Error: COMPILER_WARNING (CWE-1164): [#def1] libsodium-1.0.21/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:503:1: warning[-Wunused-function]: 'ge25519_p3_to_precomp' defined but not used # 503 | ge25519_p3_to_precomp(ge25519_precomp *pi, const ge25519_p3 *p) # | ^~~~~~~~~~~~~~~~~~~~~ # 501| # 502| static void # 503|-> ge25519_p3_to_precomp(ge25519_precomp *pi, const ge25519_p3 *p) # 504| { # 505| fe25519 recip; Error: CPPCHECK_WARNING (CWE-758): [#def2] libsodium-1.0.21/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h:36: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 34| t[4] = f[4]; # 35| # 36|-> t[1] += t[0] >> 51; # 37| t[0] &= mask; # 38| t[2] += t[1] >> 51; Error: CPPCHECK_WARNING (CWE-758): [#def3] libsodium-1.0.21/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h:38: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 36| t[1] += t[0] >> 51; # 37| t[0] &= mask; # 38|-> t[2] += t[1] >> 51; # 39| t[1] &= mask; # 40| t[3] += t[2] >> 51; Error: CPPCHECK_WARNING (CWE-758): [#def4] libsodium-1.0.21/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h:40: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 38| t[2] += t[1] >> 51; # 39| t[1] &= mask; # 40|-> t[3] += t[2] >> 51; # 41| t[2] &= mask; # 42| t[4] += t[3] >> 51; Error: CPPCHECK_WARNING (CWE-758): [#def5] libsodium-1.0.21/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h:42: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 40| t[3] += t[2] >> 51; # 41| t[2] &= mask; # 42|-> t[4] += t[3] >> 51; # 43| t[3] &= mask; # 44| t[0] += 19 * (t[4] >> 51); Error: CPPCHECK_WARNING (CWE-758): [#def6] libsodium-1.0.21/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h:44: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 42| t[4] += t[3] >> 51; # 43| t[3] &= mask; # 44|-> t[0] += 19 * (t[4] >> 51); # 45| t[4] &= mask; # 46| Error: CPPCHECK_WARNING (CWE-758): [#def7] libsodium-1.0.21/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h:47: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 45| t[4] &= mask; # 46| # 47|-> t[1] += t[0] >> 51; # 48| t[0] &= mask; # 49| t[2] += t[1] >> 51; Error: CPPCHECK_WARNING (CWE-758): [#def8] libsodium-1.0.21/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h:49: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 47| t[1] += t[0] >> 51; # 48| t[0] &= mask; # 49|-> t[2] += t[1] >> 51; # 50| t[1] &= mask; # 51| t[3] += t[2] >> 51; Error: CPPCHECK_WARNING (CWE-758): [#def9] libsodium-1.0.21/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h:51: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 49| t[2] += t[1] >> 51; # 50| t[1] &= mask; # 51|-> t[3] += t[2] >> 51; # 52| t[2] &= mask; # 53| t[4] += t[3] >> 51; Error: CPPCHECK_WARNING (CWE-758): [#def10] libsodium-1.0.21/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h:53: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 51| t[3] += t[2] >> 51; # 52| t[2] &= mask; # 53|-> t[4] += t[3] >> 51; # 54| t[3] &= mask; # 55| t[0] += 19 * (t[4] >> 51); Error: CPPCHECK_WARNING (CWE-758): [#def11] libsodium-1.0.21/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h:55: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 53| t[4] += t[3] >> 51; # 54| t[3] &= mask; # 55|-> t[0] += 19 * (t[4] >> 51); # 56| t[4] &= mask; # 57| Error: CPPCHECK_WARNING (CWE-758): [#def12] libsodium-1.0.21/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h:63: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 61| t[0] += 19ULL; # 62| # 63|-> t[1] += t[0] >> 51; # 64| t[0] &= mask; # 65| t[2] += t[1] >> 51; Error: CPPCHECK_WARNING (CWE-758): [#def13] libsodium-1.0.21/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h:65: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 63| t[1] += t[0] >> 51; # 64| t[0] &= mask; # 65|-> t[2] += t[1] >> 51; # 66| t[1] &= mask; # 67| t[3] += t[2] >> 51; Error: CPPCHECK_WARNING (CWE-758): [#def14] libsodium-1.0.21/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h:67: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 65| t[2] += t[1] >> 51; # 66| t[1] &= mask; # 67|-> t[3] += t[2] >> 51; # 68| t[2] &= mask; # 69| t[4] += t[3] >> 51; Error: CPPCHECK_WARNING (CWE-758): [#def15] libsodium-1.0.21/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h:69: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 67| t[3] += t[2] >> 51; # 68| t[2] &= mask; # 69|-> t[4] += t[3] >> 51; # 70| t[3] &= mask; # 71| t[0] += 19ULL * (t[4] >> 51); Error: CPPCHECK_WARNING (CWE-758): [#def16] libsodium-1.0.21/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h:71: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 69| t[4] += t[3] >> 51; # 70| t[3] &= mask; # 71|-> t[0] += 19ULL * (t[4] >> 51); # 72| t[4] &= mask; # 73| Error: CPPCHECK_WARNING (CWE-758): [#def17] libsodium-1.0.21/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h:84: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 82| /* now between 2^255 and 2^256-20, and offset by 2^255. */ # 83| # 84|-> t[1] += t[0] >> 51; # 85| t[0] &= mask; # 86| t[2] += t[1] >> 51; Error: CPPCHECK_WARNING (CWE-758): [#def18] libsodium-1.0.21/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h:86: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 84| t[1] += t[0] >> 51; # 85| t[0] &= mask; # 86|-> t[2] += t[1] >> 51; # 87| t[1] &= mask; # 88| t[3] += t[2] >> 51; Error: CPPCHECK_WARNING (CWE-758): [#def19] libsodium-1.0.21/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h:88: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 86| t[2] += t[1] >> 51; # 87| t[1] &= mask; # 88|-> t[3] += t[2] >> 51; # 89| t[2] &= mask; # 90| t[4] += t[3] >> 51; Error: CPPCHECK_WARNING (CWE-758): [#def20] libsodium-1.0.21/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h:90: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 88| t[3] += t[2] >> 51; # 89| t[2] &= mask; # 90|-> t[4] += t[3] >> 51; # 91| t[3] &= mask; # 92| t[4] &= mask; Error: CPPCHECK_WARNING (CWE-758): [#def21] libsodium-1.0.21/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:65: error[shiftTooManyBits]: Shifting 32-bit value by 64 bits is undefined behaviour # 63| { # 64| #ifdef HAVE_TI_MODE # 65|-> uint128_t t = ((uint128_t) S->t[1] << 64) | S->t[0]; # 66| t += inc; # 67| S->t[0] = (uint64_t)(t >> 0); Error: CPPCHECK_WARNING (CWE-758): [#def22] libsodium-1.0.21/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:68: error[shiftTooManyBits]: Shifting 32-bit value by 64 bits is undefined behaviour # 66| t += inc; # 67| S->t[0] = (uint64_t)(t >> 0); # 68|-> S->t[1] = (uint64_t)(t >> 64); # 69| #else # 70| S->t[0] += inc; Error: CPPCHECK_WARNING (CWE-758): [#def23] libsodium-1.0.21/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h:113: error[shiftTooManyBits]: Shifting 32-bit value by 44 bits is undefined behaviour # 111| # 112| /* (partial) h %= p */ # 113|-> c = SHR(d0, 44); # 114| h0 = LO(d0) & 0xfffffffffff; # 115| ADDLO(d1, c); Error: CPPCHECK_WARNING (CWE-758): [#def24] libsodium-1.0.21/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h:116: error[shiftTooManyBits]: Shifting 32-bit value by 44 bits is undefined behaviour # 114| h0 = LO(d0) & 0xfffffffffff; # 115| ADDLO(d1, c); # 116|-> c = SHR(d1, 44); # 117| h1 = LO(d1) & 0xfffffffffff; # 118| ADDLO(d2, c); Error: CPPCHECK_WARNING (CWE-758): [#def25] libsodium-1.0.21/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h:119: error[shiftTooManyBits]: Shifting 32-bit value by 42 bits is undefined behaviour # 117| h1 = LO(d1) & 0xfffffffffff; # 118| ADDLO(d2, c); # 119|-> c = SHR(d2, 42); # 120| h2 = LO(d2) & 0x3ffffffffff; # 121| h0 += c * 5; Error: CPPCHECK_WARNING (CWE-758): [#def26] libsodium-1.0.21/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:169: error[shiftTooManyBits]: Shifting 32-bit value by 44 bits is undefined behaviour # 167| # 168| rt0 = (uint64_t) d[0] & 0xfffffffffff; # 169|-> c = (uint64_t)(d[0] >> 44); # 170| d[1] += c; # 171| Error: CPPCHECK_WARNING (CWE-758): [#def27] libsodium-1.0.21/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:173: error[shiftTooManyBits]: Shifting 32-bit value by 44 bits is undefined behaviour # 171| # 172| rt1 = (uint64_t) d[1] & 0xfffffffffff; # 173|-> c = (uint64_t)(d[1] >> 44); # 174| d[2] += c; # 175| Error: CPPCHECK_WARNING (CWE-758): [#def28] libsodium-1.0.21/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:177: error[shiftTooManyBits]: Shifting 32-bit value by 42 bits is undefined behaviour # 175| # 176| rt2 = (uint64_t) d[2] & 0x3ffffffffff; # 177|-> c = (uint64_t)(d[2] >> 42); # 178| rt0 += c * 5; # 179| c = (rt0 >> 44); Error: COMPILER_WARNING (CWE-1164): [#def29] libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2-core.c:31: included_from: Included from here. libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2-core.h:139:17: warning[-Wunused-function]: 'index_alpha' defined but not used # 139 | static uint32_t index_alpha(const argon2_instance_t *instance, # | ^~~~~~~~~~~ # 137| * @pre All pointers must be valid # 138| */ # 139|-> static uint32_t index_alpha(const argon2_instance_t *instance, # 140| const argon2_position_t *position, uint32_t pseudo_rand, # 141| int same_lane) Error: GCC_ANALYZER_WARNING (CWE-401): [#def30] libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:31:32: warning[-Wanalyzer-malloc-leak]: leak of 'out' libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:197:1: enter_function: entry to 'argon2id_hash_raw' libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:202:12: call_function: calling 'argon2_hash' from 'argon2id_hash_raw' # 29| { # 30| /* 1. Validate all inputs */ # 31|-> int result = argon2_validate_inputs(context); # 32| uint32_t memory_blocks, segment_length; # 33| uint32_t pass; Error: GCC_ANALYZER_WARNING (CWE-401): [#def31] libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:98:9: warning[-Wanalyzer-malloc-leak]: leak of 'out' libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:207:1: enter_function: entry to 'argon2_verify' libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:225:8: branch_false: following 'false' branch (when 'encoded_len <= 4294967295')... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:228:19: branch_false: ...to here libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:235:8: branch_false: following 'false' branch... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:241:23: acquire_memory: allocated here libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:242:8: branch_false: following 'false' branch (when 'out' is non-NULL)... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:249:21: branch_false: ...to here libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:250:8: branch_false: following 'false' branch... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:259:51: branch_false: ...to here libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:258:11: call_function: calling 'argon2_hash' from 'argon2_verify' # 96| # 97| if (hash != NULL) { # 98|-> randombytes_buf(hash, hashlen); # 99| } # 100| Error: GCC_ANALYZER_WARNING (CWE-401): [#def32] libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:249:21: warning[-Wanalyzer-malloc-leak]: leak of 'ctx.ad' libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:225:8: branch_false: following 'false' branch (when 'encoded_len <= 4294967295')... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:228:19: branch_false: ...to here libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:232:28: acquire_memory: allocated here libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:235:8: branch_false: following 'false' branch... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:235:9: branch_false: following 'false' branch... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:241:23: branch_false: ...to here libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:242:8: branch_false: following 'false' branch (when 'out' is non-NULL)... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:249:21: branch_false: ...to here libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:249:21: throw: if 'argon2_decode_string' throws an exception... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:249:21: danger: 'ctx.ad' leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2) # 247| } # 248| # 249|-> decode_result = argon2_decode_string(&ctx, encoded, type); # 250| if (decode_result != ARGON2_OK) { # 251| free(ctx.ad); Error: GCC_ANALYZER_WARNING (CWE-401): [#def33] libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:249:21: warning[-Wanalyzer-malloc-leak]: leak of 'ctx.out' libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:225:8: branch_false: following 'false' branch (when 'encoded_len <= 4294967295')... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:228:19: branch_false: ...to here libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:234:28: acquire_memory: allocated here libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:235:8: branch_false: following 'false' branch... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:242:8: branch_false: following 'false' branch (when 'out' is non-NULL)... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:249:21: branch_false: ...to here libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:249:21: throw: if 'argon2_decode_string' throws an exception... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:249:21: danger: 'ctx.out' leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2) # 247| } # 248| # 249|-> decode_result = argon2_decode_string(&ctx, encoded, type); # 250| if (decode_result != ARGON2_OK) { # 251| free(ctx.ad); Error: GCC_ANALYZER_WARNING (CWE-401): [#def34] libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:249:21: warning[-Wanalyzer-malloc-leak]: leak of 'ctx.salt' libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:225:8: branch_false: following 'false' branch (when 'encoded_len <= 4294967295')... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:228:19: branch_false: ...to here libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:233:28: acquire_memory: allocated here libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:235:8: branch_false: following 'false' branch... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:235:9: branch_false: ...to here libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:235:9: branch_false: following 'false' branch... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:242:8: branch_false: following 'false' branch (when 'out' is non-NULL)... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:249:21: branch_false: ...to here libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:249:21: throw: if 'argon2_decode_string' throws an exception... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:249:21: danger: 'ctx.salt' leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2) # 247| } # 248| # 249|-> decode_result = argon2_decode_string(&ctx, encoded, type); # 250| if (decode_result != ARGON2_OK) { # 251| free(ctx.ad); Error: GCC_ANALYZER_WARNING (CWE-401): [#def35] libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:249:21: warning[-Wanalyzer-malloc-leak]: leak of 'out' libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:225:8: branch_false: following 'false' branch (when 'encoded_len <= 4294967295')... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:228:19: branch_false: ...to here libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:235:8: branch_false: following 'false' branch... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:241:23: acquire_memory: allocated here libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:242:8: branch_false: following 'false' branch (when 'out' is non-NULL)... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:249:21: branch_false: ...to here libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:249:21: throw: if 'argon2_decode_string' throws an exception... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/argon2.c:249:21: danger: 'out' leaks here; was allocated at [(5)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/4) # 247| } # 248| # 249|-> decode_result = argon2_decode_string(&ctx, encoded, type); # 250| if (decode_result != ARGON2_OK) { # 251| free(ctx.ad); Error: GCC_ANALYZER_WARNING (CWE-401): [#def36] libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c:268:9: warning[-Wanalyzer-malloc-leak]: leak of 'fodder' libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c:255:8: branch_false: following 'false' branch... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c:261:37: acquire_memory: allocated here libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c:261:8: branch_false: following 'false' branch (when 'fodder' is non-NULL)... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c:264:34: branch_false: ...to here libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c:268:9: throw: if 'argon2_decode_string' throws an exception... libsodium-1.0.21/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c:268:9: danger: 'fodder' leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) # 266| ctx.ad = ctx.secret = NULL; # 267| ctx.adlen = ctx.secretlen = 0U; # 268|-> if (argon2_decode_string(&ctx, str, type) != 0) { # 269| errno = EINVAL; # 270| ret = -1; Error: COMPILER_WARNING (CWE-1164): [#def37] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:109:1: warning[-Wunused-function]: 'fe25519_cmov' defined but not used # 109 | fe25519_cmov(fe25519 f, const fe25519 g, unsigned int b) # | ^~~~~~~~~~~~ # 107| # 108| static void # 109|-> fe25519_cmov(fe25519 f, const fe25519 g, unsigned int b) # 110| { # 111| const uint64_t mask = (uint64_t) (-(int64_t) b); Error: COMPILER_WARNING (CWE-1164): [#def38] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:146:1: warning[-Wunused-function]: 'fe25519_cswap' defined but not used # 146 | fe25519_cswap(fe25519 f, fe25519 g, unsigned int b) # | ^~~~~~~~~~~~~ # 144| # 145| static void # 146|-> fe25519_cswap(fe25519 f, fe25519 g, unsigned int b) # 147| { # 148| const uint64_t mask = (uint64_t) (-(int64_t) b); Error: COMPILER_WARNING (CWE-1164): [#def39] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:233:1: warning[-Wunused-function]: 'fe25519_mul' defined but not used # 233 | fe25519_mul(fe25519 h, const fe25519 f, const fe25519 g) # | ^~~~~~~~~~~ # 231| # 232| static void # 233|-> fe25519_mul(fe25519 h, const fe25519 f, const fe25519 g) # 234| { # 235| const uint64_t mask = 0x7ffffffffffffULL; Error: CPPCHECK_WARNING (CWE-758): [#def40] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:290: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 288| # 289| r00 = ((uint64_t) r0) & mask; # 290|-> carry = r0 >> 51; # 291| r1 += carry; # 292| r01 = ((uint64_t) r1) & mask; Error: CPPCHECK_WARNING (CWE-758): [#def41] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:293: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 291| r1 += carry; # 292| r01 = ((uint64_t) r1) & mask; # 293|-> carry = r1 >> 51; # 294| r2 += carry; # 295| r02 = ((uint64_t) r2) & mask; Error: CPPCHECK_WARNING (CWE-758): [#def42] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:296: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 294| r2 += carry; # 295| r02 = ((uint64_t) r2) & mask; # 296|-> carry = r2 >> 51; # 297| r3 += carry; # 298| r03 = ((uint64_t) r3) & mask; Error: CPPCHECK_WARNING (CWE-758): [#def43] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:299: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 297| r3 += carry; # 298| r03 = ((uint64_t) r3) & mask; # 299|-> carry = r3 >> 51; # 300| r4 += carry; # 301| r04 = ((uint64_t) r4) & mask; Error: CPPCHECK_WARNING (CWE-758): [#def44] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:302: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 300| r4 += carry; # 301| r04 = ((uint64_t) r4) & mask; # 302|-> carry = r4 >> 51; # 303| r00 += 19ULL * (uint64_t) carry; # 304| carry = r00 >> 51; Error: COMPILER_WARNING (CWE-1164): [#def45] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:324:1: warning[-Wunused-function]: 'fe25519_sq' defined but not used # 324 | fe25519_sq(fe25519 h, const fe25519 f) # | ^~~~~~~~~~ # 322| # 323| static void # 324|-> fe25519_sq(fe25519 h, const fe25519 f) # 325| { # 326| const uint64_t mask = 0x7ffffffffffffULL; Error: CPPCHECK_WARNING (CWE-758): [#def46] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:369: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 367| # 368| r00 = ((uint64_t) r0) & mask; # 369|-> carry = r0 >> 51; # 370| r1 += carry; # 371| r01 = ((uint64_t) r1) & mask; Error: CPPCHECK_WARNING (CWE-758): [#def47] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:372: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 370| r1 += carry; # 371| r01 = ((uint64_t) r1) & mask; # 372|-> carry = r1 >> 51; # 373| r2 += carry; # 374| r02 = ((uint64_t) r2) & mask; Error: CPPCHECK_WARNING (CWE-758): [#def48] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:375: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 373| r2 += carry; # 374| r02 = ((uint64_t) r2) & mask; # 375|-> carry = r2 >> 51; # 376| r3 += carry; # 377| r03 = ((uint64_t) r3) & mask; Error: CPPCHECK_WARNING (CWE-758): [#def49] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:378: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 376| r3 += carry; # 377| r03 = ((uint64_t) r3) & mask; # 378|-> carry = r3 >> 51; # 379| r4 += carry; # 380| r04 = ((uint64_t) r4) & mask; Error: CPPCHECK_WARNING (CWE-758): [#def50] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:381: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 379| r4 += carry; # 380| r04 = ((uint64_t) r4) & mask; # 381|-> carry = r4 >> 51; # 382| r00 += 19ULL * (uint64_t) carry; # 383| carry = r00 >> 51; Error: COMPILER_WARNING (CWE-1164): [#def51] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10.h:23: included_from: Included from here. libsodium-1.0.21/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c:9: included_from: Included from here. libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:403:1: warning[-Wunused-function]: 'fe25519_sq2' defined but not used # 403 | fe25519_sq2(fe25519 h, const fe25519 f) # | ^~~~~~~~~~~ # 401| # 402| static void # 403|-> fe25519_sq2(fe25519 h, const fe25519 f) # 404| { # 405| const uint64_t mask = 0x7ffffffffffffULL; Error: CPPCHECK_WARNING (CWE-758): [#def52] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:454: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 452| # 453| r00 = ((uint64_t) r0) & mask; # 454|-> carry = r0 >> 51; # 455| r1 += carry; # 456| r01 = ((uint64_t) r1) & mask; Error: CPPCHECK_WARNING (CWE-758): [#def53] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:457: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 455| r1 += carry; # 456| r01 = ((uint64_t) r1) & mask; # 457|-> carry = r1 >> 51; # 458| r2 += carry; # 459| r02 = ((uint64_t) r2) & mask; Error: CPPCHECK_WARNING (CWE-758): [#def54] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:460: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 458| r2 += carry; # 459| r02 = ((uint64_t) r2) & mask; # 460|-> carry = r2 >> 51; # 461| r3 += carry; # 462| r03 = ((uint64_t) r3) & mask; Error: CPPCHECK_WARNING (CWE-758): [#def55] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:463: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 461| r3 += carry; # 462| r03 = ((uint64_t) r3) & mask; # 463|-> carry = r3 >> 51; # 464| r4 += carry; # 465| r04 = ((uint64_t) r4) & mask; Error: CPPCHECK_WARNING (CWE-758): [#def56] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:466: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 464| r4 += carry; # 465| r04 = ((uint64_t) r4) & mask; # 466|-> carry = r4 >> 51; # 467| r00 += 19ULL * (uint64_t) carry; # 468| carry = r00 >> 51; Error: CPPCHECK_WARNING (CWE-758): [#def57] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:492: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 490| a = f[0] * sn; # 491| h0 = ((uint64_t) a) & mask; # 492|-> a = f[1] * sn + ((uint64_t) (a >> 51)); # 493| h1 = ((uint64_t) a) & mask; # 494| a = f[2] * sn + ((uint64_t) (a >> 51)); Error: CPPCHECK_WARNING (CWE-758): [#def58] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:494: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 492| a = f[1] * sn + ((uint64_t) (a >> 51)); # 493| h1 = ((uint64_t) a) & mask; # 494|-> a = f[2] * sn + ((uint64_t) (a >> 51)); # 495| h2 = ((uint64_t) a) & mask; # 496| a = f[3] * sn + ((uint64_t) (a >> 51)); Error: CPPCHECK_WARNING (CWE-758): [#def59] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:496: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 494| a = f[2] * sn + ((uint64_t) (a >> 51)); # 495| h2 = ((uint64_t) a) & mask; # 496|-> a = f[3] * sn + ((uint64_t) (a >> 51)); # 497| h3 = ((uint64_t) a) & mask; # 498| a = f[4] * sn + ((uint64_t) (a >> 51)); Error: CPPCHECK_WARNING (CWE-758): [#def60] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:498: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 496| a = f[3] * sn + ((uint64_t) (a >> 51)); # 497| h3 = ((uint64_t) a) & mask; # 498|-> a = f[4] * sn + ((uint64_t) (a >> 51)); # 499| h4 = ((uint64_t) a) & mask; # 500| Error: CPPCHECK_WARNING (CWE-758): [#def61] libsodium-1.0.21/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:501: error[shiftTooManyBits]: Shifting 32-bit value by 51 bits is undefined behaviour # 499| h4 = ((uint64_t) a) & mask; # 500| # 501|-> h0 += (a >> 51) * 19ULL; # 502| # 503| h[0] = h0; Error: GCC_ANALYZER_WARNING (CWE-775): [#def62] libsodium-1.0.21/src/libsodium/randombytes/internal/randombytes_internal_random.c:276:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pfd.fd' libsodium-1.0.21/src/libsodium/randombytes/internal/randombytes_internal_random.c:354:1: enter_function: entry to 'randombytes_internal_random_init' libsodium-1.0.21/src/libsodium/randombytes/internal/randombytes_internal_random.c:366:13: call_function: calling 'randombytes_getentropy' from 'randombytes_internal_random_init' libsodium-1.0.21/src/libsodium/randombytes/internal/randombytes_internal_random.c:366:13: return_function: returning to 'randombytes_internal_random_init' from 'randombytes_getentropy' libsodium-1.0.21/src/libsodium/randombytes/internal/randombytes_internal_random.c:366:12: branch_false: following 'false' branch... libsodium-1.0.21/src/libsodium/randombytes/internal/randombytes_internal_random.c:397:1: branch_false: ...to here libsodium-1.0.21/src/libsodium/randombytes/internal/randombytes_internal_random.c:385:5: branch_true: following 'true' branch... libsodium-1.0.21/src/libsodium/randombytes/internal/randombytes_internal_random.c:387:10: branch_true: ...to here libsodium-1.0.21/src/libsodium/randombytes/internal/randombytes_internal_random.c:387:10: call_function: calling 'randombytes_internal_random_random_dev_open' from 'randombytes_internal_random_init' # 274| pfd.revents = 0; # 275| do { # 276|-> pret = poll(&pfd, 1, -1); # 277| } while (pret < 0 && (errno == EINTR || errno == EAGAIN)); # 278| if (pret != 1) { Error: COMPILER_WARNING (CWE-1164): [#def63] libsodium-1.0.21/src/libsodium/randombytes/internal/randombytes_internal_random.c:328:1: warning[-Wunused-function]: 'safe_read' defined but not used # 328 | safe_read(const int fd, void * const buf_, size_t size) # | ^~~~~~~~~ # 326| # 327| static ssize_t # 328|-> safe_read(const int fd, void * const buf_, size_t size) # 329| { # 330| unsigned char *buf = (unsigned char *) buf_; Error: GCC_ANALYZER_WARNING (CWE-775): [#def64] libsodium-1.0.21/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c:166:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'pfd.fd' libsodium-1.0.21/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c:295:1: enter_function: entry to 'randombytes_sysrandom_stir' libsodium-1.0.21/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c:298:9: call_function: calling 'randombytes_sysrandom_init' from 'randombytes_sysrandom_stir' # 164| pfd.revents = 0; # 165| do { # 166|-> pret = poll(&pfd, 1, -1); # 167| } while (pret < 0 && (errno == EINTR || errno == EAGAIN)); # 168| if (pret != 1) { Error: CPPCHECK_WARNING (CWE-190): [#def65] libsodium-1.0.21/src/libsodium/sodium/codecs.c:123: error[integerOverflow]: Signed integer overflow for expression ''0'-52'. # 121| return (LT(x, 26) & (x + 'A')) | # 122| (GE(x, 26) & LT(x, 52) & (x + ('a' - 26))) | # 123|-> (GE(x, 52) & LT(x, 62) & (x + ('0' - 52))) | (EQ(x, 62) & '+') | # 124| (EQ(x, 63) & '/'); # 125| } Error: CPPCHECK_WARNING (CWE-190): [#def66] libsodium-1.0.21/src/libsodium/sodium/codecs.c:144: error[integerOverflow]: Signed integer overflow for expression ''0'-52'. # 142| return (LT(x, 26) & (x + 'A')) | # 143| (GE(x, 26) & LT(x, 52) & (x + ('a' - 26))) | # 144|-> (GE(x, 52) & LT(x, 62) & (x + ('0' - 52))) | (EQ(x, 62) & '-') | # 145| (EQ(x, 63) & '_'); # 146| } Error: GCC_ANALYZER_WARNING (CWE-457): [#def67] libsodium-1.0.21/src/libsodium/sodium/codecs.c:464:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'colonp' libsodium-1.0.21/src/libsodium/sodium/codecs.c:384:1: enter_function: entry to 'parse_ipv6' libsodium-1.0.21/src/libsodium/sodium/codecs.c:398:8: branch_false: following 'false' branch... libsodium-1.0.21/src/libsodium/sodium/codecs.c:402:12: branch_false: following 'false' branch... libsodium-1.0.21/src/libsodium/sodium/codecs.c:408:12: branch_true: following 'true' branch (when 'p < end')... libsodium-1.0.21/src/libsodium/sodium/codecs.c:409:14: branch_true: ...to here libsodium-1.0.21/src/libsodium/sodium/codecs.c:411:12: branch_false: following 'false' branch (when 'ch != 58')... libsodium-1.0.21/src/libsodium/sodium/codecs.c:434:12: branch_false: ...to here libsodium-1.0.21/src/libsodium/sodium/codecs.c:434:12: branch_false: following 'false' branch (when 'ch != 46')... libsodium-1.0.21/src/libsodium/sodium/codecs.c:442:14: call_function: inlined call to 'ip_hex_digit' from 'parse_ipv6' libsodium-1.0.21/src/libsodium/sodium/codecs.c:443:12: branch_false: following 'false' branch... libsodium-1.0.21/src/libsodium/sodium/codecs.c:446:22: branch_false: ...to here libsodium-1.0.21/src/libsodium/sodium/codecs.c:451:8: branch_true: following 'true' branch (when 'saw_xdigit != 0')... libsodium-1.0.21/src/libsodium/sodium/codecs.c:452:13: branch_true: ...to here libsodium-1.0.21/src/libsodium/sodium/codecs.c:452:12: branch_false: following 'false' branch... libsodium-1.0.21/src/libsodium/sodium/codecs.c:455:33: branch_false: ...to here libsodium-1.0.21/src/libsodium/sodium/codecs.c:458:8: branch_true: following 'true' branch (when 'colonp' is non-NULL)... libsodium-1.0.21/src/libsodium/sodium/codecs.c:459:29: branch_true: ...to here libsodium-1.0.21/src/libsodium/sodium/codecs.c:461:12: branch_false: following 'false' branch... libsodium-1.0.21/src/libsodium/sodium/codecs.c:461:12: branch_false: ...to here libsodium-1.0.21/src/libsodium/sodium/codecs.c:464:9: danger: use of uninitialized value 'colonp' here # 462| return 0; # 463| } # 464|-> memmove(endp - n, colonp, n); # 465| memset(colonp, 0, (size_t) (endp - n - colonp)); # 466| tp = endp;
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-133.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | libsodium-1.0.21-2.fc44 |
| store-results-to | /tmp/tmpsy9r_am2/libsodium-1.0.21-2.fc44.tar.xz |
| time-created | 2026-01-08 19:15:44 |
| time-finished | 2026-01-08 19:22:24 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpsy9r_am2/libsodium-1.0.21-2.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpsy9r_am2/libsodium-1.0.21-2.fc44.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |