Newly introduced findings

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1]
libnvme-1.16.1/src/nvme/cleanup.h:24:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘hkdf_info’
libnvme-1.16.1/src/nvme/linux.c:1451:7: enter_function: entry to ‘nvme_generate_tls_key_identity_compat’
libnvme-1.16.1/src/nvme/linux.c:1461:12: branch_false: following ‘false’ branch...
libnvme-1.16.1/src/nvme/linux.c:1466:20: branch_false: ...to here
libnvme-1.16.1/src/nvme/linux.c:1467:12: branch_false: following ‘false’ branch (when ‘identity’ is non-NULL)...
libnvme-1.16.1/src/nvme/linux.c:1472:15: branch_false: ...to here
libnvme-1.16.1/src/nvme/linux.c:1473:12: branch_false: following ‘false’ branch...
libnvme-1.16.1/src/nvme/linux.c:1478:9: branch_false: ...to here
libnvme-1.16.1/src/nvme/linux.c:1479:15: call_function: calling ‘derive_nvme_keys’ from ‘nvme_generate_tls_key_identity_compat’
#   22|   static inline void freep(void *p)
#   23|   {
#   24|-> 	free(*(void **)p);
#   25|   }
#   26|   #define _cleanup_free_ __cleanup__(freep)

Error: GCC_ANALYZER_WARNING (CWE-457): [#def2]
libnvme-1.16.1/src/nvme/linux.c:703:8: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘ctx’
libnvme-1.16.1/src/nvme/linux.c:1413:7: enter_function: entry to ‘nvme_generate_tls_key_identity’
libnvme-1.16.1/src/nvme/linux.c:1423:12: branch_false: following ‘false’ branch...
libnvme-1.16.1/src/nvme/linux.c:1428:20: branch_false: ...to here
libnvme-1.16.1/src/nvme/linux.c:1429:12: branch_false: following ‘false’ branch (when ‘identity’ is non-NULL)...
libnvme-1.16.1/src/nvme/linux.c:1434:15: branch_false: ...to here
libnvme-1.16.1/src/nvme/linux.c:1435:12: branch_false: following ‘false’ branch...
libnvme-1.16.1/src/nvme/linux.c:1440:9: branch_false: ...to here
libnvme-1.16.1/src/nvme/linux.c:1441:15: call_function: calling ‘derive_nvme_keys’ from ‘nvme_generate_tls_key_identity’
#  701|   }
#  702|   
#  703|-> static DEFINE_CLEANUP_FUNC(
#  704|   	cleanup_evp_pkey_ctx, EVP_PKEY_CTX *, EVP_PKEY_CTX_free)
#  705|   #define _cleanup_evp_pkey_ctx_ __cleanup__(cleanup_evp_pkey_ctx)

Error: CPPCHECK_WARNING (CWE-401): [#def3]
libnvme-1.16.1/src/nvme/linux.c:762: error[memleak]: Memory leak: hkdf_info
#  760|   	if (hmac == NVME_HMAC_ALG_NONE) {
#  761|   		memcpy(retained, configured, key_len);
#  762|-> 		return key_len;
#  763|   	}
#  764|   

Error: CPPCHECK_WARNING (CWE-401): [#def4]
libnvme-1.16.1/src/nvme/linux.c:768: error[memleak]: Memory leak: hkdf_info
#  766|   	if (!md || !hmac_len) {
#  767|   		errno = EINVAL;
#  768|-> 		return -1;
#  769|   	}
#  770|   

Error: CPPCHECK_WARNING (CWE-401): [#def5]
libnvme-1.16.1/src/nvme/linux.c:774: error[memleak]: Memory leak: hkdf_info
#  772|   	if (!ctx) {
#  773|   		errno = ENOMEM;
#  774|-> 		return -1;
#  775|   	}
#  776|   

Error: CPPCHECK_WARNING (CWE-401): [#def6]
libnvme-1.16.1/src/nvme/linux.c:779: error[memleak]: Memory leak: hkdf_info
#  777|   	if (EVP_PKEY_derive_init(ctx) <= 0) {
#  778|   		errno = ENOMEM;
#  779|-> 		return -1;
#  780|   	}
#  781|   	if (EVP_PKEY_CTX_set_hkdf_md(ctx, md) <= 0) {

Error: CPPCHECK_WARNING (CWE-401): [#def7]
libnvme-1.16.1/src/nvme/linux.c:783: error[memleak]: Memory leak: hkdf_info
#  781|   	if (EVP_PKEY_CTX_set_hkdf_md(ctx, md) <= 0) {
#  782|   		errno = ENOKEY;
#  783|-> 		return -1;
#  784|   	}
#  785|   	if (EVP_PKEY_CTX_set1_hkdf_key(ctx, configured, key_len) <= 0) {

Error: CPPCHECK_WARNING (CWE-401): [#def8]
libnvme-1.16.1/src/nvme/linux.c:787: error[memleak]: Memory leak: hkdf_info
#  785|   	if (EVP_PKEY_CTX_set1_hkdf_key(ctx, configured, key_len) <= 0) {
#  786|   		errno = ENOKEY;
#  787|-> 		return -1;
#  788|   	}
#  789|   

Error: CPPCHECK_WARNING (CWE-401): [#def9]
libnvme-1.16.1/src/nvme/linux.c:792: error[memleak]: Memory leak: hkdf_info
#  790|   	if (key_len > USHRT_MAX) {
#  791|   		errno = EINVAL;
#  792|-> 		return -1;
#  793|   	}
#  794|   	pos = (char *)hkdf_info;

Error: CPPCHECK_WARNING (CWE-401): [#def10]
libnvme-1.16.1/src/nvme/linux.c:949: error[memleak]: Memory leak: hkdf_info
#  947|   	if (!md || !hmac_len) {
#  948|   		errno = EINVAL;
#  949|-> 		return -1;
#  950|   	}
#  951|   

Error: CPPCHECK_WARNING (CWE-401): [#def11]
libnvme-1.16.1/src/nvme/linux.c:955: error[memleak]: Memory leak: hkdf_info
#  953|   	if (!ctx) {
#  954|   		errno = ENOMEM;
#  955|-> 		return -1;
#  956|   	}
#  957|   

Error: CPPCHECK_WARNING (CWE-401): [#def12]
libnvme-1.16.1/src/nvme/linux.c:960: error[memleak]: Memory leak: hkdf_info
#  958|   	if (EVP_PKEY_derive_init(ctx) <= 0) {
#  959|   		errno = ENOMEM;
#  960|-> 		return -1;
#  961|   	}
#  962|   	if (EVP_PKEY_CTX_set_hkdf_md(ctx, md) <= 0) {

Error: CPPCHECK_WARNING (CWE-401): [#def13]
libnvme-1.16.1/src/nvme/linux.c:964: error[memleak]: Memory leak: hkdf_info
#  962|   	if (EVP_PKEY_CTX_set_hkdf_md(ctx, md) <= 0) {
#  963|   		errno = ENOKEY;
#  964|-> 		return -1;
#  965|   	}
#  966|   	if (EVP_PKEY_CTX_set1_hkdf_key(ctx, retained, key_len) <= 0) {

Error: CPPCHECK_WARNING (CWE-401): [#def14]
libnvme-1.16.1/src/nvme/linux.c:968: error[memleak]: Memory leak: hkdf_info
#  966|   	if (EVP_PKEY_CTX_set1_hkdf_key(ctx, retained, key_len) <= 0) {
#  967|   		errno = ENOKEY;
#  968|-> 		return -1;
#  969|   	}
#  970|   

Error: CPPCHECK_WARNING (CWE-401): [#def15]
libnvme-1.16.1/src/nvme/linux.c:973: error[memleak]: Memory leak: hkdf_info
#  971|   	if (key_len > USHRT_MAX) {
#  972|   		errno = EINVAL;
#  973|-> 		return -1;
#  974|   	}
#  975|   	pos = (char *)hkdf_info;

Scan Properties

analyzer-version-clippy	1.92.0
analyzer-version-cppcheck	2.19.1
analyzer-version-gcc	16.0.0
analyzer-version-gcc-analyzer	16.0.0
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.92.0
diffbase-analyzer-version-cppcheck	2.19.1
diffbase-analyzer-version-gcc	16.0.0
diffbase-analyzer-version-gcc-analyzer	16.0.0
diffbase-analyzer-version-shellcheck	0.11.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-100.us-west-2.compute.internal
diffbase-known-false-positives	/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
diffbase-mock-config	fedora-rawhide-x86_64
diffbase-project-name	libnvme-1.15-4.fc43
diffbase-store-results-to	/tmp/tmp7480oip5/libnvme-1.15-4.fc43.tar.xz
diffbase-time-created	2026-01-08 18:58:46
diffbase-time-finished	2026-01-08 19:02:14
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmp7480oip5/libnvme-1.15-4.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp7480oip5/libnvme-1.15-4.fc43.src.rpm'
diffbase-tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-100.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	libnvme-1.16.1-1.fc44
store-results-to	/tmp/tmpuadqilg4/libnvme-1.16.1-1.fc44.tar.xz
time-created	2026-01-08 19:02:32
time-finished	2026-01-08 19:05:30
title	Newly introduced findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpuadqilg4/libnvme-1.16.1-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpuadqilg4/libnvme-1.16.1-1.fc44.src.rpm'
tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9