liblc3-1.1.3-6.fc44

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1]
liblc3-1.1.3/src/ltpf.c:498:30: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘r[0]’
liblc3-1.1.3/src/ltpf.c:660:6: enter_function: entry to ‘lc3_ltpf_analyse’
liblc3-1.1.3/src/ltpf.c:688:5: call_function: calling ‘resample_6k4’ from ‘lc3_ltpf_analyse’
liblc3-1.1.3/src/ltpf.c:688:5: return_function: returning to ‘lc3_ltpf_analyse’ from ‘resample_6k4’
liblc3-1.1.3/src/ltpf.c:692:8: branch_true: following ‘true’ branch (when ‘dt == 0’)...
liblc3-1.1.3/src/ltpf.c:693:9: branch_true: ...to here
liblc3-1.1.3/src/ltpf.c:702:26: call_function: calling ‘detect_pitch’ from ‘lc3_ltpf_analyse’
#  496|       int arg;
#  497|   
#  498|->     float xw_max = (*x_max = x[arg = 0]);
#  499|       float w = 1 + w_incr;
#  500|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def2]
liblc3-1.1.3/src/ltpf.c:502:22: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
liblc3-1.1.3/src/ltpf.c:660:6: enter_function: entry to ‘lc3_ltpf_analyse’
liblc3-1.1.3/src/ltpf.c:688:5: call_function: calling ‘resample_6k4’ from ‘lc3_ltpf_analyse’
liblc3-1.1.3/src/ltpf.c:688:5: return_function: returning to ‘lc3_ltpf_analyse’ from ‘resample_6k4’
liblc3-1.1.3/src/ltpf.c:692:8: branch_false: following ‘false’ branch (when ‘dt != 0’)...
liblc3-1.1.3/src/ltpf.c:699:13: branch_false: ...to here
liblc3-1.1.3/src/ltpf.c:702:26: call_function: calling ‘detect_pitch’ from ‘lc3_ltpf_analyse’
#  500|   
#  501|       for (int i = 1; i < n; i++, w += w_incr)
#  502|->         if (xw_max < x[i] * w)
#  503|               xw_max = (*x_max = x[arg = i]) * w;
#  504|   

Error: CPPCHECK_WARNING (CWE-562): [#def3]
liblc3-1.1.3/src/mdct.c:440: error[danglingLifetime]: Non-local variable '.z' will use object that points to local variable 'buffer'.
#  438|       struct lc3_complex buffer[LC3_MAX_NS / 2];
#  439|       struct lc3_complex *z = (struct lc3_complex *)y;
#  440|->     union { float *f; struct lc3_complex *z; } u = { .z = buffer };
#  441|   
#  442|       mdct_window(dt, sr, x, d, u.f);

Error: CPPCHECK_WARNING (CWE-562): [#def4]
liblc3-1.1.3/src/mdct.c:465: error[danglingLifetime]: Non-local variable '.z' will use object that points to local variable 'buffer'.
#  463|       struct lc3_complex buffer[LC3_MAX_NS / 2];
#  464|       struct lc3_complex *z = (struct lc3_complex *)y;
#  465|->     union { float *f; struct lc3_complex *z; } u = { .z = buffer };
#  466|   
#  467|       imdct_pre_fft(rot, x, z);

Error: GCC_ANALYZER_WARNING (CWE-835): [#def5]
liblc3-1.1.3/src/sns.c:648:52: warning[-Wanalyzer-infinite-loop]: infinite loop
#  646|           int ci = 0;
#  647|   
#  648|->         for (ci = 0; idx < lc3_sns_mpvq_offsets[i][npulses - ci]; ci++);
#  649|           idx -= lc3_sns_mpvq_offsets[i][npulses - ci];
#  650|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
liblc3-1.1.3/tools/dlc3.c:206:20: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc((long unsigned int)lc3_hr_decoder_size(hrmode,  frame_us,  pcm_srate_hz))’
liblc3-1.1.3/tools/dlc3.c:145:5: enter_function: entry to ‘main’
liblc3-1.1.3/tools/dlc3.c:149:27: call_function: calling ‘parse_args’ from ‘main’
liblc3-1.1.3/tools/dlc3.c:149:27: return_function: returning to ‘main’ from ‘parse_args’
liblc3-1.1.3/tools/dlc3.c:152:8: branch_false: following ‘false’ branch (when ‘<unknown>’ is NULL)...
liblc3-1.1.3/tools/dlc3.c:155:8: branch_false: ...to here
liblc3-1.1.3/tools/dlc3.c:155:8: branch_false: following ‘false’ branch (when ‘<unknown>’ is NULL)...
liblc3-1.1.3/tools/dlc3.c:158:9: branch_false: ...to here
liblc3-1.1.3/tools/dlc3.c:158:8: branch_false: following ‘false’ branch...
liblc3-1.1.3/tools/dlc3.c:166:9: branch_false: ...to here
liblc3-1.1.3/tools/dlc3.c:166:8: branch_false: following ‘false’ branch...
liblc3-1.1.3/tools/dlc3.c:170:9: branch_false: ...to here
liblc3-1.1.3/tools/dlc3.c:170:8: branch_false: following ‘false’ branch...
liblc3-1.1.3/tools/dlc3.c:173:10: branch_false: ...to here
liblc3-1.1.3/tools/dlc3.c:176:8: branch_false: following ‘false’ branch...
liblc3-1.1.3/tools/dlc3.c:179:8: branch_false: ...to here
liblc3-1.1.3/tools/dlc3.c:179:8: branch_false: following ‘false’ branch (when ‘<unknown> == 0’)...
liblc3-1.1.3/tools/dlc3.c:184:9: branch_false: ...to here
liblc3-1.1.3/tools/dlc3.c:186:24: branch_false: following ‘false’ branch (when ‘<unknown> == 0’)...
liblc3-1.1.3/tools/dlc3.c:186:9: branch_false: ...to here
liblc3-1.1.3/tools/dlc3.c:187:9: branch_false: following ‘false’ branch (when ‘<unknown> == 0’)...
liblc3-1.1.3/tools/dlc3.c:187:9: branch_false: ...to here
liblc3-1.1.3/tools/dlc3.c:203:9: branch_false: following ‘false’ branch (when ‘<unknown> != 24’)...
liblc3-1.1.3/tools/dlc3.c:203:9: branch_false: ...to here
liblc3-1.1.3/tools/dlc3.c:205:23: branch_true: following ‘true’ branch...
liblc3-1.1.3/tools/dlc3.c:208:20: branch_true: ...to here
liblc3-1.1.3/tools/dlc3.c:206:20: acquire_memory: allocated here
liblc3-1.1.3/tools/dlc3.c:206:20: danger: ‘malloc((long unsigned int)lc3_hr_decoder_size(hrmode,  frame_us,  pcm_srate_hz))’ leaks here; was allocated at [(29)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/28)
#  204|   
#  205|       for (int ich = 0; ich < nchannels; ich++) {
#  206|->         dec[ich] = lc3_hr_setup_decoder(
#  207|               hrmode, frame_us, srate_hz, p.srate_hz,
#  208|               malloc(lc3_hr_decoder_size(hrmode, frame_us, pcm_srate_hz)));

Error: GCC_ANALYZER_WARNING (CWE-126): [#def7]
liblc3-1.1.3/tools/dlc3.c:245:27: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
liblc3-1.1.3/tools/dlc3.c:145:5: enter_function: entry to ‘main’
liblc3-1.1.3/tools/dlc3.c:149:27: call_function: calling ‘parse_args’ from ‘main’
liblc3-1.1.3/tools/dlc3.c:149:27: return_function: returning to ‘main’ from ‘parse_args’
liblc3-1.1.3/tools/dlc3.c:152:8: branch_false: following ‘false’ branch (when ‘<unknown>’ is NULL)...
liblc3-1.1.3/tools/dlc3.c:155:8: branch_false: ...to here
liblc3-1.1.3/tools/dlc3.c:155:8: branch_false: following ‘false’ branch (when ‘<unknown>’ is NULL)...
liblc3-1.1.3/tools/dlc3.c:158:9: branch_false: ...to here
liblc3-1.1.3/tools/dlc3.c:158:8: branch_false: following ‘false’ branch...
liblc3-1.1.3/tools/dlc3.c:166:9: branch_false: ...to here
liblc3-1.1.3/tools/dlc3.c:166:8: branch_false: following ‘false’ branch...
liblc3-1.1.3/tools/dlc3.c:170:9: branch_false: ...to here
liblc3-1.1.3/tools/dlc3.c:170:8: branch_false: following ‘false’ branch...
liblc3-1.1.3/tools/dlc3.c:173:10: branch_false: ...to here
liblc3-1.1.3/tools/dlc3.c:176:8: branch_false: following ‘false’ branch...
liblc3-1.1.3/tools/dlc3.c:179:8: branch_false: ...to here
liblc3-1.1.3/tools/dlc3.c:179:8: branch_false: following ‘false’ branch (when ‘<unknown> == 0’)...
liblc3-1.1.3/tools/dlc3.c:184:9: branch_false: ...to here
liblc3-1.1.3/tools/dlc3.c:186:24: branch_false: following ‘false’ branch (when ‘<unknown> == 0’)...
liblc3-1.1.3/tools/dlc3.c:186:9: branch_false: ...to here
liblc3-1.1.3/tools/dlc3.c:187:9: branch_false: following ‘false’ branch (when ‘<unknown> == 0’)...
liblc3-1.1.3/tools/dlc3.c:187:9: branch_false: ...to here
liblc3-1.1.3/tools/dlc3.c:203:9: branch_false: following ‘false’ branch (when ‘<unknown> != 24’)...
liblc3-1.1.3/tools/dlc3.c:203:9: branch_false: ...to here
liblc3-1.1.3/tools/dlc3.c:222:21: branch_true: following ‘true’ branch...
liblc3-1.1.3/tools/dlc3.c:224:27: branch_true: ...to here
liblc3-1.1.3/tools/dlc3.c:237:12: branch_false: following ‘false’ branch...
liblc3-1.1.3/tools/dlc3.c:237:12: branch_false: ...to here
liblc3-1.1.3/tools/dlc3.c:241:31: branch_true: following ‘true’ branch...
liblc3-1.1.3/tools/dlc3.c:242:35: branch_true: ...to here
liblc3-1.1.3/tools/dlc3.c:241:31: branch_true: following ‘true’ branch...
liblc3-1.1.3/tools/dlc3.c:242:35: branch_true: ...to here
liblc3-1.1.3/tools/dlc3.c:241:31: branch_true: following ‘true’ branch...
liblc3-1.1.3/tools/dlc3.c:242:35: branch_true: ...to here
liblc3-1.1.3/tools/dlc3.c:245:27: danger: out-of-bounds read from byte 16 till byte 23 but ‘dec’ ends at byte 16
#  243|                       + (ich < block_bytes % nchannels);
#  244|   
#  245|->                 int res = lc3_decode(dec[ich], in_ptr, frame_bytes,
#  246|                       pcm_fmt, pcm + ich * pcm_sbytes, nchannels);
#  247|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
liblc3-1.1.3/tools/elc3.c:225:20: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc((long unsigned int)lc3_hr_encoder_size((_Bool)p$24,  frame_us,  srate_hz))’
liblc3-1.1.3/tools/elc3.c:147:5: enter_function: entry to ‘main’
liblc3-1.1.3/tools/elc3.c:151:27: call_function: calling ‘parse_args’ from ‘main’
liblc3-1.1.3/tools/elc3.c:151:27: return_function: returning to ‘main’ from ‘parse_args’
liblc3-1.1.3/tools/elc3.c:154:8: branch_false: following ‘false’ branch (when ‘<unknown>’ is NULL)...
liblc3-1.1.3/tools/elc3.c:157:8: branch_false: ...to here
liblc3-1.1.3/tools/elc3.c:157:8: branch_false: following ‘false’ branch (when ‘<unknown>’ is NULL)...
liblc3-1.1.3/tools/elc3.c:162:20: branch_false: ...to here
liblc3-1.1.3/tools/elc3.c:166:8: branch_false: following ‘false’ branch...
liblc3-1.1.3/tools/elc3.c:170:8: branch_false: ...to here
liblc3-1.1.3/tools/elc3.c:170:8: branch_false: following ‘false’ branch (when ‘<unknown> > 0’)...
liblc3-1.1.3/tools/elc3.c:173:10: branch_false: ...to here
liblc3-1.1.3/tools/elc3.c:173:8: branch_true: following ‘true’ branch...
liblc3-1.1.3/tools/elc3.c:173:10: branch_true: ...to here
liblc3-1.1.3/tools/elc3.c:173:9: branch_false: following ‘false’ branch...
liblc3-1.1.3/tools/elc3.c:176:10: branch_false: ...to here
liblc3-1.1.3/tools/elc3.c:179:8: branch_false: following ‘false’ branch...
liblc3-1.1.3/tools/elc3.c:182:8: branch_false: ...to here
liblc3-1.1.3/tools/elc3.c:186:8: branch_false: following ‘false’ branch...
liblc3-1.1.3/tools/elc3.c:189:8: branch_false: ...to here
liblc3-1.1.3/tools/elc3.c:189:8: branch_false: following ‘false’ branch (when ‘<unknown> == 0’)...
liblc3-1.1.3/tools/elc3.c:193:24: branch_false: ...to here
liblc3-1.1.3/tools/elc3.c:193:24: branch_false: following ‘false’ branch (when ‘<unknown> == 0’)...
liblc3-1.1.3/tools/elc3.c:193:9: branch_false: ...to here
liblc3-1.1.3/tools/elc3.c:194:9: branch_false: following ‘false’ branch (when ‘<unknown> == 0’)...
liblc3-1.1.3/tools/elc3.c:194:9: branch_false: ...to here
liblc3-1.1.3/tools/elc3.c:224:23: branch_true: following ‘true’ branch...
liblc3-1.1.3/tools/elc3.c:227:20: branch_true: ...to here
liblc3-1.1.3/tools/elc3.c:225:20: acquire_memory: allocated here
liblc3-1.1.3/tools/elc3.c:225:20: danger: ‘malloc((long unsigned int)lc3_hr_encoder_size((_Bool)p$24,  frame_us,  srate_hz))’ leaks here; was allocated at [(37)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/36)
#  223|   
#  224|       for (int ich = 0; ich < nchannels; ich++) {
#  225|->         enc[ich] = lc3_hr_setup_encoder(
#  226|               p.hrmode, frame_us, enc_srate_hz, srate_hz,
#  227|               malloc(lc3_hr_encoder_size(p.hrmode, frame_us, srate_hz)));

Error: CPPCHECK_WARNING (CWE-457): [#def9]
liblc3-1.1.3/tools/elc3.c:270: warning[uninitvar]: Uninitialized variable: out
#  268|           }
#  269|   
#  270|->         lc3bin_write_data(fp_out, out, block_bytes);
#  271|       }
#  272|
Scan Properties

analyzer-version-clippy	1.92.0
analyzer-version-cppcheck	2.19.1
analyzer-version-gcc	16.0.0
analyzer-version-gcc-analyzer	16.0.0
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-250.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	liblc3-1.1.3-6.fc44
store-results-to	/tmp/tmpfcn0h1oz/liblc3-1.1.3-6.fc44.tar.xz
time-created	2026-01-08 18:52:05
time-finished	2026-01-08 18:53:20
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpfcn0h1oz/liblc3-1.1.3-6.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpfcn0h1oz/liblc3-1.1.3-6.fc44.src.rpm'
tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9