whois-5.6.5-1.fc44

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1]
work/mkpasswd.c:180:18: warning[-Wanalyzer-malloc-leak]: leak of ‘do_nofail(strdup(optarg), "mkpasswd.c", 196)’
work/mkpasswd.c:180:12: branch_true: following ‘true’ branch (when ‘ch > 0’)...
work/mkpasswd.c:182:9: branch_true: ...to here
work/mkpasswd.c:188:16: branch_false: following ‘false’ branch...
work/mkpasswd.c:193:16: branch_true: following ‘true’ branch...
work/mkpasswd.c:194:24: branch_true: ...to here
work/mkpasswd.c:193:17: branch_true: following ‘true’ branch...
work/mkpasswd.c:195:50: branch_true: ...to here
work/mkpasswd.c:193:17: branch_true: following ‘true’ branch...
work/mkpasswd.c:196:31: branch_true: ...to here
work/mkpasswd.c:180:12: branch_true: following ‘true’ branch (when ‘ch > 0’)...
work/mkpasswd.c:182:9: branch_true: ...to here
work/mkpasswd.c:188:16: branch_false: following ‘false’ branch...
work/mkpasswd.c:193:16: branch_true: following ‘true’ branch...
work/mkpasswd.c:194:24: branch_true: ...to here
work/mkpasswd.c:193:17: branch_true: following ‘true’ branch...
work/mkpasswd.c:195:50: branch_true: ...to here
work/mkpasswd.c:193:17: branch_true: following ‘true’ branch...
work/mkpasswd.c:196:31: branch_true: ...to here
work/mkpasswd.c:196:31: throw: if ‘do_nofail’ throws an exception...
work/mkpasswd.c:180:18: danger: ‘do_nofail(strdup(optarg), "mkpasswd.c", 196)’ leaks here; was allocated at [(13)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/12)
#  178|       argv = merge_args(getenv("MKPASSWD_OPTIONS"), argv, &argc);
#  179|   
#  180|->     while ((ch = GETOPT_LONGISH(argc, argv, "hH:m:5P:R:sS:V", longopts, NULL))
#  181|   	    > 0) {
#  182|   	switch (ch) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def2]
work/mkpasswd.c:196:31: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(optarg)’
work/mkpasswd.c:180:12: branch_true: following ‘true’ branch (when ‘ch > 0’)...
work/mkpasswd.c:182:9: branch_true: ...to here
work/mkpasswd.c:188:16: branch_false: following ‘false’ branch...
work/mkpasswd.c:193:16: branch_true: following ‘true’ branch...
work/mkpasswd.c:194:24: branch_true: ...to here
work/mkpasswd.c:193:17: branch_true: following ‘true’ branch...
work/mkpasswd.c:195:50: branch_true: ...to here
work/mkpasswd.c:193:17: branch_true: following ‘true’ branch...
work/mkpasswd.c:196:31: branch_true: ...to here
work/mkpasswd.c:196:31: acquire_memory: allocated here
work/mkpasswd.c:196:31: danger: ‘strdup(optarg)’ leaks here; was allocated at [(13)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/12)
#  194|   		    && strlen(optarg) > 2
#  195|   		    && *(optarg + strlen(optarg) - 1) == '$') {
#  196|-> 		salt_prefix = NOFAIL(strdup(optarg));
#  197|   		salt_minlen = 0;
#  198|   		salt_maxlen = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def3]
work/mkpasswd.c:293:16: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(salt_arg)’
work/mkpasswd.c:180:12: branch_true: following ‘true’ branch (when ‘ch > 0’)...
work/mkpasswd.c:182:9: branch_true: ...to here
work/mkpasswd.c:220:20: branch_false: following ‘false’ branch...
work/mkpasswd.c:180:12: branch_false: following ‘false’ branch (when ‘ch <= 0’)...
work/mkpasswd.c:256:10: branch_false: ...to here
work/mkpasswd.c:259:8: branch_true: following ‘true’ branch...
work/mkpasswd.c:270:8: branch_true: following ‘true’ branch (when ‘salt_prefix’ is NULL)...
work/mkpasswd.c:279:9: branch_true: ...to here
work/mkpasswd.c:291:8: branch_true: following ‘true’ branch...
work/mkpasswd.c:293:16: acquire_memory: allocated here
work/mkpasswd.c:293:16: danger: ‘strdup(salt_arg)’ leaks here; was allocated at [(13)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/12)
#  291|       if (salt_arg && salt_arg[0] == '$')
#  292|   	/* the salt begins with the prefix which specifies the method */
#  293|-> 	salt = NOFAIL(strdup(salt_arg));
#  294|       else if (salt_prefix && salt_arg && strchr(salt_arg, '$')) {
#  295|   	/* looks like a salt, but with no initial method prefix */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
work/mkpasswd.c:334:16: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(strlen(salt_arg) + (strlen(salt_prefix) + strlen(&rounds_str)) + 1)’
work/mkpasswd.c:180:12: branch_true: following ‘true’ branch (when ‘ch > 0’)...
work/mkpasswd.c:182:9: branch_true: ...to here
work/mkpasswd.c:220:20: branch_false: following ‘false’ branch...
work/mkpasswd.c:180:12: branch_false: following ‘false’ branch (when ‘ch <= 0’)...
work/mkpasswd.c:256:10: branch_false: ...to here
work/mkpasswd.c:259:8: branch_true: following ‘true’ branch...
work/mkpasswd.c:270:8: branch_true: following ‘true’ branch (when ‘salt_prefix’ is NULL)...
work/mkpasswd.c:279:9: branch_true: ...to here
work/mkpasswd.c:291:9: branch_false: following ‘false’ branch...
work/mkpasswd.c:294:14: branch_false: ...to here
work/mkpasswd.c:294:13: branch_false: following ‘false’ branch...
work/mkpasswd.c:302:15: branch_false: ...to here
work/mkpasswd.c:302:15: branch_true: following ‘true’ branch...
work/mkpasswd.c:305:12: branch_false: following ‘false’ branch...
work/mkpasswd.c:305:12: branch_false: ...to here
work/mkpasswd.c:320:16: branch_false: following ‘false’ branch (when ‘c == 0’)...
work/mkpasswd.c:332:12: branch_false: ...to here
work/mkpasswd.c:332:12: branch_true: following ‘true’ branch (when ‘salt_prefix’ is NULL)...
work/mkpasswd.c:332:12: branch_true: ...to here
work/mkpasswd.c:334:16: acquire_memory: allocated here
work/mkpasswd.c:334:16: danger: ‘malloc(strlen(salt_arg) + (strlen(salt_prefix) + strlen(&rounds_str)) + 1)’ leaks here; was allocated at [(23)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/22)
#  332|   	if (!salt_prefix)
#  333|   	    salt_prefix = "";
#  334|-> 	salt = NOFAIL(malloc(strlen(salt_prefix) + strlen(rounds_str)
#  335|   		+ strlen(salt_arg) + 1));
#  336|   	*salt = '\0';

Error: GCC_ANALYZER_WARNING (CWE-401): [#def5]
work/mkpasswd.c:383:13: warning[-Wanalyzer-malloc-leak]: leak of ‘salt’
work/mkpasswd.c:180:12: branch_true: following ‘true’ branch (when ‘ch > 0’)...
work/mkpasswd.c:182:9: branch_true: ...to here
work/mkpasswd.c:220:20: branch_false: following ‘false’ branch...
work/mkpasswd.c:180:12: branch_false: following ‘false’ branch (when ‘ch <= 0’)...
work/mkpasswd.c:256:10: branch_false: ...to here
work/mkpasswd.c:259:8: branch_true: following ‘true’ branch...
work/mkpasswd.c:270:8: branch_true: following ‘true’ branch (when ‘salt_prefix’ is NULL)...
work/mkpasswd.c:279:9: branch_true: ...to here
work/mkpasswd.c:291:8: branch_true: following ‘true’ branch...
work/mkpasswd.c:375:8: branch_false: following ‘false’ branch (when ‘password’ is NULL)...
work/mkpasswd.c:376:15: branch_false: ...to here
work/mkpasswd.c:376:15: branch_true: following ‘true’ branch (when ‘password_fd != -1’)...
work/mkpasswd.c:379:13: branch_true: ...to here
work/mkpasswd.c:379:12: branch_false: following ‘false’ branch...
work/mkpasswd.c:381:14: branch_false: ...to here
work/mkpasswd.c:382:12: branch_true: following ‘true’ branch (when ‘fp’ is NULL)...
work/mkpasswd.c:383:13: branch_true: ...to here
work/mkpasswd.c:383:13: throw: if ‘perror’ throws an exception...
work/mkpasswd.c:383:13: danger: ‘salt’ leaks here; was allocated at [(13)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/12)
#  381|   	fp = fdopen(password_fd, "r");
#  382|   	if (!fp) {
#  383|-> 	    perror("fdopen");
#  384|   	    exit(2);
#  385|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
work/mkpasswd.c:389:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fp’
work/mkpasswd.c:157:5: enter_function: entry to ‘main’
work/mkpasswd.c:180:12: branch_true: following ‘true’ branch (when ‘ch > 0’)...
work/mkpasswd.c:182:9: branch_true: ...to here
work/mkpasswd.c:220:20: branch_false: following ‘false’ branch...
work/mkpasswd.c:180:12: branch_false: following ‘false’ branch (when ‘ch <= 0’)...
work/mkpasswd.c:256:10: branch_false: ...to here
work/mkpasswd.c:259:9: branch_true: following ‘true’ branch (when ‘salt_arg’ is NULL)...
work/mkpasswd.c:260:9: branch_true: ...to here
work/mkpasswd.c:270:8: branch_true: following ‘true’ branch (when ‘salt_prefix’ is NULL)...
work/mkpasswd.c:279:9: branch_true: ...to here
work/mkpasswd.c:294:13: branch_false: following ‘false’ branch...
work/mkpasswd.c:302:15: branch_false: ...to here
work/mkpasswd.c:352:12: branch_false: following ‘false’ branch (when ‘salt’ is non-NULL)...
work/mkpasswd.c:375:8: branch_false: ...to here
work/mkpasswd.c:375:8: branch_false: following ‘false’ branch (when ‘password’ is NULL)...
work/mkpasswd.c:376:15: branch_false: ...to here
work/mkpasswd.c:376:15: branch_true: following ‘true’ branch (when ‘password_fd != -1’)...
work/mkpasswd.c:379:13: branch_true: ...to here
work/mkpasswd.c:379:12: branch_false: following ‘false’ branch...
work/mkpasswd.c:381:14: branch_false: ...to here
work/mkpasswd.c:381:14: acquire_memory: allocated here
work/mkpasswd.c:382:12: branch_false: following ‘false’ branch (when ‘fp’ is non-NULL)...
work/mkpasswd.c:387:20: branch_false: ...to here
work/mkpasswd.c:387:20: call_function: calling ‘read_line’ from ‘main’
work/mkpasswd.c:387:20: return_function: returning to ‘main’ from ‘read_line’
work/mkpasswd.c:388:12: branch_true: following ‘true’ branch...
work/mkpasswd.c:389:13: branch_true: ...to here
work/mkpasswd.c:389:13: throw: if ‘perror’ throws an exception...
work/mkpasswd.c:389:13: danger: ‘fp’ leaks here; was allocated at [(23)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/22)
#  387|   	password = read_line(fp);
#  388|   	if (!password) {
#  389|-> 	    perror("fgetc");
#  390|   	    exit(2);
#  391|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def7]
work/mkpasswd.c:416:17: warning[-Wanalyzer-malloc-leak]: leak of ‘salt’
work/mkpasswd.c:180:12: branch_true: following ‘true’ branch (when ‘ch > 0’)...
work/mkpasswd.c:182:9: branch_true: ...to here
work/mkpasswd.c:220:20: branch_false: following ‘false’ branch...
work/mkpasswd.c:180:12: branch_false: following ‘false’ branch (when ‘ch <= 0’)...
work/mkpasswd.c:256:10: branch_false: ...to here
work/mkpasswd.c:259:8: branch_true: following ‘true’ branch...
work/mkpasswd.c:270:8: branch_true: following ‘true’ branch (when ‘salt_prefix’ is NULL)...
work/mkpasswd.c:279:9: branch_true: ...to here
work/mkpasswd.c:291:8: branch_true: following ‘true’ branch...
work/mkpasswd.c:375:8: branch_true: following ‘true’ branch (when ‘password’ is non-NULL)...
work/mkpasswd.c:412:18: branch_true: ...to here
work/mkpasswd.c:416:17: throw: if ‘perror’ throws an exception...
work/mkpasswd.c:416:17: danger: ‘salt’ leaks here; was allocated at [(13)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/12)
#  414|   	if (!result || result[0] == '*') {
#  415|   	    if (CRYPT_SETS_ERRNO)
#  416|-> 		perror("crypt");
#  417|   	    else
#  418|   		fprintf(stderr, "crypt failed.\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
work/mkpasswd.c:580:16: warning[-Wanalyzer-malloc-leak]: leak of ‘fp’
work/mkpasswd.c:157:5: enter_function: entry to ‘main’
work/mkpasswd.c:180:12: branch_true: following ‘true’ branch (when ‘ch > 0’)...
work/mkpasswd.c:182:9: branch_true: ...to here
work/mkpasswd.c:220:20: branch_false: following ‘false’ branch...
work/mkpasswd.c:180:12: branch_false: following ‘false’ branch (when ‘ch <= 0’)...
work/mkpasswd.c:256:10: branch_false: ...to here
work/mkpasswd.c:259:9: branch_true: following ‘true’ branch (when ‘salt_arg’ is NULL)...
work/mkpasswd.c:260:9: branch_true: ...to here
work/mkpasswd.c:270:8: branch_true: following ‘true’ branch (when ‘salt_prefix’ is NULL)...
work/mkpasswd.c:279:9: branch_true: ...to here
work/mkpasswd.c:294:13: branch_false: following ‘false’ branch...
work/mkpasswd.c:302:15: branch_false: ...to here
work/mkpasswd.c:352:12: branch_false: following ‘false’ branch (when ‘salt’ is non-NULL)...
work/mkpasswd.c:375:8: branch_false: ...to here
work/mkpasswd.c:375:8: branch_false: following ‘false’ branch (when ‘password’ is NULL)...
work/mkpasswd.c:376:15: branch_false: ...to here
work/mkpasswd.c:376:15: branch_true: following ‘true’ branch (when ‘password_fd != -1’)...
work/mkpasswd.c:379:13: branch_true: ...to here
work/mkpasswd.c:379:12: branch_false: following ‘false’ branch...
work/mkpasswd.c:381:14: branch_false: ...to here
work/mkpasswd.c:381:14: acquire_memory: allocated here
work/mkpasswd.c:382:12: branch_false: following ‘false’ branch (when ‘fp’ is non-NULL)...
work/mkpasswd.c:387:20: branch_false: ...to here
work/mkpasswd.c:387:20: call_function: calling ‘read_line’ from ‘main’
#  578|       char *password;
#  579|   
#  580|->     password = NOFAIL(malloc(size));
#  581|   
#  582|       while ((ch = fgetc(fp)) != EOF) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def9]
work/mkpasswd.c:580:16: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(128)’
work/mkpasswd.c:580:16: acquire_memory: allocated here
work/mkpasswd.c:580:16: danger: ‘malloc(128)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  578|       char *password;
#  579|   
#  580|->     password = NOFAIL(malloc(size));
#  581|   
#  582|       while ((ch = fgetc(fp)) != EOF) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def10]
work/mkpasswd.c:582:18: warning[-Wanalyzer-malloc-leak]: leak of ‘fp’
work/mkpasswd.c:157:5: enter_function: entry to ‘main’
work/mkpasswd.c:180:12: branch_true: following ‘true’ branch (when ‘ch > 0’)...
work/mkpasswd.c:182:9: branch_true: ...to here
work/mkpasswd.c:220:20: branch_false: following ‘false’ branch...
work/mkpasswd.c:180:12: branch_false: following ‘false’ branch (when ‘ch <= 0’)...
work/mkpasswd.c:256:10: branch_false: ...to here
work/mkpasswd.c:259:9: branch_true: following ‘true’ branch (when ‘salt_arg’ is NULL)...
work/mkpasswd.c:260:9: branch_true: ...to here
work/mkpasswd.c:270:8: branch_true: following ‘true’ branch (when ‘salt_prefix’ is NULL)...
work/mkpasswd.c:279:9: branch_true: ...to here
work/mkpasswd.c:294:13: branch_false: following ‘false’ branch...
work/mkpasswd.c:302:15: branch_false: ...to here
work/mkpasswd.c:352:12: branch_false: following ‘false’ branch (when ‘salt’ is non-NULL)...
work/mkpasswd.c:375:8: branch_false: ...to here
work/mkpasswd.c:375:8: branch_false: following ‘false’ branch (when ‘password’ is NULL)...
work/mkpasswd.c:376:15: branch_false: ...to here
work/mkpasswd.c:376:15: branch_true: following ‘true’ branch (when ‘password_fd != -1’)...
work/mkpasswd.c:379:13: branch_true: ...to here
work/mkpasswd.c:379:12: branch_false: following ‘false’ branch...
work/mkpasswd.c:381:14: branch_false: ...to here
work/mkpasswd.c:381:14: acquire_memory: allocated here
work/mkpasswd.c:382:12: branch_false: following ‘false’ branch (when ‘fp’ is non-NULL)...
work/mkpasswd.c:387:20: branch_false: ...to here
work/mkpasswd.c:387:20: call_function: calling ‘read_line’ from ‘main’
#  580|       password = NOFAIL(malloc(size));
#  581|   
#  582|->     while ((ch = fgetc(fp)) != EOF) {
#  583|   	if (ch == '\n' || ch == '\r')
#  584|   	    break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def11]
work/mkpasswd.c:582:18: warning[-Wanalyzer-malloc-leak]: leak of ‘password’
work/mkpasswd.c:582:18: throw: if ‘fgetc’ throws an exception...
work/mkpasswd.c:582:18: danger: ‘password’ leaks here; was allocated at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
#  580|       password = NOFAIL(malloc(size));
#  581|   
#  582|->     while ((ch = fgetc(fp)) != EOF) {
#  583|   	if (ch == '\n' || ch == '\r')
#  584|   	    break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def12]
work/mkpasswd.c:588:24: warning[-Wanalyzer-malloc-leak]: leak of ‘fp’
work/mkpasswd.c:157:5: enter_function: entry to ‘main’
work/mkpasswd.c:180:12: branch_true: following ‘true’ branch (when ‘ch > 0’)...
work/mkpasswd.c:182:9: branch_true: ...to here
work/mkpasswd.c:220:20: branch_false: following ‘false’ branch...
work/mkpasswd.c:180:12: branch_false: following ‘false’ branch (when ‘ch <= 0’)...
work/mkpasswd.c:256:10: branch_false: ...to here
work/mkpasswd.c:259:9: branch_true: following ‘true’ branch (when ‘salt_arg’ is NULL)...
work/mkpasswd.c:260:9: branch_true: ...to here
work/mkpasswd.c:270:8: branch_true: following ‘true’ branch (when ‘salt_prefix’ is NULL)...
work/mkpasswd.c:279:9: branch_true: ...to here
work/mkpasswd.c:294:13: branch_false: following ‘false’ branch...
work/mkpasswd.c:302:15: branch_false: ...to here
work/mkpasswd.c:352:12: branch_false: following ‘false’ branch (when ‘salt’ is non-NULL)...
work/mkpasswd.c:375:8: branch_false: ...to here
work/mkpasswd.c:375:8: branch_false: following ‘false’ branch (when ‘password’ is NULL)...
work/mkpasswd.c:376:15: branch_false: ...to here
work/mkpasswd.c:376:15: branch_true: following ‘true’ branch (when ‘password_fd != -1’)...
work/mkpasswd.c:379:13: branch_true: ...to here
work/mkpasswd.c:379:12: branch_false: following ‘false’ branch...
work/mkpasswd.c:381:14: branch_false: ...to here
work/mkpasswd.c:381:14: acquire_memory: allocated here
work/mkpasswd.c:382:12: branch_false: following ‘false’ branch (when ‘fp’ is non-NULL)...
work/mkpasswd.c:387:20: branch_false: ...to here
work/mkpasswd.c:387:20: call_function: calling ‘read_line’ from ‘main’
#  586|   	if (pos == size) {
#  587|   	    size += 128;
#  588|-> 	    password = NOFAIL(realloc(password, size));
#  589|   	}
#  590|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def13]
work/mkpasswd.c:588:24: warning[-Wanalyzer-malloc-leak]: leak of ‘password’
work/mkpasswd.c:586:12: branch_false: following ‘false’ branch (when ‘size != pos’)...
work/mkpasswd.c:586:12: branch_false: ...to here
work/mkpasswd.c:586:12: branch_false: following ‘false’ branch (when ‘size != pos’)...
work/mkpasswd.c:586:12: branch_false: ...to here
work/mkpasswd.c:586:12: branch_true: following ‘true’ branch (when ‘size == pos’)...
work/mkpasswd.c:587:13: branch_true: ...to here
work/mkpasswd.c:588:24: throw: if ‘do_nofail’ throws an exception...
work/mkpasswd.c:588:24: danger: ‘password’ leaks here; was allocated at [(1)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/0)
#  586|   	if (pos == size) {
#  587|   	    size += 128;
#  588|-> 	    password = NOFAIL(realloc(password, size));
#  589|   	}
#  590|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def14]
work/mkpasswd.c:588:24: warning[-Wanalyzer-malloc-leak]: leak of ‘realloc(password,  size)’
work/mkpasswd.c:586:12: branch_false: following ‘false’ branch (when ‘size != pos’)...
work/mkpasswd.c:586:12: branch_false: ...to here
work/mkpasswd.c:586:12: branch_false: following ‘false’ branch (when ‘size != pos’)...
work/mkpasswd.c:586:12: branch_false: ...to here
work/mkpasswd.c:586:12: branch_true: following ‘true’ branch (when ‘size == pos’)...
work/mkpasswd.c:587:13: branch_true: ...to here
work/mkpasswd.c:588:24: danger: ‘realloc(password,  size)’ leaks here; was allocated at [(13)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/12)
#  586|   	if (pos == size) {
#  587|   	    size += 128;
#  588|-> 	    password = NOFAIL(realloc(password, size));
#  589|   	}
#  590|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def15]
work/simple_recode.c:74:22: warning[-Wanalyzer-malloc-leak]: leak of ‘outp’
work/simple_recode.c:68:21: acquire_memory: allocated here
work/simple_recode.c:69:8: branch_false: following ‘false’ branch (when ‘result’ is non-NULL)...
work/simple_recode.c:71:26: branch_false: ...to here
work/simple_recode.c:74:22: throw: if ‘iconv’ throws an exception...
work/simple_recode.c:74:22: danger: ‘outp’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   72|   
#   73|       do {
#   74|-> 	size_t err = iconv(handle, &inp, &inbytes_remaining, &outp,
#   75|   		&outbytes_remaining);
#   76|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def16]
work/simple_recode.c:74:22: warning[-Wanalyzer-malloc-leak]: leak of ‘result’
work/simple_recode.c:69:8: branch_false: following ‘false’ branch (when ‘result’ is non-NULL)...
work/simple_recode.c:71:26: branch_false: ...to here
work/simple_recode.c:77:12: branch_false: following ‘false’ branch...
work/simple_recode.c:80:17: branch_false: ...to here
work/simple_recode.c:115:20: branch_false: following ‘false’ branch (when ‘new_result’ is non-NULL)...
work/simple_recode.c:122:24: branch_false: ...to here
work/simple_recode.c:132:14: branch_true: following ‘true’ branch...
work/simple_recode.c:132:14: branch_true: ...to here
work/simple_recode.c:74:22: throw: if ‘iconv’ throws an exception...
work/simple_recode.c:74:22: danger: ‘result’ leaks here; was allocated at [(7)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/6)
#   72|   
#   73|       do {
#   74|-> 	size_t err = iconv(handle, &inp, &inbytes_remaining, &outp,
#   75|   		&outbytes_remaining);
#   76|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def17]
work/utils.c:40:8: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
work/utils.c:47:8: enter_function: entry to ‘merge_args’
work/utils.c:54:8: branch_false: following ‘false’ branch (when ‘args’ is non-NULL)...
work/utils.c:57:17: branch_false: ...to here
work/utils.c:57:17: acquire_memory: allocated here
work/utils.c:57:17: call_function: inlined call to ‘do_nofail’ from ‘merge_args’
work/utils.c:58:16: branch_true: ...to here
work/utils.c:58:40: branch_true: following ‘true’ branch (when ‘arg’ is non-NULL)...
work/utils.c:59:9: branch_true: ...to here
work/utils.c:60:19: call_function: inlined call to ‘do_nofail’ from ‘merge_args’
#   38|   void *do_nofail(void *ptr, const char *file, const int line)
#   39|   {
#   40|->     if (ptr)
#   41|   	return ptr;
#   42|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def18]
work/utils.c:58:16: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(args)’
work/utils.c:47:8: enter_function: entry to ‘merge_args’
work/utils.c:54:8: branch_false: following ‘false’ branch (when ‘args’ is non-NULL)...
work/utils.c:57:17: branch_false: ...to here
work/utils.c:57:17: acquire_memory: allocated here
work/utils.c:57:17: call_function: inlined call to ‘do_nofail’ from ‘merge_args’
work/utils.c:58:16: branch_true: ...to here
work/utils.c:58:16: danger: ‘strdup(args)’ leaks here; was allocated at [(4)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/3)
#   56|   
#   57|       argstring = NOFAIL(strdup(args));
#   58|->     for (arg = strtok(argstring, " "); arg; arg = strtok(NULL, " ")) {
#   59|   	num_env++;
#   60|   	newargs = NOFAIL(realloc(newargs,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def19]
work/utils.c:58:51: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
work/utils.c:47:8: enter_function: entry to ‘merge_args’
work/utils.c:54:8: branch_false: following ‘false’ branch (when ‘args’ is non-NULL)...
work/utils.c:57:17: branch_false: ...to here
work/utils.c:57:17: acquire_memory: allocated here
work/utils.c:57:17: call_function: inlined call to ‘do_nofail’ from ‘merge_args’
work/utils.c:58:16: branch_true: ...to here
work/utils.c:58:40: branch_true: following ‘true’ branch (when ‘arg’ is non-NULL)...
work/utils.c:59:9: branch_true: ...to here
work/utils.c:60:19: call_function: inlined call to ‘do_nofail’ from ‘merge_args’
work/utils.c:62:16: branch_true: ...to here
work/utils.c:58:40: branch_true: following ‘true’ branch (when ‘arg’ is non-NULL)...
work/utils.c:59:9: branch_true: ...to here
work/utils.c:60:19: call_function: inlined call to ‘do_nofail’ from ‘merge_args’
work/utils.c:62:16: branch_true: ...to here
work/utils.c:58:40: branch_true: following ‘true’ branch (when ‘arg’ is non-NULL)...
work/utils.c:59:9: branch_true: ...to here
work/utils.c:60:19: call_function: inlined call to ‘do_nofail’ from ‘merge_args’
work/utils.c:62:16: branch_true: ...to here
work/utils.c:58:51: danger: ‘<unknown>’ leaks here; was allocated at [(4)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/3)
#   56|   
#   57|       argstring = NOFAIL(strdup(args));
#   58|->     for (arg = strtok(argstring, " "); arg; arg = strtok(NULL, " ")) {
#   59|   	num_env++;
#   60|   	newargs = NOFAIL(realloc(newargs,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def20]
work/utils.c:71:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
work/utils.c:47:8: enter_function: entry to ‘merge_args’
work/utils.c:54:8: branch_false: following ‘false’ branch (when ‘args’ is non-NULL)...
work/utils.c:57:17: branch_false: ...to here
work/utils.c:57:17: acquire_memory: allocated here
work/utils.c:57:17: call_function: inlined call to ‘do_nofail’ from ‘merge_args’
work/utils.c:58:16: branch_true: ...to here
work/utils.c:58:40: branch_true: following ‘true’ branch (when ‘arg’ is non-NULL)...
work/utils.c:59:9: branch_true: ...to here
work/utils.c:60:19: call_function: inlined call to ‘do_nofail’ from ‘merge_args’
work/utils.c:62:16: branch_true: ...to here
work/utils.c:58:40: branch_false: following ‘false’ branch (when ‘arg’ is NULL)...
work/utils.c:65:8: branch_false: ...to here
work/utils.c:65:8: branch_false: following ‘false’ branch (when ‘newargs’ is non-NULL)...
work/utils.c:69:18: branch_false: ...to here
work/utils.c:70:17: branch_true: following ‘true’ branch...
work/utils.c:71:36: branch_true: ...to here
work/utils.c:70:17: branch_true: following ‘true’ branch...
work/utils.c:71:36: branch_true: ...to here
work/utils.c:71:9: danger: ‘<unknown>’ leaks here; was allocated at [(4)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/3)
#   69|       newargs[0] = argv[0];
#   70|       for (i = 1; i <= *argc; i++)
#   71|-> 	newargs[num_env + i] = argv[i];
#   72|   
#   73|       *argc += num_env;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def21]
work/whois.c:324:18: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(hserver)’
work/whois.c:323:8: branch_true: following ‘true’ branch (when ‘hport’ is non-NULL)...
work/whois.c:324:18: branch_true: ...to here
work/whois.c:324:18: acquire_memory: allocated here
work/whois.c:324:18: danger: ‘strdup(hserver)’ leaks here; was allocated at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2)
#  322|   
#  323|       if (hport) {
#  324|-> 	server = strdup(hserver);
#  325|   	port = strdup(hport);
#  326|       } else if (hserver[0] < ' ')

Error: GCC_ANALYZER_WARNING (CWE-401): [#def22]
work/whois.c:325:16: warning[-Wanalyzer-malloc-leak]: leak of ‘server’
work/whois.c:323:8: branch_true: following ‘true’ branch (when ‘hport’ is non-NULL)...
work/whois.c:324:18: branch_true: ...to here
work/whois.c:325:16: throw: if ‘do_nofail’ throws an exception...
work/whois.c:325:16: danger: ‘server’ leaks here; was allocated at [(3)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/2)
#  323|       if (hport) {
#  324|   	server = strdup(hserver);
#  325|-> 	port = strdup(hport);
#  326|       } else if (hserver[0] < ' ')
#  327|   	server = strdup(hserver);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def23]
work/whois.c:325:16: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(hport)’
work/whois.c:323:8: branch_true: following ‘true’ branch (when ‘hport’ is non-NULL)...
work/whois.c:324:18: branch_true: ...to here
work/whois.c:325:16: acquire_memory: allocated here
work/whois.c:325:16: danger: ‘strdup(hport)’ leaks here; was allocated at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
#  323|       if (hport) {
#  324|   	server = strdup(hserver);
#  325|-> 	port = strdup(hport);
#  326|       } else if (hserver[0] < ' ')
#  327|   	server = strdup(hserver);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def24]
work/whois.c:327:18: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(hserver)’
work/whois.c:323:8: branch_false: following ‘false’ branch (when ‘hport’ is NULL)...
work/whois.c:326:16: branch_false: ...to here
work/whois.c:326:15: branch_true: following ‘true’ branch...
work/whois.c:327:18: branch_true: ...to here
work/whois.c:327:18: acquire_memory: allocated here
work/whois.c:327:18: danger: ‘strdup(hserver)’ leaks here; was allocated at [(5)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/4)
#  325|   	port = strdup(hport);
#  326|       } else if (hserver[0] < ' ')
#  327|-> 	server = strdup(hserver);
#  328|       else
#  329|   	split_server_port(hserver, &server, &port);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def25]
work/whois.c:334:18: warning[-Wanalyzer-malloc-leak]: leak of ‘server’
work/whois.c:323:8: branch_false: following ‘false’ branch (when ‘hport’ is NULL)...
work/whois.c:326:16: branch_false: ...to here
work/whois.c:326:15: branch_true: following ‘true’ branch...
work/whois.c:327:18: branch_true: ...to here
work/whois.c:334:18: danger: ‘server’ leaks here; was allocated at [(5)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/4)
#  332|       switch (server[0]) {
#  333|   	case 0:
#  334|-> 	    if (!(server = getenv("WHOIS_SERVER")))
#  335|   		server = strdup(DEFAULTSERVER);
#  336|   	    break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def26]
work/whois.c:335:26: warning[-Wanalyzer-malloc-leak]: leak of ‘port’
work/whois.c:323:8: branch_true: following ‘true’ branch (when ‘hport’ is non-NULL)...
work/whois.c:324:18: branch_true: ...to here
work/whois.c:334:16: branch_true: following ‘true’ branch...
work/whois.c:335:26: branch_true: ...to here
work/whois.c:335:26: throw: if ‘do_nofail’ throws an exception...
work/whois.c:335:26: danger: ‘port’ leaks here; was allocated at [(3)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/2)
#  333|   	case 0:
#  334|   	    if (!(server = getenv("WHOIS_SERVER")))
#  335|-> 		server = strdup(DEFAULTSERVER);
#  336|   	    break;
#  337|   	case 1:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def27]
work/whois.c:335:26: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("whois.arin.net")’
work/whois.c:323:8: branch_false: following ‘false’ branch (when ‘hport’ is NULL)...
work/whois.c:326:16: branch_false: ...to here
work/whois.c:326:15: branch_true: following ‘true’ branch...
work/whois.c:327:18: branch_true: ...to here
work/whois.c:334:16: branch_true: following ‘true’ branch...
work/whois.c:335:26: branch_true: ...to here
work/whois.c:335:26: acquire_memory: allocated here
work/whois.c:335:26: danger: ‘strdup("whois.arin.net")’ leaks here; was allocated at [(9)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/8)
#  333|   	case 0:
#  334|   	    if (!(server = getenv("WHOIS_SERVER")))
#  335|-> 		server = strdup(DEFAULTSERVER);
#  336|   	    break;
#  337|   	case 1:

Error: GCC_ANALYZER_WARNING (CWE-775): [#def28]
work/whois.c:458:16: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen("/etc/whois.conf", "r")’
work/whois.c:440:15: acquire_resource: opened here
work/whois.c:440:8: branch_false: following ‘false’ branch...
work/whois.c:440:8: branch_false: ...to here
work/whois.c:446:12: branch_true: following ‘true’ branch...
work/whois.c:454:18: branch_true: ...to here
work/whois.c:458:16: danger: ‘fopen("/etc/whois.conf", "r")’ leaks here; was opened at [(1)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/0)
#  456|   
#  457|   	p = buf;
#  458|-> 	while (*p == ' ' || *p == '\t')	/* eat leading blanks */
#  459|   	    p++;
#  460|   	if (!*p)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def29]
work/whois.c:458:16: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen("/etc/whois.conf", "r")’
work/whois.c:440:15: acquire_memory: allocated here
work/whois.c:440:8: branch_false: following ‘false’ branch...
work/whois.c:440:8: branch_false: ...to here
work/whois.c:446:12: branch_true: following ‘true’ branch...
work/whois.c:454:18: branch_true: ...to here
work/whois.c:458:16: danger: ‘fopen("/etc/whois.conf", "r")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/0)
#  456|   
#  457|   	p = buf;
#  458|-> 	while (*p == ' ' || *p == '\t')	/* eat leading blanks */
#  459|   	    p++;
#  460|   	if (!*p)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def30]
work/whois.c:485:20: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(server)’
work/whois.c:440:8: branch_false: following ‘false’ branch...
work/whois.c:440:8: branch_false: ...to here
work/whois.c:446:12: branch_true: following ‘true’ branch...
work/whois.c:454:18: branch_true: ...to here
work/whois.c:467:12: branch_false: following ‘false’ branch...
work/whois.c:469:13: branch_false: ...to here
work/whois.c:470:12: branch_false: following ‘false’ branch (when ‘p’ is NULL)...
work/whois.c:474:13: branch_false: ...to here
work/whois.c:475:12: branch_false: following ‘false’ branch...
work/whois.c:481:13: branch_false: ...to here
work/whois.c:482:12: branch_true: following ‘true’ branch...
work/whois.c:483:13: branch_true: ...to here
work/whois.c:485:20: acquire_memory: allocated here
work/whois.c:485:20: danger: ‘strdup(server)’ leaks here; was allocated at [(16)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/15)
#  483|   	    regfree(&re);
#  484|   	    fclose(fp);
#  485|-> 	    return strdup(server);
#  486|   	}
#  487|   	if (i != REG_NOMATCH) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def31]
work/whois.c:560:20: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(whereas((long unsigned int)strtol(s + 2, 0, 10)))’
work/whois.c:548:7: enter_function: entry to ‘guess_server’
work/whois.c:555:8: branch_true: following ‘true’ branch (when ‘colon’ is non-NULL)...
work/whois.c:559:13: branch_true: ...to here
work/whois.c:559:13: call_function: calling ‘is_asn’ from ‘guess_server’
work/whois.c:559:13: return_function: returning to ‘guess_server’ from ‘is_asn’
work/whois.c:559:12: branch_true: following ‘true’ branch...
work/whois.c:560:20: branch_true: ...to here
work/whois.c:560:20: call_function: calling ‘whereas’ from ‘guess_server’
work/whois.c:560:20: return_function: returning to ‘guess_server’ from ‘whereas’
work/whois.c:560:20: acquire_memory: allocated here
work/whois.c:560:20: danger: ‘strdup(whereas((long unsigned int)strtol(s + 2, 0, 10)))’ leaks here; was allocated at [(22)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/21)
#  558|   	/* RPSL hierarchical objects */
#  559|   	if (is_asn(s, 0, ":"))
#  560|-> 	    return strdup(whereas(atol(s + 2)));
#  561|   
#  562|   	v6prefix = strtol(s, NULL, 16);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def32]
work/whois.c:565:20: warning[-Wanalyzer-malloc-leak]: leak of ‘convert_teredo(query)’
work/whois.c:317:5: enter_function: entry to ‘handle_query’
work/whois.c:323:8: branch_false: following ‘false’ branch (when ‘hport’ is NULL)...
work/whois.c:326:16: branch_false: ...to here
work/whois.c:326:15: branch_false: following ‘false’ branch...
work/whois.c:329:9: branch_false: ...to here
work/whois.c:329:9: call_function: calling ‘split_server_port’ from ‘handle_query’
work/whois.c:329:9: return_function: returning to ‘handle_query’ from ‘split_server_port’
work/whois.c:377:17: call_function: calling ‘convert_teredo’ from ‘handle_query’
work/whois.c:377:17: return_function: returning to ‘handle_query’ from ‘convert_teredo’
work/whois.c:380:22: call_function: calling ‘guess_server’ from ‘handle_query’
#  563|   
#  564|   	if (v6prefix == 0)
#  565|-> 	    return strdup("\x05");		/* unknown */
#  566|   
#  567|   	v6net = (v6prefix << 16) + strtol(colon + 1, NULL, 16);/* second u16 */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def33]
work/whois.c:565:20: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("\005")’
work/whois.c:555:8: branch_true: following ‘true’ branch (when ‘colon’ is non-NULL)...
work/whois.c:559:13: branch_true: ...to here
work/whois.c:559:12: branch_false: following ‘false’ branch...
work/whois.c:562:20: branch_false: ...to here
work/whois.c:564:12: branch_true: following ‘true’ branch (when ‘v6prefix == 0’)...
work/whois.c:565:20: branch_true: ...to here
work/whois.c:565:20: acquire_memory: allocated here
work/whois.c:565:20: danger: ‘strdup("\005")’ leaks here; was allocated at [(8)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/7)
#  563|   
#  564|   	if (v6prefix == 0)
#  565|-> 	    return strdup("\x05");		/* unknown */
#  566|   
#  567|   	v6net = (v6prefix << 16) + strtol(colon + 1, NULL, 16);/* second u16 */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def34]
work/whois.c:567:17: warning[-Wanalyzer-malloc-leak]: leak of ‘convert_teredo(query)’
work/whois.c:317:5: enter_function: entry to ‘handle_query’
work/whois.c:323:8: branch_false: following ‘false’ branch (when ‘hport’ is NULL)...
work/whois.c:326:16: branch_false: ...to here
work/whois.c:326:15: branch_false: following ‘false’ branch...
work/whois.c:329:9: branch_false: ...to here
work/whois.c:329:9: call_function: calling ‘split_server_port’ from ‘handle_query’
work/whois.c:329:9: return_function: returning to ‘handle_query’ from ‘split_server_port’
work/whois.c:377:17: call_function: calling ‘convert_teredo’ from ‘handle_query’
work/whois.c:377:17: return_function: returning to ‘handle_query’ from ‘convert_teredo’
work/whois.c:380:22: call_function: calling ‘guess_server’ from ‘handle_query’
#  565|   	    return strdup("\x05");		/* unknown */
#  566|   
#  567|-> 	v6net = (v6prefix << 16) + strtol(colon + 1, NULL, 16);/* second u16 */
#  568|   
#  569|   	for (i = 0; ip6_assign[i].serv; i++) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def35]
work/whois.c:572:24: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(ip6_assign[i].serv)’
work/whois.c:555:8: branch_true: following ‘true’ branch (when ‘colon’ is non-NULL)...
work/whois.c:559:13: branch_true: ...to here
work/whois.c:559:12: branch_false: following ‘false’ branch...
work/whois.c:562:20: branch_false: ...to here
work/whois.c:564:12: branch_false: following ‘false’ branch (when ‘v6prefix != 0’)...
work/whois.c:567:17: branch_false: ...to here
work/whois.c:569:21: branch_true: following ‘true’ branch...
work/whois.c:570:41: branch_true: ...to here
work/whois.c:572:24: acquire_memory: allocated here
work/whois.c:572:24: danger: ‘strdup(ip6_assign[i].serv)’ leaks here; was allocated at [(10)](sarif:/runs/0/results/33/codeFlows/0/threadFlows/0/locations/9)
#  570|   	    if ((v6net & (~0UL << (32 - ip6_assign[i].masklen)))
#  571|   		    == ip6_assign[i].net)
#  572|-> 		return strdup(ip6_assign[i].serv);
#  573|   	}
#  574|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def36]
work/whois.c:575:16: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("\006")’
work/whois.c:555:8: branch_true: following ‘true’ branch (when ‘colon’ is non-NULL)...
work/whois.c:559:13: branch_true: ...to here
work/whois.c:559:12: branch_false: following ‘false’ branch...
work/whois.c:562:20: branch_false: ...to here
work/whois.c:564:12: branch_false: following ‘false’ branch (when ‘v6prefix != 0’)...
work/whois.c:567:17: branch_false: ...to here
work/whois.c:569:21: branch_true: following ‘true’ branch...
work/whois.c:570:41: branch_true: ...to here
work/whois.c:570:16: branch_false: following ‘false’ branch...
work/whois.c:569:41: branch_false: ...to here
work/whois.c:570:16: branch_false: following ‘false’ branch...
work/whois.c:569:41: branch_false: ...to here
work/whois.c:575:16: acquire_memory: allocated here
work/whois.c:575:16: danger: ‘strdup("\006")’ leaks here; was allocated at [(14)](sarif:/runs/0/results/34/codeFlows/0/threadFlows/0/locations/13)
#  573|   	}
#  574|   
#  575|-> 	return strdup("\x06");			/* unknown allocation */
#  576|       }
#  577|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def37]
work/whois.c:580:16: warning[-Wanalyzer-malloc-leak]: leak of ‘convert_teredo(query)’
work/whois.c:317:5: enter_function: entry to ‘handle_query’
work/whois.c:323:8: branch_false: following ‘false’ branch (when ‘hport’ is NULL)...
work/whois.c:326:16: branch_false: ...to here
work/whois.c:326:15: branch_false: following ‘false’ branch...
work/whois.c:329:9: branch_false: ...to here
work/whois.c:329:9: call_function: calling ‘split_server_port’ from ‘handle_query’
work/whois.c:329:9: return_function: returning to ‘handle_query’ from ‘split_server_port’
work/whois.c:377:17: call_function: calling ‘convert_teredo’ from ‘handle_query’
work/whois.c:377:17: return_function: returning to ‘handle_query’ from ‘convert_teredo’
work/whois.c:380:22: call_function: calling ‘guess_server’ from ‘handle_query’
#  578|       /* email address */
#  579|       if (strchr(s, '@'))
#  580|-> 	return strdup("\x05");
#  581|   
#  582|       if (!strpbrk(s, ".")) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def38]
work/whois.c:580:16: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("\005")’
work/whois.c:555:8: branch_false: following ‘false’ branch (when ‘colon’ is NULL)...
work/whois.c:579:9: branch_false: ...to here
work/whois.c:579:8: branch_true: following ‘true’ branch...
work/whois.c:580:16: branch_true: ...to here
work/whois.c:580:16: acquire_memory: allocated here
work/whois.c:580:16: danger: ‘strdup("\005")’ leaks here; was allocated at [(7)](sarif:/runs/0/results/35/codeFlows/0/threadFlows/0/locations/6)
#  578|       /* email address */
#  579|       if (strchr(s, '@'))
#  580|-> 	return strdup("\x05");
#  581|   
#  582|       if (!strpbrk(s, ".")) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def39]
work/whois.c:584:21: warning[-Wanalyzer-malloc-leak]: leak of ‘convert_teredo(query)’
work/whois.c:317:5: enter_function: entry to ‘handle_query’
work/whois.c:323:8: branch_false: following ‘false’ branch (when ‘hport’ is NULL)...
work/whois.c:326:16: branch_false: ...to here
work/whois.c:326:15: branch_false: following ‘false’ branch...
work/whois.c:329:9: branch_false: ...to here
work/whois.c:329:9: call_function: calling ‘split_server_port’ from ‘handle_query’
work/whois.c:329:9: return_function: returning to ‘handle_query’ from ‘split_server_port’
work/whois.c:377:17: call_function: calling ‘convert_teredo’ from ‘handle_query’
work/whois.c:377:17: return_function: returning to ‘handle_query’ from ‘convert_teredo’
work/whois.c:380:22: call_function: calling ‘guess_server’ from ‘handle_query’
#  582|       if (!strpbrk(s, ".")) {
#  583|   	/* if it is a TLD or a new gTLD then ask IANA */
#  584|-> 	for (i = 0; tld_serv[i]; i += 2)
#  585|   	    if (strcaseeq(s, tld_serv[i]))
#  586|   		return strdup("whois.iana.org");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def40]
work/whois.c:586:24: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("whois.iana.org")’
work/whois.c:555:8: branch_false: following ‘false’ branch (when ‘colon’ is NULL)...
work/whois.c:579:9: branch_false: ...to here
work/whois.c:579:8: branch_false: following ‘false’ branch...
work/whois.c:582:10: branch_false: ...to here
work/whois.c:582:8: branch_true: following ‘true’ branch...
work/whois.c:582:8: branch_true: ...to here
work/whois.c:584:21: branch_true: following ‘true’ branch...
work/whois.c:585:17: branch_true: ...to here
work/whois.c:586:24: acquire_memory: allocated here
work/whois.c:586:24: danger: ‘strdup("whois.iana.org")’ leaks here; was allocated at [(12)](sarif:/runs/0/results/39/codeFlows/0/threadFlows/0/locations/11)
#  584|   	for (i = 0; tld_serv[i]; i += 2)
#  585|   	    if (strcaseeq(s, tld_serv[i]))
#  586|-> 		return strdup("whois.iana.org");
#  587|   
#  588|   	for (i = 0; new_gtlds[i]; i++)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def41]
work/whois.c:590:24: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("whois.iana.org")’
work/whois.c:555:8: branch_false: following ‘false’ branch (when ‘colon’ is NULL)...
work/whois.c:579:9: branch_false: ...to here
work/whois.c:579:8: branch_false: following ‘false’ branch...
work/whois.c:582:10: branch_false: ...to here
work/whois.c:582:8: branch_true: following ‘true’ branch...
work/whois.c:582:8: branch_true: ...to here
work/whois.c:588:21: branch_true: following ‘true’ branch...
work/whois.c:589:17: branch_true: ...to here
work/whois.c:590:24: acquire_memory: allocated here
work/whois.c:590:24: danger: ‘strdup("whois.iana.org")’ leaks here; was allocated at [(12)](sarif:/runs/0/results/40/codeFlows/0/threadFlows/0/locations/11)
#  588|   	for (i = 0; new_gtlds[i]; i++)
#  589|   	    if (strcaseeq(s, new_gtlds[i]))
#  590|-> 		return strdup("whois.iana.org");
#  591|       }
#  592|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def42]
work/whois.c:598:20: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("whois.networksolutions.com")’
work/whois.c:555:8: branch_false: following ‘false’ branch (when ‘colon’ is NULL)...
work/whois.c:579:9: branch_false: ...to here
work/whois.c:579:8: branch_false: following ‘false’ branch...
work/whois.c:582:10: branch_false: ...to here
work/whois.c:582:8: branch_false: following ‘false’ branch...
work/whois.c:594:10: branch_false: ...to here
work/whois.c:594:8: branch_true: following ‘true’ branch...
work/whois.c:595:13: branch_true: ...to here
work/whois.c:595:12: branch_false: following ‘false’ branch...
work/whois.c:597:13: branch_false: ...to here
work/whois.c:597:12: branch_true: following ‘true’ branch...
work/whois.c:598:20: branch_true: ...to here
work/whois.c:598:20: acquire_memory: allocated here
work/whois.c:598:20: danger: ‘strdup("whois.networksolutions.com")’ leaks here; was allocated at [(16)](sarif:/runs/0/results/41/codeFlows/0/threadFlows/0/locations/15)
#  596|   	    return strdup(whereas(atol(s + 2))); /* it's an AS */
#  597|   	if (*s == '!')	/* NSI NIC handle */
#  598|-> 	    return strdup("whois.networksolutions.com");
#  599|   	else
#  600|   	    return strdup("\x05"); /* probably a unknown kind of nic handle */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def43]
work/whois.c:600:20: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("\005")’
work/whois.c:555:8: branch_false: following ‘false’ branch (when ‘colon’ is NULL)...
work/whois.c:579:9: branch_false: ...to here
work/whois.c:579:8: branch_false: following ‘false’ branch...
work/whois.c:582:10: branch_false: ...to here
work/whois.c:582:8: branch_false: following ‘false’ branch...
work/whois.c:594:10: branch_false: ...to here
work/whois.c:594:8: branch_true: following ‘true’ branch...
work/whois.c:595:13: branch_true: ...to here
work/whois.c:595:12: branch_false: following ‘false’ branch...
work/whois.c:597:13: branch_false: ...to here
work/whois.c:597:12: branch_false: following ‘false’ branch...
work/whois.c:600:20: branch_false: ...to here
work/whois.c:600:20: acquire_memory: allocated here
work/whois.c:600:20: danger: ‘strdup("\005")’ leaks here; was allocated at [(16)](sarif:/runs/0/results/42/codeFlows/0/threadFlows/0/locations/15)
#  598|   	    return strdup("whois.networksolutions.com");
#  599|   	else
#  600|-> 	    return strdup("\x05"); /* probably a unknown kind of nic handle */
#  601|       }
#  602|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def44]
work/whois.c:614:20: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(tld_serv[<unknown>])’
work/whois.c:548:7: enter_function: entry to ‘guess_server’
work/whois.c:555:8: branch_false: following ‘false’ branch (when ‘colon’ is NULL)...
work/whois.c:579:9: branch_false: ...to here
work/whois.c:579:8: branch_false: following ‘false’ branch...
work/whois.c:582:10: branch_false: ...to here
work/whois.c:582:8: branch_false: following ‘false’ branch...
work/whois.c:594:10: branch_false: ...to here
work/whois.c:594:8: branch_false: following ‘false’ branch...
work/whois.c:604:15: call_function: inlined call to ‘myinet_aton’ from ‘guess_server’
work/whois.c:604:8: branch_false: following ‘false’ branch...
work/whois.c:604:8: branch_false: ...to here
work/whois.c:612:17: branch_true: following ‘true’ branch...
work/whois.c:613:13: branch_true: ...to here
work/whois.c:614:20: acquire_memory: allocated here
work/whois.c:614:20: danger: ‘strdup(tld_serv[<unknown>])’ leaks here; was allocated at [(18)](sarif:/runs/0/results/43/codeFlows/0/threadFlows/0/locations/17)
#  612|       for (i = 0; tld_serv[i]; i += 2)
#  613|   	if (in_domain(s, tld_serv[i]))
#  614|-> 	    return strdup(tld_serv[i + 1]);
#  615|   
#  616|       /* use the default server name for "new" gTLDs */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def45]
work/whois.c:618:24: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(strlen(is_new_gtld(s)) + 11)’
work/whois.c:548:7: enter_function: entry to ‘guess_server’
work/whois.c:555:8: branch_false: following ‘false’ branch (when ‘colon’ is NULL)...
work/whois.c:579:9: branch_false: ...to here
work/whois.c:579:8: branch_false: following ‘false’ branch...
work/whois.c:582:10: branch_false: ...to here
work/whois.c:582:8: branch_false: following ‘false’ branch...
work/whois.c:594:10: branch_false: ...to here
work/whois.c:594:8: branch_false: following ‘false’ branch...
work/whois.c:604:15: call_function: inlined call to ‘myinet_aton’ from ‘guess_server’
work/whois.c:604:8: branch_false: following ‘false’ branch...
work/whois.c:604:8: branch_false: ...to here
work/whois.c:617:16: call_function: calling ‘is_new_gtld’ from ‘guess_server’
work/whois.c:617:16: return_function: returning to ‘guess_server’ from ‘is_new_gtld’
work/whois.c:617:8: branch_true: following ‘true’ branch...
work/whois.c:618:24: branch_true: ...to here
work/whois.c:618:24: acquire_memory: allocated here
work/whois.c:618:24: danger: ‘malloc(strlen(is_new_gtld(s)) + 11)’ leaks here; was allocated at [(23)](sarif:/runs/0/results/44/codeFlows/0/threadFlows/0/locations/22)
#  616|       /* use the default server name for "new" gTLDs */
#  617|       if ((tld = is_new_gtld(s))) {
#  618|-> 	char *server = malloc(strlen("whois.nic.") + strlen(tld) + 1);
#  619|   	strcpy(server, "whois.nic.");
#  620|   	strcat(server, tld);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def46]
work/whois.c:629:24: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(nic_handles[<unknown>])’
work/whois.c:548:7: enter_function: entry to ‘guess_server’
work/whois.c:555:8: branch_false: following ‘false’ branch (when ‘colon’ is NULL)...
work/whois.c:579:9: branch_false: ...to here
work/whois.c:579:8: branch_false: following ‘false’ branch...
work/whois.c:582:10: branch_false: ...to here
work/whois.c:582:8: branch_false: following ‘false’ branch...
work/whois.c:594:10: branch_false: ...to here
work/whois.c:594:8: branch_false: following ‘false’ branch...
work/whois.c:604:15: call_function: inlined call to ‘myinet_aton’ from ‘guess_server’
work/whois.c:604:8: branch_false: following ‘false’ branch...
work/whois.c:604:8: branch_false: ...to here
work/whois.c:617:8: branch_false: following ‘false’ branch...
work/whois.c:625:10: branch_false: ...to here
work/whois.c:625:8: branch_true: following ‘true’ branch...
work/whois.c:625:8: branch_true: ...to here
work/whois.c:627:21: branch_true: following ‘true’ branch...
work/whois.c:628:17: branch_true: ...to here
work/whois.c:629:24: acquire_memory: allocated here
work/whois.c:629:24: danger: ‘strdup(nic_handles[<unknown>])’ leaks here; was allocated at [(23)](sarif:/runs/0/results/45/codeFlows/0/threadFlows/0/locations/22)
#  627|   	for (i = 0; nic_handles[i]; i += 2)
#  628|   	    if (strncaseeq(s, nic_handles[i], strlen(nic_handles[i])))
#  629|-> 		return strdup(nic_handles[i + 1]);
#  630|   
#  631|   	/* search for strings at the end of the word */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def47]
work/whois.c:634:24: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(nic_handles_post[<unknown>])’
work/whois.c:548:7: enter_function: entry to ‘guess_server’
work/whois.c:555:8: branch_false: following ‘false’ branch (when ‘colon’ is NULL)...
work/whois.c:579:9: branch_false: ...to here
work/whois.c:579:8: branch_false: following ‘false’ branch...
work/whois.c:582:10: branch_false: ...to here
work/whois.c:582:8: branch_false: following ‘false’ branch...
work/whois.c:594:10: branch_false: ...to here
work/whois.c:594:8: branch_false: following ‘false’ branch...
work/whois.c:604:15: call_function: inlined call to ‘myinet_aton’ from ‘guess_server’
work/whois.c:604:8: branch_false: following ‘false’ branch...
work/whois.c:604:8: branch_false: ...to here
work/whois.c:617:8: branch_false: following ‘false’ branch...
work/whois.c:625:10: branch_false: ...to here
work/whois.c:625:8: branch_true: following ‘true’ branch...
work/whois.c:625:8: branch_true: ...to here
work/whois.c:632:21: branch_true: following ‘true’ branch...
work/whois.c:633:17: branch_true: ...to here
work/whois.c:634:24: acquire_memory: allocated here
work/whois.c:634:24: danger: ‘strdup(nic_handles_post[<unknown>])’ leaks here; was allocated at [(23)](sarif:/runs/0/results/46/codeFlows/0/threadFlows/0/locations/22)
#  632|   	for (i = 0; nic_handles_post[i]; i += 2)
#  633|   	    if (endstrcaseeq(s, nic_handles_post[i]))
#  634|-> 		return strdup(nic_handles_post[i + 1]);
#  635|   
#  636|   	/* it's probably a network name */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def48]
work/whois.c:637:16: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("")’
work/whois.c:548:7: enter_function: entry to ‘guess_server’
work/whois.c:555:8: branch_false: following ‘false’ branch (when ‘colon’ is NULL)...
work/whois.c:579:9: branch_false: ...to here
work/whois.c:579:8: branch_false: following ‘false’ branch...
work/whois.c:582:10: branch_false: ...to here
work/whois.c:582:8: branch_false: following ‘false’ branch...
work/whois.c:594:10: branch_false: ...to here
work/whois.c:594:8: branch_false: following ‘false’ branch...
work/whois.c:604:15: call_function: inlined call to ‘myinet_aton’ from ‘guess_server’
work/whois.c:604:8: branch_false: following ‘false’ branch...
work/whois.c:604:8: branch_false: ...to here
work/whois.c:617:8: branch_false: following ‘false’ branch...
work/whois.c:625:10: branch_false: ...to here
work/whois.c:625:8: branch_true: following ‘true’ branch...
work/whois.c:625:8: branch_true: ...to here
work/whois.c:637:16: acquire_memory: allocated here
work/whois.c:637:16: danger: ‘strdup("")’ leaks here; was allocated at [(21)](sarif:/runs/0/results/47/codeFlows/0/threadFlows/0/locations/20)
#  635|   
#  636|   	/* it's probably a network name */
#  637|-> 	return strdup("");
#  638|       }
#  639|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def49]
work/whois.c:642:12: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("\005")’
work/whois.c:548:7: enter_function: entry to ‘guess_server’
work/whois.c:555:8: branch_false: following ‘false’ branch (when ‘colon’ is NULL)...
work/whois.c:579:9: branch_false: ...to here
work/whois.c:579:8: branch_false: following ‘false’ branch...
work/whois.c:582:10: branch_false: ...to here
work/whois.c:582:8: branch_false: following ‘false’ branch...
work/whois.c:594:10: branch_false: ...to here
work/whois.c:594:8: branch_false: following ‘false’ branch...
work/whois.c:604:15: call_function: inlined call to ‘myinet_aton’ from ‘guess_server’
work/whois.c:604:8: branch_false: following ‘false’ branch...
work/whois.c:604:8: branch_false: ...to here
work/whois.c:617:8: branch_false: following ‘false’ branch...
work/whois.c:625:10: branch_false: ...to here
work/whois.c:625:8: branch_false: following ‘false’ branch...
work/whois.c:642:12: branch_false: ...to here
work/whois.c:642:12: acquire_memory: allocated here
work/whois.c:642:12: danger: ‘strdup("\005")’ leaks here; was allocated at [(21)](sarif:/runs/0/results/48/codeFlows/0/threadFlows/0/locations/20)
#  640|       /* has dot and maybe a hyphen and it's not in tld_serv[], WTF is it? */
#  641|       /* either a TLD or a NIC handle we don't know about yet */
#  642|->     return strdup("\x05");
#  643|   }
#  644|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def50]
work/whois.c:666:11: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(strlen(flags) + strlen(query) + strlen(client_tag) + 64)’
work/whois.c:666:11: acquire_memory: allocated here
work/whois.c:666:11: danger: ‘malloc(strlen(flags) + strlen(query) + strlen(client_tag) + 64)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/49/codeFlows/0/threadFlows/0/locations/0)
#  664|   
#  665|       /* 64 bytes reserved for server-specific flags added later */
#  666|->     buf = malloc(strlen(flags) + strlen(query) + strlen(client_tag) + 64);
#  667|       *buf = '\0';
#  668|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def51]
work/whois.c:669:17: warning[-Wanalyzer-malloc-leak]: leak of ‘do_nofail(malloc(strlen(flags) + strlen(query) + strlen(client_tag) + 64), "whois.c", 666)’
work/whois.c:683:5: throw: if ‘simple_recode_iconv_close’ throws an exception...
work/whois.c:669:17: danger: ‘do_nofail(malloc(strlen(flags) + strlen(query) + strlen(client_tag) + 64), "whois.c", 666)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/50/codeFlows/0/threadFlows/0/locations/0)
#  667|       *buf = '\0';
#  668|   
#  669|->     for (i = 0; ripe_servers[i]; i++)
#  670|   	if (streq(server, ripe_servers[i])) {
#  671|   	    sprintf(buf + strlen(buf), "-V %s ", client_tag);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def52]
work/whois.c:826:28: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(p + 19)’
work/whois.c:818:8: branch_false: following ‘false’ branch...
work/whois.c:821:8: branch_false: ...to here
work/whois.c:821:8: branch_true: following ‘true’ branch...
work/whois.c:822:13: branch_true: ...to here
work/whois.c:822:12: branch_true: following ‘true’ branch...
work/whois.c:823:13: branch_true: ...to here
work/whois.c:825:16: branch_true: following ‘true’ branch...
work/whois.c:826:28: branch_true: ...to here
work/whois.c:826:28: acquire_memory: allocated here
work/whois.c:826:28: danger: ‘strdup(p + 19)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/51/codeFlows/0/threadFlows/0/locations/8)
#  824|   	    for (; *p == ' ' || *p == '\t'; p++);	/* skip white space */
#  825|   	    if (strneq(p, "Transferred to the ", 19)) {
#  826|-> 		rir_name = strdup(p + 19);
#  827|   		if ((p = strpbrk(rir_name, " ")))
#  828|   		    *p = '\0';

Error: GCC_ANALYZER_WARNING (CWE-401): [#def53]
work/whois.c:863:21: warning[-Wanalyzer-malloc-leak]: leak of ‘do_nofail(strdup(rir_servers[<unknown>]), "whois.c", 865)’
work/whois.c:818:8: branch_false: following ‘false’ branch...
work/whois.c:821:8: branch_false: ...to here
work/whois.c:821:8: branch_false: following ‘false’ branch...
work/whois.c:851:8: branch_false: ...to here
work/whois.c:851:8: branch_true: following ‘true’ branch...
work/whois.c:863:21: branch_true: following ‘true’ branch...
work/whois.c:864:17: branch_true: ...to here
work/whois.c:864:16: branch_true: following ‘true’ branch (when the strings are equal)...
work/whois.c:865:36: branch_true: ...to here
work/whois.c:863:21: branch_true: following ‘true’ branch...
work/whois.c:864:17: branch_true: ...to here
work/whois.c:864:16: branch_true: following ‘true’ branch (when the strings are equal)...
work/whois.c:865:36: branch_true: ...to here
work/whois.c:865:36: throw: if ‘do_nofail’ throws an exception...
work/whois.c:863:21: danger: ‘do_nofail(strdup(rir_servers[<unknown>]), "whois.c", 865)’ leaks here; was allocated at [(11)](sarif:/runs/0/results/52/codeFlows/0/threadFlows/0/locations/10)
#  861|   	state = 4;
#  862|   
#  863|-> 	for (i = 0; rir_servers[i]; i += 2)
#  864|   	    if (streq(rir_name, rir_servers[i]))
#  865|   		*referral_server = strdup(rir_servers[i + 1]);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def54]
work/whois.c:865:36: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(rir_servers[<unknown>])’
work/whois.c:818:8: branch_false: following ‘false’ branch...
work/whois.c:821:8: branch_false: ...to here
work/whois.c:821:8: branch_false: following ‘false’ branch...
work/whois.c:851:8: branch_false: ...to here
work/whois.c:851:8: branch_true: following ‘true’ branch...
work/whois.c:863:21: branch_true: following ‘true’ branch...
work/whois.c:864:17: branch_true: ...to here
work/whois.c:864:16: branch_true: following ‘true’ branch (when the strings are equal)...
work/whois.c:865:36: branch_true: ...to here
work/whois.c:865:36: acquire_memory: allocated here
work/whois.c:865:36: danger: ‘strdup(rir_servers[<unknown>])’ leaks here; was allocated at [(11)](sarif:/runs/0/results/53/codeFlows/0/threadFlows/0/locations/10)
#  863|   	for (i = 0; rir_servers[i]; i += 2)
#  864|   	    if (streq(rir_name, rir_servers[i]))
#  865|-> 		*referral_server = strdup(rir_servers[i + 1]);
#  866|   	free(rir_name);
#  867|       }

Error: COMPILER_WARNING (CWE-704): [#def55]
work/whois.c: scope_hint: In function ‘find_referral_server_arin’
work/whois.c:892:12: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  892 |     if ((p = strstr(buf, "rwhois://")))
#      |            ^
#  890|       }
#  891|   
#  892|->     if ((p = strstr(buf, "rwhois://")))
#  893|   	*referral_server = strdup(p + 9);
#  894|       else if ((p = strstr(buf, "whois://")))

Error: COMPILER_WARNING (CWE-704): [#def56]
work/whois.c:892:12: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  890|       }
#  891|   
#  892|->     if ((p = strstr(buf, "rwhois://")))
#  893|   	*referral_server = strdup(p + 9);
#  894|       else if ((p = strstr(buf, "whois://")))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def57]
work/whois.c:893:28: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(p + 9)’
work/whois.c:887:8: branch_false: following ‘false’ branch...
work/whois.c:892:14: branch_false: ...to here
work/whois.c:892:8: branch_true: following ‘true’ branch (when ‘p’ is non-NULL)...
work/whois.c:893:28: branch_true: ...to here
work/whois.c:893:28: acquire_memory: allocated here
work/whois.c:893:28: danger: ‘strdup(p + 9)’ leaks here; was allocated at [(6)](sarif:/runs/0/results/54/codeFlows/0/threadFlows/0/locations/5)
#  891|   
#  892|       if ((p = strstr(buf, "rwhois://")))
#  893|-> 	*referral_server = strdup(p + 9);
#  894|       else if ((p = strstr(buf, "whois://")))
#  895|   	*referral_server = strdup(p + 8);

Error: COMPILER_WARNING (CWE-704): [#def58]
work/whois.c:894:17: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  894 |     else if ((p = strstr(buf, "whois://")))
#      |                 ^
#  892|       if ((p = strstr(buf, "rwhois://")))
#  893|   	*referral_server = strdup(p + 9);
#  894|->     else if ((p = strstr(buf, "whois://")))
#  895|   	*referral_server = strdup(p + 8);
#  896|       else

Error: COMPILER_WARNING (CWE-704): [#def59]
work/whois.c:894:17: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
#  892|       if ((p = strstr(buf, "rwhois://")))
#  893|   	*referral_server = strdup(p + 9);
#  894|->     else if ((p = strstr(buf, "whois://")))
#  895|   	*referral_server = strdup(p + 8);
#  896|       else

Error: GCC_ANALYZER_WARNING (CWE-401): [#def60]
work/whois.c:895:28: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(p + 8)’
work/whois.c:887:8: branch_false: following ‘false’ branch...
work/whois.c:892:14: branch_false: ...to here
work/whois.c:892:8: branch_false: following ‘false’ branch (when ‘p’ is NULL)...
work/whois.c:894:19: branch_false: ...to here
work/whois.c:894:13: branch_true: following ‘true’ branch (when ‘p’ is non-NULL)...
work/whois.c:895:28: branch_true: ...to here
work/whois.c:895:28: acquire_memory: allocated here
work/whois.c:895:28: danger: ‘strdup(p + 8)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/55/codeFlows/0/threadFlows/0/locations/8)
#  893|   	*referral_server = strdup(p + 9);
#  894|       else if ((p = strstr(buf, "whois://")))
#  895|-> 	*referral_server = strdup(p + 8);
#  896|       else
#  897|   	*referral_server = strdup(buf + 17);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def61]
work/whois.c:897:28: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(buf + 17)’
work/whois.c:887:8: branch_false: following ‘false’ branch...
work/whois.c:892:14: branch_false: ...to here
work/whois.c:892:8: branch_false: following ‘false’ branch (when ‘p’ is NULL)...
work/whois.c:894:19: branch_false: ...to here
work/whois.c:894:13: branch_false: following ‘false’ branch (when ‘p’ is NULL)...
work/whois.c:897:28: branch_false: ...to here
work/whois.c:897:28: acquire_memory: allocated here
work/whois.c:897:28: danger: ‘strdup(buf + 17)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/56/codeFlows/0/threadFlows/0/locations/8)
#  895|   	*referral_server = strdup(p + 8);
#  896|       else
#  897|-> 	*referral_server = strdup(buf + 17);
#  898|       if (*referral_server && (p = strpbrk(*referral_server, "/")))
#  899|   	*p = '\0';

Error: GCC_ANALYZER_WARNING (CWE-401): [#def62]
work/whois.c:917:24: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(p)’
work/whois.c:917:24: acquire_memory: allocated here
work/whois.c:917:24: danger: ‘strdup(p)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/57/codeFlows/0/threadFlows/0/locations/0)
#  915|       p = buf + 6;				/* skip until the colon */
#  916|       for (; *p == ' ' || *p == '\t'; p++);	/* skip white space */
#  917|->     *referral_server = strdup(p);
#  918|   }
#  919|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def63]
work/whois.c:935:28: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(p)’
work/whois.c:930:14: branch_false: following ‘false’ branch...
work/whois.c:932:13: branch_false: ...to here
work/whois.c:932:13: branch_true: following ‘true’ branch...
work/whois.c:935:28: acquire_memory: allocated here
work/whois.c:935:28: danger: ‘strdup(p)’ leaks here; was allocated at [(5)](sarif:/runs/0/results/58/codeFlows/0/threadFlows/0/locations/4)
#  933|   	p = buf + 23;				/* skip until the colon */
#  934|   	for (; *p && *p == ' '; p++);		/* skip the spaces */
#  935|-> 	*referral_server = strdup(p);
#  936|   	state = 2;
#  937|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def64]
work/whois.c:953:28: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("")’
work/whois.c:950:9: branch_false: following ‘false’ branch...
work/whois.c:952:15: branch_false: ...to here
work/whois.c:952:15: branch_true: following ‘true’ branch...
work/whois.c:953:28: acquire_memory: allocated here
work/whois.c:953:28: danger: ‘strdup("")’ leaks here; was allocated at [(5)](sarif:/runs/0/results/59/codeFlows/0/threadFlows/0/locations/4)
#  951|   	state = 1;
#  952|       } else if (state == 0 && strneq(buf, "   Server Name:", 15)) {
#  953|-> 	*referral_server = strdup("");
#  954|   	state = 2;
#  955|       } else if (state == 1 && strneq(buf, "   Registrar WHOIS Server:", 26)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def65]
work/whois.c:958:28: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(p)’
work/whois.c:955:15: branch_true: following ‘true’ branch...
work/whois.c:958:28: acquire_memory: allocated here
work/whois.c:958:28: danger: ‘strdup(p)’ leaks here; was allocated at [(3)](sarif:/runs/0/results/60/codeFlows/0/threadFlows/0/locations/2)
#  956|   	p = buf + 26;				/* skip until the colon */
#  957|   	for (; *p && *p == ' '; p++);		/* skip the spaces */
#  958|-> 	*referral_server = strdup(p);
#  959|   	state = 2;
#  960|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def66]
work/whois.c:973:12: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(strlen(query) + 3)’
work/whois.c:973:12: acquire_memory: allocated here
work/whois.c:973:12: danger: ‘malloc(strlen(query) + 3)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/61/codeFlows/0/threadFlows/0/locations/0)
#  971|       void (*referral_handler)(char **referral_server, const char *buf) = NULL;
#  972|   
#  973|->     temp = malloc(strlen(query) + 2 + 1);
#  974|       strcpy(temp, query);
#  975|       strcat(temp, "\r\n");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def67]
work/whois.c:975:5: warning[-Wanalyzer-malloc-leak]: leak of ‘do_nofail(malloc(strlen(query) + 3), "whois.c", 973)’
work/whois.c:964:7: enter_function: entry to ‘query_server’
work/whois.c:977:17: branch_true: following ‘true’ branch...
work/whois.c:981:13: branch_true: ...to here
work/whois.c:986:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
work/whois.c:977:51: branch_false: ...to here
work/whois.c:986:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
work/whois.c:977:51: branch_false: ...to here
work/whois.c:992:12: call_function: calling ‘openconn’ from ‘query_server’
#  973|       temp = malloc(strlen(query) + 2 + 1);
#  974|       strcpy(temp, query);
#  975|->     strcat(temp, "\r\n");
#  976|   
#  977|       for (i = 0; server_referral_handlers[i].name; i++) {

Error: COMPILER_WARNING (CWE-563): [#def68]
work/whois.c: scope_hint: In function ‘query_verisign’
work/whois.c:1034:9: warning[-Wunused-variable]: unused variable ‘sock’
# 1034 |     int sock;
#      |         ^~~~
# 1032|   {
# 1033|       char *temp, *p;
# 1034|->     int sock;
# 1035|       char *referral_server = NULL;
# 1036|       int dotscount = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def69]
work/whois.c:1038:12: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(strlen(query) + 10)’
work/whois.c:1038:12: acquire_memory: allocated here
work/whois.c:1038:12: danger: ‘malloc(strlen(query) + 10)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/70/codeFlows/0/threadFlows/0/locations/0)
# 1036|       int dotscount = 0;
# 1037|   
# 1038|->     temp = malloc(strlen("domain ") + strlen(query) + 2 + 1);
# 1039|       *temp = '\0';
# 1040|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def70]
work/whois.c:1042:30: warning[-Wanalyzer-malloc-leak]: leak of ‘do_nofail(malloc(strlen(query) + 10), "whois.c", 1038)’
work/whois.c:1031:7: enter_function: entry to ‘query_verisign’
work/whois.c:1050:23: call_function: calling ‘query_server’ from ‘query_verisign’
# 1040|   
# 1041|       /* if this has more than one dot then it is a name server */
# 1042|->     for (p = (char *) query; *p != '\0'; p++)
# 1043|   	if (*p == '.')
# 1044|   	    dotscount++;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def71]
work/whois.c:1139:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
work/whois.c:1055:5: enter_function: entry to ‘openconn’
work/whois.c:1084:8: branch_false: following ‘false’ branch...
work/whois.c:1092:10: branch_false: ...to here
work/whois.c:1092:20: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
work/whois.c:1094:14: branch_true: ...to here
work/whois.c:1096:19: acquire_resource: socket created here
work/whois.c:1096:12: branch_false: following ‘false’ branch (when ‘fd >= 0’)...
work/whois.c:1098:13: branch_false: ...to here
work/whois.c:1098:13: call_function: calling ‘connect_with_timeout’ from ‘openconn’
# 1137|   
# 1138|       if (timeout <= 0)
# 1139|-> 	return connect(fd, addr, addrlen);
# 1140|   
# 1141|       if ((savedflags = fcntl(fd, F_GETFL, 0)) < 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def72]
work/whois.c:1141:23: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
work/whois.c:1055:5: enter_function: entry to ‘openconn’
work/whois.c:1084:8: branch_false: following ‘false’ branch...
work/whois.c:1092:10: branch_false: ...to here
work/whois.c:1092:20: branch_true: following ‘true’ branch (when ‘ai’ is non-NULL)...
work/whois.c:1094:14: branch_true: ...to here
work/whois.c:1096:19: acquire_resource: socket created here
work/whois.c:1096:12: branch_false: following ‘false’ branch (when ‘fd >= 0’)...
work/whois.c:1098:13: branch_false: ...to here
work/whois.c:1098:13: call_function: calling ‘connect_with_timeout’ from ‘openconn’
# 1139|   	return connect(fd, addr, addrlen);
# 1140|   
# 1141|->     if ((savedflags = fcntl(fd, F_GETFL, 0)) < 0)
# 1142|   	return -1;
# 1143|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def73]
work/whois.c:1291:11: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(dom)’
work/whois.c:1291:11: acquire_memory: allocated here
work/whois.c:1291:11: danger: ‘strdup(dom)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/81/codeFlows/0/threadFlows/0/locations/0)
# 1289|   #endif
# 1290|   
# 1291|->     ret = strdup(dom);
# 1292|       /* start from the last character */
# 1293|       p = ret + strlen(ret) - 1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def74]
work/whois.c:1293:27: warning[-Wanalyzer-malloc-leak]: leak of ‘do_nofail(strdup(dom), "whois.c", 1291)’
work/whois.c:1306:8: branch_false: following ‘false’ branch...
work/whois.c:1306:8: branch_false: ...to here
work/whois.c:1310:19: branch_true: following ‘true’ branch...
work/whois.c:1311:12: branch_true: ...to here
work/whois.c:1310:19: branch_false: following ‘false’ branch...
work/whois.c:1314:8: branch_false: ...to here
work/whois.c:1314:8: branch_false: following ‘false’ branch (when ‘domain_start’ is NULL)...
work/whois.c:1340:13: branch_false: ...to here
work/whois.c:1340:13: throw: if ‘idn2_lookup_ul’ throws an exception...
work/whois.c:1293:27: danger: ‘do_nofail(strdup(dom), "whois.c", 1291)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/82/codeFlows/0/threadFlows/0/locations/0)
# 1291|       ret = strdup(dom);
# 1292|       /* start from the last character */
# 1293|->     p = ret + strlen(ret) - 1;
# 1294|       /* and then eat trailing dots and blanks */
# 1295|       while (p > ret) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def75]
work/whois.c:1340:13: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
work/whois.c:1306:8: branch_false: following ‘false’ branch...
work/whois.c:1306:8: branch_false: ...to here
work/whois.c:1310:19: branch_false: following ‘false’ branch...
work/whois.c:1314:8: branch_false: ...to here
work/whois.c:1314:8: branch_false: following ‘false’ branch (when ‘domain_start’ is NULL)...
work/whois.c:1340:13: branch_false: ...to here
work/whois.c:1340:13: throw: if ‘idn2_lookup_ul’ throws an exception...
work/whois.c:1340:13: danger: ‘p’ leaks here; was allocated at [(1)](sarif:/runs/0/results/84/codeFlows/0/threadFlows/0/locations/0)
# 1338|   
# 1339|   #ifdef HAVE_LIBIDN2
# 1340|-> 	if (idn2_lookup_ul(ret, &q, IDN2_NONTRANSITIONAL) != IDN2_OK)
# 1341|   	    return ret;
# 1342|   #else

Error: COMPILER_WARNING (CWE-704): [#def76]
work/whois.c: scope_hint: In function ‘split_server_port’
work/whois.c:1361:29: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1361 |     if (*input == '[' && (p = strchr(input, ']'))) {    /* IPv6 */
#      |                             ^
# 1359|       char *p;
# 1360|   
# 1361|->     if (*input == '[' && (p = strchr(input, ']'))) {	/* IPv6 */
# 1362|   	char *s;
# 1363|   	int len = p - input - 1;

Error: COMPILER_WARNING (CWE-704): [#def77]
work/whois.c:1361:29: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1359|       char *p;
# 1360|   
# 1361|->     if (*input == '[' && (p = strchr(input, ']'))) {	/* IPv6 */
# 1362|   	char *s;
# 1363|   	int len = p - input - 1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def78]
work/whois.c:1365:23: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc((long unsigned int)(int)(p - input))’
work/whois.c:1361:8: branch_true: following ‘true’ branch...
work/whois.c:1361:31: branch_true: ...to here
work/whois.c:1361:9: branch_true: following ‘true’ branch (when ‘p’ is non-NULL)...
work/whois.c:1363:19: branch_true: ...to here
work/whois.c:1365:23: acquire_memory: allocated here
work/whois.c:1365:23: danger: ‘malloc((long unsigned int)(int)(p - input))’ leaks here; was allocated at [(6)](sarif:/runs/0/results/85/codeFlows/0/threadFlows/0/locations/5)
# 1363|   	int len = p - input - 1;
# 1364|   
# 1365|-> 	*server = s = malloc(len + 1);
# 1366|   	memcpy(s, input + 1, len);
# 1367|   	*(s + len) = '\0';

Error: GCC_ANALYZER_WARNING (CWE-401): [#def79]
work/whois.c:1371:21: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(p + 1)’
work/whois.c:1361:8: branch_true: following ‘true’ branch...
work/whois.c:1361:31: branch_true: ...to here
work/whois.c:1361:9: branch_true: following ‘true’ branch (when ‘p’ is non-NULL)...
work/whois.c:1363:19: branch_true: ...to here
work/whois.c:1370:12: branch_true: following ‘true’ branch...
work/whois.c:1371:21: acquire_memory: allocated here
work/whois.c:1371:21: danger: ‘strdup(p + 1)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/86/codeFlows/0/threadFlows/0/locations/8)
# 1369|   	p = strchr(p, ':');
# 1370|   	if (p && *(p + 1) != '\0')
# 1371|-> 	    *port = strdup(p + 1);			/* IPv6 + port */
# 1372|       } else if ((p = strchr(input, ':')) &&		/* IPv6, no port */
# 1373|   	    strchr(p + 1, ':')) {			/*   and no brackets */

Error: COMPILER_WARNING (CWE-704): [#def80]
work/whois.c:1372:19: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1372 |     } else if ((p = strchr(input, ':')) &&              /* IPv6, no port */
#      |                   ^
# 1370|   	if (p && *(p + 1) != '\0')
# 1371|   	    *port = strdup(p + 1);			/* IPv6 + port */
# 1372|->     } else if ((p = strchr(input, ':')) &&		/* IPv6, no port */
# 1373|   	    strchr(p + 1, ':')) {			/*   and no brackets */
# 1374|   	*server = strdup(input);

Error: COMPILER_WARNING (CWE-704): [#def81]
work/whois.c:1372:19: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1370|   	if (p && *(p + 1) != '\0')
# 1371|   	    *port = strdup(p + 1);			/* IPv6 + port */
# 1372|->     } else if ((p = strchr(input, ':')) &&		/* IPv6, no port */
# 1373|   	    strchr(p + 1, ':')) {			/*   and no brackets */
# 1374|   	*server = strdup(input);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def82]
work/whois.c:1374:19: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(input)’
work/whois.c:1372:15: branch_true: following ‘true’ branch (when ‘p’ is non-NULL)...
work/whois.c:1373:13: branch_true: ...to here
work/whois.c:1372:16: branch_true: following ‘true’ branch...
work/whois.c:1374:19: branch_true: ...to here
work/whois.c:1374:19: acquire_memory: allocated here
work/whois.c:1374:19: danger: ‘strdup(input)’ leaks here; was allocated at [(7)](sarif:/runs/0/results/87/codeFlows/0/threadFlows/0/locations/6)
# 1372|       } else if ((p = strchr(input, ':')) &&		/* IPv6, no port */
# 1373|   	    strchr(p + 1, ':')) {			/*   and no brackets */
# 1374|-> 	*server = strdup(input);
# 1375|       } else if ((p = strchr(input, ':'))) {		/* IPv4 + port */
# 1376|   	char *s;

Error: COMPILER_WARNING (CWE-704): [#def83]
work/whois.c:1375:19: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1375 |     } else if ((p = strchr(input, ':'))) {              /* IPv4 + port */
#      |                   ^
# 1373|   	    strchr(p + 1, ':')) {			/*   and no brackets */
# 1374|   	*server = strdup(input);
# 1375|->     } else if ((p = strchr(input, ':'))) {		/* IPv4 + port */
# 1376|   	char *s;
# 1377|   	int len = p - input;

Error: COMPILER_WARNING (CWE-704): [#def84]
work/whois.c:1375:19: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1373|   	    strchr(p + 1, ':')) {			/*   and no brackets */
# 1374|   	*server = strdup(input);
# 1375|->     } else if ((p = strchr(input, ':'))) {		/* IPv4 + port */
# 1376|   	char *s;
# 1377|   	int len = p - input;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def85]
work/whois.c:1379:23: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc((long unsigned int)(len + 1))’
work/whois.c:1372:15: branch_true: following ‘true’ branch (when ‘p’ is non-NULL)...
work/whois.c:1373:13: branch_true: ...to here
work/whois.c:1372:16: branch_false: following ‘false’ branch...
work/whois.c:1375:15: branch_false: ...to here
work/whois.c:1375:15: branch_true: following ‘true’ branch (when ‘p’ is non-NULL)...
work/whois.c:1377:19: branch_true: ...to here
work/whois.c:1379:23: acquire_memory: allocated here
work/whois.c:1379:23: danger: ‘malloc((long unsigned int)(len + 1))’ leaks here; was allocated at [(9)](sarif:/runs/0/results/88/codeFlows/0/threadFlows/0/locations/8)
# 1377|   	int len = p - input;
# 1378|   
# 1379|-> 	*server = s = malloc(len + 1);
# 1380|   	memcpy(s, input, len);
# 1381|   	*(s + len) = '\0';

Error: GCC_ANALYZER_WARNING (CWE-401): [#def86]
work/whois.c:1385:21: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(p)’
work/whois.c:1372:15: branch_true: following ‘true’ branch (when ‘p’ is non-NULL)...
work/whois.c:1373:13: branch_true: ...to here
work/whois.c:1372:16: branch_false: following ‘false’ branch...
work/whois.c:1375:15: branch_false: ...to here
work/whois.c:1375:15: branch_true: following ‘true’ branch (when ‘p’ is non-NULL)...
work/whois.c:1377:19: branch_true: ...to here
work/whois.c:1384:12: branch_true: following ‘true’ branch...
work/whois.c:1385:21: branch_true: ...to here
work/whois.c:1385:21: acquire_memory: allocated here
work/whois.c:1385:21: danger: ‘strdup(p)’ leaks here; was allocated at [(11)](sarif:/runs/0/results/89/codeFlows/0/threadFlows/0/locations/10)
# 1383|   	p++;
# 1384|   	if (*p != '\0')
# 1385|-> 	    *port = strdup(p);
# 1386|       } else {						/* IPv4, no port */
# 1387|   	*server = strdup(input);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def87]
work/whois.c:1387:19: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(input)’
work/whois.c:1372:15: branch_false: following ‘false’ branch (when ‘p’ is NULL)...
work/whois.c:1375:15: branch_false: ...to here
work/whois.c:1375:15: branch_false: following ‘false’ branch (when ‘p’ is NULL)...
work/whois.c:1387:19: branch_false: ...to here
work/whois.c:1387:19: acquire_memory: allocated here
work/whois.c:1387:19: danger: ‘strdup(input)’ leaks here; was allocated at [(6)](sarif:/runs/0/results/90/codeFlows/0/threadFlows/0/locations/5)
# 1385|   	    *port = strdup(p);
# 1386|       } else {						/* IPv4, no port */
# 1387|-> 	*server = strdup(input);
# 1388|       }
# 1389|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def88]
work/whois.c:1404:9: warning[-Wanalyzer-malloc-leak]: leak of ‘convert_6to4(query)’
work/whois.c:317:5: enter_function: entry to ‘handle_query’
work/whois.c:323:8: branch_false: following ‘false’ branch (when ‘hport’ is NULL)...
work/whois.c:326:16: branch_false: ...to here
work/whois.c:326:15: branch_false: following ‘false’ branch...
work/whois.c:329:9: branch_false: ...to here
work/whois.c:329:9: call_function: calling ‘split_server_port’ from ‘handle_query’
work/whois.c:329:9: return_function: returning to ‘handle_query’ from ‘split_server_port’
work/whois.c:370:17: call_function: calling ‘convert_6to4’ from ‘handle_query’
work/whois.c:370:17: return_function: returning to ‘handle_query’ from ‘convert_6to4’
work/whois.c:373:22: call_function: calling ‘guess_server’ from ‘handle_query’
# 1402|       items = sscanf(s, "2002:%x:%x%c", &a, &b, &c);
# 1403|   
# 1404|->     if (items <= 0 || items == 2 || (items == 3 && c != ':'))
# 1405|   	return strdup("0.0.0.0");
# 1406|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def89]
work/whois.c:1405:16: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("0.0.0.0")’
work/whois.c:1405:16: acquire_memory: allocated here
work/whois.c:1405:16: danger: ‘strdup("0.0.0.0")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/96/codeFlows/0/threadFlows/0/locations/0)
# 1403|   
# 1404|       if (items <= 0 || items == 2 || (items == 3 && c != ':'))
# 1405|-> 	return strdup("0.0.0.0");
# 1406|   
# 1407|       if (items == 1) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def90]
work/whois.c:1410:20: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("0.0.0.0")’
work/whois.c:1404:8: branch_false: following ‘false’ branch...
work/whois.c:1404:9: branch_false: ...to here
work/whois.c:1407:8: branch_true: following ‘true’ branch (when ‘items == 1’)...
work/whois.c:1408:17: branch_true: ...to here
work/whois.c:1410:20: acquire_memory: allocated here
work/whois.c:1410:20: danger: ‘strdup("0.0.0.0")’ leaks here; was allocated at [(5)](sarif:/runs/0/results/97/codeFlows/0/threadFlows/0/locations/4)
# 1408|   	items = sscanf(s, "2002:%x:%c", &a, &c);
# 1409|   	if (items != 2 || c != ':')
# 1410|-> 	    return strdup("0.0.0.0");
# 1411|   	b = 0;
# 1412|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def91]
work/whois.c:1414:11: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(16)’
work/whois.c:1404:8: branch_false: following ‘false’ branch...
work/whois.c:1404:9: branch_false: ...to here
work/whois.c:1414:11: acquire_memory: allocated here
work/whois.c:1414:11: danger: ‘malloc(16)’ leaks here; was allocated at [(3)](sarif:/runs/0/results/98/codeFlows/0/threadFlows/0/locations/2)
# 1412|       }
# 1413|   
# 1414|->     new = malloc(sizeof("255.255.255.255"));
# 1415|       sprintf(new, "%u.%u.%u.%u", a >> 8, a & 0xff, b >> 8, b & 0xff);
# 1416|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def92]
work/whois.c:1426:16: warning[-Wanalyzer-malloc-leak]: leak of ‘server’
work/whois.c:317:5: enter_function: entry to ‘handle_query’
work/whois.c:323:8: branch_false: following ‘false’ branch (when ‘hport’ is NULL)...
work/whois.c:326:16: branch_false: ...to here
work/whois.c:326:15: branch_true: following ‘true’ branch...
work/whois.c:327:18: branch_true: ...to here
work/whois.c:377:17: call_function: calling ‘convert_teredo’ from ‘handle_query’
# 1424|   
# 1425|       if (sscanf(s, "2001:%*[^:]:%*[^:]:%*[^:]:%*[^:]:%*[^:]:%x:%x", &a, &b) != 2)
# 1426|-> 	return strdup("0.0.0.0");
# 1427|   
# 1428|       a ^= 0xffff;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def93]
work/whois.c:1426:16: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("0.0.0.0")’
work/whois.c:1425:8: branch_true: following ‘true’ branch...
work/whois.c:1426:16: branch_true: ...to here
work/whois.c:1426:16: acquire_memory: allocated here
work/whois.c:1426:16: danger: ‘strdup("0.0.0.0")’ leaks here; was allocated at [(3)](sarif:/runs/0/results/99/codeFlows/0/threadFlows/0/locations/2)
# 1424|   
# 1425|       if (sscanf(s, "2001:%*[^:]:%*[^:]:%*[^:]:%*[^:]:%*[^:]:%x:%x", &a, &b) != 2)
# 1426|-> 	return strdup("0.0.0.0");
# 1427|   
# 1428|       a ^= 0xffff;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def94]
work/whois.c:1430:11: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(16)’
work/whois.c:1425:8: branch_false: following ‘false’ branch...
work/whois.c:1428:7: branch_false: ...to here
work/whois.c:1430:11: acquire_memory: allocated here
work/whois.c:1430:11: danger: ‘malloc(16)’ leaks here; was allocated at [(3)](sarif:/runs/0/results/101/codeFlows/0/threadFlows/0/locations/2)
# 1428|       a ^= 0xffff;
# 1429|       b ^= 0xffff;
# 1430|->     new = malloc(sizeof("255.255.255.255"));
# 1431|       sprintf(new, "%u.%u.%u.%u", a >> 8, a & 0xff, b >> 8, b & 0xff);
# 1432|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def95]
work/whois.c:1446:16: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("0.0.0.0")’
work/whois.c:1446:16: acquire_memory: allocated here
work/whois.c:1446:16: danger: ‘strdup("0.0.0.0")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/102/codeFlows/0/threadFlows/0/locations/0)
# 1444|       a = strtol(s, &endptr, 10);
# 1445|       if (errno || a < 0 || a > 255 || *endptr != '.')
# 1446|-> 	return strdup("0.0.0.0");
# 1447|   
# 1448|       if (in_domain(endptr + 1, "in-addr.arpa")) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def96]
work/whois.c:1451:20: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("0.0.0.0")’
work/whois.c:1436:7: enter_function: entry to ‘convert_inaddr’
work/whois.c:1445:8: branch_false: following ‘false’ branch...
work/whois.c:1448:9: call_function: calling ‘in_domain’ from ‘convert_inaddr’
work/whois.c:1448:9: return_function: returning to ‘convert_inaddr’ from ‘in_domain’
work/whois.c:1448:8: branch_true: following ‘true’ branch...
work/whois.c:1449:13: branch_true: ...to here
work/whois.c:1451:20: acquire_memory: allocated here
work/whois.c:1451:20: danger: ‘strdup("0.0.0.0")’ leaks here; was allocated at [(17)](sarif:/runs/0/results/103/codeFlows/0/threadFlows/0/locations/16)
# 1449|   	b = strtol(endptr + 1, &endptr, 10);			/* 1.2. */
# 1450|   	if (errno || b < 0 || b > 255 || *endptr != '.')
# 1451|-> 	    return strdup("0.0.0.0");
# 1452|   
# 1453|   	if (in_domain(endptr + 1, "in-addr.arpa")) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def97]
work/whois.c:1456:24: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("0.0.0.0")’
work/whois.c:1436:7: enter_function: entry to ‘convert_inaddr’
work/whois.c:1445:8: branch_false: following ‘false’ branch...
work/whois.c:1448:9: call_function: calling ‘in_domain’ from ‘convert_inaddr’
work/whois.c:1448:9: return_function: returning to ‘convert_inaddr’ from ‘in_domain’
work/whois.c:1448:8: branch_true: following ‘true’ branch...
work/whois.c:1449:13: branch_true: ...to here
work/whois.c:1450:12: branch_false: following ‘false’ branch...
work/whois.c:1453:13: call_function: calling ‘in_domain’ from ‘convert_inaddr’
work/whois.c:1453:13: return_function: returning to ‘convert_inaddr’ from ‘in_domain’
work/whois.c:1453:12: branch_true: following ‘true’ branch...
work/whois.c:1454:17: branch_true: ...to here
work/whois.c:1456:24: acquire_memory: allocated here
work/whois.c:1456:24: danger: ‘strdup("0.0.0.0")’ leaks here; was allocated at [(32)](sarif:/runs/0/results/104/codeFlows/0/threadFlows/0/locations/31)
# 1454|   	    c = strtol(endptr + 1, &endptr, 10);		/* 1.2.3. */
# 1455|   	    if (errno || c < 0 || c > 255 || *endptr != '.')
# 1456|-> 		return strdup("0.0.0.0");
# 1457|   
# 1458|   	    if (in_domain(endptr + 1, "in-addr.arpa"))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def98]
work/whois.c:1459:24: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup("0.0.0.0")’
work/whois.c:1436:7: enter_function: entry to ‘convert_inaddr’
work/whois.c:1445:8: branch_false: following ‘false’ branch...
work/whois.c:1448:9: call_function: calling ‘in_domain’ from ‘convert_inaddr’
work/whois.c:1448:9: return_function: returning to ‘convert_inaddr’ from ‘in_domain’
work/whois.c:1448:8: branch_true: following ‘true’ branch...
work/whois.c:1449:13: branch_true: ...to here
work/whois.c:1450:12: branch_false: following ‘false’ branch...
work/whois.c:1453:13: call_function: calling ‘in_domain’ from ‘convert_inaddr’
work/whois.c:1453:13: return_function: returning to ‘convert_inaddr’ from ‘in_domain’
work/whois.c:1453:12: branch_true: following ‘true’ branch...
work/whois.c:1454:17: branch_true: ...to here
work/whois.c:1455:16: branch_false: following ‘false’ branch...
work/whois.c:1458:17: call_function: calling ‘in_domain’ from ‘convert_inaddr’
work/whois.c:1458:17: return_function: returning to ‘convert_inaddr’ from ‘in_domain’
work/whois.c:1458:16: branch_true: following ‘true’ branch...
work/whois.c:1459:24: branch_true: ...to here
work/whois.c:1459:24: acquire_memory: allocated here
work/whois.c:1459:24: danger: ‘strdup("0.0.0.0")’ leaks here; was allocated at [(47)](sarif:/runs/0/results/105/codeFlows/0/threadFlows/0/locations/46)
# 1457|   
# 1458|   	    if (in_domain(endptr + 1, "in-addr.arpa"))
# 1459|-> 		return strdup("0.0.0.0");
# 1460|   	} else {
# 1461|   	    c = b; b = a; a = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def99]
work/whois.c:1467:11: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(16)’
work/whois.c:1445:8: branch_false: following ‘false’ branch...
work/whois.c:1448:8: branch_false: following ‘false’ branch...
work/whois.c:1467:11: branch_false: ...to here
work/whois.c:1467:11: acquire_memory: allocated here
work/whois.c:1467:11: danger: ‘malloc(16)’ leaks here; was allocated at [(5)](sarif:/runs/0/results/106/codeFlows/0/threadFlows/0/locations/4)
# 1465|       }
# 1466|   
# 1467|->     new = malloc(sizeof("255.255.255.255"));
# 1468|       sprintf(new, "%ld.%ld.%ld.0", c, b, a);
# 1469|       return new;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def100]
work/whois.c:1478:10: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(40)’
work/whois.c:1478:10: acquire_memory: allocated here
work/whois.c:1478:10: danger: ‘malloc(40)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/107/codeFlows/0/threadFlows/0/locations/0)
# 1476|       int digits = 1;
# 1477|   
# 1478|->     ip = malloc(40);
# 1479|   
# 1480|       p = strstr(s, ".ip6.arpa");

Error: COMPILER_WARNING (CWE-704): [#def101]
work/whois.c: scope_hint: In function ‘convert_in6arpa’
work/whois.c:1480:7: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1480 |     p = strstr(s, ".ip6.arpa");
#      |       ^
# 1478|       ip = malloc(40);
# 1479|   
# 1480|->     p = strstr(s, ".ip6.arpa");
# 1481|       if (!p || p == s) {
# 1482|   	ip[character] = '\0';

Error: COMPILER_WARNING (CWE-704): [#def102]
work/whois.c:1480:7: warning[-Wdiscarded-qualifiers]: assignment discards ‘const’ qualifier from pointer target type
# 1478|       ip = malloc(40);
# 1479|   
# 1480|->     p = strstr(s, ".ip6.arpa");
# 1481|       if (!p || p == s) {
# 1482|   	ip[character] = '\0';

Scan Properties