Error: GCC_ANALYZER_WARNING (CWE-401): [#def1] libcue-2.3.0/cd.c:55:30: warning[-Wanalyzer-malloc-leak]: leak of ‘cd’ libcue-2.3.0/cd.c:47:14: acquire_memory: allocated here libcue-2.3.0/cd.c:49:11: branch_false: following ‘false’ branch (when ‘cd’ is non-NULL)... libcue-2.3.0/cd.c:52:17: branch_false: ...to here libcue-2.3.0/cd.c:55:30: throw: if ‘cdtext_init’ throws an exception... libcue-2.3.0/cd.c:55:30: danger: ‘cd’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0) # 53| cd->catalog = NULL; # 54| cd->cdtextfile = NULL; # 55|-> cd->cdtext = cdtext_init(); # 56| cd->rem = rem_new(); # 57| cd->ntrack = 0; Error: GCC_ANALYZER_WARNING (CWE-401): [#def2] libcue-2.3.0/cd.c:56:27: warning[-Wanalyzer-malloc-leak]: leak of ‘cd’ libcue-2.3.0/cd.c:47:14: acquire_memory: allocated here libcue-2.3.0/cd.c:49:11: branch_false: following ‘false’ branch (when ‘cd’ is non-NULL)... libcue-2.3.0/cd.c:52:17: branch_false: ...to here libcue-2.3.0/cd.c:56:27: throw: if ‘rem_new’ throws an exception... libcue-2.3.0/cd.c:56:27: danger: ‘cd’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0) # 54| cd->cdtextfile = NULL; # 55| cd->cdtext = cdtext_init(); # 56|-> cd->rem = rem_new(); # 57| cd->ntrack = 0; # 58| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def3] libcue-2.3.0/cd.c:131:33: warning[-Wanalyzer-malloc-leak]: leak of ‘track’ libcue-2.3.0/cd.c:107:17: acquire_memory: allocated here libcue-2.3.0/cd.c:109:12: branch_false: following ‘false’ branch (when ‘track’ is non-NULL)... libcue-2.3.0/cd.c:112:17: branch_false: ...to here libcue-2.3.0/cd.c:131:33: throw: if ‘cdtext_init’ throws an exception... libcue-2.3.0/cd.c:131:33: danger: ‘track’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0) # 129| track->flags = FLAG_NONE; # 130| track->isrc = NULL; # 131|-> track->cdtext = cdtext_init(); # 132| track->rem = rem_new(); # 133| Error: GCC_ANALYZER_WARNING (CWE-401): [#def4] libcue-2.3.0/cd.c:132:30: warning[-Wanalyzer-malloc-leak]: leak of ‘track’ libcue-2.3.0/cd.c:107:17: acquire_memory: allocated here libcue-2.3.0/cd.c:109:12: branch_false: following ‘false’ branch (when ‘track’ is non-NULL)... libcue-2.3.0/cd.c:112:17: branch_false: ...to here libcue-2.3.0/cd.c:132:30: throw: if ‘rem_new’ throws an exception... libcue-2.3.0/cd.c:132:30: danger: ‘track’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0) # 130| track->isrc = NULL; # 131| track->cdtext = cdtext_init(); # 132|-> track->rem = rem_new(); # 133| # 134| int i; Error: GCC_ANALYZER_WARNING (CWE-401): [#def5] libcue-2.3.0/cdtext.c:81:33: warning[-Wanalyzer-malloc-leak]: leak of ‘*cdtext.value’ libcue-2.3.0/cdtext.c:77:12: branch_true: following ‘true’ branch (when ‘value’ is non-NULL)... libcue-2.3.0/cdtext.c:77:12: branch_true: ...to here libcue-2.3.0/cdtext.c:78:24: branch_true: following ‘true’ branch... libcue-2.3.0/cdtext.c:79:28: branch_true: ...to here libcue-2.3.0/cdtext.c:79:28: branch_false: following ‘false’ branch... libcue-2.3.0/cdtext.c:78:48: branch_false: ...to here libcue-2.3.0/cdtext.c:78:24: branch_true: following ‘true’ branch... libcue-2.3.0/cdtext.c:79:28: branch_true: ...to here libcue-2.3.0/cdtext.c:79:28: branch_true: following ‘true’ branch... libcue-2.3.0/cdtext.c:80:39: branch_true: ...to here libcue-2.3.0/cdtext.c:81:49: acquire_memory: allocated here libcue-2.3.0/cdtext.c:81:33: danger: ‘*cdtext.value’ leaks here; was allocated at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10) # 79| if (pti == cdtext->pti) { # 80| free (cdtext->value); # 81|-> cdtext->value = strdup (value); # 82| } # 83| } Error: GCC_ANALYZER_WARNING (CWE-457): [#def6] libcue-2.3.0/redhat-linux-build/cue_parser.c:1137:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyss’ libcue-2.3.0/redhat-linux-build/cue_parser.c:1095:6: branch_true: following ‘true’ branch... libcue-2.3.0/redhat-linux-build/cue_parser.c:1101:28: branch_true: ...to here libcue-2.3.0/redhat-linux-build/cue_parser.c:1124:10: branch_false: following ‘false’ branch (when ‘yystacksize <= 9999’)... libcue-2.3.0/redhat-linux-build/cue_parser.c:1126:7: branch_false: ...to here libcue-2.3.0/redhat-linux-build/cue_parser.c:1135:12: branch_false: following ‘false’ branch (when ‘yyptr’ is non-NULL)... libcue-2.3.0/redhat-linux-build/cue_parser.c:1137:9: branch_false: ...to here libcue-2.3.0/redhat-linux-build/cue_parser.c:1137:9: danger: use of uninitialized value ‘yyss’ here # 1135| if (! yyptr) # 1136| YYNOMEM; # 1137|-> YYSTACK_RELOCATE (yyss_alloc, yyss); # 1138| YYSTACK_RELOCATE (yyvs_alloc, yyvs); # 1139| # undef YYSTACK_RELOCATE Error: GCC_ANALYZER_WARNING (CWE-457): [#def7] libcue-2.3.0/redhat-linux-build/cue_parser.c:1264:3: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’ libcue-2.3.0/redhat-linux-build/cue_parser.c:1095:6: branch_false: following ‘false’ branch... libcue-2.3.0/redhat-linux-build/cue_parser.c:1159:6: branch_false: ...to here libcue-2.3.0/redhat-linux-build/cue_parser.c:1159:6: branch_false: following ‘false’ branch (when ‘yystate != 3’)... libcue-2.3.0/redhat-linux-build/cue_parser.c:1162:3: branch_false: ...to here libcue-2.3.0/redhat-linux-build/cue_parser.c:1174:6: branch_true: following ‘true’ branch (when ‘yyn == -44’)... libcue-2.3.0/redhat-linux-build/cue_parser.c:1175:5: branch_true: ...to here libcue-2.3.0/redhat-linux-build/cue_parser.c:1244:6: branch_false: following ‘false’ branch (when ‘yyn != 0’)... libcue-2.3.0/redhat-linux-build/cue_parser.c:1246:3: branch_false: ...to here libcue-2.3.0/redhat-linux-build/cue_parser.c:1264:3: danger: use of uninitialized value ‘*<unknown>’ here # 1262| unconditionally makes the parser a bit smaller, and it avoids a # 1263| GCC warning that YYVAL may be used uninitialized. */ # 1264|-> yyval = yyvsp[1-yylen]; # 1265| # 1266| Error: GCC_ANALYZER_WARNING (CWE-401): [#def8] libcue-2.3.0/redhat-linux-build/cue_scanner.c:2043:54: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(64)’ libcue-2.3.0/redhat-linux-build/cue_scanner.c:2030:21: enter_function: entry to ‘yy_create_buffer’ libcue-2.3.0/redhat-linux-build/cue_scanner.c:2034:24: call_function: inlined call to ‘yyalloc’ from ‘yy_create_buffer’ libcue-2.3.0/redhat-linux-build/cue_scanner.c:2035:12: branch_false: following ‘false’ branch... libcue-2.3.0/redhat-linux-build/cue_scanner.c:2038:2: branch_false: ...to here libcue-2.3.0/redhat-linux-build/cue_scanner.c:2043:54: danger: ‘malloc(64)’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) # 2041| /* yy_ch_buf has to be 2 characters longer than the size given because # 2042| * we need to put in 2 end-of-buffer characters. # 2043|-> */ # 2044| b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2) ); # 2045| if ( ! b->yy_ch_buf ) Error: CPPCHECK_WARNING (CWE-476): [#def9] libcue-2.3.0/redhat-linux-build/cue_scanner.c:2084: warning[nullPointer]: Possible null pointer dereference: b # 2082| # 2083| yy_flush_buffer( b ); # 2084|-> # 2085| b->yy_input_file = file; # 2086| b->yy_fill_buffer = 1; Error: CPPCHECK_WARNING (CWE-476): [#def10] libcue-2.3.0/redhat-linux-build/cue_scanner.c:2085: warning[nullPointer]: Possible null pointer dereference: b # 2083| yy_flush_buffer( b ); # 2084| # 2085|-> b->yy_input_file = file; # 2086| b->yy_fill_buffer = 1; # 2087| Error: GCC_ANALYZER_WARNING (CWE-401): [#def11] libcue-2.3.0/redhat-linux-build/cue_scanner.c:2298:26: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(n)’ libcue-2.3.0/redhat-linux-build/cue_scanner.c:2282:17: enter_function: entry to ‘yy_scan_bytes’ libcue-2.3.0/redhat-linux-build/cue_scanner.c:2291:24: call_function: inlined call to ‘yyalloc’ from ‘yy_scan_bytes’ libcue-2.3.0/redhat-linux-build/cue_scanner.c:2292:12: branch_false: following ‘false’ branch... libcue-2.3.0/redhat-linux-build/cue_scanner.c:2292:12: branch_false: ...to here libcue-2.3.0/redhat-linux-build/cue_scanner.c:2300:6: call_function: calling ‘yy_scan_buffer’ from ‘yy_scan_bytes’ # 2296| for ( i = 0; i < _yybytes_len; ++i ) # 2297| buf[i] = yybytes[i]; # 2298|-> # 2299| buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; # 2300| Error: COMPILER_WARNING: [#def12] libcue-2.3.0/rem.c:110:1: warning[-Wenum-int-mismatch]: conflicting types for ‘rem_get’ due to enum/integer mismatch; have ‘const char *(RemType, Rem *)’ # 110 | rem_get( RemType cmt, # | ^~~~~~~ libcue-2.3.0/rem.h:27: included_from: Included from here. libcue-2.3.0/rem.c:27: included_from: Included from here. libcue-2.3.0/libcue.h:136:24: note: previous declaration of ‘rem_get’ with type ‘const char *(unsigned int, Rem *)’ # 136 | CUE_EXPORT const char* rem_get(unsigned int, Rem*); # | ^~~~~~~ # 108| # 109| const char* # 110|-> rem_get( RemType cmt, # 111| Rem* rem) # 112| { Error: GCC_ANALYZER_WARNING (CWE-775): [#def13] libcue-2.3.0/t/99_tracks.c:14:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen("99_tracks.cue", "r")’ libcue-2.3.0/t/99_tracks.c:12:16: acquire_resource: opened here libcue-2.3.0/t/99_tracks.c:13:4: branch_true: following ‘true’ branch... libcue-2.3.0/t/99_tracks.c:14:13: branch_true: ...to here libcue-2.3.0/t/99_tracks.c:14:13: danger: ‘fopen("99_tracks.cue", "r")’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0) # 12| FILE *cue = fopen("99_tracks.cue", "r"); # 13| assert(cue); # 14|-> Cd *cd = cue_parse_file(cue); # 15| assert(cd); # 16| int ntrack = cd_get_ntrack(cd); Error: GCC_ANALYZER_WARNING (CWE-401): [#def14] libcue-2.3.0/t/99_tracks.c:14:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen("99_tracks.cue", "r")’ libcue-2.3.0/t/99_tracks.c:12:16: acquire_memory: allocated here libcue-2.3.0/t/99_tracks.c:13:4: branch_true: following ‘true’ branch... libcue-2.3.0/t/99_tracks.c:14:13: branch_true: ...to here libcue-2.3.0/t/99_tracks.c:14:13: danger: ‘fopen("99_tracks.cue", "r")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0) # 12| FILE *cue = fopen("99_tracks.cue", "r"); # 13| assert(cue); # 14|-> Cd *cd = cue_parse_file(cue); # 15| assert(cd); # 16| int ntrack = cd_get_ntrack(cd); Error: GCC_ANALYZER_WARNING (CWE-775): [#def15] libcue-2.3.0/t/issue10.c:14:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen("issue10.cue", "r")’ libcue-2.3.0/t/issue10.c:12:16: acquire_resource: opened here libcue-2.3.0/t/issue10.c:13:4: branch_true: following ‘true’ branch... libcue-2.3.0/t/issue10.c:14:13: branch_true: ...to here libcue-2.3.0/t/issue10.c:14:13: danger: ‘fopen("issue10.cue", "r")’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0) # 12| FILE *cue = fopen("issue10.cue", "r"); # 13| assert(cue); # 14|-> Cd *cd = cue_parse_file(cue); # 15| assert(cd); # 16| cd_delete(cd); Error: GCC_ANALYZER_WARNING (CWE-401): [#def16] libcue-2.3.0/t/issue10.c:14:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen("issue10.cue", "r")’ libcue-2.3.0/t/issue10.c:12:16: acquire_memory: allocated here libcue-2.3.0/t/issue10.c:13:4: branch_true: following ‘true’ branch... libcue-2.3.0/t/issue10.c:14:13: branch_true: ...to here libcue-2.3.0/t/issue10.c:14:13: danger: ‘fopen("issue10.cue", "r")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0) # 12| FILE *cue = fopen("issue10.cue", "r"); # 13| assert(cue); # 14|-> Cd *cd = cue_parse_file(cue); # 15| assert(cd); # 16| cd_delete(cd); Error: COMPILER_WARNING: [#def17] libcue-2.3.0/time.c: scope_hint: In function ‘time_frame_to_mmssff’ libcue-2.3.0/time.c:33:33: warning[-Wformat-overflow=]: ‘%02d’ directive writing between 2 and 3 bytes into a region of size between 0 and 3 # 33 | sprintf(msf, "%02d:%02d:%02d", minutes, seconds, frames); # | ^~~~ libcue-2.3.0/time.c:33:22: note: directive argument in the range [-74, 74] # 33 | sprintf(msf, "%02d:%02d:%02d", minutes, seconds, frames); # | ^~~~~~~~~~~~~~~~ /usr/include/bits/stdio2.h:30:10: note: ‘__sprintf_chk’ output between 9 and 20 bytes into a destination of size 9 # 30 | return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1, # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 31 | __glibc_objsize (__s), __fmt, # | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 32 | __va_arg_pack ()); # | ~~~~~~~~~~~~~~~~~ # 31| # 32| time_frame_to_msf(f, &minutes, &seconds, &frames); # 33|-> sprintf(msf, "%02d:%02d:%02d", minutes, seconds, frames); # 34| # 35| return msf;
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-169.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | libcue-2.3.0-13.fc44 |
| store-results-to | /tmp/tmpbvyr0ppm/libcue-2.3.0-13.fc44.tar.xz |
| time-created | 2026-01-08 18:38:12 |
| time-finished | 2026-01-08 18:39:24 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpbvyr0ppm/libcue-2.3.0-13.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpbvyr0ppm/libcue-2.3.0-13.fc44.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |