Error: GCC_ANALYZER_WARNING (CWE-404): [#def1] libsolv-0.7.35/src/pool.c:337:22: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ libsolv-0.7.35/src/pool.c:331:6: branch_false: following ‘false’ branch (when ‘pool’ is non-NULL)... libsolv-0.7.35/src/pool.c:333:3: branch_false: ...to here libsolv-0.7.35/src/pool.c:333:3: acquire_resource: ‘va_start’ called here libsolv-0.7.35/src/pool.c:334:6: branch_true: following ‘true’ branch... libsolv-0.7.35/src/pool.c:336:7: branch_true: ...to here libsolv-0.7.35/src/pool.c:337:22: throw: if ‘solv_malloc’ throws an exception... libsolv-0.7.35/src/pool.c:337:22: danger: missing call to ‘va_end’ to match ‘va_start’ at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) # 335| { # 336| pool->errstra = 1024; # 337|-> pool->errstr = solv_malloc(pool->errstra); # 338| } # 339| if (!*format) Error: GCC_ANALYZER_WARNING (CWE-688): [#def2] libsolv-0.7.35/src/pool.c:531:7: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected libsolv-0.7.35/src/pool.c:521:1: enter_function: entry to ‘pool_tmpjoin’ libsolv-0.7.35/src/pool.c:525:3: branch_true: following ‘true’ branch (when ‘str1’ is non-NULL)... libsolv-0.7.35/src/pool.c:525:15: branch_true: ...to here libsolv-0.7.35/src/pool.c:526:3: branch_false: following ‘false’ branch (when ‘str2’ is NULL)... libsolv-0.7.35/src/pool.c:527:3: branch_false: ...to here libsolv-0.7.35/src/pool.c:527:3: branch_false: following ‘false’ branch (when ‘str3’ is NULL)... libsolv-0.7.35/src/pool.c:528:38: branch_false: ...to here libsolv-0.7.35/src/pool.c:528:13: call_function: calling ‘pool_alloctmpspace’ from ‘pool_tmpjoin’ libsolv-0.7.35/src/pool.c:528:13: return_function: returning to ‘pool_tmpjoin’ from ‘pool_alloctmpspace’ libsolv-0.7.35/src/pool.c:529:6: branch_true: following ‘true’ branch (when ‘l1 != 0’)... libsolv-0.7.35/src/pool.c:531:7: branch_true: ...to here libsolv-0.7.35/src/pool.c:531:7: danger: argument 1 (‘pool_alloctmpspace(pool, l1 + l2 + l3 + 1)’) NULL where non-null expected # 529| if (l1) # 530| { # 531|-> strcpy(s, str1); # 532| s += l1; # 533| } Error: GCC_ANALYZER_WARNING (CWE-688): [#def3] libsolv-0.7.35/src/pool.c:536:7: warning[-Wanalyzer-null-argument]: use of NULL ‘s’ where non-null expected libsolv-0.7.35/src/pool.c:521:1: enter_function: entry to ‘pool_tmpjoin’ libsolv-0.7.35/src/pool.c:525:3: branch_false: following ‘false’ branch (when ‘str1’ is NULL)... libsolv-0.7.35/src/pool.c:526:3: branch_false: ...to here libsolv-0.7.35/src/pool.c:526:3: branch_true: following ‘true’ branch (when ‘str2’ is non-NULL)... libsolv-0.7.35/src/pool.c:526:15: branch_true: ...to here libsolv-0.7.35/src/pool.c:527:3: branch_false: following ‘false’ branch (when ‘str3’ is NULL)... libsolv-0.7.35/src/pool.c:528:38: branch_false: ...to here libsolv-0.7.35/src/pool.c:528:13: call_function: calling ‘pool_alloctmpspace’ from ‘pool_tmpjoin’ libsolv-0.7.35/src/pool.c:528:13: return_function: returning to ‘pool_tmpjoin’ from ‘pool_alloctmpspace’ libsolv-0.7.35/src/pool.c:529:6: branch_false: following ‘false’ branch (when ‘l1 == 0’)... libsolv-0.7.35/src/pool.c:534:6: branch_false: ...to here libsolv-0.7.35/src/pool.c:534:6: branch_true: following ‘true’ branch (when ‘l2 != 0’)... libsolv-0.7.35/src/pool.c:536:7: branch_true: ...to here libsolv-0.7.35/src/pool.c:536:7: danger: argument 1 (‘s’) NULL where non-null expected # 534| if (l2) # 535| { # 536|-> strcpy(s, str2); # 537| s += l2; # 538| } Error: GCC_ANALYZER_WARNING (CWE-688): [#def4] libsolv-0.7.35/src/pool.c:566:9: warning[-Wanalyzer-null-argument]: use of NULL ‘str’ where non-null expected libsolv-0.7.35/src/pool.c:549:1: enter_function: entry to ‘pool_tmpappend’ libsolv-0.7.35/src/pool.c:554:3: branch_true: following ‘true’ branch (when ‘str1’ is non-NULL)... libsolv-0.7.35/src/pool.c:554:15: branch_true: ...to here libsolv-0.7.35/src/pool.c:555:3: branch_false: following ‘false’ branch (when ‘str2’ is NULL)... libsolv-0.7.35/src/pool.c:556:3: branch_false: ...to here libsolv-0.7.35/src/pool.c:556:3: branch_false: following ‘false’ branch (when ‘str3’ is NULL)... libsolv-0.7.35/src/pool.c:557:45: branch_false: ...to here libsolv-0.7.35/src/pool.c:557:9: call_function: calling ‘pool_alloctmpspace_free’ from ‘pool_tmpappend’ libsolv-0.7.35/src/pool.c:557:9: return_function: returning to ‘pool_tmpappend’ from ‘pool_alloctmpspace_free’ libsolv-0.7.35/src/pool.c:558:6: branch_false: following ‘false’ branch... libsolv-0.7.35/src/pool.c:561:11: branch_false: ...to here libsolv-0.7.35/src/pool.c:561:11: call_function: calling ‘pool_alloctmpspace’ from ‘pool_tmpappend’ libsolv-0.7.35/src/pool.c:561:11: return_function: returning to ‘pool_tmpappend’ from ‘pool_alloctmpspace’ libsolv-0.7.35/src/pool.c:563:6: branch_true: following ‘true’ branch (when ‘l1 != 0’)... libsolv-0.7.35/src/pool.c:565:10: branch_true: ...to here libsolv-0.7.35/src/pool.c:565:10: branch_true: following ‘true’ branch (when ‘str1 != str’)... libsolv-0.7.35/src/pool.c:566:9: branch_true: ...to here libsolv-0.7.35/src/pool.c:566:9: danger: argument 1 (‘str’) NULL where non-null expected # 564| { # 565| if (s != str1) # 566|-> strcpy(s, str1); # 567| s += l1; # 568| } Error: GCC_ANALYZER_WARNING (CWE-688): [#def5] libsolv-0.7.35/src/pool.c:571:7: warning[-Wanalyzer-null-argument]: use of NULL ‘s’ where non-null expected libsolv-0.7.35/src/pool.c:549:1: enter_function: entry to ‘pool_tmpappend’ libsolv-0.7.35/src/pool.c:554:3: branch_false: following ‘false’ branch (when ‘str1’ is NULL)... libsolv-0.7.35/src/pool.c:555:3: branch_false: ...to here libsolv-0.7.35/src/pool.c:555:3: branch_true: following ‘true’ branch (when ‘str2’ is non-NULL)... libsolv-0.7.35/src/pool.c:555:15: branch_true: ...to here libsolv-0.7.35/src/pool.c:556:3: branch_false: following ‘false’ branch (when ‘str3’ is NULL)... libsolv-0.7.35/src/pool.c:557:45: branch_false: ...to here libsolv-0.7.35/src/pool.c:557:9: call_function: calling ‘pool_alloctmpspace_free’ from ‘pool_tmpappend’ libsolv-0.7.35/src/pool.c:557:9: return_function: returning to ‘pool_tmpappend’ from ‘pool_alloctmpspace_free’ libsolv-0.7.35/src/pool.c:558:6: branch_false: following ‘false’ branch... libsolv-0.7.35/src/pool.c:561:11: branch_false: ...to here libsolv-0.7.35/src/pool.c:561:11: call_function: calling ‘pool_alloctmpspace’ from ‘pool_tmpappend’ libsolv-0.7.35/src/pool.c:561:11: return_function: returning to ‘pool_tmpappend’ from ‘pool_alloctmpspace’ libsolv-0.7.35/src/pool.c:563:6: branch_false: following ‘false’ branch (when ‘l1 == 0’)... libsolv-0.7.35/src/pool.c:569:6: branch_false: ...to here libsolv-0.7.35/src/pool.c:569:6: branch_true: following ‘true’ branch (when ‘l2 != 0’)... libsolv-0.7.35/src/pool.c:571:7: branch_true: ...to here libsolv-0.7.35/src/pool.c:571:7: danger: argument 1 (‘s’) NULL where non-null expected # 569| if (l2) # 570| { # 571|-> strcpy(s, str2); # 572| s += l2; # 573| }
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.92.0 |
| diffbase-analyzer-version-cppcheck | 2.19.1 |
| diffbase-analyzer-version-gcc | 16.0.0 |
| diffbase-analyzer-version-gcc-analyzer | 16.0.0 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-38.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | libsolv-0.7.34-5.fc43 |
| diffbase-store-results-to | /tmp/tmpgevxk7x7/libsolv-0.7.34-5.fc43.tar.xz |
| diffbase-time-created | 2026-01-08 19:08:33 |
| diffbase-time-finished | 2026-01-08 19:11:33 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpgevxk7x7/libsolv-0.7.34-5.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpgevxk7x7/libsolv-0.7.34-5.fc43.src.rpm' |
| diffbase-tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-38.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | libsolv-0.7.35-3.fc44 |
| store-results-to | /tmp/tmptbwn0dht/libsolv-0.7.35-3.fc44.tar.xz |
| time-created | 2026-01-08 19:11:58 |
| time-finished | 2026-01-08 19:14:32 |
| title | Newly introduced findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmptbwn0dht/libsolv-0.7.35-3.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmptbwn0dht/libsolv-0.7.35-3.fc44.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |