libgpg-error-1.58-1.fc44

List of Findings

Error: SHELLCHECK_WARNING (CWE-563): [#def1]
/usr/bin/gpg-error-config:15:1: warning[SC2034]: includedir appears unused. Verify use (or export if used externally).
#   13|   prefix=/usr
#   14|   exec_prefix=/usr
#   15|-> includedir=/usr/include
#   16|   libdir=/usr/lib
#   17|   

Error: SHELLCHECK_WARNING (CWE-563): [#def2]
/usr/bin/gpg-error-config:16:1: warning[SC2034]: libdir appears unused. Verify use (or export if used externally).
#   14|   exec_prefix=/usr
#   15|   includedir=/usr/include
#   16|-> libdir=/usr/lib
#   17|   
#   18|   if echo "$0" | grep gpg-error-config 2>/dev/null >/dev/null; then

Error: SHELLCHECK_WARNING (CWE-563): [#def3]
/usr/bin/gpg-error-config:52:6: warning[SC2034]: optarg appears unused. Verify use (or export if used externally).
#   50|   	    ;;
#   51|   	*)
#   52|-> 	    optarg=
#   53|   	    ;;
#   54|       esac

Error: SHELLCHECK_WARNING (CWE-569): [#def4]
/usr/bin/gpgrt-config:121:3: warning[SC2221]: This pattern always overrides a later one on line 132.
#  119|   	if [ -n "$_reading_attrs" ]; then
#  120|   	    case "$_line" in
#  121|-> 		*:\ *)
#  122|   		    _key="${_line%%:\ *}"
#  123|   		    _value="${_line#*:\ }"

Error: SHELLCHECK_WARNING (CWE-569): [#def5]
/usr/bin/gpgrt-config:132:6: warning[SC2222]: This pattern never matches because of a previous pattern on line 121.
#  130|   EOF2
#  131|   		    ;;
#  132|-> 		*:|*:\ ) ;;
#  133|   		*)
#  134|   		    echo "Error reading $_filename: $_line" 1>&2

Error: SHELLCHECK_WARNING (CWE-563): [#def6]
/usr/bin/gpgrt-config:597:5: warning[SC2034]: VAR_pc_sysrootdir appears unused. Verify use (or export if used externally).
#  595|       VAR_pc_sysrootdir="/"
#  596|   else
#  597|->     VAR_pc_sysrootdir="$PKG_CONFIG_SYSROOT_DIR"
#  598|   fi
#  599|   

Error: SHELLCHECK_WARNING (CWE-156): [#def7]
/usr/bin/gpgrt-config:696:42: warning[SC2046]: Quote this to prevent word splitting.
#  694|   if [ -z "$want_var" ] && [ -z "$want_attr" ]; then
#  695|       if [ -n "$want_cflags" ]; then
#  696|-> 	output="$output${output:+ }$(sysroot -I $(list_only_once $cflags))"
#  697|   	# Backward compatibility to old gpg-error-config
#  698|   	if [ $mt = yes ] && [ -n "$mtcflags" ]; then

Error: SHELLCHECK_WARNING (CWE-156): [#def8]
/usr/bin/gpgrt-config:703:42: warning[SC2046]: Quote this to prevent word splitting.
#  701|       fi
#  702|       if [ -n "$want_libs" ]; then
#  703|-> 	output="$output${output:+ }$(sysroot -L $(list_only_once_for_libs $libs))"
#  704|   	# Backward compatibility to old gpg-error-config
#  705|   	if [ $mt = yes ] && [ -n "$mtlibs" ]; then

Error: GCC_ANALYZER_WARNING (CWE-401): [#def9]
libgpg-error-1.58/doc/yat2m.c:341:3: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
libgpg-error-1.58/doc/yat2m.c:2290:1: enter_function: entry to ‘main’
libgpg-error-1.58/doc/yat2m.c:2300:3: call_function: calling ‘add_predefined_macro’ from ‘main’
libgpg-error-1.58/doc/yat2m.c:2300:3: return_function: returning to ‘main’ from ‘add_predefined_macro’
libgpg-error-1.58/doc/yat2m.c:2301:3: call_function: calling ‘add_predefined_macro’ from ‘main’
libgpg-error-1.58/doc/yat2m.c:2301:3: return_function: returning to ‘main’ from ‘add_predefined_macro’
libgpg-error-1.58/doc/yat2m.c:2436:6: branch_false: following ‘false’ branch (when ‘argc <= 1’)...
libgpg-error-1.58/doc/yat2m.c:2441:7: branch_false: ...to here
libgpg-error-1.58/doc/yat2m.c:2441:6: branch_true: following ‘true’ branch...
libgpg-error-1.58/doc/yat2m.c:2441:25: branch_true: ...to here
libgpg-error-1.58/doc/yat2m.c:2445:6: branch_true: following ‘true’ branch...
libgpg-error-1.58/doc/yat2m.c:2448:10: branch_false: following ‘false’ branch...
libgpg-error-1.58/doc/yat2m.c:2450:7: branch_false: ...to here
libgpg-error-1.58/doc/yat2m.c:2450:7: call_function: calling ‘top_parse_file’ from ‘main’
#  339|     va_list arg_ptr;
#  340|   
#  341|->   fflush (stdout);
#  342|     fprintf (stderr, "%s: ", PGM);
#  343|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def10]
libgpg-error-1.58/doc/yat2m.c:359:3: warning[-Wanalyzer-malloc-leak]: leak of ‘incname’
libgpg-error-1.58/doc/yat2m.c:2290:1: enter_function: entry to ‘main’
libgpg-error-1.58/doc/yat2m.c:2300:3: call_function: calling ‘add_predefined_macro’ from ‘main’
libgpg-error-1.58/doc/yat2m.c:2300:3: return_function: returning to ‘main’ from ‘add_predefined_macro’
libgpg-error-1.58/doc/yat2m.c:2301:3: call_function: calling ‘add_predefined_macro’ from ‘main’
libgpg-error-1.58/doc/yat2m.c:2301:3: return_function: returning to ‘main’ from ‘add_predefined_macro’
libgpg-error-1.58/doc/yat2m.c:2436:6: branch_false: following ‘false’ branch (when ‘argc <= 1’)...
libgpg-error-1.58/doc/yat2m.c:2441:7: branch_false: ...to here
libgpg-error-1.58/doc/yat2m.c:2441:6: branch_true: following ‘true’ branch...
libgpg-error-1.58/doc/yat2m.c:2441:25: branch_true: ...to here
libgpg-error-1.58/doc/yat2m.c:2445:6: branch_true: following ‘true’ branch...
libgpg-error-1.58/doc/yat2m.c:2448:10: branch_false: following ‘false’ branch...
libgpg-error-1.58/doc/yat2m.c:2450:7: branch_false: ...to here
libgpg-error-1.58/doc/yat2m.c:2450:7: call_function: calling ‘top_parse_file’ from ‘main’
#  357|     va_list arg_ptr;
#  358|   
#  359|->   fflush (stdout);
#  360|     if (strncmp (format, "%s:%d:", 6))
#  361|       fprintf (stderr, "%s: ", PGM);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def11]
libgpg-error-1.58/doc/yat2m.c:359:3: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
libgpg-error-1.58/doc/yat2m.c:2290:1: enter_function: entry to ‘main’
libgpg-error-1.58/doc/yat2m.c:2300:3: call_function: calling ‘add_predefined_macro’ from ‘main’
libgpg-error-1.58/doc/yat2m.c:2300:3: return_function: returning to ‘main’ from ‘add_predefined_macro’
libgpg-error-1.58/doc/yat2m.c:2301:3: call_function: calling ‘add_predefined_macro’ from ‘main’
libgpg-error-1.58/doc/yat2m.c:2301:3: return_function: returning to ‘main’ from ‘add_predefined_macro’
libgpg-error-1.58/doc/yat2m.c:2436:6: branch_false: following ‘false’ branch (when ‘argc <= 1’)...
libgpg-error-1.58/doc/yat2m.c:2441:7: branch_false: ...to here
libgpg-error-1.58/doc/yat2m.c:2441:6: branch_true: following ‘true’ branch...
libgpg-error-1.58/doc/yat2m.c:2441:25: branch_true: ...to here
libgpg-error-1.58/doc/yat2m.c:2445:6: branch_true: following ‘true’ branch...
libgpg-error-1.58/doc/yat2m.c:2448:10: branch_false: following ‘false’ branch...
libgpg-error-1.58/doc/yat2m.c:2450:7: branch_false: ...to here
libgpg-error-1.58/doc/yat2m.c:2450:7: call_function: calling ‘top_parse_file’ from ‘main’
#  357|     va_list arg_ptr;
#  358|   
#  359|->   fflush (stdout);
#  360|     if (strncmp (format, "%s:%d:", 6))
#  361|       fprintf (stderr, "%s: ", PGM);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def12]
libgpg-error-1.58/doc/yat2m.c:359:3: warning[-Wanalyzer-malloc-leak]: leak of ‘xmalloc(1024)’
libgpg-error-1.58/doc/yat2m.c:2290:1: enter_function: entry to ‘main’
libgpg-error-1.58/doc/yat2m.c:2300:3: call_function: calling ‘add_predefined_macro’ from ‘main’
libgpg-error-1.58/doc/yat2m.c:2300:3: return_function: returning to ‘main’ from ‘add_predefined_macro’
libgpg-error-1.58/doc/yat2m.c:2301:3: call_function: calling ‘add_predefined_macro’ from ‘main’
libgpg-error-1.58/doc/yat2m.c:2301:3: return_function: returning to ‘main’ from ‘add_predefined_macro’
libgpg-error-1.58/doc/yat2m.c:2436:6: branch_false: following ‘false’ branch (when ‘argc <= 1’)...
libgpg-error-1.58/doc/yat2m.c:2441:7: branch_false: ...to here
libgpg-error-1.58/doc/yat2m.c:2441:6: branch_true: following ‘true’ branch...
libgpg-error-1.58/doc/yat2m.c:2441:25: branch_true: ...to here
libgpg-error-1.58/doc/yat2m.c:2445:6: branch_true: following ‘true’ branch...
libgpg-error-1.58/doc/yat2m.c:2448:10: branch_false: following ‘false’ branch...
libgpg-error-1.58/doc/yat2m.c:2450:7: branch_false: ...to here
libgpg-error-1.58/doc/yat2m.c:2450:7: call_function: calling ‘top_parse_file’ from ‘main’
#  357|     va_list arg_ptr;
#  358|   
#  359|->   fflush (stdout);
#  360|     if (strncmp (format, "%s:%d:", 6))
#  361|       fprintf (stderr, "%s: ", PGM);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def13]
libgpg-error-1.58/doc/yat2m.c:416:13: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup("1")’
libgpg-error-1.58/doc/yat2m.c:2290:1: enter_function: entry to ‘main’
libgpg-error-1.58/doc/yat2m.c:2300:3: call_function: calling ‘add_predefined_macro’ from ‘main’
libgpg-error-1.58/doc/yat2m.c:2300:3: return_function: returning to ‘main’ from ‘add_predefined_macro’
libgpg-error-1.58/doc/yat2m.c:2301:3: call_function: calling ‘add_predefined_macro’ from ‘main’
libgpg-error-1.58/doc/yat2m.c:2301:3: return_function: returning to ‘main’ from ‘add_predefined_macro’
libgpg-error-1.58/doc/yat2m.c:2436:6: branch_false: following ‘false’ branch (when ‘argc <= 1’)...
libgpg-error-1.58/doc/yat2m.c:2441:7: branch_false: ...to here
libgpg-error-1.58/doc/yat2m.c:2441:6: branch_true: following ‘true’ branch...
libgpg-error-1.58/doc/yat2m.c:2441:25: branch_true: ...to here
libgpg-error-1.58/doc/yat2m.c:2445:6: branch_true: following ‘true’ branch...
libgpg-error-1.58/doc/yat2m.c:2448:10: branch_false: following ‘false’ branch...
libgpg-error-1.58/doc/yat2m.c:2450:7: branch_false: ...to here
libgpg-error-1.58/doc/yat2m.c:2450:7: call_function: calling ‘top_parse_file’ from ‘main’
#  414|   xstrdup (const char *string)
#  415|   {
#  416|->   void *p = malloc (strlen (string)+1);
#  417|     if (!p)
#  418|       die ("out of core: %s", strerror (errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def14]
libgpg-error-1.58/doc/yat2m.c:416:13: warning[-Wanalyzer-malloc-leak]: leak of ‘xstrdup(p)’
libgpg-error-1.58/doc/yat2m.c:2290:1: enter_function: entry to ‘main’
libgpg-error-1.58/doc/yat2m.c:2300:3: call_function: calling ‘add_predefined_macro’ from ‘main’
libgpg-error-1.58/doc/yat2m.c:2300:3: return_function: returning to ‘main’ from ‘add_predefined_macro’
libgpg-error-1.58/doc/yat2m.c:2301:3: call_function: calling ‘add_predefined_macro’ from ‘main’
libgpg-error-1.58/doc/yat2m.c:2301:3: return_function: returning to ‘main’ from ‘add_predefined_macro’
libgpg-error-1.58/doc/yat2m.c:2436:6: branch_false: following ‘false’ branch (when ‘argc <= 1’)...
libgpg-error-1.58/doc/yat2m.c:2441:7: branch_false: ...to here
libgpg-error-1.58/doc/yat2m.c:2441:6: branch_true: following ‘true’ branch...
libgpg-error-1.58/doc/yat2m.c:2441:25: branch_true: ...to here
libgpg-error-1.58/doc/yat2m.c:2445:6: branch_true: following ‘true’ branch...
libgpg-error-1.58/doc/yat2m.c:2448:10: branch_false: following ‘false’ branch...
libgpg-error-1.58/doc/yat2m.c:2450:7: branch_false: ...to here
libgpg-error-1.58/doc/yat2m.c:2450:7: call_function: calling ‘top_parse_file’ from ‘main’
#  414|   xstrdup (const char *string)
#  415|   {
#  416|->   void *p = malloc (strlen (string)+1);
#  417|     if (!p)
#  418|       die ("out of core: %s", strerror (errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def15]
libgpg-error-1.58/doc/yat2m.c:2450:7: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(*argv, "rb")’
libgpg-error-1.58/doc/yat2m.c:2290:1: enter_function: entry to ‘main’
libgpg-error-1.58/doc/yat2m.c:2300:3: call_function: calling ‘add_predefined_macro’ from ‘main’
libgpg-error-1.58/doc/yat2m.c:2300:3: return_function: returning to ‘main’ from ‘add_predefined_macro’
libgpg-error-1.58/doc/yat2m.c:2301:3: call_function: calling ‘add_predefined_macro’ from ‘main’
libgpg-error-1.58/doc/yat2m.c:2301:3: return_function: returning to ‘main’ from ‘add_predefined_macro’
libgpg-error-1.58/doc/yat2m.c:2436:6: branch_false: following ‘false’ branch (when ‘argc <= 1’)...
libgpg-error-1.58/doc/yat2m.c:2441:7: branch_false: ...to here
libgpg-error-1.58/doc/yat2m.c:2441:6: branch_true: following ‘true’ branch...
libgpg-error-1.58/doc/yat2m.c:2441:25: branch_true: ...to here
libgpg-error-1.58/doc/yat2m.c:2445:6: branch_true: following ‘true’ branch...
libgpg-error-1.58/doc/yat2m.c:2447:18: acquire_resource: opened here
libgpg-error-1.58/doc/yat2m.c:2448:10: branch_false: following ‘false’ branch...
libgpg-error-1.58/doc/yat2m.c:2450:7: branch_false: ...to here
libgpg-error-1.58/doc/yat2m.c:2450:7: call_function: calling ‘top_parse_file’ from ‘main’
# 2448|         if (!fp)
# 2449|           die ("%s:0: can't open file: %s", *argv, strerror (errno));
# 2450|->       top_parse_file (*argv, fp);
# 2451|         fclose (fp);
# 2452|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def16]
libgpg-error-1.58/doc/yat2m.c:2450:7: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(*argv, "rb")’
libgpg-error-1.58/doc/yat2m.c:2290:1: enter_function: entry to ‘main’
libgpg-error-1.58/doc/yat2m.c:2300:3: call_function: calling ‘add_predefined_macro’ from ‘main’
libgpg-error-1.58/doc/yat2m.c:2300:3: return_function: returning to ‘main’ from ‘add_predefined_macro’
libgpg-error-1.58/doc/yat2m.c:2301:3: call_function: calling ‘add_predefined_macro’ from ‘main’
libgpg-error-1.58/doc/yat2m.c:2301:3: return_function: returning to ‘main’ from ‘add_predefined_macro’
libgpg-error-1.58/doc/yat2m.c:2436:6: branch_false: following ‘false’ branch (when ‘argc <= 1’)...
libgpg-error-1.58/doc/yat2m.c:2441:7: branch_false: ...to here
libgpg-error-1.58/doc/yat2m.c:2441:6: branch_true: following ‘true’ branch...
libgpg-error-1.58/doc/yat2m.c:2441:25: branch_true: ...to here
libgpg-error-1.58/doc/yat2m.c:2445:6: branch_true: following ‘true’ branch...
libgpg-error-1.58/doc/yat2m.c:2447:18: acquire_memory: allocated here
libgpg-error-1.58/doc/yat2m.c:2448:10: branch_false: following ‘false’ branch...
libgpg-error-1.58/doc/yat2m.c:2450:7: branch_false: ...to here
libgpg-error-1.58/doc/yat2m.c:2450:7: call_function: calling ‘top_parse_file’ from ‘main’
# 2448|         if (!fp)
# 2449|           die ("%s:0: can't open file: %s", *argv, strerror (errno));
# 2450|->       top_parse_file (*argv, fp);
# 2451|         fclose (fp);
# 2452|       }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def17]
libgpg-error-1.58/src/argparse.c:235:13: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/argparse.c:3345:1: enter_function: entry to 'dump_option_table'
libgpg-error-1.58/src/argparse.c:3356:6: branch_false: following 'false' branch (when 'nopts != 0')...
libgpg-error-1.58/src/argparse.c:3359:12: branch_false: ...to here
libgpg-error-1.58/src/argparse.c:3360:6: branch_true: following 'true' branch...
libgpg-error-1.58/src/argparse.c:3362:7: branch_true: ...to here
libgpg-error-1.58/src/argparse.c:3362:7: call_function: calling 'writestrings' from 'dump_option_table'
#  233|           {
#  234|             if (custom_outfnc)
#  235|->             custom_outfnc (is_error? 2:1, s);
#  236|             else
#  237|               _gpgrt_fputs (s, is_error? es_stderr : es_stdout);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def18]
libgpg-error-1.58/src/argparse.c:237:13: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/argparse.c:3345:1: enter_function: entry to 'dump_option_table'
libgpg-error-1.58/src/argparse.c:3356:6: branch_false: following 'false' branch (when 'nopts != 0')...
libgpg-error-1.58/src/argparse.c:3359:12: branch_false: ...to here
libgpg-error-1.58/src/argparse.c:3360:6: branch_true: following 'true' branch...
libgpg-error-1.58/src/argparse.c:3362:7: branch_true: ...to here
libgpg-error-1.58/src/argparse.c:3362:7: call_function: calling 'writestrings' from 'dump_option_table'
#  235|               custom_outfnc (is_error? 2:1, s);
#  236|             else
#  237|->             _gpgrt_fputs (s, is_error? es_stderr : es_stdout);
#  238|             count += strlen (s);
#  239|           }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def19]
libgpg-error-1.58/src/argparse.c:237:40: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/argparse.c:3345:1: enter_function: entry to 'dump_option_table'
libgpg-error-1.58/src/argparse.c:3356:6: branch_false: following 'false' branch (when 'nopts != 0')...
libgpg-error-1.58/src/argparse.c:3359:12: branch_false: ...to here
libgpg-error-1.58/src/argparse.c:3360:6: branch_true: following 'true' branch...
libgpg-error-1.58/src/argparse.c:3362:7: branch_true: ...to here
libgpg-error-1.58/src/argparse.c:3362:7: call_function: calling 'writestrings' from 'dump_option_table'
#  235|               custom_outfnc (is_error? 2:1, s);
#  236|             else
#  237|->             _gpgrt_fputs (s, is_error? es_stderr : es_stdout);
#  238|             count += strlen (s);
#  239|           }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def20]
libgpg-error-1.58/src/argparse.c:237:52: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/argparse.c:3309:1: enter_function: entry to 'show_version'
libgpg-error-1.58/src/argparse.c:3315:3: call_function: calling 'writestrings' from 'show_version'
#  235|               custom_outfnc (is_error? 2:1, s);
#  236|             else
#  237|->             _gpgrt_fputs (s, is_error? es_stderr : es_stdout);
#  238|             count += strlen (s);
#  239|           }

Error: CPPCHECK_WARNING (CWE-457): [#def21]
libgpg-error-1.58/src/argparse.c:1694: error[legacyUninitvar]: Uninitialized variable: keyword
# 1692|             for (idx=0; idx < nopts; idx++ )
# 1693|               {
# 1694|->               if (opts[idx].long_opt && !strcmp (opts[idx].long_opt, keyword))
# 1695|                   break;
# 1696|               }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def22]
libgpg-error-1.58/src/estream-printf.c:1867:17: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/estream-printf.c:1919:1: enter_function: entry to '_gpgrt_estream_bsprintf'
libgpg-error-1.58/src/estream-printf.c:1925:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/estream-printf.c:1926:8: call_function: calling '_gpgrt_estream_vasprintf' from '_gpgrt_estream_bsprintf'
# 1865|     parm.alloced = 512;
# 1866|     parm.used = 0;
# 1867|->   parm.buffer = my_printf_realloc (NULL, parm.alloced);
# 1868|     if (!parm.buffer)
# 1869|       {

Error: GCC_ANALYZER_WARNING (CWE-404): [#def23]
libgpg-error-1.58/src/init.c:268:12: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/init.c:410:1: enter_function: entry to '_gpgrt_strconcat'
libgpg-error-1.58/src/init.c:415:6: branch_false: following 'false' branch (when 's1' is non-NULL)...
libgpg-error-1.58/src/init.c:419:7: branch_false: ...to here
libgpg-error-1.58/src/init.c:419:7: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/init.c:420:16: call_function: calling '_gpgrt_strconcat_core' from '_gpgrt_strconcat'
#  266|   {
#  267|     if (custom_realloc)
#  268|->     return custom_realloc (a, n);
#  269|   
#  270|     if (!n)

Error: CPPCHECK_WARNING (CWE-476): [#def24]
libgpg-error-1.58/src/logging.c:272: error[nullPointer]: Null pointer dereference: (struct sockaddr_un*)0
#  270|                     srvr_addr_un.sun_path[sizeof (srvr_addr_un.sun_path)-1] = 0;
#  271|                     srvr_addr = (struct sockaddr *)&srvr_addr_un;
#  272|->                   addrlen = SUN_LEN (&srvr_addr_un);
#  273|                     name_for_err = srvr_addr_un.sun_path;
#  274|                   }

Error: CPPCHECK_WARNING (CWE-476): [#def25]
libgpg-error-1.58/src/logging.c:284: error[nullPointer]: Null pointer dereference: (struct sockaddr_un*)0
#  282|                     srvr_addr_un.sun_path[sizeof (srvr_addr_un.sun_path)-1] = 0;
#  283|                     srvr_addr = (struct sockaddr *)&srvr_addr_un;
#  284|->                   addrlen = SUN_LEN (&srvr_addr_un);
#  285|                   }
#  286|               }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def26]
libgpg-error-1.58/src/logging.c:485:12: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/logging.c:1199:1: enter_function: entry to '_gpgrt_log_debug_string'
libgpg-error-1.58/src/logging.c:1203:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/logging.c:1204:3: call_function: calling '_gpgrt_logv_internal' from '_gpgrt_log_debug_string'
#  483|     if (name && !strcmp (name, "-"))
#  484|       {
#  485|->       fp = es_stderr;
#  486|         goto leave;
#  487|       }

Error: GCC_ANALYZER_WARNING (CWE-126): [#def27]
libgpg-error-1.58/src/logging.c:488:52: warning[-Wanalyzer-out-of-bounds]: buffer over-read
libgpg-error-1.58/src/logging.c:1331:1: enter_function: entry to '_gpgrt_logv_clock'
libgpg-error-1.58/src/logging.c:1357:3: call_function: calling '_gpgrt_logv_internal' from '_gpgrt_logv_clock'
#  486|         goto leave;
#  487|       }
#  488|->   else if (name && !strncmp (name, "tcp://", 6) && name[6])
#  489|       want_socket = 1;
#  490|   #ifndef HAVE_W32_SYSTEM

Error: GCC_ANALYZER_WARNING (CWE-404): [#def28]
libgpg-error-1.58/src/logging.c:500:10: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/logging.c:1199:1: enter_function: entry to '_gpgrt_log_debug_string'
libgpg-error-1.58/src/logging.c:1203:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/logging.c:1204:3: call_function: calling '_gpgrt_logv_internal' from '_gpgrt_log_debug_string'
#  498|       fp = _gpgrt_fdopen (fd, "w");
#  499|     else if (!want_socket)
#  500|->     fp = _gpgrt_fopen (name, "a");
#  501|     else
#  502|       {

Error: GCC_ANALYZER_WARNING (CWE-404): [#def29]
libgpg-error-1.58/src/logging.c:505:16: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/logging.c:1199:1: enter_function: entry to '_gpgrt_log_debug_string'
libgpg-error-1.58/src/logging.c:1203:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/logging.c:1204:3: call_function: calling '_gpgrt_logv_internal' from '_gpgrt_log_debug_string'
#  503|         es_cookie_io_functions_t io = { NULL };
#  504|   
#  505|->       cookie = _gpgrt_malloc (sizeof *cookie + (name? strlen (name):0));
#  506|         if (!cookie)
#  507|           return; /* oops */

Error: GCC_ANALYZER_WARNING (CWE-404): [#def30]
libgpg-error-1.58/src/logging.c:523:10: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/logging.c:1199:1: enter_function: entry to '_gpgrt_log_debug_string'
libgpg-error-1.58/src/logging.c:1203:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/logging.c:1204:3: call_function: calling '_gpgrt_logv_internal' from '_gpgrt_log_debug_string'
#  521|     /* On error default to a stderr based estream.  */
#  522|     if (!fp)
#  523|->     fp = es_stderr;
#  524|   
#  525|    leave:

Error: CPPCHECK_WARNING (CWE-664): [#def31]
libgpg-error-1.58/src/logging.c:1324: error[va_list_usedBeforeStarted]: va_list 'dummy_argptr' used before va_start() was called.
# 1322|         static va_list dummy_argptr;
# 1323|   
# 1324|->       _gpgrt_logv_printhex (buffer, length, NULL, dummy_argptr);
# 1325|       }
# 1326|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def32]
libgpg-error-1.58/src/spawn-posix.c:405:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'open("/dev/null", (int)(for_write != 0))'
libgpg-error-1.58/src/spawn-posix.c:398:1: enter_function: entry to 'my_exec'
libgpg-error-1.58/src/spawn-posix.c:404:15: branch_true: following 'true' branch (when 'i != 3')...
libgpg-error-1.58/src/spawn-posix.c:405:9: branch_true: ...to here
libgpg-error-1.58/src/spawn-posix.c:405:8: branch_true: following 'true' branch...
libgpg-error-1.58/src/spawn-posix.c:406:20: branch_true: ...to here
libgpg-error-1.58/src/spawn-posix.c:406:20: call_function: calling 'posix_open_null' from 'my_exec'
libgpg-error-1.58/src/spawn-posix.c:406:20: return_function: returning to 'my_exec' from 'posix_open_null'
libgpg-error-1.58/src/spawn-posix.c:404:15: branch_true: following 'true' branch (when 'i != 3')...
libgpg-error-1.58/src/spawn-posix.c:405:9: branch_true: ...to here
libgpg-error-1.58/src/spawn-posix.c:405:8: branch_true: following 'true' branch...
libgpg-error-1.58/src/spawn-posix.c:406:20: branch_true: ...to here
libgpg-error-1.58/src/spawn-posix.c:406:20: call_function: calling 'posix_open_null' from 'my_exec'
#  403|     /* Assign /dev/null to unused FDs.  */
#  404|     for (i = 0; i <= 2; i++)
#  405|->     if (act->fd[i] == -1)
#  406|         act->fd[i] = posix_open_null (i);
#  407|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def33]
libgpg-error-1.58/src/spawn-posix.c:412:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'dup2(*act.fd[i], i)'
libgpg-error-1.58/src/spawn-posix.c:404:15: branch_true: following 'true' branch (when 'i != 3')...
libgpg-error-1.58/src/spawn-posix.c:405:9: branch_true: ...to here
libgpg-error-1.58/src/spawn-posix.c:405:8: branch_false: following 'false' branch...
libgpg-error-1.58/src/spawn-posix.c:404:23: branch_false: ...to here
libgpg-error-1.58/src/spawn-posix.c:405:8: branch_false: following 'false' branch...
libgpg-error-1.58/src/spawn-posix.c:404:23: branch_false: ...to here
libgpg-error-1.58/src/spawn-posix.c:409:15: branch_true: following 'true' branch (when 'i != 3')...
libgpg-error-1.58/src/spawn-posix.c:410:9: branch_true: ...to here
libgpg-error-1.58/src/spawn-posix.c:410:8: branch_true: following 'true' branch...
libgpg-error-1.58/src/spawn-posix.c:412:13: branch_true: ...to here
libgpg-error-1.58/src/spawn-posix.c:412:13: acquire_resource: opened here
libgpg-error-1.58/src/spawn-posix.c:412:12: danger: 'dup2(*act.fd[i], i)' leaks here; was opened at [(11)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/10)
#  410|       if (act->fd[i] != i)
#  411|         {
#  412|->         if (dup2 (act->fd[i], i) == -1)
#  413|             _gpgrt_log_fatal ("dup2 std%s failed: %s\n",
#  414|                               i==0?"in":i==1?"out":"err", strerror (errno));

Error: GCC_ANALYZER_WARNING (CWE-404): [#def34]
libgpg-error-1.58/src/stringutils.c:86:11: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/stringutils.c:316:1: enter_function: entry to '_gpgrt_absfnameconcat'
libgpg-error-1.58/src/stringutils.c:321:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/stringutils.c:322:12: call_function: calling '_gpgrt_vfnameconcat' from '_gpgrt_absfnameconcat'
#   84|         if (argc >= DIM (argv)-1)
#   85|           {
#   86|->           _gpg_err_set_errno (EINVAL);
#   87|             return NULL;
#   88|           }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def35]
libgpg-error-1.58/src/stringutils.c:122:29: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/stringutils.c:316:1: enter_function: entry to '_gpgrt_absfnameconcat'
libgpg-error-1.58/src/stringutils.c:321:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/stringutils.c:322:12: call_function: calling '_gpgrt_vfnameconcat' from '_gpgrt_absfnameconcat'
#  120|             if (!home)
#  121|               {
#  122|->               home_buffer = _gpgrt_getenv ("HOME");
#  123|                 if (!home_buffer)
#  124|                   home_buffer = _gpgrt_getpwdir (NULL);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def36]
libgpg-error-1.58/src/stringutils.c:124:31: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/stringutils.c:316:1: enter_function: entry to '_gpgrt_absfnameconcat'
libgpg-error-1.58/src/stringutils.c:321:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/stringutils.c:322:12: call_function: calling '_gpgrt_vfnameconcat' from '_gpgrt_absfnameconcat'
#  122|                 home_buffer = _gpgrt_getenv ("HOME");
#  123|                 if (!home_buffer)
#  124|->                 home_buffer = _gpgrt_getpwdir (NULL);
#  125|                 home = home_buffer;
#  126|               }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def37]
libgpg-error-1.58/src/stringutils.c:135:18: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/stringutils.c:316:1: enter_function: entry to '_gpgrt_absfnameconcat'
libgpg-error-1.58/src/stringutils.c:321:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/stringutils.c:322:12: call_function: calling '_gpgrt_vfnameconcat' from '_gpgrt_absfnameconcat'
#  133|             char *user;
#  134|   
#  135|->           user = _gpgrt_strdup (first_part+1);
#  136|             if (!user)
#  137|               return NULL;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def38]
libgpg-error-1.58/src/stringutils.c:144:32: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/stringutils.c:316:1: enter_function: entry to '_gpgrt_absfnameconcat'
libgpg-error-1.58/src/stringutils.c:321:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/stringutils.c:322:12: call_function: calling '_gpgrt_vfnameconcat' from '_gpgrt_absfnameconcat'
#  142|             skip = 1 + strlen (user);
#  143|   
#  144|->           home = home_buffer = _gpgrt_getpwdir (user);
#  145|             xfree (user);
#  146|             if (home)

Error: GCC_ANALYZER_WARNING (CWE-404): [#def39]
libgpg-error-1.58/src/stringutils.c:145:11: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/stringutils.c:316:1: enter_function: entry to '_gpgrt_absfnameconcat'
libgpg-error-1.58/src/stringutils.c:321:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/stringutils.c:322:12: call_function: calling '_gpgrt_vfnameconcat' from '_gpgrt_absfnameconcat'
#  143|   
#  144|             home = home_buffer = _gpgrt_getpwdir (user);
#  145|->           xfree (user);
#  146|             if (home)
#  147|               n += strlen (home);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def40]
libgpg-error-1.58/src/sysutils.c:50:3: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'd'
libgpg-error-1.58/src/sysutils.c:47:11: acquire_resource: opened here
libgpg-error-1.58/src/sysutils.c:48:6: branch_false: following 'false' branch (when 'd >= 0')...
libgpg-error-1.58/src/sysutils.c:50:3: branch_false: ...to here
libgpg-error-1.58/src/sysutils.c:50:3: throw: if 'close' throws an exception...
libgpg-error-1.58/src/sysutils.c:50:3: danger: 'd' leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   48|     if (d < 0)
#   49|       return 0;
#   50|->   close (d);
#   51|     return 1;
#   52|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def41]
libgpg-error-1.58/src/visibility.c:554:8: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:553:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:554:8: throw: if '_gpgrt_vfprintf' throws an exception...
libgpg-error-1.58/src/visibility.c:554:8: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  552|   
#  553|     va_start (ap, format);
#  554|->   rc = _gpgrt_vfprintf (es_stdout, NULL, NULL, format, ap);
#  555|     va_end (ap);
#  556|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def42]
libgpg-error-1.58/src/visibility.c:554:25: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:553:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:554:25: throw: if '_gpgrt__get_std_stream' throws an exception...
libgpg-error-1.58/src/visibility.c:554:25: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  552|   
#  553|     va_start (ap, format);
#  554|->   rc = _gpgrt_vfprintf (es_stdout, NULL, NULL, format, ap);
#  555|     va_end (ap);
#  556|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def43]
libgpg-error-1.58/src/visibility.c:567:8: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:566:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:567:8: throw: if '_gpgrt_vfprintf_unlocked' throws an exception...
libgpg-error-1.58/src/visibility.c:567:8: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  565|   
#  566|     va_start (ap, format);
#  567|->   rc = _gpgrt_vfprintf_unlocked (es_stdout, NULL, NULL, format, ap);
#  568|     va_end (ap);
#  569|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def44]
libgpg-error-1.58/src/visibility.c:567:34: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:566:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:567:34: throw: if '_gpgrt__get_std_stream' throws an exception...
libgpg-error-1.58/src/visibility.c:567:34: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  565|   
#  566|     va_start (ap, format);
#  567|->   rc = _gpgrt_vfprintf_unlocked (es_stdout, NULL, NULL, format, ap);
#  568|     va_end (ap);
#  569|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def45]
libgpg-error-1.58/src/visibility.c:581:8: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:580:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:581:8: throw: if '_gpgrt_vfprintf' throws an exception...
libgpg-error-1.58/src/visibility.c:581:8: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  579|   
#  580|     va_start (ap, format);
#  581|->   rc = _gpgrt_vfprintf (stream, NULL, NULL, format, ap);
#  582|     va_end (ap);
#  583|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def46]
libgpg-error-1.58/src/visibility.c:595:8: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:594:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:595:8: throw: if '_gpgrt_vfprintf_unlocked' throws an exception...
libgpg-error-1.58/src/visibility.c:595:8: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  593|   
#  594|     va_start (ap, format);
#  595|->   rc = _gpgrt_vfprintf_unlocked (stream, NULL, NULL, format, ap);
#  596|     va_end (ap);
#  597|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def47]
libgpg-error-1.58/src/visibility.c:610:8: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:609:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:610:8: throw: if '_gpgrt_vfprintf' throws an exception...
libgpg-error-1.58/src/visibility.c:610:8: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  608|   
#  609|     va_start (ap, format);
#  610|->   rc = _gpgrt_vfprintf (stream, sf, sfvalue, format, ap);
#  611|     va_end (ap);
#  612|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def48]
libgpg-error-1.58/src/visibility.c:625:8: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:624:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:625:8: throw: if '_gpgrt_vfprintf_unlocked' throws an exception...
libgpg-error-1.58/src/visibility.c:625:8: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  623|   
#  624|     va_start (ap, format);
#  625|->   rc = _gpgrt_vfprintf_unlocked (stream, sf, sfvalue, format, ap);
#  626|     va_end (ap);
#  627|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def49]
libgpg-error-1.58/src/visibility.c:705:8: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:704:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:705:8: throw: if '_gpgrt_estream_vasprintf' throws an exception...
libgpg-error-1.58/src/visibility.c:705:8: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  703|   
#  704|     va_start (ap, format);
#  705|->   rc = _gpgrt_estream_vasprintf (r_buf, format, ap);
#  706|     va_end (ap);
#  707|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def50]
libgpg-error-1.58/src/visibility.c:725:8: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:724:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:725:8: throw: if '_gpgrt_estream_vasprintf' throws an exception...
libgpg-error-1.58/src/visibility.c:725:8: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  723|   
#  724|     va_start (ap, format);
#  725|->   rc = _gpgrt_estream_vasprintf (&buf, format, ap);
#  726|     va_end (ap);
#  727|     if (rc < 0)

Error: GCC_ANALYZER_WARNING (CWE-404): [#def51]
libgpg-error-1.58/src/visibility.c:751:8: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:750:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:751:8: throw: if '_gpgrt_estream_vsnprintf' throws an exception...
libgpg-error-1.58/src/visibility.c:751:8: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
#  749|   
#  750|     va_start (arg_ptr, format);
#  751|->   rc = _gpgrt_estream_vsnprintf (buf, bufsize, format, arg_ptr);
#  752|     va_end (arg_ptr);
#  753|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def52]
libgpg-error-1.58/src/visibility.c:807:16: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:802:6: branch_false: following 'false' branch (when 's1' is non-NULL)...
libgpg-error-1.58/src/visibility.c:806:7: branch_false: ...to here
libgpg-error-1.58/src/visibility.c:806:7: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:807:16: throw: if '_gpgrt_strconcat_core' throws an exception...
libgpg-error-1.58/src/visibility.c:807:16: danger: missing call to 'va_end' to match 'va_start' at [(3)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/2)
#  805|       {
#  806|         va_start (arg_ptr, s1);
#  807|->       result = _gpgrt_strconcat_core (s1, arg_ptr);
#  808|         va_end (arg_ptr);
#  809|       }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def53]
libgpg-error-1.58/src/visibility.c:978:3: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:977:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:978:3: throw: if '_gpgrt_logv' throws an exception...
libgpg-error-1.58/src/visibility.c:978:3: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/0)
#  976|   
#  977|     va_start (arg_ptr, fmt) ;
#  978|->   _gpgrt_logv (level, fmt, arg_ptr);
#  979|     va_end (arg_ptr);
#  980|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def54]
libgpg-error-1.58/src/visibility.c:1018:3: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:1017:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:1018:3: throw: if '_gpgrt_logv' throws an exception...
libgpg-error-1.58/src/visibility.c:1018:3: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/0)
# 1016|   
# 1017|     va_start (arg_ptr, fmt);
# 1018|->   _gpgrt_logv (GPGRT_LOGLVL_INFO, fmt, arg_ptr);
# 1019|     va_end (arg_ptr);
# 1020|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def55]
libgpg-error-1.58/src/visibility.c:1028:3: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:1027:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:1028:3: throw: if '_gpgrt_logv' throws an exception...
libgpg-error-1.58/src/visibility.c:1028:3: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/0)
# 1026|   
# 1027|     va_start (arg_ptr, fmt);
# 1028|->   _gpgrt_logv (GPGRT_LOGLVL_ERROR, fmt, arg_ptr);
# 1029|     va_end (arg_ptr);
# 1030|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def56]
libgpg-error-1.58/src/visibility.c:1038:3: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:1037:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:1038:3: throw: if '_gpgrt_logv' throws an exception...
libgpg-error-1.58/src/visibility.c:1038:3: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/0)
# 1036|   
# 1037|     va_start (arg_ptr, fmt);
# 1038|->   _gpgrt_logv (GPGRT_LOGLVL_FATAL, fmt, arg_ptr);
# 1039|     va_end (arg_ptr);
# 1040|     _gpgrt_abort (); /* Never called; just to make the compiler happy.  */

Error: GCC_ANALYZER_WARNING (CWE-404): [#def57]
libgpg-error-1.58/src/visibility.c:1049:3: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:1048:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:1049:3: throw: if '_gpgrt_logv' throws an exception...
libgpg-error-1.58/src/visibility.c:1049:3: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/0)
# 1047|   
# 1048|     va_start (arg_ptr, fmt);
# 1049|->   _gpgrt_logv (GPGRT_LOGLVL_BUG, fmt, arg_ptr);
# 1050|     va_end (arg_ptr);
# 1051|     _gpgrt_abort (); /* Never called; just to make the compiler happy.  */

Error: GCC_ANALYZER_WARNING (CWE-404): [#def58]
libgpg-error-1.58/src/visibility.c:1060:3: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:1059:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:1060:3: throw: if '_gpgrt_logv' throws an exception...
libgpg-error-1.58/src/visibility.c:1060:3: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/0)
# 1058|   
# 1059|     va_start (arg_ptr, fmt);
# 1060|->   _gpgrt_logv (GPGRT_LOGLVL_DEBUG, fmt, arg_ptr);
# 1061|     va_end (arg_ptr);
# 1062|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def59]
libgpg-error-1.58/src/visibility.c:1070:3: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:1069:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:1070:3: throw: if '_gpgrt_logv_internal' throws an exception...
libgpg-error-1.58/src/visibility.c:1070:3: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/0)
# 1068|   
# 1069|     va_start (arg_ptr, fmt);
# 1070|->   _gpgrt_logv_internal (GPGRT_LOGLVL_DEBUG, 0, string, NULL, fmt, arg_ptr);
# 1071|     va_end (arg_ptr);
# 1072|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def60]
libgpg-error-1.58/src/visibility.c:1080:3: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:1079:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:1080:3: throw: if '_gpgrt_logv' throws an exception...
libgpg-error-1.58/src/visibility.c:1080:3: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/0)
# 1078|   
# 1079|     va_start (arg_ptr, fmt);
# 1080|->   _gpgrt_logv (fmt ? GPGRT_LOGLVL_CONT : GPGRT_LOGLVL_BEGIN, fmt, arg_ptr);
# 1081|     va_end (arg_ptr);
# 1082|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def61]
libgpg-error-1.58/src/visibility.c:1096:3: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:1095:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:1096:3: throw: if '_gpgrt_logv_printhex' throws an exception...
libgpg-error-1.58/src/visibility.c:1096:3: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/0)
# 1094|   
# 1095|     va_start (arg_ptr, fmt);
# 1096|->   _gpgrt_logv_printhex (buffer, length, fmt, arg_ptr);
# 1097|     va_end (arg_ptr);
# 1098|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def62]
libgpg-error-1.58/src/visibility.c:1106:3: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:1105:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:1106:3: throw: if '_gpgrt_logv_clock' throws an exception...
libgpg-error-1.58/src/visibility.c:1106:3: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/0)
# 1104|   
# 1105|     va_start (arg_ptr, fmt);
# 1106|->   _gpgrt_logv_clock (fmt, arg_ptr);
# 1107|     va_end (arg_ptr);
# 1108|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def63]
libgpg-error-1.58/src/visibility.c:1244:8: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:1243:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:1244:8: throw: if '_gpgrt_process_vctl' throws an exception...
libgpg-error-1.58/src/visibility.c:1244:8: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/0)
# 1242|   
# 1243|     va_start (arg_ptr, request);
# 1244|->   ec = _gpgrt_process_vctl (process, request, arg_ptr);
# 1245|     va_end (arg_ptr);
# 1246|     return ec;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def64]
libgpg-error-1.58/src/visibility.c:1329:12: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:1328:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:1329:12: throw: if '_gpgrt_vfnameconcat' throws an exception...
libgpg-error-1.58/src/visibility.c:1329:12: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/0)
# 1327|   
# 1328|     va_start (arg_ptr, first);
# 1329|->   result = _gpgrt_vfnameconcat (GPGRT_FCONCAT_TILDE, first, arg_ptr);
# 1330|     va_end (arg_ptr);
# 1331|     return result;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def65]
libgpg-error-1.58/src/visibility.c:1341:12: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:1340:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:1341:12: throw: if '_gpgrt_vfnameconcat' throws an exception...
libgpg-error-1.58/src/visibility.c:1341:12: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/0)
# 1339|   
# 1340|     va_start (arg_ptr, first);
# 1341|->   result = _gpgrt_vfnameconcat (GPGRT_FCONCAT_TILDE|GPGRT_FCONCAT_ABS,
# 1342|                                   first, arg_ptr);
# 1343|     va_end (arg_ptr);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def66]
libgpg-error-1.58/src/visibility.c:1354:12: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
libgpg-error-1.58/src/visibility.c:1353:3: acquire_resource: 'va_start' called here
libgpg-error-1.58/src/visibility.c:1354:12: throw: if '_gpgrt_vfnameconcat' throws an exception...
libgpg-error-1.58/src/visibility.c:1354:12: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/0)
# 1352|   
# 1353|     va_start (arg_ptr, first);
# 1354|->   result = _gpgrt_vfnameconcat (flags, first, arg_ptr);
# 1355|     va_end (arg_ptr);
# 1356|     return result;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def67]
libgpg-error-1.58/tests/t-logging.c:77:15: warning[-Wanalyzer-malloc-leak]: leak of ‘buffer’
libgpg-error-1.58/tests/t-logging.c:211:1: enter_function: entry to ‘main’
libgpg-error-1.58/tests/t-logging.c:236:6: branch_false: following ‘false’ branch...
libgpg-error-1.58/tests/t-logging.c:238:3: branch_false: ...to here
libgpg-error-1.58/tests/t-logging.c:240:3: call_function: calling ‘check_log_info’ from ‘main’
#   75|           die ("malloc failed at line %d\n", __LINE__);
#   76|   
#   77|->       nread = gpgrt_fread (buffer + buflen, 1, NCHUNK, stream);
#   78|         if (nread < NCHUNK && gpgrt_ferror (stream))
#   79|           die ("fread failed at line %d: %s\n", __LINE__,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def68]
libgpg-error-1.58/tests/t-poll.c:211:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘filedes[0]’
libgpg-error-1.58/tests/t-poll.c:387:1: enter_function: entry to ‘main’
libgpg-error-1.58/tests/t-poll.c:421:6: branch_false: following ‘false’ branch...
libgpg-error-1.58/tests/t-poll.c:427:3: branch_false: ...to here
libgpg-error-1.58/tests/t-poll.c:428:3: call_function: calling ‘create_pipe’ from ‘main’
#  209|   #endif
#  210|   
#  211|->   *r_in = es_sysopen (&syshd[0], "r,pollable");
#  212|     if (!*r_in)
#  213|       {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def69]
libgpg-error-1.58/tests/t-poll.c:211:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘filedes[1]’
libgpg-error-1.58/tests/t-poll.c:387:1: enter_function: entry to ‘main’
libgpg-error-1.58/tests/t-poll.c:421:6: branch_false: following ‘false’ branch...
libgpg-error-1.58/tests/t-poll.c:427:3: branch_false: ...to here
libgpg-error-1.58/tests/t-poll.c:428:3: call_function: calling ‘create_pipe’ from ‘main’
#  209|   #endif
#  210|   
#  211|->   *r_in = es_sysopen (&syshd[0], "r,pollable");
#  212|     if (!*r_in)
#  213|       {

Error: GCC_ANALYZER_WARNING (CWE-404): [#def70]
libgpg-error-1.58/tests/t-printf.c:119:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
libgpg-error-1.58/tests/t-printf.c:544:1: enter_function: entry to ‘main’
libgpg-error-1.58/tests/t-printf.c:579:6: branch_false: following ‘false’ branch...
libgpg-error-1.58/tests/t-printf.c:585:3: branch_false: ...to here
libgpg-error-1.58/tests/t-printf.c:585:3: call_function: calling ‘run_tests’ from ‘main’
#  117|     errno = ENOENT;
#  118|     va_start (arg_ptr, format);
#  119|->   rc2 = gpgrt_vasprintf (&buf2, format, arg_ptr);
#  120|     va_end (arg_ptr);
#  121|     if (rc2 == -1)
Scan Properties

analyzer-version-clippy	1.92.0
analyzer-version-cppcheck	2.19.1
analyzer-version-gcc	16.0.0
analyzer-version-gcc-analyzer	16.0.0
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-32.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	libgpg-error-1.58-1.fc44
store-results-to	/tmp/tmp2haxgqvf/libgpg-error-1.58-1.fc44.tar.xz
time-created	2026-01-08 18:46:04
time-finished	2026-01-08 18:48:21
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmp2haxgqvf/libgpg-error-1.58-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp2haxgqvf/libgpg-error-1.58-1.fc44.src.rpm'
tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9