Error: COMPILER_WARNING (CWE-1164): [#def1] work/whois.c: scope_hint: At top level work/whois.c:44:13: warning[-Wunused-function]: ‘find_referral_server_6bone’ declared ‘static’ but never defined # 44 | static void find_referral_server_6bone(char **, const char *); # | ^~~~~~~~~~~~~~~~~~~~~~~~~~ # 42| # 43| /* prototypes referenced in data.h */ # 44|-> static void find_referral_server_6bone(char **, const char *); # 45| static void find_referral_server_apnic(char **, const char *); # 46| static void find_referral_server_arin(char **, const char *); Error: GCC_ANALYZER_WARNING (CWE-401): [#def2] work/whois.c:670:17: warning[-Wanalyzer-malloc-leak]: leak of ‘do_nofail(malloc(strlen(flags) + strlen(query) + strlen(client_tag) + 64), "whois.c", 667)’ work/whois.c:684:5: throw: if ‘simple_recode_iconv_close’ throws an exception... work/whois.c:670:17: danger: ‘do_nofail(malloc(strlen(flags) + strlen(query) + strlen(client_tag) + 64), "whois.c", 667)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/50/codeFlows/0/threadFlows/0/locations/0) # 668| *buf = '\0'; # 669| # 670|-> for (i = 0; ripe_servers[i]; i++) # 671| if (streq(server, ripe_servers[i])) { # 672| sprintf(buf + strlen(buf), "-V %s ", client_tag); Error: GCC_ANALYZER_WARNING (CWE-401): [#def3] work/whois.c:864:21: warning[-Wanalyzer-malloc-leak]: leak of ‘do_nofail(strdup(rir_servers[<unknown>]), "whois.c", 866)’ work/whois.c:819:8: branch_false: following ‘false’ branch... work/whois.c:822:8: branch_false: ...to here work/whois.c:822:8: branch_false: following ‘false’ branch... work/whois.c:852:8: branch_false: ...to here work/whois.c:852:8: branch_true: following ‘true’ branch... work/whois.c:864:21: branch_true: following ‘true’ branch... work/whois.c:865:17: branch_true: ...to here work/whois.c:865:16: branch_true: following ‘true’ branch (when the strings are equal)... work/whois.c:866:36: branch_true: ...to here work/whois.c:864:21: branch_true: following ‘true’ branch... work/whois.c:865:17: branch_true: ...to here work/whois.c:865:16: branch_true: following ‘true’ branch (when the strings are equal)... work/whois.c:866:36: branch_true: ...to here work/whois.c:866:36: throw: if ‘do_nofail’ throws an exception... work/whois.c:864:21: danger: ‘do_nofail(strdup(rir_servers[<unknown>]), "whois.c", 866)’ leaks here; was allocated at [(11)](sarif:/runs/0/results/52/codeFlows/0/threadFlows/0/locations/10) # 862| state = 4; # 863| # 864|-> for (i = 0; rir_servers[i]; i += 2) # 865| if (streq(rir_name, rir_servers[i])) # 866| *referral_server = strdup(rir_servers[i + 1]); Error: GCC_ANALYZER_WARNING (CWE-401): [#def4] work/whois.c:976:5: warning[-Wanalyzer-malloc-leak]: leak of ‘do_nofail(malloc(strlen(query) + 3), "whois.c", 974)’ work/whois.c:965:7: enter_function: entry to ‘query_server’ work/whois.c:978:17: branch_true: following ‘true’ branch... work/whois.c:982:13: branch_true: ...to here work/whois.c:987:19: branch_false: following ‘false’ branch (when the strings are non-equal)... work/whois.c:978:51: branch_false: ...to here work/whois.c:987:19: branch_false: following ‘false’ branch (when the strings are non-equal)... work/whois.c:978:51: branch_false: ...to here work/whois.c:993:12: call_function: calling ‘openconn’ from ‘query_server’ # 974| temp = malloc(strlen(query) + 2 + 1); # 975| strcpy(temp, query); # 976|-> strcat(temp, "\r\n"); # 977| # 978| for (i = 0; server_referral_handlers[i].name; i++) { Error: GCC_ANALYZER_WARNING (CWE-401): [#def5] work/whois.c:1043:30: warning[-Wanalyzer-malloc-leak]: leak of ‘do_nofail(malloc(strlen(query) + 10), "whois.c", 1039)’ work/whois.c:1032:7: enter_function: entry to ‘query_verisign’ work/whois.c:1051:23: call_function: calling ‘query_server’ from ‘query_verisign’ # 1041| # 1042| /* if this has more than one dot then it is a name server */ # 1043|-> for (p = (char *) query; *p != '\0'; p++) # 1044| if (*p == '.') # 1045| dotscount++; Error: GCC_ANALYZER_WARNING (CWE-401): [#def6] work/whois.c:1294:27: warning[-Wanalyzer-malloc-leak]: leak of ‘do_nofail(strdup(dom), "whois.c", 1292)’ work/whois.c:1307:8: branch_false: following ‘false’ branch... work/whois.c:1307:8: branch_false: ...to here work/whois.c:1311:19: branch_true: following ‘true’ branch... work/whois.c:1312:12: branch_true: ...to here work/whois.c:1311:19: branch_false: following ‘false’ branch... work/whois.c:1315:8: branch_false: ...to here work/whois.c:1315:8: branch_false: following ‘false’ branch (when ‘domain_start’ is NULL)... work/whois.c:1341:13: branch_false: ...to here work/whois.c:1341:13: throw: if ‘idn2_lookup_ul’ throws an exception... work/whois.c:1294:27: danger: ‘do_nofail(strdup(dom), "whois.c", 1292)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/82/codeFlows/0/threadFlows/0/locations/0) # 1292| ret = strdup(dom); # 1293| /* start from the last character */ # 1294|-> p = ret + strlen(ret) - 1; # 1295| /* and then eat trailing dots and blanks */ # 1296| while (p > ret) {
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| diffbase-analyzer-version-clippy | 1.92.0 |
| diffbase-analyzer-version-cppcheck | 2.19.1 |
| diffbase-analyzer-version-gcc | 16.0.0 |
| diffbase-analyzer-version-gcc-analyzer | 16.0.0 |
| diffbase-analyzer-version-shellcheck | 0.11.0 |
| diffbase-analyzer-version-unicontrol | 0.0.2 |
| diffbase-enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| diffbase-exit-code | 0 |
| diffbase-host | ip-172-16-1-100.us-west-2.compute.internal |
| diffbase-known-false-positives | /usr/share/csmock/known-false-positives.js |
| diffbase-known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| diffbase-mock-config | fedora-rawhide-x86_64 |
| diffbase-project-name | whois-5.6.5-1.fc44 |
| diffbase-store-results-to | /tmp/tmp4kzqzfeb/whois-5.6.5-1.fc44.tar.xz |
| diffbase-time-created | 2026-01-08 22:07:17 |
| diffbase-time-finished | 2026-01-08 22:08:32 |
| diffbase-tool | csmock |
| diffbase-tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmp4kzqzfeb/whois-5.6.5-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp4kzqzfeb/whois-5.6.5-1.fc44.src.rpm' |
| diffbase-tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-100.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | whois-5.6.4-1.fc43 |
| store-results-to | /tmp/tmpjo0d5k7t/whois-5.6.4-1.fc43.tar.xz |
| time-created | 2026-01-08 22:05:15 |
| time-finished | 2026-01-08 22:07:00 |
| title | Fixed findings |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpjo0d5k7t/whois-5.6.4-1.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpjo0d5k7t/whois-5.6.4-1.fc43.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |