Error: GCC_ANALYZER_WARNING (CWE-476): [#def1] libxcrypt-4.5.2/lib/alg-yescrypt-opt.c:1328:17: warning[-Wanalyzer-null-dereference]: dereference of NULL 'B' libxcrypt-4.5.2/lib/alg-yescrypt-opt.c:1453:5: enter_function: entry to '_crypt_yescrypt_init_shared' libxcrypt-4.5.2/lib/alg-yescrypt-opt.c:1467:12: branch_false: following 'false' branch... libxcrypt-4.5.2/lib/alg-yescrypt-opt.c:1470:12: branch_false: following 'false' branch... libxcrypt-4.5.2/lib/alg-yescrypt-opt.c:1479:17: call_function: inlined call to 'init_region' from '_crypt_yescrypt_init_shared' libxcrypt-4.5.2/lib/alg-yescrypt-opt.c:1482:21: call_function: calling '_crypt_yescrypt_kdf' from '_crypt_yescrypt_init_shared' # 1326| # 1327| if (flags) # 1328|-> memcpy(sha256, B, sizeof(sha256)); # 1329| # 1330| if (p == 1 || (flags & YESCRYPT_RW)) { Error: GCC_ANALYZER_WARNING (CWE-787): [#def2] libxcrypt-4.5.2/lib/crypt-bcrypt.c:732:8: warning[-Wanalyzer-out-of-bounds]: buffer over-read libxcrypt-4.5.2/lib/crypt-bcrypt.c:1046:1: enter_function: entry to '_crypt_crypt_bcrypt_y_rn' libxcrypt-4.5.2/lib/crypt-bcrypt.c:1051:3: call_function: calling 'BF_full_crypt' from '_crypt_crypt_bcrypt_y_rn' # 730| setting[1] != '2' || # 731| setting[2] < 'a' || setting[2] > 'z' || # 732|-> !flags_by_subtype[(unsigned int) (unsigned char) setting[2] - 'a'] || # 733| setting[3] != '$' || # 734| setting[4] < '0' || setting[4] > '3' || Error: GCC_ANALYZER_WARNING (CWE-401): [#def3] libxcrypt-4.5.2/lib/crypt.c:154:3: warning[-Wanalyzer-malloc-leak]: leak of 'p' libxcrypt-4.5.2/lib/crypt.c:216:1: enter_function: entry to '_crypt_crypt_ra' libxcrypt-4.5.2/lib/crypt.c:229:7: acquire_memory: allocated here libxcrypt-4.5.2/lib/crypt.c:230:6: branch_false: following 'false' branch (when 'p' is non-NULL)... libxcrypt-4.5.2/lib/crypt.c:237:3: branch_false: ...to here libxcrypt-4.5.2/lib/crypt.c:239:3: call_function: calling 'do_crypt' from '_crypt_crypt_ra' # 152| struct crypt_internal *cint = get_internal (data); # 153| memset (cint->output, 0, sizeof cint->output); # 154|-> make_failure_token (setting, cint->output, sizeof cint->output); # 155| # 156| if (!phrase || !setting) Error: GCC_ANALYZER_WARNING (CWE-401): [#def4] libxcrypt-4.5.2/lib/crypt.c:185:3: warning[-Wanalyzer-malloc-leak]: leak of 'p' libxcrypt-4.5.2/lib/crypt.c:216:1: enter_function: entry to '_crypt_crypt_ra' libxcrypt-4.5.2/lib/crypt.c:229:7: acquire_memory: allocated here libxcrypt-4.5.2/lib/crypt.c:230:6: branch_false: following 'false' branch (when 'p' is non-NULL)... libxcrypt-4.5.2/lib/crypt.c:237:3: branch_false: ...to here libxcrypt-4.5.2/lib/crypt.c:239:3: call_function: calling 'do_crypt' from '_crypt_crypt_ra' # 183| } # 184| # 185|-> h->crypt (phrase, phr_size, setting, set_size, # 186| (unsigned char *) cint->output, sizeof cint->output, # 187| cint->alg_specific, sizeof cint->alg_specific); Error: GCC_ANALYZER_WARNING (CWE-401): [#def5] libxcrypt-4.5.2/lib/crypt.c:190:3: warning[-Wanalyzer-malloc-leak]: leak of 'p' libxcrypt-4.5.2/lib/crypt.c:216:1: enter_function: entry to '_crypt_crypt_ra' libxcrypt-4.5.2/lib/crypt.c:229:7: acquire_memory: allocated here libxcrypt-4.5.2/lib/crypt.c:230:6: branch_false: following 'false' branch (when 'p' is non-NULL)... libxcrypt-4.5.2/lib/crypt.c:237:3: branch_false: ...to here libxcrypt-4.5.2/lib/crypt.c:239:3: call_function: calling 'do_crypt' from '_crypt_crypt_ra' # 188| # 189| out: # 190|-> strcpy_or_abort (data->output, sizeof data->output, cint->output); # 191| explicit_bzero (data->internal, sizeof data->internal); # 192| explicit_bzero (data->reserved, sizeof data->reserved); Error: GCC_ANALYZER_WARNING (CWE-401): [#def6] libxcrypt-4.5.2/lib/crypt.c:294:3: warning[-Wanalyzer-malloc-leak]: leak of 'output' libxcrypt-4.5.2/lib/crypt.c:362:1: enter_function: entry to '_crypt_crypt_gensalt_ra' libxcrypt-4.5.2/lib/crypt.c:365:18: acquire_memory: allocated here libxcrypt-4.5.2/lib/crypt.c:366:6: branch_false: following 'false' branch (when 'output' is non-NULL)... libxcrypt-4.5.2/lib/crypt.c:369:18: branch_false: ...to here libxcrypt-4.5.2/lib/crypt.c:369:18: call_function: calling '_crypt_crypt_gensalt_rn' from '_crypt_crypt_gensalt_ra' # 292| unsigned char internal_nrbytes = 0; # 293| memset (outbuf, 0, sizeof outbuf); # 294|-> make_failure_token (prefix, outbuf, sizeof outbuf); # 295| # 296| /* If the prefix is 0, that means to use the current best default. Error: GCC_ANALYZER_WARNING (CWE-401): [#def7] libxcrypt-4.5.2/lib/crypt.c:324:12: warning[-Wanalyzer-malloc-leak]: leak of 'output' libxcrypt-4.5.2/lib/crypt.c:362:1: enter_function: entry to '_crypt_crypt_gensalt_ra' libxcrypt-4.5.2/lib/crypt.c:365:18: acquire_memory: allocated here libxcrypt-4.5.2/lib/crypt.c:366:6: branch_false: following 'false' branch (when 'output' is non-NULL)... libxcrypt-4.5.2/lib/crypt.c:369:18: branch_false: ...to here libxcrypt-4.5.2/lib/crypt.c:369:18: call_function: calling '_crypt_crypt_gensalt_rn' from '_crypt_crypt_gensalt_ra' # 322| if (!rbytes) # 323| { # 324|-> if (!get_random_bytes (internal_rbytes, h->nrbytes)) # 325| goto out; # 326| Error: GCC_ANALYZER_WARNING (CWE-401): [#def8] libxcrypt-4.5.2/lib/crypt.c:331:3: warning[-Wanalyzer-malloc-leak]: leak of 'output' libxcrypt-4.5.2/lib/crypt.c:362:1: enter_function: entry to '_crypt_crypt_gensalt_ra' libxcrypt-4.5.2/lib/crypt.c:365:18: acquire_memory: allocated here libxcrypt-4.5.2/lib/crypt.c:366:6: branch_false: following 'false' branch (when 'output' is non-NULL)... libxcrypt-4.5.2/lib/crypt.c:369:18: branch_false: ...to here libxcrypt-4.5.2/lib/crypt.c:369:18: call_function: calling '_crypt_crypt_gensalt_rn' from '_crypt_crypt_gensalt_ra' # 329| } # 330| # 331|-> h->gensalt (count, # 332| (const unsigned char *) rbytes, (size_t) nrbytes, # 333| (unsigned char *) outbuf, Error: GCC_ANALYZER_WARNING (CWE-401): [#def9] libxcrypt-4.5.2/lib/crypt.c:337:3: warning[-Wanalyzer-malloc-leak]: leak of 'output' libxcrypt-4.5.2/lib/crypt.c:362:1: enter_function: entry to '_crypt_crypt_gensalt_ra' libxcrypt-4.5.2/lib/crypt.c:365:18: acquire_memory: allocated here libxcrypt-4.5.2/lib/crypt.c:366:6: branch_false: following 'false' branch (when 'output' is non-NULL)... libxcrypt-4.5.2/lib/crypt.c:369:18: branch_false: ...to here libxcrypt-4.5.2/lib/crypt.c:369:18: call_function: calling '_crypt_crypt_gensalt_rn' from '_crypt_crypt_gensalt_ra' # 335| # 336| out: # 337|-> strcpy_or_abort (output, (size_t) output_size, outbuf); # 338| explicit_bzero (outbuf, sizeof outbuf); # 339|
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-11.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | libxcrypt-4.5.2-2.fc44 |
| store-results-to | /tmp/tmpp7bq3fj8/libxcrypt-4.5.2-2.fc44.tar.xz |
| time-created | 2026-01-08 19:22:30 |
| time-finished | 2026-01-08 19:24:43 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpp7bq3fj8/libxcrypt-4.5.2-2.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpp7bq3fj8/libxcrypt-4.5.2-2.fc44.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |