Newly introduced findings

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1]
libxcrypt-4.5.2/lib/crypt.c:154:3: warning[-Wanalyzer-malloc-leak]: leak of 'p'
libxcrypt-4.5.2/lib/crypt.c:216:1: enter_function: entry to '_crypt_crypt_ra'
libxcrypt-4.5.2/lib/crypt.c:229:7: acquire_memory: allocated here
libxcrypt-4.5.2/lib/crypt.c:230:6: branch_false: following 'false' branch (when 'p' is non-NULL)...
libxcrypt-4.5.2/lib/crypt.c:237:3: branch_false: ...to here
libxcrypt-4.5.2/lib/crypt.c:239:3: call_function: calling 'do_crypt' from '_crypt_crypt_ra'
#  152|     struct crypt_internal *cint = get_internal (data);
#  153|     memset (cint->output, 0, sizeof cint->output);
#  154|->   make_failure_token (setting, cint->output, sizeof cint->output);
#  155|   
#  156|     if (!phrase || !setting)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def2]
libxcrypt-4.5.2/lib/crypt.c:185:3: warning[-Wanalyzer-malloc-leak]: leak of 'p'
libxcrypt-4.5.2/lib/crypt.c:216:1: enter_function: entry to '_crypt_crypt_ra'
libxcrypt-4.5.2/lib/crypt.c:229:7: acquire_memory: allocated here
libxcrypt-4.5.2/lib/crypt.c:230:6: branch_false: following 'false' branch (when 'p' is non-NULL)...
libxcrypt-4.5.2/lib/crypt.c:237:3: branch_false: ...to here
libxcrypt-4.5.2/lib/crypt.c:239:3: call_function: calling 'do_crypt' from '_crypt_crypt_ra'
#  183|       }
#  184|   
#  185|->   h->crypt (phrase, phr_size, setting, set_size,
#  186|               (unsigned char *) cint->output, sizeof cint->output,
#  187|               cint->alg_specific, sizeof cint->alg_specific);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def3]
libxcrypt-4.5.2/lib/crypt.c:190:3: warning[-Wanalyzer-malloc-leak]: leak of 'p'
libxcrypt-4.5.2/lib/crypt.c:216:1: enter_function: entry to '_crypt_crypt_ra'
libxcrypt-4.5.2/lib/crypt.c:229:7: acquire_memory: allocated here
libxcrypt-4.5.2/lib/crypt.c:230:6: branch_false: following 'false' branch (when 'p' is non-NULL)...
libxcrypt-4.5.2/lib/crypt.c:237:3: branch_false: ...to here
libxcrypt-4.5.2/lib/crypt.c:239:3: call_function: calling 'do_crypt' from '_crypt_crypt_ra'
#  188|   
#  189|   out:
#  190|->   strcpy_or_abort (data->output, sizeof data->output, cint->output);
#  191|     explicit_bzero (data->internal, sizeof data->internal);
#  192|     explicit_bzero (data->reserved, sizeof data->reserved);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
libxcrypt-4.5.2/lib/crypt.c:294:3: warning[-Wanalyzer-malloc-leak]: leak of 'output'
libxcrypt-4.5.2/lib/crypt.c:362:1: enter_function: entry to '_crypt_crypt_gensalt_ra'
libxcrypt-4.5.2/lib/crypt.c:365:18: acquire_memory: allocated here
libxcrypt-4.5.2/lib/crypt.c:366:6: branch_false: following 'false' branch (when 'output' is non-NULL)...
libxcrypt-4.5.2/lib/crypt.c:369:18: branch_false: ...to here
libxcrypt-4.5.2/lib/crypt.c:369:18: call_function: calling '_crypt_crypt_gensalt_rn' from '_crypt_crypt_gensalt_ra'
#  292|     unsigned char internal_nrbytes = 0;
#  293|     memset (outbuf, 0, sizeof outbuf);
#  294|->   make_failure_token (prefix, outbuf, sizeof outbuf);
#  295|   
#  296|     /* If the prefix is 0, that means to use the current best default.

Error: GCC_ANALYZER_WARNING (CWE-401): [#def5]
libxcrypt-4.5.2/lib/crypt.c:324:12: warning[-Wanalyzer-malloc-leak]: leak of 'output'
libxcrypt-4.5.2/lib/crypt.c:362:1: enter_function: entry to '_crypt_crypt_gensalt_ra'
libxcrypt-4.5.2/lib/crypt.c:365:18: acquire_memory: allocated here
libxcrypt-4.5.2/lib/crypt.c:366:6: branch_false: following 'false' branch (when 'output' is non-NULL)...
libxcrypt-4.5.2/lib/crypt.c:369:18: branch_false: ...to here
libxcrypt-4.5.2/lib/crypt.c:369:18: call_function: calling '_crypt_crypt_gensalt_rn' from '_crypt_crypt_gensalt_ra'
#  322|     if (!rbytes)
#  323|       {
#  324|->       if (!get_random_bytes (internal_rbytes, h->nrbytes))
#  325|           goto out;
#  326|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
libxcrypt-4.5.2/lib/crypt.c:331:3: warning[-Wanalyzer-malloc-leak]: leak of 'output'
libxcrypt-4.5.2/lib/crypt.c:362:1: enter_function: entry to '_crypt_crypt_gensalt_ra'
libxcrypt-4.5.2/lib/crypt.c:365:18: acquire_memory: allocated here
libxcrypt-4.5.2/lib/crypt.c:366:6: branch_false: following 'false' branch (when 'output' is non-NULL)...
libxcrypt-4.5.2/lib/crypt.c:369:18: branch_false: ...to here
libxcrypt-4.5.2/lib/crypt.c:369:18: call_function: calling '_crypt_crypt_gensalt_rn' from '_crypt_crypt_gensalt_ra'
#  329|       }
#  330|   
#  331|->   h->gensalt (count,
#  332|                 (const unsigned char *) rbytes, (size_t) nrbytes,
#  333|                 (unsigned char *) outbuf,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def7]
libxcrypt-4.5.2/lib/crypt.c:337:3: warning[-Wanalyzer-malloc-leak]: leak of 'output'
libxcrypt-4.5.2/lib/crypt.c:362:1: enter_function: entry to '_crypt_crypt_gensalt_ra'
libxcrypt-4.5.2/lib/crypt.c:365:18: acquire_memory: allocated here
libxcrypt-4.5.2/lib/crypt.c:366:6: branch_false: following 'false' branch (when 'output' is non-NULL)...
libxcrypt-4.5.2/lib/crypt.c:369:18: branch_false: ...to here
libxcrypt-4.5.2/lib/crypt.c:369:18: call_function: calling '_crypt_crypt_gensalt_rn' from '_crypt_crypt_gensalt_ra'
#  335|   
#  336|   out:
#  337|->   strcpy_or_abort (output, (size_t) output_size, outbuf);
#  338|     explicit_bzero (outbuf, sizeof outbuf);
#  339|

Scan Properties

analyzer-version-clippy	1.92.0
analyzer-version-cppcheck	2.19.1
analyzer-version-gcc	16.0.0
analyzer-version-gcc-analyzer	16.0.0
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.92.0
diffbase-analyzer-version-cppcheck	2.19.1
diffbase-analyzer-version-gcc	16.0.0
diffbase-analyzer-version-gcc-analyzer	16.0.0
diffbase-analyzer-version-shellcheck	0.11.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-11.us-west-2.compute.internal
diffbase-known-false-positives	/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
diffbase-mock-config	fedora-rawhide-x86_64
diffbase-project-name	libxcrypt-4.4.38-8.fc43
diffbase-store-results-to	/tmp/tmp27j5zyxy/libxcrypt-4.4.38-8.fc43.tar.xz
diffbase-time-created	2026-01-08 19:19:17
diffbase-time-finished	2026-01-08 19:21:59
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmp27j5zyxy/libxcrypt-4.4.38-8.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp27j5zyxy/libxcrypt-4.4.38-8.fc43.src.rpm'
diffbase-tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-11.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	libxcrypt-4.5.2-2.fc44
store-results-to	/tmp/tmpp7bq3fj8/libxcrypt-4.5.2-2.fc44.tar.xz
time-created	2026-01-08 19:22:30
time-finished	2026-01-08 19:24:43
title	Newly introduced findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpp7bq3fj8/libxcrypt-4.5.2-2.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpp7bq3fj8/libxcrypt-4.5.2-2.fc44.src.rpm'
tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9