Error: GCC_ANALYZER_WARNING (CWE-401): [#def1] work/whois.c:669:17: warning[-Wanalyzer-malloc-leak]: leak of ‘do_nofail(malloc(strlen(flags) + strlen(query) + strlen(client_tag) + 64), "whois.c", 666)’ work/whois.c:683:5: throw: if ‘simple_recode_iconv_close’ throws an exception... work/whois.c:669:17: danger: ‘do_nofail(malloc(strlen(flags) + strlen(query) + strlen(client_tag) + 64), "whois.c", 666)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/50/codeFlows/0/threadFlows/0/locations/0) # 667| *buf = '\0'; # 668| # 669|-> for (i = 0; ripe_servers[i]; i++) # 670| if (streq(server, ripe_servers[i])) { # 671| sprintf(buf + strlen(buf), "-V %s ", client_tag); Error: GCC_ANALYZER_WARNING (CWE-401): [#def2] work/whois.c:863:21: warning[-Wanalyzer-malloc-leak]: leak of ‘do_nofail(strdup(rir_servers[<unknown>]), "whois.c", 865)’ work/whois.c:818:8: branch_false: following ‘false’ branch... work/whois.c:821:8: branch_false: ...to here work/whois.c:821:8: branch_false: following ‘false’ branch... work/whois.c:851:8: branch_false: ...to here work/whois.c:851:8: branch_true: following ‘true’ branch... work/whois.c:863:21: branch_true: following ‘true’ branch... work/whois.c:864:17: branch_true: ...to here work/whois.c:864:16: branch_true: following ‘true’ branch (when the strings are equal)... work/whois.c:865:36: branch_true: ...to here work/whois.c:863:21: branch_true: following ‘true’ branch... work/whois.c:864:17: branch_true: ...to here work/whois.c:864:16: branch_true: following ‘true’ branch (when the strings are equal)... work/whois.c:865:36: branch_true: ...to here work/whois.c:865:36: throw: if ‘do_nofail’ throws an exception... work/whois.c:863:21: danger: ‘do_nofail(strdup(rir_servers[<unknown>]), "whois.c", 865)’ leaks here; was allocated at [(11)](sarif:/runs/0/results/52/codeFlows/0/threadFlows/0/locations/10) # 861| state = 4; # 862| # 863|-> for (i = 0; rir_servers[i]; i += 2) # 864| if (streq(rir_name, rir_servers[i])) # 865| *referral_server = strdup(rir_servers[i + 1]); Error: GCC_ANALYZER_WARNING (CWE-401): [#def3] work/whois.c:975:5: warning[-Wanalyzer-malloc-leak]: leak of ‘do_nofail(malloc(strlen(query) + 3), "whois.c", 973)’ work/whois.c:964:7: enter_function: entry to ‘query_server’ work/whois.c:977:17: branch_true: following ‘true’ branch... work/whois.c:981:13: branch_true: ...to here work/whois.c:986:19: branch_false: following ‘false’ branch (when the strings are non-equal)... work/whois.c:977:51: branch_false: ...to here work/whois.c:986:19: branch_false: following ‘false’ branch (when the strings are non-equal)... work/whois.c:977:51: branch_false: ...to here work/whois.c:992:12: call_function: calling ‘openconn’ from ‘query_server’ # 973| temp = malloc(strlen(query) + 2 + 1); # 974| strcpy(temp, query); # 975|-> strcat(temp, "\r\n"); # 976| # 977| for (i = 0; server_referral_handlers[i].name; i++) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def4] work/whois.c:1042:30: warning[-Wanalyzer-malloc-leak]: leak of ‘do_nofail(malloc(strlen(query) + 10), "whois.c", 1038)’ work/whois.c:1031:7: enter_function: entry to ‘query_verisign’ work/whois.c:1050:23: call_function: calling ‘query_server’ from ‘query_verisign’ # 1040| # 1041| /* if this has more than one dot then it is a name server */ # 1042|-> for (p = (char *) query; *p != '\0'; p++) # 1043| if (*p == '.') # 1044| dotscount++; Error: GCC_ANALYZER_WARNING (CWE-401): [#def5] work/whois.c:1293:27: warning[-Wanalyzer-malloc-leak]: leak of ‘do_nofail(strdup(dom), "whois.c", 1291)’ work/whois.c:1306:8: branch_false: following ‘false’ branch... work/whois.c:1306:8: branch_false: ...to here work/whois.c:1310:19: branch_true: following ‘true’ branch... work/whois.c:1311:12: branch_true: ...to here work/whois.c:1310:19: branch_false: following ‘false’ branch... work/whois.c:1314:8: branch_false: ...to here work/whois.c:1314:8: branch_false: following ‘false’ branch (when ‘domain_start’ is NULL)... work/whois.c:1340:13: branch_false: ...to here work/whois.c:1340:13: throw: if ‘idn2_lookup_ul’ throws an exception... work/whois.c:1293:27: danger: ‘do_nofail(strdup(dom), "whois.c", 1291)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/82/codeFlows/0/threadFlows/0/locations/0) # 1291| ret = strdup(dom); # 1292| /* start from the last character */ # 1293|-> p = ret + strlen(ret) - 1; # 1294| /* and then eat trailing dots and blanks */ # 1295| while (p > ret) {
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.92.0 |
| diffbase-analyzer-version-cppcheck | 2.19.1 |
| diffbase-analyzer-version-gcc | 16.0.0 |
| diffbase-analyzer-version-gcc-analyzer | 16.0.0 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-100.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | whois-5.6.4-1.fc43 |
| diffbase-store-results-to | /tmp/tmpjo0d5k7t/whois-5.6.4-1.fc43.tar.xz |
| diffbase-time-created | 2026-01-08 22:05:15 |
| diffbase-time-finished | 2026-01-08 22:07:00 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpjo0d5k7t/whois-5.6.4-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpjo0d5k7t/whois-5.6.4-1.fc43.src.rpm' |
| diffbase-tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-100.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | whois-5.6.5-1.fc44 |
| store-results-to | /tmp/tmp4kzqzfeb/whois-5.6.5-1.fc44.tar.xz |
| time-created | 2026-01-08 22:07:17 |
| time-finished | 2026-01-08 22:08:32 |
| title | Newly introduced findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmp4kzqzfeb/whois-5.6.5-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp4kzqzfeb/whois-5.6.5-1.fc44.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |