openssl-3.5.4-1.fc44

List of Findings

Error: COMPILER_WARNING (CWE-704): [#def1]
openssl-3.5.4/apps/lib/apps.c: scope_hint: In function 'app_get_pass'
openssl-3.5.4/apps/lib/apps.c:270:17: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#  270 |             tmp = strchr(arg, ':');
#      |                 ^
#  268|           } else {
#  269|               /* argument syntax error; do not reveal too much about arg */
#  270|->             tmp = strchr(arg, ':');
#  271|               if (tmp == NULL || tmp - arg > PASS_SOURCE_SIZE_MAX)
#  272|                   BIO_printf(bio_err,

Error: COMPILER_WARNING (CWE-704): [#def2]
openssl-3.5.4/apps/lib/apps.c:270:17: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#  268|           } else {
#  269|               /* argument syntax error; do not reveal too much about arg */
#  270|->             tmp = strchr(arg, ':');
#  271|               if (tmp == NULL || tmp - arg > PASS_SOURCE_SIZE_MAX)
#  272|                   BIO_printf(bio_err,

Error: GCC_ANALYZER_WARNING (CWE-404): [#def3]
openssl-3.5.4/apps/lib/apps.c:632:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/apps.c:631:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/apps.c:632:5: throw: if 'BIO_vprintf' throws an exception...
openssl-3.5.4/apps/lib/apps.c:632:5: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  630|   
#  631|       va_start(args, fmt);
#  632|->     BIO_vprintf(bio_err, fmt, args);
#  633|       va_end(args);
#  634|       ERR_print_errors(bio_err);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
openssl-3.5.4/apps/lib/apps.c:3136:9: warning[-Wanalyzer-malloc-leak]: leak of 'fp'
openssl-3.5.4/apps/lib/apps.c:3083:6: enter_function: entry to 'bio_open_owner'
openssl-3.5.4/apps/lib/apps.c:3124:8: branch_false: following 'false' branch...
openssl-3.5.4/apps/lib/apps.c:3126:10: branch_false: ...to here
openssl-3.5.4/apps/lib/apps.c:3126:10: call_function: calling 'modestr' from 'bio_open_owner'
openssl-3.5.4/apps/lib/apps.c:3126:10: return_function: returning to 'bio_open_owner' from 'modestr'
openssl-3.5.4/apps/lib/apps.c:3126:10: acquire_memory: allocated here
openssl-3.5.4/apps/lib/apps.c:3131:8: branch_false: following 'false' branch (when 'fp' is non-NULL)...
openssl-3.5.4/apps/lib/apps.c:3134:8: branch_false: ...to here
openssl-3.5.4/apps/lib/apps.c:3136:9: throw: if 'BIO_new_fp' throws an exception...
openssl-3.5.4/apps/lib/apps.c:3136:9: danger: 'fp' leaks here; was allocated at [(11)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/10)
# 3134|       if (textmode)
# 3135|           bflags |= BIO_FP_TEXT;
# 3136|->     b = BIO_new_fp(fp, bflags);
# 3137|       if (b != NULL)
# 3138|           return b;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def5]
openssl-3.5.4/apps/lib/apps_opt_printf.c:21:11: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/apps_opt_printf.c:20:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/apps_opt_printf.c:21:11: throw: if 'BIO_vprintf' throws an exception...
openssl-3.5.4/apps/lib/apps_opt_printf.c:21:11: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   19|   
#   20|       va_start(ap, fmt);
#   21|->     ret = BIO_vprintf(bio_err, fmt, ap);
#   22|       va_end(ap);
#   23|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def6]
openssl-3.5.4/apps/lib/log.c:47:22: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/log.c:71:6: enter_function: entry to 'trace_log_message'
openssl-3.5.4/apps/lib/log.c:75:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/log.c:95:8: branch_false: following 'false' branch...
openssl-3.5.4/apps/lib/log.c:106:5: branch_false: ...to here
openssl-3.5.4/apps/lib/log.c:106:5: call_function: calling 'log_with_prefix' from 'trace_log_message'
#   45|   {
#   46|       char prefix[80];
#   47|->     BIO *bio, *pre = BIO_new(BIO_f_prefix());
#   48|   
#   49|       (void)BIO_snprintf(prefix, sizeof(prefix), "%s: ", prog);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def7]
openssl-3.5.4/apps/lib/log.c:49:11: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/log.c:71:6: enter_function: entry to 'trace_log_message'
openssl-3.5.4/apps/lib/log.c:75:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/log.c:95:8: branch_false: following 'false' branch...
openssl-3.5.4/apps/lib/log.c:106:5: branch_false: ...to here
openssl-3.5.4/apps/lib/log.c:106:5: call_function: calling 'log_with_prefix' from 'trace_log_message'
#   47|       BIO *bio, *pre = BIO_new(BIO_f_prefix());
#   48|   
#   49|->     (void)BIO_snprintf(prefix, sizeof(prefix), "%s: ", prog);
#   50|       (void)BIO_set_prefix(pre, prefix);
#   51|       bio = BIO_push(pre, bio_err);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def8]
openssl-3.5.4/apps/lib/log.c:50:11: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/log.c:71:6: enter_function: entry to 'trace_log_message'
openssl-3.5.4/apps/lib/log.c:75:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/log.c:95:8: branch_false: following 'false' branch...
openssl-3.5.4/apps/lib/log.c:106:5: branch_false: ...to here
openssl-3.5.4/apps/lib/log.c:106:5: call_function: calling 'log_with_prefix' from 'trace_log_message'
#   48|   
#   49|       (void)BIO_snprintf(prefix, sizeof(prefix), "%s: ", prog);
#   50|->     (void)BIO_set_prefix(pre, prefix);
#   51|       bio = BIO_push(pre, bio_err);
#   52|       (void)BIO_vprintf(bio, fmt, ap);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def9]
openssl-3.5.4/apps/lib/log.c:51:11: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/log.c:71:6: enter_function: entry to 'trace_log_message'
openssl-3.5.4/apps/lib/log.c:75:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/log.c:95:8: branch_false: following 'false' branch...
openssl-3.5.4/apps/lib/log.c:106:5: branch_false: ...to here
openssl-3.5.4/apps/lib/log.c:106:5: call_function: calling 'log_with_prefix' from 'trace_log_message'
#   49|       (void)BIO_snprintf(prefix, sizeof(prefix), "%s: ", prog);
#   50|       (void)BIO_set_prefix(pre, prefix);
#   51|->     bio = BIO_push(pre, bio_err);
#   52|       (void)BIO_vprintf(bio, fmt, ap);
#   53|       (void)BIO_printf(bio, "\n");

Error: GCC_ANALYZER_WARNING (CWE-404): [#def10]
openssl-3.5.4/apps/lib/log.c:52:11: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/log.c:71:6: enter_function: entry to 'trace_log_message'
openssl-3.5.4/apps/lib/log.c:75:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/log.c:95:8: branch_false: following 'false' branch...
openssl-3.5.4/apps/lib/log.c:106:5: branch_false: ...to here
openssl-3.5.4/apps/lib/log.c:106:5: call_function: calling 'log_with_prefix' from 'trace_log_message'
#   50|       (void)BIO_set_prefix(pre, prefix);
#   51|       bio = BIO_push(pre, bio_err);
#   52|->     (void)BIO_vprintf(bio, fmt, ap);
#   53|       (void)BIO_printf(bio, "\n");
#   54|       (void)BIO_flush(bio);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def11]
openssl-3.5.4/apps/lib/log.c:81:26: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/log.c:75:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/log.c:81:8: branch_true: following 'true' branch (when 'category >= 0')...
openssl-3.5.4/apps/lib/log.c:81:26: branch_true: ...to here
openssl-3.5.4/apps/lib/log.c:81:26: throw: if 'OSSL_trace_enabled' throws an exception...
openssl-3.5.4/apps/lib/log.c:81:26: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#   79|           category = -1; /* disabling trace output in addition to logging */
#   80|   #endif
#   81|->     if (category >= 0 && OSSL_trace_enabled(category)) {
#   82|           BIO *out = OSSL_trace_begin(category);
#   83|   #ifndef OSSL_NO_C99

Error: GCC_ANALYZER_WARNING (CWE-404): [#def12]
openssl-3.5.4/apps/lib/log.c:82:20: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/log.c:75:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/log.c:81:8: branch_true: following 'true' branch...
openssl-3.5.4/apps/lib/log.c:82:20: throw: if 'OSSL_trace_begin' throws an exception...
openssl-3.5.4/apps/lib/log.c:82:20: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#   80|   #endif
#   81|       if (category >= 0 && OSSL_trace_enabled(category)) {
#   82|->         BIO *out = OSSL_trace_begin(category);
#   83|   #ifndef OSSL_NO_C99
#   84|           va_list ap_copy;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def13]
openssl-3.5.4/apps/lib/log.c:87:15: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/log.c:75:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/log.c:81:8: branch_true: following 'true' branch...
openssl-3.5.4/apps/lib/log.c:87:15: throw: if 'BIO_vprintf' throws an exception...
openssl-3.5.4/apps/lib/log.c:87:15: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#   85|   
#   86|           va_copy(ap_copy, ap);
#   87|->         (void)BIO_vprintf(out, fmt, ap_copy);
#   88|           va_end(ap_copy);
#   89|   #else

Error: GCC_ANALYZER_WARNING (CWE-404): [#def14]
openssl-3.5.4/apps/lib/log.c:92:15: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/log.c:75:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/log.c:81:8: branch_true: following 'true' branch...
openssl-3.5.4/apps/lib/log.c:92:15: throw: if 'BIO_printf' throws an exception...
openssl-3.5.4/apps/lib/log.c:92:15: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#   90|           (void)BIO_vprintf(out, fmt, ap);
#   91|   #endif
#   92|->         (void)BIO_printf(out, "\n");
#   93|           OSSL_trace_end(category, out);
#   94|       }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def15]
openssl-3.5.4/apps/lib/log.c:93:9: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/lib/log.c:75:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/lib/log.c:81:8: branch_true: following 'true' branch...
openssl-3.5.4/apps/lib/log.c:93:9: throw: if 'OSSL_trace_end' throws an exception...
openssl-3.5.4/apps/lib/log.c:93:9: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
#   91|   #endif
#   92|           (void)BIO_printf(out, "\n");
#   93|->         OSSL_trace_end(category, out);
#   94|       }
#   95|       if (verbosity < level) {

Error: GCC_ANALYZER_WARNING (CWE-404): [#def16]
openssl-3.5.4/apps/storeutl.c:341:12: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/apps/storeutl.c:337:8: branch_false: following 'false' branch...
openssl-3.5.4/apps/storeutl.c:340:5: branch_false: ...to here
openssl-3.5.4/apps/storeutl.c:340:5: acquire_resource: 'va_start' called here
openssl-3.5.4/apps/storeutl.c:341:12: throw: if 'BIO_vprintf' throws an exception...
openssl-3.5.4/apps/storeutl.c:341:12: danger: missing call to 'va_end' to match 'va_start' at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  339|   
#  340|       va_start(args, format);
#  341|->     vret = BIO_vprintf(bio, format, args);
#  342|       va_end(args);
#  343|   

Error: CPPCHECK_WARNING (CWE-562): [#def17]
openssl-3.5.4/crypto/asn1/a_d2i_fp.c:53: error[returnDanglingLifetime]: Returning pointer to local variable 'p' that will be invalid when returning.
#   51|    err:
#   52|       BUF_MEM_free(b);
#   53|->     return ret;
#   54|   }
#   55|   

Error: CPPCHECK_WARNING (CWE-562): [#def18]
openssl-3.5.4/crypto/asn1/a_dup.c:38: error[returnDanglingLifetime]: Returning pointer to local variable 'p2' that will be invalid when returning.
#   36|       ret = d2i(NULL, &p2, i);
#   37|       OPENSSL_free(b);
#   38|->     return ret;
#   39|   }
#   40|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def19]
openssl-3.5.4/crypto/asn1/asn_mime.c:927:10: warning[-Wanalyzer-null-dereference]: dereference of NULL 'mhdr'
openssl-3.5.4/crypto/asn1/asn_mime.c:697:31: enter_function: entry to 'mime_parse_hdr'
openssl-3.5.4/crypto/asn1/asn_mime.c:707:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/asn1/asn_mime.c:707:8: branch_false: ...to here
openssl-3.5.4/crypto/asn1/asn_mime.c:709:12: branch_true: following 'true' branch...
openssl-3.5.4/crypto/asn1/asn_mime.c:711:12: branch_true: ...to here
openssl-3.5.4/crypto/asn1/asn_mime.c:711:12: branch_false: following 'false' branch (when 'mhdr' is NULL)...
openssl-3.5.4/crypto/asn1/asn_mime.c:711:12: branch_false: ...to here
openssl-3.5.4/crypto/asn1/asn_mime.c:717:40: branch_true: following 'true' branch...
openssl-3.5.4/crypto/asn1/asn_mime.c:717:40: branch_true: following 'true' branch...
openssl-3.5.4/crypto/asn1/asn_mime.c:717:40: branch_true: following 'true' branch...
openssl-3.5.4/crypto/asn1/asn_mime.c:771:20: branch_true: following 'true' branch (when 'c == 59')...
openssl-3.5.4/crypto/asn1/asn_mime.c:773:21: branch_true: ...to here
openssl-3.5.4/crypto/asn1/asn_mime.c:774:51: call_function: calling 'strip_ends' from 'mime_parse_hdr'
openssl-3.5.4/crypto/asn1/asn_mime.c:774:51: return_function: returning to 'mime_parse_hdr' from 'strip_ends'
openssl-3.5.4/crypto/asn1/asn_mime.c:774:21: call_function: calling 'mime_hdr_addparam' from 'mime_parse_hdr'
#  925|       mparam->param_name = tmpname;
#  926|       mparam->param_value = tmpval;
#  927|->     if (!sk_MIME_PARAM_push(mhdr->params, mparam))
#  928|           goto err;
#  929|       return 1;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def20]
openssl-3.5.4/crypto/bio/bio_lib.c:66:13: warning[-Wanalyzer-null-dereference]: dereference of NULL 'processed'
openssl-3.5.4/crypto/bio/bio_lib.c:441:5: enter_function: entry to 'BIO_recvmmsg'
openssl-3.5.4/crypto/bio/bio_lib.c:448:8: branch_false: following 'false' branch (when 'b' is non-NULL)...
openssl-3.5.4/crypto/bio/bio_lib.c:454:9: branch_false: ...to here
openssl-3.5.4/crypto/bio/bio_lib.c:454:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/bio/bio_lib.c:473:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/bio/bio_lib.c:479:11: branch_false: ...to here
openssl-3.5.4/crypto/bio/bio_lib.c:482:23: call_function: calling 'bio_call_callback' from 'BIO_recvmmsg'
#   64|   
#   65|       if (inret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
#   66|->         if (*processed > INT_MAX)
#   67|               return -1;
#   68|           inret = *processed;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def21]
openssl-3.5.4/crypto/bio/bio_lib.c:74:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'processed'
openssl-3.5.4/crypto/bio/bio_lib.c:441:5: enter_function: entry to 'BIO_recvmmsg'
openssl-3.5.4/crypto/bio/bio_lib.c:448:8: branch_false: following 'false' branch (when 'b' is non-NULL)...
openssl-3.5.4/crypto/bio/bio_lib.c:454:9: branch_false: ...to here
openssl-3.5.4/crypto/bio/bio_lib.c:454:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/bio/bio_lib.c:473:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/bio/bio_lib.c:479:11: branch_false: ...to here
openssl-3.5.4/crypto/bio/bio_lib.c:482:23: call_function: calling 'bio_call_callback' from 'BIO_recvmmsg'
#   72|   
#   73|       if (ret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
#   74|->         *processed = (size_t)ret;
#   75|           ret = 1;
#   76|       }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def22]
openssl-3.5.4/crypto/bio/bss_fd.c:219:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 'ptr'
openssl-3.5.4/crypto/bio/bss_fd.c:208:12: enter_function: entry to 'fd_gets'
openssl-3.5.4/crypto/bio/bss_fd.c:214:12: branch_true: following 'true' branch (when 'ptr < end')...
openssl-3.5.4/crypto/bio/bss_fd.c:214:25: call_function: inlined call to 'fd_read' from 'fd_gets'
openssl-3.5.4/crypto/bio/bss_fd.c:219:5: danger: dereference of NULL 'ptr'
#  217|       }
#  218|   
#  219|->     ptr[0] = '\0';
#  220|   
#  221|       if (buf[0] != '\0')

Error: CPPCHECK_WARNING (CWE-758): [#def23]
openssl-3.5.4/crypto/bn/bn_lib.c:45: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   43|               mult = sizeof(int) * 8 - 1;
#   44|           bn_limit_bits = mult;
#   45|->         bn_limit_num = 1 << mult;
#   46|       }
#   47|       if (high >= 0) {

Error: CPPCHECK_WARNING (CWE-758): [#def24]
openssl-3.5.4/crypto/bn/bn_lib.c:51: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   49|               high = sizeof(int) * 8 - 1;
#   50|           bn_limit_bits_high = high;
#   51|->         bn_limit_num_high = 1 << high;
#   52|       }
#   53|       if (low >= 0) {

Error: CPPCHECK_WARNING (CWE-758): [#def25]
openssl-3.5.4/crypto/bn/bn_lib.c:57: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   55|               low = sizeof(int) * 8 - 1;
#   56|           bn_limit_bits_low = low;
#   57|->         bn_limit_num_low = 1 << low;
#   58|       }
#   59|       if (mont >= 0) {

Error: CPPCHECK_WARNING (CWE-758): [#def26]
openssl-3.5.4/crypto/bn/bn_lib.c:63: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   61|               mont = sizeof(int) * 8 - 1;
#   62|           bn_limit_bits_mont = mont;
#   63|->         bn_limit_num_mont = 1 << mont;
#   64|       }
#   65|   }

Error: CPPCHECK_WARNING (CWE-786): [#def27]
openssl-3.5.4/crypto/bn/bn_nist.c:599: error[negativeIndex]: Array 'buf.bn[4]' accessed at index -3, which is out of bounds.
#  597|           BN_ULONG t_d[BN_NIST_224_TOP];
#  598|   
#  599|->         nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0);
#  600|           carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
#  601|           nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0);

Error: CPPCHECK_WARNING (CWE-786): [#def28]
openssl-3.5.4/crypto/bn/bn_nist.c:601: error[negativeIndex]: Array 'buf.bn[4]' accessed at index -3, which is out of bounds.
#  599|           nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0);
#  600|           carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
#  601|->         nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0);
#  602|           carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
#  603|           nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7);

Error: CPPCHECK_WARNING (CWE-786): [#def29]
openssl-3.5.4/crypto/bn/bn_nist.c:605: error[negativeIndex]: Array 'buf.bn[4]' accessed at index -3, which is out of bounds.
#  603|           nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7);
#  604|           carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
#  605|->         nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11);
#  606|           carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
#  607|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def30]
openssl-3.5.4/crypto/cast/c_skey.c:122:33: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'k[<unknown>]'
openssl-3.5.4/crypto/cast/c_skey.c:41:17: branch_true: following 'true' branch (when 'i != 16')...
openssl-3.5.4/crypto/cast/c_skey.c:42:9: branch_true: ...to here
openssl-3.5.4/crypto/cast/c_skey.c:45:17: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cast/c_skey.c:47:8: branch_false: ...to here
openssl-3.5.4/crypto/cast/c_skey.c:47:8: branch_true: following 'true' branch...
openssl-3.5.4/crypto/cast/c_skey.c:47:8: branch_true: ...to here
openssl-3.5.4/crypto/cast/c_skey.c:115:12: branch_true: following 'true' branch...
openssl-3.5.4/crypto/cast/c_skey.c:115:12: branch_true: ...to here
openssl-3.5.4/crypto/cast/c_skey.c:120:17: branch_true: following 'true' branch (when 'i != 16')...
openssl-3.5.4/crypto/cast/c_skey.c:121:19: branch_true: ...to here
openssl-3.5.4/crypto/cast/c_skey.c:122:33: danger: use of uninitialized value 'k[<unknown>]' here
#  120|       for (i = 0; i < 16; i++) {
#  121|           key->data[i * 2] = k[i];
#  122|->         key->data[i * 2 + 1] = ((k[i + 16]) + 16) & 0x1f;
#  123|       }
#  124|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def31]
openssl-3.5.4/crypto/cmp/cmp_ctx.c:384:13: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/cmp/cmp_ctx.c:350:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cmp/cmp_ctx.c:353:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cmp/cmp_ctx.c:356:8: branch_false: ...to here
openssl-3.5.4/crypto/cmp/cmp_ctx.c:356:8: branch_false: following 'false' branch (when 'format' is non-NULL)...
openssl-3.5.4/crypto/cmp/cmp_ctx.c:359:5: branch_false: ...to here
openssl-3.5.4/crypto/cmp/cmp_ctx.c:359:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/cmp/cmp_ctx.c:384:13: throw: if 'BIO_vsnprintf' throws an exception...
openssl-3.5.4/crypto/cmp/cmp_ctx.c:384:13: danger: missing call to 'va_end' to match 'va_start' at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  382|   #else /* compensate for disabled trace API */
#  383|       {
#  384|->         if (BIO_vsnprintf(hugebuf, sizeof(hugebuf), format, args) > 0)
#  385|               res = ctx->log_cb(func, file, line, level, hugebuf);
#  386|       }

Error: GCC_ANALYZER_WARNING (CWE-688): [#def32]
openssl-3.5.4/crypto/cms/cms_enc.c:173:13: warning[-Wanalyzer-null-argument]: use of NULL 'piv' where non-null expected
openssl-3.5.4/crypto/cms/cms_enc.c:47:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_enc.c:52:5: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_enc.c:65:8: branch_true: following 'true' branch (when 'cipher' is non-NULL)...
openssl-3.5.4/crypto/cms/cms_enc.c:66:24: branch_true: ...to here
openssl-3.5.4/crypto/cms/cms_enc.c:78:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_enc.c:83:8: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_enc.c:85:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_enc.c:91:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_enc.c:96:12: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_enc.c:96:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_enc.c:116:11: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_enc.c:117:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_enc.c:119:5: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_enc.c:130:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_enc.c:141:9: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_enc.c:162:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_enc.c:166:8: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_enc.c:166:8: branch_true: following 'true' branch...
openssl-3.5.4/crypto/cms/cms_enc.c:167:27: branch_true: ...to here
openssl-3.5.4/crypto/cms/cms_enc.c:168:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_enc.c:172:14: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_enc.c:172:12: branch_true: following 'true' branch...
openssl-3.5.4/crypto/cms/cms_enc.c:173:13: branch_true: ...to here
openssl-3.5.4/crypto/cms/cms_enc.c:173:13: danger: argument 2 ('piv') NULL where non-null expected
#  171|           }
#  172|           if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
#  173|->             memcpy(aparams.iv, piv, ivlen);
#  174|               aparams.iv_len = ivlen;
#  175|               aparams.tag_len = EVP_CIPHER_CTX_get_tag_length(ctx);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def33]
openssl-3.5.4/crypto/cms/cms_env.c:555:9: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.4/crypto/cms/cms_env.c:515:12: enter_function: entry to 'cms_RecipientInfo_ktri_encrypt'
openssl-3.5.4/crypto/cms/cms_env.c:527:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_env.c:531:5: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_env.c:532:10: call_function: calling 'ossl_cms_get0_env_enc_content' from 'cms_RecipientInfo_ktri_encrypt'
openssl-3.5.4/crypto/cms/cms_env.c:532:10: return_function: returning to 'cms_RecipientInfo_ktri_encrypt' from 'ossl_cms_get0_env_enc_content'
openssl-3.5.4/crypto/cms/cms_env.c:536:8: branch_false: following 'false' branch (when 'pctx' is NULL)...
openssl-3.5.4/crypto/cms/cms_env.c:540:16: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_env.c:543:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_env.c:546:13: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_env.c:546:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_env.c:549:13: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_env.c:555:9: danger: dereference of NULL 'ossl_cms_get0_env_enc_content(cms)'
#  553|       }
#  554|   
#  555|->     if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
#  556|           goto err;
#  557|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def34]
openssl-3.5.4/crypto/cms/cms_env.c:604:21: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.4/crypto/cms/cms_env.c:579:12: enter_function: entry to 'cms_RecipientInfo_ktri_decrypt'
openssl-3.5.4/crypto/cms/cms_env.c:595:10: call_function: calling 'ossl_cms_get0_env_enc_content' from 'cms_RecipientInfo_ktri_decrypt'
openssl-3.5.4/crypto/cms/cms_env.c:595:10: return_function: returning to 'cms_RecipientInfo_ktri_decrypt' from 'ossl_cms_get0_env_enc_content'
openssl-3.5.4/crypto/cms/cms_env.c:597:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_env.c:602:9: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_env.c:602:8: branch_true: following 'true' branch...
openssl-3.5.4/crypto/cms/cms_env.c:603:17: branch_true: ...to here
openssl-3.5.4/crypto/cms/cms_env.c:602:9: branch_true: following 'true' branch...
openssl-3.5.4/crypto/cms/cms_env.c:604:21: branch_true: ...to here
openssl-3.5.4/crypto/cms/cms_env.c:604:21: danger: dereference of NULL 'ossl_cms_get0_env_enc_content(cms)'
#  602|       if (cms->d.envelopedData->encryptedContentInfo->havenocert
#  603|               && !cms->d.envelopedData->encryptedContentInfo->debug) {
#  604|->         X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
#  605|           char name[OSSL_MAX_NAME_SIZE];
#  606|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def35]
openssl-3.5.4/crypto/cms/cms_ess.c:221:24: warning[-Wanalyzer-null-dereference]: dereference of NULL 'si'
openssl-3.5.4/crypto/cms/cms_ess.c:254:5: enter_function: entry to 'ossl_cms_Receipt_verify'
openssl-3.5.4/crypto/cms/cms_ess.c:269:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_ess.c:272:9: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_ess.c:272:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_ess.c:278:9: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_ess.c:278:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_ess.c:284:13: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_ess.c:285:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_ess.c:292:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_ess.c:292:8: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_ess.c:299:17: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_ess.c:305:14: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_ess.c:305:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_ess.c:310:10: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_ess.c:319:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/cms/cms_ess.c:324:10: branch_false: ...to here
openssl-3.5.4/crypto/cms/cms_ess.c:324:10: call_function: calling 'cms_msgSigDigest' from 'ossl_cms_Receipt_verify'
#  219|                               unsigned char *dig, unsigned int *diglen)
#  220|   {
#  221|->     const EVP_MD *md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
#  222|   
#  223|       if (md == NULL)

Error: COMPILER_WARNING (CWE-704): [#def36]
openssl-3.5.4/crypto/conf/conf_mod.c: scope_hint: In function 'module_find'
openssl-3.5.4/crypto/conf/conf_mod.c:403:7: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#  403 |     p = strrchr(name, '.');
#      |       ^
#  401|       STACK_OF(CONF_MODULE) *mods;
#  402|   
#  403|->     p = strrchr(name, '.');
#  404|   
#  405|       if (p)

Error: COMPILER_WARNING (CWE-704): [#def37]
openssl-3.5.4/crypto/conf/conf_mod.c:403:7: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#  401|       STACK_OF(CONF_MODULE) *mods;
#  402|   
#  403|->     p = strrchr(name, '.');
#  404|   
#  405|       if (p)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def38]
openssl-3.5.4/crypto/conf/conf_sap.c:40:5: warning[-Wanalyzer-malloc-leak]: leak of 'settings.appname'
openssl-3.5.4/crypto/conf/conf_sap.c:37:8: branch_true: following 'true' branch (when 'appname' is non-NULL)...
openssl-3.5.4/crypto/conf/conf_sap.c:38:28: branch_true: ...to here
openssl-3.5.4/crypto/conf/conf_sap.c:38:28: acquire_memory: allocated here
openssl-3.5.4/crypto/conf/conf_sap.c:40:5: throw: if 'OPENSSL_init_crypto' throws an exception...
openssl-3.5.4/crypto/conf/conf_sap.c:40:5: danger: 'settings.appname' leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   38|           settings.appname = strdup(appname);
#   39|       settings.flags = DEFAULT_CONF_MFLAGS;
#   40|->     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings);
#   41|   
#   42|       free(settings.appname);

Error: COMPILER_WARNING: [#def39]
openssl-3.5.4/crypto/context.c:10:9: warning: '_GNU_SOURCE' redefined
#   10 | #define _GNU_SOURCE /* needed for secure_getenv */
#      |         ^~~~~~~~~~~
<command-line>: note: this is the location of the previous definition
#    8|    */
#    9|   
#   10|-> #define _GNU_SOURCE /* needed for secure_getenv */
#   11|   #include "crypto/cryptlib.h"
#   12|   #include <openssl/conf.h>

Error: COMPILER_WARNING: [#def40]
openssl-3.5.4/crypto/context.c:10:9: warning[warning]: '_GNU_SOURCE' redefined
#    8|    */
#    9|   
#   10|-> #define _GNU_SOURCE /* needed for secure_getenv */
#   11|   #include "crypto/cryptlib.h"
#   12|   #include <openssl/conf.h>

Error: COMPILER_WARNING (CWE-1164): [#def41]
openssl-3.5.4/crypto/context.c:33:13: warning[-Wunused-function]: 'read_kernel_fips_flag' defined but not used
#   33 | static void read_kernel_fips_flag(void)
#      |             ^~~~~~~~~~~~~~~~~~~~~
#   31|   static int kernel_fips_flag;
#   32|   
#   33|-> static void read_kernel_fips_flag(void)
#   34|   {
#   35|       char buf[2] = "0";

Error: GCC_ANALYZER_WARNING (CWE-476): [#def42]
openssl-3.5.4/crypto/dsa/dsa_sign.c:108:39: warning[-Wanalyzer-null-dereference]: dereference of NULL 'buf'
openssl-3.5.4/crypto/dsa/dsa_sign.c:87:15: branch_false: following 'false' branch...
openssl-3.5.4/crypto/dsa/dsa_sign.c:94:14: branch_false: ...to here
openssl-3.5.4/crypto/dsa/dsa_sign.c:94:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/dsa/dsa_sign.c:98:48: branch_false: ...to here
openssl-3.5.4/crypto/dsa/dsa_sign.c:98:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/dsa/dsa_sign.c:99:17: branch_false: ...to here
openssl-3.5.4/crypto/dsa/dsa_sign.c:98:9: branch_false: following 'false' branch...
openssl-3.5.4/crypto/dsa/dsa_sign.c:100:17: branch_false: ...to here
openssl-3.5.4/crypto/dsa/dsa_sign.c:98:9: branch_false: following 'false' branch...
openssl-3.5.4/crypto/dsa/dsa_sign.c:106:8: branch_false: ...to here
openssl-3.5.4/crypto/dsa/dsa_sign.c:106:8: branch_true: following 'true' branch (when 'ppout' is non-NULL)...
openssl-3.5.4/crypto/dsa/dsa_sign.c:107:13: branch_true: ...to here
openssl-3.5.4/crypto/dsa/dsa_sign.c:107:12: branch_true: following 'true' branch...
openssl-3.5.4/crypto/dsa/dsa_sign.c:108:39: branch_true: ...to here
openssl-3.5.4/crypto/dsa/dsa_sign.c:108:39: danger: dereference of NULL 'buf'
#  106|       if (ppout != NULL) {
#  107|           if (*ppout == NULL) {
#  108|->             *ppout = (unsigned char *)buf->data;
#  109|               buf->data = NULL;
#  110|               BUF_MEM_free(buf);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def43]
openssl-3.5.4/crypto/ec/ec_asn1.c:1280:39: warning[-Wanalyzer-null-dereference]: dereference of NULL 'buf'
openssl-3.5.4/crypto/ec/ec_asn1.c:1259:15: branch_false: following 'false' branch...
openssl-3.5.4/crypto/ec/ec_asn1.c:1266:14: branch_false: ...to here
openssl-3.5.4/crypto/ec/ec_asn1.c:1266:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/ec/ec_asn1.c:1270:48: branch_false: ...to here
openssl-3.5.4/crypto/ec/ec_asn1.c:1270:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/ec/ec_asn1.c:1271:17: branch_false: ...to here
openssl-3.5.4/crypto/ec/ec_asn1.c:1270:9: branch_false: following 'false' branch...
openssl-3.5.4/crypto/ec/ec_asn1.c:1272:17: branch_false: ...to here
openssl-3.5.4/crypto/ec/ec_asn1.c:1270:9: branch_false: following 'false' branch...
openssl-3.5.4/crypto/ec/ec_asn1.c:1278:8: branch_false: ...to here
openssl-3.5.4/crypto/ec/ec_asn1.c:1278:8: branch_true: following 'true' branch (when 'ppout' is non-NULL)...
openssl-3.5.4/crypto/ec/ec_asn1.c:1279:13: branch_true: ...to here
openssl-3.5.4/crypto/ec/ec_asn1.c:1279:12: branch_true: following 'true' branch...
openssl-3.5.4/crypto/ec/ec_asn1.c:1280:39: branch_true: ...to here
openssl-3.5.4/crypto/ec/ec_asn1.c:1280:39: danger: dereference of NULL 'buf'
# 1278|       if (ppout != NULL) {
# 1279|           if (*ppout == NULL) {
# 1280|->             *ppout = (unsigned char *)buf->data;
# 1281|               buf->data = NULL;
# 1282|               BUF_MEM_free(buf);

Error: CPPCHECK_WARNING (CWE-823): [#def44]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:179: error[arrayIndexOutOfBounds]: Array 'dst[4]' accessed at index 4, which is out of bounds.
#  177|       dst[3] = (src[3] & mask1) ^ (dst[3] & mask2);
#  178|       if (P256_LIMBS == 8) {
#  179|->         dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
#  180|           dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|           dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);

Error: CPPCHECK_WARNING (CWE-823): [#def45]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:179: error[arrayIndexOutOfBounds]: Array 'src[4]' accessed at index 4, which is out of bounds.
#  177|       dst[3] = (src[3] & mask1) ^ (dst[3] & mask2);
#  178|       if (P256_LIMBS == 8) {
#  179|->         dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
#  180|           dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|           dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);

Error: CPPCHECK_WARNING (CWE-823): [#def46]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:180: error[arrayIndexOutOfBounds]: Array 'dst[4]' accessed at index 5, which is out of bounds.
#  178|       if (P256_LIMBS == 8) {
#  179|           dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
#  180|->         dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|           dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
#  182|           dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);

Error: CPPCHECK_WARNING (CWE-823): [#def47]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:180: error[arrayIndexOutOfBounds]: Array 'src[4]' accessed at index 5, which is out of bounds.
#  178|       if (P256_LIMBS == 8) {
#  179|           dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
#  180|->         dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|           dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
#  182|           dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);

Error: CPPCHECK_WARNING (CWE-823): [#def48]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:181: error[arrayIndexOutOfBounds]: Array 'dst[4]' accessed at index 6, which is out of bounds.
#  179|           dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
#  180|           dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|->         dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
#  182|           dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);
#  183|       }

Error: CPPCHECK_WARNING (CWE-823): [#def49]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:181: error[arrayIndexOutOfBounds]: Array 'src[4]' accessed at index 6, which is out of bounds.
#  179|           dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
#  180|           dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|->         dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
#  182|           dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);
#  183|       }

Error: CPPCHECK_WARNING (CWE-823): [#def50]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:182: error[arrayIndexOutOfBounds]: Array 'dst[4]' accessed at index 7, which is out of bounds.
#  180|           dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|           dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
#  182|->         dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);
#  183|       }
#  184|   }

Error: CPPCHECK_WARNING (CWE-823): [#def51]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:182: error[arrayIndexOutOfBounds]: Array 'src[4]' accessed at index 7, which is out of bounds.
#  180|           dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
#  181|           dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
#  182|->         dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);
#  183|       }
#  184|   }

Error: CPPCHECK_WARNING (CWE-823): [#def52]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:204: error[arrayIndexOutOfBounds]: Array 'a[4]' accessed at index 4, which is out of bounds.
#  202|       res |= a[3] ^ b[3];
#  203|       if (P256_LIMBS == 8) {
#  204|->         res |= a[4] ^ b[4];
#  205|           res |= a[5] ^ b[5];
#  206|           res |= a[6] ^ b[6];

Error: CPPCHECK_WARNING (CWE-823): [#def53]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:204: error[arrayIndexOutOfBounds]: Array 'b[4]' accessed at index 4, which is out of bounds.
#  202|       res |= a[3] ^ b[3];
#  203|       if (P256_LIMBS == 8) {
#  204|->         res |= a[4] ^ b[4];
#  205|           res |= a[5] ^ b[5];
#  206|           res |= a[6] ^ b[6];

Error: CPPCHECK_WARNING (CWE-823): [#def54]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:205: error[arrayIndexOutOfBounds]: Array 'a[4]' accessed at index 5, which is out of bounds.
#  203|       if (P256_LIMBS == 8) {
#  204|           res |= a[4] ^ b[4];
#  205|->         res |= a[5] ^ b[5];
#  206|           res |= a[6] ^ b[6];
#  207|           res |= a[7] ^ b[7];

Error: CPPCHECK_WARNING (CWE-823): [#def55]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:205: error[arrayIndexOutOfBounds]: Array 'b[4]' accessed at index 5, which is out of bounds.
#  203|       if (P256_LIMBS == 8) {
#  204|           res |= a[4] ^ b[4];
#  205|->         res |= a[5] ^ b[5];
#  206|           res |= a[6] ^ b[6];
#  207|           res |= a[7] ^ b[7];

Error: CPPCHECK_WARNING (CWE-823): [#def56]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:206: error[arrayIndexOutOfBounds]: Array 'a[4]' accessed at index 6, which is out of bounds.
#  204|           res |= a[4] ^ b[4];
#  205|           res |= a[5] ^ b[5];
#  206|->         res |= a[6] ^ b[6];
#  207|           res |= a[7] ^ b[7];
#  208|       }

Error: CPPCHECK_WARNING (CWE-823): [#def57]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:206: error[arrayIndexOutOfBounds]: Array 'b[4]' accessed at index 6, which is out of bounds.
#  204|           res |= a[4] ^ b[4];
#  205|           res |= a[5] ^ b[5];
#  206|->         res |= a[6] ^ b[6];
#  207|           res |= a[7] ^ b[7];
#  208|       }

Error: CPPCHECK_WARNING (CWE-823): [#def58]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:207: error[arrayIndexOutOfBounds]: Array 'a[4]' accessed at index 7, which is out of bounds.
#  205|           res |= a[5] ^ b[5];
#  206|           res |= a[6] ^ b[6];
#  207|->         res |= a[7] ^ b[7];
#  208|       }
#  209|   

Error: CPPCHECK_WARNING (CWE-823): [#def59]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:207: error[arrayIndexOutOfBounds]: Array 'b[4]' accessed at index 7, which is out of bounds.
#  205|           res |= a[5] ^ b[5];
#  206|           res |= a[6] ^ b[6];
#  207|->         res |= a[7] ^ b[7];
#  208|       }
#  209|   

Error: CPPCHECK_WARNING (CWE-823): [#def60]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:224: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 4, which is out of bounds.
#  222|           res |= a[3] ^ ONE[3];
#  223|           if (P256_LIMBS == 8) {
#  224|->             res |= a[4] ^ ONE[4];
#  225|               res |= a[5] ^ ONE[5];
#  226|               res |= a[6] ^ ONE[6];

Error: CPPCHECK_WARNING (CWE-823): [#def61]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:225: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 5, which is out of bounds.
#  223|           if (P256_LIMBS == 8) {
#  224|               res |= a[4] ^ ONE[4];
#  225|->             res |= a[5] ^ ONE[5];
#  226|               res |= a[6] ^ ONE[6];
#  227|               /*

Error: CPPCHECK_WARNING (CWE-823): [#def62]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:226: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 6, which is out of bounds.
#  224|               res |= a[4] ^ ONE[4];
#  225|               res |= a[5] ^ ONE[5];
#  226|->             res |= a[6] ^ ONE[6];
#  227|               /*
#  228|                * no check for a[7] (being zero) on 32-bit platforms,

Error: CPPCHECK_WARNING (CWE-823): [#def63]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1067: error[arrayIndexOutOfBounds]: Array 'p.p.X[4]' accessed at index 4, which is out of bounds.
# 1065|                        p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
# 1066|               if (P256_LIMBS == 8)
# 1067|->                 infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|                             p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   

Error: CPPCHECK_WARNING (CWE-823): [#def64]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1067: error[arrayIndexOutOfBounds]: Array 'p.p.X[4]' accessed at index 5, which is out of bounds.
# 1065|                        p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
# 1066|               if (P256_LIMBS == 8)
# 1067|->                 infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|                             p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   

Error: CPPCHECK_WARNING (CWE-823): [#def65]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1067: error[arrayIndexOutOfBounds]: Array 'p.p.X[4]' accessed at index 6, which is out of bounds.
# 1065|                        p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
# 1066|               if (P256_LIMBS == 8)
# 1067|->                 infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|                             p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   

Error: CPPCHECK_WARNING (CWE-823): [#def66]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1067: error[arrayIndexOutOfBounds]: Array 'p.p.X[4]' accessed at index 7, which is out of bounds.
# 1065|                        p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
# 1066|               if (P256_LIMBS == 8)
# 1067|->                 infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|                             p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   

Error: CPPCHECK_WARNING (CWE-823): [#def67]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1068: error[arrayIndexOutOfBounds]: Array 'p.p.Y[4]' accessed at index 4, which is out of bounds.
# 1066|               if (P256_LIMBS == 8)
# 1067|                   infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|->                           p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   
# 1070|               infty = 0 - is_zero(infty);

Error: CPPCHECK_WARNING (CWE-823): [#def68]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1068: error[arrayIndexOutOfBounds]: Array 'p.p.Y[4]' accessed at index 5, which is out of bounds.
# 1066|               if (P256_LIMBS == 8)
# 1067|                   infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|->                           p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   
# 1070|               infty = 0 - is_zero(infty);

Error: CPPCHECK_WARNING (CWE-823): [#def69]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1068: error[arrayIndexOutOfBounds]: Array 'p.p.Y[4]' accessed at index 6, which is out of bounds.
# 1066|               if (P256_LIMBS == 8)
# 1067|                   infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|->                           p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   
# 1070|               infty = 0 - is_zero(infty);

Error: CPPCHECK_WARNING (CWE-823): [#def70]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1068: error[arrayIndexOutOfBounds]: Array 'p.p.Y[4]' accessed at index 7, which is out of bounds.
# 1066|               if (P256_LIMBS == 8)
# 1067|                   infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
# 1068|->                           p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
# 1069|   
# 1070|               infty = 0 - is_zero(infty);

Error: CPPCHECK_WARNING (CWE-823): [#def71]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1078: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 4, which is out of bounds.
# 1076|               p.p.Z[3] = ONE[3] & infty;
# 1077|               if (P256_LIMBS == 8) {
# 1078|->                 p.p.Z[4] = ONE[4] & infty;
# 1079|                   p.p.Z[5] = ONE[5] & infty;
# 1080|                   p.p.Z[6] = ONE[6] & infty;

Error: CPPCHECK_WARNING (CWE-823): [#def72]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1078: error[arrayIndexOutOfBounds]: Array 'p.p.Z[4]' accessed at index 4, which is out of bounds.
# 1076|               p.p.Z[3] = ONE[3] & infty;
# 1077|               if (P256_LIMBS == 8) {
# 1078|->                 p.p.Z[4] = ONE[4] & infty;
# 1079|                   p.p.Z[5] = ONE[5] & infty;
# 1080|                   p.p.Z[6] = ONE[6] & infty;

Error: CPPCHECK_WARNING (CWE-823): [#def73]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1079: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 5, which is out of bounds.
# 1077|               if (P256_LIMBS == 8) {
# 1078|                   p.p.Z[4] = ONE[4] & infty;
# 1079|->                 p.p.Z[5] = ONE[5] & infty;
# 1080|                   p.p.Z[6] = ONE[6] & infty;
# 1081|                   p.p.Z[7] = ONE[7] & infty;

Error: CPPCHECK_WARNING (CWE-823): [#def74]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1079: error[arrayIndexOutOfBounds]: Array 'p.p.Z[4]' accessed at index 5, which is out of bounds.
# 1077|               if (P256_LIMBS == 8) {
# 1078|                   p.p.Z[4] = ONE[4] & infty;
# 1079|->                 p.p.Z[5] = ONE[5] & infty;
# 1080|                   p.p.Z[6] = ONE[6] & infty;
# 1081|                   p.p.Z[7] = ONE[7] & infty;

Error: CPPCHECK_WARNING (CWE-823): [#def75]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1080: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 6, which is out of bounds.
# 1078|                   p.p.Z[4] = ONE[4] & infty;
# 1079|                   p.p.Z[5] = ONE[5] & infty;
# 1080|->                 p.p.Z[6] = ONE[6] & infty;
# 1081|                   p.p.Z[7] = ONE[7] & infty;
# 1082|               }

Error: CPPCHECK_WARNING (CWE-823): [#def76]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1080: error[arrayIndexOutOfBounds]: Array 'p.p.Z[4]' accessed at index 6, which is out of bounds.
# 1078|                   p.p.Z[4] = ONE[4] & infty;
# 1079|                   p.p.Z[5] = ONE[5] & infty;
# 1080|->                 p.p.Z[6] = ONE[6] & infty;
# 1081|                   p.p.Z[7] = ONE[7] & infty;
# 1082|               }

Error: CPPCHECK_WARNING (CWE-823): [#def77]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1081: error[arrayIndexOutOfBounds]: Array 'ONE[4]' accessed at index 7, which is out of bounds.
# 1079|                   p.p.Z[5] = ONE[5] & infty;
# 1080|                   p.p.Z[6] = ONE[6] & infty;
# 1081|->                 p.p.Z[7] = ONE[7] & infty;
# 1082|               }
# 1083|   

Error: CPPCHECK_WARNING (CWE-823): [#def78]
openssl-3.5.4/crypto/ec/ecp_nistz256.c:1081: error[arrayIndexOutOfBounds]: Array 'p.p.Z[4]' accessed at index 7, which is out of bounds.
# 1079|                   p.p.Z[5] = ONE[5] & infty;
# 1080|                   p.p.Z[6] = ONE[6] & infty;
# 1081|->                 p.p.Z[7] = ONE[7] & infty;
# 1082|               }
# 1083|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def79]
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:1101:14: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:791:12: enter_function: entry to 'decoder_process'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:824:8: branch_false: following 'false' branch (when 'params' is non-NULL)...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:843:44: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:844:19: call_function: calling 'OSSL_DECODER_INSTANCE_get_decoder' from 'decoder_process'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:844:19: return_function: returning to 'decoder_process' from 'OSSL_DECODER_INSTANCE_get_decoder'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:881:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:884:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:889:13: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:890:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:894:13: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:895:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:899:13: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:928:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:947:9: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:947:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:950:16: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:950:8: branch_false: following 'false' branch (when 'loc >= 0')...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:955:17: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:955:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:960:10: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:960:48: branch_true: following 'true' branch (when 'i != 0')...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:962:13: branch_true: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:964:13: call_function: calling 'OSSL_DECODER_INSTANCE_get_decoder' from 'decoder_process'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:964:13: return_function: returning to 'decoder_process' from 'OSSL_DECODER_INSTANCE_get_decoder'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:967:13: call_function: calling 'OSSL_DECODER_INSTANCE_get_decoder_ctx' from 'decoder_process'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:967:13: return_function: returning to 'decoder_process' from 'OSSL_DECODER_INSTANCE_get_decoder_ctx'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:969:13: call_function: calling 'OSSL_DECODER_INSTANCE_get_input_type' from 'decoder_process'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:969:13: return_function: returning to 'decoder_process' from 'OSSL_DECODER_INSTANCE_get_input_type'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:972:13: call_function: calling 'OSSL_DECODER_INSTANCE_get_input_structure' from 'decoder_process'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:972:13: return_function: returning to 'decoder_process' from 'OSSL_DECODER_INSTANCE_get_input_structure'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:991:13: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:1023:13: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:1023:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:1037:13: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:1037:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:1055:13: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:1081:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:1096:9: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:1101:14: danger: dereference of NULL 'OSSL_DECODER_INSTANCE_get_decoder(OPENSSL_sk_value(*ctx.decoder_insts, (int)i))'
# 1099|           new_data.flag_input_structure_checked
# 1100|               = data->flag_input_structure_checked;
# 1101|->         ok = new_decoder->decode(new_decoderctx, cbio,
# 1102|                                    new_data.ctx->selection,
# 1103|                                    decoder_process, &new_data,

Error: GCC_ANALYZER_WARNING (CWE-476): [#def80]
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:1101:14: warning[-Wanalyzer-null-dereference]: dereference of NULL 'decoder'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:791:12: enter_function: entry to 'decoder_process'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:824:8: branch_false: following 'false' branch (when 'params' is non-NULL)...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:843:44: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:844:19: call_function: calling 'OSSL_DECODER_INSTANCE_get_decoder' from 'decoder_process'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:844:19: return_function: returning to 'decoder_process' from 'OSSL_DECODER_INSTANCE_get_decoder'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:881:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:884:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:889:13: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:890:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:894:13: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:895:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:899:13: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:928:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:947:9: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:947:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:950:16: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:950:8: branch_false: following 'false' branch (when 'loc >= 0')...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:955:17: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:955:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:960:10: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:960:48: branch_true: following 'true' branch (when 'i != 0')...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:962:13: branch_true: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:964:13: call_function: calling 'OSSL_DECODER_INSTANCE_get_decoder' from 'decoder_process'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:964:13: return_function: returning to 'decoder_process' from 'OSSL_DECODER_INSTANCE_get_decoder'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:967:13: call_function: calling 'OSSL_DECODER_INSTANCE_get_decoder_ctx' from 'decoder_process'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:967:13: return_function: returning to 'decoder_process' from 'OSSL_DECODER_INSTANCE_get_decoder_ctx'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:969:13: call_function: calling 'OSSL_DECODER_INSTANCE_get_input_type' from 'decoder_process'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:969:13: return_function: returning to 'decoder_process' from 'OSSL_DECODER_INSTANCE_get_input_type'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:972:13: call_function: calling 'OSSL_DECODER_INSTANCE_get_input_structure' from 'decoder_process'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:972:13: return_function: returning to 'decoder_process' from 'OSSL_DECODER_INSTANCE_get_input_structure'
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:991:12: branch_true: following 'true' branch (when 'decoder' is NULL)...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:991:32: branch_true: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:1023:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:1037:13: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:1037:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:1055:13: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:1081:12: branch_false: following 'false' branch...
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:1096:9: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/decoder_lib.c:1101:14: danger: dereference of NULL 'OSSL_DECODER_INSTANCE_get_decoder(OPENSSL_sk_value(*ctx.decoder_insts, (int)i))'
# 1099|           new_data.flag_input_structure_checked
# 1100|               = data->flag_input_structure_checked;
# 1101|->         ok = new_decoder->decode(new_decoderctx, cbio,
# 1102|                                    new_data.ctx->selection,
# 1103|                                    decoder_process, &new_data,

Error: GCC_ANALYZER_WARNING (CWE-476): [#def81]
openssl-3.5.4/crypto/encode_decode/encoder_lib.c:660:22: warning[-Wanalyzer-null-dereference]: dereference of NULL 'current_encoder'
openssl-3.5.4/crypto/encode_decode/encoder_lib.c:119:5: enter_function: entry to 'OSSL_ENCODER_to_data'
openssl-3.5.4/crypto/encode_decode/encoder_lib.c:126:8: branch_false: following 'false' branch (when 'pdata_len' is non-NULL)...
openssl-3.5.4/crypto/encode_decode/encoder_lib.c:131:11: branch_false: ...to here
openssl-3.5.4/crypto/encode_decode/encoder_lib.c:133:8: branch_true: following 'true' branch...
openssl-3.5.4/crypto/encode_decode/encoder_lib.c:134:12: branch_true: ...to here
openssl-3.5.4/crypto/encode_decode/encoder_lib.c:134:12: call_function: calling 'OSSL_ENCODER_to_bio' from 'OSSL_ENCODER_to_data'
#  658|                   ok = (cbio = ossl_core_bio_new_from_bio(current_out)) != NULL;
#  659|               if (ok) {
#  660|->                 ok = current_encoder->encode(current_encoder_ctx, cbio,
#  661|                                                original_data, current_abstract,
#  662|                                                data->ctx->selection,

Error: GCC_ANALYZER_WARNING (CWE-404): [#def82]
openssl-3.5.4/crypto/err/err.c:677:10: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/err/err.c:812:6: enter_function: entry to 'ERR_add_error_data'
openssl-3.5.4/crypto/err/err.c:815:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/err/err.c:816:5: call_function: calling 'ERR_add_error_vdata' from 'ERR_add_error_data'
#  675|       int saveerrno = get_last_sys_error();
#  676|   
#  677|->     if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL))
#  678|           return NULL;
#  679|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def83]
openssl-3.5.4/crypto/err/err.c:680:10: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/err/err.c:812:6: enter_function: entry to 'ERR_add_error_data'
openssl-3.5.4/crypto/err/err.c:815:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/err/err.c:816:5: call_function: calling 'ERR_add_error_vdata' from 'ERR_add_error_data'
#  678|           return NULL;
#  679|   
#  680|->     if (!RUN_ONCE(&err_init, err_do_init))
#  681|           return NULL;
#  682|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def84]
openssl-3.5.4/crypto/err/err.c:683:13: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/err/err.c:812:6: enter_function: entry to 'ERR_add_error_data'
openssl-3.5.4/crypto/err/err.c:815:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/err/err.c:816:5: call_function: calling 'ERR_add_error_vdata' from 'ERR_add_error_data'
#  681|           return NULL;
#  682|   
#  683|->     state = CRYPTO_THREAD_get_local(&err_thread_local);
#  684|       if (state == (ERR_STATE*)-1)
#  685|           return NULL;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def85]
openssl-3.5.4/crypto/err/err.c:688:14: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/err/err.c:812:6: enter_function: entry to 'ERR_add_error_data'
openssl-3.5.4/crypto/err/err.c:815:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/err/err.c:816:5: call_function: calling 'ERR_add_error_vdata' from 'ERR_add_error_data'
#  686|   
#  687|       if (state == NULL) {
#  688|->         if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1))
#  689|               return NULL;
#  690|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def86]
openssl-3.5.4/crypto/err/err.c:691:17: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/err/err.c:812:6: enter_function: entry to 'ERR_add_error_data'
openssl-3.5.4/crypto/err/err.c:815:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/err/err.c:816:5: call_function: calling 'ERR_add_error_vdata' from 'ERR_add_error_data'
#  689|               return NULL;
#  690|   
#  691|->         state = OSSL_ERR_STATE_new();
#  692|           if (state == NULL) {
#  693|               CRYPTO_THREAD_set_local(&err_thread_local, NULL);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def87]
openssl-3.5.4/crypto/err/err.c:693:13: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/err/err.c:812:6: enter_function: entry to 'ERR_add_error_data'
openssl-3.5.4/crypto/err/err.c:815:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/err/err.c:816:5: call_function: calling 'ERR_add_error_vdata' from 'ERR_add_error_data'
#  691|           state = OSSL_ERR_STATE_new();
#  692|           if (state == NULL) {
#  693|->             CRYPTO_THREAD_set_local(&err_thread_local, NULL);
#  694|               return NULL;
#  695|           }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def88]
openssl-3.5.4/crypto/err/err.c:697:14: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/err/err.c:812:6: enter_function: entry to 'ERR_add_error_data'
openssl-3.5.4/crypto/err/err.c:815:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/err/err.c:816:5: call_function: calling 'ERR_add_error_vdata' from 'ERR_add_error_data'
#  695|           }
#  696|   
#  697|->         if (!ossl_init_thread_start(NULL, NULL, err_delete_thread_state)
#  698|                   || !CRYPTO_THREAD_set_local(&err_thread_local, state)) {
#  699|               OSSL_ERR_STATE_free(state);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def89]
openssl-3.5.4/crypto/err/err.c:698:21: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/err/err.c:812:6: enter_function: entry to 'ERR_add_error_data'
openssl-3.5.4/crypto/err/err.c:815:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/err/err.c:816:5: call_function: calling 'ERR_add_error_vdata' from 'ERR_add_error_data'
#  696|   
#  697|           if (!ossl_init_thread_start(NULL, NULL, err_delete_thread_state)
#  698|->                 || !CRYPTO_THREAD_set_local(&err_thread_local, state)) {
#  699|               OSSL_ERR_STATE_free(state);
#  700|               CRYPTO_THREAD_set_local(&err_thread_local, NULL);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def90]
openssl-3.5.4/crypto/err/err_blocks.c:57:10: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/err/err_blocks.c:40:6: enter_function: entry to 'ERR_set_error'
openssl-3.5.4/crypto/err/err_blocks.c:44:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/err/err_blocks.c:45:5: call_function: calling 'ERR_vset_error' from 'ERR_set_error'
#   55|       size_t i;
#   56|   
#   57|->     es = ossl_err_get_state_int();
#   58|       if (es == NULL)
#   59|           return;

Error: GCC_ANALYZER_WARNING (CWE-835): [#def91]
openssl-3.5.4/crypto/evp/bio_ok.c:361:16: warning[-Wanalyzer-infinite-loop]: infinite loop
openssl-3.5.4/crypto/evp/bio_ok.c:361:16: danger: infinite loop here
openssl-3.5.4/crypto/evp/bio_ok.c:361:16: branch_true: if it ever follows 'true' branch, it will always do so...
openssl-3.5.4/crypto/evp/bio_ok.c:361:16: branch_true: ...to here
#  359|                   return 0;
#  360|   
#  361|->         while (ctx->blockout) {
#  362|               i = ok_write(b, NULL, 0);
#  363|               if (i < 0) {

Error: CPPCHECK_WARNING (CWE-562): [#def92]
openssl-3.5.4/crypto/evp/ctrl_params_translate.c:1166: error[autoVariables]: Address of local auto-variable assigned to a function parameter.
# 1164|            */
# 1165|           p2 = ctx->name_buf;
# 1166|->         ctx->p2 = &p2;
# 1167|           ctx->sz = sizeof(ctx->name_buf);
# 1168|       }

Error: CPPCHECK_WARNING (CWE-457): [#def93]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:184: error[legacyUninitvar]: Uninitialized variable: blocks[0].c
#  182|   
#  183|       /* ask for IVs in bulk */
#  184|->     if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
#  185|           return 0;
#  186|   

Error: GCC_ANALYZER_WARNING (CWE-121): [#def94]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:208:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:778:12: enter_function: entry to 'aesni_cbc_hmac_sha1_ctrl'
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:904:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_ctrl'
#  206|   
#  207|       for (i = 1; i < x4; i++) {
#  208|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  209|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  210|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def95]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:208:25: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:778:12: enter_function: entry to 'aesni_cbc_hmac_sha1_ctrl'
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:904:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_ctrl'
#  206|   
#  207|       for (i = 1; i < x4; i++) {
#  208|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  209|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  210|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def96]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:209:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:778:12: enter_function: entry to 'aesni_cbc_hmac_sha1_ctrl'
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:904:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_ctrl'
#  207|       for (i = 1; i < x4; i++) {
#  208|           ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  209|->         ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  210|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  211|           memcpy(ciph_d[i].iv, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def97]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:211:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:778:12: enter_function: entry to 'aesni_cbc_hmac_sha1_ctrl'
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:904:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_ctrl'
#  209|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  210|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  211|->         memcpy(ciph_d[i].iv, IVs, 16);
#  212|           IVs += 16;
#  213|       }

Error: CPPCHECK_WARNING (CWE-758): [#def98]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:715: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  713|                       c = p[j];
#  714|                       cmask =
#  715|->                         ((int)(j - off - SHA_DIGEST_LENGTH)) >> (sizeof(int) *
#  716|                                                                    8 - 1);
#  717|                       res |= (c ^ pad) & ~cmask; /* ... and padding */

Error: CPPCHECK_WARNING (CWE-758): [#def99]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha1.c:718: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  716|                                                                    8 - 1);
#  717|                       res |= (c ^ pad) & ~cmask; /* ... and padding */
#  718|->                     cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1);
#  719|                       res |= (c ^ pmac->c[i]) & cmask;
#  720|                       i += 1 & cmask;

Error: CPPCHECK_WARNING (CWE-457): [#def100]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:178: error[legacyUninitvar]: Uninitialized variable: blocks[0].c
#  176|   
#  177|       /* ask for IVs in bulk */
#  178|->     if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
#  179|           return 0;
#  180|   

Error: GCC_ANALYZER_WARNING (CWE-121): [#def101]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:203:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:748:12: enter_function: entry to 'aesni_cbc_hmac_sha256_ctrl'
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:881:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_ctrl'
#  201|   
#  202|       for (i = 1; i < x4; i++) {
#  203|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  204|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  205|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def102]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:203:25: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:748:12: enter_function: entry to 'aesni_cbc_hmac_sha256_ctrl'
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:881:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_ctrl'
#  201|   
#  202|       for (i = 1; i < x4; i++) {
#  203|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  204|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  205|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def103]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:204:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:748:12: enter_function: entry to 'aesni_cbc_hmac_sha256_ctrl'
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:881:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_ctrl'
#  202|       for (i = 1; i < x4; i++) {
#  203|           ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  204|->         ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  205|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  206|           memcpy(ciph_d[i].iv, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def104]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:206:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:748:12: enter_function: entry to 'aesni_cbc_hmac_sha256_ctrl'
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:881:25: call_function: calling 'tls1_1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_ctrl'
#  204|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  205|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  206|->         memcpy(ciph_d[i].iv, IVs, 16);
#  207|           IVs += 16;
#  208|       }

Error: CPPCHECK_WARNING (CWE-758): [#def105]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:713: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  711|                       c = p[j];
#  712|                       cmask =
#  713|->                         ((int)(j - off - SHA256_DIGEST_LENGTH)) >>
#  714|                           (sizeof(int) * 8 - 1);
#  715|                       res |= (c ^ pad) & ~cmask; /* ... and padding */

Error: CPPCHECK_WARNING (CWE-758): [#def106]
openssl-3.5.4/crypto/evp/e_aes_cbc_hmac_sha256.c:716: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  714|                           (sizeof(int) * 8 - 1);
#  715|                       res |= (c ^ pad) & ~cmask; /* ... and padding */
#  716|->                     cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1);
#  717|                       res |= (c ^ pmac->c[i]) & cmask;
#  718|                       i += 1 & cmask;

Error: CPPCHECK_WARNING (CWE-190): [#def107]
openssl-3.5.4/crypto/evp/evp_enc.c:31: error[integerOverflow]: Signed integer underflow for expression '(~((int)1<<(sizeof(int)*8-1)))-b'.
#   29|   #include "evp_local.h"
#   30|   
#   31|-> OSSL_SAFE_MATH_SIGNED(int, int)
#   32|   
#   33|   int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)

Error: CPPCHECK_WARNING (CWE-758): [#def108]
openssl-3.5.4/crypto/evp/evp_enc.c:31: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   29|   #include "evp_local.h"
#   30|   
#   31|-> OSSL_SAFE_MATH_SIGNED(int, int)
#   32|   
#   33|   int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)

Error: GCC_ANALYZER_WARNING (CWE-404): [#def109]
openssl-3.5.4/crypto/evp/evp_lib.c:1211:25: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/evp/evp_lib.c:1222:11: enter_function: entry to 'EVP_PKEY_Q_keygen'
openssl-3.5.4/crypto/evp/evp_lib.c:1231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/evp/evp_lib.c:1242:11: call_function: calling 'evp_pkey_keygen' from 'EVP_PKEY_Q_keygen'
# 1209|   {
# 1210|       EVP_PKEY *pkey = NULL;
# 1211|->     EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(libctx, name, propq);
# 1212|   
# 1213|       if (ctx != NULL

Error: GCC_ANALYZER_WARNING (CWE-404): [#def110]
openssl-3.5.4/crypto/evp/evp_lib.c:1214:16: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/evp/evp_lib.c:1222:11: enter_function: entry to 'EVP_PKEY_Q_keygen'
openssl-3.5.4/crypto/evp/evp_lib.c:1231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/evp/evp_lib.c:1242:11: call_function: calling 'evp_pkey_keygen' from 'EVP_PKEY_Q_keygen'
# 1212|   
# 1213|       if (ctx != NULL
# 1214|->             && EVP_PKEY_keygen_init(ctx) > 0
# 1215|               && EVP_PKEY_CTX_set_params(ctx, params))
# 1216|           (void)EVP_PKEY_generate(ctx, &pkey);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def111]
openssl-3.5.4/crypto/evp/evp_lib.c:1215:16: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/evp/evp_lib.c:1222:11: enter_function: entry to 'EVP_PKEY_Q_keygen'
openssl-3.5.4/crypto/evp/evp_lib.c:1231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/evp/evp_lib.c:1242:11: call_function: calling 'evp_pkey_keygen' from 'EVP_PKEY_Q_keygen'
# 1213|       if (ctx != NULL
# 1214|               && EVP_PKEY_keygen_init(ctx) > 0
# 1215|->             && EVP_PKEY_CTX_set_params(ctx, params))
# 1216|           (void)EVP_PKEY_generate(ctx, &pkey);
# 1217|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def112]
openssl-3.5.4/crypto/evp/evp_lib.c:1216:15: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/evp/evp_lib.c:1222:11: enter_function: entry to 'EVP_PKEY_Q_keygen'
openssl-3.5.4/crypto/evp/evp_lib.c:1231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/evp/evp_lib.c:1242:11: call_function: calling 'evp_pkey_keygen' from 'EVP_PKEY_Q_keygen'
# 1214|               && EVP_PKEY_keygen_init(ctx) > 0
# 1215|               && EVP_PKEY_CTX_set_params(ctx, params))
# 1216|->         (void)EVP_PKEY_generate(ctx, &pkey);
# 1217|   
# 1218|       EVP_PKEY_CTX_free(ctx);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def113]
openssl-3.5.4/crypto/evp/evp_lib.c:1218:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/evp/evp_lib.c:1222:11: enter_function: entry to 'EVP_PKEY_Q_keygen'
openssl-3.5.4/crypto/evp/evp_lib.c:1231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/evp/evp_lib.c:1242:11: call_function: calling 'evp_pkey_keygen' from 'EVP_PKEY_Q_keygen'
# 1216|           (void)EVP_PKEY_generate(ctx, &pkey);
# 1217|   
# 1218|->     EVP_PKEY_CTX_free(ctx);
# 1219|       return pkey;
# 1220|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def114]
openssl-3.5.4/crypto/evp/evp_lib.c:1233:9: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/evp/evp_lib.c:1231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/evp/evp_lib.c:1233:9: throw: if 'OPENSSL_strcasecmp' throws an exception...
openssl-3.5.4/crypto/evp/evp_lib.c:1233:9: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
# 1231|       va_start(args, type);
# 1232|   
# 1233|->     if (OPENSSL_strcasecmp(type, "RSA") == 0) {
# 1234|           bits = va_arg(args, size_t);
# 1235|           params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def115]
openssl-3.5.4/crypto/evp/evp_lib.c:1235:21: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/evp/evp_lib.c:1231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/evp/evp_lib.c:1233:8: branch_true: following 'true' branch...
openssl-3.5.4/crypto/evp/evp_lib.c:1234:16: branch_true: ...to here
openssl-3.5.4/crypto/evp/evp_lib.c:1235:21: throw: if 'OSSL_PARAM_construct_size_t' throws an exception...
openssl-3.5.4/crypto/evp/evp_lib.c:1235:21: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
# 1233|       if (OPENSSL_strcasecmp(type, "RSA") == 0) {
# 1234|           bits = va_arg(args, size_t);
# 1235|->         params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits);
# 1236|       } else if (OPENSSL_strcasecmp(type, "EC") == 0) {
# 1237|           name = va_arg(args, char *);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def116]
openssl-3.5.4/crypto/evp/evp_lib.c:1236:16: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/evp/evp_lib.c:1231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/evp/evp_lib.c:1233:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/evp/evp_lib.c:1236:16: branch_false: ...to here
openssl-3.5.4/crypto/evp/evp_lib.c:1236:16: throw: if 'OPENSSL_strcasecmp' throws an exception...
openssl-3.5.4/crypto/evp/evp_lib.c:1236:16: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
# 1234|           bits = va_arg(args, size_t);
# 1235|           params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits);
# 1236|->     } else if (OPENSSL_strcasecmp(type, "EC") == 0) {
# 1237|           name = va_arg(args, char *);
# 1238|           params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,

Error: GCC_ANALYZER_WARNING (CWE-404): [#def117]
openssl-3.5.4/crypto/evp/evp_lib.c:1238:21: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/evp/evp_lib.c:1231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/evp/evp_lib.c:1233:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/evp/evp_lib.c:1236:16: branch_false: ...to here
openssl-3.5.4/crypto/evp/evp_lib.c:1236:15: branch_true: following 'true' branch...
openssl-3.5.4/crypto/evp/evp_lib.c:1237:9: branch_true: ...to here
openssl-3.5.4/crypto/evp/evp_lib.c:1238:21: throw: if 'OSSL_PARAM_construct_utf8_string' throws an exception...
openssl-3.5.4/crypto/evp/evp_lib.c:1238:21: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
# 1236|       } else if (OPENSSL_strcasecmp(type, "EC") == 0) {
# 1237|           name = va_arg(args, char *);
# 1238|->         params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
# 1239|                                                        name, 0);
# 1240|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def118]
openssl-3.5.4/crypto/mem.c:191:9: warning[-Wanalyzer-malloc-leak]: leak of 'CRYPTO_malloc(num,  file,  line)'
openssl-3.5.4/crypto/mem.c:318:7: enter_function: entry to 'CRYPTO_clear_realloc'
openssl-3.5.4/crypto/mem.c:323:8: branch_false: following 'false' branch (when 'str' is non-NULL)...
openssl-3.5.4/crypto/mem.c:326:8: branch_false: ...to here
openssl-3.5.4/crypto/mem.c:326:8: branch_false: following 'false' branch (when 'num != 0')...
openssl-3.5.4/crypto/mem.c:332:8: branch_false: ...to here
openssl-3.5.4/crypto/mem.c:332:8: branch_false: following 'false' branch (when 'num >= old_len')...
openssl-3.5.4/crypto/mem.c:337:11: branch_false: ...to here
openssl-3.5.4/crypto/mem.c:337:11: call_function: calling 'CRYPTO_malloc' from 'CRYPTO_clear_realloc'
openssl-3.5.4/crypto/mem.c:337:11: return_function: returning to 'CRYPTO_clear_realloc' from 'CRYPTO_malloc'
openssl-3.5.4/crypto/mem.c:338:8: branch_true: following 'true' branch...
openssl-3.5.4/crypto/mem.c:339:9: branch_true: ...to here
openssl-3.5.4/crypto/mem.c:340:9: call_function: calling 'CRYPTO_clear_free' from 'CRYPTO_clear_realloc'
#  189|   
#  190|       INCREMENT(malloc_count);
#  191|->     if (malloc_impl != CRYPTO_malloc) {
#  192|           ptr = malloc_impl(num, file, line);
#  193|           if (ptr != NULL || num == 0)

Error: CPPCHECK_WARNING (CWE-758): [#def119]
openssl-3.5.4/crypto/ml_dsa/ml_dsa_key_compress.c:72: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   70|       } else {
#   71|           r1 = (r1 * 11275 + (1 << 23)) >> 24;
#   72|->         r1 ^= ((43 - r1) >> 31) & r1;
#   73|           return r1;
#   74|       }

Error: CPPCHECK_WARNING (CWE-758): [#def120]
openssl-3.5.4/crypto/ml_dsa/ml_dsa_key_compress.c:92: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   90|   
#   91|       *r0 = r - *r1 * 2 * (int32_t)gamma2;
#   92|->     *r0 -= (((int32_t)ML_DSA_Q_MINUS1_DIV2 - *r0) >> 31) & (int32_t)ML_DSA_Q;
#   93|   }
#   94|   

Error: CPPCHECK_WARNING (CWE-758): [#def121]
openssl-3.5.4/crypto/modes/xts128.c:74: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   72|               unsigned int carry, res;
#   73|   
#   74|->             res = 0x87 & (((int)tweak.d[3]) >> 31);
#   75|               carry = (unsigned int)(tweak.u[0] >> 63);
#   76|               tweak.u[0] = (tweak.u[0] << 1) ^ res;

Error: CPPCHECK_WARNING (CWE-758): [#def122]
openssl-3.5.4/crypto/modes/xts128.c:113: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  111|               unsigned int carry, res;
#  112|   
#  113|->             res = 0x87 & (((int)tweak.d[3]) >> 31);
#  114|               carry = (unsigned int)(tweak.u[0] >> 63);
#  115|               tweak1.u[0] = (tweak.u[0] << 1) ^ res;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def123]
openssl-3.5.4/crypto/param_build.c:340:13: warning[-Wanalyzer-null-dereference]: dereference of NULL 'p'
openssl-3.5.4/crypto/param_build.c:361:13: enter_function: entry to 'OSSL_PARAM_BLD_to_param'
openssl-3.5.4/crypto/param_build.c:370:8: branch_false: following 'false' branch (when 'ss == 0')...
openssl-3.5.4/crypto/param_build.c:377:14: branch_false: ...to here
openssl-3.5.4/crypto/param_build.c:378:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/param_build.c:382:18: branch_false: ...to here
openssl-3.5.4/crypto/param_build.c:383:12: call_function: calling 'param_bld_convert' from 'OSSL_PARAM_BLD_to_param'
#  338|                      || pd->type == OSSL_PARAM_UTF8_PTR) {
#  339|               /* PTR */
#  340|->             *(const void **)p = pd->string;
#  341|           } else if (pd->type == OSSL_PARAM_OCTET_STRING
#  342|                      || pd->type == OSSL_PARAM_UTF8_STRING) {

Error: GCC_ANALYZER_WARNING (CWE-688): [#def124]
openssl-3.5.4/crypto/param_build.c:352:17: warning[-Wanalyzer-null-argument]: use of NULL 'p' where non-null expected
openssl-3.5.4/crypto/param_build.c:361:13: enter_function: entry to 'OSSL_PARAM_BLD_to_param'
openssl-3.5.4/crypto/param_build.c:370:8: branch_false: following 'false' branch (when 'ss == 0')...
openssl-3.5.4/crypto/param_build.c:377:14: branch_false: ...to here
openssl-3.5.4/crypto/param_build.c:378:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/param_build.c:382:18: branch_false: ...to here
openssl-3.5.4/crypto/param_build.c:383:12: call_function: calling 'param_bld_convert' from 'OSSL_PARAM_BLD_to_param'
#  350|               /* Number, but could also be a NULL BIGNUM */
#  351|               if (pd->size > sizeof(pd->num))
#  352|->                 memset(p, 0, pd->size);
#  353|               else if (pd->size > 0)
#  354|                   memcpy(p, &pd->num, pd->size);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def125]
openssl-3.5.4/crypto/param_build.c:354:17: warning[-Wanalyzer-null-argument]: use of NULL 'p' where non-null expected
openssl-3.5.4/crypto/param_build.c:361:13: enter_function: entry to 'OSSL_PARAM_BLD_to_param'
openssl-3.5.4/crypto/param_build.c:370:8: branch_false: following 'false' branch (when 'ss == 0')...
openssl-3.5.4/crypto/param_build.c:377:14: branch_false: ...to here
openssl-3.5.4/crypto/param_build.c:378:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/param_build.c:382:18: branch_false: ...to here
openssl-3.5.4/crypto/param_build.c:383:12: call_function: calling 'param_bld_convert' from 'OSSL_PARAM_BLD_to_param'
#  352|                   memset(p, 0, pd->size);
#  353|               else if (pd->size > 0)
#  354|->                 memcpy(p, &pd->num, pd->size);
#  355|           }
#  356|       }

Error: CPPCHECK_WARNING (CWE-190): [#def126]
openssl-3.5.4/crypto/params.c:1273: error[floatConversionOverflow]: Undefined behaviour: float (4.29497e+09) to integer conversion overflow.
# 1271|               if (val >= 0 && val < d_pow_32) {
# 1272|                   p->return_size = sizeof(uint32_t);
# 1273|->                 *(uint32_t *)p->data = (uint32_t)val;
# 1274|                   return 1;
# 1275|               }

Error: CPPCHECK_WARNING (CWE-190): [#def127]
openssl-3.5.4/crypto/params.c:1281: error[floatConversionOverflow]: Undefined behaviour: float (1.84467e+19) to integer conversion overflow.
# 1279|               if (val >= 0 && val < d_pow_64) {
# 1280|                   p->return_size = sizeof(uint64_t);
# 1281|->                 *(uint64_t *)p->data = (uint64_t)val;
# 1282|                   return 1;
# 1283|               }

Error: COMPILER_WARNING (CWE-704): [#def128]
openssl-3.5.4/crypto/punycode.c: scope_hint: In function 'ossl_a2ulabel'
openssl-3.5.4/crypto/punycode.c:270:24: warning[-Wdiscarded-qualifiers]: initialization discards 'const' qualifier from pointer target type
#  270 |         char *tmpptr = strchr(inptr, '.');
#      |                        ^~~~~~
#  268|   
#  269|       while (1) {
#  270|->         char *tmpptr = strchr(inptr, '.');
#  271|           size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr);
#  272|   

Error: COMPILER_WARNING (CWE-704): [#def129]
openssl-3.5.4/crypto/punycode.c:270:24: warning[-Wdiscarded-qualifiers]: initialization discards 'const' qualifier from pointer target type
#  268|   
#  269|       while (1) {
#  270|->         char *tmpptr = strchr(inptr, '.');
#  271|           size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr);
#  272|   

Error: CPPCHECK_WARNING (CWE-457): [#def130]
openssl-3.5.4/crypto/slh_dsa/slh_dsa.c:85: error[uninitvar]: Uninitialized variable: m_digest
#   83|       if (!WPACKET_init_static_len(wpkt, sig, sig_len_expected, 0))
#   84|           return 0;
#   85|->     if (!PACKET_buf_init(rpkt, m_digest, params->m))
#   86|           return 0;
#   87|   

Error: CPPCHECK_WARNING (CWE-457): [#def131]
openssl-3.5.4/crypto/slh_dsa/slh_dsa.c:283: warning[uninitvar]: Uninitialized variable: m
#  281|               return 0;
#  282|       }
#  283|->     ret = slh_sign_internal(slh_ctx, m, m_len, sig, siglen, sigsize, add_rand);
#  284|       if (m != msg && m != m_tmp)
#  285|           OPENSSL_free(m);

Error: CPPCHECK_WARNING (CWE-758): [#def132]
openssl-3.5.4/crypto/stack/stack.c:18: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   16|   #include <openssl/e_os2.h>      /* For ossl_inline */
#   17|   
#   18|-> OSSL_SAFE_MATH_SIGNED(int, int)
#   19|   
#   20|   /*

Error: GCC_ANALYZER_WARNING (CWE-404): [#def133]
openssl-3.5.4/crypto/store/store_lib.c:271:33: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/store/store_lib.c:248:5: enter_function: entry to 'OSSL_STORE_ctrl'
openssl-3.5.4/crypto/store/store_lib.c:253:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/store/store_lib.c:254:11: call_function: calling 'OSSL_STORE_vctrl' from 'OSSL_STORE_ctrl'
#  269|                       int on = *(va_arg(args, int *));
#  270|   
#  271|->                     params[0] = OSSL_PARAM_construct_int("use_secmem", &on);
#  272|                   }
#  273|                   break;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def134]
openssl-3.5.4/crypto/store/store_lib.c:278:20: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/store/store_lib.c:248:5: enter_function: entry to 'OSSL_STORE_ctrl'
openssl-3.5.4/crypto/store/store_lib.c:253:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/store/store_lib.c:254:11: call_function: calling 'OSSL_STORE_vctrl' from 'OSSL_STORE_ctrl'
#  276|               }
#  277|   
#  278|->             return ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx,
#  279|                                                            params);
#  280|           }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def135]
openssl-3.5.4/crypto/store/store_lib.c:282:16: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/crypto/store/store_lib.c:248:5: enter_function: entry to 'OSSL_STORE_ctrl'
openssl-3.5.4/crypto/store/store_lib.c:253:5: acquire_resource: 'va_start' called here
openssl-3.5.4/crypto/store/store_lib.c:254:11: call_function: calling 'OSSL_STORE_vctrl' from 'OSSL_STORE_ctrl'
#  280|           }
#  281|       } else if (ctx->loader->ctrl != NULL) {
#  282|->         return ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
#  283|       }
#  284|   

Error: COMPILER_WARNING: [#def136]
openssl-3.5.4/crypto/thread/arch/thread_posix.c:13:10: warning: '_GNU_SOURCE' redefined
#   13 | # define _GNU_SOURCE
#      |          ^~~~~~~~~~~
<command-line>: note: this is the location of the previous definition
#   11|   
#   12|   #if defined(OPENSSL_THREADS_POSIX)
#   13|-> # define _GNU_SOURCE
#   14|   # include <errno.h>
#   15|   # include <sys/types.h>

Error: COMPILER_WARNING: [#def137]
openssl-3.5.4/crypto/thread/arch/thread_posix.c:13:10: warning[warning]: '_GNU_SOURCE' redefined
#   11|   
#   12|   #if defined(OPENSSL_THREADS_POSIX)
#   13|-> # define _GNU_SOURCE
#   14|   # include <errno.h>
#   15|   # include <sys/types.h>

Error: COMPILER_WARNING (CWE-704): [#def138]
openssl-3.5.4/crypto/x509/v3_cpols.c: scope_hint: In function 'displaytext_get_tag_len'
openssl-3.5.4/crypto/x509/v3_cpols.c:260:19: warning[-Wdiscarded-qualifiers]: initialization discards 'const' qualifier from pointer target type
#  260 |     char *colon = strchr(tagstr, ':');
#      |                   ^~~~~~
#  258|   static int displaytext_get_tag_len(const char *tagstr)
#  259|   {
#  260|->     char *colon = strchr(tagstr, ':');
#  261|   
#  262|       return (colon == NULL) ? -1 : colon - tagstr;

Error: COMPILER_WARNING (CWE-704): [#def139]
openssl-3.5.4/crypto/x509/v3_cpols.c:260:19: warning[-Wdiscarded-qualifiers]: initialization discards 'const' qualifier from pointer target type
#  258|   static int displaytext_get_tag_len(const char *tagstr)
#  259|   {
#  260|->     char *colon = strchr(tagstr, ':');
#  261|   
#  262|       return (colon == NULL) ? -1 : colon - tagstr;

Error: CPPCHECK_WARNING (CWE-758): [#def140]
openssl-3.5.4/crypto/x509/v3_ncons.c:25: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#   23|   #include "ext_dat.h"
#   24|   
#   25|-> OSSL_SAFE_MATH_SIGNED(int, int)
#   26|   
#   27|   static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,

Error: GCC_ANALYZER_WARNING (CWE-476): [#def141]
openssl-3.5.4/crypto/x509/v3_purp.c:102:12: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.4/crypto/x509/v3_purp.c:88:5: enter_function: entry to 'X509_check_purpose'
openssl-3.5.4/crypto/x509/v3_purp.c:99:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/x509/v3_purp.c:101:10: branch_false: ...to here
openssl-3.5.4/crypto/x509/v3_purp.c:101:10: call_function: calling 'X509_PURPOSE_get0' from 'X509_check_purpose'
openssl-3.5.4/crypto/x509/v3_purp.c:101:10: return_function: returning to 'X509_check_purpose' from 'X509_PURPOSE_get0'
openssl-3.5.4/crypto/x509/v3_purp.c:102:12: danger: dereference of NULL 'X509_PURPOSE_get0(X509_PURPOSE_get_by_id(id))'
#  100|           return -1;
#  101|       pt = X509_PURPOSE_get0(idx);
#  102|->     return pt->check_purpose(pt, x, non_leaf);
#  103|   }
#  104|   

Error: COMPILER_WARNING (CWE-704): [#def142]
openssl-3.5.4/crypto/x509/v3_san.c: scope_hint: In function 'do_othername'
openssl-3.5.4/crypto/x509/v3_san.c:644:12: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#  644 |     if ((p = strchr(value, ';')) == NULL)
#      |            ^
#  642|       int objlen;
#  643|   
#  644|->     if ((p = strchr(value, ';')) == NULL)
#  645|           return 0;
#  646|       if ((gen->d.otherName = OTHERNAME_new()) == NULL)

Error: COMPILER_WARNING (CWE-704): [#def143]
openssl-3.5.4/crypto/x509/v3_san.c:644:12: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
#  642|       int objlen;
#  643|   
#  644|->     if ((p = strchr(value, ';')) == NULL)
#  645|           return 0;
#  646|       if ((gen->d.otherName = OTHERNAME_new()) == NULL)

Error: COMPILER_WARNING (CWE-704): [#def144]
openssl-3.5.4/crypto/x509/v3_utl.c: scope_hint: In function 'a2i_IPADDRESS_NC'
openssl-3.5.4/crypto/x509/v3_utl.c:1131:7: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
# 1131 |     p = strchr(ipasc, '/');
#      |       ^
# 1129|       int iplen1, iplen2;
# 1130|   
# 1131|->     p = strchr(ipasc, '/');
# 1132|       if (p == NULL)
# 1133|           return NULL;

Error: COMPILER_WARNING (CWE-704): [#def145]
openssl-3.5.4/crypto/x509/v3_utl.c:1131:7: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
# 1129|       int iplen1, iplen2;
# 1130|   
# 1131|->     p = strchr(ipasc, '/');
# 1132|       if (p == NULL)
# 1133|           return NULL;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def146]
openssl-3.5.4/crypto/x509/x509_vfy.c:3007:13: warning[-Wanalyzer-null-argument]: use of NULL 'cmpbuf' where non-null expected
openssl-3.5.4/crypto/x509/x509_vfy.c:3199:12: enter_function: entry to 'dane_verify'
openssl-3.5.4/crypto/x509/x509_vfy.c:3220:15: call_function: calling 'dane_match_cert' from 'dane_verify'
# 3005|            */
# 3006|           if (cmplen == t->dlen &&
# 3007|->             memcmp(cmpbuf, t->data, cmplen) == 0) {
# 3008|               if (DANETLS_USAGE_BIT(usage) & DANETLS_DANE_MASK)
# 3009|                   matched = 1;

Error: GCC_ANALYZER_WARNING (CWE-1335): [#def147]
openssl-3.5.4/crypto/x509/x509_vfy.c:3008:17: warning[-Wanalyzer-shift-count-overflow]: shift by count ('256') >= precision of type ('32')
openssl-3.5.4/crypto/x509/x509_vfy.c:3199:12: enter_function: entry to 'dane_verify'
openssl-3.5.4/crypto/x509/x509_vfy.c:3220:15: call_function: calling 'dane_match_cert' from 'dane_verify'
# 3006|           if (cmplen == t->dlen &&
# 3007|               memcmp(cmpbuf, t->data, cmplen) == 0) {
# 3008|->             if (DANETLS_USAGE_BIT(usage) & DANETLS_DANE_MASK)
# 3009|                   matched = 1;
# 3010|               if (matched || dane->mdpth < 0) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def148]
openssl-3.5.4/crypto/x509/x509name.c:41:16: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.4/crypto/x509/x509name.c:30:5: enter_function: entry to 'X509_NAME_get_text_by_OBJ'
openssl-3.5.4/crypto/x509/x509name.c:37:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/x509/x509name.c:39:37: branch_false: ...to here
openssl-3.5.4/crypto/x509/x509name.c:39:12: call_function: calling 'X509_NAME_ENTRY_get_data' from 'X509_NAME_get_text_by_OBJ'
openssl-3.5.4/crypto/x509/x509name.c:39:12: return_function: returning to 'X509_NAME_get_text_by_OBJ' from 'X509_NAME_ENTRY_get_data'
openssl-3.5.4/crypto/x509/x509name.c:40:8: branch_true: following 'true' branch (when 'buf' is NULL)...
openssl-3.5.4/crypto/x509/x509name.c:41:16: branch_true: ...to here
openssl-3.5.4/crypto/x509/x509name.c:41:16: danger: dereference of NULL 'X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,  X509_NAME_get_index_by_OBJ(name,  obj, -1)))'
#   39|       data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
#   40|       if (buf == NULL)
#   41|->         return data->length;
#   42|       if (len <= 0)
#   43|           return 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def149]
openssl-3.5.4/crypto/x509/x509name.c:44:10: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.4/crypto/x509/x509name.c:30:5: enter_function: entry to 'X509_NAME_get_text_by_OBJ'
openssl-3.5.4/crypto/x509/x509name.c:37:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/x509/x509name.c:39:37: branch_false: ...to here
openssl-3.5.4/crypto/x509/x509name.c:39:12: call_function: calling 'X509_NAME_ENTRY_get_data' from 'X509_NAME_get_text_by_OBJ'
openssl-3.5.4/crypto/x509/x509name.c:39:12: return_function: returning to 'X509_NAME_get_text_by_OBJ' from 'X509_NAME_ENTRY_get_data'
openssl-3.5.4/crypto/x509/x509name.c:40:8: branch_false: following 'false' branch (when 'buf' is non-NULL)...
openssl-3.5.4/crypto/x509/x509name.c:42:8: branch_false: ...to here
openssl-3.5.4/crypto/x509/x509name.c:42:8: branch_false: following 'false' branch (when 'len > 0')...
openssl-3.5.4/crypto/x509/x509name.c:44:10: branch_false: ...to here
openssl-3.5.4/crypto/x509/x509name.c:44:10: danger: dereference of NULL 'X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,  X509_NAME_get_index_by_OBJ(name,  obj, -1)))'
#   42|       if (len <= 0)
#   43|           return 0;
#   44|->     i = (data->length > (len - 1)) ? (len - 1) : data->length;
#   45|       memcpy(buf, data->data, i);
#   46|       buf[i] = '\0';

Error: GCC_ANALYZER_WARNING (CWE-775): [#def150]
openssl-3.5.4/engines/e_afalg.c:886:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'sock'
openssl-3.5.4/engines/e_afalg.c:847:12: enter_function: entry to 'afalg_chk_platform'
openssl-3.5.4/engines/e_afalg.c:857:8: branch_false: following 'false' branch (when 'ret == 0')...
openssl-3.5.4/engines/e_afalg.c:863:11: branch_false: ...to here
openssl-3.5.4/engines/e_afalg.c:864:17: branch_true: following 'true' branch...
openssl-3.5.4/engines/e_afalg.c:865:19: call_function: inlined call to 'atoi' from 'afalg_chk_platform'
openssl-3.5.4/engines/e_afalg.c:864:17: branch_false: following 'false' branch...
openssl-3.5.4/engines/e_afalg.c:869:9: branch_false: ...to here
openssl-3.5.4/engines/e_afalg.c:869:8: branch_false: following 'false' branch...
openssl-3.5.4/engines/e_afalg.c:881:12: branch_false: ...to here
openssl-3.5.4/engines/e_afalg.c:881:12: acquire_resource: socket created here
openssl-3.5.4/engines/e_afalg.c:882:8: branch_false: following 'false' branch (when 'sock != -1')...
openssl-3.5.4/engines/e_afalg.c:886:5: branch_false: ...to here
openssl-3.5.4/engines/e_afalg.c:886:5: throw: if 'close' throws an exception...
openssl-3.5.4/engines/e_afalg.c:886:5: danger: 'sock' leaks here
#  884|           return 0;
#  885|       }
#  886|->     close(sock);
#  887|   
#  888|       return 1;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def151]
openssl-3.5.4/include/internal/ktls.h:416:13: warning[-Wanalyzer-null-dereference]: dereference of NULL 'cmsg'
openssl-3.5.4/crypto/bio/bss_conn.c:366:12: enter_function: entry to 'conn_read'
openssl-3.5.4/crypto/bio/bss_conn.c:372:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/bio/bss_conn.c:378:9: branch_false: ...to here
openssl-3.5.4/crypto/bio/bss_conn.c:378:8: branch_false: following 'false' branch...
openssl-3.5.4/crypto/bio/bss_conn.c:385:8: branch_false: ...to here
openssl-3.5.4/crypto/bio/bss_conn.c:385:8: branch_true: following 'true' branch (when 'out' is non-NULL)...
openssl-3.5.4/crypto/bio/bss_conn.c:386:9: branch_true: ...to here
openssl-3.5.4/crypto/bio/bss_conn.c:388:12: branch_true: following 'true' branch...
openssl-3.5.4/crypto/bio/bss_conn.c:389:19: branch_true: ...to here
openssl-3.5.4/crypto/bio/bss_conn.c:389:19: call_function: calling 'ktls_read_record' from 'conn_read'
#  414|       if (msg.msg_controllen > 0) {
#  415|           cmsg = CMSG_FIRSTHDR(&msg);
#  416|->         if (cmsg->cmsg_type == TLS_GET_RECORD_TYPE) {
#  417|               p[0] = *((unsigned char *)CMSG_DATA(cmsg));
#  418|               p[1] = TLS1_2_VERSION_MAJOR;

Error: CPPCHECK_WARNING (CWE-457): [#def152]
openssl-3.5.4/include/openssl/asn1.h:234: warning[uninitvar]: Uninitialized variables: ptr.minsize, ptr.maxsize, ptr.mask, ptr.flags
#  232|   };
#  233|   
#  234|-> SKM_DEFINE_STACK_OF_INTERNAL(ASN1_STRING_TABLE, ASN1_STRING_TABLE, ASN1_STRING_TABLE)
#  235|   #define sk_ASN1_STRING_TABLE_num(sk) OPENSSL_sk_num(ossl_check_const_ASN1_STRING_TABLE_sk_type(sk))
#  236|   #define sk_ASN1_STRING_TABLE_value(sk, idx) ((ASN1_STRING_TABLE *)OPENSSL_sk_value(ossl_check_const_ASN1_STRING_TABLE_sk_type(sk), (idx)))

Error: CPPCHECK_WARNING (CWE-457): [#def153]
openssl-3.5.4/include/openssl/comp.h:66: warning[uninitvar]: Uninitialized variables: ptr.name, ptr.method
#   64|   typedef struct ssl_comp_st SSL_COMP;
#   65|   
#   66|-> SKM_DEFINE_STACK_OF_INTERNAL(SSL_COMP, SSL_COMP, SSL_COMP)
#   67|   #define sk_SSL_COMP_num(sk) OPENSSL_sk_num(ossl_check_const_SSL_COMP_sk_type(sk))
#   68|   #define sk_SSL_COMP_value(sk, idx) ((SSL_COMP *)OPENSSL_sk_value(ossl_check_const_SSL_COMP_sk_type(sk), (idx)))

Error: CPPCHECK_WARNING (CWE-457): [#def154]
openssl-3.5.4/include/openssl/conf.h:70: warning[uninitvar]: Uninitialized variable: ptr.value
#   68|   #define sk_CONF_VALUE_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(CONF_VALUE) *)OPENSSL_sk_deep_copy(ossl_check_const_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_copyfunc_type(copyfunc), ossl_check_CONF_VALUE_freefunc_type(freefunc)))
#   69|   #define sk_CONF_VALUE_set_cmp_func(sk, cmp) ((sk_CONF_VALUE_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_CONF_VALUE_sk_type(sk), ossl_check_CONF_VALUE_compfunc_type(cmp)))
#   70|-> DEFINE_LHASH_OF_INTERNAL(CONF_VALUE);
#   71|   #define lh_CONF_VALUE_new(hfn, cmp) ((LHASH_OF(CONF_VALUE) *)OPENSSL_LH_set_thunks(OPENSSL_LH_new(ossl_check_CONF_VALUE_lh_hashfunc_type(hfn), ossl_check_CONF_VALUE_lh_compfunc_type(cmp)), lh_CONF_VALUE_hash_thunk, lh_CONF_VALUE_comp_thunk, lh_CONF_VALUE_doall_thunk, lh_CONF_VALUE_doall_arg_thunk))
#   72|   #define lh_CONF_VALUE_free(lh) OPENSSL_LH_free(ossl_check_CONF_VALUE_lh_type(lh))

Error: CPPCHECK_WARNING (CWE-457): [#def155]
openssl-3.5.4/include/openssl/err.h:374: warning[uninitvar]: Uninitialized variable: ptr.string
#  372|   } ERR_STRING_DATA;
#  373|   
#  374|-> DEFINE_LHASH_OF_INTERNAL(ERR_STRING_DATA);
#  375|   #define lh_ERR_STRING_DATA_new(hfn, cmp) ((LHASH_OF(ERR_STRING_DATA) *)OPENSSL_LH_set_thunks(OPENSSL_LH_new(ossl_check_ERR_STRING_DATA_lh_hashfunc_type(hfn), ossl_check_ERR_STRING_DATA_lh_compfunc_type(cmp)), lh_ERR_STRING_DATA_hash_thunk, lh_ERR_STRING_DATA_comp_thunk, lh_ERR_STRING_DATA_doall_thunk, lh_ERR_STRING_DATA_doall_arg_thunk))
#  376|   #define lh_ERR_STRING_DATA_free(lh) OPENSSL_LH_free(ossl_check_ERR_STRING_DATA_lh_type(lh))

Error: CPPCHECK_WARNING (CWE-457): [#def156]
openssl-3.5.4/include/openssl/x509.h:104: warning[uninitvar]: Uninitialized variables: ptr.revocationDate, ptr.extensions, ptr.issuer, ptr.reason, ptr.sequence
#  102|   #define sk_X509_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_sk_type(sk), ossl_check_X509_copyfunc_type(copyfunc), ossl_check_X509_freefunc_type(freefunc)))
#  103|   #define sk_X509_set_cmp_func(sk, cmp) ((sk_X509_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_sk_type(sk), ossl_check_X509_compfunc_type(cmp)))
#  104|-> SKM_DEFINE_STACK_OF_INTERNAL(X509_REVOKED, X509_REVOKED, X509_REVOKED)
#  105|   #define sk_X509_REVOKED_num(sk) OPENSSL_sk_num(ossl_check_const_X509_REVOKED_sk_type(sk))
#  106|   #define sk_X509_REVOKED_value(sk, idx) ((X509_REVOKED *)OPENSSL_sk_value(ossl_check_const_X509_REVOKED_sk_type(sk), (idx)))

Error: CPPCHECK_WARNING (CWE-457): [#def157]
openssl-3.5.4/include/openssl/x509_vfy.h:120: warning[uninitvar]: Uninitialized variables: ptr.check_time, ptr.inh_flags, ptr.flags, ptr.purpose, ptr.trust, ptr.depth, ptr.auth_level, ptr.policies, ptr.hosts, ptr.hostflags, ptr.peername, ptr.email, ptr.emaillen, ptr.ip, ptr.iplen
#  118|   #define sk_X509_OBJECT_deep_copy(sk, copyfunc, freefunc) ((STACK_OF(X509_OBJECT) *)OPENSSL_sk_deep_copy(ossl_check_const_X509_OBJECT_sk_type(sk), ossl_check_X509_OBJECT_copyfunc_type(copyfunc), ossl_check_X509_OBJECT_freefunc_type(freefunc)))
#  119|   #define sk_X509_OBJECT_set_cmp_func(sk, cmp) ((sk_X509_OBJECT_compfunc)OPENSSL_sk_set_cmp_func(ossl_check_X509_OBJECT_sk_type(sk), ossl_check_X509_OBJECT_compfunc_type(cmp)))
#  120|-> SKM_DEFINE_STACK_OF_INTERNAL(X509_VERIFY_PARAM, X509_VERIFY_PARAM, X509_VERIFY_PARAM)
#  121|   #define sk_X509_VERIFY_PARAM_num(sk) OPENSSL_sk_num(ossl_check_const_X509_VERIFY_PARAM_sk_type(sk))
#  122|   #define sk_X509_VERIFY_PARAM_value(sk, idx) ((X509_VERIFY_PARAM *)OPENSSL_sk_value(ossl_check_const_X509_VERIFY_PARAM_sk_type(sk), (idx)))

Error: CPPCHECK_WARNING (CWE-457): [#def158]
openssl-3.5.4/include/openssl/x509_vfy.h:157: warning[uninitvar]: Uninitialized variables: ptr.flags, ptr.check_trust, ptr.name, ptr.arg1, ptr.arg2
#  155|       void *arg2;
#  156|   } X509_TRUST;
#  157|-> SKM_DEFINE_STACK_OF_INTERNAL(X509_TRUST, X509_TRUST, X509_TRUST)
#  158|   #define sk_X509_TRUST_num(sk) OPENSSL_sk_num(ossl_check_const_X509_TRUST_sk_type(sk))
#  159|   #define sk_X509_TRUST_value(sk, idx) ((X509_TRUST *)OPENSSL_sk_value(ossl_check_const_X509_TRUST_sk_type(sk), (idx)))

Error: CPPCHECK_WARNING (CWE-457): [#def159]
openssl-3.5.4/include/openssl/x509v3.h:716: warning[uninitvar]: Uninitialized variables: ptr.trust, ptr.flags, ptr.check_purpose, ptr.name, ptr.sname, ptr.usr_data
#  714|   } X509_PURPOSE;
#  715|   
#  716|-> SKM_DEFINE_STACK_OF_INTERNAL(X509_PURPOSE, X509_PURPOSE, X509_PURPOSE)
#  717|   #define sk_X509_PURPOSE_num(sk) OPENSSL_sk_num(ossl_check_const_X509_PURPOSE_sk_type(sk))
#  718|   #define sk_X509_PURPOSE_value(sk, idx) ((X509_PURPOSE *)OPENSSL_sk_value(ossl_check_const_X509_PURPOSE_sk_type(sk), (idx)))

Error: CPPCHECK_WARNING (CWE-457): [#def160]
openssl-3.5.4/include/openssl/x509v3.h:1065: warning[uninitvar]: Uninitialized variables: ptr.parent, ptr.nchild
# 1063|   
# 1064|   void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
# 1065|-> SKM_DEFINE_STACK_OF_INTERNAL(X509_POLICY_NODE, X509_POLICY_NODE, X509_POLICY_NODE)
# 1066|   #define sk_X509_POLICY_NODE_num(sk) OPENSSL_sk_num(ossl_check_const_X509_POLICY_NODE_sk_type(sk))
# 1067|   #define sk_X509_POLICY_NODE_value(sk, idx) ((X509_POLICY_NODE *)OPENSSL_sk_value(ossl_check_const_X509_POLICY_NODE_sk_type(sk), (idx)))

Error: GCC_ANALYZER_WARNING (CWE-404): [#def161]
openssl-3.5.4/providers/common/bio_prov.c:145:12: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/providers/common/bio_prov.c:148:5: enter_function: entry to 'ossl_prov_bio_printf'
openssl-3.5.4/providers/common/bio_prov.c:153:5: acquire_resource: 'va_start' called here
openssl-3.5.4/providers/common/bio_prov.c:154:11: call_function: calling 'ossl_prov_bio_vprintf' from 'ossl_prov_bio_printf'
#  143|       if (c_bio_vprintf == NULL)
#  144|           return -1;
#  145|->     return c_bio_vprintf(bio, format, ap);
#  146|   }
#  147|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def162]
openssl-3.5.4/providers/fips/fipsprov.c:1023:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/providers/fips/fipsprov.c:1022:5: acquire_resource: 'va_start' called here
openssl-3.5.4/providers/fips/fipsprov.c:1023:5: throw: if the called function throws an exception...
openssl-3.5.4/providers/fips/fipsprov.c:1023:5: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
# 1021|   
# 1022|       va_start(args, fmt);
# 1023|->     c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
# 1024|       va_end(args);
# 1025|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def163]
openssl-3.5.4/providers/fips/fipsprov.c:1138:11: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/providers/fips/fipsprov.c:1137:5: acquire_resource: 'va_start' called here
openssl-3.5.4/providers/fips/fipsprov.c:1138:11: throw: if the called function throws an exception...
openssl-3.5.4/providers/fips/fipsprov.c:1138:11: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
# 1136|   
# 1137|       va_start(args, format);
# 1138|->     ret = c_BIO_vsnprintf(buf, n, format, args);
# 1139|       va_end(args);
# 1140|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def164]
openssl-3.5.4/providers/fips/self_test_kats.c:170:26: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/providers/fips/self_test_kats.c:216:29: enter_function: entry to 'kat_params_to_ossl_params'
openssl-3.5.4/providers/fips/self_test_kats.c:225:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:227:11: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:228:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/providers/fips/self_test_kats.c:232:12: branch_true: following 'true' branch (when 'pms' is non-NULL)...
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: branch_true: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: call_function: calling 'add_params' from 'kat_params_to_ossl_params'
#  168|           switch (p->type) {
#  169|           case OSSL_PARAM_UNSIGNED_INTEGER: {
#  170|->             BIGNUM *bn = BN_CTX_get(ctx);
#  171|   
#  172|               if (bn == NULL

Error: GCC_ANALYZER_WARNING (CWE-404): [#def165]
openssl-3.5.4/providers/fips/self_test_kats.c:173:21: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/providers/fips/self_test_kats.c:216:29: enter_function: entry to 'kat_params_to_ossl_params'
openssl-3.5.4/providers/fips/self_test_kats.c:225:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:227:11: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:228:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/providers/fips/self_test_kats.c:232:12: branch_true: following 'true' branch (when 'pms' is non-NULL)...
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: branch_true: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: call_function: calling 'add_params' from 'kat_params_to_ossl_params'
#  171|   
#  172|               if (bn == NULL
#  173|->                 || (BN_bin2bn(p->data, p->data_len, bn) == NULL)
#  174|                   || !OSSL_PARAM_BLD_push_BN(bld, p->name, bn))
#  175|                   goto err;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def166]
openssl-3.5.4/providers/fips/self_test_kats.c:174:21: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/providers/fips/self_test_kats.c:216:29: enter_function: entry to 'kat_params_to_ossl_params'
openssl-3.5.4/providers/fips/self_test_kats.c:225:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:227:11: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:228:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/providers/fips/self_test_kats.c:232:12: branch_true: following 'true' branch (when 'pms' is non-NULL)...
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: branch_true: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: call_function: calling 'add_params' from 'kat_params_to_ossl_params'
#  172|               if (bn == NULL
#  173|                   || (BN_bin2bn(p->data, p->data_len, bn) == NULL)
#  174|->                 || !OSSL_PARAM_BLD_push_BN(bld, p->name, bn))
#  175|                   goto err;
#  176|               break;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def167]
openssl-3.5.4/providers/fips/self_test_kats.c:179:18: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/providers/fips/self_test_kats.c:216:29: enter_function: entry to 'kat_params_to_ossl_params'
openssl-3.5.4/providers/fips/self_test_kats.c:225:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:227:11: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:228:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/providers/fips/self_test_kats.c:232:12: branch_true: following 'true' branch (when 'pms' is non-NULL)...
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: branch_true: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: call_function: calling 'add_params' from 'kat_params_to_ossl_params'
#  177|           }
#  178|           case OSSL_PARAM_UTF8_STRING: {
#  179|->             if (!OSSL_PARAM_BLD_push_utf8_string(bld, p->name, p->data,
#  180|                                                    p->data_len))
#  181|                   goto err;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def168]
openssl-3.5.4/providers/fips/self_test_kats.c:185:18: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/providers/fips/self_test_kats.c:216:29: enter_function: entry to 'kat_params_to_ossl_params'
openssl-3.5.4/providers/fips/self_test_kats.c:225:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:227:11: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:228:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/providers/fips/self_test_kats.c:232:12: branch_true: following 'true' branch (when 'pms' is non-NULL)...
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: branch_true: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: call_function: calling 'add_params' from 'kat_params_to_ossl_params'
#  183|           }
#  184|           case OSSL_PARAM_OCTET_STRING: {
#  185|->             if (!OSSL_PARAM_BLD_push_octet_string(bld, p->name, p->data,
#  186|                                                     p->data_len))
#  187|                   goto err;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def169]
openssl-3.5.4/providers/fips/self_test_kats.c:191:18: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/providers/fips/self_test_kats.c:216:29: enter_function: entry to 'kat_params_to_ossl_params'
openssl-3.5.4/providers/fips/self_test_kats.c:225:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:227:11: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:228:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: branch_false: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:231:5: acquire_resource: 'va_start' called here
openssl-3.5.4/providers/fips/self_test_kats.c:232:12: branch_true: following 'true' branch (when 'pms' is non-NULL)...
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: branch_true: ...to here
openssl-3.5.4/providers/fips/self_test_kats.c:233:14: call_function: calling 'add_params' from 'kat_params_to_ossl_params'
#  189|           }
#  190|           case OSSL_PARAM_INTEGER: {
#  191|->             if (!OSSL_PARAM_BLD_push_int(bld, p->name, *(int *)p->data))
#  192|                   goto err;
#  193|               break;

Error: COMPILER_WARNING (CWE-1164): [#def170]
openssl-3.5.4/providers/fips/self_test_kats.c:943:12: warning[-Wunused-function]: 'self_test_asym_ciphers' defined but not used
#  943 | static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
#      |            ^~~~~~~~~~~~~~~~~~~~~~
#  941|   }
#  942|   
#  943|-> static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
#  944|   {
#  945|       int i, ret = 1;

Error: CPPCHECK_WARNING (CWE-457): [#def171]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:146: error[legacyUninitvar]: Uninitialized variable: blocks[0].c
#  144|   
#  145|       /* ask for IVs in bulk */
#  146|->     if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4, 0) <= 0)
#  147|           return 0;
#  148|   

Error: GCC_ANALYZER_WARNING (CWE-121): [#def172]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:170:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:766:12: enter_function: entry to 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:769:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
#  168|   
#  169|       for (i = 1; i < x4; i++) {
#  170|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  171|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  172|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def173]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:170:25: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:766:12: enter_function: entry to 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:769:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
#  168|   
#  169|       for (i = 1; i < x4; i++) {
#  170|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  171|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  172|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def174]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:171:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:766:12: enter_function: entry to 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:769:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
#  169|       for (i = 1; i < x4; i++) {
#  170|           ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  171|->         ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  172|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  173|           memcpy(ciph_d[i].iv, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def175]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:173:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:766:12: enter_function: entry to 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:769:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha1_tls1_multiblock_encrypt'
#  171|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  172|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  173|->         memcpy(ciph_d[i].iv, IVs, 16);
#  174|           IVs += 16;
#  175|       }

Error: CPPCHECK_WARNING (CWE-758): [#def176]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:609: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  607|                       c = p[j];
#  608|                       cmask =
#  609|->                         ((int)(j - off - SHA_DIGEST_LENGTH)) >> (sizeof(int) *
#  610|                                                                    8 - 1);
#  611|                       res |= (c ^ pad) & ~cmask; /* ... and padding */

Error: CPPCHECK_WARNING (CWE-758): [#def177]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c:612: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  610|                                                                    8 - 1);
#  611|                       res |= (c ^ pad) & ~cmask; /* ... and padding */
#  612|->                     cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1);
#  613|                       res |= (c ^ pmac->c[i]) & cmask;
#  614|                       i += 1 & cmask;

Error: CPPCHECK_WARNING (CWE-457): [#def178]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:150: error[legacyUninitvar]: Uninitialized variable: blocks[0].c
#  148|   
#  149|       /* ask for IVs in bulk */
#  150|->     if (RAND_bytes_ex(ctx->base.libctx, (IVs = blocks[0].c), 16 * x4, 0) <= 0)
#  151|           return 0;
#  152|   

Error: GCC_ANALYZER_WARNING (CWE-121): [#def179]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:174:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:818:12: enter_function: entry to 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:821:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
#  172|   
#  173|       for (i = 1; i < x4; i++) {
#  174|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  175|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  176|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def180]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:174:25: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:818:12: enter_function: entry to 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:821:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
#  172|   
#  173|       for (i = 1; i < x4; i++) {
#  174|->         ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  175|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  176|           memcpy(ciph_d[i].out - 16, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def181]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:175:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:818:12: enter_function: entry to 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:821:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
#  173|       for (i = 1; i < x4; i++) {
#  174|           ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
#  175|->         ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  176|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  177|           memcpy(ciph_d[i].iv, IVs, 16);

Error: GCC_ANALYZER_WARNING (CWE-121): [#def182]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:177:9: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:818:12: enter_function: entry to 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:821:17: call_function: calling 'tls1_multi_block_encrypt' from 'aesni_cbc_hmac_sha256_tls1_multiblock_encrypt'
#  175|           ciph_d[i].out = ciph_d[i - 1].out + packlen;
#  176|           memcpy(ciph_d[i].out - 16, IVs, 16);
#  177|->         memcpy(ciph_d[i].iv, IVs, 16);
#  178|           IVs += 16;
#  179|       }

Error: CPPCHECK_WARNING (CWE-758): [#def183]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:663: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  661|                       c = p[j];
#  662|                       cmask =
#  663|->                         ((int)(j - off - SHA256_DIGEST_LENGTH)) >>
#  664|                           (sizeof(int) * 8 - 1);
#  665|                       res |= (c ^ pad) & ~cmask; /* ... and padding */

Error: CPPCHECK_WARNING (CWE-758): [#def184]
openssl-3.5.4/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c:666: error[shiftTooManyBitsSigned]: Shifting signed 32-bit value by 31 bits is undefined behaviour
#  664|                           (sizeof(int) * 8 - 1);
#  665|                       res |= (c ^ pad) & ~cmask; /* ... and padding */
#  666|->                     cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1);
#  667|                       res |= (c ^ pmac->c[i]) & cmask;
#  668|                       i += 1 & cmask;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def185]
openssl-3.5.4/providers/implementations/kdfs/argon2.c:884:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '&outbuf'
openssl-3.5.4/providers/implementations/kdfs/argon2.c:861:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/implementations/kdfs/argon2.c:865:5: branch_false: ...to here
openssl-3.5.4/providers/implementations/kdfs/argon2.c:867:8: branch_false: following 'false' branch...
openssl-3.5.4/providers/implementations/kdfs/argon2.c:870:17: branch_false: ...to here
openssl-3.5.4/providers/implementations/kdfs/argon2.c:874:11: branch_true: following 'true' branch...
openssl-3.5.4/providers/implementations/kdfs/argon2.c:875:12: branch_true: ...to here
openssl-3.5.4/providers/implementations/kdfs/argon2.c:874:11: branch_true: following 'true' branch...
openssl-3.5.4/providers/implementations/kdfs/argon2.c:876:12: branch_true: ...to here
openssl-3.5.4/providers/implementations/kdfs/argon2.c:874:11: branch_true: following 'true' branch...
openssl-3.5.4/providers/implementations/kdfs/argon2.c:877:12: branch_true: ...to here
openssl-3.5.4/providers/implementations/kdfs/argon2.c:874:11: branch_true: following 'true' branch...
openssl-3.5.4/providers/implementations/kdfs/argon2.c:883:8: branch_true: ...to here
openssl-3.5.4/providers/implementations/kdfs/argon2.c:883:8: branch_true: following 'true' branch (when 'outlen > 64')...
openssl-3.5.4/providers/implementations/kdfs/argon2.c:884:9: branch_true: ...to here
openssl-3.5.4/providers/implementations/kdfs/argon2.c:884:9: danger: use of uninitialized value '&outbuf' here
#  882|   
#  883|       if (outlen > BLAKE2B_OUTBYTES) {
#  884|->         memcpy(out, outbuf, BLAKE2B_OUTBYTES / 2);
#  885|           out += BLAKE2B_OUTBYTES / 2;
#  886|           outlen_curr = (uint32_t) outlen - BLAKE2B_OUTBYTES / 2;

Error: CPPCHECK_WARNING (CWE-758): [#def186]
openssl-3.5.4/providers/implementations/keymgmt/ml_kem_kmgmt.c:347: error[ctuPointerArith]: Pointer arithmetic overflow; 'seed' buffer size is 64
#  345|       size_t zlen = ML_KEM_RANDOM_BYTES;
#  346|   
#  347|->     if (memcmp(seed + ML_KEM_SEED_BYTES - zlen,
#  348|                  prvenc + key->vinfo->prvkey_bytes - zlen, zlen) == 0)
#  349|           return 1;

Error: CPPCHECK_WARNING (CWE-457): [#def187]
openssl-3.5.4/providers/implementations/signature/dsa_sig.c:404: warning[uninitvar]: Uninitialized variable: digest
#  402|       }
#  403|   
#  404|->     return dsa_sign_directly(vpdsactx, sig, siglen, sigsize, digest, dlen);
#  405|   }
#  406|   

Error: CPPCHECK_WARNING (CWE-457): [#def188]
openssl-3.5.4/providers/implementations/signature/rsa_sig.c:882: warning[uninitvar]: Uninitialized variable: digest
#  880|       }
#  881|   
#  882|->     return rsa_sign_directly(prsactx, sig, siglen, sigsize, digest, dlen);
#  883|   }
#  884|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def189]
openssl-3.5.4/providers/legacyprov.c:285:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/providers/legacyprov.c:284:5: acquire_resource: 'va_start' called here
openssl-3.5.4/providers/legacyprov.c:285:5: throw: if the called function throws an exception...
openssl-3.5.4/providers/legacyprov.c:285:5: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  283|   
#  284|       va_start(args, fmt);
#  285|->     c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
#  286|       va_end(args);
#  287|   }

Error: GCC_ANALYZER_WARNING (CWE-404): [#def190]
openssl-3.5.4/ssl/quic/quic_impl.c:137:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/ssl/quic/quic_impl.c:3641:12: enter_function: entry to 'qc_get_stream_avail'
openssl-3.5.4/ssl/quic/quic_impl.c:3647:8: branch_true: following 'true' branch (when 'class_ != 0')...
openssl-3.5.4/ssl/quic/quic_impl.c:3648:9: branch_true: ...to here
openssl-3.5.4/ssl/quic/quic_impl.c:3648:9: call_function: calling 'quic_raise_non_normal_error' from 'qc_get_stream_avail'
#  135|   
#  136|       va_start(args, fmt);
#  137|->     ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
#  138|       va_end(args);
#  139|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def191]
openssl-3.5.4/ssl/quic/quic_reactor_wait_ctx.c:37:11: warning[-Wanalyzer-null-dereference]: dereference of NULL 'slot'
openssl-3.5.4/ssl/quic/quic_reactor_wait_ctx.c:64:6: enter_function: entry to 'ossl_quic_reactor_wait_ctx_leave'
openssl-3.5.4/ssl/quic/quic_reactor_wait_ctx.c:74:5: call_function: calling 'slot_deactivate' from 'ossl_quic_reactor_wait_ctx_leave'
#   35|       assert(slot->blocking_count > 0);
#   36|   
#   37|->     if (--slot->blocking_count > 0)
#   38|           return;
#   39|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def192]
openssl-3.5.4/ssl/quic/quic_record_shared.c:49:13: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.4/ssl/quic/quic_record_shared.c:44:5: enter_function: entry to 'ossl_qrl_enc_level_set_have_el'
openssl-3.5.4/ssl/quic/quic_record_shared.c:47:30: call_function: calling 'ossl_qrl_enc_level_set_get' from 'ossl_qrl_enc_level_set_have_el'
openssl-3.5.4/ssl/quic/quic_record_shared.c:47:30: return_function: returning to 'ossl_qrl_enc_level_set_have_el' from 'ossl_qrl_enc_level_set_get'
openssl-3.5.4/ssl/quic/quic_record_shared.c:49:13: danger: dereference of NULL 'ossl_qrl_enc_level_set_get(els,  enc_level, 0)'
#   47|       OSSL_QRL_ENC_LEVEL *el = ossl_qrl_enc_level_set_get(els, enc_level, 0);
#   48|   
#   49|->     switch (el->state) {
#   50|           case QRL_EL_STATE_UNPROV:
#   51|               return 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def193]
openssl-3.5.4/ssl/quic/quic_record_shared.c:90:10: warning[-Wanalyzer-null-dereference]: dereference of NULL '0'
openssl-3.5.4/ssl/quic/quic_record_shared.c:84:13: enter_function: entry to 'el_teardown_keyslot'
openssl-3.5.4/ssl/quic/quic_record_shared.c:88:30: call_function: calling 'ossl_qrl_enc_level_set_get' from 'el_teardown_keyslot'
openssl-3.5.4/ssl/quic/quic_record_shared.c:88:30: return_function: returning to 'el_teardown_keyslot' from 'ossl_qrl_enc_level_set_get'
openssl-3.5.4/ssl/quic/quic_record_shared.c:90:10: danger: dereference of NULL 'ossl_qrl_enc_level_set_get(els,  enc_level, 0)'
#   88|       OSSL_QRL_ENC_LEVEL *el = ossl_qrl_enc_level_set_get(els, enc_level, 0);
#   89|   
#   90|->     if (!ossl_qrl_enc_level_set_has_keyslot(els, enc_level, el->state, keyslot))
#   91|           return;
#   92|   

Error: CPPCHECK_WARNING (CWE-476): [#def194]
openssl-3.5.4/ssl/quic/quic_record_tx.c:42: error[ctunullpointer]: Null pointer dereference: elem
#   40|   };
#   41|   
#   42|-> DEFINE_LIST_OF(txe, TXE);
#   43|   typedef OSSL_LIST(txe) TXE_LIST;
#   44|   

Error: CPPCHECK_WARNING (CWE-476): [#def195]
openssl-3.5.4/ssl/quic/quic_record_tx.c:42: error[ctunullpointer]: Null pointer dereference: list
#   40|   };
#   41|   
#   42|-> DEFINE_LIST_OF(txe, TXE);
#   43|   typedef OSSL_LIST(txe) TXE_LIST;
#   44|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def196]
openssl-3.5.4/ssl/quic/quic_record_tx.c:42:1: warning[-Wanalyzer-null-dereference]: dereference of NULL 'list'
openssl-3.5.4/ssl/quic/quic_record_tx.c:793:5: enter_function: entry to 'ossl_qtx_write_pkt'
openssl-3.5.4/ssl/quic/quic_record_tx.c:802:8: branch_false: following 'false' branch...
openssl-3.5.4/ssl/quic/quic_record_tx.c:805:49: branch_false: ...to here
openssl-3.5.4/ssl/quic/quic_record_tx.c:810:13: branch_false: following 'false' branch...
openssl-3.5.4/ssl/quic/quic_record_tx.c:811:19: branch_false: ...to here
openssl-3.5.4/ssl/quic/quic_record_tx.c:810:14: branch_false: following 'false' branch...
openssl-3.5.4/ssl/quic/quic_record_tx.c:816:23: branch_false: ...to here
openssl-3.5.4/ssl/quic/quic_record_tx.c:833:12: branch_false: following 'false' branch...
openssl-3.5.4/ssl/quic/quic_record_tx.c:840:14: branch_false: ...to here
openssl-3.5.4/ssl/quic/quic_record_tx.c:840:14: call_function: inlined call to 'qtx_reserve_txe' from 'ossl_qtx_write_pkt'
#   40|   };
#   41|   
#   42|-> DEFINE_LIST_OF(txe, TXE);
#   43|   typedef OSSL_LIST(txe) TXE_LIST;
#   44|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def197]
openssl-3.5.4/ssl/quic/quic_tls_api.c:146:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 'sc'
openssl-3.5.4/ssl/quic/quic_tls_api.c:137:8: branch_false: following 'false' branch...
openssl-3.5.4/ssl/quic/quic_tls_api.c:142:10: branch_false: ...to here
openssl-3.5.4/ssl/quic/quic_tls_api.c:142:8: branch_false: following 'false' branch...
openssl-3.5.4/ssl/quic/quic_tls_api.c:146:5: branch_false: ...to here
openssl-3.5.4/ssl/quic/quic_tls_api.c:146:5: danger: dereference of NULL 'sc'
#  144|           return 0;
#  145|   
#  146|->     sc->qtarg = arg;
#  147|   
#  148|       ossl_quic_tls_free(sc->qtls);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def198]
openssl-3.5.4/ssl/quic/quic_tls_api.c:202:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'sc'
openssl-3.5.4/ssl/quic/quic_tls_api.c:197:8: branch_false: following 'false' branch...
openssl-3.5.4/ssl/quic/quic_tls_api.c:202:9: branch_false: ...to here
openssl-3.5.4/ssl/quic/quic_tls_api.c:202:9: danger: dereference of NULL 'sc'
#  200|       }
#  201|   
#  202|->     if (sc->qtls == NULL) {
#  203|           ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
#  204|           return 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def199]
openssl-3.5.4/ssl/record/methods/ktls_meth.c:225:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'eiv'
openssl-3.5.4/ssl/record/methods/ktls_meth.c:188:8: branch_false: following 'false' branch...
openssl-3.5.4/ssl/record/methods/ktls_meth.c:189:16: branch_false: ...to here
openssl-3.5.4/ssl/record/methods/ktls_meth.c:188:9: branch_false: following 'false' branch...
openssl-3.5.4/ssl/record/methods/ktls_meth.c:213:5: branch_false: ...to here
openssl-3.5.4/ssl/record/methods/ktls_meth.c:225:9: danger: dereference of NULL 'eiv'
#  223|           crypto_info->gcm128.info.version = version;
#  224|           crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm128);
#  225|->         memcpy(crypto_info->gcm128.iv, eiv, TLS_CIPHER_AES_GCM_128_IV_SIZE);
#  226|           memcpy(crypto_info->gcm128.salt, iv, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
#  227|           memcpy(crypto_info->gcm128.key, key, keylen);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def200]
openssl-3.5.4/ssl/record/methods/ktls_meth.c:242:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'eiv'
openssl-3.5.4/ssl/record/methods/ktls_meth.c:188:8: branch_false: following 'false' branch...
openssl-3.5.4/ssl/record/methods/ktls_meth.c:189:16: branch_false: ...to here
openssl-3.5.4/ssl/record/methods/ktls_meth.c:188:9: branch_false: following 'false' branch...
openssl-3.5.4/ssl/record/methods/ktls_meth.c:213:5: branch_false: ...to here
openssl-3.5.4/ssl/record/methods/ktls_meth.c:242:9: danger: dereference of NULL 'eiv'
#  240|           crypto_info->gcm256.info.version = version;
#  241|           crypto_info->tls_crypto_info_len = sizeof(crypto_info->gcm256);
#  242|->         memcpy(crypto_info->gcm256.iv, eiv, TLS_CIPHER_AES_GCM_256_IV_SIZE);
#  243|           memcpy(crypto_info->gcm256.salt, iv, TLS_CIPHER_AES_GCM_256_SALT_SIZE);
#  244|           memcpy(crypto_info->gcm256.key, key, keylen);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def201]
openssl-3.5.4/ssl/record/methods/ktls_meth.c:260:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'eiv'
openssl-3.5.4/ssl/record/methods/ktls_meth.c:188:8: branch_false: following 'false' branch...
openssl-3.5.4/ssl/record/methods/ktls_meth.c:189:16: branch_false: ...to here
openssl-3.5.4/ssl/record/methods/ktls_meth.c:188:9: branch_false: following 'false' branch...
openssl-3.5.4/ssl/record/methods/ktls_meth.c:213:5: branch_false: ...to here
openssl-3.5.4/ssl/record/methods/ktls_meth.c:260:9: danger: dereference of NULL 'eiv'
#  258|           crypto_info->ccm128.info.version = version;
#  259|           crypto_info->tls_crypto_info_len = sizeof(crypto_info->ccm128);
#  260|->         memcpy(crypto_info->ccm128.iv, eiv, TLS_CIPHER_AES_CCM_128_IV_SIZE);
#  261|           memcpy(crypto_info->ccm128.salt, iv, TLS_CIPHER_AES_CCM_128_SALT_SIZE);
#  262|           memcpy(crypto_info->ccm128.key, key, keylen);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def202]
openssl-3.5.4/ssl/record/methods/tls_common.c:54:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/ssl/record/methods/tls_common.c:53:5: acquire_resource: 'va_start' called here
openssl-3.5.4/ssl/record/methods/tls_common.c:54:5: throw: if 'ERR_vset_error' throws an exception...
openssl-3.5.4/ssl/record/methods/tls_common.c:54:5: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   52|   
#   53|       va_start(args, fmt);
#   54|->     ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
#   55|       va_end(args);
#   56|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def203]
openssl-3.5.4/ssl/record/rec_layer_s3.c:673:13: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.4/ssl/record/rec_layer_s3.c:633:9: branch_false: following 'false' branch...
openssl-3.5.4/ssl/record/rec_layer_s3.c:641:8: branch_false: ...to here
openssl-3.5.4/ssl/record/rec_layer_s3.c:671:8: branch_true: following 'true' branch...
openssl-3.5.4/ssl/record/rec_layer_s3.c:673:13: danger: dereference of NULL 's'
#  671|       if (!ossl_statem_get_in_handshake(s) && SSL_in_init(ssl)) {
#  672|           /* type == SSL3_RT_APPLICATION_DATA */
#  673|->         i = s->handshake_func(ssl);
#  674|           /* SSLfatal() already called */
#  675|           if (i < 0)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def204]
openssl-3.5.4/ssl/record/rec_layer_s3.c:681:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 's'
openssl-3.5.4/ssl/record/rec_layer_s3.c:633:9: branch_false: following 'false' branch...
openssl-3.5.4/ssl/record/rec_layer_s3.c:641:8: branch_false: ...to here
openssl-3.5.4/ssl/record/rec_layer_s3.c:681:5: danger: dereference of NULL 's'
#  679|       }
#  680|    start:
#  681|->     s->rwstate = SSL_NOTHING;
#  682|   
#  683|       /*-

Error: COMPILER_WARNING: [#def205]
openssl-3.5.4/ssl/ssl_ciph.c:12:9: warning: '_GNU_SOURCE' redefined
#   12 | #define _GNU_SOURCE
#      |         ^~~~~~~~~~~
<command-line>: note: this is the location of the previous definition
#   10|    */
#   11|   
#   12|-> #define _GNU_SOURCE
#   13|   #include <stdio.h>
#   14|   #include <ctype.h>

Error: COMPILER_WARNING: [#def206]
openssl-3.5.4/ssl/ssl_ciph.c:12:9: warning[warning]: '_GNU_SOURCE' redefined
#   10|    */
#   11|   
#   12|-> #define _GNU_SOURCE
#   13|   #include <stdio.h>
#   14|   #include <ctype.h>

Error: GCC_ANALYZER_WARNING (CWE-476): [#def207]
openssl-3.5.4/ssl/ssl_lib.c:5026:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 'sc'
# 5024|   #endif
# 5025|   
# 5026|->     sc->server = 1;
# 5027|       sc->shutdown = 0;
# 5028|       ossl_statem_clear(sc);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def208]
openssl-3.5.4/ssl/ssl_lib.c:5046:5: warning[-Wanalyzer-null-dereference]: dereference of NULL 'sc'
# 5044|   #endif
# 5045|   
# 5046|->     sc->server = 0;
# 5047|       sc->shutdown = 0;
# 5048|       ossl_statem_clear(sc);

Error: CPPCHECK_WARNING (CWE-476): [#def209]
openssl-3.5.4/ssl/ssl_rsa.c:990: warning[nullPointer]: Possible null pointer dereference: ctx
#  988|           return 0;
#  989|   
#  990|->     c = sc != NULL ? sc->cert : ctx->cert;
#  991|       /* Do all security checks before anything else */
#  992|       rv = ssl_security_cert(sc, ctx, x509, 0, 1);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def210]
openssl-3.5.4/ssl/statem/statem.c:170:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end'
openssl-3.5.4/ssl/statem/statem.c:807:25: enter_function: entry to 'write_state_machine'
openssl-3.5.4/ssl/statem/statem.c:962:13: call_function: calling 'ossl_statem_fatal' from 'write_state_machine'
#  168|   
#  169|       va_start(args, fmt);
#  170|->     ERR_vset_error(ERR_LIB_SSL, reason, fmt, args);
#  171|       va_end(args);
#  172|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def211]
openssl-3.5.4/ssl/statem/statem_dtls.c:1143:5: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
openssl-3.5.4/ssl/statem/statem_dtls.c:1126:5: enter_function: entry to 'dtls1_buffer_message'
openssl-3.5.4/ssl/statem/statem_dtls.c:1136:8: branch_false: following 'false' branch...
openssl-3.5.4/ssl/statem/statem_dtls.c:1139:12: branch_false: ...to here
openssl-3.5.4/ssl/statem/statem_dtls.c:1139:12: call_function: calling 'dtls1_hm_fragment_new' from 'dtls1_buffer_message'
openssl-3.5.4/ssl/statem/statem_dtls.c:1139:12: return_function: returning to 'dtls1_buffer_message' from 'dtls1_hm_fragment_new'
openssl-3.5.4/ssl/statem/statem_dtls.c:1140:8: branch_false: following 'false' branch...
openssl-3.5.4/ssl/statem/statem_dtls.c:1143:5: branch_false: ...to here
openssl-3.5.4/ssl/statem/statem_dtls.c:1143:12: release_memory: using NULL here
openssl-3.5.4/ssl/statem/statem_dtls.c:1143:5: danger: argument 1 ('*<unknown>.fragment') NULL where non-null expected
# 1141|           return 0;
# 1142|   
# 1143|->     memcpy(frag->fragment, s->init_buf->data, s->init_num);
# 1144|   
# 1145|       if (is_ccs) {

Error: COMPILER_WARNING (CWE-704): [#def212]
openssl-3.5.4/ssl/t1_lib.c: scope_hint: In function 'gid_cb'
openssl-3.5.4/ssl/t1_lib.c:1277:32: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
# 1277 |            && ((current_prefix = strchr(prefixes, elem[0])) != NULL
#      |                                ^
# 1275|       /* Check the possible prefixes (remark: Leading and trailing spaces already cleared) */
# 1276|       while (continue_while_loop && len > 0
# 1277|->            && ((current_prefix = strchr(prefixes, elem[0])) != NULL
# 1278|                  || OPENSSL_strncasecmp(current_prefix = (char *)DEFAULT_GROUPNAME_FIRST_CHARACTER, elem, 1) == 0)) {
# 1279|   

Error: COMPILER_WARNING (CWE-704): [#def213]
openssl-3.5.4/ssl/t1_lib.c:1277:32: warning[-Wdiscarded-qualifiers]: assignment discards 'const' qualifier from pointer target type
# 1275|       /* Check the possible prefixes (remark: Leading and trailing spaces already cleared) */
# 1276|       while (continue_while_loop && len > 0
# 1277|->            && ((current_prefix = strchr(prefixes, elem[0])) != NULL
# 1278|                  || OPENSSL_strncasecmp(current_prefix = (char *)DEFAULT_GROUPNAME_FIRST_CHARACTER, elem, 1) == 0)) {
# 1279|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def214]
openssl-3.5.4/ssl/t1_lib.c:4774:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'lu'
openssl-3.5.4/ssl/t1_lib.c:4657:12: branch_false: following 'false' branch...
openssl-3.5.4/ssl/t1_lib.c:4659:14: branch_false: ...to here
openssl-3.5.4/ssl/t1_lib.c:4662:12: branch_true: following 'true' branch...
openssl-3.5.4/ssl/t1_lib.c:4664:17: branch_true: ...to here
openssl-3.5.4/ssl/t1_lib.c:4664:16: branch_true: following 'true' branch...
openssl-3.5.4/ssl/t1_lib.c:4666:26: branch_true: ...to here
openssl-3.5.4/ssl/t1_lib.c:4669:20: branch_false: following 'false' branch...
openssl-3.5.4/ssl/t1_lib.c:4677:17: branch_false: ...to here
openssl-3.5.4/ssl/t1_lib.c:4677:29: branch_false: following 'false' branch...
openssl-3.5.4/ssl/t1_lib.c:4711:26: branch_false: ...to here
openssl-3.5.4/ssl/t1_lib.c:4726:20: branch_false: following 'false' branch...
openssl-3.5.4/ssl/t1_lib.c:4773:8: branch_false: ...to here
openssl-3.5.4/ssl/t1_lib.c:4773:8: branch_true: following 'true' branch (when 'sig_idx == -1')...
openssl-3.5.4/ssl/t1_lib.c:4774:9: branch_true: ...to here
openssl-3.5.4/ssl/t1_lib.c:4774:9: danger: dereference of NULL 'lu'
# 4772|       }
# 4773|       if (sig_idx == -1)
# 4774|->         sig_idx = lu->sig_idx;
# 4775|       s->s3.tmp.cert = &s->cert->pkeys[sig_idx];
# 4776|       s->cert->key = s->s3.tmp.cert;

Scan Properties