p11-kit-0.25.8-1.fc44

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1]
p11-kit-0.25.8/common/argv.c:82:25: warning[-Wanalyzer-malloc-leak]: leak of ‘src’
p11-kit-0.25.8/common/argv.c:53:9: branch_true: following ‘true’ branch (when ‘string’ is non-NULL)...
p11-kit-0.25.8/common/argv.c:54:9: branch_true: ...to here
p11-kit-0.25.8/common/argv.c:54:9: branch_true: following ‘true’ branch (when ‘sink’ is non-NULL)...
p11-kit-0.25.8/common/argv.c:56:21: branch_true: ...to here
p11-kit-0.25.8/common/argv.c:56:21: acquire_memory: allocated here
p11-kit-0.25.8/common/argv.c:57:9: branch_true: following ‘true’ branch (when ‘dup’ is non-NULL)...
p11-kit-0.25.8/common/argv.c:57:9: branch_true: ...to here
p11-kit-0.25.8/common/argv.c:60:25: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/argv.c:63:20: branch_true: ...to here
p11-kit-0.25.8/common/argv.c:63:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/argv.c:67:27: branch_false: ...to here
p11-kit-0.25.8/common/argv.c:67:27: branch_false: following ‘false’ branch (when ‘quote == 0’)...
p11-kit-0.25.8/common/argv.c:80:28: branch_false: ...to here
p11-kit-0.25.8/common/argv.c:80:27: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/argv.c:81:25: branch_true: ...to here
p11-kit-0.25.8/common/argv.c:82:25: throw: if the called function throws an exception...
p11-kit-0.25.8/common/argv.c:82:25: danger: ‘src’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#   80|   		} else if (isspace (*src)) {
#   81|   			*at = 0;
#   82|-> 			sink (arg, argument);
#   83|   			arg = at;
#   84|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def2]
p11-kit-0.25.8/common/array.c:63:9: warning[-Wanalyzer-malloc-leak]: leak of ‘array’
p11-kit-0.25.8/common/array.c:71:1: enter_function: entry to ‘p11_array_new’
p11-kit-0.25.8/common/array.c:75:17: acquire_memory: allocated here
p11-kit-0.25.8/common/array.c:76:12: branch_false: following ‘false’ branch (when ‘array’ is non-NULL)...
p11-kit-0.25.8/common/array.c:79:14: branch_false: ...to here
p11-kit-0.25.8/common/array.c:79:14: call_function: calling ‘maybe_expand_array’ from ‘p11_array_new’
#   61|   
#   62|   	new_memory = reallocarray (array->elem, new_allocated, sizeof (void*));
#   63|-> 	return_val_if_fail (new_memory != NULL, false);
#   64|   
#   65|   	array->elem = new_memory;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def3]
p11-kit-0.25.8/common/asn1.c:75:16: warning[-Wanalyzer-malloc-leak]: leak of ‘cache’
p11-kit-0.25.8/common/asn1.c:280:1: enter_function: entry to ‘p11_asn1_cache_new’
p11-kit-0.25.8/common/asn1.c:284:17: acquire_memory: allocated here
p11-kit-0.25.8/common/asn1.c:285:9: branch_true: following ‘true’ branch (when ‘cache’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:287:23: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:287:23: call_function: calling ‘p11_asn1_defs_load’ from ‘p11_asn1_cache_new’
#   73|   	int i;
#   74|   
#   75|-> 	defs = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, free_asn1_def);
#   76|   
#   77|   	for (i = 0; asn1_tabs[i].tab != NULL; i++) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
p11-kit-0.25.8/common/asn1.c:80:23: warning[-Wanalyzer-malloc-leak]: leak of ‘cache’
p11-kit-0.25.8/common/asn1.c:280:1: enter_function: entry to ‘p11_asn1_cache_new’
p11-kit-0.25.8/common/asn1.c:284:17: acquire_memory: allocated here
p11-kit-0.25.8/common/asn1.c:285:9: branch_true: following ‘true’ branch (when ‘cache’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:287:23: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:287:23: call_function: calling ‘p11_asn1_defs_load’ from ‘p11_asn1_cache_new’
#   78|   
#   79|   		def = NULL;
#   80|-> 		ret = asn1_array2tree (asn1_tabs[i].tab, &def, message);
#   81|   		if (ret != ASN1_SUCCESS) {
#   82|   			p11_debug_precond ("failed to load %s* definitions: %s: %s\n",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def5]
p11-kit-0.25.8/common/asn1.c:82:25: warning[-Wanalyzer-malloc-leak]: leak of ‘cache’
p11-kit-0.25.8/common/asn1.c:280:1: enter_function: entry to ‘p11_asn1_cache_new’
p11-kit-0.25.8/common/asn1.c:284:17: acquire_memory: allocated here
p11-kit-0.25.8/common/asn1.c:285:9: branch_true: following ‘true’ branch (when ‘cache’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:287:23: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:287:23: call_function: calling ‘p11_asn1_defs_load’ from ‘p11_asn1_cache_new’
#   80|   		ret = asn1_array2tree (asn1_tabs[i].tab, &def, message);
#   81|   		if (ret != ASN1_SUCCESS) {
#   82|-> 			p11_debug_precond ("failed to load %s* definitions: %s: %s\n",
#   83|   			                   asn1_tabs[i].prefix, asn1_strerror (ret), message);
#   84|   			return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
p11-kit-0.25.8/common/asn1.c:87:22: warning[-Wanalyzer-malloc-leak]: leak of ‘cache’
p11-kit-0.25.8/common/asn1.c:280:1: enter_function: entry to ‘p11_asn1_cache_new’
p11-kit-0.25.8/common/asn1.c:284:17: acquire_memory: allocated here
p11-kit-0.25.8/common/asn1.c:285:9: branch_true: following ‘true’ branch (when ‘cache’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:287:23: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:287:23: call_function: calling ‘p11_asn1_defs_load’ from ‘p11_asn1_cache_new’
#   85|   		}
#   86|   
#   87|-> 		if (!p11_dict_set (defs, (void *)asn1_tabs[i].prefix, def))
#   88|   			return_val_if_reached (NULL);
#   89|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def7]
p11-kit-0.25.8/common/asn1.c:88:25: warning[-Wanalyzer-malloc-leak]: leak of ‘cache’
p11-kit-0.25.8/common/asn1.c:280:1: enter_function: entry to ‘p11_asn1_cache_new’
p11-kit-0.25.8/common/asn1.c:284:17: acquire_memory: allocated here
p11-kit-0.25.8/common/asn1.c:285:9: branch_true: following ‘true’ branch (when ‘cache’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:287:23: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:287:23: call_function: calling ‘p11_asn1_defs_load’ from ‘p11_asn1_cache_new’
#   86|   
#   87|   		if (!p11_dict_set (defs, (void *)asn1_tabs[i].prefix, def))
#   88|-> 			return_val_if_reached (NULL);
#   89|   	}
#   90|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
p11-kit-0.25.8/common/asn1.c:182:23: warning[-Wanalyzer-malloc-leak]: leak of ‘der’
p11-kit-0.25.8/common/asn1.c:172:9: branch_true: following ‘true’ branch (when ‘der_len’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:174:9: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:176:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/asn1.c:178:12: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:178:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/asn1.c:179:23: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:179:23: acquire_memory: allocated here
p11-kit-0.25.8/common/asn1.c:180:17: branch_true: following ‘true’ branch (when ‘der’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:182:23: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:182:23: throw: if ‘asn1_der_coding’ throws an exception...
p11-kit-0.25.8/common/asn1.c:182:23: danger: ‘der’ leaks here; was allocated at [(7)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/6)
#  180|   		return_val_if_fail (der != NULL, NULL);
#  181|   
#  182|-> 		ret = asn1_der_coding (asn, "", der, &len, message);
#  183|   	}
#  184|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def9]
p11-kit-0.25.8/common/asn1.c:218:15: warning[-Wanalyzer-malloc-leak]: leak of ‘value’
p11-kit-0.25.8/common/asn1.c:204:9: branch_true: following ‘true’ branch (when ‘asn’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:205:9: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:205:9: branch_true: following ‘true’ branch (when ‘field’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:206:9: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:206:9: branch_true: following ‘true’ branch (when ‘length’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:208:9: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:210:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/asn1.c:213:9: branch_false: ...to here
p11-kit-0.25.8/common/asn1.c:213:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/asn1.c:215:25: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:215:17: acquire_memory: allocated here
p11-kit-0.25.8/common/asn1.c:216:9: branch_true: following ‘true’ branch (when ‘value’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:218:15: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:218:15: throw: if ‘asn1_read_value’ throws an exception...
p11-kit-0.25.8/common/asn1.c:218:15: danger: ‘value’ leaks here; was allocated at [(11)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/10)
#  216|   	return_val_if_fail (value != NULL, NULL);
#  217|   
#  218|-> 	ret = asn1_read_value (asn, field, value, &len);
#  219|   	return_val_if_fail (ret == ASN1_SUCCESS, NULL);
#  220|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def10]
p11-kit-0.25.8/common/asn1.c:270:9: warning[-Wanalyzer-malloc-leak]: leak of ‘item’
p11-kit-0.25.8/common/asn1.c:328:1: enter_function: entry to ‘p11_asn1_cache_take’
p11-kit-0.25.8/common/asn1.c:336:12: branch_false: following ‘false’ branch (when ‘cache’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:341:9: branch_false: ...to here
p11-kit-0.25.8/common/asn1.c:341:9: branch_true: following ‘true’ branch (when ‘struct_name’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:342:9: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:342:9: branch_true: following ‘true’ branch (when ‘der’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:343:9: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:343:9: branch_true: following ‘true’ branch (when ‘der_len != 0’)...
p11-kit-0.25.8/common/asn1.c:345:16: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:345:16: acquire_memory: allocated here
p11-kit-0.25.8/common/asn1.c:346:9: branch_true: following ‘true’ branch (when ‘item’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:348:9: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:351:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/asn1.c:352:17: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:352:17: call_function: calling ‘free_asn1_item’ from ‘p11_asn1_cache_take’
#  268|   	asn1_item *item = data;
#  269|   	free (item->struct_name);
#  270|-> 	asn1_delete_structure (&item->node);
#  271|   	free (item);
#  272|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def11]
p11-kit-0.25.8/common/asn1.c:293:24: warning[-Wanalyzer-malloc-leak]: leak of ‘cache’
p11-kit-0.25.8/common/asn1.c:284:17: acquire_memory: allocated here
p11-kit-0.25.8/common/asn1.c:285:9: branch_true: following ‘true’ branch (when ‘cache’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:287:23: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:288:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/asn1.c:293:24: branch_false: ...to here
p11-kit-0.25.8/common/asn1.c:293:24: throw: if ‘p11_dict_new’ throws an exception...
p11-kit-0.25.8/common/asn1.c:293:24: danger: ‘cache’ leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  291|   	}
#  292|   
#  293|-> 	cache->items = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal,
#  294|   	                             NULL, free_asn1_item);
#  295|   	if (cache->items == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def12]
p11-kit-0.25.8/common/asn1.c:356:14: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
p11-kit-0.25.8/common/asn1.c:336:12: branch_false: following ‘false’ branch (when ‘cache’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:341:9: branch_false: ...to here
p11-kit-0.25.8/common/asn1.c:341:9: branch_true: following ‘true’ branch (when ‘struct_name’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:342:9: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:342:9: branch_true: following ‘true’ branch (when ‘der’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:343:9: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:343:9: branch_true: following ‘true’ branch (when ‘der_len != 0’)...
p11-kit-0.25.8/common/asn1.c:345:16: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:346:9: branch_true: following ‘true’ branch (when ‘item’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:348:9: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:350:29: acquire_memory: allocated here
p11-kit-0.25.8/common/asn1.c:351:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/asn1.c:356:14: branch_false: ...to here
p11-kit-0.25.8/common/asn1.c:356:14: throw: if ‘p11_dict_set’ throws an exception...
p11-kit-0.25.8/common/asn1.c:356:14: danger: ‘<unknown>’ leaks here; was allocated at [(11)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/10)
#  354|   	}
#  355|   
#  356|-> 	if (!p11_dict_set (cache->items, (void *)der, item))
#  357|   		return_if_reached ();
#  358|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def13]
p11-kit-0.25.8/common/asn1.c:356:14: warning[-Wanalyzer-malloc-leak]: leak of ‘item’
p11-kit-0.25.8/common/asn1.c:336:12: branch_false: following ‘false’ branch (when ‘cache’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:341:9: branch_false: ...to here
p11-kit-0.25.8/common/asn1.c:341:9: branch_true: following ‘true’ branch (when ‘struct_name’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:342:9: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:342:9: branch_true: following ‘true’ branch (when ‘der’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:343:9: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:343:9: branch_true: following ‘true’ branch (when ‘der_len != 0’)...
p11-kit-0.25.8/common/asn1.c:345:16: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:345:16: acquire_memory: allocated here
p11-kit-0.25.8/common/asn1.c:346:9: branch_true: following ‘true’ branch (when ‘item’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:348:9: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:351:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/asn1.c:356:14: branch_false: ...to here
p11-kit-0.25.8/common/asn1.c:356:14: throw: if ‘p11_dict_set’ throws an exception...
p11-kit-0.25.8/common/asn1.c:356:14: danger: ‘item’ leaks here; was allocated at [(9)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/8)
#  354|   	}
#  355|   
#  356|-> 	if (!p11_dict_set (cache->items, (void *)der, item))
#  357|   		return_if_reached ();
#  358|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def14]
p11-kit-0.25.8/common/asn1.c:380:9: warning[-Wanalyzer-malloc-leak]: leak of ‘cache’
p11-kit-0.25.8/common/asn1.c:280:1: enter_function: entry to ‘p11_asn1_cache_new’
p11-kit-0.25.8/common/asn1.c:284:17: acquire_memory: allocated here
p11-kit-0.25.8/common/asn1.c:285:9: branch_true: following ‘true’ branch (when ‘cache’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:287:23: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:288:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/asn1.c:289:17: call_function: inlined call to ‘p11_asn1_cache_free’ from ‘p11_asn1_cache_new’
#  378|   	if (!cache)
#  379|   		return;
#  380|-> 	p11_dict_free (cache->items);
#  381|   	p11_dict_free (cache->defs);
#  382|   	free (cache);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def15]
p11-kit-0.25.8/common/asn1.c:381:9: warning[-Wanalyzer-malloc-leak]: leak of ‘cache’
p11-kit-0.25.8/common/asn1.c:280:1: enter_function: entry to ‘p11_asn1_cache_new’
p11-kit-0.25.8/common/asn1.c:284:17: acquire_memory: allocated here
p11-kit-0.25.8/common/asn1.c:285:9: branch_true: following ‘true’ branch (when ‘cache’ is non-NULL)...
p11-kit-0.25.8/common/asn1.c:287:23: branch_true: ...to here
p11-kit-0.25.8/common/asn1.c:288:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/asn1.c:289:17: call_function: inlined call to ‘p11_asn1_cache_free’ from ‘p11_asn1_cache_new’
#  379|   		return;
#  380|   	p11_dict_free (cache->items);
#  381|-> 	p11_dict_free (cache->defs);
#  382|   	free (cache);
#  383|   }

Error: COMPILER_WARNING (CWE-704): [#def16]
p11-kit-0.25.8/common/base64.c: scope_hint: In function ‘p11_b64_pton’
p11-kit-0.25.8/common/base64.c:90:21: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#   90 |                 pos = strchr (Base64, ch);
#      |                     ^
#   88|   			break;
#   89|   
#   90|-> 		pos = strchr (Base64, ch);
#   91|   		if (pos == 0) /* A non-base64 character. */
#   92|   			return (-1);

Error: COMPILER_WARNING (CWE-704): [#def17]
p11-kit-0.25.8/common/base64.c:90:21: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#   88|   			break;
#   89|   
#   90|-> 		pos = strchr (Base64, ch);
#   91|   		if (pos == 0) /* A non-base64 character. */
#   92|   			return (-1);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def18]
p11-kit-0.25.8/common/compat.c:266:19: warning[-Wanalyzer-malloc-leak]: leak of ‘map’
p11-kit-0.25.8/common/compat.c:262:15: acquire_memory: allocated here
p11-kit-0.25.8/common/compat.c:263:12: branch_false: following ‘false’ branch (when ‘map’ is non-NULL)...
p11-kit-0.25.8/common/compat.c:266:19: branch_false: ...to here
p11-kit-0.25.8/common/compat.c:266:19: throw: if ‘open’ throws an exception...
p11-kit-0.25.8/common/compat.c:266:19: danger: ‘map’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  264|   		return NULL;
#  265|   
#  266|-> 	map->fd = open (path, O_RDONLY | O_CLOEXEC);
#  267|   	if (map->fd == -1) {
#  268|   		free (map);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def19]
p11-kit-0.25.8/common/compat.c:275:25: warning[-Wanalyzer-malloc-leak]: leak of ‘map’
p11-kit-0.25.8/common/compat.c:262:15: acquire_memory: allocated here
p11-kit-0.25.8/common/compat.c:263:12: branch_false: following ‘false’ branch (when ‘map’ is non-NULL)...
p11-kit-0.25.8/common/compat.c:266:19: branch_false: ...to here
p11-kit-0.25.8/common/compat.c:267:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/compat.c:272:12: branch_false: ...to here
p11-kit-0.25.8/common/compat.c:272:12: branch_true: following ‘true’ branch (when ‘sb’ is NULL)...
p11-kit-0.25.8/common/compat.c:274:21: branch_true: ...to here
p11-kit-0.25.8/common/compat.c:274:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/compat.c:275:25: branch_true: ...to here
p11-kit-0.25.8/common/compat.c:275:25: throw: if ‘close’ throws an exception...
p11-kit-0.25.8/common/compat.c:275:25: danger: ‘map’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  273|   		sb = &stb;
#  274|   		if (fstat (map->fd, &stb) < 0) {
#  275|-> 			close (map->fd);
#  276|   			free (map);
#  277|   			return NULL;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def20]
p11-kit-0.25.8/common/compat.c:284:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor
p11-kit-0.25.8/common/compat.c:263:12: branch_false: following ‘false’ branch (when ‘map’ is non-NULL)...
p11-kit-0.25.8/common/compat.c:266:19: branch_false: ...to here
p11-kit-0.25.8/common/compat.c:266:19: acquire_resource: opened here
p11-kit-0.25.8/common/compat.c:267:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/compat.c:272:12: branch_false: ...to here
p11-kit-0.25.8/common/compat.c:272:12: branch_false: following ‘false’ branch (when ‘sb’ is non-NULL)...
p11-kit-0.25.8/common/compat.c:282:13: branch_false: ...to here
p11-kit-0.25.8/common/compat.c:282:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/compat.c:283:17: branch_true: ...to here
p11-kit-0.25.8/common/compat.c:284:17: throw: if ‘close’ throws an exception...
p11-kit-0.25.8/common/compat.c:284:17: danger: leaks here; was opened at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  282|   	if (S_ISDIR (sb->st_mode)) {
#  283|   		errno = EISDIR;
#  284|-> 		close (map->fd);
#  285|   		free (map);
#  286|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def21]
p11-kit-0.25.8/common/compat.c:284:17: warning[-Wanalyzer-malloc-leak]: leak of ‘map’
p11-kit-0.25.8/common/compat.c:262:15: acquire_memory: allocated here
p11-kit-0.25.8/common/compat.c:263:12: branch_false: following ‘false’ branch (when ‘map’ is non-NULL)...
p11-kit-0.25.8/common/compat.c:266:19: branch_false: ...to here
p11-kit-0.25.8/common/compat.c:267:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/compat.c:272:12: branch_false: ...to here
p11-kit-0.25.8/common/compat.c:272:12: branch_false: following ‘false’ branch (when ‘sb’ is non-NULL)...
p11-kit-0.25.8/common/compat.c:282:13: branch_false: ...to here
p11-kit-0.25.8/common/compat.c:282:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/compat.c:283:17: branch_true: ...to here
p11-kit-0.25.8/common/compat.c:284:17: throw: if ‘close’ throws an exception...
p11-kit-0.25.8/common/compat.c:284:17: danger: ‘map’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  282|   	if (S_ISDIR (sb->st_mode)) {
#  283|   		errno = EISDIR;
#  284|-> 		close (map->fd);
#  285|   		free (map);
#  286|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def22]
p11-kit-0.25.8/common/compat.c:298:17: warning[-Wanalyzer-malloc-leak]: leak of ‘map’
p11-kit-0.25.8/common/compat.c:262:15: acquire_memory: allocated here
p11-kit-0.25.8/common/compat.c:263:12: branch_false: following ‘false’ branch (when ‘map’ is non-NULL)...
p11-kit-0.25.8/common/compat.c:266:19: branch_false: ...to here
p11-kit-0.25.8/common/compat.c:267:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/compat.c:272:12: branch_false: ...to here
p11-kit-0.25.8/common/compat.c:282:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/compat.c:289:13: branch_false: ...to here
p11-kit-0.25.8/common/compat.c:289:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/compat.c:295:21: branch_false: ...to here
p11-kit-0.25.8/common/compat.c:297:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/compat.c:298:17: branch_true: ...to here
p11-kit-0.25.8/common/compat.c:298:17: throw: if ‘close’ throws an exception...
p11-kit-0.25.8/common/compat.c:298:17: danger: ‘map’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  296|   	map->data = mmap (NULL, map->size, PROT_READ, MAP_PRIVATE, map->fd, 0);
#  297|   	if (map->data == MAP_FAILED) {
#  298|-> 		close (map->fd);
#  299|   		free (map);
#  300|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def23]
p11-kit-0.25.8/common/compat.c:966:30: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir("/proc/self/fd")’
p11-kit-0.25.8/common/compat.c:962:15: acquire_memory: allocated here
p11-kit-0.25.8/common/compat.c:963:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/compat.c:963:12: branch_true: ...to here
p11-kit-0.25.8/common/compat.c:966:30: throw: if ‘readdir’ throws an exception...
p11-kit-0.25.8/common/compat.c:966:30: danger: ‘opendir("/proc/self/fd")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  964|   		struct dirent *de;
#  965|   
#  966|-> 		while ((de = readdir (dir)) != NULL) {
#  967|   			char *end;
#  968|   			long num;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def24]
p11-kit-0.25.8/common/frob-getprogname.c:61:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pfds[0]’
p11-kit-0.25.8/common/frob-getprogname.c:50:12: branch_true: following ‘true’ branch (when ‘argc == 1’)...
p11-kit-0.25.8/common/frob-getprogname.c:54:21: branch_true: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:54:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/frob-getprogname.c:59:23: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:60:20: branch_true: following ‘true’ branch (when ‘pid < 0’)...
p11-kit-0.25.8/common/frob-getprogname.c:61:25: branch_true: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:61:25: throw: if ‘perror’ throws an exception...
p11-kit-0.25.8/common/frob-getprogname.c:61:25: danger: ‘pfds[0]’ leaks here
#   59|   		pid = fork ();
#   60|   		if (pid < 0) {
#   61|-> 			perror ("fork");
#   62|   			exit (EXIT_FAILURE);
#   63|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def25]
p11-kit-0.25.8/common/frob-getprogname.c:61:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pfds[1]’
p11-kit-0.25.8/common/frob-getprogname.c:50:12: branch_true: following ‘true’ branch (when ‘argc == 1’)...
p11-kit-0.25.8/common/frob-getprogname.c:54:21: branch_true: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:54:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/frob-getprogname.c:59:23: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:60:20: branch_true: following ‘true’ branch (when ‘pid < 0’)...
p11-kit-0.25.8/common/frob-getprogname.c:61:25: branch_true: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:61:25: throw: if ‘perror’ throws an exception...
p11-kit-0.25.8/common/frob-getprogname.c:61:25: danger: ‘pfds[1]’ leaks here
#   59|   		pid = fork ();
#   60|   		if (pid < 0) {
#   61|-> 			perror ("fork");
#   62|   			exit (EXIT_FAILURE);
#   63|   		}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def26]
p11-kit-0.25.8/common/frob-getprogname.c:74:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pfds[0]’
p11-kit-0.25.8/common/frob-getprogname.c:50:12: branch_true: following ‘true’ branch (when ‘argc == 1’)...
p11-kit-0.25.8/common/frob-getprogname.c:54:21: branch_true: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:54:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/frob-getprogname.c:59:23: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:60:20: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
p11-kit-0.25.8/common/frob-getprogname.c:65:20: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:65:20: branch_true: following ‘true’ branch (when ‘pid == 0’)...
p11-kit-0.25.8/common/frob-getprogname.c:66:38: branch_true: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:74:25: throw: if ‘close’ throws an exception...
p11-kit-0.25.8/common/frob-getprogname.c:74:25: danger: ‘pfds[0]’ leaks here
#   72|   
#   73|   			dup2 (pfds[1], STDOUT_FILENO);
#   74|-> 			close (pfds[0]);
#   75|   			close (pfds[1]);
#   76|   			execv (BUILDDIR "/common/frob-getprogname" EXEEXT, args);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def27]
p11-kit-0.25.8/common/frob-getprogname.c:74:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pfds[1]’
p11-kit-0.25.8/common/frob-getprogname.c:50:12: branch_true: following ‘true’ branch (when ‘argc == 1’)...
p11-kit-0.25.8/common/frob-getprogname.c:54:21: branch_true: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:54:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/frob-getprogname.c:59:23: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:60:20: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
p11-kit-0.25.8/common/frob-getprogname.c:65:20: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:65:20: branch_true: following ‘true’ branch (when ‘pid == 0’)...
p11-kit-0.25.8/common/frob-getprogname.c:66:38: branch_true: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:74:25: throw: if ‘close’ throws an exception...
p11-kit-0.25.8/common/frob-getprogname.c:74:25: danger: ‘pfds[1]’ leaks here
#   72|   
#   73|   			dup2 (pfds[1], STDOUT_FILENO);
#   74|-> 			close (pfds[0]);
#   75|   			close (pfds[1]);
#   76|   			execv (BUILDDIR "/common/frob-getprogname" EXEEXT, args);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def28]
p11-kit-0.25.8/common/frob-getprogname.c:75:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pfds[1]’
p11-kit-0.25.8/common/frob-getprogname.c:50:12: branch_true: following ‘true’ branch (when ‘argc == 1’)...
p11-kit-0.25.8/common/frob-getprogname.c:54:21: branch_true: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:54:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/frob-getprogname.c:59:23: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:60:20: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
p11-kit-0.25.8/common/frob-getprogname.c:65:20: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:65:20: branch_true: following ‘true’ branch (when ‘pid == 0’)...
p11-kit-0.25.8/common/frob-getprogname.c:66:38: branch_true: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:75:25: throw: if ‘close’ throws an exception...
p11-kit-0.25.8/common/frob-getprogname.c:75:25: danger: ‘pfds[1]’ leaks here
#   73|   			dup2 (pfds[1], STDOUT_FILENO);
#   74|   			close (pfds[0]);
#   75|-> 			close (pfds[1]);
#   76|   			execv (BUILDDIR "/common/frob-getprogname" EXEEXT, args);
#   77|   		} else {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def29]
p11-kit-0.25.8/common/frob-getprogname.c:84:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pfds[0]’
p11-kit-0.25.8/common/frob-getprogname.c:50:12: branch_true: following ‘true’ branch (when ‘argc == 1’)...
p11-kit-0.25.8/common/frob-getprogname.c:54:21: branch_true: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:54:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/frob-getprogname.c:59:23: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:60:20: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
p11-kit-0.25.8/common/frob-getprogname.c:65:20: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:65:20: branch_false: following ‘false’ branch (when ‘pid != 0’)...
p11-kit-0.25.8/common/frob-getprogname.c:79:30: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:84:25: throw: if ‘close’ throws an exception...
p11-kit-0.25.8/common/frob-getprogname.c:84:25: danger: ‘pfds[0]’ leaks here
#   82|   			char *p;
#   83|   
#   84|-> 			close (pfds[1]);
#   85|   			while (1) {
#   86|   				nread = read (pfds[0], buffer + offset, sizeof(buffer) - offset - 1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def30]
p11-kit-0.25.8/common/frob-getprogname.c:84:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pfds[1]’
p11-kit-0.25.8/common/frob-getprogname.c:50:12: branch_true: following ‘true’ branch (when ‘argc == 1’)...
p11-kit-0.25.8/common/frob-getprogname.c:54:21: branch_true: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:54:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/frob-getprogname.c:59:23: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:60:20: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
p11-kit-0.25.8/common/frob-getprogname.c:65:20: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:65:20: branch_false: following ‘false’ branch (when ‘pid != 0’)...
p11-kit-0.25.8/common/frob-getprogname.c:79:30: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:84:25: throw: if ‘close’ throws an exception...
p11-kit-0.25.8/common/frob-getprogname.c:84:25: danger: ‘pfds[1]’ leaks here
#   82|   			char *p;
#   83|   
#   84|-> 			close (pfds[1]);
#   85|   			while (1) {
#   86|   				nread = read (pfds[0], buffer + offset, sizeof(buffer) - offset - 1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def31]
p11-kit-0.25.8/common/frob-getprogname.c:88:41: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pfds[0]’
p11-kit-0.25.8/common/frob-getprogname.c:50:12: branch_true: following ‘true’ branch (when ‘argc == 1’)...
p11-kit-0.25.8/common/frob-getprogname.c:54:21: branch_true: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:54:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/frob-getprogname.c:59:23: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:60:20: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
p11-kit-0.25.8/common/frob-getprogname.c:65:20: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:65:20: branch_false: following ‘false’ branch (when ‘pid != 0’)...
p11-kit-0.25.8/common/frob-getprogname.c:79:30: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:88:41: throw: if ‘perror’ throws an exception...
p11-kit-0.25.8/common/frob-getprogname.c:88:41: danger: ‘pfds[0]’ leaks here
#   86|   				nread = read (pfds[0], buffer + offset, sizeof(buffer) - offset - 1);
#   87|   				if (nread < 0) {
#   88|-> 					perror ("read");
#   89|   					exit (EXIT_FAILURE);
#   90|   				}

Error: GCC_ANALYZER_WARNING (CWE-775): [#def32]
p11-kit-0.25.8/common/frob-getprogname.c:96:29: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pfds[0]’
p11-kit-0.25.8/common/frob-getprogname.c:50:12: branch_true: following ‘true’ branch (when ‘argc == 1’)...
p11-kit-0.25.8/common/frob-getprogname.c:54:21: branch_true: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:54:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/frob-getprogname.c:59:23: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:60:20: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
p11-kit-0.25.8/common/frob-getprogname.c:65:20: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:65:20: branch_false: following ‘false’ branch (when ‘pid != 0’)...
p11-kit-0.25.8/common/frob-getprogname.c:79:30: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:87:36: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/frob-getprogname.c:91:36: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:96:29: throw: if ‘waitpid’ throws an exception...
p11-kit-0.25.8/common/frob-getprogname.c:96:29: danger: ‘pfds[0]’ leaks here
#   94|   			}
#   95|   
#   96|-> 			if (waitpid (pid, &status, 0) < 0) {
#   97|   				perror ("waitpid");
#   98|   				exit (EXIT_FAILURE);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def33]
p11-kit-0.25.8/common/frob-getprogname.c:97:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pfds[0]’
p11-kit-0.25.8/common/frob-getprogname.c:50:12: branch_true: following ‘true’ branch (when ‘argc == 1’)...
p11-kit-0.25.8/common/frob-getprogname.c:54:21: branch_true: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:54:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/frob-getprogname.c:59:23: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:60:20: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
p11-kit-0.25.8/common/frob-getprogname.c:65:20: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:65:20: branch_false: following ‘false’ branch (when ‘pid != 0’)...
p11-kit-0.25.8/common/frob-getprogname.c:79:30: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:87:36: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/frob-getprogname.c:91:36: branch_false: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:96:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/frob-getprogname.c:97:33: branch_true: ...to here
p11-kit-0.25.8/common/frob-getprogname.c:97:33: throw: if ‘perror’ throws an exception...
p11-kit-0.25.8/common/frob-getprogname.c:97:33: danger: ‘pfds[0]’ leaks here
#   95|   
#   96|   			if (waitpid (pid, &status, 0) < 0) {
#   97|-> 				perror ("waitpid");
#   98|   				exit (EXIT_FAILURE);
#   99|   			}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def34]
p11-kit-0.25.8/common/hash.c:104:25: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘data’
p11-kit-0.25.8/common/hash.c:112:32: branch_true: following ‘true’ branch (when ‘num <= 3’)...
p11-kit-0.25.8/common/hash.c:115:33: branch_true: ...to here
p11-kit-0.25.8/common/hash.c:116:36: branch_true: following ‘true’ branch (when ‘data’ is NULL)...
p11-kit-0.25.8/common/hash.c:130:28: branch_true: ...to here
p11-kit-0.25.8/common/hash.c:130:28: branch_false: following ‘false’ branch (when ‘num > 3’)...
p11-kit-0.25.8/common/hash.c:135:25: branch_false: ...to here
p11-kit-0.25.8/common/hash.c:103:20: branch_true: following ‘true’ branch (when ‘len > 3’)...
p11-kit-0.25.8/common/hash.c:104:25: branch_true: ...to here
p11-kit-0.25.8/common/hash.c:104:25: danger: dereference of NULL ‘data’
#  102|   	for (;;) {
#  103|   		if (len >= 4) {
#  104|-> 			memcpy (&k1, data, 4);
#  105|   			data += 4;
#  106|   			len -= 4;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def35]
p11-kit-0.25.8/common/hash.c:110:25: warning[-Wanalyzer-null-argument]: use of NULL ‘data’ where non-null expected
p11-kit-0.25.8/common/hash.c:112:32: branch_true: following ‘true’ branch (when ‘num <= 3’)...
p11-kit-0.25.8/common/hash.c:115:33: branch_true: ...to here
p11-kit-0.25.8/common/hash.c:116:36: branch_true: following ‘true’ branch (when ‘data’ is NULL)...
p11-kit-0.25.8/common/hash.c:130:28: branch_true: ...to here
p11-kit-0.25.8/common/hash.c:130:28: branch_false: following ‘false’ branch (when ‘num > 3’)...
p11-kit-0.25.8/common/hash.c:135:25: branch_false: ...to here
p11-kit-0.25.8/common/hash.c:103:20: branch_false: following ‘false’ branch (when ‘len <= 3’)...
p11-kit-0.25.8/common/hash.c:110:25: branch_false: ...to here
p11-kit-0.25.8/common/hash.c:110:25: danger: argument 2 (‘data’) NULL where non-null expected
#  108|   		} else {
#  109|   			size_t num = len;
#  110|-> 			memcpy (overflow, data, len);
#  111|   
#  112|   			while (num < 4) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def36]
p11-kit-0.25.8/common/mock.c:982:25: warning[-Wanalyzer-malloc-leak]: leak of ‘sess’
p11-kit-0.25.8/common/mock.c:975:16: acquire_memory: allocated here
p11-kit-0.25.8/common/mock.c:976:9: branch_true: following ‘true’ branch (when ‘sess’ is non-NULL)...
p11-kit-0.25.8/common/mock.c:977:24: branch_true: ...to here
p11-kit-0.25.8/common/mock.c:982:25: throw: if ‘p11_dict_new’ throws an exception...
p11-kit-0.25.8/common/mock.c:982:25: danger: ‘sess’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  980|   	sess->info.state = 0;
#  981|   	sess->info.ulDeviceError = 1414;
#  982|-> 	sess->objects = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal,
#  983|   	                              NULL, p11_attrs_free);
#  984|   	*session = sess->handle;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def37]
p11-kit-0.25.8/common/mock.c:989:9: warning[-Wanalyzer-malloc-leak]: leak of ‘sess’
p11-kit-0.25.8/common/mock.c:975:16: acquire_memory: allocated here
p11-kit-0.25.8/common/mock.c:976:9: branch_true: following ‘true’ branch (when ‘sess’ is non-NULL)...
p11-kit-0.25.8/common/mock.c:977:24: branch_true: ...to here
p11-kit-0.25.8/common/mock.c:989:9: throw: if ‘p11_dict_set’ throws an exception...
p11-kit-0.25.8/common/mock.c:989:9: danger: ‘sess’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  987|   	sess->random_seed_len = 6;
#  988|   
#  989|-> 	p11_dict_set (the_sessions, handle_to_pointer (sess->handle), sess);
#  990|   	return CKR_OK;
#  991|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def38]
p11-kit-0.25.8/common/pem.c:105:16: warning[-Wanalyzer-malloc-leak]: leak of ‘type’
p11-kit-0.25.8/common/pem.c:193:1: enter_function: entry to ‘p11_pem_parse’
p11-kit-0.25.8/common/pem.c:204:9: branch_true: following ‘true’ branch (when ‘data’ is non-NULL)...
p11-kit-0.25.8/common/pem.c:204:9: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:206:16: branch_true: following ‘true’ branch (when ‘n_data != 0’)...
p11-kit-0.25.8/common/pem.c:209:23: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:209:23: call_function: calling ‘pem_find_begin’ from ‘p11_pem_parse’
p11-kit-0.25.8/common/pem.c:209:23: return_function: returning to ‘p11_pem_parse’ from ‘pem_find_begin’
p11-kit-0.25.8/common/pem.c:210:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/pem.c:213:17: branch_false: ...to here
p11-kit-0.25.8/common/pem.c:213:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/pem.c:216:51: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:216:23: call_function: calling ‘pem_find_end’ from ‘p11_pem_parse’
#  103|   
#  104|   	/* Look for a prefix */
#  105|-> 	pref = strnstr (data, ARMOR_PREF_END, n_data);
#  106|   	if (!pref)
#  107|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def39]
p11-kit-0.25.8/common/pem.c:178:9: warning[-Wanalyzer-malloc-leak]: leak of ‘type’
p11-kit-0.25.8/common/pem.c:193:1: enter_function: entry to ‘p11_pem_parse’
p11-kit-0.25.8/common/pem.c:204:9: branch_true: following ‘true’ branch (when ‘data’ is non-NULL)...
p11-kit-0.25.8/common/pem.c:204:9: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:206:16: branch_true: following ‘true’ branch (when ‘n_data != 0’)...
p11-kit-0.25.8/common/pem.c:209:23: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:209:23: call_function: calling ‘pem_find_begin’ from ‘p11_pem_parse’
p11-kit-0.25.8/common/pem.c:209:23: return_function: returning to ‘p11_pem_parse’ from ‘pem_find_begin’
p11-kit-0.25.8/common/pem.c:210:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/pem.c:213:17: branch_false: ...to here
p11-kit-0.25.8/common/pem.c:213:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/pem.c:216:51: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:216:23: call_function: calling ‘pem_find_end’ from ‘p11_pem_parse’
p11-kit-0.25.8/common/pem.c:216:23: return_function: returning to ‘p11_pem_parse’ from ‘pem_find_end’
p11-kit-0.25.8/common/pem.c:217:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/pem.c:222:20: branch_false: ...to here
p11-kit-0.25.8/common/pem.c:222:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/pem.c:223:57: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:223:35: call_function: calling ‘pem_parse_block’ from ‘p11_pem_parse’
#  176|   	length = (n_data * 3) / 4 + 1;
#  177|   	decoded = malloc (length);
#  178|-> 	return_val_if_fail (decoded != NULL, 0);
#  179|   
#  180|   	ret = p11_b64_pton (data, n_data, decoded, length);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def40]
p11-kit-0.25.8/common/pem.c:180:15: warning[-Wanalyzer-malloc-leak]: leak of ‘decoded’
p11-kit-0.25.8/common/pem.c:139:9: branch_true: following ‘true’ branch (when ‘data’ is non-NULL)...
p11-kit-0.25.8/common/pem.c:140:9: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:140:9: branch_true: following ‘true’ branch (when ‘n_data != 0’)...
p11-kit-0.25.8/common/pem.c:141:9: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:141:9: branch_true: following ‘true’ branch (when ‘n_decoded’ is non-NULL)...
p11-kit-0.25.8/common/pem.c:144:9: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:149:16: branch_true: following ‘true’ branch (when ‘hend’ is NULL)...
p11-kit-0.25.8/common/pem.c:150:21: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:171:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/pem.c:176:18: branch_false: ...to here
p11-kit-0.25.8/common/pem.c:177:19: acquire_memory: allocated here
p11-kit-0.25.8/common/pem.c:178:9: branch_true: following ‘true’ branch (when ‘decoded’ is non-NULL)...
p11-kit-0.25.8/common/pem.c:180:15: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:180:15: throw: if ‘p11_b64_pton’ throws an exception...
p11-kit-0.25.8/common/pem.c:180:15: danger: ‘decoded’ leaks here; was allocated at [(11)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/10)
#  178|   	return_val_if_fail (decoded != NULL, 0);
#  179|   
#  180|-> 	ret = p11_b64_pton (data, n_data, decoded, length);
#  181|   	if (ret < 0) {
#  182|   		free (decoded);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def41]
p11-kit-0.25.8/common/pem.c:180:15: warning[-Wanalyzer-malloc-leak]: leak of ‘type’
p11-kit-0.25.8/common/pem.c:193:1: enter_function: entry to ‘p11_pem_parse’
p11-kit-0.25.8/common/pem.c:204:9: branch_true: following ‘true’ branch (when ‘data’ is non-NULL)...
p11-kit-0.25.8/common/pem.c:204:9: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:206:16: branch_true: following ‘true’ branch (when ‘n_data != 0’)...
p11-kit-0.25.8/common/pem.c:209:23: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:209:23: call_function: calling ‘pem_find_begin’ from ‘p11_pem_parse’
p11-kit-0.25.8/common/pem.c:209:23: return_function: returning to ‘p11_pem_parse’ from ‘pem_find_begin’
p11-kit-0.25.8/common/pem.c:210:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/pem.c:213:17: branch_false: ...to here
p11-kit-0.25.8/common/pem.c:213:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/pem.c:216:51: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:216:23: call_function: calling ‘pem_find_end’ from ‘p11_pem_parse’
p11-kit-0.25.8/common/pem.c:216:23: return_function: returning to ‘p11_pem_parse’ from ‘pem_find_end’
p11-kit-0.25.8/common/pem.c:217:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/pem.c:222:20: branch_false: ...to here
p11-kit-0.25.8/common/pem.c:222:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/pem.c:223:57: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:223:35: call_function: calling ‘pem_parse_block’ from ‘p11_pem_parse’
#  178|   	return_val_if_fail (decoded != NULL, 0);
#  179|   
#  180|-> 	ret = p11_b64_pton (data, n_data, decoded, length);
#  181|   	if (ret < 0) {
#  182|   		free (decoded);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def42]
p11-kit-0.25.8/common/pem.c:226:41: warning[-Wanalyzer-malloc-leak]: leak of ‘type’
p11-kit-0.25.8/common/pem.c:193:1: enter_function: entry to ‘p11_pem_parse’
p11-kit-0.25.8/common/pem.c:204:9: branch_true: following ‘true’ branch (when ‘data’ is non-NULL)...
p11-kit-0.25.8/common/pem.c:204:9: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:206:16: branch_true: following ‘true’ branch (when ‘n_data != 0’)...
p11-kit-0.25.8/common/pem.c:209:23: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:209:23: call_function: calling ‘pem_find_begin’ from ‘p11_pem_parse’
p11-kit-0.25.8/common/pem.c:209:23: return_function: returning to ‘p11_pem_parse’ from ‘pem_find_begin’
p11-kit-0.25.8/common/pem.c:210:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/pem.c:213:17: branch_false: ...to here
p11-kit-0.25.8/common/pem.c:213:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/pem.c:216:51: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:216:23: call_function: calling ‘pem_find_end’ from ‘p11_pem_parse’
p11-kit-0.25.8/common/pem.c:216:23: return_function: returning to ‘p11_pem_parse’ from ‘pem_find_end’
p11-kit-0.25.8/common/pem.c:217:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/pem.c:222:20: branch_false: ...to here
p11-kit-0.25.8/common/pem.c:222:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/pem.c:223:57: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:223:35: call_function: calling ‘pem_parse_block’ from ‘p11_pem_parse’
p11-kit-0.25.8/common/pem.c:223:35: return_function: returning to ‘p11_pem_parse’ from ‘pem_parse_block’
p11-kit-0.25.8/common/pem.c:224:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/pem.c:225:36: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:225:36: branch_true: following ‘true’ branch (when ‘sink’ is non-NULL)...
p11-kit-0.25.8/common/pem.c:226:41: branch_true: ...to here
p11-kit-0.25.8/common/pem.c:226:41: throw: if the called function throws an exception...
p11-kit-0.25.8/common/pem.c:226:41: danger: ‘type’ leaks here; was allocated at [(18)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/17)
#  224|   			if (decoded) {
#  225|   				if (sink != NULL)
#  226|-> 					(sink) (type, decoded, n_decoded, user_data);
#  227|   				++nfound;
#  228|   				free (decoded);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def43]
p11-kit-0.25.8/common/persist.c:98:30: warning[-Wanalyzer-malloc-leak]: leak of ‘persist’
p11-kit-0.25.8/common/persist.c:95:19: acquire_memory: allocated here
p11-kit-0.25.8/common/persist.c:96:9: branch_true: following ‘true’ branch (when ‘persist’ is non-NULL)...
p11-kit-0.25.8/common/persist.c:98:30: branch_true: ...to here
p11-kit-0.25.8/common/persist.c:98:30: throw: if ‘p11_constant_reverse’ throws an exception...
p11-kit-0.25.8/common/persist.c:98:30: danger: ‘persist’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   96|   	return_val_if_fail (persist != NULL, NULL);
#   97|   
#   98|-> 	persist->constants = p11_constant_reverse (true);
#   99|   	if (persist->constants == NULL) {
#  100|   		free (persist);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def44]
p11-kit-0.25.8/common/readpassphrase.c:93:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 2)’
p11-kit-0.25.8/common/readpassphrase.c:63:12: branch_false: following ‘false’ branch (when ‘bufsiz != 0’)...
p11-kit-0.25.8/common/readpassphrase.c:63:12: branch_false: ...to here
p11-kit-0.25.8/common/readpassphrase.c:69:21: branch_true: following ‘true’ branch (when ‘i != 65’)...
p11-kit-0.25.8/common/readpassphrase.c:70:17: branch_true: ...to here
p11-kit-0.25.8/common/readpassphrase.c:78:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/readpassphrase.c:79:31: branch_false: ...to here
p11-kit-0.25.8/common/readpassphrase.c:79:31: acquire_resource: opened here
p11-kit-0.25.8/common/readpassphrase.c:78:13: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/readpassphrase.c:93:12: branch_false: ...to here
p11-kit-0.25.8/common/readpassphrase.c:93:12: danger: ‘open("/dev/tty", 2)’ leaks here; was opened at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#   91|   	 * generate SIGTTOU, so do it *before* installing the signal handlers.
#   92|   	 */
#   93|-> 	if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
#   94|   		memcpy(&term, &oterm, sizeof(term));
#   95|   		if (!(flags & RPP_ECHO_ON))

Error: COMPILER_WARNING (CWE-252): [#def45]
p11-kit-0.25.8/common/readpassphrase.c: scope_hint: In function ‘readpassphrase’
p11-kit-0.25.8/common/readpassphrase.c:128:23: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  128 |                 (void)write(output, prompt, strlen(prompt));
#      |                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  126|   
#  127|   	if (!(flags & RPP_STDIN))
#  128|-> 		(void)write(output, prompt, strlen(prompt));
#  129|   	end = buf + bufsiz - 1;
#  130|   	p = buf;

Error: COMPILER_WARNING (CWE-252): [#def46]
p11-kit-0.25.8/common/readpassphrase.c:147:23: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  147 |                 (void)write(output, "\n", 1);
#      |                       ^~~~~~~~~~~~~~~~~~~~~~
#  145|   	save_errno = errno;
#  146|   	if (!(term.c_lflag & ECHO))
#  147|-> 		(void)write(output, "\n", 1);
#  148|   
#  149|   	/* Restore old terminal settings and signals. */

Error: CPPCHECK_WARNING (CWE-476): [#def47]
p11-kit-0.25.8/common/test-array.c:155: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: value
#  153|   		value = malloc (sizeof (int));
#  154|   		assert (value != NULL);
#  155|-> 		*value = i;
#  156|   		if (!p11_array_push (array, value))
#  157|   			assert_not_reached ();

Error: GCC_ANALYZER_WARNING (CWE-476): [#def48]
p11-kit-0.25.8/common/test-array.c:155:17: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘value’
p11-kit-0.25.8/common/test-array.c:152:21: branch_true: following ‘true’ branch (when ‘i != 20000’)...
p11-kit-0.25.8/common/test-array.c:153:25: branch_true: ...to here
p11-kit-0.25.8/common/test-array.c:154:17: branch_true: following ‘true’ branch (when ‘value’ is non-NULL)...
p11-kit-0.25.8/common/test-array.c:155:17: branch_true: ...to here
p11-kit-0.25.8/common/test-array.c:156:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/test-array.c:157:25: branch_false: ...to here
p11-kit-0.25.8/common/test-array.c:158:17: branch_true: following ‘true’ branch (when ‘__n1 == __n2’)...
p11-kit-0.25.8/common/test-array.c:158:17: branch_true: ...to here
p11-kit-0.25.8/common/test-array.c:152:21: branch_true: following ‘true’ branch (when ‘i != 20000’)...
p11-kit-0.25.8/common/test-array.c:153:25: branch_true: ...to here
p11-kit-0.25.8/common/test-array.c:153:25: acquire_memory: allocated here
p11-kit-0.25.8/common/test-array.c:154:17: release_memory: assuming ‘value’ is NULL
p11-kit-0.25.8/common/test-array.c:154:17: branch_false: following ‘false’ branch (when ‘value’ is NULL)...
p11-kit-0.25.8/common/test-array.c:154:17: branch_false: ...to here
p11-kit-0.25.8/common/test-array.c:155:17: danger: dereference of NULL ‘value’
#  153|   		value = malloc (sizeof (int));
#  154|   		assert (value != NULL);
#  155|-> 		*value = i;
#  156|   		if (!p11_array_push (array, value))
#  157|   			assert_not_reached ();

Error: GCC_ANALYZER_WARNING (CWE-401): [#def49]
p11-kit-0.25.8/common/test-array.c:156:22: warning[-Wanalyzer-malloc-leak]: leak of ‘value’
p11-kit-0.25.8/common/test-array.c:152:21: branch_true: following ‘true’ branch (when ‘i != 20000’)...
p11-kit-0.25.8/common/test-array.c:153:25: branch_true: ...to here
p11-kit-0.25.8/common/test-array.c:153:25: acquire_memory: allocated here
p11-kit-0.25.8/common/test-array.c:154:17: branch_true: following ‘true’ branch (when ‘value’ is non-NULL)...
p11-kit-0.25.8/common/test-array.c:155:17: branch_true: ...to here
p11-kit-0.25.8/common/test-array.c:156:22: throw: if ‘p11_array_push’ throws an exception...
p11-kit-0.25.8/common/test-array.c:156:22: danger: ‘value’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  154|   		assert (value != NULL);
#  155|   		*value = i;
#  156|-> 		if (!p11_array_push (array, value))
#  157|   			assert_not_reached ();
#  158|   		assert_num_eq (i + 1, array->num);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def50]
p11-kit-0.25.8/common/test-attrs.c:415:17: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("boooyah")’
p11-kit-0.25.8/common/test-attrs.c:415:51: acquire_memory: allocated here
p11-kit-0.25.8/common/test-attrs.c:415:17: danger: ‘strdup("boooyah")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  413|   
#  414|   	attrs = p11_attrs_buildn (NULL, initial, 2);
#  415|-> 	attrs = p11_attrs_take (attrs, CKA_LABEL, strdup ("boooyah"), 7);
#  416|   	attrs = p11_attrs_take (attrs, CKA_TOKEN, strdup ("\x01"), 1);
#  417|   	assert_ptr_not_null (attrs);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def51]
p11-kit-0.25.8/common/test-attrs.c:416:17: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("\001")’
p11-kit-0.25.8/common/test-attrs.c:416:51: acquire_memory: allocated here
p11-kit-0.25.8/common/test-attrs.c:416:17: danger: ‘strdup("\001")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  414|   	attrs = p11_attrs_buildn (NULL, initial, 2);
#  415|   	attrs = p11_attrs_take (attrs, CKA_LABEL, strdup ("boooyah"), 7);
#  416|-> 	attrs = p11_attrs_take (attrs, CKA_TOKEN, strdup ("\x01"), 1);
#  417|   	assert_ptr_not_null (attrs);
#  418|   

Error: CPPCHECK_WARNING (CWE-476): [#def52]
p11-kit-0.25.8/common/test-attrs.c:452: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: template
#  450|   	template = malloc (2 * sizeof (CK_ATTRIBUTE));
#  451|   	assert_ptr_not_null (template);
#  452|-> 	template[0].type = CKA_LOCAL;
#  453|   	template[0].ulValueLen = sizeof (CK_BBOOL);
#  454|   	template[0].pValue = malloc (template[0].ulValueLen);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def53]
p11-kit-0.25.8/common/test-attrs.c:452:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘template’
p11-kit-0.25.8/common/test-attrs.c:450:20: acquire_memory: allocated here
p11-kit-0.25.8/common/test-attrs.c:451:9: release_memory: assuming ‘template’ is NULL
p11-kit-0.25.8/common/test-attrs.c:451:9: branch_false: following ‘false’ branch (when ‘template’ is NULL)...
p11-kit-0.25.8/common/test-attrs.c:451:9: branch_false: ...to here
p11-kit-0.25.8/common/test-attrs.c:452:9: danger: dereference of NULL ‘template’
#  450|   	template = malloc (2 * sizeof (CK_ATTRIBUTE));
#  451|   	assert_ptr_not_null (template);
#  452|-> 	template[0].type = CKA_LOCAL;
#  453|   	template[0].ulValueLen = sizeof (CK_BBOOL);
#  454|   	template[0].pValue = malloc (template[0].ulValueLen);

Error: CPPCHECK_WARNING (CWE-476): [#def54]
p11-kit-0.25.8/common/test-attrs.c:453: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: template
#  451|   	assert_ptr_not_null (template);
#  452|   	template[0].type = CKA_LOCAL;
#  453|-> 	template[0].ulValueLen = sizeof (CK_BBOOL);
#  454|   	template[0].pValue = malloc (template[0].ulValueLen);
#  455|   	assert_ptr_not_null (template[0].pValue);

Error: CPPCHECK_WARNING (CWE-476): [#def55]
p11-kit-0.25.8/common/test-attrs.c:454: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: template
#  452|   	template[0].type = CKA_LOCAL;
#  453|   	template[0].ulValueLen = sizeof (CK_BBOOL);
#  454|-> 	template[0].pValue = malloc (template[0].ulValueLen);
#  455|   	assert_ptr_not_null (template[0].pValue);
#  456|   	*(CK_BBOOL *)(template[0].pValue) = CK_TRUE;

Error: CPPCHECK_WARNING (CWE-476): [#def56]
p11-kit-0.25.8/common/test-attrs.c:455: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: template
#  453|   	template[0].ulValueLen = sizeof (CK_BBOOL);
#  454|   	template[0].pValue = malloc (template[0].ulValueLen);
#  455|-> 	assert_ptr_not_null (template[0].pValue);
#  456|   	*(CK_BBOOL *)(template[0].pValue) = CK_TRUE;
#  457|   	template[1].type = CKA_LABEL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def57]
p11-kit-0.25.8/common/test-attrs.c:455:9: warning[-Wanalyzer-malloc-leak]: leak of ‘template’
p11-kit-0.25.8/common/test-attrs.c:450:20: acquire_memory: allocated here
p11-kit-0.25.8/common/test-attrs.c:451:9: branch_true: following ‘true’ branch (when ‘template’ is non-NULL)...
p11-kit-0.25.8/common/test-attrs.c:452:9: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:455:9: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/test-attrs.c:455:9: branch_false: ...to here
p11-kit-0.25.8/common/test-attrs.c:455:9: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/common/test-attrs.c:455:9: danger: ‘template’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  453|   	template[0].ulValueLen = sizeof (CK_BBOOL);
#  454|   	template[0].pValue = malloc (template[0].ulValueLen);
#  455|-> 	assert_ptr_not_null (template[0].pValue);
#  456|   	*(CK_BBOOL *)(template[0].pValue) = CK_TRUE;
#  457|   	template[1].type = CKA_LABEL;

Error: CPPCHECK_WARNING (CWE-476): [#def58]
p11-kit-0.25.8/common/test-attrs.c:456: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: template
#  454|   	template[0].pValue = malloc (template[0].ulValueLen);
#  455|   	assert_ptr_not_null (template[0].pValue);
#  456|-> 	*(CK_BBOOL *)(template[0].pValue) = CK_TRUE;
#  457|   	template[1].type = CKA_LABEL;
#  458|   	template[1].ulValueLen = 5;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def59]
p11-kit-0.25.8/common/test-attrs.c:456:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘*template.pValue’
p11-kit-0.25.8/common/test-attrs.c:451:9: branch_true: following ‘true’ branch (when ‘template’ is non-NULL)...
p11-kit-0.25.8/common/test-attrs.c:452:9: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:454:30: acquire_memory: allocated here
p11-kit-0.25.8/common/test-attrs.c:455:9: release_memory: assuming ‘<unknown>’ is NULL
p11-kit-0.25.8/common/test-attrs.c:455:9: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/test-attrs.c:455:9: branch_false: ...to here
p11-kit-0.25.8/common/test-attrs.c:456:9: danger: dereference of NULL ‘*template.pValue’
#  454|   	template[0].pValue = malloc (template[0].ulValueLen);
#  455|   	assert_ptr_not_null (template[0].pValue);
#  456|-> 	*(CK_BBOOL *)(template[0].pValue) = CK_TRUE;
#  457|   	template[1].type = CKA_LABEL;
#  458|   	template[1].ulValueLen = 5;

Error: CPPCHECK_WARNING (CWE-476): [#def60]
p11-kit-0.25.8/common/test-attrs.c:457: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: template
#  455|   	assert_ptr_not_null (template[0].pValue);
#  456|   	*(CK_BBOOL *)(template[0].pValue) = CK_TRUE;
#  457|-> 	template[1].type = CKA_LABEL;
#  458|   	template[1].ulValueLen = 5;
#  459|   	template[1].pValue = malloc (template[1].ulValueLen);

Error: CPPCHECK_WARNING (CWE-476): [#def61]
p11-kit-0.25.8/common/test-attrs.c:458: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: template
#  456|   	*(CK_BBOOL *)(template[0].pValue) = CK_TRUE;
#  457|   	template[1].type = CKA_LABEL;
#  458|-> 	template[1].ulValueLen = 5;
#  459|   	template[1].pValue = malloc (template[1].ulValueLen);
#  460|   	assert_ptr_not_null (template[1].pValue);

Error: CPPCHECK_WARNING (CWE-476): [#def62]
p11-kit-0.25.8/common/test-attrs.c:459: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: template
#  457|   	template[1].type = CKA_LABEL;
#  458|   	template[1].ulValueLen = 5;
#  459|-> 	template[1].pValue = malloc (template[1].ulValueLen);
#  460|   	assert_ptr_not_null (template[1].pValue);
#  461|   	memcpy (template[1].pValue, "label", 5);

Error: CPPCHECK_WARNING (CWE-476): [#def63]
p11-kit-0.25.8/common/test-attrs.c:460: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: template
#  458|   	template[1].ulValueLen = 5;
#  459|   	template[1].pValue = malloc (template[1].ulValueLen);
#  460|-> 	assert_ptr_not_null (template[1].pValue);
#  461|   	memcpy (template[1].pValue, "label", 5);
#  462|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def64]
p11-kit-0.25.8/common/test-attrs.c:460:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
p11-kit-0.25.8/common/test-attrs.c:451:9: branch_true: following ‘true’ branch (when ‘template’ is non-NULL)...
p11-kit-0.25.8/common/test-attrs.c:452:9: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:454:30: acquire_memory: allocated here
p11-kit-0.25.8/common/test-attrs.c:455:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/test-attrs.c:456:22: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:460:9: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/test-attrs.c:460:9: branch_false: ...to here
p11-kit-0.25.8/common/test-attrs.c:460:9: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/common/test-attrs.c:460:9: danger: ‘<unknown>’ leaks here; was allocated at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#  458|   	template[1].ulValueLen = 5;
#  459|   	template[1].pValue = malloc (template[1].ulValueLen);
#  460|-> 	assert_ptr_not_null (template[1].pValue);
#  461|   	memcpy (template[1].pValue, "label", 5);
#  462|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def65]
p11-kit-0.25.8/common/test-attrs.c:460:9: warning[-Wanalyzer-malloc-leak]: leak of ‘template’
p11-kit-0.25.8/common/test-attrs.c:450:20: acquire_memory: allocated here
p11-kit-0.25.8/common/test-attrs.c:451:9: branch_true: following ‘true’ branch (when ‘template’ is non-NULL)...
p11-kit-0.25.8/common/test-attrs.c:452:9: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:455:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/test-attrs.c:456:22: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:460:9: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/test-attrs.c:460:9: branch_false: ...to here
p11-kit-0.25.8/common/test-attrs.c:460:9: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/common/test-attrs.c:460:9: danger: ‘template’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  458|   	template[1].ulValueLen = 5;
#  459|   	template[1].pValue = malloc (template[1].ulValueLen);
#  460|-> 	assert_ptr_not_null (template[1].pValue);
#  461|   	memcpy (template[1].pValue, "label", 5);
#  462|   

Error: CPPCHECK_WARNING (CWE-476): [#def66]
p11-kit-0.25.8/common/test-attrs.c:461: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: template
#  459|   	template[1].pValue = malloc (template[1].ulValueLen);
#  460|   	assert_ptr_not_null (template[1].pValue);
#  461|-> 	memcpy (template[1].pValue, "label", 5);
#  462|   
#  463|   	attrs = p11_attrs_buildn (NULL, initial, 2);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def67]
p11-kit-0.25.8/common/test-attrs.c:461:9: warning[-Wanalyzer-null-argument]: use of NULL ‘template[1].pValue’ where non-null expected
p11-kit-0.25.8/common/test-attrs.c:451:9: branch_true: following ‘true’ branch (when ‘template’ is non-NULL)...
p11-kit-0.25.8/common/test-attrs.c:452:9: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:455:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/test-attrs.c:456:22: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:459:30: acquire_memory: allocated here
p11-kit-0.25.8/common/test-attrs.c:460:9: release_memory: assuming ‘<unknown>’ is NULL
p11-kit-0.25.8/common/test-attrs.c:460:9: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/test-attrs.c:460:9: branch_false: ...to here
p11-kit-0.25.8/common/test-attrs.c:461:9: danger: argument 1 (‘template[1].pValue’) NULL where non-null expected
#  459|   	template[1].pValue = malloc (template[1].ulValueLen);
#  460|   	assert_ptr_not_null (template[1].pValue);
#  461|-> 	memcpy (template[1].pValue, "label", 5);
#  462|   
#  463|   	attrs = p11_attrs_buildn (NULL, initial, 2);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def68]
p11-kit-0.25.8/common/test-attrs.c:463:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
p11-kit-0.25.8/common/test-attrs.c:451:9: branch_true: following ‘true’ branch (when ‘template’ is non-NULL)...
p11-kit-0.25.8/common/test-attrs.c:452:9: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:454:30: acquire_memory: allocated here
p11-kit-0.25.8/common/test-attrs.c:455:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/test-attrs.c:456:22: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:460:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/test-attrs.c:461:17: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:463:17: throw: if ‘p11_attrs_buildn’ throws an exception...
p11-kit-0.25.8/common/test-attrs.c:463:17: danger: ‘<unknown>’ leaks here; was allocated at [(3)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/2)
#  461|   	memcpy (template[1].pValue, "label", 5);
#  462|   
#  463|-> 	attrs = p11_attrs_buildn (NULL, initial, 2);
#  464|   	attrs = p11_attrs_take (attrs, CKA_WRAP_TEMPLATE, template, 2 * sizeof (CK_ATTRIBUTE));
#  465|   	attrs = p11_attrs_take (attrs, CKA_TOKEN, strdup ("\x01"), 1);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def69]
p11-kit-0.25.8/common/test-attrs.c:463:17: warning[-Wanalyzer-malloc-leak]: leak of ‘template’
p11-kit-0.25.8/common/test-attrs.c:450:20: acquire_memory: allocated here
p11-kit-0.25.8/common/test-attrs.c:451:9: branch_true: following ‘true’ branch (when ‘template’ is non-NULL)...
p11-kit-0.25.8/common/test-attrs.c:452:9: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:455:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/test-attrs.c:456:22: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:460:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/test-attrs.c:461:17: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:463:17: throw: if ‘p11_attrs_buildn’ throws an exception...
p11-kit-0.25.8/common/test-attrs.c:463:17: danger: ‘template’ leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  461|   	memcpy (template[1].pValue, "label", 5);
#  462|   
#  463|-> 	attrs = p11_attrs_buildn (NULL, initial, 2);
#  464|   	attrs = p11_attrs_take (attrs, CKA_WRAP_TEMPLATE, template, 2 * sizeof (CK_ATTRIBUTE));
#  465|   	attrs = p11_attrs_take (attrs, CKA_TOKEN, strdup ("\x01"), 1);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def70]
p11-kit-0.25.8/common/test-attrs.c:464:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
p11-kit-0.25.8/common/test-attrs.c:451:9: branch_true: following ‘true’ branch (when ‘template’ is non-NULL)...
p11-kit-0.25.8/common/test-attrs.c:452:9: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:454:30: acquire_memory: allocated here
p11-kit-0.25.8/common/test-attrs.c:455:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/test-attrs.c:456:22: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:460:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/test-attrs.c:461:17: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:464:17: throw: if ‘p11_attrs_take’ throws an exception...
p11-kit-0.25.8/common/test-attrs.c:464:17: danger: ‘<unknown>’ leaks here; was allocated at [(3)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/2)
#  462|   
#  463|   	attrs = p11_attrs_buildn (NULL, initial, 2);
#  464|-> 	attrs = p11_attrs_take (attrs, CKA_WRAP_TEMPLATE, template, 2 * sizeof (CK_ATTRIBUTE));
#  465|   	attrs = p11_attrs_take (attrs, CKA_TOKEN, strdup ("\x01"), 1);
#  466|   	assert_ptr_not_null (attrs);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def71]
p11-kit-0.25.8/common/test-attrs.c:464:17: warning[-Wanalyzer-malloc-leak]: leak of ‘template’
p11-kit-0.25.8/common/test-attrs.c:450:20: acquire_memory: allocated here
p11-kit-0.25.8/common/test-attrs.c:451:9: branch_true: following ‘true’ branch (when ‘template’ is non-NULL)...
p11-kit-0.25.8/common/test-attrs.c:452:9: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:455:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/test-attrs.c:456:22: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:460:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/test-attrs.c:461:17: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:464:17: throw: if ‘p11_attrs_take’ throws an exception...
p11-kit-0.25.8/common/test-attrs.c:464:17: danger: ‘template’ leaks here; was allocated at [(1)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/0)
#  462|   
#  463|   	attrs = p11_attrs_buildn (NULL, initial, 2);
#  464|-> 	attrs = p11_attrs_take (attrs, CKA_WRAP_TEMPLATE, template, 2 * sizeof (CK_ATTRIBUTE));
#  465|   	attrs = p11_attrs_take (attrs, CKA_TOKEN, strdup ("\x01"), 1);
#  466|   	assert_ptr_not_null (attrs);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def72]
p11-kit-0.25.8/common/test-attrs.c:465:17: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("\001")’
p11-kit-0.25.8/common/test-attrs.c:451:9: branch_true: following ‘true’ branch (when ‘template’ is non-NULL)...
p11-kit-0.25.8/common/test-attrs.c:452:9: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:455:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/test-attrs.c:456:22: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:460:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/test-attrs.c:461:17: branch_true: ...to here
p11-kit-0.25.8/common/test-attrs.c:465:51: acquire_memory: allocated here
p11-kit-0.25.8/common/test-attrs.c:465:17: danger: ‘strdup("\001")’ leaks here; was allocated at [(7)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/6)
#  463|   	attrs = p11_attrs_buildn (NULL, initial, 2);
#  464|   	attrs = p11_attrs_take (attrs, CKA_WRAP_TEMPLATE, template, 2 * sizeof (CK_ATTRIBUTE));
#  465|-> 	attrs = p11_attrs_take (attrs, CKA_TOKEN, strdup ("\x01"), 1);
#  466|   	assert_ptr_not_null (attrs);
#  467|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def73]
p11-kit-0.25.8/common/test-buffer.c:121:9: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("blah")’
p11-kit-0.25.8/common/test-buffer.c:121:57: acquire_memory: allocated here
p11-kit-0.25.8/common/test-buffer.c:121:9: danger: ‘strdup("blah")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  119|   	mock_freed = 0;
#  120|   
#  121|-> 	p11_buffer_init_full (&buffer, (unsigned char *)strdup ("blah"), 4, 0,
#  122|   	                       mock_realloc, mock_free);
#  123|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def74]
p11-kit-0.25.8/common/test-buffer.c:154:9: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("blah")’
p11-kit-0.25.8/common/test-buffer.c:154:57: acquire_memory: allocated here
p11-kit-0.25.8/common/test-buffer.c:154:9: danger: ‘strdup("blah")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  152|   	mock_freed = 0;
#  153|   
#  154|-> 	p11_buffer_init_full (&buffer, (unsigned char *)strdup ("blah"), 4,
#  155|   	                      P11_BUFFER_NULL, mock_realloc, mock_free);
#  156|   

Error: CPPCHECK_WARNING (CWE-476): [#def75]
p11-kit-0.25.8/common/test-dict.c:430: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: value
#  428|   		value = malloc (sizeof (int));
#  429|   		assert (value != NULL);
#  430|-> 		*value = i;
#  431|   		if (!p11_dict_set (map, value, value))
#  432|   			assert_not_reached ();

Error: GCC_ANALYZER_WARNING (CWE-401): [#def76]
p11-kit-0.25.8/common/test-dict.c:431:22: warning[-Wanalyzer-malloc-leak]: leak of ‘value’
p11-kit-0.25.8/common/test-dict.c:427:21: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/test-dict.c:428:25: branch_true: ...to here
p11-kit-0.25.8/common/test-dict.c:428:25: acquire_memory: allocated here
p11-kit-0.25.8/common/test-dict.c:429:17: branch_true: following ‘true’ branch (when ‘value’ is non-NULL)...
p11-kit-0.25.8/common/test-dict.c:430:17: branch_true: ...to here
p11-kit-0.25.8/common/test-dict.c:431:22: throw: if ‘p11_dict_set’ throws an exception...
p11-kit-0.25.8/common/test-dict.c:431:22: danger: ‘value’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  429|   		assert (value != NULL);
#  430|   		*value = i;
#  431|-> 		if (!p11_dict_set (map, value, value))
#  432|   			assert_not_reached ();
#  433|   	}

Error: CPPCHECK_WARNING (CWE-476): [#def77]
p11-kit-0.25.8/common/test-dict.c:459: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: value
#  457|   		value = malloc (sizeof (int));
#  458|   		assert (value != NULL);
#  459|-> 		*value = i;
#  460|   		if (!p11_dict_set (map, value, value))
#  461|   			assert_not_reached ();

Error: GCC_ANALYZER_WARNING (CWE-401): [#def78]
p11-kit-0.25.8/common/test-dict.c:460:22: warning[-Wanalyzer-malloc-leak]: leak of ‘value’
p11-kit-0.25.8/common/test-dict.c:456:21: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/test-dict.c:457:25: branch_true: ...to here
p11-kit-0.25.8/common/test-dict.c:457:25: acquire_memory: allocated here
p11-kit-0.25.8/common/test-dict.c:458:17: branch_true: following ‘true’ branch (when ‘value’ is non-NULL)...
p11-kit-0.25.8/common/test-dict.c:459:17: branch_true: ...to here
p11-kit-0.25.8/common/test-dict.c:460:22: throw: if ‘p11_dict_set’ throws an exception...
p11-kit-0.25.8/common/test-dict.c:460:22: danger: ‘value’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  458|   		assert (value != NULL);
#  459|   		*value = i;
#  460|-> 		if (!p11_dict_set (map, value, value))
#  461|   			assert_not_reached ();
#  462|   		assert_num_eq (i + 1, p11_dict_size (map));

Error: CPPCHECK_WARNING (CWE-476): [#def79]
p11-kit-0.25.8/common/test-dict.c:489: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: value
#  487|   		value = malloc (sizeof (unsigned long));
#  488|   		assert (value != NULL);
#  489|-> 		*value = i;
#  490|   		if (!p11_dict_set (map, value, value))
#  491|   			assert_not_reached ();

Error: GCC_ANALYZER_WARNING (CWE-401): [#def80]
p11-kit-0.25.8/common/test-dict.c:490:22: warning[-Wanalyzer-malloc-leak]: leak of ‘value’
p11-kit-0.25.8/common/test-dict.c:486:21: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/test-dict.c:487:25: branch_true: ...to here
p11-kit-0.25.8/common/test-dict.c:487:25: acquire_memory: allocated here
p11-kit-0.25.8/common/test-dict.c:488:17: branch_true: following ‘true’ branch (when ‘value’ is non-NULL)...
p11-kit-0.25.8/common/test-dict.c:489:17: branch_true: ...to here
p11-kit-0.25.8/common/test-dict.c:490:22: throw: if ‘p11_dict_set’ throws an exception...
p11-kit-0.25.8/common/test-dict.c:490:22: danger: ‘value’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  488|   		assert (value != NULL);
#  489|   		*value = i;
#  490|-> 		if (!p11_dict_set (map, value, value))
#  491|   			assert_not_reached ();
#  492|   	}

Error: GCC_ANALYZER_WARNING (CWE-126): [#def81]
p11-kit-0.25.8/common/test-lexer.c:68:21: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
p11-kit-0.25.8/common/test-lexer.c:225:1: enter_function: entry to ‘test_bad_value’
p11-kit-0.25.8/common/test-lexer.c:237:9: call_function: calling ‘check_lex_msg’ from ‘test_bad_value’
#   66|   	p11_lexer_init (&lexer, "test", input, strlen (input));
#   67|   	for (i = 0; p11_lexer_next (&lexer, &failed); i++) {
#   68|-> 		if (expected[i].tok_type != lexer.tok_type)
#   69|   			p11_test_fail (file, line, function,
#   70|   			               "lexer token type does not match: (%d != %d)",

Error: GCC_ANALYZER_WARNING (CWE-688): [#def82]
p11-kit-0.25.8/common/test-lexer.c:74:29: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
p11-kit-0.25.8/common/test-lexer.c:225:1: enter_function: entry to ‘test_bad_value’
p11-kit-0.25.8/common/test-lexer.c:237:9: call_function: calling ‘check_lex_msg’ from ‘test_bad_value’
#   72|   		switch (lexer.tok_type) {
#   73|   		case TOK_FIELD:
#   74|-> 			if (strcmp (expected[i].name, lexer.tok.field.name) != 0)
#   75|   				p11_test_fail (file, line, function,
#   76|   				               "field name doesn't match: (%s != %s)",

Error: GCC_ANALYZER_WARNING (CWE-126): [#def83]
p11-kit-0.25.8/common/test-lexer.c:74:37: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
p11-kit-0.25.8/common/test-lexer.c:225:1: enter_function: entry to ‘test_bad_value’
p11-kit-0.25.8/common/test-lexer.c:237:9: call_function: calling ‘check_lex_msg’ from ‘test_bad_value’
#   72|   		switch (lexer.tok_type) {
#   73|   		case TOK_FIELD:
#   74|-> 			if (strcmp (expected[i].name, lexer.tok.field.name) != 0)
#   75|   				p11_test_fail (file, line, function,
#   76|   				               "field name doesn't match: (%s != %s)",

Error: GCC_ANALYZER_WARNING (CWE-688): [#def84]
p11-kit-0.25.8/common/test-lexer.c:78:29: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
p11-kit-0.25.8/common/test-lexer.c:225:1: enter_function: entry to ‘test_bad_value’
p11-kit-0.25.8/common/test-lexer.c:237:9: call_function: calling ‘check_lex_msg’ from ‘test_bad_value’
#   76|   				               "field name doesn't match: (%s != %s)",
#   77|   				               expected[i].name, lexer.tok.field.name);
#   78|-> 			if (strcmp (expected[i].value, lexer.tok.field.value) != 0)
#   79|   				p11_test_fail (file, line, function,
#   80|   				               "field value doesn't match: (%s != %s)",

Error: GCC_ANALYZER_WARNING (CWE-688): [#def85]
p11-kit-0.25.8/common/test-lexer.c:84:29: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
p11-kit-0.25.8/common/test-lexer.c:225:1: enter_function: entry to ‘test_bad_value’
p11-kit-0.25.8/common/test-lexer.c:237:9: call_function: calling ‘check_lex_msg’ from ‘test_bad_value’
#   82|   			break;
#   83|   		case TOK_SECTION:
#   84|-> 			if (strcmp (expected[i].name, lexer.tok.field.name) != 0)
#   85|   				p11_test_fail (file, line, function,
#   86|   				               "section name doesn't match: (%s != %s)",

Error: GCC_ANALYZER_WARNING (CWE-126): [#def86]
p11-kit-0.25.8/common/test-lexer.c:84:37: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
p11-kit-0.25.8/common/test-lexer.c:225:1: enter_function: entry to ‘test_bad_value’
p11-kit-0.25.8/common/test-lexer.c:237:9: call_function: calling ‘check_lex_msg’ from ‘test_bad_value’
#   82|   			break;
#   83|   		case TOK_SECTION:
#   84|-> 			if (strcmp (expected[i].name, lexer.tok.field.name) != 0)
#   85|   				p11_test_fail (file, line, function,
#   86|   				               "section name doesn't match: (%s != %s)",

Error: GCC_ANALYZER_WARNING (CWE-688): [#def87]
p11-kit-0.25.8/common/test-lexer.c:90:31: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
p11-kit-0.25.8/common/test-lexer.c:225:1: enter_function: entry to ‘test_bad_value’
p11-kit-0.25.8/common/test-lexer.c:237:9: call_function: calling ‘check_lex_msg’ from ‘test_bad_value’
#   88|   			break;
#   89|   		case TOK_PEM:
#   90|-> 			len = strlen (expected[i].name);
#   91|   			if (lexer.tok.pem.length < len ||
#   92|   			    strncmp (lexer.tok.pem.begin, expected[i].name, len) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-126): [#def88]
p11-kit-0.25.8/common/test-lexer.c:90:39: warning[-Wanalyzer-out-of-bounds]: stack-based buffer over-read
p11-kit-0.25.8/common/test-lexer.c:225:1: enter_function: entry to ‘test_bad_value’
p11-kit-0.25.8/common/test-lexer.c:237:9: call_function: calling ‘check_lex_msg’ from ‘test_bad_value’
#   88|   			break;
#   89|   		case TOK_PEM:
#   90|-> 			len = strlen (expected[i].name);
#   91|   			if (lexer.tok.pem.length < len ||
#   92|   			    strncmp (lexer.tok.pem.begin, expected[i].name, len) != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def89]
p11-kit-0.25.8/common/test-path.c:219:9: warning[-Wanalyzer-malloc-leak]: leak of ‘test’
p11-kit-0.25.8/common/test-path.c:218:16: acquire_memory: allocated here
p11-kit-0.25.8/common/test-path.c:219:9: throw: if ‘p11_path_canon’ throws an exception...
p11-kit-0.25.8/common/test-path.c:219:9: danger: ‘test’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  217|   
#  218|   	test = strdup ("2309haonutb;AOE@#$O ");
#  219|-> 	p11_path_canon (test);
#  220|   	assert_str_eq (test, "2309haonutb_AOE___O_");
#  221|   	free (test);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def90]
p11-kit-0.25.8/common/test-path.c:224:9: warning[-Wanalyzer-malloc-leak]: leak of ‘test’
p11-kit-0.25.8/common/test-path.c:218:16: acquire_memory: allocated here
p11-kit-0.25.8/common/test-path.c:223:16: acquire_memory: allocated here
p11-kit-0.25.8/common/test-path.c:224:9: throw: if ‘p11_path_canon’ throws an exception...
p11-kit-0.25.8/common/test-path.c:224:9: danger: ‘test’ leaks here; was allocated at [(2)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/1)
#  222|   
#  223|   	test = strdup ("22@# %ATI@#$onot");
#  224|-> 	p11_path_canon (test);
#  225|   	assert_str_eq (test, "22____ATI___onot");
#  226|   	free (test);

Error: CPPCHECK_WARNING (CWE-476): [#def91]
p11-kit-0.25.8/common/test-tests.c:89: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: mem
#   87|   		mem = malloc (1);
#   88|   		assert (mem != NULL);
#   89|-> 		*mem = 1;
#   90|   	}
#   91|   	/* cppcheck-suppress memleak */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def92]
p11-kit-0.25.8/common/test.c:485:12: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(name, "wb")’
p11-kit-0.25.8/common/test.c:473:12: branch_false: following ‘false’ branch (when ‘base’ is NULL)...
p11-kit-0.25.8/common/test.c:479:13: branch_false: ...to here
p11-kit-0.25.8/common/test.c:479:13: acquire_resource: opened here
p11-kit-0.25.8/common/test.c:480:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/test.c:485:13: branch_false: ...to here
p11-kit-0.25.8/common/test.c:485:12: danger: ‘fopen(name, "wb")’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  483|   	}
#  484|   
#  485|-> 	if (fwrite (contents, 1, length, f) != length ||
#  486|   	    fclose (f) != 0) {
#  487|   		printf ("# couldn't write to file: %s: %s\n", name, strerror (errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def93]
p11-kit-0.25.8/common/test.c:485:12: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(name, "wb")’
p11-kit-0.25.8/common/test.c:473:12: branch_false: following ‘false’ branch (when ‘base’ is NULL)...
p11-kit-0.25.8/common/test.c:479:13: branch_false: ...to here
p11-kit-0.25.8/common/test.c:479:13: acquire_memory: allocated here
p11-kit-0.25.8/common/test.c:480:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/test.c:485:13: branch_false: ...to here
p11-kit-0.25.8/common/test.c:485:12: danger: ‘fopen(name, "wb")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  483|   	}
#  484|   
#  485|-> 	if (fwrite (contents, 1, length, f) != length ||
#  486|   	    fclose (f) != 0) {
#  487|   		printf ("# couldn't write to file: %s: %s\n", name, strerror (errno));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def94]
p11-kit-0.25.8/common/test.c:528:22: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(directory)’
p11-kit-0.25.8/common/test.c:522:15: acquire_memory: allocated here
p11-kit-0.25.8/common/test.c:523:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/test.c:523:12: branch_false: ...to here
p11-kit-0.25.8/common/test.c:528:22: throw: if ‘readdir’ throws an exception...
p11-kit-0.25.8/common/test.c:528:22: danger: ‘opendir(directory)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  526|   	}
#  527|   
#  528|-> 	while ((dp = readdir (dir)) != NULL) {
#  529|   		if (strcmp (dp->d_name, ".") == 0 ||
#  530|   		    strcmp (dp->d_name, "..") == 0)

Error: GCC_ANALYZER_WARNING (CWE-688): [#def95]
p11-kit-0.25.8/common/test.c:546:13: warning[-Wanalyzer-null-argument]: use of NULL ‘directory’ where non-null expected
p11-kit-0.25.8/common/test.c:515:1: enter_function: entry to ‘p11_test_directory_delete’
p11-kit-0.25.8/common/test.c:523:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/test.c:523:12: branch_false: ...to here
p11-kit-0.25.8/common/test.c:528:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/common/test.c:529:29: branch_true: ...to here
p11-kit-0.25.8/common/test.c:533:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/test.c:535:21: branch_false: ...to here
p11-kit-0.25.8/common/test.c:535:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/test.c:537:21: branch_false: ...to here
p11-kit-0.25.8/common/test.c:537:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/common/test.c:540:25: branch_false: ...to here
p11-kit-0.25.8/common/test.c:540:25: call_function: calling ‘p11_test_file_delete’ from ‘p11_test_directory_delete’
p11-kit-0.25.8/common/test.c:540:25: return_function: returning to ‘p11_test_directory_delete’ from ‘p11_test_file_delete’
p11-kit-0.25.8/common/test.c:546:13: danger: argument 1 (‘directory’) NULL where non-null expected
#  544|   	closedir (dir);
#  545|   
#  546|-> 	if (rmdir (directory) < 0) {
#  547|   		printf ("# Couldn't remove directory: %s\n", directory);
#  548|   		assert_not_reached ();

Error: COMPILER_WARNING (CWE-704): [#def96]
p11-kit-0.25.8/common/url.c: scope_hint: In function ‘p11_url_decode’
p11-kit-0.25.8/common/url.c:79:27: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#   79 |                         a = strchr (HEX_CHARS_UPPER, p11_ascii_toupper (value[0]));
#      |                           ^
#   77|   				return NULL;
#   78|   			}
#   79|-> 			a = strchr (HEX_CHARS_UPPER, p11_ascii_toupper (value[0]));
#   80|   			b = strchr (HEX_CHARS_UPPER, p11_ascii_toupper (value[1]));
#   81|   			if (!a || !b) {

Error: COMPILER_WARNING (CWE-704): [#def97]
p11-kit-0.25.8/common/url.c:79:27: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#   77|   				return NULL;
#   78|   			}
#   79|-> 			a = strchr (HEX_CHARS_UPPER, p11_ascii_toupper (value[0]));
#   80|   			b = strchr (HEX_CHARS_UPPER, p11_ascii_toupper (value[1]));
#   81|   			if (!a || !b) {

Error: COMPILER_WARNING (CWE-704): [#def98]
p11-kit-0.25.8/common/url.c:80:27: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#   80 |                         b = strchr (HEX_CHARS_UPPER, p11_ascii_toupper (value[1]));
#      |                           ^
#   78|   			}
#   79|   			a = strchr (HEX_CHARS_UPPER, p11_ascii_toupper (value[0]));
#   80|-> 			b = strchr (HEX_CHARS_UPPER, p11_ascii_toupper (value[1]));
#   81|   			if (!a || !b) {
#   82|   				free (result);

Error: COMPILER_WARNING (CWE-704): [#def99]
p11-kit-0.25.8/common/url.c:80:27: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#   78|   			}
#   79|   			a = strchr (HEX_CHARS_UPPER, p11_ascii_toupper (value[0]));
#   80|-> 			b = strchr (HEX_CHARS_UPPER, p11_ascii_toupper (value[1]));
#   81|   			if (!a || !b) {
#   82|   				free (result);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def100]
p11-kit-0.25.8/p11-kit/client.c:174:22: warning[-Wanalyzer-malloc-leak]: leak of ‘address’
p11-kit-0.25.8/p11-kit/client.c:150:1: enter_function: entry to ‘get_interface_inlock’
p11-kit-0.25.8/p11-kit/client.c:157:9: branch_true: following ‘true’ branch (when ‘interface’ is non-NULL)...
p11-kit-0.25.8/p11-kit/client.c:158:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/client.c:158:9: branch_true: following ‘true’ branch (when ‘version’ is non-NULL)...
p11-kit-0.25.8/p11-kit/client.c:160:13: branch_true: ...to here
p11-kit-0.25.8/p11-kit/client.c:164:14: call_function: calling ‘get_server_address’ from ‘get_interface_inlock’
p11-kit-0.25.8/p11-kit/client.c:164:14: return_function: returning to ‘get_interface_inlock’ from ‘get_server_address’
p11-kit-0.25.8/p11-kit/client.c:165:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/client.c:168:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/client.c:169:12: branch_false: following ‘false’ branch (when ‘state’ is non-NULL)...
p11-kit-0.25.8/p11-kit/client.c:174:22: branch_false: ...to here
p11-kit-0.25.8/p11-kit/client.c:174:22: throw: if ‘p11_rpc_transport_new’ throws an exception...
p11-kit-0.25.8/p11-kit/client.c:174:22: danger: ‘address’ leaks here; was allocated at [(10)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/9)
#  172|   	}
#  173|   
#  174|-> 	state->rpc = p11_rpc_transport_new (&state->virt, address, "client");
#  175|   	if (!state->rpc) {
#  176|   		rv = CKR_GENERAL_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def101]
p11-kit-0.25.8/p11-kit/client.c:174:22: warning[-Wanalyzer-malloc-leak]: leak of ‘state’
p11-kit-0.25.8/p11-kit/client.c:157:9: branch_true: following ‘true’ branch (when ‘interface’ is non-NULL)...
p11-kit-0.25.8/p11-kit/client.c:158:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/client.c:158:9: branch_true: following ‘true’ branch (when ‘version’ is non-NULL)...
p11-kit-0.25.8/p11-kit/client.c:160:13: branch_true: ...to here
p11-kit-0.25.8/p11-kit/client.c:165:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/client.c:168:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/client.c:168:17: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/client.c:169:12: branch_false: following ‘false’ branch (when ‘state’ is non-NULL)...
p11-kit-0.25.8/p11-kit/client.c:174:22: branch_false: ...to here
p11-kit-0.25.8/p11-kit/client.c:174:22: throw: if ‘p11_rpc_transport_new’ throws an exception...
p11-kit-0.25.8/p11-kit/client.c:174:22: danger: ‘state’ leaks here; was allocated at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  172|   	}
#  173|   
#  174|-> 	state->rpc = p11_rpc_transport_new (&state->virt, address, "client");
#  175|   	if (!state->rpc) {
#  176|   		rv = CKR_GENERAL_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def102]
p11-kit-0.25.8/p11-kit/client.c:186:18: warning[-Wanalyzer-malloc-leak]: leak of ‘address’
p11-kit-0.25.8/p11-kit/client.c:150:1: enter_function: entry to ‘get_interface_inlock’
p11-kit-0.25.8/p11-kit/client.c:157:9: branch_true: following ‘true’ branch (when ‘interface’ is non-NULL)...
p11-kit-0.25.8/p11-kit/client.c:158:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/client.c:158:9: branch_true: following ‘true’ branch (when ‘version’ is non-NULL)...
p11-kit-0.25.8/p11-kit/client.c:160:13: branch_true: ...to here
p11-kit-0.25.8/p11-kit/client.c:164:14: call_function: calling ‘get_server_address’ from ‘get_interface_inlock’
p11-kit-0.25.8/p11-kit/client.c:164:14: return_function: returning to ‘get_interface_inlock’ from ‘get_server_address’
p11-kit-0.25.8/p11-kit/client.c:165:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/client.c:168:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/client.c:169:12: branch_false: following ‘false’ branch (when ‘state’ is non-NULL)...
p11-kit-0.25.8/p11-kit/client.c:174:22: branch_false: ...to here
p11-kit-0.25.8/p11-kit/client.c:175:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/client.c:184:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/client.c:186:18: throw: if ‘p11_virtual_wrap’ throws an exception...
p11-kit-0.25.8/p11-kit/client.c:186:18: danger: ‘address’ leaks here; was allocated at [(10)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/9)
#  184|   	state->virt.funcs.version = *version;
#  185|   
#  186|-> 	module = p11_virtual_wrap (&state->virt,
#  187|   				   (p11_destroyer)p11_virtual_uninit);
#  188|   	if (!module) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def103]
p11-kit-0.25.8/p11-kit/conf.c:124:16: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
p11-kit-0.25.8/p11-kit/conf.c:352:1: enter_function: entry to ‘load_config_from_file’
p11-kit-0.25.8/p11-kit/conf.c:363:9: branch_true: following ‘true’ branch (when ‘configfile’ is non-NULL)...
p11-kit-0.25.8/p11-kit/conf.c:365:15: branch_true: ...to here
p11-kit-0.25.8/p11-kit/conf.c:365:15: call_function: calling ‘calc_name_from_filename’ from ‘load_config_from_file’
p11-kit-0.25.8/p11-kit/conf.c:365:15: return_function: returning to ‘load_config_from_file’ from ‘calc_name_from_filename’
p11-kit-0.25.8/p11-kit/conf.c:366:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/conf.c:372:18: branch_false: ...to here
p11-kit-0.25.8/p11-kit/conf.c:372:18: call_function: calling ‘_p11_conf_parse_file’ from ‘load_config_from_file’
#  122|   	p11_debug ("reading config file: %s", filename);
#  123|   
#  124|-> 	mmap = p11_mmap_open (filename, sb, &data, &length);
#  125|   	if (mmap == NULL) {
#  126|   		error = errno;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def104]
p11-kit-0.25.8/p11-kit/conf.c:136:25: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
p11-kit-0.25.8/p11-kit/conf.c:352:1: enter_function: entry to ‘load_config_from_file’
p11-kit-0.25.8/p11-kit/conf.c:363:9: branch_true: following ‘true’ branch (when ‘configfile’ is non-NULL)...
p11-kit-0.25.8/p11-kit/conf.c:365:15: branch_true: ...to here
p11-kit-0.25.8/p11-kit/conf.c:365:15: call_function: calling ‘calc_name_from_filename’ from ‘load_config_from_file’
p11-kit-0.25.8/p11-kit/conf.c:365:15: return_function: returning to ‘load_config_from_file’ from ‘calc_name_from_filename’
p11-kit-0.25.8/p11-kit/conf.c:366:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/conf.c:372:18: branch_false: ...to here
p11-kit-0.25.8/p11-kit/conf.c:372:18: call_function: calling ‘_p11_conf_parse_file’ from ‘load_config_from_file’
#  134|   
#  135|   		} else {
#  136|-> 			p11_message_err (error, "couldn't open config file: %s", filename);
#  137|   			errno = error;
#  138|   			return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def105]
p11-kit-0.25.8/p11-kit/conf.c:142:15: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
p11-kit-0.25.8/p11-kit/conf.c:352:1: enter_function: entry to ‘load_config_from_file’
p11-kit-0.25.8/p11-kit/conf.c:363:9: branch_true: following ‘true’ branch (when ‘configfile’ is non-NULL)...
p11-kit-0.25.8/p11-kit/conf.c:365:15: branch_true: ...to here
p11-kit-0.25.8/p11-kit/conf.c:365:15: call_function: calling ‘calc_name_from_filename’ from ‘load_config_from_file’
p11-kit-0.25.8/p11-kit/conf.c:365:15: return_function: returning to ‘load_config_from_file’ from ‘calc_name_from_filename’
p11-kit-0.25.8/p11-kit/conf.c:366:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/conf.c:372:18: branch_false: ...to here
p11-kit-0.25.8/p11-kit/conf.c:372:18: call_function: calling ‘_p11_conf_parse_file’ from ‘load_config_from_file’
#  140|   	}
#  141|   
#  142|-> 	map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free);
#  143|   	return_val_if_fail (map != NULL, NULL);
#  144|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def106]
p11-kit-0.25.8/p11-kit/conf.c:143:9: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
p11-kit-0.25.8/p11-kit/conf.c:352:1: enter_function: entry to ‘load_config_from_file’
p11-kit-0.25.8/p11-kit/conf.c:363:9: branch_true: following ‘true’ branch (when ‘configfile’ is non-NULL)...
p11-kit-0.25.8/p11-kit/conf.c:365:15: branch_true: ...to here
p11-kit-0.25.8/p11-kit/conf.c:365:15: call_function: calling ‘calc_name_from_filename’ from ‘load_config_from_file’
p11-kit-0.25.8/p11-kit/conf.c:365:15: return_function: returning to ‘load_config_from_file’ from ‘calc_name_from_filename’
p11-kit-0.25.8/p11-kit/conf.c:366:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/conf.c:372:18: branch_false: ...to here
p11-kit-0.25.8/p11-kit/conf.c:372:18: call_function: calling ‘_p11_conf_parse_file’ from ‘load_config_from_file’
#  141|   
#  142|   	map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free);
#  143|-> 	return_val_if_fail (map != NULL, NULL);
#  144|   
#  145|   	/* Empty config fall through above */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def107]
p11-kit-0.25.8/p11-kit/conf.c:149:9: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
p11-kit-0.25.8/p11-kit/conf.c:352:1: enter_function: entry to ‘load_config_from_file’
p11-kit-0.25.8/p11-kit/conf.c:363:9: branch_true: following ‘true’ branch (when ‘configfile’ is non-NULL)...
p11-kit-0.25.8/p11-kit/conf.c:365:15: branch_true: ...to here
p11-kit-0.25.8/p11-kit/conf.c:365:15: call_function: calling ‘calc_name_from_filename’ from ‘load_config_from_file’
p11-kit-0.25.8/p11-kit/conf.c:365:15: return_function: returning to ‘load_config_from_file’ from ‘calc_name_from_filename’
p11-kit-0.25.8/p11-kit/conf.c:366:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/conf.c:372:18: branch_false: ...to here
p11-kit-0.25.8/p11-kit/conf.c:372:18: call_function: calling ‘_p11_conf_parse_file’ from ‘load_config_from_file’
#  147|   		return map;
#  148|   
#  149|-> 	p11_lexer_init (&lexer, filename, data, length);
#  150|   	while (p11_lexer_next (&lexer, &failed)) {
#  151|   		switch (lexer.tok_type) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def108]
p11-kit-0.25.8/p11-kit/conf.c:150:16: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
p11-kit-0.25.8/p11-kit/conf.c:352:1: enter_function: entry to ‘load_config_from_file’
p11-kit-0.25.8/p11-kit/conf.c:363:9: branch_true: following ‘true’ branch (when ‘configfile’ is non-NULL)...
p11-kit-0.25.8/p11-kit/conf.c:365:15: branch_true: ...to here
p11-kit-0.25.8/p11-kit/conf.c:365:15: call_function: calling ‘calc_name_from_filename’ from ‘load_config_from_file’
p11-kit-0.25.8/p11-kit/conf.c:365:15: return_function: returning to ‘load_config_from_file’ from ‘calc_name_from_filename’
p11-kit-0.25.8/p11-kit/conf.c:366:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/conf.c:372:18: branch_false: ...to here
p11-kit-0.25.8/p11-kit/conf.c:372:18: call_function: calling ‘_p11_conf_parse_file’ from ‘load_config_from_file’
#  148|   
#  149|   	p11_lexer_init (&lexer, filename, data, length);
#  150|-> 	while (p11_lexer_next (&lexer, &failed)) {
#  151|   		switch (lexer.tok_type) {
#  152|   		case TOK_FIELD:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def109]
p11-kit-0.25.8/p11-kit/conf.c:155:30: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
p11-kit-0.25.8/p11-kit/conf.c:352:1: enter_function: entry to ‘load_config_from_file’
p11-kit-0.25.8/p11-kit/conf.c:363:9: branch_true: following ‘true’ branch (when ‘configfile’ is non-NULL)...
p11-kit-0.25.8/p11-kit/conf.c:365:15: branch_true: ...to here
p11-kit-0.25.8/p11-kit/conf.c:365:15: call_function: calling ‘calc_name_from_filename’ from ‘load_config_from_file’
p11-kit-0.25.8/p11-kit/conf.c:365:15: return_function: returning to ‘load_config_from_file’ from ‘calc_name_from_filename’
p11-kit-0.25.8/p11-kit/conf.c:366:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/conf.c:372:18: branch_false: ...to here
p11-kit-0.25.8/p11-kit/conf.c:372:18: call_function: calling ‘_p11_conf_parse_file’ from ‘load_config_from_file’
#  153|   			p11_debug ("config value: %s: %s", lexer.tok.field.name,
#  154|   			           lexer.tok.field.value);
#  155|-> 			if (!p11_dict_set (map, lexer.tok.field.name, lexer.tok.field.value))
#  156|   				return_val_if_reached (NULL);
#  157|   			lexer.tok.field.name = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def110]
p11-kit-0.25.8/p11-kit/conf.c:156:33: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
p11-kit-0.25.8/p11-kit/conf.c:352:1: enter_function: entry to ‘load_config_from_file’
p11-kit-0.25.8/p11-kit/conf.c:363:9: branch_true: following ‘true’ branch (when ‘configfile’ is non-NULL)...
p11-kit-0.25.8/p11-kit/conf.c:365:15: branch_true: ...to here
p11-kit-0.25.8/p11-kit/conf.c:365:15: call_function: calling ‘calc_name_from_filename’ from ‘load_config_from_file’
p11-kit-0.25.8/p11-kit/conf.c:365:15: return_function: returning to ‘load_config_from_file’ from ‘calc_name_from_filename’
p11-kit-0.25.8/p11-kit/conf.c:366:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/conf.c:372:18: branch_false: ...to here
p11-kit-0.25.8/p11-kit/conf.c:372:18: call_function: calling ‘_p11_conf_parse_file’ from ‘load_config_from_file’
#  154|   			           lexer.tok.field.value);
#  155|   			if (!p11_dict_set (map, lexer.tok.field.name, lexer.tok.field.value))
#  156|-> 				return_val_if_reached (NULL);
#  157|   			lexer.tok.field.name = NULL;
#  158|   			lexer.tok.field.value = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def111]
p11-kit-0.25.8/p11-kit/conf.c:432:22: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(directory)’
p11-kit-0.25.8/p11-kit/conf.c:415:15: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/conf.c:416:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/conf.c:416:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/conf.c:432:22: throw: if ‘readdir’ throws an exception...
p11-kit-0.25.8/p11-kit/conf.c:432:22: danger: ‘opendir(directory)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  430|   	}
#  431|   
#  432|-> 	while ((dp = readdir(dir)) != NULL) {
#  433|   		path = p11_path_build (directory, dp->d_name, NULL);
#  434|   		return_val_if_fail (path != NULL, false);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def112]
p11-kit-0.25.8/p11-kit/filter.c:400:9: warning[-Wanalyzer-malloc-leak]: leak of ‘filter’
p11-kit-0.25.8/p11-kit/filter.c:384:18: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/filter.c:385:9: branch_true: following ‘true’ branch (when ‘filter’ is non-NULL)...
p11-kit-0.25.8/p11-kit/filter.c:387:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/filter.c:400:9: throw: if ‘p11_virtual_init’ throws an exception...
p11-kit-0.25.8/p11-kit/filter.c:400:9: danger: ‘filter’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  398|   	functions.C_CloseAllSessions = filter_C_CloseAllSessions;
#  399|   
#  400|-> 	p11_virtual_init (&filter->virt, &functions, lower, destroyer);
#  401|   	filter->lower = &lower->funcs;
#  402|   	filter->entries = p11_array_new ((p11_destroyer)free);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def113]
p11-kit-0.25.8/p11-kit/import-object.c:377:18: warning[-Wanalyzer-malloc-leak]: leak of ‘attr_ec_point.pValue’
p11-kit-0.25.8/p11-kit/import-object.c:332:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/import-object.c:342:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/import-object.c:348:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/import-object.c:356:13: branch_false: ...to here
p11-kit-0.25.8/p11-kit/import-object.c:356:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/import-object.c:360:22: branch_false: ...to here
p11-kit-0.25.8/p11-kit/import-object.c:362:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/import-object.c:368:36: branch_false: ...to here
p11-kit-0.25.8/p11-kit/import-object.c:369:32: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/import-object.c:370:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/import-object.c:374:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/import-object.c:377:18: throw: if ‘p11_attrs_build’ throws an exception...
p11-kit-0.25.8/p11-kit/import-object.c:377:18: danger: ‘attr_ec_point.pValue’ leaks here; was allocated at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#  375|   	memcpy ((char *)attr_ec_point.pValue + ec_point_tl_len, ec_point, ec_point_len);
#  376|   
#  377|-> 	result = p11_attrs_build (attrs, &attr_key_type, &attr_ec_params, &attr_ec_point, NULL);
#  378|   	if (result == NULL) {
#  379|   		p11_message (_("failed to allocate memory"));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def114]
p11-kit-0.25.8/p11-kit/list-mechanisms.c:185:14: warning[-Wanalyzer-malloc-leak]: leak of ‘mechanisms_new’
p11-kit-0.25.8/p11-kit/list-mechanisms.c:144:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/list-mechanisms.c:149:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/list-mechanisms.c:150:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/list-mechanisms.c:158:18: branch_false: ...to here
p11-kit-0.25.8/p11-kit/list-mechanisms.c:159:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/list-mechanisms.c:164:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/list-mechanisms.c:167:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/list-mechanisms.c:172:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/list-mechanisms.c:173:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/list-mechanisms.c:178:26: branch_false: ...to here
p11-kit-0.25.8/p11-kit/list-mechanisms.c:178:26: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/list-mechanisms.c:179:12: branch_false: following ‘false’ branch (when ‘mechanisms_new’ is non-NULL)...
p11-kit-0.25.8/p11-kit/list-mechanisms.c:185:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/list-mechanisms.c:185:14: throw: if the called function throws an exception...
p11-kit-0.25.8/p11-kit/list-mechanisms.c:185:14: danger: ‘mechanisms_new’ leaks here; was allocated at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10)
#  183|   	mechanisms = mechanisms_new;
#  184|   
#  185|-> 	rv = module->C_GetMechanismList (slot, mechanisms, &mechanisms_count);
#  186|   	if (rv != CKR_OK) {
#  187|   		p11_message (_("querying mechanisms failed: %s"), p11_kit_strerror (rv));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def115]
p11-kit-0.25.8/p11-kit/lists.c:243:14: warning[-Wanalyzer-malloc-leak]: leak of ‘slot_list’
p11-kit-0.25.8/p11-kit/lists.c:232:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/lists.c:237:21: branch_false: ...to here
p11-kit-0.25.8/p11-kit/lists.c:237:21: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/lists.c:238:12: branch_false: following ‘false’ branch (when ‘slot_list’ is non-NULL)...
p11-kit-0.25.8/p11-kit/lists.c:243:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/lists.c:243:14: throw: if the called function throws an exception...
p11-kit-0.25.8/p11-kit/lists.c:243:14: danger: ‘slot_list’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  241|   	}
#  242|   
#  243|-> 	rv = (module->C_GetSlotList) (CK_TRUE, slot_list, &count);
#  244|   	if (rv != CKR_OK) {
#  245|   		p11_message (_("couldn't load module info: %s"),

Error: GCC_ANALYZER_WARNING (CWE-401): [#def116]
p11-kit-0.25.8/p11-kit/log.c:2453:9: warning[-Wanalyzer-malloc-leak]: leak of ‘log’
p11-kit-0.25.8/p11-kit/log.c:2450:15: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/log.c:2451:9: branch_true: following ‘true’ branch (when ‘log’ is non-NULL)...
p11-kit-0.25.8/p11-kit/log.c:2453:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/log.c:2453:9: throw: if ‘p11_virtual_init’ throws an exception...
p11-kit-0.25.8/p11-kit/log.c:2453:9: danger: ‘log’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
# 2451|   	return_val_if_fail (log != NULL, NULL);
# 2452|   
# 2453|-> 	p11_virtual_init (&log->virt, &log_functions, lower, destroyer);
# 2454|   	log->lower = &lower->funcs;
# 2455|   	return &log->virt;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def117]
p11-kit-0.25.8/p11-kit/modules.c:602:21: warning[-Wanalyzer-malloc-leak]: leak of ‘modules’
p11-kit-0.25.8/p11-kit/modules.c:2076:1: enter_function: entry to ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2086:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2089:14: call_function: inlined call to ‘load_registered_modules_unlocked’ from ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2093:27: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2093:19: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/modules.c:2094:9: branch_true: following ‘true’ branch (when ‘modules’ is non-NULL)...
p11-kit-0.25.8/p11-kit/modules.c:2099:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2100:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2113:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2113:36: call_function: calling ‘is_module_enabled_unlocked’ from ‘p11_modules_load_inlock_reentrant’
#  600|   	bool enable = false;
#  601|   
#  602|-> 	enable_in = p11_dict_get (config, "enable-in");
#  603|   	disable_in = p11_dict_get (config, "disable-in");
#  604|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def118]
p11-kit-0.25.8/p11-kit/modules.c:603:22: warning[-Wanalyzer-malloc-leak]: leak of ‘modules’
p11-kit-0.25.8/p11-kit/modules.c:2076:1: enter_function: entry to ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2086:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2089:14: call_function: inlined call to ‘load_registered_modules_unlocked’ from ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2093:27: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2093:19: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/modules.c:2094:9: branch_true: following ‘true’ branch (when ‘modules’ is non-NULL)...
p11-kit-0.25.8/p11-kit/modules.c:2099:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2100:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2113:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2113:36: call_function: calling ‘is_module_enabled_unlocked’ from ‘p11_modules_load_inlock_reentrant’
#  601|   
#  602|   	enable_in = p11_dict_get (config, "enable-in");
#  603|-> 	disable_in = p11_dict_get (config, "disable-in");
#  604|   
#  605|   	/* Defaults to enabled if neither of these are set */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def119]
p11-kit-0.25.8/p11-kit/modules.c:609:20: warning[-Wanalyzer-malloc-leak]: leak of ‘modules’
p11-kit-0.25.8/p11-kit/modules.c:2076:1: enter_function: entry to ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2086:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2089:14: call_function: inlined call to ‘load_registered_modules_unlocked’ from ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2093:27: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2093:19: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/modules.c:2094:9: branch_true: following ‘true’ branch (when ‘modules’ is non-NULL)...
p11-kit-0.25.8/p11-kit/modules.c:2099:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2100:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2113:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2113:36: call_function: calling ‘is_module_enabled_unlocked’ from ‘p11_modules_load_inlock_reentrant’
#  607|   		return true;
#  608|   
#  609|-> 	progname = _p11_get_progname_unlocked ();
#  610|   	if (enable_in && disable_in)
#  611|   		p11_message (_("module '%s' has both enable-in and disable-in options"), name);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def120]
p11-kit-0.25.8/p11-kit/modules.c:611:17: warning[-Wanalyzer-malloc-leak]: leak of ‘modules’
p11-kit-0.25.8/p11-kit/modules.c:2076:1: enter_function: entry to ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2086:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2089:14: call_function: inlined call to ‘load_registered_modules_unlocked’ from ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2093:27: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2093:19: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/modules.c:2094:9: branch_true: following ‘true’ branch (when ‘modules’ is non-NULL)...
p11-kit-0.25.8/p11-kit/modules.c:2099:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2100:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2113:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2113:36: call_function: calling ‘is_module_enabled_unlocked’ from ‘p11_modules_load_inlock_reentrant’
#  609|   	progname = _p11_get_progname_unlocked ();
#  610|   	if (enable_in && disable_in)
#  611|-> 		p11_message (_("module '%s' has both enable-in and disable-in options"), name);
#  612|   	if (enable_in) {
#  613|   		enable = (progname != NULL &&

Error: GCC_ANALYZER_WARNING (CWE-401): [#def121]
p11-kit-0.25.8/p11-kit/modules.c:1221:9: warning[-Wanalyzer-malloc-leak]: leak of ‘modules’
p11-kit-0.25.8/p11-kit/modules.c:2076:1: enter_function: entry to ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2086:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2089:14: call_function: inlined call to ‘load_registered_modules_unlocked’ from ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2093:27: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2093:19: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/modules.c:2094:9: branch_true: following ‘true’ branch (when ‘modules’ is non-NULL)...
p11-kit-0.25.8/p11-kit/modules.c:2099:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2127:12: branch_false: following ‘false’ branch (when ‘rv == 0’)...
p11-kit-0.25.8/p11-kit/modules.c:2132:9: call_function: inlined call to ‘sort_modules_by_priority’ from ‘p11_modules_load_inlock_reentrant’
# 1219|                             int count)
# 1220|   {
# 1221|-> 	qsort (modules, count, sizeof (CK_FUNCTION_LIST_PTR), compar_priority);
# 1222|   }
# 1223|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def122]
p11-kit-0.25.8/p11-kit/modules.c:1354:21: warning[-Wanalyzer-malloc-leak]: leak of ‘p11_kit_module_get_name(*<unknown>)’
p11-kit-0.25.8/p11-kit/modules.c:2364:1: enter_function: entry to ‘p11_kit_modules_finalize’
p11-kit-0.25.8/p11-kit/modules.c:2373:21: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2374:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2375:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2376:32: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2376:32: call_function: calling ‘p11_kit_module_get_name’ from ‘p11_kit_modules_finalize’
p11-kit-0.25.8/p11-kit/modules.c:2376:32: return_function: returning to ‘p11_kit_modules_finalize’ from ‘p11_kit_module_get_name’
p11-kit-0.25.8/p11-kit/modules.c:2377:25: throw: if ‘p11_kit_strerror’ throws an exception...
p11-kit-0.25.8/p11-kit/modules.c:1354:21: danger: ‘p11_kit_module_get_name(*<unknown>)’ leaks here; was allocated at [(14)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/13)
# 1352|   		p11_message_clear ();
# 1353|   
# 1354|-> 		if (gl.modules) {
# 1355|   			mod = module_for_functions_inlock (module);
# 1356|   			if (mod && mod->name)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def123]
p11-kit-0.25.8/p11-kit/modules.c:1354:21: warning[-Wanalyzer-malloc-leak]: leak of ‘p11_kit_module_get_name(module)’
p11-kit-0.25.8/p11-kit/modules.c:2779:1: enter_function: entry to ‘p11_kit_module_finalize’
p11-kit-0.25.8/p11-kit/modules.c:2784:9: branch_true: following ‘true’ branch (when ‘module’ is non-NULL)...
p11-kit-0.25.8/p11-kit/modules.c:2786:14: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2787:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2788:24: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2788:24: call_function: calling ‘p11_kit_module_get_name’ from ‘p11_kit_module_finalize’
p11-kit-0.25.8/p11-kit/modules.c:2788:24: return_function: returning to ‘p11_kit_module_finalize’ from ‘p11_kit_module_get_name’
p11-kit-0.25.8/p11-kit/modules.c:2789:17: throw: if ‘p11_kit_strerror’ throws an exception...
p11-kit-0.25.8/p11-kit/modules.c:1354:21: danger: ‘p11_kit_module_get_name(module)’ leaks here; was allocated at [(14)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/13)
# 1352|   		p11_message_clear ();
# 1353|   
# 1354|-> 		if (gl.modules) {
# 1355|   			mod = module_for_functions_inlock (module);
# 1356|   			if (mod && mod->name)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def124]
p11-kit-0.25.8/p11-kit/modules.c:1417:16: warning[-Wanalyzer-malloc-leak]: leak of ‘modules’
p11-kit-0.25.8/p11-kit/modules.c:2076:1: enter_function: entry to ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2086:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2089:14: call_function: inlined call to ‘load_registered_modules_unlocked’ from ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2093:27: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2093:19: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/modules.c:2094:9: branch_true: following ‘true’ branch (when ‘modules’ is non-NULL)...
p11-kit-0.25.8/p11-kit/modules.c:2099:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2100:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2113:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2116:22: call_function: calling ‘prepare_module_inlock_reentrant’ from ‘p11_modules_load_inlock_reentrant’
# 1415|   	if (config == NULL)
# 1416|   		return NULL;
# 1417|-> 	return p11_dict_get (config, option);
# 1418|   }
# 1419|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def125]
p11-kit-0.25.8/p11-kit/modules.c:1417:16: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/p11-kit/modules.c:2247:1: enter_function: entry to ‘p11_kit_modules_initialize’
p11-kit-0.25.8/p11-kit/modules.c:2258:30: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2259:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2260:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2261:32: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2262:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2263:40: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2263:40: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/modules.c:2264:25: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/modules.c:2265:37: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2265:37: call_function: calling ‘p11_kit_module_get_flags’ from ‘p11_kit_modules_initialize’
# 1415|   	if (config == NULL)
# 1416|   		return NULL;
# 1417|-> 	return p11_dict_get (config, option);
# 1418|   }
# 1419|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def126]
p11-kit-0.25.8/p11-kit/modules.c:1443:9: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/p11-kit/modules.c:2247:1: enter_function: entry to ‘p11_kit_modules_initialize’
p11-kit-0.25.8/p11-kit/modules.c:2258:30: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2259:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2260:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2261:32: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2262:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2263:40: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2263:40: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/modules.c:2264:25: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/modules.c:2265:37: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2265:37: call_function: calling ‘p11_kit_module_get_flags’ from ‘p11_kit_modules_initialize’
# 1441|   	int flags = 0;
# 1442|   
# 1443|-> 	return_val_if_fail (module != NULL, 0);
# 1444|   
# 1445|   	p11_library_init_once ();

Error: GCC_ANALYZER_WARNING (CWE-401): [#def127]
p11-kit-0.25.8/p11-kit/modules.c:1449:17: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/p11-kit/modules.c:2247:1: enter_function: entry to ‘p11_kit_modules_initialize’
p11-kit-0.25.8/p11-kit/modules.c:2258:30: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2259:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2260:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2261:32: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2262:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2263:40: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2263:40: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/modules.c:2264:25: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/modules.c:2265:37: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2265:37: call_function: calling ‘p11_kit_module_get_flags’ from ‘p11_kit_modules_initialize’
# 1447|   	p11_lock ();
# 1448|   
# 1449|-> 		p11_message_clear ();
# 1450|   
# 1451|   		if (gl.modules) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def128]
p11-kit-0.25.8/p11-kit/modules.c:1452:29: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/p11-kit/modules.c:2247:1: enter_function: entry to ‘p11_kit_modules_initialize’
p11-kit-0.25.8/p11-kit/modules.c:2258:30: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2259:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2260:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2261:32: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2262:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2263:40: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2263:40: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/modules.c:2264:25: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/modules.c:2265:37: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2265:37: call_function: calling ‘p11_kit_module_get_flags’ from ‘p11_kit_modules_initialize’
# 1450|   
# 1451|   		if (gl.modules) {
# 1452|-> 			if (p11_virtual_is_wrapper (module)) {
# 1453|   				mod = p11_dict_get (gl.managed_by_closure, module);
# 1454|   			} else {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def129]
p11-kit-0.25.8/p11-kit/modules.c:1453:39: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/p11-kit/modules.c:2247:1: enter_function: entry to ‘p11_kit_modules_initialize’
p11-kit-0.25.8/p11-kit/modules.c:2258:30: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2259:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2260:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2261:32: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2262:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2263:40: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2263:40: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/modules.c:2264:25: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/modules.c:2265:37: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2265:37: call_function: calling ‘p11_kit_module_get_flags’ from ‘p11_kit_modules_initialize’
# 1451|   		if (gl.modules) {
# 1452|   			if (p11_virtual_is_wrapper (module)) {
# 1453|-> 				mod = p11_dict_get (gl.managed_by_closure, module);
# 1454|   			} else {
# 1455|   				flags |= P11_KIT_MODULE_UNMANAGED;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def130]
p11-kit-0.25.8/p11-kit/modules.c:1456:39: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/p11-kit/modules.c:2247:1: enter_function: entry to ‘p11_kit_modules_initialize’
p11-kit-0.25.8/p11-kit/modules.c:2258:30: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2259:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2260:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2261:32: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2262:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2263:40: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2263:40: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/modules.c:2264:25: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/modules.c:2265:37: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2265:37: call_function: calling ‘p11_kit_module_get_flags’ from ‘p11_kit_modules_initialize’
# 1454|   			} else {
# 1455|   				flags |= P11_KIT_MODULE_UNMANAGED;
# 1456|-> 				mod = p11_dict_get (gl.unmanaged_by_funcs, module);
# 1457|   			}
# 1458|   			if (!mod || mod->critical)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def131]
p11-kit-0.25.8/p11-kit/modules.c:1462:37: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/p11-kit/modules.c:2247:1: enter_function: entry to ‘p11_kit_modules_initialize’
p11-kit-0.25.8/p11-kit/modules.c:2258:30: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2259:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2260:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2261:32: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2262:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2263:40: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2263:40: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/modules.c:2264:25: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/modules.c:2265:37: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2265:37: call_function: calling ‘p11_kit_module_get_flags’ from ‘p11_kit_modules_initialize’
# 1460|   			if (mod) {
# 1461|   				trusted = module_get_option_inlock (mod, "trust-policy");
# 1462|-> 				if (_p11_conf_parse_boolean (trusted, false))
# 1463|   					flags |= P11_KIT_MODULE_TRUSTED;
# 1464|   			}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def132]
p11-kit-0.25.8/p11-kit/modules.c:1749:9: warning[-Wanalyzer-malloc-leak]: leak of ‘stolen’
p11-kit-0.25.8/p11-kit/modules.c:1884:1: enter_function: entry to ‘managed_C_CloseAllSessions’
p11-kit-0.25.8/p11-kit/modules.c:1892:18: call_function: calling ‘managed_steal_sessions_inlock’ from ‘managed_C_CloseAllSessions’
# 1747|   
# 1748|   	at = 0;
# 1749|-> 	p11_dict_iterate (sessions, &iter);
# 1750|   	while (p11_dict_next (&iter, (void **)&key, (void **)&value)) {
# 1751|   		if (!matching_slot_id || slot_id == *value)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def133]
p11-kit-0.25.8/p11-kit/modules.c:1750:16: warning[-Wanalyzer-malloc-leak]: leak of ‘stolen’
p11-kit-0.25.8/p11-kit/modules.c:1884:1: enter_function: entry to ‘managed_C_CloseAllSessions’
p11-kit-0.25.8/p11-kit/modules.c:1892:18: call_function: calling ‘managed_steal_sessions_inlock’ from ‘managed_C_CloseAllSessions’
# 1748|   	at = 0;
# 1749|   	p11_dict_iterate (sessions, &iter);
# 1750|-> 	while (p11_dict_next (&iter, (void **)&key, (void **)&value)) {
# 1751|   		if (!matching_slot_id || slot_id == *value)
# 1752|   			stolen[at++] = *key;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def134]
p11-kit-0.25.8/p11-kit/modules.c:1756:19: warning[-Wanalyzer-malloc-leak]: leak of ‘stolen’
p11-kit-0.25.8/p11-kit/modules.c:1884:1: enter_function: entry to ‘managed_C_CloseAllSessions’
p11-kit-0.25.8/p11-kit/modules.c:1892:18: call_function: calling ‘managed_steal_sessions_inlock’ from ‘managed_C_CloseAllSessions’
# 1754|   
# 1755|   	/* Removed them all, clear the whole array */
# 1756|-> 	if (at == p11_dict_size (sessions)) {
# 1757|   		p11_dict_clear (sessions);
# 1758|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def135]
p11-kit-0.25.8/p11-kit/modules.c:1757:17: warning[-Wanalyzer-malloc-leak]: leak of ‘stolen’
p11-kit-0.25.8/p11-kit/modules.c:1884:1: enter_function: entry to ‘managed_C_CloseAllSessions’
p11-kit-0.25.8/p11-kit/modules.c:1892:18: call_function: calling ‘managed_steal_sessions_inlock’ from ‘managed_C_CloseAllSessions’
# 1755|   	/* Removed them all, clear the whole array */
# 1756|   	if (at == p11_dict_size (sessions)) {
# 1757|-> 		p11_dict_clear (sessions);
# 1758|   
# 1759|   	/* Only removed some, go through and remove those */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def136]
p11-kit-0.25.8/p11-kit/modules.c:1920:9: warning[-Wanalyzer-malloc-leak]: leak of ‘modules’
p11-kit-0.25.8/p11-kit/modules.c:2076:1: enter_function: entry to ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2086:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2089:14: call_function: inlined call to ‘load_registered_modules_unlocked’ from ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2093:27: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2093:19: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/modules.c:2094:9: branch_true: following ‘true’ branch (when ‘modules’ is non-NULL)...
p11-kit-0.25.8/p11-kit/modules.c:2099:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2100:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2113:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2116:22: call_function: calling ‘prepare_module_inlock_reentrant’ from ‘p11_modules_load_inlock_reentrant’
# 1918|   
# 1919|   	managed = calloc (1, sizeof (Managed));
# 1920|-> 	return_val_if_fail (managed != NULL, NULL);
# 1921|   
# 1922|   	p11_virtual_init (&managed->virt, &p11_virtual_stack,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def137]
p11-kit-0.25.8/p11-kit/modules.c:1922:9: warning[-Wanalyzer-malloc-leak]: leak of ‘managed’
p11-kit-0.25.8/p11-kit/modules.c:1919:19: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/modules.c:1920:9: branch_true: following ‘true’ branch (when ‘managed’ is non-NULL)...
p11-kit-0.25.8/p11-kit/modules.c:1923:27: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:1922:9: throw: if ‘p11_virtual_init’ throws an exception...
p11-kit-0.25.8/p11-kit/modules.c:1922:9: danger: ‘managed’ leaks here; was allocated at [(1)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/0)
# 1920|   	return_val_if_fail (managed != NULL, NULL);
# 1921|   
# 1922|-> 	p11_virtual_init (&managed->virt, &p11_virtual_stack,
# 1923|   	                  &mod->virt, NULL);
# 1924|   	managed->virt.funcs.C_Initialize = managed_C_Initialize;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def138]
p11-kit-0.25.8/p11-kit/modules.c:1953:17: warning[-Wanalyzer-malloc-leak]: leak of ‘modules’
p11-kit-0.25.8/p11-kit/modules.c:2076:1: enter_function: entry to ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2086:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2089:14: call_function: inlined call to ‘load_registered_modules_unlocked’ from ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2093:27: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2093:19: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/modules.c:2094:9: branch_true: following ‘true’ branch (when ‘modules’ is non-NULL)...
p11-kit-0.25.8/p11-kit/modules.c:2099:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2100:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2113:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2116:22: call_function: calling ‘prepare_module_inlock_reentrant’ from ‘p11_modules_load_inlock_reentrant’
# 1951|   	}
# 1952|   
# 1953|-> 	value = _p11_conf_parse_boolean (string, def_value);
# 1954|   
# 1955|   	if (!supported && value != supported) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def139]
p11-kit-0.25.8/p11-kit/modules.c:1959:11: warning[-Wanalyzer-malloc-leak]: leak of ‘modules’
p11-kit-0.25.8/p11-kit/modules.c:2076:1: enter_function: entry to ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2086:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2089:14: call_function: inlined call to ‘load_registered_modules_unlocked’ from ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2093:27: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2093:19: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/modules.c:2094:9: branch_true: following ‘true’ branch (when ‘modules’ is non-NULL)...
p11-kit-0.25.8/p11-kit/modules.c:2099:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2100:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2113:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2116:22: call_function: calling ‘prepare_module_inlock_reentrant’ from ‘p11_modules_load_inlock_reentrant’
# 1957|   	   * This is because the module is running in unmanaged mode, so turn off the
# 1958|   	   */
# 1959|-> 	  p11_message (_("the '%s' option for module '%s' is only supported for managed modules"),
# 1960|   		       option, mod->name);
# 1961|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def140]
p11-kit-0.25.8/p11-kit/modules.c:2034:22: warning[-Wanalyzer-malloc-leak]: leak of ‘modules’
p11-kit-0.25.8/p11-kit/modules.c:2076:1: enter_function: entry to ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2086:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2089:14: call_function: inlined call to ‘load_registered_modules_unlocked’ from ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2093:27: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2093:19: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/modules.c:2094:9: branch_true: following ‘true’ branch (when ‘modules’ is non-NULL)...
p11-kit-0.25.8/p11-kit/modules.c:2099:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2100:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2113:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2116:22: call_function: calling ‘prepare_module_inlock_reentrant’ from ‘p11_modules_load_inlock_reentrant’
# 2032|   	if (flags & P11_KIT_MODULE_TRUSTED) {
# 2033|   		trusted = module_get_option_inlock (mod, "trust-policy");
# 2034|-> 		if (!_p11_conf_parse_boolean (trusted, false))
# 2035|   			return CKR_FUNCTION_NOT_SUPPORTED;
# 2036|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def141]
p11-kit-0.25.8/p11-kit/modules.c:2099:9: warning[-Wanalyzer-malloc-leak]: leak of ‘modules’
p11-kit-0.25.8/p11-kit/modules.c:2076:1: enter_function: entry to ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2086:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2089:14: call_function: inlined call to ‘load_registered_modules_unlocked’ from ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2093:27: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2093:19: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/modules.c:2094:9: branch_true: following ‘true’ branch (when ‘modules’ is non-NULL)...
p11-kit-0.25.8/p11-kit/modules.c:2099:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2099:9: throw: if ‘p11_dict_iterate’ throws an exception...
p11-kit-0.25.8/p11-kit/modules.c:2099:9: danger: ‘modules’ leaks here; was allocated at [(7)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/6)
# 2097|   	rv = CKR_OK;
# 2098|   
# 2099|-> 	p11_dict_iterate (gl.modules, &iter);
# 2100|   	while (p11_dict_next (&iter, NULL, (void **)&mod)) {
# 2101|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def142]
p11-kit-0.25.8/p11-kit/modules.c:2100:16: warning[-Wanalyzer-malloc-leak]: leak of ‘modules’
p11-kit-0.25.8/p11-kit/modules.c:2076:1: enter_function: entry to ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2086:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/modules.c:2089:14: call_function: inlined call to ‘load_registered_modules_unlocked’ from ‘p11_modules_load_inlock_reentrant’
p11-kit-0.25.8/p11-kit/modules.c:2093:27: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2093:19: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/modules.c:2094:9: branch_true: following ‘true’ branch (when ‘modules’ is non-NULL)...
p11-kit-0.25.8/p11-kit/modules.c:2099:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/modules.c:2100:16: throw: if ‘p11_dict_next’ throws an exception...
p11-kit-0.25.8/p11-kit/modules.c:2100:16: danger: ‘modules’ leaks here; was allocated at [(7)](sarif:/runs/0/results/31/codeFlows/0/threadFlows/0/locations/6)
# 2098|   
# 2099|   	p11_dict_iterate (gl.modules, &iter);
# 2100|-> 	while (p11_dict_next (&iter, NULL, (void **)&mod)) {
# 2101|   
# 2102|   		/*

Error: GCC_ANALYZER_WARNING (CWE-401): [#def143]
p11-kit-0.25.8/p11-kit/p11-kit.c:139:9: warning[-Wanalyzer-malloc-leak]: leak of ‘args’
p11-kit-0.25.8/p11-kit/p11-kit.c:129:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/p11-kit.c:130:9: branch_true: following ‘true’ branch (when ‘args’ is non-NULL)...
p11-kit-0.25.8/p11-kit/p11-kit.c:132:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/p11-kit.c:139:9: throw: if ‘p11_message_err’ throws an exception...
p11-kit-0.25.8/p11-kit/p11-kit.c:139:9: danger: ‘args’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  137|   
#  138|   	/* At this point we have no command */
#  139|-> 	p11_message_err (errno, _("couldn't run trust tool"));
#  140|   
#  141|   	free (args);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def144]
p11-kit-0.25.8/p11-kit/pin.c:182:9: warning[-Wanalyzer-malloc-leak]: leak of ‘cb’
p11-kit-0.25.8/p11-kit/pin.c:227:1: enter_function: entry to ‘p11_kit_pin_register_callback’
p11-kit-0.25.8/p11-kit/pin.c:235:9: branch_true: following ‘true’ branch (when ‘pin_source’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:236:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:236:9: branch_true: following ‘true’ branch (when ‘callback’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:238:14: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:238:14: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/pin.c:239:9: branch_true: following ‘true’ branch (when ‘cb’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:241:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:248:15: call_function: calling ‘register_callback_unlocked’ from ‘p11_kit_pin_register_callback’
#  180|   
#  181|   	name = strdup (pin_source);
#  182|-> 	return_val_if_fail (name != NULL, false);
#  183|   
#  184|   	if (gl.pin_sources == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def145]
p11-kit-0.25.8/p11-kit/pin.c:185:34: warning[-Wanalyzer-malloc-leak]: leak of ‘cb’
p11-kit-0.25.8/p11-kit/pin.c:227:1: enter_function: entry to ‘p11_kit_pin_register_callback’
p11-kit-0.25.8/p11-kit/pin.c:235:9: branch_true: following ‘true’ branch (when ‘pin_source’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:236:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:236:9: branch_true: following ‘true’ branch (when ‘callback’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:238:14: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:238:14: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/pin.c:239:9: branch_true: following ‘true’ branch (when ‘cb’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:241:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:248:15: call_function: calling ‘register_callback_unlocked’ from ‘p11_kit_pin_register_callback’
#  183|   
#  184|   	if (gl.pin_sources == NULL) {
#  185|-> 		gl.pin_sources = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal,
#  186|   		                               free, (p11_destroyer)p11_array_free);
#  187|   		return_val_if_fail (gl.pin_sources != NULL, false);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def146]
p11-kit-0.25.8/p11-kit/pin.c:185:34: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/p11-kit/pin.c:181:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/pin.c:182:9: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:184:13: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:184:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/pin.c:185:34: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:185:34: throw: if ‘p11_dict_new’ throws an exception...
p11-kit-0.25.8/p11-kit/pin.c:185:34: danger: ‘name’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  183|   
#  184|   	if (gl.pin_sources == NULL) {
#  185|-> 		gl.pin_sources = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal,
#  186|   		                               free, (p11_destroyer)p11_array_free);
#  187|   		return_val_if_fail (gl.pin_sources != NULL, false);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def147]
p11-kit-0.25.8/p11-kit/pin.c:187:17: warning[-Wanalyzer-malloc-leak]: leak of ‘cb’
p11-kit-0.25.8/p11-kit/pin.c:227:1: enter_function: entry to ‘p11_kit_pin_register_callback’
p11-kit-0.25.8/p11-kit/pin.c:235:9: branch_true: following ‘true’ branch (when ‘pin_source’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:236:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:236:9: branch_true: following ‘true’ branch (when ‘callback’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:238:14: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:238:14: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/pin.c:239:9: branch_true: following ‘true’ branch (when ‘cb’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:241:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:248:15: call_function: calling ‘register_callback_unlocked’ from ‘p11_kit_pin_register_callback’
#  185|   		gl.pin_sources = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal,
#  186|   		                               free, (p11_destroyer)p11_array_free);
#  187|-> 		return_val_if_fail (gl.pin_sources != NULL, false);
#  188|   	}
#  189|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def148]
p11-kit-0.25.8/p11-kit/pin.c:187:17: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/p11-kit/pin.c:181:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/pin.c:182:9: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:184:13: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:184:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/pin.c:185:34: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:187:17: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/pin.c:187:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:187:17: throw: if ‘p11_debug_precond’ throws an exception...
p11-kit-0.25.8/p11-kit/pin.c:187:17: danger: ‘name’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  185|   		gl.pin_sources = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal,
#  186|   		                               free, (p11_destroyer)p11_array_free);
#  187|-> 		return_val_if_fail (gl.pin_sources != NULL, false);
#  188|   	}
#  189|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def149]
p11-kit-0.25.8/p11-kit/pin.c:191:29: warning[-Wanalyzer-malloc-leak]: leak of ‘cb’
p11-kit-0.25.8/p11-kit/pin.c:227:1: enter_function: entry to ‘p11_kit_pin_register_callback’
p11-kit-0.25.8/p11-kit/pin.c:235:9: branch_true: following ‘true’ branch (when ‘pin_source’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:236:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:236:9: branch_true: following ‘true’ branch (when ‘callback’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:238:14: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:238:14: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/pin.c:239:9: branch_true: following ‘true’ branch (when ‘cb’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:241:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:248:15: call_function: calling ‘register_callback_unlocked’ from ‘p11_kit_pin_register_callback’
#  189|   
#  190|   	if (gl.pin_sources != NULL)
#  191|-> 		callbacks = p11_dict_get (gl.pin_sources, name);
#  192|   
#  193|   	if (callbacks == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def150]
p11-kit-0.25.8/p11-kit/pin.c:191:29: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/p11-kit/pin.c:181:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/pin.c:182:9: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:184:13: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:190:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/pin.c:191:29: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:191:29: throw: if ‘p11_dict_get’ throws an exception...
p11-kit-0.25.8/p11-kit/pin.c:191:29: danger: ‘name’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  189|   
#  190|   	if (gl.pin_sources != NULL)
#  191|-> 		callbacks = p11_dict_get (gl.pin_sources, name);
#  192|   
#  193|   	if (callbacks == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def151]
p11-kit-0.25.8/p11-kit/pin.c:194:29: warning[-Wanalyzer-malloc-leak]: leak of ‘cb’
p11-kit-0.25.8/p11-kit/pin.c:227:1: enter_function: entry to ‘p11_kit_pin_register_callback’
p11-kit-0.25.8/p11-kit/pin.c:235:9: branch_true: following ‘true’ branch (when ‘pin_source’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:236:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:236:9: branch_true: following ‘true’ branch (when ‘callback’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:238:14: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:238:14: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/pin.c:239:9: branch_true: following ‘true’ branch (when ‘cb’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:241:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:248:15: call_function: calling ‘register_callback_unlocked’ from ‘p11_kit_pin_register_callback’
#  192|   
#  193|   	if (callbacks == NULL) {
#  194|-> 		callbacks = p11_array_new (unref_pin_callback);
#  195|   		return_val_if_fail (callbacks != NULL, false);
#  196|   		if (!p11_dict_set (gl.pin_sources, name, callbacks))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def152]
p11-kit-0.25.8/p11-kit/pin.c:194:29: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/p11-kit/pin.c:181:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/pin.c:182:9: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:184:13: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:190:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/pin.c:191:29: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:193:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/pin.c:194:29: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:194:29: throw: if ‘p11_array_new’ throws an exception...
p11-kit-0.25.8/p11-kit/pin.c:194:29: danger: ‘name’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  192|   
#  193|   	if (callbacks == NULL) {
#  194|-> 		callbacks = p11_array_new (unref_pin_callback);
#  195|   		return_val_if_fail (callbacks != NULL, false);
#  196|   		if (!p11_dict_set (gl.pin_sources, name, callbacks))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def153]
p11-kit-0.25.8/p11-kit/pin.c:195:17: warning[-Wanalyzer-malloc-leak]: leak of ‘cb’
p11-kit-0.25.8/p11-kit/pin.c:227:1: enter_function: entry to ‘p11_kit_pin_register_callback’
p11-kit-0.25.8/p11-kit/pin.c:235:9: branch_true: following ‘true’ branch (when ‘pin_source’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:236:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:236:9: branch_true: following ‘true’ branch (when ‘callback’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:238:14: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:238:14: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/pin.c:239:9: branch_true: following ‘true’ branch (when ‘cb’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:241:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:248:15: call_function: calling ‘register_callback_unlocked’ from ‘p11_kit_pin_register_callback’
#  193|   	if (callbacks == NULL) {
#  194|   		callbacks = p11_array_new (unref_pin_callback);
#  195|-> 		return_val_if_fail (callbacks != NULL, false);
#  196|   		if (!p11_dict_set (gl.pin_sources, name, callbacks))
#  197|   			return_val_if_reached (false);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def154]
p11-kit-0.25.8/p11-kit/pin.c:195:17: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/p11-kit/pin.c:181:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/pin.c:182:9: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:184:13: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:193:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/pin.c:194:29: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:195:17: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/pin.c:195:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:195:17: throw: if ‘p11_debug_precond’ throws an exception...
p11-kit-0.25.8/p11-kit/pin.c:195:17: danger: ‘name’ leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  193|   	if (callbacks == NULL) {
#  194|   		callbacks = p11_array_new (unref_pin_callback);
#  195|-> 		return_val_if_fail (callbacks != NULL, false);
#  196|   		if (!p11_dict_set (gl.pin_sources, name, callbacks))
#  197|   			return_val_if_reached (false);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def155]
p11-kit-0.25.8/p11-kit/pin.c:196:22: warning[-Wanalyzer-malloc-leak]: leak of ‘cb’
p11-kit-0.25.8/p11-kit/pin.c:227:1: enter_function: entry to ‘p11_kit_pin_register_callback’
p11-kit-0.25.8/p11-kit/pin.c:235:9: branch_true: following ‘true’ branch (when ‘pin_source’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:236:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:236:9: branch_true: following ‘true’ branch (when ‘callback’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:238:14: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:238:14: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/pin.c:239:9: branch_true: following ‘true’ branch (when ‘cb’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:241:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:248:15: call_function: calling ‘register_callback_unlocked’ from ‘p11_kit_pin_register_callback’
#  194|   		callbacks = p11_array_new (unref_pin_callback);
#  195|   		return_val_if_fail (callbacks != NULL, false);
#  196|-> 		if (!p11_dict_set (gl.pin_sources, name, callbacks))
#  197|   			return_val_if_reached (false);
#  198|   		name = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def156]
p11-kit-0.25.8/p11-kit/pin.c:196:22: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/p11-kit/pin.c:181:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/pin.c:182:9: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:184:13: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:193:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/pin.c:194:29: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:195:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/pin.c:196:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:196:22: throw: if ‘p11_dict_set’ throws an exception...
p11-kit-0.25.8/p11-kit/pin.c:196:22: danger: ‘name’ leaks here; was allocated at [(1)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/0)
#  194|   		callbacks = p11_array_new (unref_pin_callback);
#  195|   		return_val_if_fail (callbacks != NULL, false);
#  196|-> 		if (!p11_dict_set (gl.pin_sources, name, callbacks))
#  197|   			return_val_if_reached (false);
#  198|   		name = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def157]
p11-kit-0.25.8/p11-kit/pin.c:201:14: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/p11-kit/pin.c:181:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/pin.c:182:9: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:184:13: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:190:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/pin.c:191:29: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:193:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/pin.c:201:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:201:14: throw: if ‘p11_array_push’ throws an exception...
p11-kit-0.25.8/p11-kit/pin.c:201:14: danger: ‘name’ leaks here; was allocated at [(1)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/0)
#  199|   	}
#  200|   
#  201|-> 	if (!p11_array_push (callbacks, cb))
#  202|   		return_val_if_reached (false);
#  203|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def158]
p11-kit-0.25.8/p11-kit/pin.c:202:17: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/p11-kit/pin.c:181:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/pin.c:182:9: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:184:13: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:190:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/pin.c:191:29: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:193:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/pin.c:201:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:201:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/pin.c:202:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:202:17: throw: if ‘p11_debug_precond’ throws an exception...
p11-kit-0.25.8/p11-kit/pin.c:202:17: danger: ‘name’ leaks here; was allocated at [(1)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/0)
#  200|   
#  201|   	if (!p11_array_push (callbacks, cb))
#  202|-> 		return_val_if_reached (false);
#  203|   
#  204|   	free (name);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def159]
p11-kit-0.25.8/p11-kit/pin.c:206:1: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/p11-kit/pin.c:227:1: enter_function: entry to ‘p11_kit_pin_register_callback’
p11-kit-0.25.8/p11-kit/pin.c:235:9: branch_true: following ‘true’ branch (when ‘pin_source’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:236:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:236:9: branch_true: following ‘true’ branch (when ‘callback’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:238:14: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:239:9: branch_true: following ‘true’ branch (when ‘cb’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:241:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:248:15: call_function: calling ‘register_callback_unlocked’ from ‘p11_kit_pin_register_callback’
#  204|   	free (name);
#  205|   	return true;
#  206|-> }
#  207|   
#  208|   /**

Error: GCC_ANALYZER_WARNING (CWE-775): [#def160]
p11-kit-0.25.8/p11-kit/pin.c:478:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(pin_source, 524288)’
p11-kit-0.25.8/p11-kit/pin.c:463:9: branch_true: following ‘true’ branch (when ‘pin_source’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:466:13: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:466:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/pin.c:469:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:469:14: acquire_resource: opened here
p11-kit-0.25.8/p11-kit/pin.c:470:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/pin.c:470:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:478:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/pin.c:482:20: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:482:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/pin.c:483:34: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:484:28: branch_true: following ‘true’ branch (when ‘memory’ is NULL)...
p11-kit-0.25.8/p11-kit/pin.c:505:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:478:21: danger: ‘open(pin_source, 524288)’ leaks here; was opened at [(5)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/4)
#  476|   
#  477|   	for (;;) {
#  478|-> 		if (used + block > 4096) {
#  479|   			error = EFBIG;
#  480|   			break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def161]
p11-kit-0.25.8/p11-kit/pin.c:505:9: warning[-Wanalyzer-malloc-leak]: leak of ‘buffer’
p11-kit-0.25.8/p11-kit/pin.c:463:9: branch_true: following ‘true’ branch (when ‘pin_source’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:466:13: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:466:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/pin.c:469:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:470:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/pin.c:470:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:478:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/pin.c:482:20: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:482:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/pin.c:483:34: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:484:28: branch_false: following ‘false’ branch (when ‘memory’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:492:23: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:498:27: branch_false: following ‘false’ branch (when ‘res != 0’)...
p11-kit-0.25.8/p11-kit/pin.c:501:30: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:478:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/pin.c:482:20: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:482:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/pin.c:483:34: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:484:28: branch_false: following ‘false’ branch (when ‘memory’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:492:23: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:498:27: branch_true: following ‘true’ branch (when ‘res == 0’)...
p11-kit-0.25.8/p11-kit/pin.c:505:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:505:9: throw: if ‘close’ throws an exception...
p11-kit-0.25.8/p11-kit/pin.c:505:9: danger: ‘buffer’ leaks here; was allocated at [(20)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/19)
#  503|   	}
#  504|   
#  505|-> 	close (fd);
#  506|   
#  507|   	if (error != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def162]
p11-kit-0.25.8/p11-kit/pin.c:554:9: warning[-Wanalyzer-malloc-leak]: leak of ‘copy’
p11-kit-0.25.8/p11-kit/pin.c:544:1: enter_function: entry to ‘p11_kit_pin_new’
p11-kit-0.25.8/p11-kit/pin.c:549:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/pin.c:550:9: branch_true: following ‘true’ branch (when ‘copy’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:552:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:553:15: call_function: calling ‘p11_kit_pin_new_for_buffer’ from ‘p11_kit_pin_new’
p11-kit-0.25.8/p11-kit/pin.c:553:15: return_function: returning to ‘p11_kit_pin_new’ from ‘p11_kit_pin_new_for_buffer’
p11-kit-0.25.8/p11-kit/pin.c:554:9: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/pin.c:554:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:554:9: throw: if ‘p11_debug_precond’ throws an exception...
p11-kit-0.25.8/p11-kit/pin.c:554:9: danger: ‘copy’ leaks here; was allocated at [(2)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/1)
#  552|   	memcpy (copy, value, length);
#  553|   	pin = p11_kit_pin_new_for_buffer (copy, length, free);
#  554|-> 	return_val_if_fail (pin != NULL, NULL);
#  555|   
#  556|   	return pin;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def163]
p11-kit-0.25.8/p11-kit/pin.c:612:9: warning[-Wanalyzer-malloc-leak]: leak of ‘buffer’
p11-kit-0.25.8/p11-kit/pin.c:449:1: enter_function: entry to ‘p11_kit_pin_file_callback’
p11-kit-0.25.8/p11-kit/pin.c:463:9: branch_true: following ‘true’ branch (when ‘pin_source’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:466:13: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:466:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/pin.c:469:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:470:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/pin.c:470:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:478:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/pin.c:482:20: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:482:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/pin.c:483:34: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:484:28: branch_false: following ‘false’ branch (when ‘memory’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:492:23: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:498:27: branch_false: following ‘false’ branch (when ‘res != 0’)...
p11-kit-0.25.8/p11-kit/pin.c:501:30: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:478:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/pin.c:482:20: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:482:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/pin.c:483:34: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:484:28: branch_false: following ‘false’ branch (when ‘memory’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:492:23: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:498:27: branch_true: following ‘true’ branch (when ‘res == 0’)...
p11-kit-0.25.8/p11-kit/pin.c:505:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:507:12: branch_false: following ‘false’ branch (when ‘error == 0’)...
p11-kit-0.25.8/p11-kit/pin.c:513:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/pin.c:513:16: call_function: calling ‘p11_kit_pin_new_for_buffer’ from ‘p11_kit_pin_file_callback’
#  610|   
#  611|   	pin = calloc (1, sizeof (P11KitPin));
#  612|-> 	return_val_if_fail (pin != NULL, NULL);
#  613|   
#  614|   	pin->ref_count = 1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def164]
p11-kit-0.25.8/p11-kit/pin.c:612:9: warning[-Wanalyzer-malloc-leak]: leak of ‘copy’
p11-kit-0.25.8/p11-kit/pin.c:544:1: enter_function: entry to ‘p11_kit_pin_new’
p11-kit-0.25.8/p11-kit/pin.c:549:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/pin.c:550:9: branch_true: following ‘true’ branch (when ‘copy’ is non-NULL)...
p11-kit-0.25.8/p11-kit/pin.c:552:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/pin.c:553:15: call_function: calling ‘p11_kit_pin_new_for_buffer’ from ‘p11_kit_pin_new’
#  610|   
#  611|   	pin = calloc (1, sizeof (P11KitPin));
#  612|-> 	return_val_if_fail (pin != NULL, NULL);
#  613|   
#  614|   	pin->ref_count = 1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def165]
p11-kit-0.25.8/p11-kit/proxy.c:175:32: warning[-Wanalyzer-malloc-leak]: leak of ‘to_close’
p11-kit-0.25.8/p11-kit/proxy.c:665:1: enter_function: entry to ‘proxy_C_CloseAllSessions’
p11-kit-0.25.8/p11-kit/proxy.c:677:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:680:25: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:681:44: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:681:36: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/proxy.c:682:28: branch_false: following ‘false’ branch (when ‘to_close’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:685:51: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:687:40: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:688:49: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:696:12: branch_false: following ‘false’ branch (when ‘rv == 0’)...
p11-kit-0.25.8/p11-kit/proxy.c:696:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:699:21: branch_true: following ‘true’ branch (when ‘i < count’)...
p11-kit-0.25.8/p11-kit/proxy.c:700:53: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:700:17: call_function: calling ‘proxy_C_CloseSession’ from ‘proxy_C_CloseAllSessions’
#  173|   		} else {
#  174|   			assert (px->sessions);
#  175|-> 			sess = p11_dict_get (px->sessions, handle);
#  176|   			if (sess != NULL) {
#  177|   				*handle = sess->real_session;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def166]
p11-kit-0.25.8/p11-kit/proxy.c:196:25: warning[-Wanalyzer-malloc-leak]: leak of ‘py’
p11-kit-0.25.8/p11-kit/proxy.c:331:1: enter_function: entry to ‘proxy_create’
p11-kit-0.25.8/p11-kit/proxy.c:337:14: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/proxy.c:338:9: branch_true: following ‘true’ branch (when ‘py’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:340:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:344:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:349:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:351:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:356:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:356:17: call_function: calling ‘proxy_free’ from ‘proxy_create’
#  194|   	if (py) {
#  195|   		if (finalize)
#  196|-> 			p11_kit_modules_finalize ((CK_FUNCTION_LIST **)py->inited);
#  197|   		free (py->inited);
#  198|   		p11_dict_free (py->sessions);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def167]
p11-kit-0.25.8/p11-kit/proxy.c:198:17: warning[-Wanalyzer-malloc-leak]: leak of ‘py’
p11-kit-0.25.8/p11-kit/proxy.c:331:1: enter_function: entry to ‘proxy_create’
p11-kit-0.25.8/p11-kit/proxy.c:337:14: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/proxy.c:338:9: branch_true: following ‘true’ branch (when ‘py’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:340:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:344:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:345:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:345:17: call_function: calling ‘proxy_free’ from ‘proxy_create’
#  196|   			p11_kit_modules_finalize ((CK_FUNCTION_LIST **)py->inited);
#  197|   		free (py->inited);
#  198|-> 		p11_dict_free (py->sessions);
#  199|   		free (py->mappings);
#  200|   		free (py);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def168]
p11-kit-0.25.8/p11-kit/proxy.c:248:16: warning[-Wanalyzer-malloc-leak]: leak of ‘new_mappings’
p11-kit-0.25.8/p11-kit/proxy.c:331:1: enter_function: entry to ‘proxy_create’
p11-kit-0.25.8/p11-kit/proxy.c:338:9: branch_true: following ‘true’ branch (when ‘py’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:340:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:344:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:349:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:351:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:352:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:352:22: call_function: calling ‘proxy_list_slots’ from ‘proxy_create’
#  246|   		count++;
#  247|   
#  248|-> 	return memdup (modules, sizeof (CK_FUNCTION_LIST *) * (count + 1));
#  249|   }
#  250|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def169]
p11-kit-0.25.8/p11-kit/proxy.c:248:16: warning[-Wanalyzer-malloc-leak]: leak of ‘new_slots’
p11-kit-0.25.8/p11-kit/proxy.c:331:1: enter_function: entry to ‘proxy_create’
p11-kit-0.25.8/p11-kit/proxy.c:338:9: branch_true: following ‘true’ branch (when ‘py’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:340:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:344:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:349:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:351:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:352:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:352:22: call_function: calling ‘proxy_list_slots’ from ‘proxy_create’
#  246|   		count++;
#  247|   
#  248|-> 	return memdup (modules, sizeof (CK_FUNCTION_LIST *) * (count + 1));
#  249|   }
#  250|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def170]
p11-kit-0.25.8/p11-kit/proxy.c:248:16: warning[-Wanalyzer-malloc-leak]: leak of ‘py’
p11-kit-0.25.8/p11-kit/proxy.c:331:1: enter_function: entry to ‘proxy_create’
p11-kit-0.25.8/p11-kit/proxy.c:337:14: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/proxy.c:338:9: branch_true: following ‘true’ branch (when ‘py’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:340:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:343:22: call_function: calling ‘modules_dup’ from ‘proxy_create’
#  246|   		count++;
#  247|   
#  248|-> 	return memdup (modules, sizeof (CK_FUNCTION_LIST *) * (count + 1));
#  249|   }
#  250|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def171]
p11-kit-0.25.8/p11-kit/proxy.c:267:22: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
p11-kit-0.25.8/p11-kit/proxy.c:331:1: enter_function: entry to ‘proxy_create’
p11-kit-0.25.8/p11-kit/proxy.c:338:9: branch_true: following ‘true’ branch (when ‘py’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:340:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:344:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:349:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:351:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:352:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:352:22: call_function: calling ‘proxy_list_slots’ from ‘proxy_create’
#  265|   
#  266|   		/* Ask module for its slots */
#  267|-> 		rv = (funcs->C_GetSlotList) (FALSE, NULL, &count);
#  268|   		if (rv == CKR_OK && count) {
#  269|   			slots = calloc (count, sizeof (CK_SLOT_ID));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def172]
p11-kit-0.25.8/p11-kit/proxy.c:267:22: warning[-Wanalyzer-malloc-leak]: leak of ‘new_mappings’
p11-kit-0.25.8/p11-kit/proxy.c:471:1: enter_function: entry to ‘proxy_C_GetSlotList’
p11-kit-0.25.8/p11-kit/proxy.c:483:9: branch_true: following ‘true’ branch (when ‘count’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:485:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:487:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:495:28: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:501:30: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:501:30: call_function: calling ‘proxy_list_slots’ from ‘proxy_C_GetSlotList’
#  265|   
#  266|   		/* Ask module for its slots */
#  267|-> 		rv = (funcs->C_GetSlotList) (FALSE, NULL, &count);
#  268|   		if (rv == CKR_OK && count) {
#  269|   			slots = calloc (count, sizeof (CK_SLOT_ID));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def173]
p11-kit-0.25.8/p11-kit/proxy.c:267:22: warning[-Wanalyzer-malloc-leak]: leak of ‘py’
p11-kit-0.25.8/p11-kit/proxy.c:331:1: enter_function: entry to ‘proxy_create’
p11-kit-0.25.8/p11-kit/proxy.c:337:14: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/proxy.c:338:9: branch_true: following ‘true’ branch (when ‘py’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:340:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:344:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:349:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:351:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:352:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:352:22: call_function: calling ‘proxy_list_slots’ from ‘proxy_create’
#  265|   
#  266|   		/* Ask module for its slots */
#  267|-> 		rv = (funcs->C_GetSlotList) (FALSE, NULL, &count);
#  268|   		if (rv == CKR_OK && count) {
#  269|   			slots = calloc (count, sizeof (CK_SLOT_ID));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def174]
p11-kit-0.25.8/p11-kit/proxy.c:270:30: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
p11-kit-0.25.8/p11-kit/proxy.c:331:1: enter_function: entry to ‘proxy_create’
p11-kit-0.25.8/p11-kit/proxy.c:338:9: branch_true: following ‘true’ branch (when ‘py’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:340:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:344:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:349:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:351:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:352:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:352:22: call_function: calling ‘proxy_list_slots’ from ‘proxy_create’
#  268|   		if (rv == CKR_OK && count) {
#  269|   			slots = calloc (count, sizeof (CK_SLOT_ID));
#  270|-> 			rv = (funcs->C_GetSlotList) (FALSE, slots, &count);
#  271|   		}
#  272|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def175]
p11-kit-0.25.8/p11-kit/proxy.c:270:30: warning[-Wanalyzer-malloc-leak]: leak of ‘new_mappings’
p11-kit-0.25.8/p11-kit/proxy.c:471:1: enter_function: entry to ‘proxy_C_GetSlotList’
p11-kit-0.25.8/p11-kit/proxy.c:483:9: branch_true: following ‘true’ branch (when ‘count’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:485:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:487:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:495:28: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:501:30: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:501:30: call_function: calling ‘proxy_list_slots’ from ‘proxy_C_GetSlotList’
#  268|   		if (rv == CKR_OK && count) {
#  269|   			slots = calloc (count, sizeof (CK_SLOT_ID));
#  270|-> 			rv = (funcs->C_GetSlotList) (FALSE, slots, &count);
#  271|   		}
#  272|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def176]
p11-kit-0.25.8/p11-kit/proxy.c:270:30: warning[-Wanalyzer-malloc-leak]: leak of ‘py’
p11-kit-0.25.8/p11-kit/proxy.c:331:1: enter_function: entry to ‘proxy_create’
p11-kit-0.25.8/p11-kit/proxy.c:337:14: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/proxy.c:338:9: branch_true: following ‘true’ branch (when ‘py’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:340:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:344:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:349:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:351:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:352:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:352:22: call_function: calling ‘proxy_list_slots’ from ‘proxy_create’
#  268|   		if (rv == CKR_OK && count) {
#  269|   			slots = calloc (count, sizeof (CK_SLOT_ID));
#  270|-> 			rv = (funcs->C_GetSlotList) (FALSE, slots, &count);
#  271|   		}
#  272|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def177]
p11-kit-0.25.8/p11-kit/proxy.c:270:30: warning[-Wanalyzer-malloc-leak]: leak of ‘slots’
p11-kit-0.25.8/p11-kit/proxy.c:261:30: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:267:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:268:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:269:33: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/proxy.c:270:30: throw: if the called function throws an exception...
p11-kit-0.25.8/p11-kit/proxy.c:270:30: danger: ‘slots’ leaks here; was allocated at [(5)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/4)
#  268|   		if (rv == CKR_OK && count) {
#  269|   			slots = calloc (count, sizeof (CK_SLOT_ID));
#  270|-> 			rv = (funcs->C_GetSlotList) (FALSE, slots, &count);
#  271|   		}
#  272|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def178]
p11-kit-0.25.8/p11-kit/proxy.c:278:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
p11-kit-0.25.8/p11-kit/proxy.c:331:1: enter_function: entry to ‘proxy_create’
p11-kit-0.25.8/p11-kit/proxy.c:338:9: branch_true: following ‘true’ branch (when ‘py’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:340:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:344:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:349:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:351:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:352:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:352:22: call_function: calling ‘proxy_list_slots’ from ‘proxy_create’
#  276|   		}
#  277|   
#  278|-> 		return_val_if_fail (count == 0 || slots != NULL, CKR_GENERAL_ERROR);
#  279|   
#  280|   		if (count > 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def179]
p11-kit-0.25.8/p11-kit/proxy.c:278:17: warning[-Wanalyzer-malloc-leak]: leak of ‘new_mappings’
p11-kit-0.25.8/p11-kit/proxy.c:471:1: enter_function: entry to ‘proxy_C_GetSlotList’
p11-kit-0.25.8/p11-kit/proxy.c:483:9: branch_true: following ‘true’ branch (when ‘count’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:485:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:487:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:495:28: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:501:30: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:501:30: call_function: calling ‘proxy_list_slots’ from ‘proxy_C_GetSlotList’
#  276|   		}
#  277|   
#  278|-> 		return_val_if_fail (count == 0 || slots != NULL, CKR_GENERAL_ERROR);
#  279|   
#  280|   		if (count > 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def180]
p11-kit-0.25.8/p11-kit/proxy.c:278:17: warning[-Wanalyzer-malloc-leak]: leak of ‘py’
p11-kit-0.25.8/p11-kit/proxy.c:331:1: enter_function: entry to ‘proxy_create’
p11-kit-0.25.8/p11-kit/proxy.c:337:14: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/proxy.c:338:9: branch_true: following ‘true’ branch (when ‘py’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:340:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:344:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:349:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:351:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:352:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:352:22: call_function: calling ‘proxy_list_slots’ from ‘proxy_create’
#  276|   		}
#  277|   
#  278|-> 		return_val_if_fail (count == 0 || slots != NULL, CKR_GENERAL_ERROR);
#  279|   
#  280|   		if (count > 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def181]
p11-kit-0.25.8/p11-kit/proxy.c:288:25: warning[-Wanalyzer-malloc-leak]: leak of ‘new_mappings’
p11-kit-0.25.8/p11-kit/proxy.c:471:1: enter_function: entry to ‘proxy_C_GetSlotList’
p11-kit-0.25.8/p11-kit/proxy.c:483:9: branch_true: following ‘true’ branch (when ‘count’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:485:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:487:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:495:28: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:501:30: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:501:30: call_function: calling ‘proxy_list_slots’ from ‘proxy_C_GetSlotList’
#  286|   			return_val_if_fail (new_slots != NULL, CKR_HOST_MEMORY);
#  287|   			new_mappings = reallocarray (py->mappings, (py->n_mappings + count), sizeof (Mapping));
#  288|-> 			return_val_if_fail (new_mappings != NULL, CKR_HOST_MEMORY);
#  289|   			py->mappings = new_mappings;
#  290|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def182]
p11-kit-0.25.8/p11-kit/proxy.c:288:25: warning[-Wanalyzer-malloc-leak]: leak of ‘new_slots’
p11-kit-0.25.8/p11-kit/proxy.c:261:30: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:267:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:268:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:273:20: branch_false: following ‘false’ branch (when ‘rv == 0’)...
p11-kit-0.25.8/p11-kit/proxy.c:278:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:278:17: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:278:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:278:17: branch_true: following ‘true’ branch (when ‘slots’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:280:20: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:280:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:285:37: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:285:37: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/proxy.c:286:25: branch_true: following ‘true’ branch (when ‘new_slots’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:287:69: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:288:25: throw: if ‘p11_debug_precond’ throws an exception...
p11-kit-0.25.8/p11-kit/proxy.c:288:25: danger: ‘new_slots’ leaks here; was allocated at [(13)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/12)
#  286|   			return_val_if_fail (new_slots != NULL, CKR_HOST_MEMORY);
#  287|   			new_mappings = reallocarray (py->mappings, (py->n_mappings + count), sizeof (Mapping));
#  288|-> 			return_val_if_fail (new_mappings != NULL, CKR_HOST_MEMORY);
#  289|   			py->mappings = new_mappings;
#  290|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def183]
p11-kit-0.25.8/p11-kit/proxy.c:328:1: warning[-Wanalyzer-malloc-leak]: leak of ‘new_mappings’
p11-kit-0.25.8/p11-kit/proxy.c:471:1: enter_function: entry to ‘proxy_C_GetSlotList’
p11-kit-0.25.8/p11-kit/proxy.c:483:9: branch_true: following ‘true’ branch (when ‘count’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:485:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:487:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:495:28: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:501:30: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:501:30: call_function: calling ‘proxy_list_slots’ from ‘proxy_C_GetSlotList’
#  326|   	}
#  327|   	return rv;
#  328|-> }
#  329|   
#  330|   static CK_RV

Error: GCC_ANALYZER_WARNING (CWE-401): [#def184]
p11-kit-0.25.8/p11-kit/proxy.c:328:1: warning[-Wanalyzer-malloc-leak]: leak of ‘new_slots’
p11-kit-0.25.8/p11-kit/proxy.c:261:30: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:267:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:268:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:268:34: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:273:20: branch_false: following ‘false’ branch (when ‘rv == 0’)...
p11-kit-0.25.8/p11-kit/proxy.c:278:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:278:17: branch_true: following ‘true’ branch (when ‘slots’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:280:20: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:285:37: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/proxy.c:286:25: branch_true: following ‘true’ branch (when ‘new_slots’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:287:69: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:328:1: danger: ‘new_slots’ leaks here; was allocated at [(9)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/8)
#  326|   	}
#  327|   	return rv;
#  328|-> }
#  329|   
#  330|   static CK_RV

Error: GCC_ANALYZER_WARNING (CWE-401): [#def185]
p11-kit-0.25.8/p11-kit/proxy.c:349:14: warning[-Wanalyzer-malloc-leak]: leak of ‘py’
p11-kit-0.25.8/p11-kit/proxy.c:337:14: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/proxy.c:338:9: branch_true: following ‘true’ branch (when ‘py’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:340:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:344:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:349:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:349:14: throw: if ‘p11_kit_modules_initialize’ throws an exception...
p11-kit-0.25.8/p11-kit/proxy.c:349:14: danger: ‘py’ leaks here; was allocated at [(1)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/0)
#  347|   	}
#  348|   
#  349|-> 	rv = p11_kit_modules_initialize (py->inited, NULL);
#  350|   
#  351|   	if (rv == CKR_OK) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def186]
p11-kit-0.25.8/p11-kit/proxy.c:626:38: warning[-Wanalyzer-malloc-leak]: leak of ‘sess’
p11-kit-0.25.8/p11-kit/proxy.c:588:1: enter_function: entry to ‘proxy_C_OpenSession’
p11-kit-0.25.8/p11-kit/proxy.c:600:9: branch_true: following ‘true’ branch (when ‘handle’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:602:14: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:602:14: call_function: calling ‘map_slot_to_real’ from ‘proxy_C_OpenSession’
p11-kit-0.25.8/p11-kit/proxy.c:602:14: return_function: returning to ‘proxy_C_OpenSession’ from ‘map_slot_to_real’
p11-kit-0.25.8/p11-kit/proxy.c:603:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:606:15: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:608:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:609:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:611:28: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:621:40: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/proxy.c:622:33: branch_true: following ‘true’ branch (when ‘sess’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:623:51: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:626:38: throw: if ‘p11_dict_set’ throws an exception...
p11-kit-0.25.8/p11-kit/proxy.c:626:38: danger: ‘sess’ leaks here; was allocated at [(24)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/23)
#  624|   				sess->real_session = *handle;
#  625|   				sess->wrap_session = ++state->last_handle; /* TODO: Handle wrapping, and then collisions */
#  626|-> 				if (!p11_dict_set (state->px->sessions, &sess->wrap_session, sess))
#  627|   					warn_if_reached ();
#  628|   				*handle = sess->wrap_session;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def187]
p11-kit-0.25.8/p11-kit/proxy.c:685:33: warning[-Wanalyzer-malloc-leak]: leak of ‘to_close’
p11-kit-0.25.8/p11-kit/proxy.c:677:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:680:25: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:681:44: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:681:36: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/proxy.c:682:28: branch_false: following ‘false’ branch (when ‘to_close’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:685:51: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:685:33: throw: if ‘p11_dict_iterate’ throws an exception...
p11-kit-0.25.8/p11-kit/proxy.c:685:33: danger: ‘to_close’ leaks here; was allocated at [(5)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/4)
#  683|   				rv = CKR_HOST_MEMORY;
#  684|   			} else {
#  685|-> 				p11_dict_iterate (state->px->sessions, &iter);
#  686|   				count = 0;
#  687|   				while (p11_dict_next (&iter, NULL, (void**)&sess)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def188]
p11-kit-0.25.8/p11-kit/proxy.c:687:40: warning[-Wanalyzer-malloc-leak]: leak of ‘to_close’
p11-kit-0.25.8/p11-kit/proxy.c:677:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:680:25: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:681:44: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:681:36: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/proxy.c:682:28: branch_false: following ‘false’ branch (when ‘to_close’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:685:51: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:687:40: throw: if ‘p11_dict_next’ throws an exception...
p11-kit-0.25.8/p11-kit/proxy.c:687:40: danger: ‘to_close’ leaks here; was allocated at [(5)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/4)
#  685|   				p11_dict_iterate (state->px->sessions, &iter);
#  686|   				count = 0;
#  687|-> 				while (p11_dict_next (&iter, NULL, (void**)&sess)) {
#  688|   					if (sess->wrap_slot == id)
#  689|   						to_close[count++] = sess->wrap_session;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def189]
p11-kit-0.25.8/p11-kit/proxy.c:772:9: warning[-Wanalyzer-malloc-leak]: leak of ‘state’
p11-kit-0.25.8/p11-kit/proxy.c:754:9: branch_true: following ‘true’ branch (when ‘interface’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:755:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:755:9: branch_true: following ‘true’ branch (when ‘version’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:757:13: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:763:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/proxy.c:766:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:766:17: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/proxy.c:767:12: branch_false: following ‘false’ branch (when ‘state’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:772:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:772:9: throw: if ‘p11_virtual_init’ throws an exception...
p11-kit-0.25.8/p11-kit/proxy.c:772:9: danger: ‘state’ leaks here; was allocated at [(7)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/6)
#  770|   	}
#  771|   
#  772|-> 	p11_virtual_init (&state->virt, &proxy_functions, state, NULL);
#  773|   
#  774|   	state->last_handle = FIRST_HANDLE;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def190]
p11-kit-0.25.8/p11-kit/proxy.c:964:9: warning[-Wanalyzer-malloc-leak]: leak of ‘state’
p11-kit-0.25.8/p11-kit/proxy.c:957:9: branch_true: following ‘true’ branch (when ‘module’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:958:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:958:9: branch_true: following ‘true’ branch (when ‘modules’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:960:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:960:17: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/proxy.c:961:12: branch_false: following ‘false’ branch (when ‘state’ is non-NULL)...
p11-kit-0.25.8/p11-kit/proxy.c:964:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/proxy.c:964:9: throw: if ‘p11_virtual_init’ throws an exception...
p11-kit-0.25.8/p11-kit/proxy.c:964:9: danger: ‘state’ leaks here; was allocated at [(5)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/4)
#  962|   		return CKR_HOST_MEMORY;
#  963|   
#  964|-> 	p11_virtual_init (&state->virt, &proxy_functions, state, NULL);
#  965|   	state->last_handle = FIRST_HANDLE;
#  966|   	state->loaded = modules_dup (modules);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def191]
p11-kit-0.25.8/p11-kit/rpc-message.c:2011:25: warning[-Wanalyzer-null-argument]: use of NULL ‘data1’ where non-null expected
p11-kit-0.25.8/p11-kit/rpc-message.c:1979:1: enter_function: entry to ‘p11_rpc_buffer_get_ibm_kyber_mechanism_value’
p11-kit-0.25.8/p11-kit/rpc-message.c:1994:14: call_function: calling ‘p11_rpc_buffer_get_uint64’ from ‘p11_rpc_buffer_get_ibm_kyber_mechanism_value’
p11-kit-0.25.8/p11-kit/rpc-message.c:1994:14: return_function: returning to ‘p11_rpc_buffer_get_ibm_kyber_mechanism_value’ from ‘p11_rpc_buffer_get_uint64’
p11-kit-0.25.8/p11-kit/rpc-message.c:1994:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-message.c:1995:14: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-message.c:1995:14: call_function: calling ‘p11_rpc_buffer_get_uint64’ from ‘p11_rpc_buffer_get_ibm_kyber_mechanism_value’
p11-kit-0.25.8/p11-kit/rpc-message.c:1995:14: return_function: returning to ‘p11_rpc_buffer_get_ibm_kyber_mechanism_value’ from ‘p11_rpc_buffer_get_uint64’
p11-kit-0.25.8/p11-kit/rpc-message.c:1994:13: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-message.c:1996:14: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-message.c:1996:14: call_function: calling ‘p11_rpc_buffer_get_uint64’ from ‘p11_rpc_buffer_get_ibm_kyber_mechanism_value’
p11-kit-0.25.8/p11-kit/rpc-message.c:1996:14: return_function: returning to ‘p11_rpc_buffer_get_ibm_kyber_mechanism_value’ from ‘p11_rpc_buffer_get_uint64’
p11-kit-0.25.8/p11-kit/rpc-message.c:1994:13: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-message.c:1997:14: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-message.c:1997:14: call_function: calling ‘p11_rpc_buffer_get_byte’ from ‘p11_rpc_buffer_get_ibm_kyber_mechanism_value’
p11-kit-0.25.8/p11-kit/rpc-message.c:1997:14: return_function: returning to ‘p11_rpc_buffer_get_ibm_kyber_mechanism_value’ from ‘p11_rpc_buffer_get_byte’
p11-kit-0.25.8/p11-kit/rpc-message.c:1994:13: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-message.c:1998:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-message.c:1998:14: call_function: calling ‘p11_rpc_buffer_get_byte_array’ from ‘p11_rpc_buffer_get_ibm_kyber_mechanism_value’
p11-kit-0.25.8/p11-kit/rpc-message.c:1998:14: return_function: returning to ‘p11_rpc_buffer_get_ibm_kyber_mechanism_value’ from ‘p11_rpc_buffer_get_byte_array’
p11-kit-0.25.8/p11-kit/rpc-message.c:1994:13: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-message.c:1999:14: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-message.c:1999:14: call_function: calling ‘p11_rpc_buffer_get_byte_array’ from ‘p11_rpc_buffer_get_ibm_kyber_mechanism_value’
p11-kit-0.25.8/p11-kit/rpc-message.c:1999:14: return_function: returning to ‘p11_rpc_buffer_get_ibm_kyber_mechanism_value’ from ‘p11_rpc_buffer_get_byte_array’
p11-kit-0.25.8/p11-kit/rpc-message.c:1994:13: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-message.c:2000:14: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-message.c:2000:14: call_function: calling ‘p11_rpc_buffer_get_uint64’ from ‘p11_rpc_buffer_get_ibm_kyber_mechanism_value’
p11-kit-0.25.8/p11-kit/rpc-message.c:2000:14: return_function: returning to ‘p11_rpc_buffer_get_ibm_kyber_mechanism_value’ from ‘p11_rpc_buffer_get_uint64’
p11-kit-0.25.8/p11-kit/rpc-message.c:1994:13: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-message.c:2003:12: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-message.c:2003:12: branch_true: following ‘true’ branch (when ‘value’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-message.c:2006:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-message.c:2010:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-message.c:2011:25: release_memory: ‘data1’ is NULL
p11-kit-0.25.8/p11-kit/rpc-message.c:2011:25: danger: argument 2 (‘data1’) NULL where non-null expected
# 2009|   		params->bPrepend = byte;
# 2010|   		if (params->pCipher && params->ulCipherLen == len1) {
# 2011|-> 			memcpy(params->pCipher, data1, len1);
# 2012|   			params->ulCipherLen = len1;
# 2013|   		} else {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def192]
p11-kit-0.25.8/p11-kit/rpc-server.c:2554:9: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2727:1: enter_function: entry to ‘p11_kit_remote_serve_tokens’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_true: following ‘true’ branch (when ‘provider’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2778:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2855:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2875:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2877:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2884:15: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2884:15: call_function: calling ‘p11_kit_remote_serve_module’ from ‘p11_kit_remote_serve_tokens’
# 2552|   	int code;
# 2553|   
# 2554|-> 	return_val_if_fail (module != NULL, 1);
# 2555|   
# 2556|   	p11_buffer_init (&options, 0);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def193]
p11-kit-0.25.8/p11-kit/rpc-server.c:2556:9: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2727:1: enter_function: entry to ‘p11_kit_remote_serve_tokens’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_true: following ‘true’ branch (when ‘provider’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2778:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2855:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2875:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2877:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2884:15: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2884:15: call_function: calling ‘p11_kit_remote_serve_module’ from ‘p11_kit_remote_serve_tokens’
# 2554|   	return_val_if_fail (module != NULL, 1);
# 2555|   
# 2556|-> 	p11_buffer_init (&options, 0);
# 2557|   	p11_buffer_init (&buffer, 0);
# 2558|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def194]
p11-kit-0.25.8/p11-kit/rpc-server.c:2557:9: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2727:1: enter_function: entry to ‘p11_kit_remote_serve_tokens’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_true: following ‘true’ branch (when ‘provider’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2778:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2855:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2875:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2877:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2884:15: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2884:15: call_function: calling ‘p11_kit_remote_serve_module’ from ‘p11_kit_remote_serve_tokens’
# 2555|   
# 2556|   	p11_buffer_init (&options, 0);
# 2557|-> 	p11_buffer_init (&buffer, 0);
# 2558|   
# 2559|   	p11_virtual_init (&server.virt, &p11_virtual_base, module, NULL);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def195]
p11-kit-0.25.8/p11-kit/rpc-server.c:2559:9: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2727:1: enter_function: entry to ‘p11_kit_remote_serve_tokens’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_true: following ‘true’ branch (when ‘provider’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2778:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2855:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2875:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2877:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2884:15: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2884:15: call_function: calling ‘p11_kit_remote_serve_module’ from ‘p11_kit_remote_serve_tokens’
# 2557|   	p11_buffer_init (&buffer, 0);
# 2558|   
# 2559|-> 	p11_virtual_init (&server.virt, &p11_virtual_base, module, NULL);
# 2560|   
# 2561|   	switch (read (in_fd, &server.version, 1)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def196]
p11-kit-0.25.8/p11-kit/rpc-server.c:2573:17: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2727:1: enter_function: entry to ‘p11_kit_remote_serve_tokens’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_true: following ‘true’ branch (when ‘provider’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2778:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2855:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2875:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2877:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2884:15: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2884:15: call_function: calling ‘p11_kit_remote_serve_module’ from ‘p11_kit_remote_serve_tokens’
# 2571|   		break;
# 2572|   	default:
# 2573|-> 		p11_message_err (errno, _("couldn't read credential byte"));
# 2574|   		goto out;
# 2575|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def197]
p11-kit-0.25.8/p11-kit/rpc-server.c:2581:17: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2727:1: enter_function: entry to ‘p11_kit_remote_serve_tokens’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_true: following ‘true’ branch (when ‘provider’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2778:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2855:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2875:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2877:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2884:15: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2884:15: call_function: calling ‘p11_kit_remote_serve_module’ from ‘p11_kit_remote_serve_tokens’
# 2579|   	}
# 2580|   
# 2581|-> 	switch (write (out_fd, &server.version, 1)) {
# 2582|   	case 1:
# 2583|   		break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def198]
p11-kit-0.25.8/p11-kit/rpc-server.c:2585:17: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2727:1: enter_function: entry to ‘p11_kit_remote_serve_tokens’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_true: following ‘true’ branch (when ‘provider’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2778:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2855:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2875:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2877:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2884:15: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2884:15: call_function: calling ‘p11_kit_remote_serve_module’ from ‘p11_kit_remote_serve_tokens’
# 2583|   		break;
# 2584|   	default:
# 2585|-> 		p11_message_err (errno, _("couldn't write credential byte"));
# 2586|   		goto out;
# 2587|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def199]
p11-kit-0.25.8/p11-kit/rpc-server.c:2595:34: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2727:1: enter_function: entry to ‘p11_kit_remote_serve_tokens’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_true: following ‘true’ branch (when ‘provider’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2778:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2855:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2875:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2877:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2884:15: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2884:15: call_function: calling ‘p11_kit_remote_serve_module’ from ‘p11_kit_remote_serve_tokens’
# 2593|   
# 2594|   		do {
# 2595|-> 			status = p11_rpc_transport_read (in_fd, &state, &code,
# 2596|   			                                 &options, &buffer);
# 2597|   		} while (status == P11_RPC_AGAIN);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def200]
p11-kit-0.25.8/p11-kit/rpc-server.c:2698:17: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2727:1: enter_function: entry to ‘p11_kit_remote_serve_tokens’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2761:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2762:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:46: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:35: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2809:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2812:29: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:63: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2815:20: branch_false: following ‘false’ branch (when ‘i != n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2818:26: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2819:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2823:26: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2844:29: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2845:63: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2845:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2846:33: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2846:33: call_function: calling ‘token_set_write_protected’ from ‘p11_kit_remote_serve_tokens’
# 2696|   {
# 2697|   	const char *write_protected =
# 2698|-> 		p11_kit_uri_get_vendor_query (uri, "write-protected");
# 2699|   	if (write_protected &&
# 2700|   	    _p11_conf_parse_boolean (write_protected, false))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def201]
p11-kit-0.25.8/p11-kit/rpc-server.c:2700:13: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2727:1: enter_function: entry to ‘p11_kit_remote_serve_tokens’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2761:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2762:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:46: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:35: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2809:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2812:29: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:63: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2815:20: branch_false: following ‘false’ branch (when ‘i != n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2818:26: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2819:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2823:26: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2844:29: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2845:63: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2845:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2846:33: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2846:33: call_function: calling ‘token_set_write_protected’ from ‘p11_kit_remote_serve_tokens’
# 2698|   		p11_kit_uri_get_vendor_query (uri, "write-protected");
# 2699|   	if (write_protected &&
# 2700|-> 	    _p11_conf_parse_boolean (write_protected, false))
# 2701|   		token->flags |= CKF_WRITE_PROTECTED;
# 2702|   	else

Error: GCC_ANALYZER_WARNING (CWE-401): [#def202]
p11-kit-0.25.8/p11-kit/rpc-server.c:2761:27: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2761:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2761:27: throw: if ‘p11_kit_uri_new’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2761:27: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/8)
# 2759|   
# 2760|   	for (i = 0; i < n_tokens; i++) {
# 2761|-> 		uris[i] = p11_kit_uri_new ();
# 2762|   		if (uris[i] == NULL) {
# 2763|   			error = ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def203]
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:21: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2761:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2762:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:46: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:21: throw: if ‘p11_kit_uri_parse’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:21: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/8)
# 2764|   			goto out;
# 2765|   		}
# 2766|-> 		if (p11_kit_uri_parse (tokens[i], P11_KIT_URI_FOR_TOKEN, uris[i]) !=
# 2767|   		    P11_KIT_URI_OK) {
# 2768|   			error = EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def204]
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:21: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_true: following ‘true’ branch (when ‘provider’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:21: throw: if ‘p11_kit_module_initialize’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:21: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/8)
# 2772|   
# 2773|   	if (provider) {
# 2774|-> 		if (p11_kit_module_initialize (provider) != CKR_OK) {
# 2775|   			error = EINVAL;
# 2776|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def205]
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: throw: if ‘p11_kit_modules_load_and_initialize’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/8)
# 2779|   		modules = provider_modules;
# 2780|   	} else {
# 2781|-> 		modules = p11_kit_modules_load_and_initialize (0);
# 2782|   		if (modules == NULL) {
# 2783|   			error = EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def206]
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: throw: if ‘p11_dict_new’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/8)
# 2786|   	}
# 2787|   
# 2788|-> 	filters = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal,
# 2789|   				NULL, p11_filter_release);
# 2790|   	if (filters == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def207]
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: throw: if ‘p11_kit_iter_new’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/8)
# 2793|   	}
# 2794|   
# 2795|-> 	iter = p11_kit_iter_new (NULL,
# 2796|   				 P11_KIT_ITER_WITH_TOKENS |
# 2797|   				 P11_KIT_ITER_WITHOUT_OBJECTS);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def208]
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: throw: if ‘p11_kit_iter_begin’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/8)
# 2801|   	}
# 2802|   
# 2803|-> 	p11_kit_iter_begin (iter, modules);
# 2804|   	while (p11_kit_iter_next (iter) == CKR_OK) {
# 2805|   		CK_TOKEN_INFO *token;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def209]
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: throw: if ‘p11_kit_iter_next’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/8)
# 2802|   
# 2803|   	p11_kit_iter_begin (iter, modules);
# 2804|-> 	while (p11_kit_iter_next (iter) == CKR_OK) {
# 2805|   		CK_TOKEN_INFO *token;
# 2806|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def210]
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: throw: if ‘p11_kit_iter_get_kind’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/8)
# 2805|   		CK_TOKEN_INFO *token;
# 2806|   
# 2807|-> 		assert (p11_kit_iter_get_kind (iter) == P11_KIT_ITER_KIND_TOKEN);
# 2808|   
# 2809|   		token = p11_kit_iter_get_token (iter);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def211]
p11-kit-0.25.8/p11-kit/rpc-server.c:2809:25: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2809:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2809:25: throw: if ‘p11_kit_iter_get_token’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2809:25: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/8)
# 2807|   		assert (p11_kit_iter_get_kind (iter) == P11_KIT_ITER_KIND_TOKEN);
# 2808|   
# 2809|-> 		token = p11_kit_iter_get_token (iter);
# 2810|   
# 2811|   		/* Check if the token is the one we want to export */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def212]
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:29: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2761:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2762:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:46: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:35: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2809:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2812:29: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:63: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:29: throw: if ‘p11_kit_uri_match_token_info’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:29: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/8)
# 2811|   		/* Check if the token is the one we want to export */
# 2812|   		for (i = 0; i < n_tokens; i++)
# 2813|-> 			if (p11_kit_uri_match_token_info (uris[i], token))
# 2814|   				break;
# 2815|   		if (i == n_tokens)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def213]
p11-kit-0.25.8/p11-kit/rpc-server.c:2818:26: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2761:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2762:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:46: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:35: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2809:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2812:29: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:63: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2815:20: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2815:20: branch_false: following ‘false’ branch (when ‘i != n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2818:26: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2818:26: throw: if ‘p11_kit_iter_get_module’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2818:26: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/8)
# 2816|   			continue;
# 2817|   
# 2818|-> 		module = p11_kit_iter_get_module (iter);
# 2819|   		assert (module != NULL);
# 2820|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def214]
p11-kit-0.25.8/p11-kit/rpc-server.c:2823:26: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2761:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2762:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:46: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:35: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2809:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2812:29: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:63: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2815:20: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2815:20: branch_false: following ‘false’ branch (when ‘i != n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2818:26: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2819:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2823:26: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2823:26: throw: if ‘p11_dict_get’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2823:26: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/8)
# 2821|   		/* Create a virtual module that provides only the
# 2822|   		 * specified tokens */
# 2823|-> 		filter = p11_dict_get (filters, module);
# 2824|   		if (filter == NULL) {
# 2825|   			lower = calloc (1, sizeof (p11_virtual));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def215]
p11-kit-0.25.8/p11-kit/rpc-server.c:2830:25: warning[-Wanalyzer-malloc-leak]: leak of ‘lower’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2761:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2762:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:46: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:35: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2809:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2812:29: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:63: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2815:20: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2815:20: branch_false: following ‘false’ branch (when ‘i != n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2818:26: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2819:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2823:26: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2824:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2825:33: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2825:33: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2826:28: branch_false: following ‘false’ branch (when ‘lower’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2830:25: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2830:25: throw: if ‘p11_virtual_init’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2830:25: danger: ‘lower’ leaks here; was allocated at [(39)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/38)
# 2828|   				goto out;
# 2829|   			}
# 2830|-> 			p11_virtual_init (lower, &p11_virtual_base, module, NULL);
# 2831|   			filter = p11_filter_subclass (lower, free);
# 2832|   			if (filter == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def216]
p11-kit-0.25.8/p11-kit/rpc-server.c:2830:25: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2761:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2762:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:46: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:35: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2809:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2812:29: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:63: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2815:20: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2815:20: branch_false: following ‘false’ branch (when ‘i != n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2818:26: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2819:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2823:26: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2824:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2825:33: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2826:28: branch_false: following ‘false’ branch (when ‘lower’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2830:25: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2830:25: throw: if ‘p11_virtual_init’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2830:25: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/8)
# 2828|   				goto out;
# 2829|   			}
# 2830|-> 			p11_virtual_init (lower, &p11_virtual_base, module, NULL);
# 2831|   			filter = p11_filter_subclass (lower, free);
# 2832|   			if (filter == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def217]
p11-kit-0.25.8/p11-kit/rpc-server.c:2831:34: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2761:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2762:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:46: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:35: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2809:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2812:29: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:63: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2815:20: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2815:20: branch_false: following ‘false’ branch (when ‘i != n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2818:26: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2819:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2823:26: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2824:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2825:33: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2826:28: branch_false: following ‘false’ branch (when ‘lower’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2830:25: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2831:34: throw: if ‘p11_filter_subclass’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2831:34: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/8)
# 2829|   			}
# 2830|   			p11_virtual_init (lower, &p11_virtual_base, module, NULL);
# 2831|-> 			filter = p11_filter_subclass (lower, free);
# 2832|   			if (filter == NULL) {
# 2833|   				error = EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def218]
p11-kit-0.25.8/p11-kit/rpc-server.c:2834:33: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2761:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2762:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:46: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:35: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2809:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2812:29: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:63: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2815:20: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2815:20: branch_false: following ‘false’ branch (when ‘i != n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2818:26: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2819:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2823:26: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2824:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2825:33: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2826:28: branch_false: following ‘false’ branch (when ‘lower’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2830:25: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2832:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2834:33: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2834:33: throw: if ‘p11_message_err’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2834:33: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/8)
# 2832|   			if (filter == NULL) {
# 2833|   				error = EINVAL;
# 2834|-> 				p11_message_err (error, "couldn't subclass filter");
# 2835|   				goto out;
# 2836|   			}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def219]
p11-kit-0.25.8/p11-kit/rpc-server.c:2837:30: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2761:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2762:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:46: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:35: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2809:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2812:29: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:63: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2815:20: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2815:20: branch_false: following ‘false’ branch (when ‘i != n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2818:26: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2819:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2823:26: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2824:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2825:33: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2826:28: branch_false: following ‘false’ branch (when ‘lower’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2830:25: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2832:28: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2837:30: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2837:30: throw: if ‘p11_dict_set’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2837:30: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/8)
# 2835|   				goto out;
# 2836|   			}
# 2837|-> 			if (!p11_dict_set (filters, module, filter)) {
# 2838|   				error = EINVAL;
# 2839|   				p11_message_err (error, "couldn't register filter");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def220]
p11-kit-0.25.8/p11-kit/rpc-server.c:2839:33: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2761:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2762:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:46: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:35: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2809:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2812:29: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:63: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2815:20: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2815:20: branch_false: following ‘false’ branch (when ‘i != n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2818:26: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2819:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2823:26: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2824:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2825:33: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2826:28: branch_false: following ‘false’ branch (when ‘lower’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2830:25: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2832:28: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2837:30: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2837:28: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2839:33: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2839:33: throw: if ‘p11_message_err’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2839:33: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/8)
# 2837|   			if (!p11_dict_set (filters, module, filter)) {
# 2838|   				error = EINVAL;
# 2839|-> 				p11_message_err (error, "couldn't register filter");
# 2840|   				goto out;
# 2841|   			}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def221]
p11-kit-0.25.8/p11-kit/rpc-server.c:2845:29: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2761:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2762:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:46: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:35: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2809:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2812:29: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:63: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2815:20: branch_false: following ‘false’ branch (when ‘i != n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2818:26: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2819:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2823:26: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2844:29: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2845:63: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2845:29: throw: if ‘p11_kit_uri_match_token_info’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2845:29: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/8)
# 2843|   
# 2844|   		for (i = 0; i < n_tokens; i++) {
# 2845|-> 			if (p11_kit_uri_match_token_info (uris[i], token)) {
# 2846|   				token_set_write_protected (token, uris[i]);
# 2847|   				p11_filter_allow_token (filter, token);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def222]
p11-kit-0.25.8/p11-kit/rpc-server.c:2847:33: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2761:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2762:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:46: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2766:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:35: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2807:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2809:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2812:29: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2813:63: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2815:20: branch_false: following ‘false’ branch (when ‘i != n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2818:26: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2819:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2823:26: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2844:29: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2845:63: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2845:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2846:33: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2847:33: throw: if ‘p11_filter_allow_token’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2847:33: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/8)
# 2845|   			if (p11_kit_uri_match_token_info (uris[i], token)) {
# 2846|   				token_set_write_protected (token, uris[i]);
# 2847|-> 				p11_filter_allow_token (filter, token);
# 2848|   			}
# 2849|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def223]
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: throw: if ‘p11_kit_iter_free’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/31/codeFlows/0/threadFlows/0/locations/8)
# 2849|   		}
# 2850|   	}
# 2851|-> 	p11_kit_iter_free (iter);
# 2852|   
# 2853|   	filtered = p11_array_new ((p11_destroyer)module_unwrap);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def224]
p11-kit-0.25.8/p11-kit/rpc-server.c:2853:20: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2853:20: throw: if ‘p11_array_new’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2853:20: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/32/codeFlows/0/threadFlows/0/locations/8)
# 2851|   	p11_kit_iter_free (iter);
# 2852|   
# 2853|-> 	filtered = p11_array_new ((p11_destroyer)module_unwrap);
# 2854|   	p11_dict_iterate (filters, &filters_iter);
# 2855|   	while (p11_dict_next (&filters_iter, NULL, &value)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def225]
p11-kit-0.25.8/p11-kit/rpc-server.c:2854:9: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2854:9: throw: if ‘p11_dict_iterate’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2854:9: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/33/codeFlows/0/threadFlows/0/locations/8)
# 2852|   
# 2853|   	filtered = p11_array_new ((p11_destroyer)module_unwrap);
# 2854|-> 	p11_dict_iterate (filters, &filters_iter);
# 2855|   	while (p11_dict_next (&filters_iter, NULL, &value)) {
# 2856|   		module = p11_virtual_wrap ((p11_virtual *)value, NULL);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def226]
p11-kit-0.25.8/p11-kit/rpc-server.c:2855:16: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2855:16: throw: if ‘p11_dict_next’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2855:16: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/34/codeFlows/0/threadFlows/0/locations/8)
# 2853|   	filtered = p11_array_new ((p11_destroyer)module_unwrap);
# 2854|   	p11_dict_iterate (filters, &filters_iter);
# 2855|-> 	while (p11_dict_next (&filters_iter, NULL, &value)) {
# 2856|   		module = p11_virtual_wrap ((p11_virtual *)value, NULL);
# 2857|   		if (module == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def227]
p11-kit-0.25.8/p11-kit/rpc-server.c:2856:26: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2855:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2856:26: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2856:26: throw: if ‘p11_virtual_wrap’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2856:26: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/35/codeFlows/0/threadFlows/0/locations/8)
# 2854|   	p11_dict_iterate (filters, &filters_iter);
# 2855|   	while (p11_dict_next (&filters_iter, NULL, &value)) {
# 2856|-> 		module = p11_virtual_wrap ((p11_virtual *)value, NULL);
# 2857|   		if (module == NULL) {
# 2858|   			error = EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def228]
p11-kit-0.25.8/p11-kit/rpc-server.c:2859:25: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2855:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2856:26: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2857:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2859:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2859:25: throw: if ‘p11_message_err’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2859:25: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/36/codeFlows/0/threadFlows/0/locations/8)
# 2857|   		if (module == NULL) {
# 2858|   			error = EINVAL;
# 2859|-> 			p11_message_err (error, "couldn't wrap filter module");
# 2860|   			goto out;
# 2861|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def229]
p11-kit-0.25.8/p11-kit/rpc-server.c:2862:22: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2855:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2856:26: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2857:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2862:22: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2862:22: throw: if ‘p11_array_push’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2862:22: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/37/codeFlows/0/threadFlows/0/locations/8)
# 2860|   			goto out;
# 2861|   		}
# 2862|-> 		if (!p11_array_push (filtered, module)) {
# 2863|   			error = ENOMEM;
# 2864|   			goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def230]
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:14: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2855:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:14: throw: if ‘p11_array_push’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:14: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/38/codeFlows/0/threadFlows/0/locations/8)
# 2867|   
# 2868|   	/* NULL terminate the array */
# 2869|-> 	if (!p11_array_push (filtered, NULL)) {
# 2870|   		error = ENOMEM;
# 2871|   		goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def231]
p11-kit-0.25.8/p11-kit/rpc-server.c:2875:9: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2855:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2875:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2875:9: throw: if ‘p11_kit_modules_finalize’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2875:9: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/39/codeFlows/0/threadFlows/0/locations/8)
# 2873|   
# 2874|   	/* Need to finalize the modules that we initialized for iteration */
# 2875|-> 	p11_kit_modules_finalize (modules);
# 2876|   
# 2877|   	if (p11_proxy_module_create (&proxy, (CK_FUNCTION_LIST **)filtered->elem)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def232]
p11-kit-0.25.8/p11-kit/rpc-server.c:2877:13: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2855:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2875:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2877:13: throw: if ‘p11_proxy_module_create’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2877:13: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/40/codeFlows/0/threadFlows/0/locations/8)
# 2875|   	p11_kit_modules_finalize (modules);
# 2876|   
# 2877|-> 	if (p11_proxy_module_create (&proxy, (CK_FUNCTION_LIST **)filtered->elem)
# 2878|   	    != CKR_OK) {
# 2879|   		error = EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def233]
p11-kit-0.25.8/p11-kit/rpc-server.c:2880:17: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: following ‘false’ branch (when ‘provider’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2781:27: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2782:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2788:19: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2803:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2804:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2851:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2855:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2869:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2875:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2877:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2880:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2880:17: throw: if ‘p11_message_err’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2880:17: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/41/codeFlows/0/threadFlows/0/locations/8)
# 2878|   	    != CKR_OK) {
# 2879|   		error = EINVAL;
# 2880|-> 		p11_message_err (error, "couldn't create a proxy module");
# 2881|   		goto out;
# 2882|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def234]
p11-kit-0.25.8/p11-kit/rpc-server.c:2890:17: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_true: following ‘true’ branch (when ‘provider’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2778:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2790:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2795:16: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2798:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2800:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2889:12: branch_true: following ‘true’ branch (when ‘filters’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2890:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2890:17: throw: if ‘p11_dict_free’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2890:17: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/42/codeFlows/0/threadFlows/0/locations/8)
# 2888|   		p11_array_free (filtered);
# 2889|   	if (filters != NULL)
# 2890|-> 		p11_dict_free (filters);
# 2891|   	if (modules != provider_modules)
# 2892|   		p11_kit_modules_release (modules);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def235]
p11-kit-0.25.8/p11-kit/rpc-server.c:2892:17: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_false: following ‘false’ branch (when ‘i >= n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2773:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2774:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2776:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2889:12: branch_false: following ‘false’ branch (when ‘filters’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2891:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2891:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2892:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2892:17: throw: if ‘p11_kit_modules_release’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2892:17: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/43/codeFlows/0/threadFlows/0/locations/8)
# 2890|   		p11_dict_free (filters);
# 2891|   	if (modules != provider_modules)
# 2892|-> 		p11_kit_modules_release (modules);
# 2893|   	if (error != 0)
# 2894|   		errno = error;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def236]
p11-kit-0.25.8/p11-kit/rpc-server.c:2897:25: warning[-Wanalyzer-malloc-leak]: leak of ‘uris’
p11-kit-0.25.8/p11-kit/rpc-server.c:2749:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2750:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2751:9: branch_true: following ‘true’ branch (when ‘in_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2752:9: branch_true: following ‘true’ branch (when ‘out_fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2754:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: following ‘false’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2755:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2760:21: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2761:21: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2889:12: branch_false: following ‘false’ branch (when ‘filters’ is NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2891:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2891:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-server.c:2892:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2895:12: branch_true: following ‘true’ branch (when ‘uris’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2895:12: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2896:29: branch_true: following ‘true’ branch (when ‘i < n_tokens’)...
p11-kit-0.25.8/p11-kit/rpc-server.c:2897:47: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-server.c:2897:25: throw: if ‘p11_kit_uri_free’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-server.c:2897:25: danger: ‘uris’ leaks here; was allocated at [(9)](sarif:/runs/0/results/44/codeFlows/0/threadFlows/0/locations/8)
# 2895|   	if (uris) {
# 2896|   		for (i = 0; i < n_tokens; i++)
# 2897|-> 			p11_kit_uri_free (uris[i]);
# 2898|   		free (uris);
# 2899|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def237]
p11-kit-0.25.8/p11-kit/rpc-transport.c:609:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rex’
p11-kit-0.25.8/p11-kit/rpc-transport.c:1067:1: enter_function: entry to ‘rpc_exec_init’
p11-kit-0.25.8/p11-kit/rpc-transport.c:1074:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-transport.c:1074:63: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-transport.c:1074:13: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-transport.c:1080:15: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-transport.c:1080:15: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-transport.c:1081:9: branch_true: following ‘true’ branch (when ‘rex’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-transport.c:1083:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-transport.c:1093:9: call_function: calling ‘rpc_transport_init’ from ‘rpc_exec_init’
#  607|   	rpc->destroyer = destroyer;
#  608|   
#  609|-> 	p11_buffer_init_null (&rpc->options, 0);
#  610|   	p11_buffer_add (&rpc->options, module_name, -1);
#  611|   	return_val_if_fail (p11_buffer_ok (&rpc->options), false);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def238]
p11-kit-0.25.8/p11-kit/rpc-transport.c:609:9: warning[-Wanalyzer-malloc-leak]: leak of ‘run’
p11-kit-0.25.8/p11-kit/rpc-transport.c:1235:1: enter_function: entry to ‘rpc_vsock_init’
p11-kit-0.25.8/p11-kit/rpc-transport.c:1241:15: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-transport.c:1242:9: branch_true: following ‘true’ branch (when ‘run’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-transport.c:1244:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-transport.c:1253:9: call_function: calling ‘rpc_transport_init’ from ‘rpc_vsock_init’
#  607|   	rpc->destroyer = destroyer;
#  608|   
#  609|-> 	p11_buffer_init_null (&rpc->options, 0);
#  610|   	p11_buffer_add (&rpc->options, module_name, -1);
#  611|   	return_val_if_fail (p11_buffer_ok (&rpc->options), false);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def239]
p11-kit-0.25.8/p11-kit/rpc-transport.c:833:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(fds[1], 0)’
p11-kit-0.25.8/p11-kit/rpc-transport.c:816:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-transport.c:821:15: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-transport.c:833:21: acquire_resource: opened here
p11-kit-0.25.8/p11-kit/rpc-transport.c:833:20: danger: ‘dup2(fds[1], 0)’ leaks here; was opened at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#  831|   	/* Child */
#  832|   	case 0:
#  833|-> 		if (dup2 (fds[1], STDIN_FILENO) < 0 ||
#  834|   		    dup2 (fds[1], STDOUT_FILENO) < 0) {
#  835|   			errn = errno;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def240]
p11-kit-0.25.8/p11-kit/rpc-transport.c:833:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(fds[1], 1)’
p11-kit-0.25.8/p11-kit/rpc-transport.c:816:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-transport.c:821:15: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-transport.c:833:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-transport.c:834:21: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-transport.c:834:21: acquire_resource: opened here
p11-kit-0.25.8/p11-kit/rpc-transport.c:833:21: danger: ‘dup2(fds[1], 1)’ leaks here; was opened at [(7)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/6)
#  831|   	/* Child */
#  832|   	case 0:
#  833|-> 		if (dup2 (fds[1], STDIN_FILENO) < 0 ||
#  834|   		    dup2 (fds[1], STDOUT_FILENO) < 0) {
#  835|   			errn = errno;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def241]
p11-kit-0.25.8/p11-kit/rpc-transport.c:1062:14: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(argument)’
p11-kit-0.25.8/p11-kit/rpc-transport.c:1062:36: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-transport.c:1062:14: danger: ‘strdup(argument)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
# 1060|   	p11_array *argv = data;
# 1061|   
# 1062|-> 	if (!p11_array_push (argv, strdup (argument)))
# 1063|   		return_if_reached ();
# 1064|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def242]
p11-kit-0.25.8/p11-kit/rpc-transport.c:1083:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rex’
p11-kit-0.25.8/p11-kit/rpc-transport.c:1074:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/rpc-transport.c:1074:63: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-transport.c:1074:13: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/rpc-transport.c:1080:15: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-transport.c:1080:15: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/rpc-transport.c:1081:9: branch_true: following ‘true’ branch (when ‘rex’ is non-NULL)...
p11-kit-0.25.8/p11-kit/rpc-transport.c:1083:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/rpc-transport.c:1083:9: throw: if ‘p11_array_push’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-transport.c:1083:9: danger: ‘rex’ leaks here; was allocated at [(5)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/4)
# 1081|   	return_val_if_fail (rex != NULL, NULL);
# 1082|   
# 1083|-> 	p11_array_push (argv, NULL);
# 1084|   	rex->argv = argv;
# 1085|   #ifdef OS_WIN32

Error: GCC_ANALYZER_WARNING (CWE-775): [#def243]
p11-kit-0.25.8/p11-kit/rpc-transport.c:1119:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
p11-kit-0.25.8/p11-kit/rpc-transport.c:1113:14: acquire_resource: stream socket created here
p11-kit-0.25.8/p11-kit/rpc-transport.c:1114:12: branch_false: following ‘false’ branch (when ‘fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-transport.c:1119:45: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-transport.c:1119:13: throw: if ‘connect’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-transport.c:1119:13: danger: ‘fd’ leaks here
# 1117|   	}
# 1118|   
# 1119|-> 	if (connect (fd, (struct sockaddr *)&run->sa, sizeof (run->sa)) < 0) {
# 1120|   		p11_debug_err (errno, "failed to connect to socket");
# 1121|   		close (fd);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def244]
p11-kit-0.25.8/p11-kit/rpc-transport.c:1200:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
p11-kit-0.25.8/p11-kit/rpc-transport.c:1194:14: acquire_resource: stream socket created here
p11-kit-0.25.8/p11-kit/rpc-transport.c:1195:12: branch_false: following ‘false’ branch (when ‘fd >= 0’)...
p11-kit-0.25.8/p11-kit/rpc-transport.c:1200:45: branch_false: ...to here
p11-kit-0.25.8/p11-kit/rpc-transport.c:1200:13: throw: if ‘connect’ throws an exception...
p11-kit-0.25.8/p11-kit/rpc-transport.c:1200:13: danger: ‘fd’ leaks here
# 1198|   	}
# 1199|   
# 1200|-> 	if (connect (fd, (struct sockaddr *)&run->sa, sizeof (run->sa)) < 0) {
# 1201|   		p11_debug_err (errno, "failed to connect to socket");
# 1202|   		close (fd);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def245]
p11-kit-0.25.8/p11-kit/server.c:162:22: warning[-Wanalyzer-malloc-leak]: leak of ‘server’
p11-kit-0.25.8/p11-kit/server.c:143:9: branch_true: following ‘true’ branch (when ‘tokens’ is non-NULL)...
p11-kit-0.25.8/p11-kit/server.c:144:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/server.c:144:9: branch_true: following ‘true’ branch (when ‘n_tokens != 0’)...
p11-kit-0.25.8/p11-kit/server.c:145:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/server.c:145:9: branch_true: following ‘true’ branch (when ‘socket_name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/server.c:147:18: branch_true: ...to here
p11-kit-0.25.8/p11-kit/server.c:147:18: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/server.c:149:12: branch_false: following ‘false’ branch (when ‘server’ is non-NULL)...
p11-kit-0.25.8/p11-kit/server.c:152:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/server.c:158:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/server.c:161:20: branch_false: ...to here
p11-kit-0.25.8/p11-kit/server.c:161:19: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/server.c:162:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/server.c:162:22: throw: if ‘p11_vsock_parse_addr’ throws an exception...
p11-kit-0.25.8/p11-kit/server.c:162:22: danger: ‘server’ leaks here; was allocated at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  160|   #ifdef HAVE_VSOCK
#  161|   	} else if (strncmp (socket_name, "vsock:", 6) == 0) {
#  162|-> 		if (!p11_vsock_parse_addr(socket_name + 6,
#  163|   					  &server->vsock_cid,
#  164|   					  &server->vsock_port)) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def246]
p11-kit-0.25.8/p11-kit/server.c:353:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sd’
p11-kit-0.25.8/p11-kit/server.c:328:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/server.c:329:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/server.c:334:14: acquire_resource: stream socket created here
p11-kit-0.25.8/p11-kit/server.c:335:12: branch_false: following ‘false’ branch (when ‘sd != -1’)...
p11-kit-0.25.8/p11-kit/server.c:341:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/server.c:345:12: branch_false: following ‘false’ branch (when ‘rc != -1’)...
p11-kit-0.25.8/p11-kit/server.c:351:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/server.c:352:12: branch_true: following ‘true’ branch (when ‘rc == -1’)...
p11-kit-0.25.8/p11-kit/server.c:353:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/server.c:353:17: throw: if ‘close’ throws an exception...
p11-kit-0.25.8/p11-kit/server.c:353:17: danger: ‘sd’ leaks here
#  351|   	rc = listen (sd, 1024);
#  352|   	if (rc == -1) {
#  353|-> 		close (sd);
#  354|   		p11_message_err (errno, _("could not listen to socket %s"), socket_file);
#  355|   		return 1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def247]
p11-kit-0.25.8/p11-kit/server.c:361:25: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sd’
p11-kit-0.25.8/p11-kit/server.c:328:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/server.c:329:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/server.c:334:14: acquire_resource: stream socket created here
p11-kit-0.25.8/p11-kit/server.c:335:12: branch_false: following ‘false’ branch (when ‘sd != -1’)...
p11-kit-0.25.8/p11-kit/server.c:341:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/server.c:345:12: branch_false: following ‘false’ branch (when ‘rc != -1’)...
p11-kit-0.25.8/p11-kit/server.c:351:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/server.c:352:12: branch_false: following ‘false’ branch (when ‘rc != -1’)...
p11-kit-0.25.8/p11-kit/server.c:352:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/server.c:358:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/server.c:359:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/server.c:360:20: branch_true: following ‘true’ branch (when ‘rc == -1’)...
p11-kit-0.25.8/p11-kit/server.c:361:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/server.c:361:25: throw: if ‘close’ throws an exception...
p11-kit-0.25.8/p11-kit/server.c:361:25: danger: ‘sd’ leaks here
#  359|   		rc = chown (socket_file, uid, gid);
#  360|   		if (rc == -1) {
#  361|-> 			close (sd);
#  362|   			p11_message_err (errno, _("could not chown socket %s"), socket_file);
#  363|   			return -1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def248]
p11-kit-0.25.8/p11-kit/server.c:398:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sd’
p11-kit-0.25.8/p11-kit/server.c:383:14: acquire_resource: stream socket created here
p11-kit-0.25.8/p11-kit/server.c:384:12: branch_false: following ‘false’ branch (when ‘sd != -1’)...
p11-kit-0.25.8/p11-kit/server.c:389:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/server.c:390:12: branch_false: following ‘false’ branch (when ‘rc != -1’)...
p11-kit-0.25.8/p11-kit/server.c:396:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/server.c:397:12: branch_true: following ‘true’ branch (when ‘rc == -1’)...
p11-kit-0.25.8/p11-kit/server.c:398:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/server.c:398:17: throw: if ‘close’ throws an exception...
p11-kit-0.25.8/p11-kit/server.c:398:17: danger: ‘sd’ leaks here
#  396|   	rc = listen (sd, 1024);
#  397|   	if (rc == -1) {
#  398|-> 		close (sd);
#  399|   		p11_message_err (errno, _("could not listen to socket %u:%u"), cid, port);
#  400|   		return 1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def249]
p11-kit-0.25.8/p11-kit/test-conf.c:111:9: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("one")’
p11-kit-0.25.8/p11-kit/test-conf.c:111:31: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/test-conf.c:111:9: danger: ‘strdup("one")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  109|   	defaults = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free);
#  110|   
#  111|-> 	p11_dict_set (values, strdup ("one"), strdup ("real1"));
#  112|   	p11_dict_set (values, strdup ("two"), strdup ("real2"));
#  113|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def250]
p11-kit-0.25.8/p11-kit/test-conf.c:111:9: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("real1")’
p11-kit-0.25.8/p11-kit/test-conf.c:111:47: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/test-conf.c:111:9: danger: ‘strdup("real1")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  109|   	defaults = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free);
#  110|   
#  111|-> 	p11_dict_set (values, strdup ("one"), strdup ("real1"));
#  112|   	p11_dict_set (values, strdup ("two"), strdup ("real2"));
#  113|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def251]
p11-kit-0.25.8/p11-kit/test-conf.c:112:9: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("real2")’
p11-kit-0.25.8/p11-kit/test-conf.c:112:47: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/test-conf.c:112:9: danger: ‘strdup("real2")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  110|   
#  111|   	p11_dict_set (values, strdup ("one"), strdup ("real1"));
#  112|-> 	p11_dict_set (values, strdup ("two"), strdup ("real2"));
#  113|   
#  114|   	p11_dict_set (defaults, strdup ("two"), strdup ("default2"));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def252]
p11-kit-0.25.8/p11-kit/test-conf.c:112:9: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("two")’
p11-kit-0.25.8/p11-kit/test-conf.c:112:31: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/test-conf.c:112:9: danger: ‘strdup("two")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  110|   
#  111|   	p11_dict_set (values, strdup ("one"), strdup ("real1"));
#  112|-> 	p11_dict_set (values, strdup ("two"), strdup ("real2"));
#  113|   
#  114|   	p11_dict_set (defaults, strdup ("two"), strdup ("default2"));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def253]
p11-kit-0.25.8/p11-kit/test-conf.c:114:9: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("default2")’
p11-kit-0.25.8/p11-kit/test-conf.c:114:49: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/test-conf.c:114:9: danger: ‘strdup("default2")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  112|   	p11_dict_set (values, strdup ("two"), strdup ("real2"));
#  113|   
#  114|-> 	p11_dict_set (defaults, strdup ("two"), strdup ("default2"));
#  115|   	p11_dict_set (defaults, strdup ("three"), strdup ("default3"));
#  116|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def254]
p11-kit-0.25.8/p11-kit/test-conf.c:114:9: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("two")’
p11-kit-0.25.8/p11-kit/test-conf.c:114:33: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/test-conf.c:114:9: danger: ‘strdup("two")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  112|   	p11_dict_set (values, strdup ("two"), strdup ("real2"));
#  113|   
#  114|-> 	p11_dict_set (defaults, strdup ("two"), strdup ("default2"));
#  115|   	p11_dict_set (defaults, strdup ("three"), strdup ("default3"));
#  116|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def255]
p11-kit-0.25.8/p11-kit/test-conf.c:115:9: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("default3")’
p11-kit-0.25.8/p11-kit/test-conf.c:115:51: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/test-conf.c:115:9: danger: ‘strdup("default3")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  113|   
#  114|   	p11_dict_set (defaults, strdup ("two"), strdup ("default2"));
#  115|-> 	p11_dict_set (defaults, strdup ("three"), strdup ("default3"));
#  116|   
#  117|   	if (!_p11_conf_merge_defaults (values, defaults))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def256]
p11-kit-0.25.8/p11-kit/test-conf.c:115:9: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("three")’
p11-kit-0.25.8/p11-kit/test-conf.c:115:33: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/test-conf.c:115:9: danger: ‘strdup("three")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  113|   
#  114|   	p11_dict_set (defaults, strdup ("two"), strdup ("default2"));
#  115|-> 	p11_dict_set (defaults, strdup ("three"), strdup ("default3"));
#  116|   
#  117|   	if (!_p11_conf_merge_defaults (values, defaults))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def257]
p11-kit-0.25.8/p11-kit/test-iter.c:1016:16: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("booo")’
p11-kit-0.25.8/p11-kit/test-iter.c:1016:60: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/test-iter.c:1016:16: danger: ‘strdup("booo")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
# 1014|   
# 1015|   	assert_str_eq ("PIN for TEST LABEL", pin_description);
# 1016|-> 	return p11_kit_pin_new_for_buffer ((unsigned char*)strdup ("booo"), 4,
# 1017|   					   free);
# 1018|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def258]
p11-kit-0.25.8/p11-kit/test-managed.c:273:22: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
p11-kit-0.25.8/p11-kit/test-managed.c:256:1: enter_function: entry to ‘test_fork_and_reinitialize’
p11-kit-0.25.8/p11-kit/test-managed.c:265:18: call_function: calling ‘setup_mock_module’ from ‘test_fork_and_reinitialize’
p11-kit-0.25.8/p11-kit/test-managed.c:265:18: return_function: returning to ‘test_fork_and_reinitialize’ from ‘setup_mock_module’
p11-kit-0.25.8/p11-kit/test-managed.c:266:9: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/test-managed.c:266:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/test-managed.c:272:12: branch_true: following ‘true’ branch (when ‘pid == 0’)...
p11-kit-0.25.8/p11-kit/test-managed.c:273:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-managed.c:273:22: danger: dereference of NULL ‘setup_mock_module(0)’
#  271|   	/* The child */
#  272|   	if (pid == 0) {
#  273|-> 		rv = (module->C_Initialize) (NULL);
#  274|   		assert_num_eq (CKR_OK, rv);
#  275|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def259]
p11-kit-0.25.8/p11-kit/test-managed.c:288:22: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
p11-kit-0.25.8/p11-kit/test-managed.c:256:1: enter_function: entry to ‘test_fork_and_reinitialize’
p11-kit-0.25.8/p11-kit/test-managed.c:265:18: call_function: calling ‘setup_mock_module’ from ‘test_fork_and_reinitialize’
p11-kit-0.25.8/p11-kit/test-managed.c:265:18: return_function: returning to ‘test_fork_and_reinitialize’ from ‘setup_mock_module’
p11-kit-0.25.8/p11-kit/test-managed.c:266:9: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/test-managed.c:266:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/test-managed.c:272:12: branch_false: following ‘false’ branch (when ‘pid != 0’)...
p11-kit-0.25.8/p11-kit/test-managed.c:272:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/test-managed.c:287:21: branch_true: following ‘true’ branch (when ‘i != 128’)...
p11-kit-0.25.8/p11-kit/test-managed.c:288:22: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-managed.c:288:22: danger: dereference of NULL ‘setup_mock_module(0)’
#  286|   
#  287|   	for (i = 0; i < 128; i++) {
#  288|-> 		rv = (module->C_GetInfo) (&info);
#  289|   		assert_num_eq (CKR_OK, rv);
#  290|   	}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def260]
p11-kit-0.25.8/p11-kit/test-mock.c:57:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
p11-kit-0.25.8/p11-kit/test-mock.c:49:1: enter_function: entry to ‘test_get_info’
p11-kit-0.25.8/p11-kit/test-mock.c:55:18: call_function: calling ‘setup_mock_module’ from ‘test_get_info’
p11-kit-0.25.8/p11-kit/test-mock.c:55:18: return_function: returning to ‘test_get_info’ from ‘setup_mock_module’
p11-kit-0.25.8/p11-kit/test-mock.c:57:14: danger: dereference of NULL ‘setup_mock_module(0)’
#   55|   	module = setup_mock_module (NULL);
#   56|   
#   57|-> 	rv = (module->C_GetInfo) (&info);
#   58|   	assert_num_eq (rv, CKR_OK);
#   59|   	assert_num_eq (MOCK_INFO.cryptokiVersion.major, info.cryptokiVersion.major);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def261]
p11-kit-0.25.8/p11-kit/test-mock.c:81:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
p11-kit-0.25.8/p11-kit/test-mock.c:71:1: enter_function: entry to ‘test_get_slot_list’
p11-kit-0.25.8/p11-kit/test-mock.c:78:18: call_function: calling ‘setup_mock_module’ from ‘test_get_slot_list’
p11-kit-0.25.8/p11-kit/test-mock.c:78:18: return_function: returning to ‘test_get_slot_list’ from ‘setup_mock_module’
p11-kit-0.25.8/p11-kit/test-mock.c:81:14: danger: dereference of NULL ‘setup_mock_module(0)’
#   79|   
#   80|   	/* Normal module has 2 slots, one with token present */
#   81|-> 	rv = (module->C_GetSlotList) (CK_TRUE, NULL, &count);
#   82|   	assert (rv == CKR_OK);
#   83|   	assert_num_eq (MOCK_SLOTS_PRESENT, count);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def262]
p11-kit-0.25.8/p11-kit/test-mock.c:114:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
p11-kit-0.25.8/p11-kit/test-mock.c:105:1: enter_function: entry to ‘test_get_slot_info’
p11-kit-0.25.8/p11-kit/test-mock.c:112:18: call_function: calling ‘setup_mock_module’ from ‘test_get_slot_info’
p11-kit-0.25.8/p11-kit/test-mock.c:112:18: return_function: returning to ‘test_get_slot_info’ from ‘setup_mock_module’
p11-kit-0.25.8/p11-kit/test-mock.c:114:14: danger: dereference of NULL ‘setup_mock_module(0)’
#  112|   	module = setup_mock_module (NULL);
#  113|   
#  114|-> 	rv = (module->C_GetSlotInfo) (MOCK_SLOT_ONE_ID, &info);
#  115|   	assert (rv == CKR_OK);
#  116|   	string = p11_kit_space_strdup (info.slotDescription, sizeof (info.slotDescription));

Error: GCC_ANALYZER_WARNING (CWE-476): [#def263]
p11-kit-0.25.8/p11-kit/test-mock.c:148:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
p11-kit-0.25.8/p11-kit/test-mock.c:139:1: enter_function: entry to ‘test_get_token_info’
p11-kit-0.25.8/p11-kit/test-mock.c:146:18: call_function: calling ‘setup_mock_module’ from ‘test_get_token_info’
p11-kit-0.25.8/p11-kit/test-mock.c:146:18: return_function: returning to ‘test_get_token_info’ from ‘setup_mock_module’
p11-kit-0.25.8/p11-kit/test-mock.c:148:14: danger: dereference of NULL ‘setup_mock_module(0)’
#  146|   	module = setup_mock_module (NULL);
#  147|   
#  148|-> 	rv = (module->C_GetTokenInfo) (MOCK_SLOT_ONE_ID, &info);
#  149|   	assert (rv == CKR_OK);
#  150|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def264]
p11-kit-0.25.8/p11-kit/test-mock.c:199:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
p11-kit-0.25.8/p11-kit/test-mock.c:190:1: enter_function: entry to ‘test_get_mechanism_list’
p11-kit-0.25.8/p11-kit/test-mock.c:197:18: call_function: calling ‘setup_mock_module’ from ‘test_get_mechanism_list’
p11-kit-0.25.8/p11-kit/test-mock.c:197:18: return_function: returning to ‘test_get_mechanism_list’ from ‘setup_mock_module’
p11-kit-0.25.8/p11-kit/test-mock.c:199:14: danger: dereference of NULL ‘setup_mock_module(0)’
#  197|   	module = setup_mock_module (NULL);
#  198|   
#  199|-> 	rv = (module->C_GetMechanismList) (MOCK_SLOT_ONE_ID, NULL, &count);
#  200|   	assert (rv == CKR_OK);
#  201|   	assert_num_eq (2, count);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def265]
p11-kit-0.25.8/p11-kit/test-mock.c:226:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
p11-kit-0.25.8/p11-kit/test-mock.c:218:1: enter_function: entry to ‘test_get_mechanism_info’
p11-kit-0.25.8/p11-kit/test-mock.c:224:18: call_function: calling ‘setup_mock_module’ from ‘test_get_mechanism_info’
p11-kit-0.25.8/p11-kit/test-mock.c:224:18: return_function: returning to ‘test_get_mechanism_info’ from ‘setup_mock_module’
p11-kit-0.25.8/p11-kit/test-mock.c:226:14: danger: dereference of NULL ‘setup_mock_module(0)’
#  224|   	module = setup_mock_module (NULL);
#  225|   
#  226|-> 	rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, CKM_MOCK_CAPITALIZE, &info);
#  227|   	assert_num_eq (rv, CKR_OK);
#  228|   	assert_num_eq (512, info.ulMinKeySize);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def266]
p11-kit-0.25.8/p11-kit/test-mock.c:256:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
p11-kit-0.25.8/p11-kit/test-mock.c:249:1: enter_function: entry to ‘test_init_token’
p11-kit-0.25.8/p11-kit/test-mock.c:254:18: call_function: calling ‘setup_mock_module’ from ‘test_init_token’
p11-kit-0.25.8/p11-kit/test-mock.c:254:18: return_function: returning to ‘test_init_token’ from ‘setup_mock_module’
p11-kit-0.25.8/p11-kit/test-mock.c:256:14: danger: dereference of NULL ‘setup_mock_module(0)’
#  254|   	module = setup_mock_module (NULL);
#  255|   
#  256|-> 	rv = (module->C_InitToken) (MOCK_SLOT_ONE_ID, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL                      ");
#  257|   	assert (rv == CKR_OK);
#  258|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def267]
p11-kit-0.25.8/p11-kit/test-mock.c:282:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
p11-kit-0.25.8/p11-kit/test-mock.c:270:1: enter_function: entry to ‘test_wait_for_slot_event’
p11-kit-0.25.8/p11-kit/test-mock.c:280:18: call_function: calling ‘setup_mock_module’ from ‘test_wait_for_slot_event’
p11-kit-0.25.8/p11-kit/test-mock.c:280:18: return_function: returning to ‘test_wait_for_slot_event’ from ‘setup_mock_module’
p11-kit-0.25.8/p11-kit/test-mock.c:282:14: danger: dereference of NULL ‘setup_mock_module(0)’
#  280|   	module = setup_mock_module (NULL);
#  281|   
#  282|-> 	rv = (module->C_WaitForSlotEvent) (0, &slot, NULL);
#  283|   	assert (rv == CKR_OK);
#  284|   	assert_num_eq (slot, MOCK_SLOT_TWO_ID);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def268]
p11-kit-0.25.8/p11-kit/test-mock.c:301:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
p11-kit-0.25.8/p11-kit/test-mock.c:293:1: enter_function: entry to ‘test_open_close_session’
p11-kit-0.25.8/p11-kit/test-mock.c:299:18: call_function: calling ‘setup_mock_module’ from ‘test_open_close_session’
p11-kit-0.25.8/p11-kit/test-mock.c:299:18: return_function: returning to ‘test_open_close_session’ from ‘setup_mock_module’
p11-kit-0.25.8/p11-kit/test-mock.c:301:14: danger: dereference of NULL ‘setup_mock_module(0)’
#  299|   	module = setup_mock_module (NULL);
#  300|   
#  301|-> 	rv = (module->C_OpenSession) (MOCK_SLOT_TWO_ID, CKF_SERIAL_SESSION, NULL, NULL, &session);
#  302|   	assert (rv == CKR_TOKEN_NOT_PRESENT);
#  303|   	rv = (module->C_OpenSession) (0, CKF_SERIAL_SESSION, NULL, NULL, &session);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def269]
p11-kit-0.25.8/p11-kit/test-mock.c:328:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
p11-kit-0.25.8/p11-kit/test-mock.c:320:1: enter_function: entry to ‘test_close_all_sessions’
p11-kit-0.25.8/p11-kit/test-mock.c:326:18: call_function: calling ‘setup_mock_module’ from ‘test_close_all_sessions’
p11-kit-0.25.8/p11-kit/test-mock.c:326:18: return_function: returning to ‘test_close_all_sessions’ from ‘setup_mock_module’
p11-kit-0.25.8/p11-kit/test-mock.c:328:14: danger: dereference of NULL ‘setup_mock_module(0)’
#  326|   	module = setup_mock_module (NULL);
#  327|   
#  328|-> 	rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session);
#  329|   	assert (rv == CKR_OK);
#  330|   	assert (session != 0);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def270]
p11-kit-0.25.8/p11-kit/test-mock.c:381:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
p11-kit-0.25.8/p11-kit/test-mock.c:372:1: enter_function: entry to ‘test_get_session_info’
p11-kit-0.25.8/p11-kit/test-mock.c:379:18: call_function: calling ‘setup_mock_module’ from ‘test_get_session_info’
p11-kit-0.25.8/p11-kit/test-mock.c:379:18: return_function: returning to ‘test_get_session_info’ from ‘setup_mock_module’
p11-kit-0.25.8/p11-kit/test-mock.c:381:14: danger: dereference of NULL ‘setup_mock_module(0)’
#  379|   	module = setup_mock_module (NULL);
#  380|   
#  381|-> 	rv = (module->C_GetSessionInfo) (0, &info);
#  382|   	assert (rv == CKR_SESSION_HANDLE_INVALID);
#  383|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def271]
p11-kit-0.25.8/p11-kit/test-modules.c:280:17: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/p11-kit/test-modules.c:270:21: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/test-modules.c:271:24: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-modules.c:277:32: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/test-modules.c:280:17: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/p11-kit/test-modules.c:280:17: danger: ‘name’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  278|   		}
#  279|   
#  280|-> 		assert_str_eq (expected[i], name);
#  281|   		free (name);
#  282|   	}

Error: GCC_ANALYZER_WARNING (CWE-688): [#def272]
p11-kit-0.25.8/p11-kit/test-modules.c:280:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘name’ where non-null expected
p11-kit-0.25.8/p11-kit/test-modules.c:270:21: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/test-modules.c:271:24: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-modules.c:277:32: acquire_memory: this call could return NULL
p11-kit-0.25.8/p11-kit/test-modules.c:280:17: danger: argument 2 (‘name’) from [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) could be NULL where non-null expected
#  278|   		}
#  279|   
#  280|-> 		assert_str_eq (expected[i], name);
#  281|   		free (name);
#  282|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def273]
p11-kit-0.25.8/p11-kit/test-pin.c:55:16: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("one")’
p11-kit-0.25.8/p11-kit/test-pin.c:54:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/test-pin.c:55:60: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-pin.c:55:60: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/test-pin.c:55:16: danger: ‘strdup("one")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   53|   	int *data = callback_data;
#   54|   	assert (*data == 33);
#   55|-> 	return p11_kit_pin_new_for_buffer ((unsigned char*)strdup ("one"), 3, free);
#   56|   }
#   57|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def274]
p11-kit-0.25.8/p11-kit/test-proxy3.c:139:14: warning[-Wanalyzer-malloc-leak]: leak of ‘interfaces’
p11-kit-0.25.8/p11-kit/test-proxy3.c:133:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/test-proxy3.c:134:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-proxy3.c:136:22: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/test-proxy3.c:137:9: branch_true: following ‘true’ branch (when ‘interfaces’ is non-NULL)...
p11-kit-0.25.8/p11-kit/test-proxy3.c:139:14: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-proxy3.c:139:14: throw: if ‘C_GetInterfaceList’ throws an exception...
p11-kit-0.25.8/p11-kit/test-proxy3.c:139:14: danger: ‘interfaces’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  137|   	assert (interfaces != NULL);
#  138|   
#  139|-> 	rv = C_GetInterfaceList (interfaces, &count);
#  140|   	assert (rv == CKR_OK);
#  141|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def275]
p11-kit-0.25.8/p11-kit/test-rpc-message.c:153:14: warning[-Wanalyzer-malloc-leak]: leak of ‘mixin’
p11-kit-0.25.8/p11-kit/test-rpc-message.c:149:17: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/test-rpc-message.c:150:9: branch_true: following ‘true’ branch (when ‘mixin’ is non-NULL)...
p11-kit-0.25.8/p11-kit/test-rpc-message.c:152:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-rpc-message.c:153:14: throw: if ‘p11_rpc_client_init’ throws an exception...
p11-kit-0.25.8/p11-kit/test-rpc-message.c:153:14: danger: ‘mixin’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  151|   
#  152|   	vtable->data = "vtable-data";
#  153|-> 	if (!p11_rpc_client_init (mixin, vtable))
#  154|   		assert_not_reached ();
#  155|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def276]
p11-kit-0.25.8/p11-kit/test-rpc-message.c:768:23: warning[-Wanalyzer-malloc-leak]: leak of ‘val.pParameter’
p11-kit-0.25.8/p11-kit/test-rpc-message.c:751:21: branch_true: following ‘true’ branch (when ‘i != 2’)...
p11-kit-0.25.8/p11-kit/test-rpc-message.c:752:24: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-rpc-message.c:755:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/test-rpc-message.c:757:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-rpc-message.c:759:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/test-rpc-message.c:760:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-rpc-message.c:760:17: branch_true: following ‘true’ branch (when ‘__n1 == __n2’)...
p11-kit-0.25.8/p11-kit/test-rpc-message.c:761:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-rpc-message.c:761:17: branch_true: following ‘true’ branch (when ‘__p2’ is NULL)...
p11-kit-0.25.8/p11-kit/test-rpc-message.c:762:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-rpc-message.c:762:17: branch_true: following ‘true’ branch (when ‘__n1 == __n2’)...
p11-kit-0.25.8/p11-kit/test-rpc-message.c:764:42: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-rpc-message.c:764:34: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/test-rpc-message.c:765:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/test-rpc-message.c:767:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-rpc-message.c:768:23: throw: if ‘p11_rpc_buffer_get_mechanism’ throws an exception...
p11-kit-0.25.8/p11-kit/test-rpc-message.c:768:23: danger: ‘val.pParameter’ leaks here; was allocated at [(13)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/12)
#  766|   
#  767|   		offset = offset2;
#  768|-> 		ret = p11_rpc_buffer_get_mechanism (&buffer, &offset, &val);
#  769|   		assert_num_eq (true, ret);
#  770|   		assert_num_eq (mechs[i].mechanism, val.mechanism);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def277]
p11-kit-0.25.8/p11-kit/test-rpc.c:520:14: warning[-Wanalyzer-malloc-leak]: leak of ‘mixin’
p11-kit-0.25.8/p11-kit/test-rpc.c:516:17: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/test-rpc.c:517:9: branch_true: following ‘true’ branch (when ‘mixin’ is non-NULL)...
p11-kit-0.25.8/p11-kit/test-rpc.c:519:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-rpc.c:520:14: throw: if ‘p11_rpc_client_init’ throws an exception...
p11-kit-0.25.8/p11-kit/test-rpc.c:520:14: danger: ‘mixin’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  518|   
#  519|   	vtable->data = "vtable-data";
#  520|-> 	if (!p11_rpc_client_init (mixin, vtable))
#  521|   		assert_not_reached ();
#  522|   

Error: GCC_ANALYZER_WARNING: [#def278]
p11-kit-0.25.8/p11-kit/test-server.c:155:21: warning[-Wanalyzer-fd-use-without-check]: ‘dup2’ on possibly invalid file descriptor ‘1’
p11-kit-0.25.8/p11-kit/test-server.c:150:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/test-server.c:153:13: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-server.c:153:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/test-server.c:154:17: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-server.c:154:17: release_resource: closed here
p11-kit-0.25.8/p11-kit/test-server.c:155:21: danger: ‘1’ could be invalid
#  153|   	if (test.pid == 0) {
#  154|   		close (STDOUT_FILENO);
#  155|-> 		if (dup2 (fds[0], STDOUT_FILENO) == -1)
#  156|   			assert_not_reached ();
#  157|   		if (execv (BUILDDIR "/p11-kit/p11-kit-server-testable" EXEEXT,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def279]
p11-kit-0.25.8/p11-kit/test-transport-base.c:170:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
p11-kit-0.25.8/p11-kit/test-transport-base.c:169:14: acquire_resource: stream socket created here
p11-kit-0.25.8/p11-kit/test-transport-base.c:170:9: branch_false: following ‘false’ branch (when ‘__n1 == 18446744073709551615’)...
p11-kit-0.25.8/p11-kit/test-transport-base.c:170:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/test-transport-base.c:170:9: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/p11-kit/test-transport-base.c:170:9: danger: ‘fd’ leaks here
#  168|   	remove (sa.sun_path);
#  169|   	fd = socket (AF_UNIX, SOCK_STREAM, 0);
#  170|-> 	assert_num_cmp (fd, !=, -1);
#  171|   
#  172|   	rc = bind (fd, (struct sockaddr *)&sa, SUN_LEN (&sa));

Error: GCC_ANALYZER_WARNING: [#def280]
p11-kit-0.25.8/p11-kit/test-transport-base.c:175:14: warning[-Wanalyzer-fd-use-without-check]: ‘listen’ on possibly invalid file descriptor ‘fd’
p11-kit-0.25.8/p11-kit/test-transport-base.c:170:9: branch_false: following ‘false’ branch (when ‘__n1 == 18446744073709551615’)...
p11-kit-0.25.8/p11-kit/test-transport-base.c:170:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/test-transport-base.c:175:14: danger: ‘fd’ could be invalid
#  173|   	assert_num_cmp (rc, !=, -1);
#  174|   
#  175|-> 	rc = listen (fd, 1024);
#  176|   	assert_num_cmp (rc, !=, -1);
#  177|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def281]
p11-kit-0.25.8/p11-kit/test-transport-base.c:176:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
p11-kit-0.25.8/p11-kit/test-transport-base.c:169:14: acquire_resource: stream socket created here
p11-kit-0.25.8/p11-kit/test-transport-base.c:176:9: branch_false: following ‘false’ branch (when ‘__n1 == 18446744073709551615’)...
p11-kit-0.25.8/p11-kit/test-transport-base.c:176:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/test-transport-base.c:176:9: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/p11-kit/test-transport-base.c:176:9: danger: ‘fd’ leaks here
#  174|   
#  175|   	rc = listen (fd, 1024);
#  176|-> 	assert_num_cmp (rc, !=, -1);
#  177|   
#  178|   	FD_ZERO (&fds);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def282]
p11-kit-0.25.8/p11-kit/test-transport-base.c:180:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
p11-kit-0.25.8/p11-kit/test-transport-base.c:169:14: acquire_resource: stream socket created here
p11-kit-0.25.8/p11-kit/test-transport-base.c:176:9: branch_false: following ‘false’ branch (when ‘__n1 == 18446744073709551615’)...
p11-kit-0.25.8/p11-kit/test-transport-base.c:176:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/test-transport-base.c:178:9: branch_true: following ‘true’ branch (when ‘__i != 16’)...
p11-kit-0.25.8/p11-kit/test-transport-base.c:178:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-transport-base.c:180:14: throw: if ‘select’ throws an exception...
p11-kit-0.25.8/p11-kit/test-transport-base.c:180:14: danger: ‘fd’ leaks here
#  178|   	FD_ZERO (&fds);
#  179|   	FD_SET (fd, &fds);
#  180|-> 	rc = select (fd + 1, &fds, NULL, NULL, NULL);
#  181|   	assert_num_cmp (rc, !=, -1);
#  182|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def283]
p11-kit-0.25.8/p11-kit/test-transport-base.c:181:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
p11-kit-0.25.8/p11-kit/test-transport-base.c:169:14: acquire_resource: stream socket created here
p11-kit-0.25.8/p11-kit/test-transport-base.c:176:9: branch_false: following ‘false’ branch (when ‘__n1 == 18446744073709551615’)...
p11-kit-0.25.8/p11-kit/test-transport-base.c:176:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/test-transport-base.c:178:9: branch_true: following ‘true’ branch (when ‘__i != 16’)...
p11-kit-0.25.8/p11-kit/test-transport-base.c:178:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-transport-base.c:181:9: branch_false: following ‘false’ branch (when ‘__n1 == 18446744073709551615’)...
p11-kit-0.25.8/p11-kit/test-transport-base.c:181:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/test-transport-base.c:181:9: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/p11-kit/test-transport-base.c:181:9: danger: ‘fd’ leaks here
#  179|   	FD_SET (fd, &fds);
#  180|   	rc = select (fd + 1, &fds, NULL, NULL, NULL);
#  181|-> 	assert_num_cmp (rc, !=, -1);
#  182|   
#  183|   	assert (FD_ISSET (fd, &fds));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def284]
p11-kit-0.25.8/p11-kit/test-transport-base.c:183:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
p11-kit-0.25.8/p11-kit/test-transport-base.c:169:14: acquire_resource: stream socket created here
p11-kit-0.25.8/p11-kit/test-transport-base.c:176:9: branch_false: following ‘false’ branch (when ‘__n1 == 18446744073709551615’)...
p11-kit-0.25.8/p11-kit/test-transport-base.c:176:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/test-transport-base.c:178:9: branch_true: following ‘true’ branch (when ‘__i != 16’)...
p11-kit-0.25.8/p11-kit/test-transport-base.c:178:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-transport-base.c:183:9: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/test-transport-base.c:183:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/test-transport-base.c:183:9: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/p11-kit/test-transport-base.c:183:9: danger: ‘fd’ leaks here
#  181|   	assert_num_cmp (rc, !=, -1);
#  182|   
#  183|-> 	assert (FD_ISSET (fd, &fds));
#  184|   
#  185|   	sa_len = sizeof (sa);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def285]
p11-kit-0.25.8/p11-kit/test-transport-base.c:186:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
p11-kit-0.25.8/p11-kit/test-transport-base.c:169:14: acquire_resource: stream socket created here
p11-kit-0.25.8/p11-kit/test-transport-base.c:176:9: branch_false: following ‘false’ branch (when ‘__n1 == 18446744073709551615’)...
p11-kit-0.25.8/p11-kit/test-transport-base.c:176:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/test-transport-base.c:178:9: branch_true: following ‘true’ branch (when ‘__i != 16’)...
p11-kit-0.25.8/p11-kit/test-transport-base.c:178:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-transport-base.c:186:15: throw: if ‘accept’ throws an exception...
p11-kit-0.25.8/p11-kit/test-transport-base.c:186:15: danger: ‘fd’ leaks here
#  184|   
#  185|   	sa_len = sizeof (sa);
#  186|-> 	nfd = accept (fd, (struct sockaddr *)&sa, &sa_len);
#  187|   	assert_num_cmp (rc, !=, -1);
#  188|   	close (fd);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def286]
p11-kit-0.25.8/p11-kit/test-virtual.c:194:14: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
p11-kit-0.25.8/p11-kit/test-virtual.c:191:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/test-virtual.c:192:9: branch_true: following ‘true’ branch (when ‘list’ is non-NULL)...
p11-kit-0.25.8/p11-kit/test-virtual.c:194:14: branch_true: ...to here
p11-kit-0.25.8/p11-kit/test-virtual.c:194:14: throw: if the called function throws an exception...
p11-kit-0.25.8/p11-kit/test-virtual.c:194:14: danger: ‘list’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  192|   	assert (list != NULL);
#  193|   
#  194|-> 	rv = (module->C_GetInterfaceList) (list, &count);
#  195|   	assert_num_eq (CKR_OK, rv);
#  196|   	assert_num_eq (count, 1);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def287]
p11-kit-0.25.8/p11-kit/tool.c:151:30: warning[-Wanalyzer-malloc-leak]: leak of ‘modules’
p11-kit-0.25.8/p11-kit/tool.c:140:9: branch_true: following ‘true’ branch (when ‘tool’ is non-NULL)...
p11-kit-0.25.8/p11-kit/tool.c:143:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/tool.c:143:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/tool.c:145:13: branch_true: ...to here
p11-kit-0.25.8/p11-kit/tool.c:145:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/tool.c:148:27: branch_true: ...to here
p11-kit-0.25.8/p11-kit/tool.c:148:27: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/tool.c:149:17: branch_true: following ‘true’ branch (when ‘modules’ is non-NULL)...
p11-kit-0.25.8/p11-kit/tool.c:151:30: branch_true: ...to here
p11-kit-0.25.8/p11-kit/tool.c:151:30: throw: if ‘p11_kit_module_load’ throws an exception...
p11-kit-0.25.8/p11-kit/tool.c:151:30: danger: ‘modules’ leaks here; was allocated at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  149|   		return_val_if_fail (modules, NULL);
#  150|   
#  151|-> 		modules[0] = p11_kit_module_load (tool->provider, 0);
#  152|   		if (!modules[0]) {
#  153|   			free (modules);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def288]
p11-kit-0.25.8/p11-kit/tool.c:157:21: warning[-Wanalyzer-malloc-leak]: leak of ‘modules’
p11-kit-0.25.8/p11-kit/tool.c:140:9: branch_true: following ‘true’ branch (when ‘tool’ is non-NULL)...
p11-kit-0.25.8/p11-kit/tool.c:143:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/tool.c:143:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/tool.c:145:13: branch_true: ...to here
p11-kit-0.25.8/p11-kit/tool.c:145:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/tool.c:148:27: branch_true: ...to here
p11-kit-0.25.8/p11-kit/tool.c:148:27: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/tool.c:149:17: branch_true: following ‘true’ branch (when ‘modules’ is non-NULL)...
p11-kit-0.25.8/p11-kit/tool.c:151:30: branch_true: ...to here
p11-kit-0.25.8/p11-kit/tool.c:152:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/tool.c:157:21: branch_false: ...to here
p11-kit-0.25.8/p11-kit/tool.c:157:21: throw: if ‘p11_kit_module_initialize’ throws an exception...
p11-kit-0.25.8/p11-kit/tool.c:157:21: danger: ‘modules’ leaks here; was allocated at [(7)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/6)
#  155|   		}
#  156|   
#  157|-> 		if (p11_kit_module_initialize (modules[0]) != CKR_OK) {
#  158|   			p11_kit_module_release (modules[0]);
#  159|   			free (modules);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def289]
p11-kit-0.25.8/p11-kit/tool.c:158:25: warning[-Wanalyzer-malloc-leak]: leak of ‘modules’
p11-kit-0.25.8/p11-kit/tool.c:140:9: branch_true: following ‘true’ branch (when ‘tool’ is non-NULL)...
p11-kit-0.25.8/p11-kit/tool.c:143:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/tool.c:143:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/tool.c:145:13: branch_true: ...to here
p11-kit-0.25.8/p11-kit/tool.c:145:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/tool.c:148:27: branch_true: ...to here
p11-kit-0.25.8/p11-kit/tool.c:148:27: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/tool.c:149:17: branch_true: following ‘true’ branch (when ‘modules’ is non-NULL)...
p11-kit-0.25.8/p11-kit/tool.c:151:30: branch_true: ...to here
p11-kit-0.25.8/p11-kit/tool.c:152:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/tool.c:157:21: branch_false: ...to here
p11-kit-0.25.8/p11-kit/tool.c:157:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/tool.c:158:25: branch_true: ...to here
p11-kit-0.25.8/p11-kit/tool.c:158:25: throw: if ‘p11_kit_module_release’ throws an exception...
p11-kit-0.25.8/p11-kit/tool.c:158:25: danger: ‘modules’ leaks here; was allocated at [(7)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/6)
#  156|   
#  157|   		if (p11_kit_module_initialize (modules[0]) != CKR_OK) {
#  158|-> 			p11_kit_module_release (modules[0]);
#  159|   			free (modules);
#  160|   			return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def290]
p11-kit-0.25.8/p11-kit/uri.c:844:9: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/p11-kit/uri.c:1572:1: enter_function: entry to ‘parse_vendor_query’
p11-kit-0.25.8/p11-kit/uri.c:1579:9: branch_true: following ‘true’ branch (when ‘name_start <= name_end’)...
p11-kit-0.25.8/p11-kit/uri.c:1580:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1580:9: branch_true: following ‘true’ branch (when ‘start <= end’)...
p11-kit-0.25.8/p11-kit/uri.c:1582:24: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1582:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/uri.c:1583:12: branch_false: following ‘false’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:1585:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1589:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/uri.c:1595:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1596:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/uri.c:1601:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1601:14: call_function: calling ‘insert_attribute’ from ‘parse_vendor_query’
#  842|   	size_t i;
#  843|   
#  844|-> 	return_val_if_fail (attrs != NULL, false);
#  845|   	return_val_if_fail (name != NULL, false);
#  846|   	return_val_if_fail (value != NULL, false);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def291]
p11-kit-0.25.8/p11-kit/uri.c:845:9: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(value)’
p11-kit-0.25.8/p11-kit/uri.c:876:1: enter_function: entry to ‘p11_kit_uri_set_vendor_query’
p11-kit-0.25.8/p11-kit/uri.c:882:9: branch_true: following ‘true’ branch (when ‘uri’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:883:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:883:9: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:883:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:890:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/uri.c:891:20: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:891:20: branch_false: following ‘false’ branch (when ‘value’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:893:24: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:893:24: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/uri.c:893:24: call_function: calling ‘insert_attribute’ from ‘p11_kit_uri_set_vendor_query’
#  843|   
#  844|   	return_val_if_fail (attrs != NULL, false);
#  845|-> 	return_val_if_fail (name != NULL, false);
#  846|   	return_val_if_fail (value != NULL, false);
#  847|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def292]
p11-kit-0.25.8/p11-kit/uri.c:846:9: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(name)’
p11-kit-0.25.8/p11-kit/uri.c:876:1: enter_function: entry to ‘p11_kit_uri_set_vendor_query’
p11-kit-0.25.8/p11-kit/uri.c:882:9: branch_true: following ‘true’ branch (when ‘uri’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:883:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:883:9: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:883:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:890:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/uri.c:891:20: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:891:20: branch_false: following ‘false’ branch (when ‘value’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:893:24: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:893:24: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/uri.c:893:24: call_function: calling ‘insert_attribute’ from ‘p11_kit_uri_set_vendor_query’
#  844|   	return_val_if_fail (attrs != NULL, false);
#  845|   	return_val_if_fail (name != NULL, false);
#  846|-> 	return_val_if_fail (value != NULL, false);
#  847|   
#  848|   	for (i = 0; i < attrs->num; i++) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def293]
p11-kit-0.25.8/p11-kit/uri.c:848:25: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(name)’
p11-kit-0.25.8/p11-kit/uri.c:876:1: enter_function: entry to ‘p11_kit_uri_set_vendor_query’
p11-kit-0.25.8/p11-kit/uri.c:882:9: branch_true: following ‘true’ branch (when ‘uri’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:883:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:883:9: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:883:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:890:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/uri.c:891:20: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:891:20: branch_false: following ‘false’ branch (when ‘value’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:893:24: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:893:24: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/uri.c:893:24: call_function: calling ‘insert_attribute’ from ‘p11_kit_uri_set_vendor_query’
#  846|   	return_val_if_fail (value != NULL, false);
#  847|   
#  848|-> 	for (i = 0; i < attrs->num; i++) {
#  849|   		attr = attrs->elem[i];
#  850|   		if (strcmp (attr->name, (char *)name) > 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def294]
p11-kit-0.25.8/p11-kit/uri.c:848:25: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(value)’
p11-kit-0.25.8/p11-kit/uri.c:876:1: enter_function: entry to ‘p11_kit_uri_set_vendor_query’
p11-kit-0.25.8/p11-kit/uri.c:882:9: branch_true: following ‘true’ branch (when ‘uri’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:883:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:883:9: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:883:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:890:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/uri.c:891:20: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:891:20: branch_false: following ‘false’ branch (when ‘value’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:893:24: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:893:24: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/uri.c:893:24: call_function: calling ‘insert_attribute’ from ‘p11_kit_uri_set_vendor_query’
#  846|   	return_val_if_fail (value != NULL, false);
#  847|   
#  848|-> 	for (i = 0; i < attrs->num; i++) {
#  849|   		attr = attrs->elem[i];
#  850|   		if (strcmp (attr->name, (char *)name) > 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def295]
p11-kit-0.25.8/p11-kit/uri.c:855:9: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/p11-kit/uri.c:1572:1: enter_function: entry to ‘parse_vendor_query’
p11-kit-0.25.8/p11-kit/uri.c:1579:9: branch_true: following ‘true’ branch (when ‘name_start <= name_end’)...
p11-kit-0.25.8/p11-kit/uri.c:1580:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1580:9: branch_true: following ‘true’ branch (when ‘start <= end’)...
p11-kit-0.25.8/p11-kit/uri.c:1582:24: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1582:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/uri.c:1583:12: branch_false: following ‘false’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:1585:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1589:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/uri.c:1595:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1596:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/uri.c:1601:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1601:14: call_function: calling ‘insert_attribute’ from ‘parse_vendor_query’
#  853|   
#  854|   	attr = calloc (1, sizeof (Attribute));
#  855|-> 	return_val_if_fail (attr, false);
#  856|   
#  857|   	attr->name = name;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def296]
p11-kit-0.25.8/p11-kit/uri.c:860:16: warning[-Wanalyzer-malloc-leak]: leak of ‘attr’
p11-kit-0.25.8/p11-kit/uri.c:854:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/uri.c:855:9: branch_true: following ‘true’ branch (when ‘attr’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:857:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:860:16: throw: if ‘p11_array_insert’ throws an exception...
p11-kit-0.25.8/p11-kit/uri.c:860:16: danger: ‘attr’ leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  858|   	attr->value = value;
#  859|   
#  860|-> 	return p11_array_insert (attrs, i, attr);
#  861|   }
#  862|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def297]
p11-kit-0.25.8/p11-kit/uri.c:860:16: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/p11-kit/uri.c:1572:1: enter_function: entry to ‘parse_vendor_query’
p11-kit-0.25.8/p11-kit/uri.c:1579:9: branch_true: following ‘true’ branch (when ‘name_start <= name_end’)...
p11-kit-0.25.8/p11-kit/uri.c:1580:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1580:9: branch_true: following ‘true’ branch (when ‘start <= end’)...
p11-kit-0.25.8/p11-kit/uri.c:1582:24: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1582:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/uri.c:1583:12: branch_false: following ‘false’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:1585:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1589:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/uri.c:1595:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1596:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/uri.c:1601:14: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1601:14: call_function: calling ‘insert_attribute’ from ‘parse_vendor_query’
#  858|   	attr->value = value;
#  859|   
#  860|-> 	return p11_array_insert (attrs, i, attr);
#  861|   }
#  862|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def298]
p11-kit-0.25.8/p11-kit/uri.c:861:1: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(name)’
p11-kit-0.25.8/p11-kit/uri.c:876:1: enter_function: entry to ‘p11_kit_uri_set_vendor_query’
p11-kit-0.25.8/p11-kit/uri.c:882:9: branch_true: following ‘true’ branch (when ‘uri’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:883:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:883:9: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:883:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:890:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/uri.c:891:20: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:891:20: branch_false: following ‘false’ branch (when ‘value’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:893:24: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:893:24: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/uri.c:893:24: call_function: calling ‘insert_attribute’ from ‘p11_kit_uri_set_vendor_query’
#  859|   
#  860|   	return p11_array_insert (attrs, i, attr);
#  861|-> }
#  862|   
#  863|   /**

Error: GCC_ANALYZER_WARNING (CWE-401): [#def299]
p11-kit-0.25.8/p11-kit/uri.c:861:1: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(value)’
p11-kit-0.25.8/p11-kit/uri.c:876:1: enter_function: entry to ‘p11_kit_uri_set_vendor_query’
p11-kit-0.25.8/p11-kit/uri.c:882:9: branch_true: following ‘true’ branch (when ‘uri’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:883:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:883:9: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:883:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:890:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/uri.c:891:20: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:891:20: branch_false: following ‘false’ branch (when ‘value’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:893:24: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:893:24: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/uri.c:893:24: call_function: calling ‘insert_attribute’ from ‘p11_kit_uri_set_vendor_query’
#  859|   
#  860|   	return p11_array_insert (attrs, i, attr);
#  861|-> }
#  862|   
#  863|   /**

Error: GCC_ANALYZER_WARNING (CWE-457): [#def300]
p11-kit-0.25.8/p11-kit/uri.c:899:23: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘attr’
p11-kit-0.25.8/p11-kit/uri.c:882:9: branch_true: following ‘true’ branch (when ‘uri’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:883:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:883:9: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:883:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:885:21: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/uri.c:890:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:890:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/uri.c:896:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:896:12: branch_false: following ‘false’ branch (when ‘value’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:899:23: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:899:23: danger: use of uninitialized value ‘attr’ here
#  897|   		p11_array_remove (uri->qattrs, i);
#  898|   	else {
#  899|-> 		free (attr->value);
#  900|   		attr->value = strdup (value);
#  901|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def301]
p11-kit-0.25.8/p11-kit/uri.c:928:23: warning[-Wanalyzer-malloc-leak]: leak of ‘uri’
p11-kit-0.25.8/p11-kit/uri.c:921:15: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/uri.c:922:9: branch_true: following ‘true’ branch (when ‘uri’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:925:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:928:23: throw: if ‘p11_array_new’ throws an exception...
p11-kit-0.25.8/p11-kit/uri.c:928:23: danger: ‘uri’ leaks here; was allocated at [(1)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/0)
#  926|   	uri->module.libraryVersion.minor = (CK_BYTE)-1;
#  927|   	uri->slot_id = (CK_SLOT_ID)-1;
#  928|-> 	uri->qattrs = p11_array_new ((p11_destroyer)free_attribute);
#  929|   
#  930|   	return uri;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def302]
p11-kit-0.25.8/p11-kit/uri.c:1595:17: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/p11-kit/uri.c:1579:9: branch_true: following ‘true’ branch (when ‘name_start <= name_end’)...
p11-kit-0.25.8/p11-kit/uri.c:1580:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1580:9: branch_true: following ‘true’ branch (when ‘start <= end’)...
p11-kit-0.25.8/p11-kit/uri.c:1582:24: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1582:16: acquire_memory: allocated here
p11-kit-0.25.8/p11-kit/uri.c:1583:12: branch_false: following ‘false’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:1585:9: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1589:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/uri.c:1595:17: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1595:17: throw: if ‘p11_url_decode’ throws an exception...
p11-kit-0.25.8/p11-kit/uri.c:1595:17: danger: ‘name’ leaks here; was allocated at [(5)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/4)
# 1593|   	}
# 1594|   
# 1595|-> 	value = p11_url_decode (start, end, P11_URL_WHITESPACE, NULL);
# 1596|   	if (value == NULL) {
# 1597|   		free (name);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def303]
p11-kit-0.25.8/p11-kit/uri.c:1665:21: warning[-Wanalyzer-malloc-leak]: leak of ‘allocated’
p11-kit-0.25.8/p11-kit/uri.c:1635:1: enter_function: entry to ‘p11_kit_uri_parse’
p11-kit-0.25.8/p11-kit/uri.c:1643:9: branch_true: following ‘true’ branch (when ‘string’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:1644:9: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1644:9: branch_true: following ‘true’ branch (when ‘uri’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:1648:18: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1649:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/uri.c:1650:29: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1650:29: call_function: calling ‘strip_whitespace’ from ‘p11_kit_uri_parse’
p11-kit-0.25.8/p11-kit/uri.c:1650:29: return_function: returning to ‘p11_kit_uri_parse’ from ‘strip_whitespace’
p11-kit-0.25.8/p11-kit/uri.c:1651:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/p11-kit/uri.c:1655:16: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1656:12: branch_false: following ‘false’ branch (when ‘epos’ is non-NULL)...
p11-kit-0.25.8/p11-kit/uri.c:1660:13: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1660:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/p11-kit/uri.c:1660:12: branch_false: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1664:21: branch_true: following ‘true’ branch (when ‘i != 6’)...
p11-kit-0.25.8/p11-kit/uri.c:1665:46: branch_true: ...to here
p11-kit-0.25.8/p11-kit/uri.c:1665:21: throw: if ‘p11_ascii_tolower’ throws an exception...
p11-kit-0.25.8/p11-kit/uri.c:1665:21: danger: ‘allocated’ leaks here; was allocated at [(10)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/9)
# 1663|   	}
# 1664|   	for (i = 0; i < P11_KIT_URI_SCHEME_LEN; i++)
# 1665|-> 		if (p11_ascii_tolower (string[i]) != P11_KIT_URI_SCHEME[i])
# 1666|   			break;
# 1667|   	if (i != P11_KIT_URI_SCHEME_LEN) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def304]
p11-kit-0.25.8/trust/anchor.c:254:22: warning[-Wanalyzer-malloc-leak]: leak of ‘slots’
p11-kit-0.25.8/trust/anchor.c:245:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/anchor.c:250:14: branch_false: ...to here
p11-kit-0.25.8/trust/anchor.c:251:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/anchor.c:252:25: branch_true: ...to here
p11-kit-0.25.8/trust/anchor.c:252:25: acquire_memory: allocated here
p11-kit-0.25.8/trust/anchor.c:253:17: branch_true: following ‘true’ branch (when ‘slots’ is non-NULL)...
p11-kit-0.25.8/trust/anchor.c:254:22: branch_true: ...to here
p11-kit-0.25.8/trust/anchor.c:254:22: throw: if the called function throws an exception...
p11-kit-0.25.8/trust/anchor.c:254:22: danger: ‘slots’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  252|   		slots = calloc (count + 1, sizeof (CK_ULONG));
#  253|   		return_val_if_fail (slots != NULL, 0UL);
#  254|-> 		rv = (module->C_GetSlotList) (CK_TRUE, slots, &count);
#  255|   	}
#  256|   	if (rv != CKR_OK) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def305]
p11-kit-0.25.8/trust/enumerate.c:682:14: warning[-Wanalyzer-malloc-leak]: leak of ‘value’
p11-kit-0.25.8/trust/enumerate.c:675:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/enumerate.c:680:17: branch_false: ...to here
p11-kit-0.25.8/trust/enumerate.c:680:17: acquire_memory: allocated here
p11-kit-0.25.8/trust/enumerate.c:681:9: branch_true: following ‘true’ branch (when ‘value’ is non-NULL)...
p11-kit-0.25.8/trust/enumerate.c:682:14: branch_true: ...to here
p11-kit-0.25.8/trust/enumerate.c:682:14: throw: if ‘p11_dict_set’ throws an exception...
p11-kit-0.25.8/trust/enumerate.c:682:14: danger: ‘value’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  680|   	value = strdup (oid);
#  681|   	return_val_if_fail (value != NULL, false);
#  682|-> 	if (!p11_dict_set (ex->limit_to_purposes, value, value))
#  683|   		return_val_if_reached (false);
#  684|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def306]
p11-kit-0.25.8/trust/enumerate.c:735:16: warning[-Wanalyzer-malloc-leak]: leak of ‘extract_label(ex)’
p11-kit-0.25.8/trust/enumerate.c:747:1: enter_function: entry to ‘p11_enumerate_filename’
p11-kit-0.25.8/trust/enumerate.c:751:17: call_function: calling ‘extract_label’ from ‘p11_enumerate_filename’
p11-kit-0.25.8/trust/enumerate.c:751:17: return_function: returning to ‘p11_enumerate_filename’ from ‘extract_label’
p11-kit-0.25.8/trust/enumerate.c:752:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/enumerate.c:754:9: branch_true: ...to here
p11-kit-0.25.8/trust/enumerate.c:754:9: throw: if ‘p11_path_canon’ throws an exception...
p11-kit-0.25.8/trust/enumerate.c:735:16: danger: ‘extract_label(ex)’ leaks here; was allocated at [(6)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/5)
#  733|   
#  734|   	/* Look for a label and just use that */
#  735|-> 	attr = p11_attrs_find_valid (ex->attrs, CKA_LABEL);
#  736|   	if (attr && attr->pValue && attr->ulValueLen)
#  737|   		return strndup (attr->pValue, attr->ulValueLen);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def307]
p11-kit-0.25.8/trust/extract-openssl.c:104:22: warning[-Wanalyzer-malloc-leak]: leak of ‘string’
p11-kit-0.25.8/trust/extract-openssl.c:286:1: enter_function: entry to ‘prepare_pem_contents’
p11-kit-0.25.8/trust/extract-openssl.c:299:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/extract-openssl.c:301:14: branch_true: ...to here
p11-kit-0.25.8/trust/extract-openssl.c:301:14: call_function: calling ‘write_trust_and_rejects’ from ‘prepare_pem_contents’
#  102|   		string = strdup (strings[i]);
#  103|   		return_val_if_fail (string != NULL, false);
#  104|-> 		if (!p11_array_push (oids, string))
#  105|   			return_val_if_reached (false);
#  106|   	}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def308]
p11-kit-0.25.8/trust/extract-openssl.c:401:21: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘in’
p11-kit-0.25.8/trust/test-openssl.c:379:1: enter_function: entry to ‘test_canon_string’
p11-kit-0.25.8/trust/test-openssl.c:399:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
p11-kit-0.25.8/trust/test-openssl.c:400:21: branch_true: ...to here
p11-kit-0.25.8/trust/test-openssl.c:400:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-openssl.c:401:39: branch_true: ...to here
p11-kit-0.25.8/trust/test-openssl.c:404:23: acquire_memory: this call could return NULL
p11-kit-0.25.8/trust/test-openssl.c:406:17: call_function: calling ‘p11_openssl_canon_string’ from ‘test_canon_string’
#  399|   
#  400|   	for (in = out = str, end = out + *len, sp = false, nsp = false; in < end; in++) {
#  401|-> 		if (*in & 0x80 || !isspace (*in)) {
#  402|   			/* If there has been a space, then add one */
#  403|   			if (sp)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def309]
p11-kit-0.25.8/trust/extract-openssl.c:405:55: warning[-Wanalyzer-malloc-leak]: leak of ‘str’
p11-kit-0.25.8/trust/test-openssl.c:379:1: enter_function: entry to ‘test_canon_string’
p11-kit-0.25.8/trust/test-openssl.c:399:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
p11-kit-0.25.8/trust/test-openssl.c:400:21: branch_true: ...to here
p11-kit-0.25.8/trust/test-openssl.c:400:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-openssl.c:401:39: branch_true: ...to here
p11-kit-0.25.8/trust/test-openssl.c:404:23: acquire_memory: allocated here
p11-kit-0.25.8/trust/test-openssl.c:406:17: call_function: calling ‘p11_openssl_canon_string’ from ‘test_canon_string’
#  403|   			if (sp)
#  404|   				*out++ = ' ';
#  405|-> 			*out++ = (*in & 0x80) ? *in : p11_ascii_tolower (*in);
#  406|   			sp = false;
#  407|   			nsp = true;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def310]
p11-kit-0.25.8/trust/frob-bc.c:87:15: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
p11-kit-0.25.8/trust/frob-bc.c:65:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/frob-bc.c:70:15: branch_false: ...to here
p11-kit-0.25.8/trust/frob-bc.c:71:9: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/frob-bc.c:73:12: branch_false: ...to here
p11-kit-0.25.8/trust/frob-bc.c:79:9: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/frob-bc.c:81:9: branch_false: ...to here
p11-kit-0.25.8/trust/frob-bc.c:83:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/frob-bc.c:85:15: branch_true: ...to here
p11-kit-0.25.8/trust/frob-bc.c:85:15: acquire_memory: allocated here
p11-kit-0.25.8/trust/frob-bc.c:86:9: branch_true: following ‘true’ branch (when ‘buf’ is non-NULL)...
p11-kit-0.25.8/trust/frob-bc.c:87:15: branch_true: ...to here
p11-kit-0.25.8/trust/frob-bc.c:87:15: throw: if ‘asn1_der_coding’ throws an exception...
p11-kit-0.25.8/trust/frob-bc.c:87:15: danger: ‘buf’ leaks here; was allocated at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#   85|   	buf = malloc (len);
#   86|   	assert (buf != NULL);
#   87|-> 	ret = asn1_der_coding (ext, "", buf, &len, message);
#   88|   	if (ret != ASN1_SUCCESS) {
#   89|   		fprintf (stderr, "asn1_der_coding: %s\n", message);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def311]
p11-kit-0.25.8/trust/frob-eku.c:88:15: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
p11-kit-0.25.8/trust/frob-eku.c:66:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/frob-eku.c:71:15: branch_false: ...to here
p11-kit-0.25.8/trust/frob-eku.c:72:9: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/frob-eku.c:72:9: branch_false: ...to here
p11-kit-0.25.8/trust/frob-eku.c:84:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/frob-eku.c:86:15: branch_true: ...to here
p11-kit-0.25.8/trust/frob-eku.c:86:15: acquire_memory: allocated here
p11-kit-0.25.8/trust/frob-eku.c:87:9: branch_true: following ‘true’ branch (when ‘buf’ is non-NULL)...
p11-kit-0.25.8/trust/frob-eku.c:88:15: branch_true: ...to here
p11-kit-0.25.8/trust/frob-eku.c:88:15: throw: if ‘asn1_der_coding’ throws an exception...
p11-kit-0.25.8/trust/frob-eku.c:88:15: danger: ‘buf’ leaks here; was allocated at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#   86|   	buf = malloc (len);
#   87|   	assert (buf != NULL);
#   88|-> 	ret = asn1_der_coding (ekus, "", buf, &len, message);
#   89|   	if (ret != ASN1_SUCCESS) {
#   90|   		fprintf (stderr, "asn1_der_coding: %s\n", message);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def312]
p11-kit-0.25.8/trust/frob-ext.c:104:15: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
p11-kit-0.25.8/trust/frob-ext.c:66:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/frob-ext.c:71:16: branch_false: ...to here
p11-kit-0.25.8/trust/frob-ext.c:72:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/frob-ext.c:78:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/frob-ext.c:84:15: branch_false: ...to here
p11-kit-0.25.8/trust/frob-ext.c:85:9: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/frob-ext.c:87:15: branch_false: ...to here
p11-kit-0.25.8/trust/frob-ext.c:88:9: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/frob-ext.c:90:12: branch_false: ...to here
p11-kit-0.25.8/trust/frob-ext.c:96:9: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/frob-ext.c:98:9: branch_false: ...to here
p11-kit-0.25.8/trust/frob-ext.c:100:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/frob-ext.c:102:15: branch_true: ...to here
p11-kit-0.25.8/trust/frob-ext.c:102:15: acquire_memory: allocated here
p11-kit-0.25.8/trust/frob-ext.c:103:9: branch_true: following ‘true’ branch (when ‘buf’ is non-NULL)...
p11-kit-0.25.8/trust/frob-ext.c:104:15: branch_true: ...to here
p11-kit-0.25.8/trust/frob-ext.c:104:15: throw: if ‘asn1_der_coding’ throws an exception...
p11-kit-0.25.8/trust/frob-ext.c:104:15: danger: ‘buf’ leaks here; was allocated at [(15)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/14)
#  102|   	buf = malloc (len);
#  103|   	assert (buf != NULL);
#  104|-> 	ret = asn1_der_coding (ext, "", buf, &len, message);
#  105|   	if (ret != ASN1_SUCCESS) {
#  106|   		fprintf (stderr, "asn1_der_coding: %s\n", message);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def313]
p11-kit-0.25.8/trust/frob-ku.c:111:15: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
p11-kit-0.25.8/trust/frob-ku.c:91:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/frob-ku.c:96:15: branch_false: ...to here
p11-kit-0.25.8/trust/frob-ku.c:97:9: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/frob-ku.c:99:9: branch_false: ...to here
p11-kit-0.25.8/trust/frob-ku.c:103:9: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/frob-ku.c:105:9: branch_false: ...to here
p11-kit-0.25.8/trust/frob-ku.c:107:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/frob-ku.c:109:15: branch_true: ...to here
p11-kit-0.25.8/trust/frob-ku.c:109:15: acquire_memory: allocated here
p11-kit-0.25.8/trust/frob-ku.c:110:9: branch_true: following ‘true’ branch (when ‘buf’ is non-NULL)...
p11-kit-0.25.8/trust/frob-ku.c:111:15: branch_true: ...to here
p11-kit-0.25.8/trust/frob-ku.c:111:15: throw: if ‘asn1_der_coding’ throws an exception...
p11-kit-0.25.8/trust/frob-ku.c:111:15: danger: ‘buf’ leaks here; was allocated at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#  109|   	buf = malloc (len);
#  110|   	assert (buf != NULL);
#  111|-> 	ret = asn1_der_coding (ku, "", buf, &len, message);
#  112|   	if (ret != ASN1_SUCCESS) {
#  113|   		fprintf (stderr, "asn1_der_coding: %s\n", message);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def314]
p11-kit-0.25.8/trust/frob-nss-trust.c:73:18: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
p11-kit-0.25.8/trust/frob-nss-trust.c:61:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/frob-nss-trust.c:62:22: branch_true: ...to here
p11-kit-0.25.8/trust/frob-nss-trust.c:63:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/frob-nss-trust.c:70:24: branch_false: ...to here
p11-kit-0.25.8/trust/frob-nss-trust.c:70:24: acquire_memory: allocated here
p11-kit-0.25.8/trust/frob-nss-trust.c:71:9: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
p11-kit-0.25.8/trust/frob-nss-trust.c:73:18: branch_true: ...to here
p11-kit-0.25.8/trust/frob-nss-trust.c:73:18: throw: if ‘p11_attrs_to_string’ throws an exception...
p11-kit-0.25.8/trust/frob-nss-trust.c:73:18: danger: ‘name’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#   71|   	assert (name);
#   72|   
#   73|-> 	string = p11_attrs_to_string (attrs, -1);
#   74|   	printf ("\"%s\" = %s\n", name, string);
#   75|   	free (string);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def315]
p11-kit-0.25.8/trust/frob-oid.c:87:15: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
p11-kit-0.25.8/trust/frob-oid.c:63:12: branch_false: following ‘false’ branch (when ‘argc == 2’)...
p11-kit-0.25.8/trust/frob-oid.c:68:15: branch_false: ...to here
p11-kit-0.25.8/trust/frob-oid.c:69:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/frob-oid.c:75:15: branch_false: ...to here
p11-kit-0.25.8/trust/frob-oid.c:76:9: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/frob-oid.c:78:51: branch_false: ...to here
p11-kit-0.25.8/trust/frob-oid.c:79:9: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/frob-oid.c:81:9: branch_false: ...to here
p11-kit-0.25.8/trust/frob-oid.c:83:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/frob-oid.c:85:15: branch_true: ...to here
p11-kit-0.25.8/trust/frob-oid.c:85:15: acquire_memory: allocated here
p11-kit-0.25.8/trust/frob-oid.c:86:9: branch_true: following ‘true’ branch (when ‘buf’ is non-NULL)...
p11-kit-0.25.8/trust/frob-oid.c:87:15: branch_true: ...to here
p11-kit-0.25.8/trust/frob-oid.c:87:15: throw: if ‘asn1_der_coding’ throws an exception...
p11-kit-0.25.8/trust/frob-oid.c:87:15: danger: ‘buf’ leaks here; was allocated at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10)
#   85|   	buf = malloc (len);
#   86|   	assert (buf != NULL);
#   87|-> 	ret = asn1_der_coding (oid, "", buf, &len, message);
#   88|   	if (ret != ASN1_SUCCESS) {
#   89|   		fprintf (stderr, "asn1_der_coding: %s\n", message);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def316]
p11-kit-0.25.8/trust/index.c:336:21: warning[-Wanalyzer-malloc-leak]: leak of ‘built’
p11-kit-0.25.8/trust/index.c:640:1: enter_function: entry to ‘index_replacev’
p11-kit-0.25.8/trust/index.c:653:21: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/index.c:662:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/index.c:662:20: branch_true: ...to here
p11-kit-0.25.8/trust/index.c:663:37: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/index.c:664:45: branch_true: ...to here
p11-kit-0.25.8/trust/index.c:668:46: call_function: calling ‘index_build’ from ‘index_replacev’
#  334|   	for (i = 0; i < nmerge; i++) {
#  335|   		/* Already have this attribute? */
#  336|-> 		if (p11_attrs_findn (output, *noutput, merge[i].type)) {
#  337|   			p11_array_push (to_free, merge[i].pValue);
#  338|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def317]
p11-kit-0.25.8/trust/index.c:346:9: warning[-Wanalyzer-malloc-leak]: leak of ‘built’
p11-kit-0.25.8/trust/index.c:640:1: enter_function: entry to ‘index_replacev’
p11-kit-0.25.8/trust/index.c:653:21: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/index.c:662:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/index.c:662:20: branch_true: ...to here
p11-kit-0.25.8/trust/index.c:663:37: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/index.c:664:45: branch_true: ...to here
p11-kit-0.25.8/trust/index.c:668:46: call_function: calling ‘index_build’ from ‘index_replacev’
#  344|   
#  345|   	/* Freeing the array itself */
#  346|-> 	p11_array_push (to_free, merge);
#  347|   }
#  348|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def318]
p11-kit-0.25.8/trust/index.c:346:9: warning[-Wanalyzer-malloc-leak]: leak of ‘obj’
p11-kit-0.25.8/trust/index.c:703:1: enter_function: entry to ‘p11_index_replace’
p11-kit-0.25.8/trust/index.c:708:9: branch_true: following ‘true’ branch (when ‘index’ is non-NULL)...
p11-kit-0.25.8/trust/index.c:709:16: branch_true: ...to here
p11-kit-0.25.8/trust/index.c:709:16: call_function: calling ‘index_replacev’ from ‘p11_index_replace’
#  344|   
#  345|   	/* Freeing the array itself */
#  346|-> 	p11_array_push (to_free, merge);
#  347|   }
#  348|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def319]
p11-kit-0.25.8/trust/index.c:365:14: warning[-Wanalyzer-malloc-leak]: leak of ‘obj’
p11-kit-0.25.8/trust/index.c:640:1: enter_function: entry to ‘index_replacev’
p11-kit-0.25.8/trust/index.c:689:21: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/index.c:690:29: branch_true: ...to here
p11-kit-0.25.8/trust/index.c:694:22: call_function: calling ‘p11_index_take’ from ‘index_replacev’
#  363|   	int i;
#  364|   
#  365|-> 	rv = index->build (index->data, index, *attrs, merge, &extra);
#  366|   	if (rv != CKR_OK)
#  367|   		return rv;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def320]
p11-kit-0.25.8/trust/index.c:375:25: warning[-Wanalyzer-malloc-leak]: leak of ‘obj’
p11-kit-0.25.8/trust/index.c:640:1: enter_function: entry to ‘index_replacev’
p11-kit-0.25.8/trust/index.c:689:21: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/index.c:690:29: branch_true: ...to here
p11-kit-0.25.8/trust/index.c:694:22: call_function: calling ‘p11_index_take’ from ‘index_replacev’
#  373|   
#  374|   	} else {
#  375|-> 		stack = p11_array_new (NULL);
#  376|   		nattrs = p11_attrs_count (*attrs);
#  377|   		nmerge = p11_attrs_count (merge);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def321]
p11-kit-0.25.8/trust/index.c:376:26: warning[-Wanalyzer-malloc-leak]: leak of ‘obj’
p11-kit-0.25.8/trust/index.c:640:1: enter_function: entry to ‘index_replacev’
p11-kit-0.25.8/trust/index.c:689:21: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/index.c:690:29: branch_true: ...to here
p11-kit-0.25.8/trust/index.c:694:22: call_function: calling ‘p11_index_take’ from ‘index_replacev’
#  374|   	} else {
#  375|   		stack = p11_array_new (NULL);
#  376|-> 		nattrs = p11_attrs_count (*attrs);
#  377|   		nmerge = p11_attrs_count (merge);
#  378|   		nextra = p11_attrs_count (extra);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def322]
p11-kit-0.25.8/trust/index.c:377:26: warning[-Wanalyzer-malloc-leak]: leak of ‘obj’
p11-kit-0.25.8/trust/index.c:640:1: enter_function: entry to ‘index_replacev’
p11-kit-0.25.8/trust/index.c:689:21: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/index.c:690:29: branch_true: ...to here
p11-kit-0.25.8/trust/index.c:694:22: call_function: calling ‘p11_index_take’ from ‘index_replacev’
#  375|   		stack = p11_array_new (NULL);
#  376|   		nattrs = p11_attrs_count (*attrs);
#  377|-> 		nmerge = p11_attrs_count (merge);
#  378|   		nextra = p11_attrs_count (extra);
#  379|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def323]
p11-kit-0.25.8/trust/index.c:378:26: warning[-Wanalyzer-malloc-leak]: leak of ‘obj’
p11-kit-0.25.8/trust/index.c:640:1: enter_function: entry to ‘index_replacev’
p11-kit-0.25.8/trust/index.c:689:21: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/index.c:690:29: branch_true: ...to here
p11-kit-0.25.8/trust/index.c:694:22: call_function: calling ‘p11_index_take’ from ‘index_replacev’
#  376|   		nattrs = p11_attrs_count (*attrs);
#  377|   		nmerge = p11_attrs_count (merge);
#  378|-> 		nextra = p11_attrs_count (extra);
#  379|   
#  380|   		assert (*attrs || nattrs == 0);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def324]
p11-kit-0.25.8/trust/index.c:385:17: warning[-Wanalyzer-malloc-leak]: leak of ‘obj’
p11-kit-0.25.8/trust/index.c:703:1: enter_function: entry to ‘p11_index_replace’
p11-kit-0.25.8/trust/index.c:708:9: branch_true: following ‘true’ branch (when ‘index’ is non-NULL)...
p11-kit-0.25.8/trust/index.c:709:16: branch_true: ...to here
p11-kit-0.25.8/trust/index.c:709:16: call_function: calling ‘index_replacev’ from ‘p11_index_replace’
#  383|   		/* Make a shallow copy of the combined attributes for validation */
#  384|   		built = calloc (nmerge + nattrs + nextra + 1, sizeof (CK_ATTRIBUTE));
#  385|-> 		return_val_if_fail (built != NULL, CKR_GENERAL_ERROR);
#  386|   
#  387|   		count = nmerge;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def325]
p11-kit-0.25.8/trust/index.c:389:17: warning[-Wanalyzer-malloc-leak]: leak of ‘built’
p11-kit-0.25.8/trust/index.c:640:1: enter_function: entry to ‘index_replacev’
p11-kit-0.25.8/trust/index.c:653:21: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/index.c:662:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/index.c:662:20: branch_true: ...to here
p11-kit-0.25.8/trust/index.c:663:37: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/index.c:664:45: branch_true: ...to here
p11-kit-0.25.8/trust/index.c:668:46: call_function: calling ‘index_build’ from ‘index_replacev’
#  387|   		count = nmerge;
#  388|   		memcpy (built, merge, sizeof (CK_ATTRIBUTE) * nmerge);
#  389|-> 		p11_array_push (stack, merge);
#  390|   		merge_attrs (built, &count, *attrs, nattrs, stack);
#  391|   		merge_attrs (built, &count, extra, nextra, stack);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def326]
p11-kit-0.25.8/trust/index.c:389:17: warning[-Wanalyzer-malloc-leak]: leak of ‘obj’
p11-kit-0.25.8/trust/index.c:703:1: enter_function: entry to ‘p11_index_replace’
p11-kit-0.25.8/trust/index.c:708:9: branch_true: following ‘true’ branch (when ‘index’ is non-NULL)...
p11-kit-0.25.8/trust/index.c:709:16: branch_true: ...to here
p11-kit-0.25.8/trust/index.c:709:16: call_function: calling ‘index_replacev’ from ‘p11_index_replace’
#  387|   		count = nmerge;
#  388|   		memcpy (built, merge, sizeof (CK_ATTRIBUTE) * nmerge);
#  389|-> 		p11_array_push (stack, merge);
#  390|   		merge_attrs (built, &count, *attrs, nattrs, stack);
#  391|   		merge_attrs (built, &count, extra, nextra, stack);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def327]
p11-kit-0.25.8/trust/index.c:456:22: warning[-Wanalyzer-malloc-leak]: leak of ‘obj’
p11-kit-0.25.8/trust/index.c:446:19: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/index.c:451:23: branch_false: ...to here
p11-kit-0.25.8/trust/index.c:451:23: acquire_memory: allocated here
p11-kit-0.25.8/trust/index.c:452:17: branch_true: following ‘true’ branch (when ‘obj’ is non-NULL)...
p11-kit-0.25.8/trust/index.c:454:17: branch_true: ...to here
p11-kit-0.25.8/trust/index.c:456:22: throw: if ‘p11_dict_set’ throws an exception...
p11-kit-0.25.8/trust/index.c:456:22: danger: ‘obj’ leaks here; was allocated at [(3)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/2)
#  454|   		obj->handle = handle;
#  455|   		obj->attrs = removed;
#  456|-> 		if (!p11_dict_set (index->changes, &obj->handle, obj))
#  457|   			return_if_reached ();
#  458|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def328]
p11-kit-0.25.8/trust/index.c:520:23: warning[-Wanalyzer-malloc-leak]: leak of ‘obj’
p11-kit-0.25.8/trust/index.c:640:1: enter_function: entry to ‘index_replacev’
p11-kit-0.25.8/trust/index.c:689:21: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/index.c:690:29: branch_true: ...to here
p11-kit-0.25.8/trust/index.c:694:22: call_function: calling ‘p11_index_take’ from ‘index_replacev’
#  518|   	return_val_if_fail (obj != NULL, CKR_HOST_MEMORY);
#  519|   
#  520|-> 	obj->handle = p11_module_next_id ();
#  521|   
#  522|   	rv = index_build (index, obj->handle, &obj->attrs, attrs);

Error: COMPILER_WARNING: [#def329]
p11-kit-0.25.8/trust/list.c: scope_hint: In function ‘list_iterate’
p11-kit-0.25.8/trust/list.c:96:26: warning[-Wunused-but-set-variable=]: variable ‘object’ set but not used
#   96 |         CK_OBJECT_HANDLE object;
#      |                          ^~~~~~
#   94|   {
#   95|   	unsigned char *bytes;
#   96|-> 	CK_OBJECT_HANDLE object;
#   97|   	CK_ATTRIBUTE *attr;
#   98|   	CK_ULONG klass;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def330]
p11-kit-0.25.8/trust/module.c:171:9: warning[-Wanalyzer-malloc-leak]: leak of ‘remaining’
p11-kit-0.25.8/trust/module.c:195:1: enter_function: entry to ‘create_tokens_inlock’
p11-kit-0.25.8/trust/module.c:230:29: acquire_memory: allocated here
p11-kit-0.25.8/trust/module.c:231:9: branch_true: following ‘true’ branch (when ‘remaining’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:231:9: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:233:16: branch_true: following ‘true’ branch (when ‘remaining’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:235:23: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:236:20: branch_true: following ‘true’ branch (when ‘pos’ is NULL)...
p11-kit-0.25.8/trust/module.c:243:21: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:243:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:245:47: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:252:37: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:253:36: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:254:41: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:252:37: branch_false: following ‘false’ branch (when ‘label’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:261:28: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:261:28: branch_false: following ‘false’ branch (when ‘label’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:266:33: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:267:25: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:269:30: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:269:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:272:25: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:273:25: call_function: calling ‘lookup_slot_inlock’ from ‘create_tokens_inlock’
#  169|   	 */
#  170|   
#  171|-> 	return_val_if_fail (gl.tokens != NULL,
#  172|   	                    CKR_CRYPTOKI_NOT_INITIALIZED);
#  173|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def331]
p11-kit-0.25.8/trust/module.c:174:9: warning[-Wanalyzer-malloc-leak]: leak of ‘remaining’
p11-kit-0.25.8/trust/module.c:195:1: enter_function: entry to ‘create_tokens_inlock’
p11-kit-0.25.8/trust/module.c:230:29: acquire_memory: allocated here
p11-kit-0.25.8/trust/module.c:231:9: branch_true: following ‘true’ branch (when ‘remaining’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:231:9: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:233:16: branch_true: following ‘true’ branch (when ‘remaining’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:235:23: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:236:20: branch_true: following ‘true’ branch (when ‘pos’ is NULL)...
p11-kit-0.25.8/trust/module.c:243:21: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:243:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:245:47: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:252:37: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:253:36: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:254:41: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:252:37: branch_false: following ‘false’ branch (when ‘label’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:261:28: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:261:28: branch_false: following ‘false’ branch (when ‘label’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:266:33: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:267:25: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:269:30: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:269:28: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:272:25: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:273:25: call_function: calling ‘lookup_slot_inlock’ from ‘create_tokens_inlock’
#  172|   	                    CKR_CRYPTOKI_NOT_INITIALIZED);
#  173|   
#  174|-> 	return_val_if_fail (id >= BASE_SLOT_ID && id - BASE_SLOT_ID < gl.tokens->num,
#  175|   	                    CKR_SLOT_ID_INVALID);
#  176|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def332]
p11-kit-0.25.8/trust/module.c:266:33: warning[-Wanalyzer-malloc-leak]: leak of ‘remaining’
p11-kit-0.25.8/trust/module.c:230:29: acquire_memory: allocated here
p11-kit-0.25.8/trust/module.c:231:9: branch_true: following ‘true’ branch (when ‘remaining’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:231:9: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:233:16: branch_true: following ‘true’ branch (when ‘remaining’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:235:23: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:236:20: branch_true: following ‘true’ branch (when ‘pos’ is NULL)...
p11-kit-0.25.8/trust/module.c:243:21: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:243:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:245:47: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:252:37: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:253:36: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:254:41: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:252:37: branch_false: following ‘false’ branch (when ‘label’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:261:28: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:261:28: branch_false: following ‘false’ branch (when ‘label’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:266:33: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:266:33: throw: if ‘p11_token_new’ throws an exception...
p11-kit-0.25.8/trust/module.c:266:33: danger: ‘remaining’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  264|   			}
#  265|   
#  266|-> 			token = p11_token_new (slot, path, label, flags);
#  267|   			return_val_if_fail (token != NULL, false);
#  268|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def333]
p11-kit-0.25.8/trust/module.c:267:25: warning[-Wanalyzer-malloc-leak]: leak of ‘remaining’
p11-kit-0.25.8/trust/module.c:230:29: acquire_memory: allocated here
p11-kit-0.25.8/trust/module.c:231:9: branch_true: following ‘true’ branch (when ‘remaining’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:231:9: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:233:16: branch_true: following ‘true’ branch (when ‘remaining’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:235:23: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:236:20: branch_true: following ‘true’ branch (when ‘pos’ is NULL)...
p11-kit-0.25.8/trust/module.c:243:21: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:243:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:245:47: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:252:37: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:253:36: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:254:41: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:252:37: branch_false: following ‘false’ branch (when ‘label’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:261:28: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:261:28: branch_false: following ‘false’ branch (when ‘label’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:266:33: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:267:25: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/module.c:267:25: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:267:25: throw: if ‘p11_debug_precond’ throws an exception...
p11-kit-0.25.8/trust/module.c:267:25: danger: ‘remaining’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  265|   
#  266|   			token = p11_token_new (slot, path, label, flags);
#  267|-> 			return_val_if_fail (token != NULL, false);
#  268|   
#  269|   			if (!p11_array_push (tokens, token))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def334]
p11-kit-0.25.8/trust/module.c:269:30: warning[-Wanalyzer-malloc-leak]: leak of ‘remaining’
p11-kit-0.25.8/trust/module.c:230:29: acquire_memory: allocated here
p11-kit-0.25.8/trust/module.c:231:9: branch_true: following ‘true’ branch (when ‘remaining’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:231:9: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:233:16: branch_true: following ‘true’ branch (when ‘remaining’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:235:23: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:236:20: branch_true: following ‘true’ branch (when ‘pos’ is NULL)...
p11-kit-0.25.8/trust/module.c:243:21: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:243:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:245:47: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:252:37: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:253:36: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:254:41: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:252:37: branch_false: following ‘false’ branch (when ‘label’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:261:28: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:261:28: branch_false: following ‘false’ branch (when ‘label’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:266:33: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:267:25: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:269:30: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:269:30: throw: if ‘p11_array_push’ throws an exception...
p11-kit-0.25.8/trust/module.c:269:30: danger: ‘remaining’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  267|   			return_val_if_fail (token != NULL, false);
#  268|   
#  269|-> 			if (!p11_array_push (tokens, token))
#  270|   				return_val_if_reached (false);
#  271|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def335]
p11-kit-0.25.8/trust/module.c:270:33: warning[-Wanalyzer-malloc-leak]: leak of ‘remaining’
p11-kit-0.25.8/trust/module.c:230:29: acquire_memory: allocated here
p11-kit-0.25.8/trust/module.c:231:9: branch_true: following ‘true’ branch (when ‘remaining’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:231:9: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:233:16: branch_true: following ‘true’ branch (when ‘remaining’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:235:23: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:236:20: branch_true: following ‘true’ branch (when ‘pos’ is NULL)...
p11-kit-0.25.8/trust/module.c:243:21: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:243:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:245:47: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:252:37: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:253:36: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:254:41: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:252:37: branch_false: following ‘false’ branch (when ‘label’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:261:28: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:261:28: branch_false: following ‘false’ branch (when ‘label’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:266:33: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:267:25: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:269:30: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:269:28: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/module.c:270:33: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:270:33: throw: if ‘p11_debug_precond’ throws an exception...
p11-kit-0.25.8/trust/module.c:270:33: danger: ‘remaining’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  268|   
#  269|   			if (!p11_array_push (tokens, token))
#  270|-> 				return_val_if_reached (false);
#  271|   
#  272|   			free (base);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def336]
p11-kit-0.25.8/trust/module.c:279:1: warning[-Wanalyzer-malloc-leak]: leak of ‘remaining’
p11-kit-0.25.8/trust/module.c:230:29: acquire_memory: allocated here
p11-kit-0.25.8/trust/module.c:231:9: branch_true: following ‘true’ branch (when ‘remaining’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:231:9: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:233:16: branch_true: following ‘true’ branch (when ‘remaining’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:235:23: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:236:20: branch_true: following ‘true’ branch (when ‘pos’ is NULL)...
p11-kit-0.25.8/trust/module.c:243:21: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:243:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:245:47: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:252:37: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:253:36: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:254:41: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:252:37: branch_false: following ‘false’ branch (when ‘label’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:261:28: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:261:28: branch_false: following ‘false’ branch (when ‘label’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:266:33: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:267:25: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/module.c:267:25: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:279:1: danger: ‘remaining’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  277|   	free (alloc);
#  278|   	return true;
#  279|-> }
#  280|   
#  281|   static void

Error: GCC_ANALYZER_WARNING (CWE-401): [#def337]
p11-kit-0.25.8/trust/module.c:1224:47: warning[-Wanalyzer-malloc-leak]: leak of ‘find’
p11-kit-0.25.8/trust/module.c:1170:1: enter_function: entry to ‘sys_C_FindObjectsInit’
p11-kit-0.25.8/trust/module.c:1202:22: call_function: calling ‘lookup_session’ from ‘sys_C_FindObjectsInit’
p11-kit-0.25.8/trust/module.c:1202:22: return_function: returning to ‘sys_C_FindObjectsInit’ from ‘lookup_session’
p11-kit-0.25.8/trust/module.c:1205:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:1206:28: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1208:28: branch_false: following ‘false’ branch (when ‘want_token_objects == 0’)...
p11-kit-0.25.8/trust/module.c:1219:32: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:1219:32: acquire_memory: allocated here
p11-kit-0.25.8/trust/module.c:1220:25: branch_true: following ‘true’ branch (when ‘find’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:1224:47: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1224:47: throw: if ‘p11_attrs_buildn’ throws an exception...
p11-kit-0.25.8/trust/module.c:1224:47: danger: ‘find’ leaks here; was allocated at [(11)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/10)
# 1222|   			/* Make a snapshot of what we're matching */
# 1223|   			if (find) {
# 1224|-> 				find->match = p11_attrs_buildn (NULL, template, count);
# 1225|   				warn_if_fail (find->match != NULL);
# 1226|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def338]
p11-kit-0.25.8/trust/module.c:1225:33: warning[-Wanalyzer-malloc-leak]: leak of ‘find’
p11-kit-0.25.8/trust/module.c:1170:1: enter_function: entry to ‘sys_C_FindObjectsInit’
p11-kit-0.25.8/trust/module.c:1202:22: call_function: calling ‘lookup_session’ from ‘sys_C_FindObjectsInit’
p11-kit-0.25.8/trust/module.c:1202:22: return_function: returning to ‘sys_C_FindObjectsInit’ from ‘lookup_session’
p11-kit-0.25.8/trust/module.c:1205:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:1206:28: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1208:28: branch_false: following ‘false’ branch (when ‘want_token_objects == 0’)...
p11-kit-0.25.8/trust/module.c:1219:32: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:1219:32: acquire_memory: allocated here
p11-kit-0.25.8/trust/module.c:1220:25: branch_true: following ‘true’ branch (when ‘find’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:1224:47: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1225:33: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/module.c:1225:33: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:1225:33: throw: if ‘p11_debug_precond’ throws an exception...
p11-kit-0.25.8/trust/module.c:1225:33: danger: ‘find’ leaks here; was allocated at [(11)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/10)
# 1223|   			if (find) {
# 1224|   				find->match = p11_attrs_buildn (NULL, template, count);
# 1225|-> 				warn_if_fail (find->match != NULL);
# 1226|   
# 1227|   				/* Build a session snapshot of all objects */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def339]
p11-kit-0.25.8/trust/module.c:1229:50: warning[-Wanalyzer-malloc-leak]: leak of ‘find’
p11-kit-0.25.8/trust/module.c:1170:1: enter_function: entry to ‘sys_C_FindObjectsInit’
p11-kit-0.25.8/trust/module.c:1202:22: call_function: calling ‘lookup_session’ from ‘sys_C_FindObjectsInit’
p11-kit-0.25.8/trust/module.c:1202:22: return_function: returning to ‘sys_C_FindObjectsInit’ from ‘lookup_session’
p11-kit-0.25.8/trust/module.c:1205:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:1206:28: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1208:28: branch_false: following ‘false’ branch (when ‘want_token_objects == 0’)...
p11-kit-0.25.8/trust/module.c:1219:32: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:1219:32: acquire_memory: allocated here
p11-kit-0.25.8/trust/module.c:1220:25: branch_true: following ‘true’ branch (when ‘find’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:1224:47: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1229:50: throw: if ‘p11_index_snapshot’ throws an exception...
p11-kit-0.25.8/trust/module.c:1229:50: danger: ‘find’ leaks here; was allocated at [(11)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/10)
# 1227|   				/* Build a session snapshot of all objects */
# 1228|   				find->iterator = 0;
# 1229|-> 				find->snapshot = p11_index_snapshot (indices[0], indices[1], template, count);
# 1230|   				warn_if_fail (find->snapshot != NULL);
# 1231|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def340]
p11-kit-0.25.8/trust/module.c:1230:33: warning[-Wanalyzer-malloc-leak]: leak of ‘find’
p11-kit-0.25.8/trust/module.c:1170:1: enter_function: entry to ‘sys_C_FindObjectsInit’
p11-kit-0.25.8/trust/module.c:1202:22: call_function: calling ‘lookup_session’ from ‘sys_C_FindObjectsInit’
p11-kit-0.25.8/trust/module.c:1202:22: return_function: returning to ‘sys_C_FindObjectsInit’ from ‘lookup_session’
p11-kit-0.25.8/trust/module.c:1205:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:1206:28: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1208:28: branch_false: following ‘false’ branch (when ‘want_token_objects == 0’)...
p11-kit-0.25.8/trust/module.c:1219:32: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:1219:32: acquire_memory: allocated here
p11-kit-0.25.8/trust/module.c:1220:25: branch_true: following ‘true’ branch (when ‘find’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:1224:47: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1230:33: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/module.c:1230:33: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:1230:33: throw: if ‘p11_debug_precond’ throws an exception...
p11-kit-0.25.8/trust/module.c:1230:33: danger: ‘find’ leaks here; was allocated at [(11)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/10)
# 1228|   				find->iterator = 0;
# 1229|   				find->snapshot = p11_index_snapshot (indices[0], indices[1], template, count);
# 1230|-> 				warn_if_fail (find->snapshot != NULL);
# 1231|   
# 1232|   				if (p11_attrs_find_ulong (find->match, CKA_CLASS, &klass) &&

Error: GCC_ANALYZER_WARNING (CWE-401): [#def341]
p11-kit-0.25.8/trust/module.c:1232:37: warning[-Wanalyzer-malloc-leak]: leak of ‘find’
p11-kit-0.25.8/trust/module.c:1170:1: enter_function: entry to ‘sys_C_FindObjectsInit’
p11-kit-0.25.8/trust/module.c:1202:22: call_function: calling ‘lookup_session’ from ‘sys_C_FindObjectsInit’
p11-kit-0.25.8/trust/module.c:1202:22: return_function: returning to ‘sys_C_FindObjectsInit’ from ‘lookup_session’
p11-kit-0.25.8/trust/module.c:1205:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:1206:28: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1208:28: branch_false: following ‘false’ branch (when ‘want_token_objects == 0’)...
p11-kit-0.25.8/trust/module.c:1219:32: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:1219:32: acquire_memory: allocated here
p11-kit-0.25.8/trust/module.c:1220:25: branch_true: following ‘true’ branch (when ‘find’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:1224:47: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1232:37: throw: if ‘p11_attrs_find_ulong’ throws an exception...
p11-kit-0.25.8/trust/module.c:1232:37: danger: ‘find’ leaks here; was allocated at [(11)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/10)
# 1230|   				warn_if_fail (find->snapshot != NULL);
# 1231|   
# 1232|-> 				if (p11_attrs_find_ulong (find->match, CKA_CLASS, &klass) &&
# 1233|   				    klass == CKO_X_CERTIFICATE_EXTENSION) {
# 1234|   					find->public_key = p11_attrs_find (find->match, CKA_PUBLIC_KEY_INFO);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def342]
p11-kit-0.25.8/trust/module.c:1234:60: warning[-Wanalyzer-malloc-leak]: leak of ‘find’
p11-kit-0.25.8/trust/module.c:1170:1: enter_function: entry to ‘sys_C_FindObjectsInit’
p11-kit-0.25.8/trust/module.c:1202:22: call_function: calling ‘lookup_session’ from ‘sys_C_FindObjectsInit’
p11-kit-0.25.8/trust/module.c:1202:22: return_function: returning to ‘sys_C_FindObjectsInit’ from ‘lookup_session’
p11-kit-0.25.8/trust/module.c:1205:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:1206:28: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1208:28: branch_false: following ‘false’ branch (when ‘want_token_objects == 0’)...
p11-kit-0.25.8/trust/module.c:1219:32: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:1219:32: acquire_memory: allocated here
p11-kit-0.25.8/trust/module.c:1220:25: branch_true: following ‘true’ branch (when ‘find’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:1224:47: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1232:36: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:1233:37: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1232:37: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:1234:60: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1234:60: throw: if ‘p11_attrs_find’ throws an exception...
p11-kit-0.25.8/trust/module.c:1234:60: danger: ‘find’ leaks here; was allocated at [(11)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/10)
# 1232|   				if (p11_attrs_find_ulong (find->match, CKA_CLASS, &klass) &&
# 1233|   				    klass == CKO_X_CERTIFICATE_EXTENSION) {
# 1234|-> 					find->public_key = p11_attrs_find (find->match, CKA_PUBLIC_KEY_INFO);
# 1235|   					find->extensions = p11_dict_new (p11_oid_hash,
# 1236|   									 p11_oid_equal,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def343]
p11-kit-0.25.8/trust/module.c:1235:60: warning[-Wanalyzer-malloc-leak]: leak of ‘find’
p11-kit-0.25.8/trust/module.c:1170:1: enter_function: entry to ‘sys_C_FindObjectsInit’
p11-kit-0.25.8/trust/module.c:1202:22: call_function: calling ‘lookup_session’ from ‘sys_C_FindObjectsInit’
p11-kit-0.25.8/trust/module.c:1202:22: return_function: returning to ‘sys_C_FindObjectsInit’ from ‘lookup_session’
p11-kit-0.25.8/trust/module.c:1205:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:1206:28: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1208:28: branch_false: following ‘false’ branch (when ‘want_token_objects == 0’)...
p11-kit-0.25.8/trust/module.c:1219:32: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:1219:32: acquire_memory: allocated here
p11-kit-0.25.8/trust/module.c:1220:25: branch_true: following ‘true’ branch (when ‘find’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:1224:47: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1232:36: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:1233:37: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1232:37: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:1234:60: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1235:60: throw: if ‘p11_dict_new’ throws an exception...
p11-kit-0.25.8/trust/module.c:1235:60: danger: ‘find’ leaks here; was allocated at [(11)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/10)
# 1233|   				    klass == CKO_X_CERTIFICATE_EXTENSION) {
# 1234|   					find->public_key = p11_attrs_find (find->match, CKA_PUBLIC_KEY_INFO);
# 1235|-> 					find->extensions = p11_dict_new (p11_oid_hash,
# 1236|   									 p11_oid_equal,
# 1237|   									 free, NULL);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def344]
p11-kit-0.25.8/trust/module.c:1244:33: warning[-Wanalyzer-malloc-leak]: leak of ‘find’
p11-kit-0.25.8/trust/module.c:1170:1: enter_function: entry to ‘sys_C_FindObjectsInit’
p11-kit-0.25.8/trust/module.c:1202:22: call_function: calling ‘lookup_session’ from ‘sys_C_FindObjectsInit’
p11-kit-0.25.8/trust/module.c:1202:22: return_function: returning to ‘sys_C_FindObjectsInit’ from ‘lookup_session’
p11-kit-0.25.8/trust/module.c:1205:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:1206:28: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1208:28: branch_false: following ‘false’ branch (when ‘want_token_objects == 0’)...
p11-kit-0.25.8/trust/module.c:1219:32: branch_false: ...to here
p11-kit-0.25.8/trust/module.c:1219:32: acquire_memory: allocated here
p11-kit-0.25.8/trust/module.c:1220:25: branch_true: following ‘true’ branch (when ‘find’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:1224:47: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1241:29: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/module.c:1244:33: throw: if ‘p11_session_set_operation’ throws an exception...
p11-kit-0.25.8/trust/module.c:1244:33: danger: ‘find’ leaks here; was allocated at [(11)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/10)
# 1242|   				rv = CKR_HOST_MEMORY;
# 1243|   			else
# 1244|-> 				p11_session_set_operation (session, find_objects_free, find);
# 1245|   		}
# 1246|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def345]
p11-kit-0.25.8/trust/module.c:1251:16: warning[-Wanalyzer-malloc-leak]: leak of ‘find’
p11-kit-0.25.8/trust/module.c:1170:1: enter_function: entry to ‘sys_C_FindObjectsInit’
p11-kit-0.25.8/trust/module.c:1202:22: call_function: calling ‘lookup_session’ from ‘sys_C_FindObjectsInit’
p11-kit-0.25.8/trust/module.c:1202:22: return_function: returning to ‘sys_C_FindObjectsInit’ from ‘lookup_session’
p11-kit-0.25.8/trust/module.c:1205:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:1206:28: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1219:32: acquire_memory: allocated here
p11-kit-0.25.8/trust/module.c:1220:25: branch_true: following ‘true’ branch (when ‘find’ is non-NULL)...
p11-kit-0.25.8/trust/module.c:1224:47: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1232:36: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:1233:37: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1232:37: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/module.c:1234:60: branch_true: ...to here
p11-kit-0.25.8/trust/module.c:1251:16: danger: ‘find’ leaks here; was allocated at [(9)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/8)
# 1249|   	p11_debug ("out: 0x%lx", rv);
# 1250|   
# 1251|-> 	return rv;
# 1252|   }
# 1253|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def346]
p11-kit-0.25.8/trust/parser.c:707:22: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
p11-kit-0.25.8/trust/parser.c:700:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/parser.c:702:9: branch_true: ...to here
p11-kit-0.25.8/trust/parser.c:702:9: acquire_resource: ‘va_start’ called here
p11-kit-0.25.8/trust/parser.c:705:20: branch_false: following ‘false’ branch (when ‘func’ is non-NULL)...
p11-kit-0.25.8/trust/parser.c:707:22: branch_false: ...to here
p11-kit-0.25.8/trust/parser.c:707:22: throw: if ‘p11_array_push’ throws an exception...
p11-kit-0.25.8/trust/parser.c:707:22: danger: missing call to ‘va_end’ to match ‘va_start’ at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  705|   		if (func == NULL)
#  706|   			break;
#  707|-> 		if (!p11_array_push (formats, func)) {
#  708|   			va_end (va);
#  709|   			return_if_reached ();

Error: GCC_ANALYZER_WARNING (CWE-401): [#def347]
p11-kit-0.25.8/trust/save.c:195:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
p11-kit-0.25.8/trust/save.c:338:1: enter_function: entry to ‘p11_save_open_directory’
p11-kit-0.25.8/trust/save.c:347:9: branch_true: following ‘true’ branch (when ‘path’ is non-NULL)...
p11-kit-0.25.8/trust/save.c:351:13: branch_true: ...to here
p11-kit-0.25.8/trust/save.c:391:9: branch_true: following ‘true’ branch (when ‘dir’ is non-NULL)...
p11-kit-0.25.8/trust/save.c:393:21: branch_true: ...to here
p11-kit-0.25.8/trust/save.c:393:21: acquire_memory: allocated here
p11-kit-0.25.8/trust/save.c:394:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/save.c:399:22: branch_false: ...to here
p11-kit-0.25.8/trust/save.c:400:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/save.c:401:17: branch_true: ...to here
p11-kit-0.25.8/trust/save.c:401:17: call_function: calling ‘dir_free’ from ‘p11_save_open_directory’
#  193|   static void
#  194|   dir_free (p11_save_dir *dir) {
#  195|-> 	p11_dict_free (dir->cache);
#  196|   	free (dir->path);
#  197|   	free (dir);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def348]
p11-kit-0.25.8/trust/save.c:195:9: warning[-Wanalyzer-malloc-leak]: leak of ‘dir’
p11-kit-0.25.8/trust/save.c:338:1: enter_function: entry to ‘p11_save_open_directory’
p11-kit-0.25.8/trust/save.c:347:9: branch_true: following ‘true’ branch (when ‘path’ is non-NULL)...
p11-kit-0.25.8/trust/save.c:351:13: branch_true: ...to here
p11-kit-0.25.8/trust/save.c:390:15: acquire_memory: allocated here
p11-kit-0.25.8/trust/save.c:391:9: branch_true: following ‘true’ branch (when ‘dir’ is non-NULL)...
p11-kit-0.25.8/trust/save.c:393:21: branch_true: ...to here
p11-kit-0.25.8/trust/save.c:394:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/save.c:395:17: branch_true: ...to here
p11-kit-0.25.8/trust/save.c:395:17: call_function: calling ‘dir_free’ from ‘p11_save_open_directory’
#  193|   static void
#  194|   dir_free (p11_save_dir *dir) {
#  195|-> 	p11_dict_free (dir->cache);
#  196|   	free (dir->path);
#  197|   	free (dir);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def349]
p11-kit-0.25.8/trust/save.c:399:22: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
p11-kit-0.25.8/trust/save.c:347:9: branch_true: following ‘true’ branch (when ‘path’ is non-NULL)...
p11-kit-0.25.8/trust/save.c:351:13: branch_true: ...to here
p11-kit-0.25.8/trust/save.c:391:9: branch_true: following ‘true’ branch (when ‘dir’ is non-NULL)...
p11-kit-0.25.8/trust/save.c:393:21: branch_true: ...to here
p11-kit-0.25.8/trust/save.c:393:21: acquire_memory: allocated here
p11-kit-0.25.8/trust/save.c:394:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/save.c:399:22: branch_false: ...to here
p11-kit-0.25.8/trust/save.c:399:22: throw: if ‘p11_dict_new’ throws an exception...
p11-kit-0.25.8/trust/save.c:399:22: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#  397|   	}
#  398|   
#  399|-> 	dir->cache = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL);
#  400|   	if (dir->cache == NULL) {
#  401|   		dir_free (dir);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def350]
p11-kit-0.25.8/trust/save.c:399:22: warning[-Wanalyzer-malloc-leak]: leak of ‘dir’
p11-kit-0.25.8/trust/save.c:347:9: branch_true: following ‘true’ branch (when ‘path’ is non-NULL)...
p11-kit-0.25.8/trust/save.c:351:13: branch_true: ...to here
p11-kit-0.25.8/trust/save.c:390:15: acquire_memory: allocated here
p11-kit-0.25.8/trust/save.c:391:9: branch_true: following ‘true’ branch (when ‘dir’ is non-NULL)...
p11-kit-0.25.8/trust/save.c:393:21: branch_true: ...to here
p11-kit-0.25.8/trust/save.c:394:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/save.c:399:22: branch_false: ...to here
p11-kit-0.25.8/trust/save.c:399:22: throw: if ‘p11_dict_new’ throws an exception...
p11-kit-0.25.8/trust/save.c:399:22: danger: ‘dir’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  397|   	}
#  398|   
#  399|-> 	dir->cache = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL);
#  400|   	if (dir->cache == NULL) {
#  401|   		dir_free (dir);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def351]
p11-kit-0.25.8/trust/save.c:590:18: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(directory)’
p11-kit-0.25.8/trust/save.c:584:15: acquire_memory: allocated here
p11-kit-0.25.8/trust/save.c:585:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/save.c:590:18: branch_false: ...to here
p11-kit-0.25.8/trust/save.c:590:18: throw: if ‘p11_dict_new’ throws an exception...
p11-kit-0.25.8/trust/save.c:590:18: danger: ‘opendir(directory)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  588|   	}
#  589|   
#  590|-> 	remove = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL);
#  591|   
#  592|   	while ((dp = readdir (dir)) != NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def352]
p11-kit-0.25.8/trust/save.c:592:22: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(directory)’
p11-kit-0.25.8/trust/save.c:584:15: acquire_memory: allocated here
p11-kit-0.25.8/trust/save.c:585:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/save.c:590:18: branch_false: ...to here
p11-kit-0.25.8/trust/save.c:592:22: throw: if ‘readdir’ throws an exception...
p11-kit-0.25.8/trust/save.c:592:22: danger: ‘opendir(directory)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  590|   	remove = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL);
#  591|   
#  592|-> 	while ((dp = readdir (dir)) != NULL) {
#  593|   		if (p11_dict_get (cache, dp->d_name))
#  594|   			continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def353]
p11-kit-0.25.8/trust/session.c:59:27: warning[-Wanalyzer-malloc-leak]: leak of ‘session’
p11-kit-0.25.8/trust/session.c:56:19: acquire_memory: allocated here
p11-kit-0.25.8/trust/session.c:57:9: branch_true: following ‘true’ branch (when ‘session’ is non-NULL)...
p11-kit-0.25.8/trust/session.c:59:27: branch_true: ...to here
p11-kit-0.25.8/trust/session.c:59:27: throw: if ‘p11_module_next_id’ throws an exception...
p11-kit-0.25.8/trust/session.c:59:27: danger: ‘session’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   57|   	return_val_if_fail (session != NULL, NULL);
#   58|   
#   59|-> 	session->handle = p11_module_next_id ();
#   60|   
#   61|   	session->builder = p11_builder_new (P11_BUILDER_FLAG_NONE);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def354]
p11-kit-0.25.8/trust/session.c:61:28: warning[-Wanalyzer-malloc-leak]: leak of ‘session’
p11-kit-0.25.8/trust/session.c:56:19: acquire_memory: allocated here
p11-kit-0.25.8/trust/session.c:57:9: branch_true: following ‘true’ branch (when ‘session’ is non-NULL)...
p11-kit-0.25.8/trust/session.c:59:27: branch_true: ...to here
p11-kit-0.25.8/trust/session.c:61:28: throw: if ‘p11_builder_new’ throws an exception...
p11-kit-0.25.8/trust/session.c:61:28: danger: ‘session’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   59|   	session->handle = p11_module_next_id ();
#   60|   
#   61|-> 	session->builder = p11_builder_new (P11_BUILDER_FLAG_NONE);
#   62|   	if (session->builder == NULL) {
#   63|   		p11_session_free (session);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def355]
p11-kit-0.25.8/trust/session.c:67:26: warning[-Wanalyzer-malloc-leak]: leak of ‘session’
p11-kit-0.25.8/trust/session.c:56:19: acquire_memory: allocated here
p11-kit-0.25.8/trust/session.c:57:9: branch_true: following ‘true’ branch (when ‘session’ is non-NULL)...
p11-kit-0.25.8/trust/session.c:59:27: branch_true: ...to here
p11-kit-0.25.8/trust/session.c:62:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/session.c:67:26: branch_false: ...to here
p11-kit-0.25.8/trust/session.c:67:26: throw: if ‘p11_index_new’ throws an exception...
p11-kit-0.25.8/trust/session.c:67:26: danger: ‘session’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#   65|   	}
#   66|   
#   67|-> 	session->index = p11_index_new (p11_builder_build, NULL, NULL,
#   68|   	                                p11_builder_changed,
#   69|   	                                session->builder);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def356]
p11-kit-0.25.8/trust/session.c:86:9: warning[-Wanalyzer-malloc-leak]: leak of ‘session’
p11-kit-0.25.8/trust/session.c:52:1: enter_function: entry to ‘p11_session_new’
p11-kit-0.25.8/trust/session.c:56:19: acquire_memory: allocated here
p11-kit-0.25.8/trust/session.c:57:9: branch_true: following ‘true’ branch (when ‘session’ is non-NULL)...
p11-kit-0.25.8/trust/session.c:59:27: branch_true: ...to here
p11-kit-0.25.8/trust/session.c:62:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/session.c:63:17: branch_true: ...to here
p11-kit-0.25.8/trust/session.c:63:17: call_function: calling ‘p11_session_free’ from ‘p11_session_new’
#   84|   
#   85|   	p11_session_set_operation (session, NULL, NULL);
#   86|-> 	p11_builder_free (session->builder);
#   87|   	p11_index_free (session->index);
#   88|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def357]
p11-kit-0.25.8/trust/session.c:87:9: warning[-Wanalyzer-malloc-leak]: leak of ‘session’
p11-kit-0.25.8/trust/session.c:52:1: enter_function: entry to ‘p11_session_new’
p11-kit-0.25.8/trust/session.c:56:19: acquire_memory: allocated here
p11-kit-0.25.8/trust/session.c:57:9: branch_true: following ‘true’ branch (when ‘session’ is non-NULL)...
p11-kit-0.25.8/trust/session.c:59:27: branch_true: ...to here
p11-kit-0.25.8/trust/session.c:62:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/session.c:63:17: branch_true: ...to here
p11-kit-0.25.8/trust/session.c:63:17: call_function: calling ‘p11_session_free’ from ‘p11_session_new’
#   85|   	p11_session_set_operation (session, NULL, NULL);
#   86|   	p11_builder_free (session->builder);
#   87|-> 	p11_index_free (session->index);
#   88|   
#   89|   	free (session);

Error: CPPCHECK_WARNING (CWE-476): [#def358]
p11-kit-0.25.8/trust/test-digest.c:88: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: input
#   86|   	input = malloc (1000000);
#   87|   	assert (input != NULL);
#   88|-> 	memset (input, 'a', 1000000);
#   89|   
#   90|   	p11_digest_sha1 (checksum, input, 1000000, NULL);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def359]
p11-kit-0.25.8/trust/test-digest.c:90:9: warning[-Wanalyzer-malloc-leak]: leak of ‘input’
p11-kit-0.25.8/trust/test-digest.c:86:17: acquire_memory: allocated here
p11-kit-0.25.8/trust/test-digest.c:87:9: branch_true: following ‘true’ branch (when ‘input’ is non-NULL)...
p11-kit-0.25.8/trust/test-digest.c:88:9: branch_true: ...to here
p11-kit-0.25.8/trust/test-digest.c:90:9: throw: if ‘p11_digest_sha1’ throws an exception...
p11-kit-0.25.8/trust/test-digest.c:90:9: danger: ‘input’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   88|   	memset (input, 'a', 1000000);
#   89|   
#   90|-> 	p11_digest_sha1 (checksum, input, 1000000, NULL);
#   91|   	assert (memcmp (expected, checksum, P11_DIGEST_SHA1_LEN) == 0);
#   92|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def360]
p11-kit-0.25.8/trust/test-edk2.c:159:24: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
p11-kit-0.25.8/trust/test-edk2.c:157:9: acquire_resource: ‘va_start’ called here
p11-kit-0.25.8/trust/test-edk2.c:158:16: branch_true: following ‘true’ branch (when ‘attrs’ is non-NULL)...
p11-kit-0.25.8/trust/test-edk2.c:159:24: branch_true: ...to here
p11-kit-0.25.8/trust/test-edk2.c:159:24: throw: if ‘p11_attrs_dup’ throws an exception...
p11-kit-0.25.8/trust/test-edk2.c:159:24: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  157|   	va_start (va, attrs);
#  158|   	while (attrs != NULL) {
#  159|-> 		copy = p11_attrs_build (p11_attrs_dup (attrs), &id, NULL);
#  160|   		assert (copy != NULL);
#  161|   		mock_module_take_object (MOCK_SLOT_ONE_ID, copy);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def361]
p11-kit-0.25.8/trust/test-edk2.c:160:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
p11-kit-0.25.8/trust/test-edk2.c:157:9: acquire_resource: ‘va_start’ called here
p11-kit-0.25.8/trust/test-edk2.c:158:16: branch_true: following ‘true’ branch (when ‘attrs’ is non-NULL)...
p11-kit-0.25.8/trust/test-edk2.c:159:24: branch_true: ...to here
p11-kit-0.25.8/trust/test-edk2.c:160:17: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/trust/test-edk2.c:160:17: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  158|   	while (attrs != NULL) {
#  159|   		copy = p11_attrs_build (p11_attrs_dup (attrs), &id, NULL);
#  160|-> 		assert (copy != NULL);
#  161|   		mock_module_take_object (MOCK_SLOT_ONE_ID, copy);
#  162|   		attrs = va_arg (va, const CK_ATTRIBUTE *);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def362]
p11-kit-0.25.8/trust/test-edk2.c:161:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
p11-kit-0.25.8/trust/test-edk2.c:157:9: acquire_resource: ‘va_start’ called here
p11-kit-0.25.8/trust/test-edk2.c:158:16: branch_true: following ‘true’ branch (when ‘attrs’ is non-NULL)...
p11-kit-0.25.8/trust/test-edk2.c:159:24: branch_true: ...to here
p11-kit-0.25.8/trust/test-edk2.c:160:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-edk2.c:161:17: branch_true: ...to here
p11-kit-0.25.8/trust/test-edk2.c:161:17: throw: if ‘mock_module_take_object’ throws an exception...
p11-kit-0.25.8/trust/test-edk2.c:161:17: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  159|   		copy = p11_attrs_build (p11_attrs_dup (attrs), &id, NULL);
#  160|   		assert (copy != NULL);
#  161|-> 		mock_module_take_object (MOCK_SLOT_ONE_ID, copy);
#  162|   		attrs = va_arg (va, const CK_ATTRIBUTE *);
#  163|   	}

Error: GCC_ANALYZER_WARNING (CWE-686): [#def363]
p11-kit-0.25.8/trust/test-index.c:415:17: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘CK_OBJECT_HANDLE’ {{aka ‘long unsigned int’}} but received ‘int’ for variadic argument 1 of ‘va’
p11-kit-0.25.8/trust/test-index.c:434:1: enter_function: entry to ‘test_find_all’
p11-kit-0.25.8/trust/test-index.c:511:9: call_function: calling ‘handles_are’ from ‘test_find_all’ with 2 variadic arguments
#  413|   
#  414|   	for (count = 0; matched; count++) {
#  415|-> 		handle = va_arg (va, CK_OBJECT_HANDLE);
#  416|   		if (handle == 0)
#  417|   			break;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def364]
p11-kit-0.25.8/trust/test-jks.c:154:24: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
p11-kit-0.25.8/trust/test-jks.c:152:9: acquire_resource: ‘va_start’ called here
p11-kit-0.25.8/trust/test-jks.c:153:16: branch_true: following ‘true’ branch (when ‘attrs’ is non-NULL)...
p11-kit-0.25.8/trust/test-jks.c:154:24: branch_true: ...to here
p11-kit-0.25.8/trust/test-jks.c:154:24: throw: if ‘p11_attrs_dup’ throws an exception...
p11-kit-0.25.8/trust/test-jks.c:154:24: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  152|   	va_start (va, attrs);
#  153|   	while (attrs != NULL) {
#  154|-> 		copy = p11_attrs_build (p11_attrs_dup (attrs), &id, NULL);
#  155|   		assert (copy != NULL);
#  156|   		mock_module_take_object (MOCK_SLOT_ONE_ID, copy);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def365]
p11-kit-0.25.8/trust/test-jks.c:155:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
p11-kit-0.25.8/trust/test-jks.c:152:9: acquire_resource: ‘va_start’ called here
p11-kit-0.25.8/trust/test-jks.c:153:16: branch_true: following ‘true’ branch (when ‘attrs’ is non-NULL)...
p11-kit-0.25.8/trust/test-jks.c:154:24: branch_true: ...to here
p11-kit-0.25.8/trust/test-jks.c:155:17: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/trust/test-jks.c:155:17: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  153|   	while (attrs != NULL) {
#  154|   		copy = p11_attrs_build (p11_attrs_dup (attrs), &id, NULL);
#  155|-> 		assert (copy != NULL);
#  156|   		mock_module_take_object (MOCK_SLOT_ONE_ID, copy);
#  157|   		attrs = va_arg (va, const CK_ATTRIBUTE *);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def366]
p11-kit-0.25.8/trust/test-jks.c:156:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
p11-kit-0.25.8/trust/test-jks.c:152:9: acquire_resource: ‘va_start’ called here
p11-kit-0.25.8/trust/test-jks.c:153:16: branch_true: following ‘true’ branch (when ‘attrs’ is non-NULL)...
p11-kit-0.25.8/trust/test-jks.c:154:24: branch_true: ...to here
p11-kit-0.25.8/trust/test-jks.c:155:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-jks.c:156:17: branch_true: ...to here
p11-kit-0.25.8/trust/test-jks.c:156:17: throw: if ‘mock_module_take_object’ throws an exception...
p11-kit-0.25.8/trust/test-jks.c:156:17: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  154|   		copy = p11_attrs_build (p11_attrs_dup (attrs), &id, NULL);
#  155|   		assert (copy != NULL);
#  156|-> 		mock_module_take_object (MOCK_SLOT_ONE_ID, copy);
#  157|   		attrs = va_arg (va, const CK_ATTRIBUTE *);
#  158|   	}

Error: CPPCHECK_WARNING (CWE-476): [#def367]
p11-kit-0.25.8/trust/test-module.c:203: warning[nullPointerOutOfResources]: If resource allocation fails, then there is a possible null pointer dereference: f
#  201|   	test.unreadable = p11_path_build (anchors, "unreadable", NULL);
#  202|   	f = fopen (test.unreadable, "w");
#  203|-> 	fwrite ("foo", 3, 1, f);
#  204|   	fclose (f);
#  205|   	chmod (test.unreadable, 0);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def368]
p11-kit-0.25.8/trust/test-module.c:203:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘fopen(p11_path_build(p11_path_build(p11_test_directory("test-module"), "anchors", 0), "unreadable", 0), "w")’ where non-null expected
p11-kit-0.25.8/trust/test-module.c:190:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:192:26: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:202:13: acquire_memory: this call could return NULL
p11-kit-0.25.8/trust/test-module.c:203:9: danger: argument 4 (‘fopen(p11_path_build(p11_path_build(p11_test_directory("test-module"), "anchors", 0), "unreadable", 0), "w")’) from [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) could be NULL where non-null expected
#  201|   	test.unreadable = p11_path_build (anchors, "unreadable", NULL);
#  202|   	f = fopen (test.unreadable, "w");
#  203|-> 	fwrite ("foo", 3, 1, f);
#  204|   	fclose (f);
#  205|   	chmod (test.unreadable, 0);

Error: CPPCHECK_WARNING (CWE-476): [#def369]
p11-kit-0.25.8/trust/test-module.c:204: warning[nullPointerOutOfResources]: If resource allocation fails, then there is a possible null pointer dereference: f
#  202|   	f = fopen (test.unreadable, "w");
#  203|   	fwrite ("foo", 3, 1, f);
#  204|-> 	fclose (f);
#  205|   	chmod (test.unreadable, 0);
#  206|   

Error: CPPCHECK_WARNING (CWE-476): [#def370]
p11-kit-0.25.8/trust/test-module.c:210: warning[nullPointerOutOfResources]: If resource allocation fails, then there is a possible null pointer dereference: f
#  208|   	ff = fopen (p, "w");
#  209|   	f = fopen (SRCDIR "/trust/fixtures/thawte.pem", "r");
#  210|-> 	while (!feof (f)) {
#  211|   		size_t size;
#  212|   		size = fread (buffer, 1, sizeof (buffer), f);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def371]
p11-kit-0.25.8/trust/test-module.c:210:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘fopen("/builddir/build/BUILD/p11-kit-0.25.8/trust/fixtures/thawte.pem", "r")’ where non-null expected
p11-kit-0.25.8/trust/test-module.c:190:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:192:26: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:209:13: acquire_memory: this call could return NULL
p11-kit-0.25.8/trust/test-module.c:210:17: danger: argument 1 (‘fopen("/builddir/build/BUILD/p11-kit-0.25.8/trust/fixtures/thawte.pem", "r")’) from [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2) could be NULL where non-null expected
#  208|   	ff = fopen (p, "w");
#  209|   	f = fopen (SRCDIR "/trust/fixtures/thawte.pem", "r");
#  210|-> 	while (!feof (f)) {
#  211|   		size_t size;
#  212|   		size = fread (buffer, 1, sizeof (buffer), f);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def372]
p11-kit-0.25.8/trust/test-module.c:214:25: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen("/builddir/build/BUILD/p11-kit-0.25.8/trust/fixtures/thawte.pem", "r")’
p11-kit-0.25.8/trust/test-module.c:190:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:192:26: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:209:13: acquire_resource: opened here
p11-kit-0.25.8/trust/test-module.c:210:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:212:24: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:213:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:214:25: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:214:25: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/trust/test-module.c:214:25: danger: ‘fopen("/builddir/build/BUILD/p11-kit-0.25.8/trust/fixtures/thawte.pem", "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  212|   		size = fread (buffer, 1, sizeof (buffer), f);
#  213|   		if (ferror (f))
#  214|-> 			assert_fail ("fread()",
#  215|   				     SRCDIR "/trust/fixtures/thawte.pem");
#  216|   		fwrite (buffer, 1, size, ff);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def373]
p11-kit-0.25.8/trust/test-module.c:214:25: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(p11_path_build(p11_path_build(p11_test_directory("test-module"), "anchors", 0), "thawte", 0), "w")’
p11-kit-0.25.8/trust/test-module.c:190:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:192:26: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:208:14: acquire_resource: opened here
p11-kit-0.25.8/trust/test-module.c:210:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:212:24: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:213:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:214:25: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:214:25: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/trust/test-module.c:214:25: danger: ‘fopen(p11_path_build(p11_path_build(p11_test_directory("test-module"), "anchors", 0), "thawte", 0), "w")’ leaks here; was opened at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  212|   		size = fread (buffer, 1, sizeof (buffer), f);
#  213|   		if (ferror (f))
#  214|-> 			assert_fail ("fread()",
#  215|   				     SRCDIR "/trust/fixtures/thawte.pem");
#  216|   		fwrite (buffer, 1, size, ff);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def374]
p11-kit-0.25.8/trust/test-module.c:214:25: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen("/builddir/build/BUILD/p11-kit-0.25.8/trust/fixtures/thawte.pem", "r")’
p11-kit-0.25.8/trust/test-module.c:190:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:192:26: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:209:13: acquire_memory: allocated here
p11-kit-0.25.8/trust/test-module.c:210:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:212:24: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:213:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:214:25: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:214:25: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/trust/test-module.c:214:25: danger: ‘fopen("/builddir/build/BUILD/p11-kit-0.25.8/trust/fixtures/thawte.pem", "r")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#  212|   		size = fread (buffer, 1, sizeof (buffer), f);
#  213|   		if (ferror (f))
#  214|-> 			assert_fail ("fread()",
#  215|   				     SRCDIR "/trust/fixtures/thawte.pem");
#  216|   		fwrite (buffer, 1, size, ff);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def375]
p11-kit-0.25.8/trust/test-module.c:214:25: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(p11_path_build(p11_path_build(p11_test_directory("test-module"), "anchors", 0), "thawte", 0), "w")’
p11-kit-0.25.8/trust/test-module.c:190:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:192:26: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:208:14: acquire_memory: allocated here
p11-kit-0.25.8/trust/test-module.c:210:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:212:24: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:213:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:214:25: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:214:25: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/trust/test-module.c:214:25: danger: ‘fopen(p11_path_build(p11_path_build(p11_test_directory("test-module"), "anchors", 0), "thawte", 0), "w")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  212|   		size = fread (buffer, 1, sizeof (buffer), f);
#  213|   		if (ferror (f))
#  214|-> 			assert_fail ("fread()",
#  215|   				     SRCDIR "/trust/fixtures/thawte.pem");
#  216|   		fwrite (buffer, 1, size, ff);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def376]
p11-kit-0.25.8/trust/test-module.c:216:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘fopen(p11_path_build(p11_path_build(p11_test_directory("test-module"), "anchors", 0), "thawte", 0), "w")’ where non-null expected
p11-kit-0.25.8/trust/test-module.c:190:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:192:26: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:208:14: acquire_memory: this call could return NULL
p11-kit-0.25.8/trust/test-module.c:210:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:212:24: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:216:17: danger: argument 4 (‘fopen(p11_path_build(p11_path_build(p11_test_directory("test-module"), "anchors", 0), "thawte", 0), "w")’) from [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2) could be NULL where non-null expected
#  214|   			assert_fail ("fread()",
#  215|   				     SRCDIR "/trust/fixtures/thawte.pem");
#  216|-> 		fwrite (buffer, 1, size, ff);
#  217|   		if (ferror (ff))
#  218|   			assert_fail ("write()", p);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def377]
p11-kit-0.25.8/trust/test-module.c:218:25: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen("/builddir/build/BUILD/p11-kit-0.25.8/trust/fixtures/thawte.pem", "r")’
p11-kit-0.25.8/trust/test-module.c:190:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:192:26: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:209:13: acquire_resource: opened here
p11-kit-0.25.8/trust/test-module.c:210:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:212:24: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:218:25: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:218:25: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:218:25: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/trust/test-module.c:218:25: danger: ‘fopen("/builddir/build/BUILD/p11-kit-0.25.8/trust/fixtures/thawte.pem", "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/2)
#  216|   		fwrite (buffer, 1, size, ff);
#  217|   		if (ferror (ff))
#  218|-> 			assert_fail ("write()", p);
#  219|   	}
#  220|   	free (p);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def378]
p11-kit-0.25.8/trust/test-module.c:218:25: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(p11_path_build(p11_path_build(p11_test_directory("test-module"), "anchors", 0), "thawte", 0), "w")’
p11-kit-0.25.8/trust/test-module.c:190:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:192:26: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:208:14: acquire_resource: opened here
p11-kit-0.25.8/trust/test-module.c:210:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:212:24: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:218:25: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:218:25: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:218:25: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/trust/test-module.c:218:25: danger: ‘fopen(p11_path_build(p11_path_build(p11_test_directory("test-module"), "anchors", 0), "thawte", 0), "w")’ leaks here; was opened at [(3)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/2)
#  216|   		fwrite (buffer, 1, size, ff);
#  217|   		if (ferror (ff))
#  218|-> 			assert_fail ("write()", p);
#  219|   	}
#  220|   	free (p);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def379]
p11-kit-0.25.8/trust/test-module.c:218:25: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen("/builddir/build/BUILD/p11-kit-0.25.8/trust/fixtures/thawte.pem", "r")’
p11-kit-0.25.8/trust/test-module.c:190:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:192:26: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:209:13: acquire_memory: allocated here
p11-kit-0.25.8/trust/test-module.c:210:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:212:24: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:218:25: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:218:25: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:218:25: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/trust/test-module.c:218:25: danger: ‘fopen("/builddir/build/BUILD/p11-kit-0.25.8/trust/fixtures/thawte.pem", "r")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/2)
#  216|   		fwrite (buffer, 1, size, ff);
#  217|   		if (ferror (ff))
#  218|-> 			assert_fail ("write()", p);
#  219|   	}
#  220|   	free (p);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def380]
p11-kit-0.25.8/trust/test-module.c:218:25: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(p11_path_build(p11_path_build(p11_test_directory("test-module"), "anchors", 0), "thawte", 0), "w")’
p11-kit-0.25.8/trust/test-module.c:190:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:192:26: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:208:14: acquire_memory: allocated here
p11-kit-0.25.8/trust/test-module.c:210:16: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:212:24: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:218:25: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:218:25: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:218:25: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/trust/test-module.c:218:25: danger: ‘fopen(p11_path_build(p11_path_build(p11_test_directory("test-module"), "anchors", 0), "thawte", 0), "w")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/2)
#  216|   		fwrite (buffer, 1, size, ff);
#  217|   		if (ferror (ff))
#  218|-> 			assert_fail ("write()", p);
#  219|   	}
#  220|   	free (p);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def381]
p11-kit-0.25.8/trust/test-module.c:221:9: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘fopen(p11_path_build(p11_path_build(p11_test_directory("test-module"), "anchors", 0), "thawte", 0), "w")’ where non-null expected
p11-kit-0.25.8/trust/test-module.c:190:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-module.c:192:26: branch_true: ...to here
p11-kit-0.25.8/trust/test-module.c:208:14: acquire_memory: this call could return NULL
p11-kit-0.25.8/trust/test-module.c:210:16: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/test-module.c:220:9: branch_false: ...to here
p11-kit-0.25.8/trust/test-module.c:221:9: danger: argument 1 (‘fopen(p11_path_build(p11_path_build(p11_test_directory("test-module"), "anchors", 0), "thawte", 0), "w")’) from [(3)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/2) could be NULL where non-null expected
#  219|   	}
#  220|   	free (p);
#  221|-> 	fclose (ff);
#  222|   	fclose (f);
#  223|   	free (anchors);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def382]
p11-kit-0.25.8/trust/test-openssl.c:165:24: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
p11-kit-0.25.8/trust/test-openssl.c:163:9: acquire_resource: ‘va_start’ called here
p11-kit-0.25.8/trust/test-openssl.c:164:16: branch_true: following ‘true’ branch (when ‘attrs’ is non-NULL)...
p11-kit-0.25.8/trust/test-openssl.c:165:24: branch_true: ...to here
p11-kit-0.25.8/trust/test-openssl.c:165:24: throw: if ‘p11_attrs_dup’ throws an exception...
p11-kit-0.25.8/trust/test-openssl.c:165:24: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  163|   	va_start (va, attrs);
#  164|   	while (attrs != NULL) {
#  165|-> 		copy = p11_attrs_build (p11_attrs_dup (attrs), &id, NULL);
#  166|   		assert (copy != NULL);
#  167|   		mock_module_take_object (MOCK_SLOT_ONE_ID, copy);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def383]
p11-kit-0.25.8/trust/test-openssl.c:166:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
p11-kit-0.25.8/trust/test-openssl.c:163:9: acquire_resource: ‘va_start’ called here
p11-kit-0.25.8/trust/test-openssl.c:164:16: branch_true: following ‘true’ branch (when ‘attrs’ is non-NULL)...
p11-kit-0.25.8/trust/test-openssl.c:165:24: branch_true: ...to here
p11-kit-0.25.8/trust/test-openssl.c:166:17: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/trust/test-openssl.c:166:17: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  164|   	while (attrs != NULL) {
#  165|   		copy = p11_attrs_build (p11_attrs_dup (attrs), &id, NULL);
#  166|-> 		assert (copy != NULL);
#  167|   		mock_module_take_object (MOCK_SLOT_ONE_ID, copy);
#  168|   		attrs = va_arg (va, const CK_ATTRIBUTE *);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def384]
p11-kit-0.25.8/trust/test-openssl.c:167:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
p11-kit-0.25.8/trust/test-openssl.c:163:9: acquire_resource: ‘va_start’ called here
p11-kit-0.25.8/trust/test-openssl.c:164:16: branch_true: following ‘true’ branch (when ‘attrs’ is non-NULL)...
p11-kit-0.25.8/trust/test-openssl.c:165:24: branch_true: ...to here
p11-kit-0.25.8/trust/test-openssl.c:166:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-openssl.c:167:17: branch_true: ...to here
p11-kit-0.25.8/trust/test-openssl.c:167:17: throw: if ‘mock_module_take_object’ throws an exception...
p11-kit-0.25.8/trust/test-openssl.c:167:17: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  165|   		copy = p11_attrs_build (p11_attrs_dup (attrs), &id, NULL);
#  166|   		assert (copy != NULL);
#  167|-> 		mock_module_take_object (MOCK_SLOT_ONE_ID, copy);
#  168|   		attrs = va_arg (va, const CK_ATTRIBUTE *);
#  169|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def385]
p11-kit-0.25.8/trust/test-openssl.c:412:17: warning[-Wanalyzer-malloc-leak]: leak of ‘str’
p11-kit-0.25.8/trust/test-openssl.c:379:1: enter_function: entry to ‘test_canon_string’
p11-kit-0.25.8/trust/test-openssl.c:399:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
p11-kit-0.25.8/trust/test-openssl.c:400:21: branch_true: ...to here
p11-kit-0.25.8/trust/test-openssl.c:400:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-openssl.c:401:39: branch_true: ...to here
p11-kit-0.25.8/trust/test-openssl.c:404:23: acquire_memory: allocated here
p11-kit-0.25.8/trust/test-openssl.c:406:17: call_function: calling ‘p11_openssl_canon_string’ from ‘test_canon_string’
p11-kit-0.25.8/trust/test-openssl.c:406:17: return_function: returning to ‘test_canon_string’ from ‘p11_openssl_canon_string’
p11-kit-0.25.8/trust/test-openssl.c:408:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-openssl.c:409:39: branch_true: ...to here
p11-kit-0.25.8/trust/test-openssl.c:412:17: branch_false: following ‘false’ branch (when ‘out != __n2’)...
p11-kit-0.25.8/trust/test-openssl.c:412:17: branch_false: ...to here
p11-kit-0.25.8/trust/test-openssl.c:412:17: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/trust/test-openssl.c:412:17: danger: ‘str’ leaks here; was allocated at [(6)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/5)
#  410|   		else
#  411|   			out = fixtures[i].output_len;
#  412|-> 		assert_num_eq (out, len);
#  413|   		assert_str_eq (fixtures[i].output, str);
#  414|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def386]
p11-kit-0.25.8/trust/test-openssl.c:413:17: warning[-Wanalyzer-malloc-leak]: leak of ‘str’
p11-kit-0.25.8/trust/test-openssl.c:379:1: enter_function: entry to ‘test_canon_string’
p11-kit-0.25.8/trust/test-openssl.c:399:21: branch_true: following ‘true’ branch (when ‘i != 5’)...
p11-kit-0.25.8/trust/test-openssl.c:400:21: branch_true: ...to here
p11-kit-0.25.8/trust/test-openssl.c:400:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-openssl.c:401:39: branch_true: ...to here
p11-kit-0.25.8/trust/test-openssl.c:404:23: acquire_memory: allocated here
p11-kit-0.25.8/trust/test-openssl.c:406:17: call_function: calling ‘p11_openssl_canon_string’ from ‘test_canon_string’
p11-kit-0.25.8/trust/test-openssl.c:406:17: return_function: returning to ‘test_canon_string’ from ‘p11_openssl_canon_string’
p11-kit-0.25.8/trust/test-openssl.c:408:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-openssl.c:409:39: branch_true: ...to here
p11-kit-0.25.8/trust/test-openssl.c:413:17: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-openssl.c:413:17: branch_true: ...to here
p11-kit-0.25.8/trust/test-openssl.c:413:17: branch_false: following ‘false’ branch (when the strings are non-equal)...
p11-kit-0.25.8/trust/test-openssl.c:413:17: branch_false: ...to here
p11-kit-0.25.8/trust/test-openssl.c:413:17: branch_true: following ‘true’ branch (when ‘__s1’ is non-NULL)...
p11-kit-0.25.8/trust/test-openssl.c:413:17: branch_true: ...to here
p11-kit-0.25.8/trust/test-openssl.c:413:17: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/trust/test-openssl.c:413:17: danger: ‘str’ leaks here; was allocated at [(6)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/5)
#  411|   			out = fixtures[i].output_len;
#  412|   		assert_num_eq (out, len);
#  413|-> 		assert_str_eq (fixtures[i].output, str);
#  414|   
#  415|   		free (str);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def387]
p11-kit-0.25.8/trust/test-persist.c:88:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
p11-kit-0.25.8/trust/test-persist.c:85:9: acquire_resource: ‘va_start’ called here
p11-kit-0.25.8/trust/test-persist.c:87:16: branch_true: following ‘true’ branch (when ‘arg’ is non-NULL)...
p11-kit-0.25.8/trust/test-persist.c:88:17: branch_true: ...to here
p11-kit-0.25.8/trust/test-persist.c:88:17: throw: if ‘p11_array_push’ throws an exception...
p11-kit-0.25.8/trust/test-persist.c:88:17: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   86|   
#   87|   	while (arg != NULL) {
#   88|-> 		p11_array_push (array, arg);
#   89|   		arg = va_arg (va, void *);
#   90|   	}

Error: GCC_ANALYZER_WARNING (CWE-476): [#def388]
p11-kit-0.25.8/trust/test-persist.c:114:33: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘expected’
p11-kit-0.25.8/trust/test-persist.c:558:1: enter_function: entry to ‘test_attribute_first’
p11-kit-0.25.8/trust/test-persist.c:566:9: call_function: calling ‘check_read_msg’ from ‘test_attribute_first’
#  112|   		if (expected == NULL)
#  113|   			p11_test_fail (file, line, function, "decoding should have failed");
#  114|-> 		for (i = 0; i < expected->num; i++) {
#  115|   			if (i >= objects->num)
#  116|   				p11_test_fail (file, line, function, "too few objects read");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def389]
p11-kit-0.25.8/trust/test-trust.c:187:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "rb")’
p11-kit-0.25.8/trust/test-trust.c:181:13: acquire_resource: opened here
p11-kit-0.25.8/trust/test-trust.c:182:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/test-trust.c:186:13: branch_false: ...to here
p11-kit-0.25.8/trust/test-trust.c:186:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-trust.c:187:17: branch_true: ...to here
p11-kit-0.25.8/trust/test-trust.c:187:17: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/trust/test-trust.c:187:17: danger: ‘fopen(filename, "rb")’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  185|   	/* Figure out size */
#  186|   	if (stat (filename, &sb) < 0)
#  187|-> 		p11_test_fail (file, line, function, "Couldn't stat file: %s", filename);
#  188|   
#  189|   	*len = sb.st_size;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def390]
p11-kit-0.25.8/trust/test-trust.c:187:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "rb")’
p11-kit-0.25.8/trust/test-trust.c:181:13: acquire_memory: allocated here
p11-kit-0.25.8/trust/test-trust.c:182:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/test-trust.c:186:13: branch_false: ...to here
p11-kit-0.25.8/trust/test-trust.c:186:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-trust.c:187:17: branch_true: ...to here
p11-kit-0.25.8/trust/test-trust.c:187:17: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/trust/test-trust.c:187:17: danger: ‘fopen(filename, "rb")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  185|   	/* Figure out size */
#  186|   	if (stat (filename, &sb) < 0)
#  187|-> 		p11_test_fail (file, line, function, "Couldn't stat file: %s", filename);
#  188|   
#  189|   	*len = sb.st_size;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def391]
p11-kit-0.25.8/trust/test-trust.c:189:16: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "rb")’
p11-kit-0.25.8/trust/test-trust.c:181:13: acquire_resource: opened here
p11-kit-0.25.8/trust/test-trust.c:182:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/test-trust.c:186:13: branch_false: ...to here
p11-kit-0.25.8/trust/test-trust.c:191:9: branch_true: following ‘true’ branch (when ‘data’ is non-NULL)...
p11-kit-0.25.8/trust/test-trust.c:194:13: branch_true: ...to here
p11-kit-0.25.8/trust/test-trust.c:194:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-trust.c:195:17: branch_true: ...to here
p11-kit-0.25.8/trust/test-trust.c:195:17: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/trust/test-trust.c:189:16: danger: ‘fopen(filename, "rb")’ leaks here; was opened at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  187|   		p11_test_fail (file, line, function, "Couldn't stat file: %s", filename);
#  188|   
#  189|-> 	*len = sb.st_size;
#  190|   	data = malloc (*len ? *len : 1);
#  191|   	assert (data != NULL);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def392]
p11-kit-0.25.8/trust/test-trust.c:189:16: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "rb")’
p11-kit-0.25.8/trust/test-trust.c:181:13: acquire_memory: allocated here
p11-kit-0.25.8/trust/test-trust.c:182:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/test-trust.c:186:13: branch_false: ...to here
p11-kit-0.25.8/trust/test-trust.c:191:9: branch_true: following ‘true’ branch (when ‘data’ is non-NULL)...
p11-kit-0.25.8/trust/test-trust.c:194:13: branch_true: ...to here
p11-kit-0.25.8/trust/test-trust.c:194:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-trust.c:195:17: branch_true: ...to here
p11-kit-0.25.8/trust/test-trust.c:195:17: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/trust/test-trust.c:189:16: danger: ‘fopen(filename, "rb")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  187|   		p11_test_fail (file, line, function, "Couldn't stat file: %s", filename);
#  188|   
#  189|-> 	*len = sb.st_size;
#  190|   	data = malloc (*len ? *len : 1);
#  191|   	assert (data != NULL);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def393]
p11-kit-0.25.8/trust/test-trust.c:189:16: warning[-Wanalyzer-malloc-leak]: leak of ‘read_file(file,  line,  function,  filename, & filelen)’
p11-kit-0.25.8/trust/test-trust.c:219:1: enter_function: entry to ‘test_check_data_msg’
p11-kit-0.25.8/trust/test-trust.c:234:20: call_function: calling ‘read_file’ from ‘test_check_data_msg’
p11-kit-0.25.8/trust/test-trust.c:234:20: return_function: returning to ‘test_check_data_msg’ from ‘read_file’
p11-kit-0.25.8/trust/test-trust.c:237:17: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/trust/test-trust.c:189:16: danger: ‘read_file(file,  line,  function,  filename, & filelen)’ leaks here; was allocated at [(6)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/5)
#  187|   		p11_test_fail (file, line, function, "Couldn't stat file: %s", filename);
#  188|   
#  189|-> 	*len = sb.st_size;
#  190|   	data = malloc (*len ? *len : 1);
#  191|   	assert (data != NULL);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def394]
p11-kit-0.25.8/trust/test-trust.c:189:16: warning[-Wanalyzer-malloc-leak]: leak of ‘read_file(file,  line,  function,  reference, & reflen)’
p11-kit-0.25.8/trust/test-trust.c:203:1: enter_function: entry to ‘test_check_file_msg’
p11-kit-0.25.8/trust/test-trust.c:213:19: call_function: calling ‘read_file’ from ‘test_check_file_msg’
p11-kit-0.25.8/trust/test-trust.c:213:19: return_function: returning to ‘test_check_file_msg’ from ‘read_file’
p11-kit-0.25.8/trust/test-trust.c:214:9: call_function: calling ‘test_check_data_msg’ from ‘test_check_file_msg’
#  187|   		p11_test_fail (file, line, function, "Couldn't stat file: %s", filename);
#  188|   
#  189|-> 	*len = sb.st_size;
#  190|   	data = malloc (*len ? *len : 1);
#  191|   	assert (data != NULL);

Error: CPPCHECK_WARNING (CWE-476): [#def395]
p11-kit-0.25.8/trust/test-trust.c:194: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: data
#  192|   
#  193|   	/* And read in one block */
#  194|-> 	if (fread (data, 1, *len, f) != *len)
#  195|   		p11_test_fail (file, line, function, "Couldn't read file: %s", filename);
#  196|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def396]
p11-kit-0.25.8/trust/test-trust.c:194:13: warning[-Wanalyzer-null-argument]: use of NULL ‘fopen(filename, "rb")’ where non-null expected
p11-kit-0.25.8/trust/test-trust.c:181:13: acquire_memory: allocated here
p11-kit-0.25.8/trust/test-trust.c:182:12: release_memory: assuming ‘fopen(filename, "rb")’ is NULL
p11-kit-0.25.8/trust/test-trust.c:182:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-trust.c:183:17: branch_true: ...to here
p11-kit-0.25.8/trust/test-trust.c:191:9: branch_true: following ‘true’ branch (when ‘data’ is non-NULL)...
p11-kit-0.25.8/trust/test-trust.c:194:13: branch_true: ...to here
p11-kit-0.25.8/trust/test-trust.c:194:13: danger: argument 4 (‘fopen(filename, "rb")’) NULL where non-null expected
#  192|   
#  193|   	/* And read in one block */
#  194|-> 	if (fread (data, 1, *len, f) != *len)
#  195|   		p11_test_fail (file, line, function, "Couldn't read file: %s", filename);
#  196|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def397]
p11-kit-0.25.8/trust/test-trust.c:195:17: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
p11-kit-0.25.8/trust/test-trust.c:182:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/test-trust.c:186:13: branch_false: ...to here
p11-kit-0.25.8/trust/test-trust.c:190:16: acquire_memory: allocated here
p11-kit-0.25.8/trust/test-trust.c:191:9: branch_true: following ‘true’ branch (when ‘data’ is non-NULL)...
p11-kit-0.25.8/trust/test-trust.c:194:13: branch_true: ...to here
p11-kit-0.25.8/trust/test-trust.c:194:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-trust.c:195:17: branch_true: ...to here
p11-kit-0.25.8/trust/test-trust.c:195:17: throw: if ‘p11_test_fail’ throws an exception...
p11-kit-0.25.8/trust/test-trust.c:195:17: danger: ‘data’ leaks here; was allocated at [(3)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/2)
#  193|   	/* And read in one block */
#  194|   	if (fread (data, 1, *len, f) != *len)
#  195|-> 		p11_test_fail (file, line, function, "Couldn't read file: %s", filename);
#  196|   
#  197|   	fclose (f);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def398]
p11-kit-0.25.8/trust/test-trust.c:286:22: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
p11-kit-0.25.8/trust/test-trust.c:283:9: acquire_resource: ‘va_start’ called here
p11-kit-0.25.8/trust/test-trust.c:285:16: branch_true: following ‘true’ branch (when ‘file’ is non-NULL)...
p11-kit-0.25.8/trust/test-trust.c:286:22: branch_true: ...to here
p11-kit-0.25.8/trust/test-trust.c:286:22: throw: if ‘p11_dict_set’ throws an exception...
p11-kit-0.25.8/trust/test-trust.c:286:22: danger: missing call to ‘va_end’ to match ‘va_start’ at [(1)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/0)
#  284|   
#  285|   	while (file != NULL) {
#  286|-> 		if (!p11_dict_set (files, (void *)file, (void *)file)) {
#  287|   			va_end (va);
#  288|   			return_val_if_reached (NULL);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def399]
p11-kit-0.25.8/trust/test-trust.c:314:22: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(directory)’
p11-kit-0.25.8/trust/test-trust.c:310:15: acquire_memory: allocated here
p11-kit-0.25.8/trust/test-trust.c:311:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/test-trust.c:311:12: branch_false: ...to here
p11-kit-0.25.8/trust/test-trust.c:314:22: throw: if ‘readdir’ throws an exception...
p11-kit-0.25.8/trust/test-trust.c:314:22: danger: ‘opendir(directory)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/0)
#  312|   		p11_test_fail (file ,line, function, "Couldn't open directory: %s", directory);
#  313|   
#  314|-> 	while ((dp = readdir (dir)) != NULL) {
#  315|   		if (strcmp (dp->d_name, ".") == 0 ||
#  316|   		    strcmp (dp->d_name, "..") == 0)

Error: GCC_ANALYZER_WARNING (CWE-688): [#def400]
p11-kit-0.25.8/trust/test-trust.c:314:22: warning[-Wanalyzer-null-argument]: use of NULL ‘opendir(directory)’ where non-null expected
p11-kit-0.25.8/trust/test-trust.c:310:15: acquire_memory: allocated here
p11-kit-0.25.8/trust/test-trust.c:311:12: release_memory: assuming ‘opendir(directory)’ is NULL
p11-kit-0.25.8/trust/test-trust.c:311:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/test-trust.c:312:17: branch_true: ...to here
p11-kit-0.25.8/trust/test-trust.c:314:22: danger: argument 1 (‘opendir(directory)’) NULL where non-null expected
#  312|   		p11_test_fail (file ,line, function, "Couldn't open directory: %s", directory);
#  313|   
#  314|-> 	while ((dp = readdir (dir)) != NULL) {
#  315|   		if (strcmp (dp->d_name, ".") == 0 ||
#  316|   		    strcmp (dp->d_name, "..") == 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def401]
p11-kit-0.25.8/trust/token.c:99:16: warning[-Wanalyzer-malloc-leak]: leak of ‘origin’
p11-kit-0.25.8/trust/token.c:459:1: enter_function: entry to ‘p11_token_reload’
p11-kit-0.25.8/trust/token.c:468:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/token.c:471:41: branch_false: ...to here
p11-kit-0.25.8/trust/token.c:471:18: acquire_memory: allocated here
p11-kit-0.25.8/trust/token.c:472:9: branch_true: following ‘true’ branch (when ‘origin’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:474:13: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:474:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/token.c:483:23: branch_false: ...to here
p11-kit-0.25.8/trust/token.c:483:23: call_function: calling ‘loader_load_file’ from ‘p11_token_reload’
#   97|   	struct stat *last;
#   98|   
#   99|-> 	last = p11_dict_get (token->loaded, filename);
#  100|   
#  101|   	/* Never seen this before, load it */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def402]
p11-kit-0.25.8/trust/token.c:124:14: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
p11-kit-0.25.8/trust/token.c:417:1: enter_function: entry to ‘p11_token_load’
p11-kit-0.25.8/trust/token.c:423:15: call_function: calling ‘loader_load_path’ from ‘p11_token_load’
#  122|   	return_if_fail (key != NULL);
#  123|   
#  124|-> 	sb = memdup (sb, sizeof (struct stat));
#  125|   	return_if_fail (sb != NULL);
#  126|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def403]
p11-kit-0.25.8/trust/token.c:125:9: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
p11-kit-0.25.8/trust/token.c:417:1: enter_function: entry to ‘p11_token_load’
p11-kit-0.25.8/trust/token.c:423:15: call_function: calling ‘loader_load_path’ from ‘p11_token_load’
#  123|   
#  124|   	sb = memdup (sb, sizeof (struct stat));
#  125|-> 	return_if_fail (sb != NULL);
#  126|   
#  127|   	/* Track the info about this file, so we don't reload unnecessarily */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def404]
p11-kit-0.25.8/trust/token.c:128:14: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
p11-kit-0.25.8/trust/token.c:417:1: enter_function: entry to ‘p11_token_load’
p11-kit-0.25.8/trust/token.c:423:15: call_function: calling ‘loader_load_path’ from ‘p11_token_load’
#  126|   
#  127|   	/* Track the info about this file, so we don't reload unnecessarily */
#  128|-> 	if (!p11_dict_set (token->loaded, key, sb))
#  129|   		return_if_reached ();
#  130|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def405]
p11-kit-0.25.8/trust/token.c:130:1: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
p11-kit-0.25.8/trust/token.c:417:1: enter_function: entry to ‘p11_token_load’
p11-kit-0.25.8/trust/token.c:423:15: call_function: calling ‘loader_load_path’ from ‘p11_token_load’
#  128|   	if (!p11_dict_set (token->loaded, key, sb))
#  129|   		return_if_reached ();
#  130|-> }
#  131|   
#  132|   static bool

Error: GCC_ANALYZER_WARNING (CWE-401): [#def406]
p11-kit-0.25.8/trust/token.c:151:9: warning[-Wanalyzer-malloc-leak]: leak of ‘origin’
p11-kit-0.25.8/trust/token.c:459:1: enter_function: entry to ‘p11_token_reload’
p11-kit-0.25.8/trust/token.c:468:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/token.c:471:41: branch_false: ...to here
p11-kit-0.25.8/trust/token.c:471:18: acquire_memory: allocated here
p11-kit-0.25.8/trust/token.c:472:9: branch_true: following ‘true’ branch (when ‘origin’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:474:13: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:474:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/token.c:475:21: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:475:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/token.c:476:25: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:476:25: call_function: calling ‘loader_gone_file’ from ‘p11_token_reload’
#  149|   	CK_RV rv;
#  150|   
#  151|-> 	p11_index_load (token->index);
#  152|   
#  153|   	/* Remove everything at this origin */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def407]
p11-kit-0.25.8/trust/token.c:154:14: warning[-Wanalyzer-malloc-leak]: leak of ‘origin’
p11-kit-0.25.8/trust/token.c:459:1: enter_function: entry to ‘p11_token_reload’
p11-kit-0.25.8/trust/token.c:468:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/token.c:471:41: branch_false: ...to here
p11-kit-0.25.8/trust/token.c:471:18: acquire_memory: allocated here
p11-kit-0.25.8/trust/token.c:472:9: branch_true: following ‘true’ branch (when ‘origin’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:474:13: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:474:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/token.c:475:21: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:475:20: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/token.c:476:25: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:476:25: call_function: calling ‘loader_gone_file’ from ‘p11_token_reload’
#  152|   
#  153|   	/* Remove everything at this origin */
#  154|-> 	rv = p11_index_replace_all (token->index, origin, CKA_INVALID, NULL);
#  155|   	return_if_fail (rv == CKR_OK);
#  156|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def408]
p11-kit-0.25.8/trust/token.c:186:13: warning[-Wanalyzer-malloc-leak]: leak of ‘origin’
p11-kit-0.25.8/trust/token.c:459:1: enter_function: entry to ‘p11_token_reload’
p11-kit-0.25.8/trust/token.c:468:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/token.c:471:41: branch_false: ...to here
p11-kit-0.25.8/trust/token.c:471:18: acquire_memory: allocated here
p11-kit-0.25.8/trust/token.c:472:9: branch_true: following ‘true’ branch (when ‘origin’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:474:13: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:474:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/token.c:483:23: branch_false: ...to here
p11-kit-0.25.8/trust/token.c:483:23: call_function: calling ‘loader_load_file’ from ‘p11_token_reload’
#  184|   
#  185|   	/* If it's in the anchors subdirectory, treat as an anchor */
#  186|-> 	if (p11_path_prefix (filename, token->anchors))
#  187|   		flags = P11_PARSE_FLAG_ANCHOR;
#  188|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def409]
p11-kit-0.25.8/trust/token.c:190:18: warning[-Wanalyzer-malloc-leak]: leak of ‘origin’
p11-kit-0.25.8/trust/token.c:459:1: enter_function: entry to ‘p11_token_reload’
p11-kit-0.25.8/trust/token.c:468:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/token.c:471:41: branch_false: ...to here
p11-kit-0.25.8/trust/token.c:471:18: acquire_memory: allocated here
p11-kit-0.25.8/trust/token.c:472:9: branch_true: following ‘true’ branch (when ‘origin’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:474:13: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:474:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/token.c:483:23: branch_false: ...to here
p11-kit-0.25.8/trust/token.c:483:23: call_function: calling ‘loader_load_file’ from ‘p11_token_reload’
#  188|   
#  189|   	/* If it's in the blocklist subdirectory, treat as a blocklist */
#  190|-> 	else if (p11_path_prefix (filename, token->blocklist))
#  191|   		flags = P11_PARSE_FLAG_BLOCKLIST;
#  192|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def410]
p11-kit-0.25.8/trust/token.c:197:15: warning[-Wanalyzer-malloc-leak]: leak of ‘origin’
p11-kit-0.25.8/trust/token.c:459:1: enter_function: entry to ‘p11_token_reload’
p11-kit-0.25.8/trust/token.c:468:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/token.c:471:41: branch_false: ...to here
p11-kit-0.25.8/trust/token.c:471:18: acquire_memory: allocated here
p11-kit-0.25.8/trust/token.c:472:9: branch_true: following ‘true’ branch (when ‘origin’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:474:13: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:474:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/token.c:483:23: branch_false: ...to here
p11-kit-0.25.8/trust/token.c:483:23: call_function: calling ‘loader_load_file’ from ‘p11_token_reload’
#  195|   		flags = P11_PARSE_FLAG_ANCHOR;
#  196|   
#  197|-> 	ret = p11_parse_file (token->parser, filename, sb, flags);
#  198|   
#  199|   	switch (ret) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def411]
p11-kit-0.25.8/trust/token.c:287:17: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(directory)’
p11-kit-0.25.8/trust/token.c:417:1: enter_function: entry to ‘p11_token_load’
p11-kit-0.25.8/trust/token.c:423:15: call_function: calling ‘loader_load_path’ from ‘p11_token_load’
#  285|   	}
#  286|   
#  287|-> 	paths = p11_array_new (NULL);
#  288|   	return_val_if_fail (paths != NULL, -1);
#  289|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def412]
p11-kit-0.25.8/trust/token.c:288:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(directory)’
p11-kit-0.25.8/trust/token.c:417:1: enter_function: entry to ‘p11_token_load’
p11-kit-0.25.8/trust/token.c:423:15: call_function: calling ‘loader_load_path’ from ‘p11_token_load’
#  286|   
#  287|   	paths = p11_array_new (NULL);
#  288|-> 	return_val_if_fail (paths != NULL, -1);
#  289|   
#  290|   	while ((dp = readdir (dir)) != NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def413]
p11-kit-0.25.8/trust/token.c:290:22: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(directory)’
p11-kit-0.25.8/trust/token.c:417:1: enter_function: entry to ‘p11_token_load’
p11-kit-0.25.8/trust/token.c:423:15: call_function: calling ‘loader_load_path’ from ‘p11_token_load’
#  288|   	return_val_if_fail (paths != NULL, -1);
#  289|   
#  290|-> 	while ((dp = readdir (dir)) != NULL) {
#  291|   		path = p11_path_build (directory, dp->d_name, NULL);
#  292|   		return_val_if_fail (path != NULL, -1);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def414]
p11-kit-0.25.8/trust/token.c:478:25: warning[-Wanalyzer-malloc-leak]: leak of ‘origin’
p11-kit-0.25.8/trust/token.c:468:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/token.c:471:41: branch_false: ...to here
p11-kit-0.25.8/trust/token.c:471:18: acquire_memory: allocated here
p11-kit-0.25.8/trust/token.c:472:9: branch_true: following ‘true’ branch (when ‘origin’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:474:13: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:474:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/token.c:475:21: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:475:20: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/token.c:478:49: branch_false: ...to here
p11-kit-0.25.8/trust/token.c:478:25: throw: if ‘p11_message_err’ throws an exception...
p11-kit-0.25.8/trust/token.c:478:25: danger: ‘origin’ leaks here; was allocated at [(3)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/2)
#  476|   			loader_gone_file (token, origin);
#  477|   		} else {
#  478|-> 			p11_message_err (errno, _("cannot access trust file: %s"), origin);
#  479|   		}
#  480|   		ret = false;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def415]
p11-kit-0.25.8/trust/token.c:555:17: warning[-Wanalyzer-malloc-leak]: leak of ‘path’
p11-kit-0.25.8/trust/token.c:551:16: acquire_memory: allocated here
p11-kit-0.25.8/trust/token.c:552:9: branch_true: following ‘true’ branch (when ‘path’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:554:13: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:554:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/token.c:555:41: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:555:17: throw: if ‘p11_message_err’ throws an exception...
p11-kit-0.25.8/trust/token.c:555:17: danger: ‘path’ leaks here; was allocated at [(1)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/0)
#  553|   
#  554|   	if (unlink (path) < 0) {
#  555|-> 		p11_message_err (errno, _("couldn't remove file: %s"), path);
#  556|   		ret = false;
#  557|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def416]
p11-kit-0.25.8/trust/token.c:573:16: warning[-Wanalyzer-malloc-leak]: leak of ‘path’
p11-kit-0.25.8/trust/token.c:570:16: acquire_memory: allocated here
p11-kit-0.25.8/trust/token.c:571:9: branch_true: following ‘true’ branch (when ‘path’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:573:16: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:573:16: throw: if ‘p11_save_open_file’ throws an exception...
p11-kit-0.25.8/trust/token.c:573:16: danger: ‘path’ leaks here; was allocated at [(1)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/0)
#  571|   	return_val_if_fail (path != NULL, NULL);
#  572|   
#  573|-> 	file = p11_save_open_file (path, NULL, P11_SAVE_OVERWRITE);
#  574|   	free (path);
#  575|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def417]
p11-kit-0.25.8/trust/token.c:587:22: warning[-Wanalyzer-malloc-leak]: leak of ‘writer_suggest_name(attrs)’
p11-kit-0.25.8/trust/token.c:599:1: enter_function: entry to ‘writer_create_origin’
p11-kit-0.25.8/trust/token.c:606:16: call_function: calling ‘writer_suggest_name’ from ‘writer_create_origin’
p11-kit-0.25.8/trust/token.c:606:16: return_function: returning to ‘writer_create_origin’ from ‘writer_suggest_name’
p11-kit-0.25.8/trust/token.c:607:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/token.c:609:9: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:609:9: throw: if ‘p11_path_canon’ throws an exception...
p11-kit-0.25.8/trust/token.c:587:22: danger: ‘writer_suggest_name(attrs)’ leaks here; was allocated at [(6)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/5)
#  585|   
#  586|   	label = p11_attrs_find (attrs, CKA_LABEL);
#  587|-> 	if (label && label->ulValueLen)
#  588|   		return strndup (label->pValue, label->ulValueLen);
#  589|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def418]
p11-kit-0.25.8/trust/token.c:609:9: warning[-Wanalyzer-malloc-leak]: leak of ‘writer_suggest_name(attrs)’
p11-kit-0.25.8/trust/token.c:599:1: enter_function: entry to ‘writer_create_origin’
p11-kit-0.25.8/trust/token.c:606:16: call_function: calling ‘writer_suggest_name’ from ‘writer_create_origin’
p11-kit-0.25.8/trust/token.c:606:16: return_function: returning to ‘writer_create_origin’ from ‘writer_suggest_name’
p11-kit-0.25.8/trust/token.c:607:9: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/token.c:609:9: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:609:9: throw: if ‘p11_path_canon’ throws an exception...
p11-kit-0.25.8/trust/token.c:609:9: danger: ‘writer_suggest_name(attrs)’ leaks here; was allocated at [(4)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/3)
#  607|   	return_val_if_fail (name != NULL, NULL);
#  608|   
#  609|-> 	p11_path_canon (name);
#  610|   
#  611|   	path = p11_path_build (token->path, name, NULL);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def419]
p11-kit-0.25.8/trust/token.c:868:9: warning[-Wanalyzer-malloc-leak]: leak of ‘token’
p11-kit-0.25.8/trust/token.c:880:1: enter_function: entry to ‘p11_token_new’
p11-kit-0.25.8/trust/token.c:887:9: branch_true: following ‘true’ branch (when ‘path’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:888:9: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:888:9: branch_true: following ‘true’ branch (when ‘label’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:890:17: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:890:17: acquire_memory: allocated here
p11-kit-0.25.8/trust/token.c:891:9: branch_true: following ‘true’ branch (when ‘token’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:893:26: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:894:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/token.c:895:17: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:895:17: call_function: calling ‘p11_token_free’ from ‘p11_token_new’
#  866|   		return;
#  867|   
#  868|-> 	p11_index_free (token->index);
#  869|   	p11_parser_free (token->parser);
#  870|   	p11_builder_free (token->builder);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def420]
p11-kit-0.25.8/trust/token.c:869:9: warning[-Wanalyzer-malloc-leak]: leak of ‘token’
p11-kit-0.25.8/trust/token.c:880:1: enter_function: entry to ‘p11_token_new’
p11-kit-0.25.8/trust/token.c:887:9: branch_true: following ‘true’ branch (when ‘path’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:888:9: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:888:9: branch_true: following ‘true’ branch (when ‘label’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:890:17: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:890:17: acquire_memory: allocated here
p11-kit-0.25.8/trust/token.c:891:9: branch_true: following ‘true’ branch (when ‘token’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:893:26: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:894:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/token.c:895:17: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:895:17: call_function: calling ‘p11_token_free’ from ‘p11_token_new’
#  867|   
#  868|   	p11_index_free (token->index);
#  869|-> 	p11_parser_free (token->parser);
#  870|   	p11_builder_free (token->builder);
#  871|   	p11_dict_free (token->loaded);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def421]
p11-kit-0.25.8/trust/token.c:870:9: warning[-Wanalyzer-malloc-leak]: leak of ‘token’
p11-kit-0.25.8/trust/token.c:880:1: enter_function: entry to ‘p11_token_new’
p11-kit-0.25.8/trust/token.c:887:9: branch_true: following ‘true’ branch (when ‘path’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:888:9: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:888:9: branch_true: following ‘true’ branch (when ‘label’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:890:17: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:890:17: acquire_memory: allocated here
p11-kit-0.25.8/trust/token.c:891:9: branch_true: following ‘true’ branch (when ‘token’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:893:26: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:894:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/token.c:895:17: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:895:17: call_function: calling ‘p11_token_free’ from ‘p11_token_new’
#  868|   	p11_index_free (token->index);
#  869|   	p11_parser_free (token->parser);
#  870|-> 	p11_builder_free (token->builder);
#  871|   	p11_dict_free (token->loaded);
#  872|   	free (token->path);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def422]
p11-kit-0.25.8/trust/token.c:871:9: warning[-Wanalyzer-malloc-leak]: leak of ‘token’
p11-kit-0.25.8/trust/token.c:880:1: enter_function: entry to ‘p11_token_new’
p11-kit-0.25.8/trust/token.c:887:9: branch_true: following ‘true’ branch (when ‘path’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:888:9: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:888:9: branch_true: following ‘true’ branch (when ‘label’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:890:17: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:890:17: acquire_memory: allocated here
p11-kit-0.25.8/trust/token.c:891:9: branch_true: following ‘true’ branch (when ‘token’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:893:26: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:894:12: branch_true: following ‘true’ branch...
p11-kit-0.25.8/trust/token.c:895:17: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:895:17: call_function: calling ‘p11_token_free’ from ‘p11_token_new’
#  869|   	p11_parser_free (token->parser);
#  870|   	p11_builder_free (token->builder);
#  871|-> 	p11_dict_free (token->loaded);
#  872|   	free (token->path);
#  873|   	free (token->anchors);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def423]
p11-kit-0.25.8/trust/token.c:893:26: warning[-Wanalyzer-malloc-leak]: leak of ‘token’
p11-kit-0.25.8/trust/token.c:887:9: branch_true: following ‘true’ branch (when ‘path’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:888:9: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:888:9: branch_true: following ‘true’ branch (when ‘label’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:890:17: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:890:17: acquire_memory: allocated here
p11-kit-0.25.8/trust/token.c:891:9: branch_true: following ‘true’ branch (when ‘token’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:893:26: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:893:26: throw: if ‘p11_builder_new’ throws an exception...
p11-kit-0.25.8/trust/token.c:893:26: danger: ‘token’ leaks here; was allocated at [(5)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/4)
#  891|   	return_val_if_fail (token != NULL, NULL);
#  892|   
#  893|-> 	token->builder = p11_builder_new (P11_BUILDER_FLAG_TOKEN);
#  894|   	if (token->builder == NULL) {
#  895|   		p11_token_free (token);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def424]
p11-kit-0.25.8/trust/token.c:899:24: warning[-Wanalyzer-malloc-leak]: leak of ‘token’
p11-kit-0.25.8/trust/token.c:887:9: branch_true: following ‘true’ branch (when ‘path’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:888:9: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:888:9: branch_true: following ‘true’ branch (when ‘label’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:890:17: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:890:17: acquire_memory: allocated here
p11-kit-0.25.8/trust/token.c:891:9: branch_true: following ‘true’ branch (when ‘token’ is non-NULL)...
p11-kit-0.25.8/trust/token.c:893:26: branch_true: ...to here
p11-kit-0.25.8/trust/token.c:894:12: branch_false: following ‘false’ branch...
p11-kit-0.25.8/trust/token.c:899:24: branch_false: ...to here
p11-kit-0.25.8/trust/token.c:899:24: throw: if ‘p11_index_new’ throws an exception...
p11-kit-0.25.8/trust/token.c:899:24: danger: ‘token’ leaks here; was allocated at [(5)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/4)
#  897|   	}
#  898|   
#  899|-> 	token->index = p11_index_new (on_index_build,
#  900|   	                              on_index_store,
#  901|   	                              on_index_remove,