcbor-0.13.0/test/string_test.c:314:3: danger: argument 1 (‘string_data’) from [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0) could be NULL where non-null expected
#  312|     char* test_string = "\xc5\xa0t\xc4\x9bst\xc3\xad\xc4\x8dko";
#  313|     unsigned char* string_data = malloc(strlen(test_string));
#  314|->   memcpy(string_data, test_string, strlen(test_string));
#  315|     assert_ptr_not_equal(string_data, NULL);
#  316|     cbor_string_set_handle(string, string_data, strlen(test_string));

Error: CPPCHECK_WARNING (CWE-476): [#def89]
libcbor-0.13.0/test/string_test.c:330: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: string_data
#  328|     char* test_string = "Test: \xc5";
#  329|     unsigned char* string_data = malloc(strlen(test_string));
#  330|->   memcpy(string_data, test_string, strlen(test_string));
#  331|     assert_ptr_not_equal(string_data, NULL);
#  332|     cbor_string_set_handle(string, string_data, strlen(test_string));

Error: GCC_ANALYZER_WARNING (CWE-688): [#def90]
libcbor-0.13.0/test/string_test.c:330:3: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘string_data’ where non-null expected
libcbor-0.13.0/test/string_test.c:329:32: acquire_memory: this call could return NULL
libcbor-0.13.0/test/string_test.c:330:3: danger: argument 1 (‘string_data’) from [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0) could be NULL where non-null expected
#  328|     char* test_string = "Test: \xc5";
#  329|     unsigned char* string_data = malloc(strlen(test_string));
#  330|->   memcpy(string_data, test_string, strlen(test_string));
#  331|     assert_ptr_not_equal(string_data, NULL);
#  332|     cbor_string_set_handle(string, string_data, strlen(test_string));

Error: CPPCHECK_WARNING (CWE-476): [#def91]
libcbor-0.13.0/test/test_allocator.c:22: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: expectations
#   20|     for (int i = 0; i < calls; i++) {
#   21|       // Promotable types, baby
#   22|->     expectations[i] = va_arg(args, call_expectation);
#   23|     }
#   24|     va_end(args);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def92]
libcbor-0.13.0/test/test_allocator.c:22:5: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘expectations’
libcbor-0.13.0/test/test_allocator.c:19:18: acquire_memory: this call could return NULL
libcbor-0.13.0/test/test_allocator.c:20:19: branch_true: following ‘true’ branch (when ‘i < calls’)...
libcbor-0.13.0/test/test_allocator.c:22:17: branch_true: ...to here
libcbor-0.13.0/test/test_allocator.c:22:5: danger: ‘expectations + (long unsigned int)i * 4’ could be NULL: unchecked value from [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   20|     for (int i = 0; i < calls; i++) {
#   21|       // Promotable types, baby
#   22|->     expectations[i] = va_arg(args, call_expectation);
#   23|     }
#   24|     va_end(args);
Scan Properties

analyzer-version-clippy	1.92.0
analyzer-version-cppcheck	2.19.1
analyzer-version-gcc	16.0.0
analyzer-version-gcc-analyzer	16.0.0
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-191.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	libcbor-0.13.0-1.fc44
store-results-to	/tmp/tmpcy1hdgkw/libcbor-0.13.0-1.fc44.tar.xz
time-created	2026-01-08 18:41:39
time-finished	2026-01-08 18:43:27
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpcy1hdgkw/libcbor-0.13.0-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpcy1hdgkw/libcbor-0.13.0-1.fc44.src.rpm'
tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9