Error: COMPILER_WARNING (CWE-457): [#def1] tmux-3.6/cmd-display-menu.c:513:13: warning[-Wmaybe-uninitialized]: ‘h’ may be used uninitialized # 513 | if (popup_display(flags, lines, item, px, py, w, h, env, shellcmd, argc, # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 514 | argv, cwd, title, tc, s, style, border_style, NULL, NULL) != 0) { # | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ tmux-3.6/cmd-display-menu.c:400:45: note: ‘h’ was declared here # 400 | u_int px, py, w, h, count = args_count(args); # | ^ # 511| return (CMD_RETURN_NORMAL); # 512| } # 513|-> if (popup_display(flags, lines, item, px, py, w, h, env, shellcmd, argc, # 514| argv, cwd, title, tc, s, style, border_style, NULL, NULL) != 0) { # 515| cmd_free_argv(argc, argv); Error: COMPILER_WARNING (CWE-457): [#def2] tmux-3.6/cmd-display-menu.c: scope_hint: In function ‘cmd_display_popup_exec’ tmux-3.6/cmd-display-menu.c:513:13: warning[-Wmaybe-uninitialized]: ‘w’ may be used uninitialized # 513 | if (popup_display(flags, lines, item, px, py, w, h, env, shellcmd, argc, # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 514 | argv, cwd, title, tc, s, style, border_style, NULL, NULL) != 0) { # | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ tmux-3.6/cmd-display-menu.c:400:42: note: ‘w’ was declared here # 400 | u_int px, py, w, h, count = args_count(args); # | ^ # 511| return (CMD_RETURN_NORMAL); # 512| } # 513|-> if (popup_display(flags, lines, item, px, py, w, h, env, shellcmd, argc, # 514| argv, cwd, title, tc, s, style, border_style, NULL, NULL) != 0) { # 515| cmd_free_argv(argc, argv); Error: COMPILER_WARNING (CWE-704): [#def3] tmux-3.6/compat/getopt_long.c: scope_hint: In function ‘getopt_internal’ tmux-3.6/compat/getopt_long.c:472:18: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type # 472 | (oli = strchr(options, optchar)) == NULL) { # | ^ # 470| if ((optchar = (int)*place++) == (int)':' || # 471| (optchar == (int)'-' && *place != '\0') || # 472|-> (oli = strchr(options, optchar)) == NULL) { # 473| /* # 474| * If the user specified "-" and '-' isn't listed in Error: COMPILER_WARNING (CWE-704): [#def4] tmux-3.6/compat/getopt_long.c:472:18: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type # 470| if ((optchar = (int)*place++) == (int)':' || # 471| (optchar == (int)'-' && *place != '\0') || # 472|-> (oli = strchr(options, optchar)) == NULL) { # 473| /* # 474| * If the user specified "-" and '-' isn't listed in Error: COMPILER_WARNING (CWE-563): [#def5] tmux-3.6/compat/imsg-buffer.c: scope_hint: In function ‘msgbuf_clear’ tmux-3.6/compat/imsg-buffer.c:702:26: warning[-Wunused-variable]: unused variable ‘buf’ # 702 | struct ibuf *buf; # | ^~~ # 700| msgbuf_clear(struct msgbuf *msgbuf) # 701| { # 702|-> struct ibuf *buf; # 703| # 704| /* write side */ Error: COMPILER_WARNING (CWE-681): [#def6] tmux-3.6/input-keys.c:644:56: warning[-Wpointer-sign]: pointer targets in passing argument 3 of ‘input_key_write’ differ in signedness # 644 | input_key_write(__func__, bev, &ud.data[0], 1); # | ^~~~~~~~~~~ # | | # | u_char * {aka unsigned char *} tmux-3.6/input-keys.c:420:72: note: expected ‘const char *’ but argument is of type ‘u_char *’ {aka ‘unsigned char *’} # 420 | input_key_write(const char *from, struct bufferevent *bev, const char *data, # | ~~~~~~~~~~~~^~~~ # 642| (key >= 0x20 && key <= 0x7f)) { # 643| ud.data[0] = key; # 644|-> input_key_write(__func__, bev, &ud.data[0], 1); # 645| return (0); # 646| } Error: COMPILER_WARNING (CWE-681): [#def7] tmux-3.6/input.c: scope_hint: In function ‘input_dcs_dispatch’ tmux-3.6/input.c:2561:34: warning[-Wpointer-sign]: pointer targets in passing argument 1 of ‘sixel_parse’ differ in signedness # 2561 | si = sixel_parse(buf, len, p2, w->xpixel, w->ypixel); # | ^~~ # | | # | u_char * {aka unsigned char *} tmux-3.6/input.c:29: included_from: Included from here. tmux-3.6/tmux.h:3644:33: note: expected ‘const char *’ but argument is of type ‘u_char *’ {aka ‘unsigned char *’} # 3644 | struct sixel_image *sixel_parse(const char *, size_t, u_int, u_int, u_int); # | ^~~~~~~~~~~~ # 2559| if (p2 == -1) # 2560| p2 = 0; # 2561|-> si = sixel_parse(buf, len, p2, w->xpixel, w->ypixel); # 2562| if (si != NULL) # 2563| screen_write_sixelimage(sctx, si, ictx->cell.cell.bg); Error: COMPILER_WARNING (CWE-681): [#def8] tmux-3.6/input.c: scope_hint: In function ‘input_exit_apc’ tmux-3.6/input.c:2712:43: warning[-Wpointer-sign]: pointer targets in passing argument 2 of ‘screen_set_title’ differ in signedness # 2712 | screen_set_title(sctx->s, ictx->input_buf)) { # | ~~~~^~~~~~~~~~~ # | | # | u_char * {aka unsigned char *} tmux-3.6/tmux.h:3193:44: note: expected ‘const char *’ but argument is of type ‘u_char *’ {aka ‘unsigned char *’} # 3193 | int screen_set_title(struct screen *, const char *); # | ^~~~~~~~~~~~ # 2710| if (wp != NULL && # 2711| options_get_number(wp->options, "allow-set-title") && # 2712|-> screen_set_title(sctx->s, ictx->input_buf)) { # 2713| notify_pane("pane-title-changed", wp); # 2714| server_redraw_window_borders(wp->window); Error: GCC_ANALYZER_WARNING (CWE-775): [#def9] tmux-3.6/job.c:164:36: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘dup2(out[1], 2)’ tmux-3.6/job.c:118:20: branch_false: following ‘false’ branch... tmux-3.6/job.c:120:23: branch_false: ...to here tmux-3.6/job.c:156:20: branch_true: following ‘true’ branch... tmux-3.6/job.c:157:29: branch_true: ...to here tmux-3.6/job.c:157:28: branch_false: following ‘false’ branch... tmux-3.6/job.c:159:48: branch_false: ...to here tmux-3.6/job.c:160:28: branch_false: following ‘false’ branch... tmux-3.6/job.c:162:36: branch_false: ...to here tmux-3.6/job.c:163:28: branch_true: following ‘true’ branch... tmux-3.6/job.c:164:37: branch_true: ...to here tmux-3.6/job.c:164:37: acquire_resource: opened here tmux-3.6/job.c:164:36: danger: ‘dup2(out[1], 2)’ leaks here; was opened at [(13)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/12) # 162| do_close = do_close && out[1] != STDOUT_FILENO; # 163| if (flags & JOB_SHOWSTDERR) { # 164|-> if (dup2(out[1], STDERR_FILENO) == -1) # 165| fatal("dup2 failed"); # 166| do_close = do_close && out[1] != STDERR_FILENO; Error: COMPILER_WARNING (CWE-681): [#def10] tmux-3.6/screen-redraw.c: scope_hint: In function ‘screen_redraw_draw_pane_scrollbar’ tmux-3.6/screen-redraw.c:990:56: warning[-Wpointer-sign]: pointer targets in passing argument 2 of ‘window_copy_get_current_offset’ differ in signedness # 990 | if (window_copy_get_current_offset(wp, &cm_y, &cm_size) == 0) # | ^~~~~ # | | # | int * tmux-3.6/screen-redraw.c:24: included_from: Included from here. tmux-3.6/tmux.h:3429:71: note: expected ‘u_int *’ {aka ‘unsigned int *’} but argument is of type ‘int *’ # 3429 | int window_copy_get_current_offset(struct window_pane *, u_int *, # | ^~~~~~~ # 988| if (TAILQ_FIRST(&wp->modes) == NULL) # 989| return; # 990|-> if (window_copy_get_current_offset(wp, &cm_y, &cm_size) == 0) # 991| return; # 992| total_height = cm_size + sb_h; Error: COMPILER_WARNING (CWE-681): [#def11] tmux-3.6/screen-redraw.c:990:63: warning[-Wpointer-sign]: pointer targets in passing argument 3 of ‘window_copy_get_current_offset’ differ in signedness # 990 | if (window_copy_get_current_offset(wp, &cm_y, &cm_size) == 0) # | ^~~~~~~~ # | | # | int * tmux-3.6/tmux.h:3430:22: note: expected ‘u_int *’ {aka ‘unsigned int *’} but argument is of type ‘int *’ # 3430 | u_int *); # | ^~~~~~~ # 988| if (TAILQ_FIRST(&wp->modes) == NULL) # 989| return; # 990|-> if (window_copy_get_current_offset(wp, &cm_y, &cm_size) == 0) # 991| return; # 992| total_height = cm_size + sb_h; Error: GCC_ANALYZER_WARNING (CWE-457): [#def12] tmux-3.6/server-client.c:616:49: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘line’ tmux-3.6/server-client.c:610:12: branch_false: following ‘false’ branch (when ‘pane_status != 1’)... tmux-3.6/server-client.c:612:17: branch_false: ...to here tmux-3.6/server-client.c:612:17: branch_false: following ‘false’ branch (when ‘pane_status != 2’)... tmux-3.6/server-client.c:616:15: branch_false: ...to here tmux-3.6/server-client.c:616:49: danger: use of uninitialized value ‘line’ here # 614| # 615| /* Check if point is within the pane or scrollbar. */ # 616|-> if (((pane_status != PANE_STATUS_OFF && py != line) || # 617| (wp->yoff == 0 && py < wp->sy) || # 618| (py >= wp->yoff && py < wp->yoff + wp->sy)) && Error: COMPILER_WARNING (CWE-457): [#def13] tmux-3.6/server-client.c:616:52: warning[-Wmaybe-uninitialized]: ‘line’ may be used uninitialized # 616 | if (((pane_status != PANE_STATUS_OFF && py != line) || # | ~~~^~~~~~~ tmux-3.6/server-client.c: scope_hint: In function ‘server_client_key_callback’ tmux-3.6/server-client.c:597:34: note: ‘line’ was declared here # 597 | u_int line, sl_top, sl_bottom; # | ^~~~ # 614| # 615| /* Check if point is within the pane or scrollbar. */ # 616|-> if (((pane_status != PANE_STATUS_OFF && py != line) || # 617| (wp->yoff == 0 && py < wp->sy) || # 618| (py >= wp->yoff && py < wp->yoff + wp->sy)) && Error: COMPILER_WARNING (CWE-681): [#def14] tmux-3.6/utf8.c: scope_hint: In function ‘utf8_add_to_width_cache’ tmux-3.6/utf8.c:344:38: warning[-Wpointer-sign]: pointer targets in passing argument 2 of ‘mbtowc’ differ in signedness # 344 | if (mbtowc(&wc, ud[0].data, ud[0].size) <= 0) { # | ~~~~~^~~~~ # | | # | u_char * {aka unsigned char *} tmux-3.6/utf8.c:23: included_from: Included from here. /usr/include/stdlib.h:1100:43: note: expected ‘const char * restrict’ but argument is of type ‘u_char *’ {aka ‘unsigned char *’} # 1100 | const char *__restrict __s, size_t __n) __THROW; # | ~~~~~~~~~~~~~~~~~~~~~~~^~~ # 342| if (utf8proc_mbtowc(&wc, ud[0].data, ud[0].size) <= 0) { # 343| #else # 344|-> if (mbtowc(&wc, ud[0].data, ud[0].size) <= 0) { # 345| #endif # 346| free(ud); Error: GCC_ANALYZER_WARNING (CWE-476): [#def15] tmux-3.6/window-tree.c:239:42: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘wla’ tmux-3.6/window-tree.c:927:1: enter_function: entry to ‘window_tree_swap’ tmux-3.6/window-tree.c:941:9: call_function: calling ‘window_tree_pull_item’ from ‘window_tree_swap’ tmux-3.6/window-tree.c:941:9: return_function: returning to ‘window_tree_swap’ from ‘window_tree_pull_item’ tmux-3.6/window-tree.c:942:9: call_function: calling ‘window_tree_pull_item’ from ‘window_tree_swap’ tmux-3.6/window-tree.c:942:9: return_function: returning to ‘window_tree_swap’ from ‘window_tree_pull_item’ tmux-3.6/window-tree.c:945:12: branch_false: following ‘false’ branch... tmux-3.6/window-tree.c:948:29: branch_false: ...to here tmux-3.6/window-tree.c:948:12: branch_true: following ‘true’ branch... tmux-3.6/window-tree.c:949:13: branch_true: ...to here tmux-3.6/window-tree.c:949:13: call_function: calling ‘window_tree_cmp_window’ from ‘window_tree_swap’ # 237| const struct winlink *wla = *a; # 238| const struct winlink *wlb = *b; # 239|-> struct window *wa = wla->window; # 240| struct window *wb = wlb->window; # 241| int result = 0; Error: GCC_ANALYZER_WARNING (CWE-476): [#def16] tmux-3.6/window-tree.c:957:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘cur_winlink’ tmux-3.6/window-tree.c:927:1: enter_function: entry to ‘window_tree_swap’ tmux-3.6/window-tree.c:941:9: call_function: calling ‘window_tree_pull_item’ from ‘window_tree_swap’ tmux-3.6/window-tree.c:941:9: return_function: returning to ‘window_tree_swap’ from ‘window_tree_pull_item’ tmux-3.6/window-tree.c:942:9: call_function: calling ‘window_tree_pull_item’ from ‘window_tree_swap’ tmux-3.6/window-tree.c:942:9: return_function: returning to ‘window_tree_swap’ from ‘window_tree_pull_item’ tmux-3.6/window-tree.c:945:12: branch_false: following ‘false’ branch... tmux-3.6/window-tree.c:948:29: branch_false: ...to here tmux-3.6/window-tree.c:948:12: branch_false: following ‘false’ branch... tmux-3.6/window-tree.c:957:37: branch_false: ...to here tmux-3.6/window-tree.c:957:37: release_memory: ‘cur_winlink’ is NULL tmux-3.6/window-tree.c:957:9: danger: dereference of NULL ‘other_winlink’ # 955| } # 956| # 957|-> other_window = other_winlink->window; # 958| TAILQ_REMOVE(&other_window->winlinks, other_winlink, wentry); # 959| cur_window = cur_winlink->window;
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.92.0 |
| diffbase-analyzer-version-cppcheck | 2.19.1 |
| diffbase-analyzer-version-gcc | 16.0.0 |
| diffbase-analyzer-version-gcc-analyzer | 16.0.0 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-109.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | tmux-3.5a-5.fc43 |
| diffbase-store-results-to | /tmp/tmpm2pxz4u_/tmux-3.5a-5.fc43.tar.xz |
| diffbase-time-created | 2026-01-08 21:51:56 |
| diffbase-time-finished | 2026-01-08 21:54:35 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpm2pxz4u_/tmux-3.5a-5.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpm2pxz4u_/tmux-3.5a-5.fc43.src.rpm' |
| diffbase-tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-109.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | tmux-3.6-1.fc44 |
| store-results-to | /tmp/tmpvkajpcdh/tmux-3.6-1.fc44.tar.xz |
| time-created | 2026-01-08 21:55:00 |
| time-finished | 2026-01-08 21:57:10 |
| title | Newly introduced findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpvkajpcdh/tmux-3.6-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpvkajpcdh/tmux-3.6-1.fc44.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |