Error: SHELLCHECK_WARNING (CWE-156): [#def1] /usr/bin/zipgrep:28:15: warning[SC2046]: Quote this to prevent word splitting. # 26| # 27| if test $# = 0; then # 28|-> echo usage: `basename "$0"` "[egrep_options] pattern zipfile [members...]" # 29| echo Uses unzip and egrep to search the zip members for a string or pattern. # 30| exit 1 Error: GCC_ANALYZER_WARNING (CWE-401): [#def2] unzip60/crypt.c:569:30: warning[-Wanalyzer-malloc-leak]: leak of ‘key_translated’ unzip60/crypt.c:565:31: acquire_memory: allocated here unzip60/crypt.c:565:12: branch_false: following ‘false’ branch (when ‘key_translated’ is non-NULL)... unzip60/crypt.c:569:30: branch_false: ...to here unzip60/crypt.c:569:30: throw: if ‘str2oem’ throws an exception... unzip60/crypt.c:569:30: danger: ‘key_translated’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0) # 567| #endif # 568| /* second try, password translated to alternate ("standard") charset */ # 569|-> r = testkey(__G__ h, STR_TO_CP2(key_translated, GLOBAL(key))); # 570| #ifdef STR_TO_CP3 # 571| if (r != 0) Error: GCC_ANALYZER_WARNING (CWE-401): [#def3] unzip60/envargs.c:190:24: warning[-Wanalyzer-malloc-leak]: leak of ‘bufptr’ unzip60/envargs.c:49:5: enter_function: entry to ‘envargs’ unzip60/envargs.c:69:9: branch_false: following ‘false’ branch... unzip60/envargs.c:72:25: branch_false: ...to here unzip60/envargs.c:72:14: acquire_memory: allocated here unzip60/envargs.c:73:8: branch_false: following ‘false’ branch (when ‘bufptr’ is non-NULL)... unzip60/envargs.c:89:5: branch_false: ...to here unzip60/envargs.c:93:12: call_function: calling ‘count_args’ from ‘envargs’ # 188| #if defined(AMIGA) || defined(UNIX) # 189| if (*s == '\"') { # 190|-> for (ch = *PREINCSTR(s); ch != '\0' && ch != '\"'; # 191| ch = *PREINCSTR(s)) # 192| if (ch == '\\' && s[1] != '\0') Error: COMPILER_WARNING (CWE-252): [#def4] unzip60/extract.c: scope_hint: In function ‘extract_or_test_files’ unzip60/extract.c:777:9: warning[-Wunused-result]: ignoring return value of ‘read’ declared with attribute ‘warn_unused_result’ # 777 | read(G.zipfd, (char *)G.inbuf, INBUFSIZ); /* been here before... */ # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 775| zlseek(G.zipfd, cd_bufstart, SEEK_SET); # 776| #endif /* ?USE_STRM_INPUT */ # 777|-> read(G.zipfd, (char *)G.inbuf, INBUFSIZ); /* been here before... */ # 778| G.inptr = cd_inptr; # 779| G.incnt = cd_incnt; Error: COMPILER_WARNING (CWE-252): [#def5] unzip60/extract.c: scope_hint: In function ‘store_info’ unzip60/extract.c:1089:13: warning[-Wunused-result]: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’ # 1089 | fgets(G.answerbuf, sizeof(G.answerbuf), stdin); # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 1087| Info(slide, 0x481, ((char *)slide, LoadFarString(VMSFormatQuery), # 1088| FnFilter1(G.filename))); # 1089|-> fgets(G.answerbuf, sizeof(G.answerbuf), stdin); # 1090| if ((*G.answerbuf != 'y') && (*G.answerbuf != 'Y')) # 1091| return 0; Error: COMPILER_WARNING (CWE-252): [#def6] unzip60/extract.c: scope_hint: In function ‘extract_or_test_entrylist’ unzip60/extract.c:1681:29: warning[-Wunused-result]: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’ # 1681 | fgets(G.filename, FILNAMSIZ, stdin); # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 1679| Info(slide, 0x81, ((char *)slide, # 1680| LoadFarString(NewNameQuery))); # 1681|-> fgets(G.filename, FILNAMSIZ, stdin); # 1682| /* usually get \n here: better check for it */ # 1683| fnlen = strlen(G.filename); Error: COMPILER_WARNING (CWE-252): [#def7] unzip60/extract.c: scope_hint: In function ‘extract_or_test_member’ unzip60/extract.c:2301:13: warning[-Wunused-result]: ignoring return value of ‘read’ declared with attribute ‘warn_unused_result’ # 2301 | read(G.zipfd, (char *)G.inbuf, INBUFSIZ); # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 2299| zlseek(G.zipfd, G.cur_zipfile_bufstart, SEEK_SET); # 2300| #endif /* ?USE_STRM_INPUT */ # 2301|-> read(G.zipfd, (char *)G.inbuf, INBUFSIZ); # 2302| G.incnt -= INBUFSIZ - back; # 2303| G.inptr += INBUFSIZ - back; Error: GCC_ANALYZER_WARNING (CWE-401): [#def8] unzip60/extract.c:2623:14: warning[-Wanalyzer-malloc-leak]: leak of ‘eb_ucptr’ unzip60/extract.c:2537:12: enter_function: entry to ‘test_compr_eb’ unzip60/extract.c:2568:8: branch_false: following ‘false’ branch (when ‘eb_size > 3’)... unzip60/extract.c:2569:30: branch_false: ...to here unzip60/extract.c:2568:9: branch_false: following ‘false’ branch... unzip60/extract.c:2570:39: branch_false: ...to here unzip60/extract.c:2570:6: branch_false: following ‘false’ branch... unzip60/extract.c:2573:28: branch_false: ...to here unzip60/extract.c:2583:28: acquire_memory: allocated here unzip60/extract.c:2579:8: branch_false: following ‘false’ branch (when ‘eb_ucptr’ is non-NULL)... unzip60/extract.c:2588:25: branch_false: ...to here unzip60/extract.c:2586:9: call_function: calling ‘memextract’ from ‘test_compr_eb’ # 2621| # 2622| # 2623|-> method = makeword(src); # 2624| extra_field_crc = makelong(src+2); # 2625| Error: GCC_ANALYZER_WARNING (CWE-401): [#def9] unzip60/extract.c:2623:14: warning[-Wanalyzer-malloc-leak]: leak of ‘ucdata’ unzip60/extract.c:2737:6: enter_function: entry to ‘extract_izvms_block’ unzip60/extract.c:2751:12: branch_true: following ‘true’ branch... unzip60/extract.c:2752:20: branch_true: ...to here unzip60/extract.c:2754:8: branch_false: following ‘false’ branch (when ‘retlen’ is NULL)... unzip60/extract.c:2757:33: branch_false: ...to here unzip60/extract.c:2757:26: acquire_memory: allocated here unzip60/extract.c:2757:8: branch_false: following ‘false’ branch (when ‘ucdata’ is non-NULL)... unzip60/extract.c:2760:9: branch_false: ...to here unzip60/extract.c:2772:13: call_function: calling ‘memextract’ from ‘extract_izvms_block’ # 2621| # 2622| # 2623|-> method = makeword(src); # 2624| extra_field_crc = makelong(src+2); # 2625| Error: GCC_ANALYZER_WARNING (CWE-401): [#def10] unzip60/extract.c:2624:23: warning[-Wanalyzer-malloc-leak]: leak of ‘eb_ucptr’ unzip60/extract.c:2537:12: enter_function: entry to ‘test_compr_eb’ unzip60/extract.c:2568:8: branch_false: following ‘false’ branch (when ‘eb_size > 3’)... unzip60/extract.c:2569:30: branch_false: ...to here unzip60/extract.c:2568:9: branch_false: following ‘false’ branch... unzip60/extract.c:2570:39: branch_false: ...to here unzip60/extract.c:2570:6: branch_false: following ‘false’ branch... unzip60/extract.c:2573:28: branch_false: ...to here unzip60/extract.c:2583:28: acquire_memory: allocated here unzip60/extract.c:2579:8: branch_false: following ‘false’ branch (when ‘eb_ucptr’ is non-NULL)... unzip60/extract.c:2588:25: branch_false: ...to here unzip60/extract.c:2586:9: call_function: calling ‘memextract’ from ‘test_compr_eb’ # 2622| # 2623| method = makeword(src); # 2624|-> extra_field_crc = makelong(src+2); # 2625| # 2626| /* compressed extra field exists completely in memory at this location: */ Error: GCC_ANALYZER_WARNING (CWE-401): [#def11] unzip60/extract.c:2624:23: warning[-Wanalyzer-malloc-leak]: leak of ‘ucdata’ unzip60/extract.c:2737:6: enter_function: entry to ‘extract_izvms_block’ unzip60/extract.c:2751:12: branch_true: following ‘true’ branch... unzip60/extract.c:2752:20: branch_true: ...to here unzip60/extract.c:2754:8: branch_false: following ‘false’ branch (when ‘retlen’ is NULL)... unzip60/extract.c:2757:33: branch_false: ...to here unzip60/extract.c:2757:26: acquire_memory: allocated here unzip60/extract.c:2757:8: branch_false: following ‘false’ branch (when ‘ucdata’ is non-NULL)... unzip60/extract.c:2760:9: branch_false: ...to here unzip60/extract.c:2772:13: call_function: calling ‘memextract’ from ‘extract_izvms_block’ # 2622| # 2623| method = makeword(src); # 2624|-> extra_field_crc = makelong(src+2); # 2625| # 2626| /* compressed extra field exists completely in memory at this location: */ Error: GCC_ANALYZER_WARNING (CWE-401): [#def12] unzip60/extract.c:2872:9: warning[-Wanalyzer-malloc-leak]: leak of ‘linktarget’ unzip60/extract.c:2845:13: enter_function: entry to ‘set_deferred_symlink’ unzip60/extract.c:2851:32: acquire_memory: allocated here unzip60/extract.c:2853:8: branch_false: following ‘false’ branch (when ‘linktarget’ is non-NULL)... unzip60/extract.c:2858:15: branch_false: ...to here unzip60/extract.c:2868:8: branch_true: following ‘true’ branch... unzip60/extract.c:2872:9: branch_true: ...to here unzip60/extract.c:2872:9: call_function: calling ‘fnfilter’ from ‘set_deferred_symlink’ unzip60/extract.c:2872:9: return_function: returning to ‘set_deferred_symlink’ from ‘fnfilter’ unzip60/extract.c:2872:9: throw: if the called function throws an exception... unzip60/extract.c:2872:9: danger: ‘linktarget’ leaks here; was allocated at [(2)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/1) # 2870| strcmp(slnk_entry->target, linktarget)) # 2871| { # 2872|-> Info(slide, 0x201, ((char *)slide, # 2873| LoadFarString(SymLnkWarnInvalid), FnFilter1(linkfname))); # 2874| free(linktarget); Error: GCC_ANALYZER_WARNING (CWE-401): [#def13] unzip60/extract.c:2882:9: warning[-Wanalyzer-malloc-leak]: leak of ‘linktarget’ unzip60/extract.c:2845:13: enter_function: entry to ‘set_deferred_symlink’ unzip60/extract.c:2851:32: acquire_memory: allocated here unzip60/extract.c:2853:8: branch_false: following ‘false’ branch (when ‘linktarget’ is non-NULL)... unzip60/extract.c:2858:15: branch_false: ...to here unzip60/extract.c:2868:8: branch_false: following ‘false’ branch... unzip60/extract.c:2869:9: branch_false: ...to here unzip60/extract.c:2868:9: branch_false: following ‘false’ branch... unzip60/extract.c:2870:16: branch_false: ...to here unzip60/extract.c:2868:9: branch_false: following ‘false’ branch (when the strings are equal)... unzip60/extract.c:2879:5: branch_false: ...to here unzip60/extract.c:2881:8: branch_true: following ‘true’ branch... unzip60/extract.c:2882:9: branch_true: ...to here unzip60/extract.c:2882:9: call_function: calling ‘fnfilter’ from ‘set_deferred_symlink’ unzip60/extract.c:2882:9: return_function: returning to ‘set_deferred_symlink’ from ‘fnfilter’ unzip60/extract.c:2882:9: call_function: calling ‘fnfilter’ from ‘set_deferred_symlink’ unzip60/extract.c:2882:9: return_function: returning to ‘set_deferred_symlink’ from ‘fnfilter’ unzip60/extract.c:2882:9: throw: if the called function throws an exception... unzip60/extract.c:2882:9: danger: ‘linktarget’ leaks here; was allocated at [(2)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/1) # 2880| unlink(linkfname); /* ...and delete it */ # 2881| if (QCOND2) # 2882|-> Info(slide, 0, ((char *)slide, LoadFarString(SymLnkFinish), # 2883| FnFilter1(linkfname), FnFilter2(linktarget))); # 2884| if (symlink(linktarget, linkfname)) /* create the real link */ Error: GCC_ANALYZER_WARNING (CWE-401): [#def14] unzip60/extract.c:2885:9: warning[-Wanalyzer-malloc-leak]: leak of ‘linktarget’ unzip60/extract.c:2851:32: acquire_memory: allocated here unzip60/extract.c:2853:8: branch_false: following ‘false’ branch (when ‘linktarget’ is non-NULL)... unzip60/extract.c:2858:15: branch_false: ...to here unzip60/extract.c:2868:8: branch_false: following ‘false’ branch... unzip60/extract.c:2869:9: branch_false: ...to here unzip60/extract.c:2868:9: branch_false: following ‘false’ branch... unzip60/extract.c:2870:16: branch_false: ...to here unzip60/extract.c:2868:9: branch_false: following ‘false’ branch (when the strings are equal)... unzip60/extract.c:2879:5: branch_false: ...to here unzip60/extract.c:2881:8: branch_false: following ‘false’ branch... unzip60/extract.c:2884:9: branch_false: ...to here unzip60/extract.c:2884:8: branch_true: following ‘true’ branch... unzip60/extract.c:2885:9: branch_true: ...to here unzip60/extract.c:2885:9: throw: if ‘perror’ throws an exception... unzip60/extract.c:2885:9: danger: ‘linktarget’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0) # 2883| FnFilter1(linkfname), FnFilter2(linktarget))); # 2884| if (symlink(linktarget, linkfname)) /* create the real link */ # 2885|-> perror("symlink error"); # 2886| free(linktarget); # 2887| #ifdef SET_SYMLINK_ATTRIBS Error: COMPILER_WARNING: [#def15] unzip60/extract.c: scope_hint: In function ‘UZbunzip2’ unzip60/extract.c:3214:9: warning[-Wunused-but-set-variable=]: variable ‘repeated_buf_err’ set but not used # 3214 | int repeated_buf_err; # | ^~~~~~~~~~~~~~~~ # 3212| int retval = 0; /* return code: 0 = "no error" */ # 3213| int err=BZ_OK; # 3214|-> int repeated_buf_err; # 3215| bz_stream bstrm; # 3216| Error: GCC_ANALYZER_WARNING (CWE-401): [#def16] unzip60/fileio.c:360:17: warning[-Wanalyzer-malloc-leak]: leak of ‘tname’ unzip60/fileio.c:305:12: branch_true: following ‘true’ branch... unzip60/fileio.c:311:20: branch_true: ...to here unzip60/fileio.c:313:16: branch_false: following ‘false’ branch (when ‘tlen <= 4095’)... unzip60/fileio.c:323:33: branch_false: ...to here unzip60/fileio.c:323:33: acquire_memory: allocated here unzip60/fileio.c:324:20: branch_false: following ‘false’ branch (when ‘tname’ is non-NULL)... unzip60/fileio.c:326:17: branch_false: ...to here unzip60/fileio.c:330:16: branch_true: following ‘true’ branch... unzip60/fileio.c:334:21: branch_true: ...to here unzip60/fileio.c:359:16: branch_true: following ‘true’ branch... unzip60/fileio.c:360:17: branch_true: ...to here unzip60/fileio.c:360:17: throw: if the called function throws an exception... unzip60/fileio.c:360:17: danger: ‘tname’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4) # 358| # 359| if (rename(G.filename, tname) != 0) { /* move file */ # 360|-> Info(slide, 0x401, ((char *)slide, # 361| LoadFarString(CannotRenameOldFile), # 362| FnFilter1(G.filename), strerror(errno))); Error: COMPILER_WARNING (CWE-252): [#def17] unzip60/fileio.c: scope_hint: In function ‘disk_error’ unzip60/fileio.c:1225:5: warning[-Wunused-result]: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’ # 1225 | fgets(G.answerbuf, sizeof(G.answerbuf), stdin); # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 1223| # 1224| #ifndef WINDLL # 1225|-> fgets(G.answerbuf, sizeof(G.answerbuf), stdin); # 1226| if (*G.answerbuf == 'y') /* stop writing to this file */ # 1227| G.disk_full = 1; /* (outfile bad?), but new OK */ Error: GCC_ANALYZER_WARNING (CWE-401): [#def18] unzip60/fileio.c:1612:9: warning[-Wanalyzer-malloc-leak]: leak of ‘m’ unzip60/fileio.c:1595:8: branch_true: following ‘true’ branch... unzip60/fileio.c:1596:9: branch_true: ...to here unzip60/fileio.c:1599:26: acquire_memory: allocated here unzip60/fileio.c:1601:12: branch_true: following ‘true’ branch (when ‘prompt’ is non-NULL)... unzip60/fileio.c:1602:13: branch_true: ...to here unzip60/fileio.c:1612:9: throw: if ‘getp’ throws an exception... unzip60/fileio.c:1612:9: danger: ‘m’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2) # 1610| } # 1611| # 1612|-> m = getp(__G__ m, pwbuf, size); # 1613| if (prompt != (char *)NULL) { # 1614| free(prompt); Error: GCC_ANALYZER_WARNING (CWE-617): [#def19] unzip60/funzip.c:228:3: warning[-Wanalyzer-tainted-assertion]: use of attacked-controlled value in condition for assertion unzip60/funzip.c:282:5: enter_function: entry to ‘main’ unzip60/funzip.c:330:7: branch_false: following ‘false’ branch... unzip60/funzip.c:363:17: branch_false: ...to here unzip60/funzip.c:363:8: branch_false: following ‘false’ branch... unzip60/funzip.c:379:14: branch_false: ...to here unzip60/funzip.c:379:6: branch_false: following ‘false’ branch... unzip60/funzip.c:384:7: branch_false: ...to here unzip60/funzip.c:385:6: branch_false: following ‘false’ branch (when ‘n != 19280’)... unzip60/funzip.c:405:11: branch_false: ...to here unzip60/funzip.c:405:11: branch_true: following ‘true’ branch (when ‘n == 35615’)... unzip60/funzip.c:407:37: branch_true: ...to here unzip60/funzip.c:407:8: branch_false: following ‘false’ branch... unzip60/funzip.c:409:19: branch_false: ...to here unzip60/funzip.c:409:8: branch_true: following ‘true’ branch... unzip60/funzip.c:410:7: call_function: calling ‘err’ from ‘main’ # 226| Info(slide, 1, ((char *)slide, "funzip error: %s\n", m)); # 227| DESTROYGLOBALS(); # 228|-> EXIT(n); # 229| } # 230| Error: GCC_ANALYZER_WARNING (CWE-401): [#def20] unzip60/funzip.c:437:23: warning[-Wanalyzer-malloc-leak]: leak of ‘p’ unzip60/funzip.c:330:7: branch_false: following ‘false’ branch... unzip60/funzip.c:363:17: branch_false: ...to here unzip60/funzip.c:363:8: branch_false: following ‘false’ branch... unzip60/funzip.c:379:14: branch_false: ...to here unzip60/funzip.c:379:6: branch_false: following ‘false’ branch... unzip60/funzip.c:384:7: branch_false: ...to here unzip60/funzip.c:385:6: branch_false: following ‘false’ branch (when ‘n != 19280’)... unzip60/funzip.c:405:11: branch_false: ...to here unzip60/funzip.c:405:11: branch_true: following ‘true’ branch (when ‘n == 35615’)... unzip60/funzip.c:407:37: branch_true: ...to here unzip60/funzip.c:407:8: branch_false: following ‘false’ branch... unzip60/funzip.c:409:19: branch_false: ...to here unzip60/funzip.c:411:8: branch_false: following ‘false’ branch... unzip60/funzip.c:411:8: branch_false: ...to here unzip60/funzip.c:429:6: branch_true: following ‘true’ branch... unzip60/funzip.c:434:10: branch_true: ...to here unzip60/funzip.c:434:10: branch_true: following ‘true’ branch (when ‘p’ is NULL)... unzip60/funzip.c:435:26: branch_true: ...to here unzip60/funzip.c:435:26: acquire_memory: allocated here unzip60/funzip.c:435:12: branch_false: following ‘false’ branch (when ‘p’ is non-NULL)... unzip60/funzip.c:437:23: branch_false: ...to here unzip60/funzip.c:437:23: throw: if ‘getp’ throws an exception... unzip60/funzip.c:437:23: danger: ‘p’ leaks here; was allocated at [(20)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/19) # 435| if ((p = (char *)malloc(IZ_PWLEN+1)) == (char *)NULL) # 436| err(1, "out of memory"); # 437|-> else if ((p = getp("Enter password: ", p, IZ_PWLEN+1)) == (char *)NULL) # 438| err(1, "no tty to prompt for password"); # 439| } Error: COMPILER_WARNING: [#def21] unzip60/process.c: scope_hint: In function ‘wide_to_local_string’ unzip60/process.c:2496:7: warning[-Wunused-but-set-variable=]: variable ‘state_dependent’ set but not used # 2496 | int state_dependent; # | ^~~~~~~~~~~~~~~ # 2494| wchar_t wc; # 2495| int b; # 2496|-> int state_dependent; # 2497| int wsize = 0; # 2498| int max_bytes = MB_CUR_MAX; Error: GCC_ANALYZER_WARNING (CWE-476): [#def22] unzip60/process.c:2503:19: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’ unzip60/process.c:2595:7: enter_function: entry to ‘utf8_to_local_string’ unzip60/process.c:2599:18: call_function: calling ‘utf8_to_wide_string’ from ‘utf8_to_local_string’ unzip60/process.c:2599:18: return_function: returning to ‘utf8_to_local_string’ from ‘utf8_to_wide_string’ unzip60/process.c:2600:15: call_function: calling ‘wide_to_local_string’ from ‘utf8_to_local_string’ # 2501| char *local_string = NULL; # 2502| # 2503|-> for (wsize = 0; wide_string[wsize]; wsize++) ; # 2504| # 2505| if (max_bytes < MAX_ESCAPE_BYTES) Error: COMPILER_WARNING: [#def23] unzip60/process.c:2533:9: warning[-Wstringop-truncation]: ‘__strncat_chk’ output may be truncated copying 1 byte from a string of length 8 # 2533 | strncat(buffer, buf, b); # | ^ # 2531| if (b == 1 && (uch)buf[0] <= 0x7f) { # 2532| /* ASCII */ # 2533|-> strncat(buffer, buf, b); # 2534| } else { # 2535| /* use escape for wide character */ Error: COMPILER_WARNING (CWE-252): [#def24] unzip60/ttyio.c: scope_hint: In function ‘zgetch’ unzip60/ttyio.c:463:5: warning[-Wunused-result]: ignoring return value of ‘read’ declared with attribute ‘warn_unused_result’ # 463 | read(f, &c, 1); /* read our character */ # | ^~~~~~~~~~~~~~ # 461| GLOBAL(echofd) = f; /* in case ^C hit (not perfect: still CBREAK) */ # 462| # 463|-> read(f, &c, 1); /* read our character */ # 464| # 465| #if (defined(USE_SYSV_TERMIO) || defined(USE_POSIX_TERMIOS)) Error: GCC_ANALYZER_WARNING (CWE-775): [#def25] unzip60/ttyio.c:625:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/tty", 0)’ unzip60/ttyio.c:619:14: acquire_resource: opened here unzip60/ttyio.c:619:8: branch_false: following ‘false’ branch... unzip60/ttyio.c:619:8: branch_false: ...to here unzip60/ttyio.c:627:9: throw: if ‘fflush’ throws an exception... unzip60/ttyio.c:625:9: danger: ‘open("/dev/tty", 0)’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0) # 623| w = ""; # 624| do { # 625|-> fputs(w, stderr); /* warning if back again */ # 626| fputs(m, stderr); /* prompt */ # 627| fflush(stderr); Error: COMPILER_WARNING (CWE-252): [#def26] unzip60/ttyio.c: scope_hint: In function ‘getp’ unzip60/ttyio.c:631:13: warning[-Wunused-result]: ignoring return value of ‘read’ declared with attribute ‘warn_unused_result’ # 631 | read(f, &c, 1); # | ^~~~~~~~~~~~~~ # 629| echoff(f); # 630| do { /* read line, keeping n */ # 631|-> read(f, &c, 1); # 632| if (i < n) # 633| p[i++] = c; Error: GCC_ANALYZER_WARNING (CWE-401): [#def27] unzip60/unix/unix.c:970:21: warning[-Wanalyzer-malloc-leak]: leak of ‘tmproot’ unzip60/unix/unix.c:941:12: branch_false: following ‘false’ branch (when ‘pathcomp’ is non-NULL)... unzip60/unix/unix.c:945:13: branch_false: ...to here unzip60/unix/unix.c:945:12: branch_false: following ‘false’ branch... unzip60/unix/unix.c:947:26: branch_false: ...to here unzip60/unix/unix.c:947:12: branch_true: following ‘true’ branch... unzip60/unix/unix.c:950:43: branch_true: ...to here unzip60/unix/unix.c:950:36: acquire_memory: allocated here unzip60/unix/unix.c:950:16: branch_false: following ‘false’ branch (when ‘tmproot’ is non-NULL)... unzip60/unix/unix.c:954:13: branch_false: ...to here unzip60/unix/unix.c:958:16: branch_true: following ‘true’ branch... unzip60/unix/unix.c:958:35: branch_true: ...to here unzip60/unix/unix.c:961:20: branch_false: following ‘false’ branch... unzip60/unix/unix.c:969:21: branch_false: ...to here unzip60/unix/unix.c:969:20: branch_true: following ‘true’ branch... unzip60/unix/unix.c:970:21: branch_true: ...to here unzip60/unix/unix.c:970:21: throw: if the called function throws an exception... unzip60/unix/unix.c:970:21: danger: ‘tmproot’ leaks here; was allocated at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8) # 968| * to create more than one level, but why really necessary?) */ # 969| if (mkdir(tmproot, 0777) == -1) { # 970|-> Info(slide, 1, ((char *)slide, # 971| "checkdir: cannot create extraction directory: %s\n\ # 972| %s\n", Error: COMPILER_WARNING: [#def28] unzip60/unix/unix.c: scope_hint: In function ‘checkdir’ unzip60/unix/unix.c:984:17: warning[-Wuse-after-free]: pointer ‘tmproot_171’ may be used after ‘realloc’ # 984 | free(tmproot); # | ^~~~~~~~~~~~~ unzip60/unix/unix.c:983:39: note: call to ‘realloc’ here # 983 | if ((G.rootpath = (char *)realloc(tmproot, G.rootlen+1)) == NULL) { # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 982| tmproot[G.rootlen] = '\0'; # 983| if ((G.rootpath = (char *)realloc(tmproot, G.rootlen+1)) == NULL) { # 984|-> free(tmproot); # 985| G.rootlen = 0; # 986| return MPN_NOMEM; Error: GCC_ANALYZER_WARNING (CWE-401): [#def29] unzip60/unix/unix.c:1114:21: warning[-Wanalyzer-malloc-leak]: leak of ‘slnk_entry’ unzip60/unix/unix.c:1136:5: enter_function: entry to ‘close_outfile’ unzip60/unix/unix.c:1158:8: branch_true: following ‘true’ branch... unzip60/unix/unix.c:1159:16: branch_true: ...to here unzip60/unix/unix.c:1175:12: branch_false: following ‘false’ branch (when ‘ucsize <= slnk_entrysize’)... unzip60/unix/unix.c:1183:41: branch_false: ...to here unzip60/unix/unix.c:1183:41: acquire_memory: allocated here unzip60/unix/unix.c:1183:12: branch_false: following ‘false’ branch (when ‘slnk_entry’ is non-NULL)... unzip60/unix/unix.c:1190:9: branch_false: ...to here unzip60/unix/unix.c:1206:12: branch_false: following ‘false’ branch... unzip60/unix/unix.c:1215:18: branch_false: ...to here unzip60/unix/unix.c:1215:18: call_function: calling ‘CloseError’ from ‘close_outfile’ # 1112| case ENOSPC: # 1113| /* Do we need this on fileio.c? */ # 1114|-> Info(slide, 0x4a1, ((char *)slide, "%s: write error (disk full?). Continue? (y/n/^C) ", # 1115| FnFilter1(G.filename))); # 1116| fgets(G.answerbuf, 9, stdin); Error: COMPILER_WARNING (CWE-252): [#def30] unzip60/unix/unix.c: scope_hint: In function ‘CloseError’ unzip60/unix/unix.c:1116:21: warning[-Wunused-result]: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’ # 1116 | fgets(G.answerbuf, 9, stdin); # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 1114| Info(slide, 0x4a1, ((char *)slide, "%s: write error (disk full?). Continue? (y/n/^C) ", # 1115| FnFilter1(G.filename))); # 1116|-> fgets(G.answerbuf, 9, stdin); # 1117| if (*G.answerbuf == 'y') /* stop writing to this file */ # 1118| G.disk_full = 1; /* pass to next */ Error: GCC_ANALYZER_WARNING (CWE-401): [#def31] unzip60/unix/unix.c:1204:9: warning[-Wanalyzer-malloc-leak]: leak of ‘slnk_entry’ unzip60/unix/unix.c:1158:8: branch_true: following ‘true’ branch... unzip60/unix/unix.c:1159:16: branch_true: ...to here unzip60/unix/unix.c:1175:12: branch_false: following ‘false’ branch (when ‘ucsize <= slnk_entrysize’)... unzip60/unix/unix.c:1183:41: branch_false: ...to here unzip60/unix/unix.c:1183:41: acquire_memory: allocated here unzip60/unix/unix.c:1183:12: branch_false: following ‘false’ branch (when ‘slnk_entry’ is non-NULL)... unzip60/unix/unix.c:1190:9: branch_false: ...to here unzip60/unix/unix.c:1204:9: throw: if ‘rewind’ throws an exception... unzip60/unix/unix.c:1204:9: danger: ‘slnk_entry’ leaks here; was allocated at [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4) # 1202| # 1203| /* move back to the start of the file to re-read the "link data" */ # 1204|-> rewind(G.outfile); # 1205| # 1206| if (fread(slnk_entry->target, 1, ucsize, G.outfile) != ucsize) Error: GCC_ANALYZER_WARNING (CWE-401): [#def32] unzip60/unix/unix.c:1208:13: warning[-Wanalyzer-malloc-leak]: leak of ‘slnk_entry’ unzip60/unix/unix.c:1158:8: branch_true: following ‘true’ branch... unzip60/unix/unix.c:1159:16: branch_true: ...to here unzip60/unix/unix.c:1175:12: branch_false: following ‘false’ branch (when ‘ucsize <= slnk_entrysize’)... unzip60/unix/unix.c:1183:41: branch_false: ...to here unzip60/unix/unix.c:1183:41: acquire_memory: allocated here unzip60/unix/unix.c:1183:12: branch_false: following ‘false’ branch (when ‘slnk_entry’ is non-NULL)... unzip60/unix/unix.c:1190:9: branch_false: ...to here unzip60/unix/unix.c:1206:12: branch_true: following ‘true’ branch... unzip60/unix/unix.c:1208:13: branch_true: ...to here unzip60/unix/unix.c:1208:13: throw: if the called function throws an exception... unzip60/unix/unix.c:1208:13: danger: ‘slnk_entry’ leaks here; was allocated at [(5)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/4) # 1206| if (fread(slnk_entry->target, 1, ucsize, G.outfile) != ucsize) # 1207| { # 1208|-> Info(slide, 0x201, ((char *)slide, # 1209| "warning: symbolic link (%s) failed\n", # 1210| FnFilter1(G.filename))); Error: GCC_ANALYZER_WARNING (CWE-401): [#def33] unzip60/unix/unix.c:1218:13: warning[-Wanalyzer-malloc-leak]: leak of ‘slnk_entry’ unzip60/unix/unix.c:1158:8: branch_true: following ‘true’ branch... unzip60/unix/unix.c:1159:16: branch_true: ...to here unzip60/unix/unix.c:1175:12: branch_false: following ‘false’ branch (when ‘ucsize <= slnk_entrysize’)... unzip60/unix/unix.c:1183:41: branch_false: ...to here unzip60/unix/unix.c:1183:41: acquire_memory: allocated here unzip60/unix/unix.c:1183:12: branch_false: following ‘false’ branch (when ‘slnk_entry’ is non-NULL)... unzip60/unix/unix.c:1190:9: branch_false: ...to here unzip60/unix/unix.c:1206:12: branch_false: following ‘false’ branch... unzip60/unix/unix.c:1215:18: branch_false: ...to here unzip60/unix/unix.c:1217:12: branch_true: following ‘true’ branch... unzip60/unix/unix.c:1218:13: branch_true: ...to here unzip60/unix/unix.c:1218:13: throw: if the called function throws an exception... unzip60/unix/unix.c:1218:13: danger: ‘slnk_entry’ leaks here; was allocated at [(5)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/4) # 1216| slnk_entry->target[ucsize] = '\0'; # 1217| if (QCOND2) # 1218|-> Info(slide, 0, ((char *)slide, "-> %s ", # 1219| FnFilter1(slnk_entry->target))); # 1220| /* add this symlink record to the list of deferred symlinks */ Error: GCC_ANALYZER_WARNING (CWE-401): [#def34] unzip60/unix/unix.c:1972:7: warning[-Wanalyzer-malloc-leak]: leak of ‘iconv_open(local_charset, from_charset)’ unzip60/unix/unix.c:1966:7: branch_false: following ‘false’ branch... unzip60/unix/unix.c:1970:21: branch_false: ...to here unzip60/unix/unix.c:1972:14: acquire_memory: allocated here unzip60/unix/unix.c:1972:7: danger: ‘iconv_open(local_charset, from_charset)’ leaks here; was allocated at [(3)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/2) # 1970| local_charset = nl_langinfo(CODESET); # 1971| # 1972|-> if((cd = iconv_open(local_charset, from_charset)) == (iconv_t)-1) # 1973| return; # 1974| Error: GCC_ANALYZER_WARNING (CWE-401): [#def35] unzip60/unix/unix.c:1994:8: warning[-Wanalyzer-malloc-leak]: leak of ‘d’ unzip60/unix/unix.c:1966:7: branch_false: following ‘false’ branch... unzip60/unix/unix.c:1970:21: branch_false: ...to here unzip60/unix/unix.c:1972:7: branch_false: following ‘false’ branch... unzip60/unix/unix.c:1975:12: branch_false: ...to here unzip60/unix/unix.c:1987:15: acquire_memory: allocated here unzip60/unix/unix.c:1988:7: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)... unzip60/unix/unix.c:1991:5: branch_false: ...to here unzip60/unix/unix.c:1994:8: throw: if ‘iconv’ throws an exception... unzip60/unix/unix.c:1994:8: danger: ‘d’ leaks here; was allocated at [(5)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/4) # 1992| dlen = buflen - 1; # 1993| # 1994|-> if(iconv(cd, &s, &slen, &d, &dlen) == (size_t)-1) # 1995| goto cleanup; # 1996| strncpy(string, buf, buflen); Error: GCC_ANALYZER_WARNING (CWE-401): [#def36] unzip60/unix/unix.c:1994:8: warning[-Wanalyzer-malloc-leak]: leak of ‘iconv_open(local_charset, from_charset)’ unzip60/unix/unix.c:1966:7: branch_false: following ‘false’ branch... unzip60/unix/unix.c:1970:21: branch_false: ...to here unzip60/unix/unix.c:1972:14: acquire_memory: allocated here unzip60/unix/unix.c:1972:7: branch_false: following ‘false’ branch... unzip60/unix/unix.c:1975:12: branch_false: ...to here unzip60/unix/unix.c:1988:7: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)... unzip60/unix/unix.c:1991:5: branch_false: ...to here unzip60/unix/unix.c:1994:8: throw: if ‘iconv’ throws an exception... unzip60/unix/unix.c:1994:8: danger: ‘iconv_open(local_charset, from_charset)’ leaks here; was allocated at [(3)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/2) # 1992| dlen = buflen - 1; # 1993| # 1994|-> if(iconv(cd, &s, &slen, &d, &dlen) == (size_t)-1) # 1995| goto cleanup; # 1996| strncpy(string, buf, buflen); Error: GCC_ANALYZER_WARNING (CWE-401): [#def37] unzip60/unix/unix.c:2000:5: warning[-Wanalyzer-malloc-leak]: leak of ‘iconv_open(local_charset, from_charset)’ unzip60/unix/unix.c:1966:7: branch_false: following ‘false’ branch... unzip60/unix/unix.c:1970:21: branch_false: ...to here unzip60/unix/unix.c:1972:14: acquire_memory: allocated here unzip60/unix/unix.c:1972:7: branch_false: following ‘false’ branch... unzip60/unix/unix.c:1975:12: branch_false: ...to here unzip60/unix/unix.c:1988:7: branch_true: following ‘true’ branch (when ‘buf’ is NULL)... unzip60/unix/unix.c:1989:9: branch_true: ...to here unzip60/unix/unix.c:2000:5: danger: ‘iconv_open(local_charset, from_charset)’ leaks here; was allocated at [(3)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/2) # 1998| cleanup: # 1999| free(buf); # 2000|-> iconv_close(cd); # 2001| } # 2002| Error: COMPILER_WARNING: [#def38] unzip60/unzpriv.h:2728:53: warning[-Wformat-overflow=]: ‘%s’ directive writing up to 74535 bytes into a region of size 65528 # 2728 | (*G.message)((zvoid *)&G, (uch *)(buf), (ulg)sprintf sprf_arg, (flag)) /usr/include/bits/stdio2.h:30:10: note: ‘__sprintf_chk’ output between 10 and 74545 bytes into a destination of size 65536 # 30 | return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1, # | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 31 | __glibc_objsize (__s), __fmt, # | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # 32 | __va_arg_pack ()); # | ~~~~~~~~~~~~~~~~~ # 2726| # ifdef INT_SPRINTF /* optimized version for "int sprintf()" flavour */ # 2727| # define Info(buf,flag,sprf_arg) \ # 2728|-> (*G.message)((zvoid *)&G, (uch *)(buf), (ulg)sprintf sprf_arg, (flag)) # 2729| # else /* generic version, does not use sprintf() return value */ # 2730| # define Info(buf,flag,sprf_arg) \ Error: GCC_ANALYZER_WARNING (CWE-401): [#def39] unzip60/zipinfo.c:818:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fn_matched’ unzip60/zipinfo.c:787:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:788:35: branch_true: ...to here unzip60/zipinfo.c:788:28: acquire_memory: allocated here unzip60/zipinfo.c:787:9: branch_true: following ‘true’ branch (when ‘fn_matched’ is non-NULL)... unzip60/zipinfo.c:787:9: branch_true: ...to here unzip60/zipinfo.c:818:13: throw: if ‘readbuf’ throws an exception... unzip60/zipinfo.c:818:13: danger: ‘fn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) # 816| # 817| for (j = 1L;; j++) { # 818|-> if (readbuf(__G__ G.sig, 4) == 0) { # 819| error_in_archive = PK_EOF; # 820| break; Error: GCC_ANALYZER_WARNING (CWE-401): [#def40] unzip60/zipinfo.c:818:13: warning[-Wanalyzer-malloc-leak]: leak of ‘xn_matched’ unzip60/zipinfo.c:792:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:793:35: branch_true: ...to here unzip60/zipinfo.c:793:28: acquire_memory: allocated here unzip60/zipinfo.c:792:9: branch_true: following ‘true’ branch (when ‘xn_matched’ is non-NULL)... unzip60/zipinfo.c:792:9: branch_true: ...to here unzip60/zipinfo.c:818:13: throw: if ‘readbuf’ throws an exception... unzip60/zipinfo.c:818:13: danger: ‘xn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2) # 816| # 817| for (j = 1L;; j++) { # 818|-> if (readbuf(__G__ G.sig, 4) == 0) { # 819| error_in_archive = PK_EOF; # 820| break; Error: GCC_ANALYZER_WARNING (CWE-401): [#def41] unzip60/zipinfo.c:837:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fn_matched’ unzip60/zipinfo.c:787:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:788:35: branch_true: ...to here unzip60/zipinfo.c:788:28: acquire_memory: allocated here unzip60/zipinfo.c:787:9: branch_true: following ‘true’ branch (when ‘fn_matched’ is non-NULL)... unzip60/zipinfo.c:787:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:827:18: branch_true: ...to here unzip60/zipinfo.c:827:16: branch_false: following ‘false’ branch... unzip60/zipinfo.c:837:17: branch_false: ...to here unzip60/zipinfo.c:837:17: throw: if the called function throws an exception... unzip60/zipinfo.c:837:17: danger: ‘fn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2) # 835| break; # 836| } else { # 837|-> Info(slide, 0x401, # 838| ((char *)slide, LoadFarString(CentSigMsg), j)); # 839| Info(slide, 0x401, Error: GCC_ANALYZER_WARNING (CWE-401): [#def42] unzip60/zipinfo.c:837:17: warning[-Wanalyzer-malloc-leak]: leak of ‘xn_matched’ unzip60/zipinfo.c:792:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:793:35: branch_true: ...to here unzip60/zipinfo.c:793:28: acquire_memory: allocated here unzip60/zipinfo.c:792:9: branch_true: following ‘true’ branch (when ‘xn_matched’ is non-NULL)... unzip60/zipinfo.c:792:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:827:18: branch_true: ...to here unzip60/zipinfo.c:827:16: branch_false: following ‘false’ branch... unzip60/zipinfo.c:837:17: branch_false: ...to here unzip60/zipinfo.c:837:17: throw: if the called function throws an exception... unzip60/zipinfo.c:837:17: danger: ‘xn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2) # 835| break; # 836| } else { # 837|-> Info(slide, 0x401, # 838| ((char *)slide, LoadFarString(CentSigMsg), j)); # 839| Info(slide, 0x401, Error: GCC_ANALYZER_WARNING (CWE-401): [#def43] unzip60/zipinfo.c:839:17: warning[-Wanalyzer-malloc-leak]: leak of ‘fn_matched’ unzip60/zipinfo.c:787:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:788:35: branch_true: ...to here unzip60/zipinfo.c:788:28: acquire_memory: allocated here unzip60/zipinfo.c:787:9: branch_true: following ‘true’ branch (when ‘fn_matched’ is non-NULL)... unzip60/zipinfo.c:787:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:827:18: branch_true: ...to here unzip60/zipinfo.c:827:16: branch_false: following ‘false’ branch... unzip60/zipinfo.c:837:17: branch_false: ...to here unzip60/zipinfo.c:839:17: throw: if the called function throws an exception... unzip60/zipinfo.c:839:17: danger: ‘fn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2) # 837| Info(slide, 0x401, # 838| ((char *)slide, LoadFarString(CentSigMsg), j)); # 839|-> Info(slide, 0x401, # 840| ((char *)slide,"%s", LoadFarString(ReportMsg))); # 841| error_in_archive = PK_BADERR; /* sig not found */ Error: GCC_ANALYZER_WARNING (CWE-401): [#def44] unzip60/zipinfo.c:839:17: warning[-Wanalyzer-malloc-leak]: leak of ‘xn_matched’ unzip60/zipinfo.c:792:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:793:35: branch_true: ...to here unzip60/zipinfo.c:793:28: acquire_memory: allocated here unzip60/zipinfo.c:792:9: branch_true: following ‘true’ branch (when ‘xn_matched’ is non-NULL)... unzip60/zipinfo.c:792:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:827:18: branch_true: ...to here unzip60/zipinfo.c:827:16: branch_false: following ‘false’ branch... unzip60/zipinfo.c:837:17: branch_false: ...to here unzip60/zipinfo.c:839:17: throw: if the called function throws an exception... unzip60/zipinfo.c:839:17: danger: ‘xn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2) # 837| Info(slide, 0x401, # 838| ((char *)slide, LoadFarString(CentSigMsg), j)); # 839|-> Info(slide, 0x401, # 840| ((char *)slide,"%s", LoadFarString(ReportMsg))); # 841| error_in_archive = PK_BADERR; /* sig not found */ Error: GCC_ANALYZER_WARNING (CWE-401): [#def45] unzip60/zipinfo.c:846:22: warning[-Wanalyzer-malloc-leak]: leak of ‘fn_matched’ unzip60/zipinfo.c:787:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:788:35: branch_true: ...to here unzip60/zipinfo.c:788:28: acquire_memory: allocated here unzip60/zipinfo.c:787:9: branch_true: following ‘true’ branch (when ‘fn_matched’ is non-NULL)... unzip60/zipinfo.c:787:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:846:22: branch_false: ...to here unzip60/zipinfo.c:846:22: throw: if ‘process_cdir_file_hdr’ throws an exception... unzip60/zipinfo.c:846:22: danger: ‘fn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2) # 844| } # 845| /* process_cdir_file_hdr() sets pInfo->hostnum, pInfo->lcflag, ...: */ # 846|-> if ((error = process_cdir_file_hdr(__G)) != PK_COOL) { # 847| error_in_archive = error; /* only PK_EOF defined */ # 848| break; Error: GCC_ANALYZER_WARNING (CWE-401): [#def46] unzip60/zipinfo.c:846:22: warning[-Wanalyzer-malloc-leak]: leak of ‘xn_matched’ unzip60/zipinfo.c:792:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:793:35: branch_true: ...to here unzip60/zipinfo.c:793:28: acquire_memory: allocated here unzip60/zipinfo.c:792:9: branch_true: following ‘true’ branch (when ‘xn_matched’ is non-NULL)... unzip60/zipinfo.c:792:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:846:22: branch_false: ...to here unzip60/zipinfo.c:846:22: throw: if ‘process_cdir_file_hdr’ throws an exception... unzip60/zipinfo.c:846:22: danger: ‘xn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2) # 844| } # 845| /* process_cdir_file_hdr() sets pInfo->hostnum, pInfo->lcflag, ...: */ # 846|-> if ((error = process_cdir_file_hdr(__G)) != PK_COOL) { # 847| error_in_archive = error; /* only PK_EOF defined */ # 848| break; Error: GCC_ANALYZER_WARNING (CWE-401): [#def47] unzip60/zipinfo.c:851:22: warning[-Wanalyzer-malloc-leak]: leak of ‘fn_matched’ unzip60/zipinfo.c:787:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:788:35: branch_true: ...to here unzip60/zipinfo.c:788:28: acquire_memory: allocated here unzip60/zipinfo.c:787:9: branch_true: following ‘true’ branch (when ‘fn_matched’ is non-NULL)... unzip60/zipinfo.c:787:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:846:22: branch_false: ...to here unzip60/zipinfo.c:846:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:851:38: branch_false: ...to here unzip60/zipinfo.c:851:22: throw: if ‘do_string’ throws an exception... unzip60/zipinfo.c:851:22: danger: ‘fn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/2) # 849| } # 850| # 851|-> if ((error = do_string(__G__ G.crec.filename_length, DS_FN)) != # 852| PK_COOL) # 853| { Error: GCC_ANALYZER_WARNING (CWE-401): [#def48] unzip60/zipinfo.c:851:22: warning[-Wanalyzer-malloc-leak]: leak of ‘xn_matched’ unzip60/zipinfo.c:792:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:793:35: branch_true: ...to here unzip60/zipinfo.c:793:28: acquire_memory: allocated here unzip60/zipinfo.c:792:9: branch_true: following ‘true’ branch (when ‘xn_matched’ is non-NULL)... unzip60/zipinfo.c:792:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:846:22: branch_false: ...to here unzip60/zipinfo.c:846:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:851:38: branch_false: ...to here unzip60/zipinfo.c:851:22: throw: if ‘do_string’ throws an exception... unzip60/zipinfo.c:851:22: danger: ‘xn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/2) # 849| } # 850| # 851|-> if ((error = do_string(__G__ G.crec.filename_length, DS_FN)) != # 852| PK_COOL) # 853| { Error: GCC_ANALYZER_WARNING (CWE-401): [#def49] unzip60/zipinfo.c:868:25: warning[-Wanalyzer-malloc-leak]: leak of ‘fn_matched’ unzip60/zipinfo.c:787:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:788:35: branch_true: ...to here unzip60/zipinfo.c:788:28: acquire_memory: allocated here unzip60/zipinfo.c:787:9: branch_true: following ‘true’ branch (when ‘fn_matched’ is non-NULL)... unzip60/zipinfo.c:787:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:846:22: branch_false: ...to here unzip60/zipinfo.c:846:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:851:38: branch_false: ...to here unzip60/zipinfo.c:860:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:863:17: branch_true: ...to here unzip60/zipinfo.c:863:16: branch_false: following ‘false’ branch... unzip60/zipinfo.c:863:16: branch_false: ...to here unzip60/zipinfo.c:867:29: branch_true: following ‘true’ branch... unzip60/zipinfo.c:868:25: branch_true: ...to here unzip60/zipinfo.c:868:25: throw: if ‘match’ throws an exception... unzip60/zipinfo.c:868:25: danger: ‘fn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/2) # 866| do_this_file = FALSE; # 867| for (i = 0; i < G.filespecs; i++) # 868|-> if (match(G.filename, G.pfnames[i], uO.C_flag WISEP)) { # 869| do_this_file = TRUE; # 870| if (fn_matched) Error: GCC_ANALYZER_WARNING (CWE-401): [#def50] unzip60/zipinfo.c:868:25: warning[-Wanalyzer-malloc-leak]: leak of ‘xn_matched’ unzip60/zipinfo.c:792:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:793:35: branch_true: ...to here unzip60/zipinfo.c:793:28: acquire_memory: allocated here unzip60/zipinfo.c:792:9: branch_true: following ‘true’ branch (when ‘xn_matched’ is non-NULL)... unzip60/zipinfo.c:792:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:846:22: branch_false: ...to here unzip60/zipinfo.c:846:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:851:38: branch_false: ...to here unzip60/zipinfo.c:860:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:863:17: branch_true: ...to here unzip60/zipinfo.c:863:16: branch_false: following ‘false’ branch... unzip60/zipinfo.c:863:16: branch_false: ...to here unzip60/zipinfo.c:867:29: branch_true: following ‘true’ branch... unzip60/zipinfo.c:868:25: branch_true: ...to here unzip60/zipinfo.c:868:25: throw: if ‘match’ throws an exception... unzip60/zipinfo.c:868:25: danger: ‘xn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/2) # 866| do_this_file = FALSE; # 867| for (i = 0; i < G.filespecs; i++) # 868|-> if (match(G.filename, G.pfnames[i], uO.C_flag WISEP)) { # 869| do_this_file = TRUE; # 870| if (fn_matched) Error: GCC_ANALYZER_WARNING (CWE-401): [#def51] unzip60/zipinfo.c:877:25: warning[-Wanalyzer-malloc-leak]: leak of ‘fn_matched’ unzip60/zipinfo.c:787:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:788:35: branch_true: ...to here unzip60/zipinfo.c:788:28: acquire_memory: allocated here unzip60/zipinfo.c:787:9: branch_true: following ‘true’ branch (when ‘fn_matched’ is non-NULL)... unzip60/zipinfo.c:787:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:846:22: branch_false: ...to here unzip60/zipinfo.c:846:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:851:38: branch_false: ...to here unzip60/zipinfo.c:851:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:854:14: branch_true: ...to here unzip60/zipinfo.c:856:14: branch_false: following ‘false’ branch... unzip60/zipinfo.c:860:14: branch_false: ...to here unzip60/zipinfo.c:860:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:863:17: branch_true: ...to here unzip60/zipinfo.c:863:16: branch_true: following ‘true’ branch... unzip60/zipinfo.c:875:16: branch_true: ...to here unzip60/zipinfo.c:875:16: branch_true: following ‘true’ branch (when ‘do_this_file != 0’)... unzip60/zipinfo.c:875:16: branch_true: ...to here unzip60/zipinfo.c:876:29: branch_true: following ‘true’ branch... unzip60/zipinfo.c:877:25: branch_true: ...to here unzip60/zipinfo.c:877:25: throw: if ‘match’ throws an exception... unzip60/zipinfo.c:877:25: danger: ‘fn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/2) # 875| if (do_this_file) { /* check if this is an excluded file */ # 876| for (i = 0; i < G.xfilespecs; i++) # 877|-> if (match(G.filename, G.pxnames[i], uO.C_flag WISEP)) { # 878| do_this_file = FALSE; /* ^-- ignore case in match */ # 879| if (xn_matched) Error: GCC_ANALYZER_WARNING (CWE-401): [#def52] unzip60/zipinfo.c:877:25: warning[-Wanalyzer-malloc-leak]: leak of ‘xn_matched’ unzip60/zipinfo.c:792:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:793:35: branch_true: ...to here unzip60/zipinfo.c:793:28: acquire_memory: allocated here unzip60/zipinfo.c:792:9: branch_true: following ‘true’ branch (when ‘xn_matched’ is non-NULL)... unzip60/zipinfo.c:792:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:846:22: branch_false: ...to here unzip60/zipinfo.c:846:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:851:38: branch_false: ...to here unzip60/zipinfo.c:851:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:854:14: branch_true: ...to here unzip60/zipinfo.c:856:14: branch_false: following ‘false’ branch... unzip60/zipinfo.c:860:14: branch_false: ...to here unzip60/zipinfo.c:860:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:863:17: branch_true: ...to here unzip60/zipinfo.c:863:16: branch_true: following ‘true’ branch... unzip60/zipinfo.c:875:16: branch_true: ...to here unzip60/zipinfo.c:875:16: branch_true: following ‘true’ branch (when ‘do_this_file != 0’)... unzip60/zipinfo.c:875:16: branch_true: ...to here unzip60/zipinfo.c:876:29: branch_true: following ‘true’ branch... unzip60/zipinfo.c:877:25: branch_true: ...to here unzip60/zipinfo.c:877:25: throw: if ‘match’ throws an exception... unzip60/zipinfo.c:877:25: danger: ‘xn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/2) # 875| if (do_this_file) { /* check if this is an excluded file */ # 876| for (i = 0; i < G.xfilespecs; i++) # 877|-> if (match(G.filename, G.pxnames[i], uO.C_flag WISEP)) { # 878| do_this_file = FALSE; /* ^-- ignore case in match */ # 879| if (xn_matched) Error: GCC_ANALYZER_WARNING (CWE-401): [#def53] unzip60/zipinfo.c:898:26: warning[-Wanalyzer-malloc-leak]: leak of ‘fn_matched’ unzip60/zipinfo.c:787:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:788:35: branch_true: ...to here unzip60/zipinfo.c:788:28: acquire_memory: allocated here unzip60/zipinfo.c:787:9: branch_true: following ‘true’ branch (when ‘fn_matched’ is non-NULL)... unzip60/zipinfo.c:787:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:846:22: branch_false: ...to here unzip60/zipinfo.c:846:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:851:38: branch_false: ...to here unzip60/zipinfo.c:860:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:892:13: branch_false: ...to here unzip60/zipinfo.c:892:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:898:42: branch_true: ...to here unzip60/zipinfo.c:898:26: throw: if ‘do_string’ throws an exception... unzip60/zipinfo.c:898:26: danger: ‘fn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/2) # 896| * analysis of the entry below. # 897| */ # 898|-> if ((error = do_string(__G__ G.crec.extra_field_length, # 899| EXTRA_FIELD)) != 0) # 900| { Error: GCC_ANALYZER_WARNING (CWE-401): [#def54] unzip60/zipinfo.c:898:26: warning[-Wanalyzer-malloc-leak]: leak of ‘xn_matched’ unzip60/zipinfo.c:792:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:793:35: branch_true: ...to here unzip60/zipinfo.c:793:28: acquire_memory: allocated here unzip60/zipinfo.c:792:9: branch_true: following ‘true’ branch (when ‘xn_matched’ is non-NULL)... unzip60/zipinfo.c:792:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:846:22: branch_false: ...to here unzip60/zipinfo.c:846:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:851:38: branch_false: ...to here unzip60/zipinfo.c:851:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:854:14: branch_true: ...to here unzip60/zipinfo.c:856:14: branch_false: following ‘false’ branch... unzip60/zipinfo.c:860:14: branch_false: ...to here unzip60/zipinfo.c:860:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:863:17: branch_true: ...to here unzip60/zipinfo.c:863:16: branch_true: following ‘true’ branch... unzip60/zipinfo.c:875:16: branch_true: ...to here unzip60/zipinfo.c:875:16: branch_true: following ‘true’ branch (when ‘do_this_file != 0’)... unzip60/zipinfo.c:875:16: branch_true: ...to here unzip60/zipinfo.c:876:29: branch_true: following ‘true’ branch... unzip60/zipinfo.c:877:25: branch_true: ...to here unzip60/zipinfo.c:877:24: branch_true: following ‘true’ branch... unzip60/zipinfo.c:879:28: branch_true: ...to here unzip60/zipinfo.c:879:28: branch_true: following ‘true’ branch (when ‘xn_matched’ is non-NULL)... unzip60/zipinfo.c:880:39: branch_true: ...to here unzip60/zipinfo.c:892:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:898:42: branch_true: ...to here unzip60/zipinfo.c:898:26: throw: if ‘do_string’ throws an exception... unzip60/zipinfo.c:898:26: danger: ‘xn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/2) # 896| * analysis of the entry below. # 897| */ # 898|-> if ((error = do_string(__G__ G.crec.extra_field_length, # 899| EXTRA_FIELD)) != 0) # 900| { Error: GCC_ANALYZER_WARNING (CWE-401): [#def55] unzip60/zipinfo.c:916:21: warning[-Wanalyzer-malloc-leak]: leak of ‘fn_matched’ unzip60/zipinfo.c:787:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:788:35: branch_true: ...to here unzip60/zipinfo.c:788:28: acquire_memory: allocated here unzip60/zipinfo.c:787:9: branch_true: following ‘true’ branch (when ‘fn_matched’ is non-NULL)... unzip60/zipinfo.c:787:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:846:22: branch_false: ...to here unzip60/zipinfo.c:846:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:851:38: branch_false: ...to here unzip60/zipinfo.c:860:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:892:13: branch_false: ...to here unzip60/zipinfo.c:892:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:898:42: branch_true: ...to here unzip60/zipinfo.c:898:16: branch_true: following ‘true’ branch... unzip60/zipinfo.c:901:21: branch_true: ...to here unzip60/zipinfo.c:901:20: branch_true: following ‘true’ branch... unzip60/zipinfo.c:902:21: branch_true: ...to here unzip60/zipinfo.c:916:21: throw: if ‘fnprint’ throws an exception... unzip60/zipinfo.c:916:21: danger: ‘fn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/2) # 914| case 1: # 915| case 2: # 916|-> fnprint(__G); # 917| SKIP_(G.crec.file_comment_length) # 918| break; Error: GCC_ANALYZER_WARNING (CWE-401): [#def56] unzip60/zipinfo.c:916:21: warning[-Wanalyzer-malloc-leak]: leak of ‘xn_matched’ unzip60/zipinfo.c:792:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:793:35: branch_true: ...to here unzip60/zipinfo.c:793:28: acquire_memory: allocated here unzip60/zipinfo.c:792:9: branch_true: following ‘true’ branch (when ‘xn_matched’ is non-NULL)... unzip60/zipinfo.c:792:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:846:22: branch_false: ...to here unzip60/zipinfo.c:846:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:851:38: branch_false: ...to here unzip60/zipinfo.c:851:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:854:14: branch_true: ...to here unzip60/zipinfo.c:856:14: branch_false: following ‘false’ branch... unzip60/zipinfo.c:860:14: branch_false: ...to here unzip60/zipinfo.c:860:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:863:17: branch_true: ...to here unzip60/zipinfo.c:863:16: branch_true: following ‘true’ branch... unzip60/zipinfo.c:875:16: branch_true: ...to here unzip60/zipinfo.c:875:16: branch_true: following ‘true’ branch (when ‘do_this_file != 0’)... unzip60/zipinfo.c:875:16: branch_true: ...to here unzip60/zipinfo.c:876:29: branch_true: following ‘true’ branch... unzip60/zipinfo.c:877:25: branch_true: ...to here unzip60/zipinfo.c:877:24: branch_true: following ‘true’ branch... unzip60/zipinfo.c:879:28: branch_true: ...to here unzip60/zipinfo.c:879:28: branch_true: following ‘true’ branch (when ‘xn_matched’ is non-NULL)... unzip60/zipinfo.c:880:39: branch_true: ...to here unzip60/zipinfo.c:892:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:898:42: branch_true: ...to here unzip60/zipinfo.c:898:16: branch_true: following ‘true’ branch... unzip60/zipinfo.c:901:21: branch_true: ...to here unzip60/zipinfo.c:901:20: branch_true: following ‘true’ branch... unzip60/zipinfo.c:902:21: branch_true: ...to here unzip60/zipinfo.c:916:21: throw: if ‘fnprint’ throws an exception... unzip60/zipinfo.c:916:21: danger: ‘xn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/2) # 914| case 1: # 915| case 2: # 916|-> fnprint(__G); # 917| SKIP_(G.crec.file_comment_length) # 918| break; Error: GCC_ANALYZER_WARNING (CWE-401): [#def57] unzip60/zipinfo.c:917:21: warning[-Wanalyzer-malloc-leak]: leak of ‘fn_matched’ unzip60/zipinfo.c:787:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:788:35: branch_true: ...to here unzip60/zipinfo.c:788:28: acquire_memory: allocated here unzip60/zipinfo.c:787:9: branch_true: following ‘true’ branch (when ‘fn_matched’ is non-NULL)... unzip60/zipinfo.c:787:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:846:22: branch_false: ...to here unzip60/zipinfo.c:846:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:851:38: branch_false: ...to here unzip60/zipinfo.c:860:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:892:13: branch_false: ...to here unzip60/zipinfo.c:892:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:898:42: branch_true: ...to here unzip60/zipinfo.c:898:16: branch_true: following ‘true’ branch... unzip60/zipinfo.c:901:21: branch_true: ...to here unzip60/zipinfo.c:901:20: branch_true: following ‘true’ branch... unzip60/zipinfo.c:902:21: branch_true: ...to here unzip60/zipinfo.c:917:21: branch_true: following ‘true’ branch... unzip60/zipinfo.c:917:21: branch_true: ...to here unzip60/zipinfo.c:917:21: throw: if ‘do_string’ throws an exception... unzip60/zipinfo.c:917:21: danger: ‘fn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/2) # 915| case 2: # 916| fnprint(__G); # 917|-> SKIP_(G.crec.file_comment_length) # 918| break; # 919| Error: GCC_ANALYZER_WARNING (CWE-401): [#def58] unzip60/zipinfo.c:917:21: warning[-Wanalyzer-malloc-leak]: leak of ‘xn_matched’ unzip60/zipinfo.c:792:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:793:35: branch_true: ...to here unzip60/zipinfo.c:793:28: acquire_memory: allocated here unzip60/zipinfo.c:792:9: branch_true: following ‘true’ branch (when ‘xn_matched’ is non-NULL)... unzip60/zipinfo.c:792:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:846:22: branch_false: ...to here unzip60/zipinfo.c:846:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:851:38: branch_false: ...to here unzip60/zipinfo.c:851:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:854:14: branch_true: ...to here unzip60/zipinfo.c:856:14: branch_false: following ‘false’ branch... unzip60/zipinfo.c:860:14: branch_false: ...to here unzip60/zipinfo.c:860:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:863:17: branch_true: ...to here unzip60/zipinfo.c:863:16: branch_true: following ‘true’ branch... unzip60/zipinfo.c:875:16: branch_true: ...to here unzip60/zipinfo.c:875:16: branch_true: following ‘true’ branch (when ‘do_this_file != 0’)... unzip60/zipinfo.c:875:16: branch_true: ...to here unzip60/zipinfo.c:876:29: branch_true: following ‘true’ branch... unzip60/zipinfo.c:877:25: branch_true: ...to here unzip60/zipinfo.c:877:24: branch_true: following ‘true’ branch... unzip60/zipinfo.c:879:28: branch_true: ...to here unzip60/zipinfo.c:879:28: branch_true: following ‘true’ branch (when ‘xn_matched’ is non-NULL)... unzip60/zipinfo.c:880:39: branch_true: ...to here unzip60/zipinfo.c:892:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:898:42: branch_true: ...to here unzip60/zipinfo.c:898:16: branch_true: following ‘true’ branch... unzip60/zipinfo.c:901:21: branch_true: ...to here unzip60/zipinfo.c:901:20: branch_true: following ‘true’ branch... unzip60/zipinfo.c:902:21: branch_true: ...to here unzip60/zipinfo.c:917:21: branch_true: following ‘true’ branch... unzip60/zipinfo.c:917:21: branch_true: ...to here unzip60/zipinfo.c:917:21: throw: if ‘do_string’ throws an exception... unzip60/zipinfo.c:917:21: danger: ‘xn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/2) # 915| case 2: # 916| fnprint(__G); # 917|-> SKIP_(G.crec.file_comment_length) # 918| break; # 919| Error: GCC_ANALYZER_WARNING (CWE-401): [#def59] unzip60/zipinfo.c:929:21: warning[-Wanalyzer-malloc-leak]: leak of ‘fn_matched’ unzip60/zipinfo.c:787:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:788:35: branch_true: ...to here unzip60/zipinfo.c:788:28: acquire_memory: allocated here unzip60/zipinfo.c:787:9: branch_true: following ‘true’ branch (when ‘fn_matched’ is non-NULL)... unzip60/zipinfo.c:787:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:846:22: branch_false: ...to here unzip60/zipinfo.c:846:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:851:38: branch_false: ...to here unzip60/zipinfo.c:860:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:892:13: branch_false: ...to here unzip60/zipinfo.c:892:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:898:42: branch_true: ...to here unzip60/zipinfo.c:898:16: branch_true: following ‘true’ branch... unzip60/zipinfo.c:901:21: branch_true: ...to here unzip60/zipinfo.c:901:20: branch_true: following ‘true’ branch... unzip60/zipinfo.c:902:21: branch_true: ...to here unzip60/zipinfo.c:929:21: throw: if the called function throws an exception... unzip60/zipinfo.c:929:21: danger: ‘fn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/2) # 927| # 928| case 10: # 929|-> Info(slide, 0, ((char *)slide, # 930| LoadFarString(CentralDirEntry), j)); # 931| if ((error = zi_long(__G__ &endprev, Error: GCC_ANALYZER_WARNING (CWE-401): [#def60] unzip60/zipinfo.c:929:21: warning[-Wanalyzer-malloc-leak]: leak of ‘xn_matched’ unzip60/zipinfo.c:792:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:793:35: branch_true: ...to here unzip60/zipinfo.c:793:28: acquire_memory: allocated here unzip60/zipinfo.c:792:9: branch_true: following ‘true’ branch (when ‘xn_matched’ is non-NULL)... unzip60/zipinfo.c:792:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:846:22: branch_false: ...to here unzip60/zipinfo.c:846:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:851:38: branch_false: ...to here unzip60/zipinfo.c:851:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:854:14: branch_true: ...to here unzip60/zipinfo.c:856:14: branch_false: following ‘false’ branch... unzip60/zipinfo.c:860:14: branch_false: ...to here unzip60/zipinfo.c:860:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:863:17: branch_true: ...to here unzip60/zipinfo.c:863:16: branch_true: following ‘true’ branch... unzip60/zipinfo.c:875:16: branch_true: ...to here unzip60/zipinfo.c:875:16: branch_true: following ‘true’ branch (when ‘do_this_file != 0’)... unzip60/zipinfo.c:875:16: branch_true: ...to here unzip60/zipinfo.c:876:29: branch_true: following ‘true’ branch... unzip60/zipinfo.c:877:25: branch_true: ...to here unzip60/zipinfo.c:877:24: branch_true: following ‘true’ branch... unzip60/zipinfo.c:879:28: branch_true: ...to here unzip60/zipinfo.c:879:28: branch_true: following ‘true’ branch (when ‘xn_matched’ is non-NULL)... unzip60/zipinfo.c:880:39: branch_true: ...to here unzip60/zipinfo.c:892:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:898:42: branch_true: ...to here unzip60/zipinfo.c:898:16: branch_true: following ‘true’ branch... unzip60/zipinfo.c:901:21: branch_true: ...to here unzip60/zipinfo.c:901:20: branch_true: following ‘true’ branch... unzip60/zipinfo.c:902:21: branch_true: ...to here unzip60/zipinfo.c:929:21: throw: if the called function throws an exception... unzip60/zipinfo.c:929:21: danger: ‘xn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/2) # 927| # 928| case 10: # 929|-> Info(slide, 0, ((char *)slide, # 930| LoadFarString(CentralDirEntry), j)); # 931| if ((error = zi_long(__G__ &endprev, Error: GCC_ANALYZER_WARNING (CWE-401): [#def61] unzip60/zipinfo.c:938:21: warning[-Wanalyzer-malloc-leak]: leak of ‘fn_matched’ unzip60/zipinfo.c:787:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:788:35: branch_true: ...to here unzip60/zipinfo.c:788:28: acquire_memory: allocated here unzip60/zipinfo.c:787:9: branch_true: following ‘true’ branch (when ‘fn_matched’ is non-NULL)... unzip60/zipinfo.c:787:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:846:22: branch_false: ...to here unzip60/zipinfo.c:846:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:851:38: branch_false: ...to here unzip60/zipinfo.c:892:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:898:42: branch_true: ...to here unzip60/zipinfo.c:898:16: branch_true: following ‘true’ branch... unzip60/zipinfo.c:901:21: branch_true: ...to here unzip60/zipinfo.c:901:20: branch_true: following ‘true’ branch... unzip60/zipinfo.c:902:21: branch_true: ...to here unzip60/zipinfo.c:938:21: branch_true: following ‘true’ branch... unzip60/zipinfo.c:938:21: danger: ‘fn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/2) # 936| # 937| default: # 938|-> SKIP_(G.crec.file_comment_length) # 939| break; # 940| Error: GCC_ANALYZER_WARNING (CWE-401): [#def62] unzip60/zipinfo.c:938:21: warning[-Wanalyzer-malloc-leak]: leak of ‘xn_matched’ unzip60/zipinfo.c:792:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:793:35: branch_true: ...to here unzip60/zipinfo.c:793:28: acquire_memory: allocated here unzip60/zipinfo.c:792:9: branch_true: following ‘true’ branch (when ‘xn_matched’ is non-NULL)... unzip60/zipinfo.c:792:9: branch_true: ...to here unzip60/zipinfo.c:818:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:822:13: branch_false: ...to here unzip60/zipinfo.c:822:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:846:22: branch_false: ...to here unzip60/zipinfo.c:846:12: branch_false: following ‘false’ branch... unzip60/zipinfo.c:851:38: branch_false: ...to here unzip60/zipinfo.c:851:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:854:14: branch_true: ...to here unzip60/zipinfo.c:856:14: branch_false: following ‘false’ branch... unzip60/zipinfo.c:860:14: branch_false: ...to here unzip60/zipinfo.c:860:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:863:17: branch_true: ...to here unzip60/zipinfo.c:863:16: branch_true: following ‘true’ branch... unzip60/zipinfo.c:875:16: branch_true: ...to here unzip60/zipinfo.c:875:16: branch_true: following ‘true’ branch (when ‘do_this_file != 0’)... unzip60/zipinfo.c:875:16: branch_true: ...to here unzip60/zipinfo.c:876:29: branch_true: following ‘true’ branch... unzip60/zipinfo.c:877:25: branch_true: ...to here unzip60/zipinfo.c:877:24: branch_true: following ‘true’ branch... unzip60/zipinfo.c:879:28: branch_true: ...to here unzip60/zipinfo.c:879:28: branch_true: following ‘true’ branch (when ‘xn_matched’ is non-NULL)... unzip60/zipinfo.c:880:39: branch_true: ...to here unzip60/zipinfo.c:892:12: branch_true: following ‘true’ branch... unzip60/zipinfo.c:898:42: branch_true: ...to here unzip60/zipinfo.c:898:16: branch_true: following ‘true’ branch... unzip60/zipinfo.c:901:21: branch_true: ...to here unzip60/zipinfo.c:901:20: branch_true: following ‘true’ branch... unzip60/zipinfo.c:902:21: branch_true: ...to here unzip60/zipinfo.c:938:21: branch_true: following ‘true’ branch... unzip60/zipinfo.c:938:21: branch_true: ...to here unzip60/zipinfo.c:938:21: throw: if ‘do_string’ throws an exception... unzip60/zipinfo.c:938:21: danger: ‘xn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/2) # 936| # 937| default: # 938|-> SKIP_(G.crec.file_comment_length) # 939| break; # 940| Error: GCC_ANALYZER_WARNING (CWE-401): [#def63] unzip60/zipinfo.c:979:23: warning[-Wanalyzer-malloc-leak]: leak of ‘fn_matched’ unzip60/zipinfo.c:787:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:788:35: branch_true: ...to here unzip60/zipinfo.c:788:28: acquire_memory: allocated here unzip60/zipinfo.c:787:9: branch_true: following ‘true’ branch (when ‘fn_matched’ is non-NULL)... unzip60/zipinfo.c:787:9: branch_true: ...to here unzip60/zipinfo.c:977:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:979:23: throw: if ‘ratio’ throws an exception... unzip60/zipinfo.c:979:23: danger: ‘fn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/2) # 977| if ((error_in_archive <= PK_WARN) && uO.tflag) { # 978| char *sgn = ""; # 979|-> int cfactor = ratio(tot_ucsize, tot_csize); # 980| # 981| if (cfactor < 0) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def64] unzip60/zipinfo.c:979:23: warning[-Wanalyzer-malloc-leak]: leak of ‘xn_matched’ unzip60/zipinfo.c:792:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:793:35: branch_true: ...to here unzip60/zipinfo.c:793:28: acquire_memory: allocated here unzip60/zipinfo.c:792:9: branch_true: following ‘true’ branch (when ‘xn_matched’ is non-NULL)... unzip60/zipinfo.c:792:9: branch_true: ...to here unzip60/zipinfo.c:977:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:979:23: throw: if ‘ratio’ throws an exception... unzip60/zipinfo.c:979:23: danger: ‘xn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/2) # 977| if ((error_in_archive <= PK_WARN) && uO.tflag) { # 978| char *sgn = ""; # 979|-> int cfactor = ratio(tot_ucsize, tot_csize); # 980| # 981| if (cfactor < 0) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def65] unzip60/zipinfo.c:985:9: warning[-Wanalyzer-malloc-leak]: leak of ‘fn_matched’ unzip60/zipinfo.c:787:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:788:35: branch_true: ...to here unzip60/zipinfo.c:788:28: acquire_memory: allocated here unzip60/zipinfo.c:787:9: branch_true: following ‘true’ branch (when ‘fn_matched’ is non-NULL)... unzip60/zipinfo.c:787:9: branch_true: ...to here unzip60/zipinfo.c:977:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:985:9: branch_false: following ‘false’ branch (when ‘members != 1’)... unzip60/zipinfo.c:985:9: branch_false: ...to here unzip60/zipinfo.c:985:9: throw: if the called function throws an exception... unzip60/zipinfo.c:985:9: danger: ‘fn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/2) # 983| cfactor = -cfactor; # 984| } # 985|-> Info(slide, 0, ((char *)slide, LoadFarString(ZipfileStats), # 986| members, (members==1L)? nullStr:PlurSufx, # 987| FmZofft(tot_ucsize, NULL, "u"), Error: GCC_ANALYZER_WARNING (CWE-401): [#def66] unzip60/zipinfo.c:985:9: warning[-Wanalyzer-malloc-leak]: leak of ‘xn_matched’ unzip60/zipinfo.c:792:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:793:35: branch_true: ...to here unzip60/zipinfo.c:793:28: acquire_memory: allocated here unzip60/zipinfo.c:792:9: branch_true: following ‘true’ branch (when ‘xn_matched’ is non-NULL)... unzip60/zipinfo.c:792:9: branch_true: ...to here unzip60/zipinfo.c:977:8: branch_true: following ‘true’ branch... unzip60/zipinfo.c:985:9: branch_false: following ‘false’ branch (when ‘members != 1’)... unzip60/zipinfo.c:985:9: branch_false: ...to here unzip60/zipinfo.c:985:9: throw: if the called function throws an exception... unzip60/zipinfo.c:985:9: danger: ‘xn_matched’ leaks here; was allocated at [(3)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/2) # 983| cfactor = -cfactor; # 984| } # 985|-> Info(slide, 0, ((char *)slide, LoadFarString(ZipfileStats), # 986| members, (members==1L)? nullStr:PlurSufx, # 987| FmZofft(tot_ucsize, NULL, "u"), Error: GCC_ANALYZER_WARNING (CWE-121): [#def67] unzip60/zipinfo.c:2351:20: warning[-Wanalyzer-out-of-bounds]: stack-based buffer overflow unzip60/zipinfo.c:1942:12: enter_function: entry to ‘zi_short’ unzip60/zipinfo.c:2006:18: branch_true: following ‘true’ branch (when ‘k != 15’)... unzip60/zipinfo.c:2007:9: branch_true: ...to here unzip60/zipinfo.c:2145:20: branch_false: following ‘false’ branch... unzip60/zipinfo.c:2149:21: branch_false: ...to here unzip60/zipinfo.c:2242:16: branch_true: following ‘true’ branch... unzip60/zipinfo.c:2246:17: branch_true: ...to here unzip60/zipinfo.c:2242:16: branch_true: following ‘true’ branch... unzip60/zipinfo.c:2251:5: branch_true: ...to here unzip60/zipinfo.c:2255:5: call_function: calling ‘zi_time’ from ‘zi_short’ # 2349| * return string with '?' instead of data # 2350| */ # 2351|-> return (strcpy(d_t_str, LoadFarString(lngYMDHMSTimeError))); # 2352| } else # 2353| t = (struct tm *)NULL;
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-74.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | unzip-6.0-68.fc44 |
| store-results-to | /tmp/tmpyz9t6ker/unzip-6.0-68.fc44.tar.xz |
| time-created | 2026-01-08 22:02:04 |
| time-finished | 2026-01-08 22:03:27 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpyz9t6ker/unzip-6.0-68.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpyz9t6ker/unzip-6.0-68.fc44.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |