Newly introduced findings

List of Findings

Error: COMPILER_WARNING: [#def1] [important]
lilv-0.26.2/src/load_skimmer.h:7:10: error[fatal error]: serd/serd.h: No such file or directory
#    5|   #define LILV_LOAD_SKIMMER_H
#    6|   
#    7|-> #include <serd/serd.h>
#    8|   #include <sord/sord.h>
#    9|   #include <zix/attributes.h>

Error: COMPILER_WARNING: [#def2] [important]
lilv-0.26.2/src/node_hash.h:7:10: error[fatal error]: zix/allocator.h: No such file or directory
#    5|   #define LILV_NODE_HASH_H
#    6|   
#    7|-> #include <zix/allocator.h>
#    8|   #include <zix/attributes.h>
#    9|   #include <zix/status.h>

Error: CPPCHECK_WARNING (CWE-476): [#def3]
lilv-0.26.2/src/pluginclass.c:21: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: pc
#   19|     LilvPluginClass* pc = (LilvPluginClass*)malloc(sizeof(LilvPluginClass));
#   20|     pc->world           = world;
#   21|->   pc->uri             = uri;
#   22|     pc->label           = lilv_node_new(world, LILV_VALUE_STRING, label);
#   23|     pc->parent_uri =

Error: CPPCHECK_WARNING (CWE-476): [#def4]
lilv-0.26.2/src/scalepoint.c:17: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: point
#   15|   {
#   16|     LilvScalePoint* point = (LilvScalePoint*)malloc(sizeof(LilvScalePoint));
#   17|->   point->value          = lilv_node_new_from_node(world, value);
#   18|     point->label          = lilv_node_new_from_node(world, label);
#   19|     return point;

Error: CPPCHECK_WARNING (CWE-476): [#def5]
lilv-0.26.2/src/scalepoint.c:18: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: point
#   16|     LilvScalePoint* point = (LilvScalePoint*)malloc(sizeof(LilvScalePoint));
#   17|     point->value          = lilv_node_new_from_node(world, value);
#   18|->   point->label          = lilv_node_new_from_node(world, label);
#   19|     return point;
#   20|   }

Error: CPPCHECK_WARNING (CWE-476): [#def6]
lilv-0.26.2/src/string_util.c:28: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: result
#   26|     char*  result = (char*)malloc(len + 1);
#   27|   
#   28|->   memcpy(result, first, len);
#   29|   
#   30|     va_list args; // NOLINT(cppcoreguidelines-init-variables)

Error: CPPCHECK_WARNING (CWE-476): [#def7]
lilv-0.26.2/src/string_util.c:66: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: copy
#   64|     const size_t len  = strlen(str);
#   65|     char*        copy = (char*)malloc(len + 1);
#   66|->   memcpy(copy, str, len + 1);
#   67|     return copy;
#   68|   }

Error: COMPILER_WARNING: [#def8] [important]
lilv-0.26.2/src/string_util.h:7:10: error[fatal error]: sord/sord.h: No such file or directory
#    5|   #define LILV_STRING_UTIL_H
#    6|   
#    7|-> #include <sord/sord.h>
#    8|   #include <zix/string_view.h>
#    9|   

Error: COMPILER_WARNING: [#def9] [important]
lilv-0.26.2/src/syntax_skimmer.h:7:10: error[fatal error]: serd/serd.h: No such file or directory
#    5|   #define LILV_SYNTAX_SKIMMER_H
#    6|   
#    7|-> #include <serd/serd.h>
#    8|   #include <sord/sord.h>
#    9|   #include <zix/allocator.h>

Error: CPPCHECK_WARNING (CWE-476): [#def10]
lilv-0.26.2/src/sys_util.c:67: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: path
#   65|     const size_t in_path_len = strlen(in_path);
#   66|     char*        path        = (char*)malloc(in_path_len + 7);
#   67|->   memcpy(path, in_path, in_path_len + 1);
#   68|   
#   69|     for (unsigned i = 2U; i < 1000000U; ++i) {

Error: COMPILER_WARNING: [#def11] [important]
lilv-0.26.2/src/sys_util.h:7:10: error[fatal error]: zix/attributes.h: No such file or directory
#    5|   #define LILV_SYS_UTIL_H
#    6|   
#    7|-> #include <zix/attributes.h>
#    8|   
#    9|   #include <stdbool.h>

Error: CPPCHECK_WARNING (CWE-476): [#def12]
lilv-0.26.2/src/ui.c:28: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: ui
#   26|     LilvUI* ui     = (LilvUI*)malloc(sizeof(LilvUI));
#   27|     ui->world      = world;
#   28|->   ui->uri        = lilv_node_new_from_node(world, uri);
#   29|     ui->binary_uri = lilv_node_new_from_node(world, binary_uri);
#   30|   

Error: CPPCHECK_WARNING (CWE-476): [#def13]
lilv-0.26.2/src/ui.c:29: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: ui
#   27|     ui->world      = world;
#   28|     ui->uri        = lilv_node_new_from_node(world, uri);
#   29|->   ui->binary_uri = lilv_node_new_from_node(world, binary_uri);
#   30|   
#   31|     // FIXME: kludge

Error: CPPCHECK_WARNING (CWE-476): [#def14]
lilv-0.26.2/src/ui.c:40: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: ui
#   38|     ui->classes = lilv_nodes_new();
#   39|     zix_tree_insert(
#   40|->     (ZixTree*)ui->classes, lilv_node_new_from_node(world, type_uri), NULL);
#   41|   
#   42|     return ui;

Error: COMPILER_WARNING: [#def15] [important]
lilv-0.26.2/src/uris.h:7:10: error[fatal error]: sord/sord.h: No such file or directory
#    5|   #define LILV_URIS_H
#    6|   
#    7|-> #include <sord/sord.h>
#    8|   #include <zix/attributes.h>
#    9|   

Error: CPPCHECK_WARNING (CWE-476): [#def16]
lilv-0.26.2/src/world.c:393: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: spec
#  391|     // Add all data files (rdfs:seeAlso)
#  392|     lilv_world_collect_data_files(
#  393|->     world, specification_node, (ZixTree*)spec->data_uris);
#  394|   
#  395|     // Add specification to world specification list

Error: CPPCHECK_WARNING (CWE-476): [#def17]
lilv-0.26.2/src/world.c:396: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: spec
#  394|   
#  395|     // Add specification to world specification list
#  396|->   spec->next   = world->specs;
#  397|     world->specs = spec;
#  398|   }

Error: COMPILER_WARNING: [#def18] [important]
lilv-0.26.2/test/lilv_test_uri_map.h:8:10: error[fatal error]: serd/serd.h: No such file or directory
#    6|   
#    7|   #include <lv2/urid/urid.h>
#    8|-> #include <serd/serd.h>
#    9|   
#   10|   #include <assert.h>

Error: COMPILER_WARNING: [#def19] [important]
lilv-0.26.2/test/lilv_test_utils.h:8:10: error[fatal error]: zix/attributes.h: No such file or directory
#    6|   
#    7|   #include <lilv/lilv.h>
#    8|-> #include <zix/attributes.h>
#    9|   
#   10|   #define MANIFEST_PREFIXES \

Error: COMPILER_WARNING: [#def20] [important]
lilv-0.26.2/test/test_plugin.lv2/test_plugin.c:8:10: error[fatal error]: zix/filesystem.h: No such file or directory
#    6|   #include <lv2/state/state.h>
#    7|   #include <lv2/urid/urid.h>
#    8|-> #include <zix/filesystem.h>
#    9|   #include <zix/path.h>
#   10|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def21]
lilv-0.26.2/tools/uri_table.h:45:3: warning[-Wanalyzer-malloc-leak]: leak of ‘uri_table.uris’
lilv-0.26.2/tools/lv2bench.c:327:1: enter_function: entry to ‘main’
lilv-0.26.2/tools/lv2bench.c:372:6: branch_false: following ‘false’ branch (when ‘<unknown>’ is NULL)...
lilv-0.26.2/tools/lv2bench.c:376:6: branch_false: ...to here
lilv-0.26.2/tools/lv2bench.c:376:6: branch_false: following ‘false’ branch (when ‘out’ is non-NULL)...
lilv-0.26.2/tools/lv2bench.c:382:28: branch_false: ...to here
lilv-0.26.2/tools/lv2bench.c:406:5: branch_false: following ‘false’ branch...
lilv-0.26.2/tools/lv2bench.c:407:28: branch_false: ...to here
lilv-0.26.2/tools/lv2bench.c:407:22: call_function: calling ‘bench’ from ‘main’
#   43|   
#   44|     const size_t len = strlen(uri);
#   45|->   table->uris = (char**)realloc(table->uris, ++table->n_uris * sizeof(char*));
#   46|     table->uris[table->n_uris - 1] = (char*)malloc(len + 1);
#   47|     memcpy(table->uris[table->n_uris - 1], uri, len + 1);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def22]
lilv-0.26.2/tools/uri_table.h:45:25: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
lilv-0.26.2/tools/lv2bench.c:327:1: enter_function: entry to ‘main’
lilv-0.26.2/tools/lv2bench.c:372:6: branch_false: following ‘false’ branch (when ‘<unknown>’ is NULL)...
lilv-0.26.2/tools/lv2bench.c:376:6: branch_false: ...to here
lilv-0.26.2/tools/lv2bench.c:376:6: branch_false: following ‘false’ branch (when ‘out’ is non-NULL)...
lilv-0.26.2/tools/lv2bench.c:382:28: branch_false: ...to here
lilv-0.26.2/tools/lv2bench.c:406:5: branch_false: following ‘false’ branch...
lilv-0.26.2/tools/lv2bench.c:407:28: branch_false: ...to here
lilv-0.26.2/tools/lv2bench.c:407:22: call_function: calling ‘bench’ from ‘main’
#   43|   
#   44|     const size_t len = strlen(uri);
#   45|->   table->uris = (char**)realloc(table->uris, ++table->n_uris * sizeof(char*));
#   46|     table->uris[table->n_uris - 1] = (char*)malloc(len + 1);
#   47|     memcpy(table->uris[table->n_uris - 1], uri, len + 1);

Scan Properties

analyzer-version-clippy	1.92.0
analyzer-version-cppcheck	2.19.1
analyzer-version-gcc	16.0.0
analyzer-version-gcc-analyzer	16.0.0
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.92.0
diffbase-analyzer-version-cppcheck	2.19.1
diffbase-analyzer-version-gcc	16.0.0
diffbase-analyzer-version-gcc-analyzer	16.0.0
diffbase-analyzer-version-shellcheck	0.11.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-175.us-west-2.compute.internal
diffbase-known-false-positives	/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
diffbase-mock-config	fedora-rawhide-x86_64
diffbase-project-name	lilv-0.24.26-7.fc43
diffbase-store-results-to	/tmp/tmpfi68ng69/lilv-0.24.26-7.fc43.tar.xz
diffbase-time-created	2026-01-08 19:20:40
diffbase-time-finished	2026-01-08 19:22:41
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpfi68ng69/lilv-0.24.26-7.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpfi68ng69/lilv-0.24.26-7.fc43.src.rpm'
diffbase-tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-175.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	lilv-0.26.2-1.fc44
store-results-to	/tmp/tmpiyk_n58l/lilv-0.26.2-1.fc44.tar.xz
time-created	2026-01-08 19:23:08
time-finished	2026-01-08 19:24:37
title	Newly introduced findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpiyk_n58l/lilv-0.26.2-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpiyk_n58l/lilv-0.26.2-1.fc44.src.rpm'
tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9