Fixed findings

List of Findings

Error: CPPCHECK_WARNING (CWE-476): [#def1]
serd-0.32.4/src/reader.c:99: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: reader
#   97|     reader->allocs[reader->n_allocs - 1] = ((uint8_t*)mem - reader->stack.buf);
#   98|   #endif
#   99|->   return (Ref)((uint8_t*)node - reader->stack.buf);
#  100|   }
#  101|   

Error: CPPCHECK_WARNING (CWE-476): [#def2]
serd-0.32.4/src/writer.c:1136: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: writer
# 1134|     writer->base_uri   = base_uri ? *base_uri : SERD_URI_NULL;
# 1135|     writer->anon_stack = serd_stack_new(SERD_PAGE_SIZE);
# 1136|->   writer->context    = context;
# 1137|     writer->byte_sink  = serd_byte_sink_new(
# 1138|       ssink, stream, (style & SERD_STYLE_BULK) ? SERD_PAGE_SIZE : 1);

Error: CPPCHECK_WARNING (CWE-476): [#def3]
serd-0.32.4/test/test_node.c:127: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: data
#  125|       uint8_t* const data = (uint8_t*)malloc(size);
#  126|       for (size_t i = 0; i < size; ++i) {
#  127|->       data[i] = (uint8_t)((size + i) % 256);
#  128|       }
#  129|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def4]
serd-0.32.4/test/test_node.c:127:7: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘data’
serd-0.32.4/test/test_node.c:124:25: branch_true: following ‘true’ branch (when ‘size != 256’)...
serd-0.32.4/test/test_node.c:125:37: branch_true: ...to here
serd-0.32.4/test/test_node.c:125:37: acquire_memory: this call could return NULL
serd-0.32.4/test/test_node.c:126:24: branch_true: following ‘true’ branch (when ‘size > i’)...
serd-0.32.4/test/test_node.c:127:27: branch_true: ...to here
serd-0.32.4/test/test_node.c:127:7: danger: ‘data + i’ could be NULL: unchecked value from [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  125|       uint8_t* const data = (uint8_t*)malloc(size);
#  126|       for (size_t i = 0; i < size; ++i) {
#  127|->       data[i] = (uint8_t)((size + i) % 256);
#  128|       }
#  129|   

Error: CPPCHECK_WARNING (CWE-476): [#def5]
serd-0.32.4/test/test_node.c:143: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: data
#  141|   
#  142|       for (size_t i = 0; i < size; ++i) {
#  143|->       assert(out[i] == data[i]);
#  144|       }
#  145|   

Error: CPPCHECK_WARNING (CWE-476): [#def6]
serd-0.32.4/test/test_reader.c:160: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: path
#  158|   test_read_eof_file(const char* const path)
#  159|   {
#  160|->   FILE* const f = fopen(path, "w+b");
#  161|     assert(f);
#  162|   

Error: CPPCHECK_WARNING (CWE-476): [#def7]
serd-0.32.4/test/test_reader.c:219: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: path
#  217|     static const char null = 0;
#  218|   
#  219|->   FILE* const f = fopen(path, "w+b");
#  220|     assert(f);
#  221|   

Error: CPPCHECK_WARNING (CWE-476): [#def8]
serd-0.32.4/test/test_reader.c:306: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: path
#  304|     static const char null = 0;
#  305|   
#  306|->   FILE* const f = fopen(path, "w+b");
#  307|     assert(f);
#  308|   

Error: CPPCHECK_WARNING (CWE-476): [#def9]
serd-0.32.4/test/test_reader.c:412: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: path
#  410|     char* const       path         = (char*)calloc(path_len + 1, 1);
#  411|   
#  412|->   memcpy(path, tmp, tmp_len + 1);
#  413|     path[tmp_len] = '/';
#  414|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def10]
serd-0.32.4/test/test_reader.c:412:3: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘path’ where non-null expected
serd-0.32.4/test/test_reader.c:410:43: acquire_memory: this call could return NULL
serd-0.32.4/test/test_reader.c:412:3: danger: argument 1 (‘path’) from [(1)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/0) could be NULL where non-null expected
#  410|     char* const       path         = (char*)calloc(path_len + 1, 1);
#  411|   
#  412|->   memcpy(path, tmp, tmp_len + 1);
#  413|     path[tmp_len] = '/';
#  414|   

Error: CPPCHECK_WARNING (CWE-476): [#def11]
serd-0.32.4/test/test_reader.c:413: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: path
#  411|   
#  412|     memcpy(path, tmp, tmp_len + 1);
#  413|->   path[tmp_len] = '/';
#  414|   
#  415|     memcpy(path + tmp_len + 1, nq_name, nq_name_len + 1);

Error: CPPCHECK_WARNING (CWE-682): [#def12]
serd-0.32.4/test/test_reader.c:415: error[nullPointerArithmeticOutOfMemory]: If memory allocation fails: pointer addition with NULL pointer.
#  413|     path[tmp_len] = '/';
#  414|   
#  415|->   memcpy(path + tmp_len + 1, nq_name, nq_name_len + 1);
#  416|     test_read_nquads_chunks(path);
#  417|   

Error: CPPCHECK_WARNING (CWE-682): [#def13]
serd-0.32.4/test/test_reader.c:418: error[nullPointerArithmeticOutOfMemory]: If memory allocation fails: pointer addition with NULL pointer.
#  416|     test_read_nquads_chunks(path);
#  417|   
#  418|->   memcpy(path + tmp_len + 1, ttl_name, ttl_name_len + 1);
#  419|     test_read_turtle_chunks(path);
#  420|   

Error: CPPCHECK_WARNING (CWE-476): [#def14]
serd-0.32.4/test/test_reader.c:424: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: path
#  422|     test_read_eof_file(path);
#  423|     test_read_eof_by_byte();
#  424|->   assert(!remove(path));
#  425|   
#  426|     free(path);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def15]
serd-0.32.4/test/test_reader_writer.c:136:29: warning[-Wanalyzer-malloc-leak]: leak of ‘path’
serd-0.32.4/test/test_reader_writer.c:310:1: enter_function: entry to ‘main’
serd-0.32.4/test/test_reader_writer.c:324:43: acquire_memory: allocated here
serd-0.32.4/test/test_reader_writer.c:330:3: call_function: calling ‘test_write_errors’ from ‘main’
#  134|         serd_writer_set_error_sink(writer, quiet_error_sink, NULL);
#  135|   
#  136|->       const SerdStatus st = serd_reader_read_string(reader, USTR(doc_string));
#  137|         assert(st == SERD_ERR_BAD_WRITE);
#  138|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def16]
serd-0.32.4/test/test_reader_writer.c:140:7: warning[-Wanalyzer-malloc-leak]: leak of ‘path’
serd-0.32.4/test/test_reader_writer.c:310:1: enter_function: entry to ‘main’
serd-0.32.4/test/test_reader_writer.c:324:43: acquire_memory: allocated here
serd-0.32.4/test/test_reader_writer.c:330:3: call_function: calling ‘test_write_errors’ from ‘main’
#  138|   
#  139|         serd_reader_free(reader);
#  140|->       serd_writer_free(writer);
#  141|         serd_env_free(env);
#  142|       }

Error: CPPCHECK_WARNING (CWE-476): [#def17]
serd-0.32.4/test/test_reader_writer.c:149: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: path
#  147|   test_writer(const char* const path)
#  148|   {
#  149|->   FILE* const fd = fopen(path, "wb");
#  150|     assert(fd);
#  151|   

Error: CPPCHECK_WARNING (CWE-476): [#def18]
serd-0.32.4/test/test_reader_writer.c:300: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: rt
#  298|     const SerdStatus st = serd_reader_read_file(reader, USTR(path));
#  299|     assert(!st);
#  300|->   assert(rt->n_statement == 13);
#  301|     assert(rt->graph && rt->graph->buf &&
#  302|            !strcmp((const char*)rt->graph->buf, "http://example.org/"));

Error: CPPCHECK_WARNING (CWE-476): [#def19]
serd-0.32.4/test/test_reader_writer.c:301: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: rt
#  299|     assert(!st);
#  300|     assert(rt->n_statement == 13);
#  301|->   assert(rt->graph && rt->graph->buf &&
#  302|            !strcmp((const char*)rt->graph->buf, "http://example.org/"));
#  303|   

Error: CPPCHECK_WARNING (CWE-476): [#def20]
serd-0.32.4/test/test_reader_writer.c:302: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: rt
#  300|     assert(rt->n_statement == 13);
#  301|     assert(rt->graph && rt->graph->buf &&
#  302|->          !strcmp((const char*)rt->graph->buf, "http://example.org/"));
#  303|   
#  304|     assert(serd_reader_read_string(reader, USTR("This isn't Turtle at all.")));

Error: CPPCHECK_WARNING (CWE-476): [#def21]
serd-0.32.4/test/test_reader_writer.c:326: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: path
#  324|     char* const       path         = (char*)calloc(path_len + 1, 1);
#  325|   
#  326|->   memcpy(path, tmp, tmp_len + 1);
#  327|     path[tmp_len] = '/';
#  328|     memcpy(path + tmp_len + 1, ttl_name, ttl_name_len + 1);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def22]
serd-0.32.4/test/test_reader_writer.c:326:3: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘path’ where non-null expected
serd-0.32.4/test/test_reader_writer.c:324:43: acquire_memory: this call could return NULL
serd-0.32.4/test/test_reader_writer.c:326:3: danger: argument 1 (‘path’) from [(1)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/0) could be NULL where non-null expected
#  324|     char* const       path         = (char*)calloc(path_len + 1, 1);
#  325|   
#  326|->   memcpy(path, tmp, tmp_len + 1);
#  327|     path[tmp_len] = '/';
#  328|     memcpy(path + tmp_len + 1, ttl_name, ttl_name_len + 1);

Error: CPPCHECK_WARNING (CWE-476): [#def23]
serd-0.32.4/test/test_reader_writer.c:327: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: path
#  325|   
#  326|     memcpy(path, tmp, tmp_len + 1);
#  327|->   path[tmp_len] = '/';
#  328|     memcpy(path + tmp_len + 1, ttl_name, ttl_name_len + 1);
#  329|   

Error: CPPCHECK_WARNING (CWE-682): [#def24]
serd-0.32.4/test/test_reader_writer.c:328: error[nullPointerArithmeticOutOfMemory]: If memory allocation fails: pointer addition with NULL pointer.
#  326|     memcpy(path, tmp, tmp_len + 1);
#  327|     path[tmp_len] = '/';
#  328|->   memcpy(path + tmp_len + 1, ttl_name, ttl_name_len + 1);
#  329|   
#  330|     test_write_errors();

Error: CPPCHECK_WARNING (CWE-476): [#def25]
serd-0.32.4/test/test_reader_writer.c:335: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: path
#  333|     test_reader(path);
#  334|   
#  335|->   assert(!remove(path));
#  336|     free(path);
#  337|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def26]
serd-0.32.4/test/test_writer.c:219:30: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen("serd_strict_write_test.ttl", "wb")’
serd-0.32.4/test/test_writer.c:216:28: acquire_resource: opened here
serd-0.32.4/test/test_writer.c:217:3: branch_false: following ‘false’ branch...
serd-0.32.4/test/test_writer.c:219:30: branch_false: ...to here
serd-0.32.4/test/test_writer.c:219:30: throw: if ‘serd_env_new’ throws an exception...
serd-0.32.4/test/test_writer.c:219:30: danger: ‘fopen("serd_strict_write_test.ttl", "wb")’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  217|     assert(fd);
#  218|   
#  219|->   SerdEnv* const    env    = serd_env_new(NULL);
#  220|     SerdWriter* const writer = serd_writer_new(
#  221|       SERD_TURTLE, (SerdStyle)SERD_STYLE_STRICT, env, NULL, null_sink, fd);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def27]
serd-0.32.4/test/test_writer.c:219:30: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen("serd_strict_write_test.ttl", "wb")’
serd-0.32.4/test/test_writer.c:216:28: acquire_memory: allocated here
serd-0.32.4/test/test_writer.c:217:3: branch_false: following ‘false’ branch...
serd-0.32.4/test/test_writer.c:219:30: branch_false: ...to here
serd-0.32.4/test/test_writer.c:219:30: throw: if ‘serd_env_new’ throws an exception...
serd-0.32.4/test/test_writer.c:219:30: danger: ‘fopen("serd_strict_write_test.ttl", "wb")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  217|     assert(fd);
#  218|   
#  219|->   SerdEnv* const    env    = serd_env_new(NULL);
#  220|     SerdWriter* const writer = serd_writer_new(
#  221|       SERD_TURTLE, (SerdStyle)SERD_STYLE_STRICT, env, NULL, null_sink, fd);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def28]
serd-0.32.4/test/test_writer.c:220:30: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen("serd_strict_write_test.ttl", "wb")’
serd-0.32.4/test/test_writer.c:216:28: acquire_resource: opened here
serd-0.32.4/test/test_writer.c:217:3: branch_false: following ‘false’ branch...
serd-0.32.4/test/test_writer.c:219:30: branch_false: ...to here
serd-0.32.4/test/test_writer.c:220:30: throw: if ‘serd_writer_new’ throws an exception...
serd-0.32.4/test/test_writer.c:220:30: danger: ‘fopen("serd_strict_write_test.ttl", "wb")’ leaks here; was opened at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  218|   
#  219|     SerdEnv* const    env    = serd_env_new(NULL);
#  220|->   SerdWriter* const writer = serd_writer_new(
#  221|       SERD_TURTLE, (SerdStyle)SERD_STYLE_STRICT, env, NULL, null_sink, fd);
#  222|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def29]
serd-0.32.4/test/test_writer.c:220:30: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen("serd_strict_write_test.ttl", "wb")’
serd-0.32.4/test/test_writer.c:216:28: acquire_memory: allocated here
serd-0.32.4/test/test_writer.c:217:3: branch_false: following ‘false’ branch...
serd-0.32.4/test/test_writer.c:219:30: branch_false: ...to here
serd-0.32.4/test/test_writer.c:220:30: throw: if ‘serd_writer_new’ throws an exception...
serd-0.32.4/test/test_writer.c:220:30: danger: ‘fopen("serd_strict_write_test.ttl", "wb")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  218|   
#  219|     SerdEnv* const    env    = serd_env_new(NULL);
#  220|->   SerdWriter* const writer = serd_writer_new(
#  221|       SERD_TURTLE, (SerdStyle)SERD_STYLE_STRICT, env, NULL, null_sink, fd);
#  222|

Scan Properties

analyzer-version-clippy	1.92.0
analyzer-version-cppcheck	2.19.1
analyzer-version-gcc	16.0.0
analyzer-version-gcc-analyzer	16.0.0
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.92.0
diffbase-analyzer-version-cppcheck	2.19.1
diffbase-analyzer-version-gcc	16.0.0
diffbase-analyzer-version-gcc-analyzer	16.0.0
diffbase-analyzer-version-shellcheck	0.11.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-181.us-west-2.compute.internal
diffbase-known-false-positives	/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
diffbase-mock-config	fedora-rawhide-x86_64
diffbase-project-name	serd-0.32.6-1.fc44
diffbase-store-results-to	/tmp/tmpybpoyxi_/serd-0.32.6-1.fc44.tar.xz
diffbase-time-created	2026-01-08 21:45:17
diffbase-time-finished	2026-01-08 21:46:47
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpybpoyxi_/serd-0.32.6-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpybpoyxi_/serd-0.32.6-1.fc44.src.rpm'
diffbase-tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-181.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	serd-0.32.4-2.fc43
store-results-to	/tmp/tmpfaipg0_2/serd-0.32.4-2.fc43.tar.xz
time-created	2026-01-08 21:42:54
time-finished	2026-01-08 21:44:52
title	Fixed findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpfaipg0_2/serd-0.32.4-2.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpfaipg0_2/serd-0.32.4-2.fc43.src.rpm'
tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9