Error: GCC_ANALYZER_WARNING (CWE-775): [#def1] xz-5.8.2/src/common/tuklib_open_stdxxx.c:42:47: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", <unknown>)’ xz-5.8.2/src/common/tuklib_open_stdxxx.c:30:25: branch_true: following ‘true’ branch (when ‘i != 3’)... xz-5.8.2/src/common/tuklib_open_stdxxx.c:32:21: branch_true: ...to here xz-5.8.2/src/common/tuklib_open_stdxxx.c:37:40: branch_true: following ‘true’ branch (when ‘i == 0’)... xz-5.8.2/src/common/tuklib_open_stdxxx.c:37:40: branch_true: ...to here xz-5.8.2/src/common/tuklib_open_stdxxx.c:37:40: acquire_resource: opened here xz-5.8.2/src/common/tuklib_open_stdxxx.c:41:36: branch_true: following ‘true’ branch... xz-5.8.2/src/common/tuklib_open_stdxxx.c:42:47: branch_true: ...to here xz-5.8.2/src/common/tuklib_open_stdxxx.c:42:47: danger: ‘open("/dev/null", <unknown>)’ leaks here; was opened at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4) # 40| if (fd != i) { # 41| if (fd != -1) # 42|-> (void)close(fd); # 43| # 44| // Something went wrong. Exit with the Error: GCC_ANALYZER_WARNING (CWE-775): [#def2] xz-5.8.2/src/lzmainfo/lzmainfo.c:233:50: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(*<unknown>, "r")’ xz-5.8.2/src/lzmainfo/lzmainfo.c:195:1: enter_function: entry to ‘main’ xz-5.8.2/src/lzmainfo/lzmainfo.c:200:9: call_function: calling ‘parse_args’ from ‘main’ xz-5.8.2/src/lzmainfo/lzmainfo.c:200:9: return_function: returning to ‘main’ from ‘parse_args’ xz-5.8.2/src/lzmainfo/lzmainfo.c:211:12: branch_false: following ‘false’ branch... xz-5.8.2/src/lzmainfo/lzmainfo.c:215:17: branch_false: ...to here xz-5.8.2/src/lzmainfo/lzmainfo.c:222:43: acquire_resource: opened here xz-5.8.2/src/lzmainfo/lzmainfo.c:233:37: call_function: calling ‘lzmainfo’ from ‘main’ # 231| } # 232| # 233|-> if (lzmainfo(argv[optind], f)) # 234| ret = EXIT_FAILURE; # 235| Error: GCC_ANALYZER_WARNING (CWE-401): [#def3] xz-5.8.2/src/lzmainfo/lzmainfo.c:233:50: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(*<unknown>, "r")’ xz-5.8.2/src/lzmainfo/lzmainfo.c:195:1: enter_function: entry to ‘main’ xz-5.8.2/src/lzmainfo/lzmainfo.c:200:9: call_function: calling ‘parse_args’ from ‘main’ xz-5.8.2/src/lzmainfo/lzmainfo.c:200:9: return_function: returning to ‘main’ from ‘parse_args’ xz-5.8.2/src/lzmainfo/lzmainfo.c:211:12: branch_false: following ‘false’ branch... xz-5.8.2/src/lzmainfo/lzmainfo.c:215:17: branch_false: ...to here xz-5.8.2/src/lzmainfo/lzmainfo.c:222:43: acquire_memory: allocated here xz-5.8.2/src/lzmainfo/lzmainfo.c:233:37: call_function: calling ‘lzmainfo’ from ‘main’ # 231| } # 232| # 233|-> if (lzmainfo(argv[optind], f)) # 234| ret = EXIT_FAILURE; # 235| Error: GCC_ANALYZER_WARNING (CWE-457): [#def4] xz-5.8.2/src/xz/coder.c:650:21: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘encoder_memusages[i]’ xz-5.8.2/src/xz/coder.c:525:12: branch_false: following ‘false’ branch (when ‘memory_usage != 18446744073709551615’)... xz-5.8.2/src/xz/coder.c:533:9: branch_false: ...to here xz-5.8.2/src/xz/coder.c:545:12: branch_false: following ‘false’ branch (when ‘memory_limit < memory_usage’)... xz-5.8.2/src/xz/coder.c:550:13: branch_false: ...to here xz-5.8.2/src/xz/coder.c:550:12: branch_false: following ‘false’ branch... xz-5.8.2/src/xz/coder.c:557:12: branch_false: ...to here xz-5.8.2/src/xz/coder.c:635:12: branch_false: following ‘false’ branch (when ‘memory_limit < memory_usage’)... xz-5.8.2/src/xz/coder.c:640:13: branch_false: ...to here xz-5.8.2/src/xz/coder.c:640:12: branch_true: following ‘true’ branch... xz-5.8.2/src/xz/coder.c:640:12: branch_true: ...to here xz-5.8.2/src/xz/coder.c:644:30: branch_true: following ‘true’ branch (when ‘i != 10’)... xz-5.8.2/src/xz/coder.c:646:42: branch_true: ...to here xz-5.8.2/src/xz/coder.c:650:21: danger: use of uninitialized value ‘encoder_memusages[i]’ here # 648| # 649| // Skip chains that already meet the memory usage limit. # 650|-> if (encoder_memusages[i] <= memory_limit) # 651| continue; # 652| Error: GCC_ANALYZER_WARNING (CWE-404): [#def5] xz-5.8.2/src/xz/message.c:308:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ xz-5.8.2/src/xz/message.c:942:1: enter_function: entry to ‘detect_wrapping_errors’ xz-5.8.2/src/xz/message.c:952:17: call_function: calling ‘message_fatal’ from ‘detect_wrapping_errors’ # 306| // units than MiB if the file was small. # 307| const enum nicestr_unit unit_min = final ? NICESTR_B : NICESTR_MIB; # 308|-> my_snprintf(&pos, &left, "%s / %s", # 309| uint64_to_nicestr(compressed_pos, # 310| unit_min, NICESTR_TIB, false, 0), Error: GCC_ANALYZER_WARNING (CWE-404): [#def6] xz-5.8.2/src/xz/message.c:630:34: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ xz-5.8.2/src/xz/message.c:942:1: enter_function: entry to ‘detect_wrapping_errors’ xz-5.8.2/src/xz/message.c:952:17: call_function: calling ‘message_fatal’ from ‘detect_wrapping_errors’ # 628| progress_active = false; # 629| # 630|-> const uint64_t elapsed = mytime_get_elapsed(); # 631| # 632| signals_block(); Error: GCC_ANALYZER_WARNING (CWE-404): [#def7] xz-5.8.2/src/xz/message.c:632:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ xz-5.8.2/src/xz/message.c:942:1: enter_function: entry to ‘detect_wrapping_errors’ xz-5.8.2/src/xz/message.c:952:17: call_function: calling ‘message_fatal’ from ‘detect_wrapping_errors’ # 630| const uint64_t elapsed = mytime_get_elapsed(); # 631| # 632|-> signals_block(); # 633| # 634| // When using the auto-updating progress indicator, the final Error: GCC_ANALYZER_WARNING (CWE-404): [#def8] xz-5.8.2/src/xz/message.c:700:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’ xz-5.8.2/src/xz/message.c:942:1: enter_function: entry to ‘detect_wrapping_errors’ xz-5.8.2/src/xz/message.c:952:17: call_function: calling ‘message_fatal’ from ‘detect_wrapping_errors’ # 698| { # 699| if (v <= verbosity) { # 700|-> signals_block(); # 701| # 702| progress_flush(false);
| analyzer-version-clippy | 1.92.0 |
| analyzer-version-cppcheck | 2.19.1 |
| analyzer-version-gcc | 16.0.0 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-40.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-x86_64 |
| project-name | xz-5.8.2-1.fc44 |
| store-results-to | /tmp/tmpav2myqib/xz-5.8.2-1.fc44.tar.xz |
| time-created | 2026-01-08 22:16:56 |
| time-finished | 2026-01-08 22:18:54 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpav2myqib/xz-5.8.2-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpav2myqib/xz-5.8.2-1.fc44.src.rpm' |
| tool-version | csmock-3.8.3.20251215.161544.g62de9a5-1.el9 |