Error: GCC_ANALYZER_WARNING (CWE-476): [#def1] bind-dyndb-ldap-11.11/src/acl.c:226:17: warning[-Wanalyzer-null-dereference]: dereference of NULL 'types' bind-dyndb-ldap-11.11/src/acl.c:207:12: branch_false: following 'false' branch... bind-dyndb-ldap-11.11/src/acl.c:211:19: branch_false: ...to here bind-dyndb-ldap-11.11/src/acl.c:211:40: branch_true: following 'true' branch (when 'el' is non-NULL)... bind-dyndb-ldap-11.11/src/acl.c:216:17: branch_true: ...to here bind-dyndb-ldap-11.11/src/acl.c:216:17: branch_false: following 'false' branch... bind-dyndb-ldap-11.11/src/acl.c:216:17: branch_false: ...to here bind-dyndb-ldap-11.11/src/acl.c:226:22: release_memory: 'types' is NULL bind-dyndb-ldap-11.11/src/acl.c:226:22: release_memory: 'types' is NULL bind-dyndb-ldap-11.11/src/acl.c:226:22: release_memory: 'types' is NULL bind-dyndb-ldap-11.11/src/acl.c:226:17: danger: dereference of NULL 'types + (long unsigned int)i * 8' # 224| result = dns_rdatatype_fromtext(&types[i++], &r); # 225| #else # 226|-> types[i].max = 0; # 227| result = dns_rdatatype_fromtext(&types[i++].type, &r); # 228| #endif Error: GCC_ANALYZER_WARNING (CWE-476): [#def2] bind-dyndb-ldap-11.11/src/bindcfg.c:35:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'cfg_type' bind-dyndb-ldap-11.11/src/bindcfg.c:84:1: enter_function: entry to 'cfg_init_types' bind-dyndb-ldap-11.11/src/bindcfg.c:89:20: call_function: calling 'get_type_from_clause_array' from 'cfg_init_types' bind-dyndb-ldap-11.11/src/bindcfg.c:89:20: return_function: returning to 'cfg_init_types' from 'get_type_from_clause_array' bind-dyndb-ldap-11.11/src/bindcfg.c:90:20: call_function: calling 'get_type_from_tuplefield' from 'cfg_init_types' # 33| REQUIRE(name != NULL); # 34| # 35|-> field = (cfg_tuplefielddef_t *)cfg_type->of; # 36| for (int i = 0; field[i].name != NULL; i++) { # 37| if (!strcmp(field[i].name, name)) { Error: GCC_ANALYZER_WARNING (CWE-476): [#def3] bind-dyndb-ldap-11.11/src/bindcfg.c:73:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'cfg_type' bind-dyndb-ldap-11.11/src/bindcfg.c:84:1: enter_function: entry to 'cfg_init_types' bind-dyndb-ldap-11.11/src/bindcfg.c:89:20: call_function: calling 'get_type_from_clause_array' from 'cfg_init_types' bind-dyndb-ldap-11.11/src/bindcfg.c:89:20: return_function: returning to 'cfg_init_types' from 'get_type_from_clause_array' bind-dyndb-ldap-11.11/src/bindcfg.c:90:20: call_function: calling 'get_type_from_tuplefield' from 'cfg_init_types' bind-dyndb-ldap-11.11/src/bindcfg.c:90:20: return_function: returning to 'cfg_init_types' from 'get_type_from_tuplefield' bind-dyndb-ldap-11.11/src/bindcfg.c:92:34: call_function: calling 'get_type_from_clause_array' from 'cfg_init_types' # 71| REQUIRE(name != NULL); # 72| # 73|-> clauses = (const cfg_clausedef_t **)cfg_type->of; # 74| for (int i = 0; clauses[i] != NULL; i++) { # 75| ret = get_type_from_clause(clauses[i], name); Error: GCC_ANALYZER_WARNING (CWE-126): [#def4] bind-dyndb-ldap-11.11/src/fs.c:37:17: warning[-Wanalyzer-out-of-bounds]: buffer over-read bind-dyndb-ldap-11.11/src/fs.c:36:12: branch_true: following 'true' branch... bind-dyndb-ldap-11.11/src/fs.c:37:17: branch_true: ...to here bind-dyndb-ldap-11.11/src/fs.c:37:17: danger: out-of-bounds read at byte 4096 but 'msg_getcwd_failed' ends at byte 4096 # 35| # 36| if (getcwd(dir_curr, sizeof(dir_curr) - 1) == NULL) # 37|-> strncpy(dir_curr, msg_getcwd_failed, sizeof(dir_curr)); # 38| ret = mkdir(dir_name, dir_mode); # 39| if (ret == 0) Error: GCC_ANALYZER_WARNING (CWE-126): [#def5] bind-dyndb-ldap-11.11/src/fs.c:115:25: warning[-Wanalyzer-out-of-bounds]: buffer over-read bind-dyndb-ldap-11.11/src/fs.c:111:12: branch_false: following 'false' branch... bind-dyndb-ldap-11.11/src/fs.c:113:17: branch_false: ...to here bind-dyndb-ldap-11.11/src/fs.c:113:17: branch_true: following 'true' branch... bind-dyndb-ldap-11.11/src/fs.c:114:21: branch_true: ...to here bind-dyndb-ldap-11.11/src/fs.c:114:20: branch_true: following 'true' branch... bind-dyndb-ldap-11.11/src/fs.c:115:25: branch_true: ...to here bind-dyndb-ldap-11.11/src/fs.c:115:25: danger: out-of-bounds read at byte 4096 but 'msg_getcwd_failed' ends at byte 4096 # 113| else if (result != ISC_R_SUCCESS) { # 114| if (getcwd(dir_curr, sizeof(dir_curr) - 1) == NULL) # 115|-> strncpy(dir_curr, msg_getcwd_failed, sizeof(dir_curr)); # 116| log_error_r("unable to delete file '%s', working directory " # 117| "is '%s'", file_name, dir_curr); Error: GCC_ANALYZER_WARNING (CWE-465): [#def6] bind-dyndb-ldap-11.11/src/ldap_driver.c:1130:12: warning[-Wanalyzer-deref-before-check]: check of 'isc__mem_get(mctx, 208, 0)' for NULL after already dereferencing it # 1128| # 1129| cleanup: # 1130|-> if (ldapdb != NULL) { # 1131| if (lock_ready == true) { # 1132| /* isc_mutex_destroy errors are now fatal */ Error: CPPCHECK_WARNING (CWE-190): [#def7] bind-dyndb-ldap-11.11/src/ldap_helper.c:628: error[integerOverflow]: Signed integer overflow for expression '(0xDDDD<<16)+5'. # 626| gfwdevent = (ldap_globalfwd_handleez_t *)isc_event_allocate( # 627| ldap_inst->mctx, ldap_inst, # 628|-> LDAPDB_EVENT_GLOBALFWD_HANDLEEZ, # 629| empty_zone_handle_globalfwd_ev, # 630| ldap_inst->view->zonetable, Error: GCC_ANALYZER_WARNING (CWE-465): [#def8] bind-dyndb-ldap-11.11/src/ldap_helper.c:1015:9: warning[-Wanalyzer-deref-before-check]: check of 'inst' for NULL after already dereferencing it # 1013| char zone_name[DNS_NAME_FORMATSIZE]; # 1014| # 1015|-> REQUIRE(inst != NULL); # 1016| REQUIRE(name != NULL); # 1017| REQUIRE(rawp != NULL && *rawp == NULL); Error: GCC_ANALYZER_WARNING (CWE-476): [#def9] bind-dyndb-ldap-11.11/src/ldap_helper.c:2339:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'rdatalist' bind-dyndb-ldap-11.11/src/ldap_helper.c:2285:1: enter_function: entry to 'findrdatatype_or_create' bind-dyndb-ldap-11.11/src/ldap_helper.c:2297:18: call_function: calling 'ldapdb_rdatalist_findrdatatype' from 'findrdatatype_or_create' # 2337| REQUIRE(rdlistp != NULL && *rdlistp == NULL); # 2338| # 2339|-> rdlist = HEAD(*rdatalist); # 2340| while (rdlist != NULL && rdlist->type != rdtype) { # 2341| rdlist = NEXT(rdlist, link); Error: GCC_ANALYZER_WARNING (CWE-476): [#def10] bind-dyndb-ldap-11.11/src/ldap_helper.c:3673:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'pool' bind-dyndb-ldap-11.11/src/ldap_helper.c:3354:1: enter_function: entry to 'modify_soa_record' bind-dyndb-ldap-11.11/src/ldap_helper.c:3384:9: branch_false: following 'false' branch... bind-dyndb-ldap-11.11/src/ldap_helper.c:3385:9: branch_false: ...to here bind-dyndb-ldap-11.11/src/ldap_helper.c:3385:9: branch_false: following 'false' branch... bind-dyndb-ldap-11.11/src/ldap_helper.c:3386:9: branch_false: ...to here bind-dyndb-ldap-11.11/src/ldap_helper.c:3386:9: branch_false: following 'false' branch... bind-dyndb-ldap-11.11/src/ldap_helper.c:3387:9: branch_false: ...to here bind-dyndb-ldap-11.11/src/ldap_helper.c:3387:9: branch_false: following 'false' branch... bind-dyndb-ldap-11.11/src/ldap_helper.c:3388:9: branch_false: ...to here bind-dyndb-ldap-11.11/src/ldap_helper.c:3388:9: branch_false: following 'false' branch... bind-dyndb-ldap-11.11/src/ldap_helper.c:3390:9: branch_false: ...to here bind-dyndb-ldap-11.11/src/ldap_helper.c:3392:18: call_function: calling 'ldap_modify_do' from 'modify_soa_record' # 3671| /* Following assertion is necessary to convince clang static analyzer # 3672| * that the loop is always entered. */ # 3673|-> REQUIRE(pool->connections > 0); # 3674| for (i = 0; i < pool->connections; i++) { # 3675| ldap_conn = pool->conns[i]; Error: GCC_ANALYZER_WARNING (CWE-476): [#def11] bind-dyndb-ldap-11.11/src/ldap_helper.c:4163:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'entry' bind-dyndb-ldap-11.11/src/ldap_helper.c:4327:5: enter_function: entry to 'ldap_sync_search_entry' bind-dyndb-ldap-11.11/src/ldap_helper.c:4334:23: release_memory: 'old_entry' is NULL bind-dyndb-ldap-11.11/src/ldap_helper.c:4335:23: release_memory: 'old_entry' is NULL bind-dyndb-ldap-11.11/src/ldap_helper.c:4334:23: release_memory: 'old_entry' is NULL bind-dyndb-ldap-11.11/src/ldap_helper.c:4335:23: release_memory: 'old_entry' is NULL bind-dyndb-ldap-11.11/src/ldap_helper.c:4345:12: branch_false: following 'false' branch... bind-dyndb-ldap-11.11/src/ldap_helper.c:4348:9: branch_false: ...to here bind-dyndb-ldap-11.11/src/ldap_helper.c:4348:9: branch_false: following 'false' branch... bind-dyndb-ldap-11.11/src/ldap_helper.c:4351:9: branch_false: ...to here bind-dyndb-ldap-11.11/src/ldap_helper.c:4351:9: branch_false: following 'false' branch... bind-dyndb-ldap-11.11/src/ldap_helper.c:4352:9: branch_false: ...to here bind-dyndb-ldap-11.11/src/ldap_helper.c:4355:12: branch_false: following 'false' branch... bind-dyndb-ldap-11.11/src/ldap_helper.c:4359:13: branch_false: ...to here bind-dyndb-ldap-11.11/src/ldap_helper.c:4359:12: branch_false: following 'false' branch... branch_false: ...to here bind-dyndb-ldap-11.11/src/ldap_helper.c:4388:12: branch_true: following 'true' branch... bind-dyndb-ldap-11.11/src/ldap_helper.c:4390:17: branch_true: ...to here bind-dyndb-ldap-11.11/src/ldap_helper.c:4390:17: call_function: calling 'syncrepl_update' from 'ldap_sync_search_entry' # 4161| REQUIRE(entryp != NULL); # 4162| entry = *entryp; # 4163|-> REQUIRE(entry->class != LDAP_ENTRYCLASS_NONE); # 4164| # 4165| log_debug(20, "syncrepl_update change type: add%d, del%d, mod%d", Error: CPPCHECK_WARNING (CWE-190): [#def12] bind-dyndb-ldap-11.11/src/ldap_helper.c:4215: error[integerOverflow]: Signed integer overflow for expression '(0xDDDD<<16)+1'. # 4213| # 4214| pevent = (ldap_syncreplevent_t *)isc_event_allocate(inst->mctx, # 4215|-> inst, LDAPDB_EVENT_SYNCREPL_UPDATE, # 4216| action, NULL, # 4217| sizeof(ldap_syncreplevent_t)); Error: GCC_ANALYZER_WARNING (CWE-404): [#def13] bind-dyndb-ldap-11.11/src/log.c:22:9: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' bind-dyndb-ldap-11.11/src/log.c:21:9: acquire_resource: 'va_start' called here bind-dyndb-ldap-11.11/src/log.c:22:9: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0) # 20| # 21| va_start(args, format); # 22|-> isc_log_vwrite(dns_lctx, DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_DYNDB, # 23| level, format, args); # 24| va_end(args); Error: GCC_ANALYZER_WARNING (CWE-404): [#def14] bind-dyndb-ldap-11.11/src/str.c:62:9: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' bind-dyndb-ldap-11.11/src/str.c:316:1: enter_function: entry to 'str_vsprintf' bind-dyndb-ldap-11.11/src/str.c:325:9: acquire_resource: 'va_copy' called here bind-dyndb-ldap-11.11/src/str.c:327:12: branch_true: following 'true' branch (when 'len > 0')... bind-dyndb-ldap-11.11/src/str.c:328:17: branch_true: ...to here bind-dyndb-ldap-11.11/src/str.c:328:17: call_function: calling 'str_alloc' from 'str_vsprintf' # 60| # 61| REQUIRE(str != NULL); # 62|-> REQUIRE(str->mctx != NULL); # 63| # 64| if (str->allocated > len) Error: GCC_ANALYZER_WARNING (CWE-404): [#def15] bind-dyndb-ldap-11.11/src/str.c:76:22: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' bind-dyndb-ldap-11.11/src/str.c:316:1: enter_function: entry to 'str_vsprintf' bind-dyndb-ldap-11.11/src/str.c:325:9: acquire_resource: 'va_copy' called here bind-dyndb-ldap-11.11/src/str.c:327:12: branch_true: following 'true' branch (when 'len > 0')... bind-dyndb-ldap-11.11/src/str.c:328:17: branch_true: ...to here bind-dyndb-ldap-11.11/src/str.c:328:17: call_function: calling 'str_alloc' from 'str_vsprintf' # 74| new_buffer = isc__mem_get(str->mctx, new_size, str->file, str->line); # 75| #else # 76|-> new_buffer = isc_mem_get(str->mctx, new_size); # 77| #endif # 78| Error: GCC_ANALYZER_WARNING (CWE-404): [#def16] bind-dyndb-ldap-11.11/src/str.c:322:9: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' bind-dyndb-ldap-11.11/src/str.c:300:1: enter_function: entry to 'str_sprintf' bind-dyndb-ldap-11.11/src/str.c:308:9: acquire_resource: 'va_start' called here bind-dyndb-ldap-11.11/src/str.c:309:18: call_function: calling 'str_vsprintf' from 'str_sprintf' # 320| va_list backup; # 321| # 322|-> REQUIRE(dest != NULL); # 323| REQUIRE(format != NULL); # 324| Error: GCC_ANALYZER_WARNING (CWE-404): [#def17] bind-dyndb-ldap-11.11/src/str.c:323:9: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' bind-dyndb-ldap-11.11/src/str.c:300:1: enter_function: entry to 'str_sprintf' bind-dyndb-ldap-11.11/src/str.c:308:9: acquire_resource: 'va_start' called here bind-dyndb-ldap-11.11/src/str.c:309:18: call_function: calling 'str_vsprintf' from 'str_sprintf' # 321| # 322| REQUIRE(dest != NULL); # 323|-> REQUIRE(format != NULL); # 324| # 325| va_copy(backup, ap); Error: GCC_ANALYZER_WARNING (CWE-404): [#def18] bind-dyndb-ldap-11.11/src/str.c:328:17: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' bind-dyndb-ldap-11.11/src/str.c:316:1: enter_function: entry to 'str_vsprintf' bind-dyndb-ldap-11.11/src/str.c:325:9: acquire_resource: 'va_copy' called here bind-dyndb-ldap-11.11/src/str.c:327:12: branch_true: following 'true' branch (when 'len > 0')... bind-dyndb-ldap-11.11/src/str.c:328:17: branch_true: ...to here bind-dyndb-ldap-11.11/src/str.c:328:17: call_function: calling 'str_alloc' from 'str_vsprintf' bind-dyndb-ldap-11.11/src/str.c:328:17: return_function: returning to 'str_vsprintf' from 'str_alloc' bind-dyndb-ldap-11.11/src/str.c:328:17: branch_true: following 'true' branch... bind-dyndb-ldap-11.11/src/str.c:328:17: danger: missing call to 'va_end' to match 'va_copy' at [(2)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/1) # 326| len = vsnprintf(dest->data, dest->allocated, format, ap); # 327| if (len > 0) { # 328|-> CHECK(str_alloc(dest, len)); # 329| len = vsnprintf(dest->data, dest->allocated, format, backup); # 330| } Error: CPPCHECK_WARNING (CWE-190): [#def19] bind-dyndb-ldap-11.11/src/syncptr.c:394: error[integerOverflow]: Signed integer overflow for expression '(0xDDDD<<16)+4'. # 392| # 393| ev = (sync_ptrev_t *)isc_event_allocate(mctx, NULL, # 394|-> LDAPDB_EVENT_SYNCPTR, # 395| sync_ptr_handler, NULL, # 396| sizeof(sync_ptrev_t)); Error: CPPCHECK_WARNING (CWE-190): [#def20] bind-dyndb-ldap-11.11/src/syncrepl.c:176: error[integerOverflow]: Signed integer overflow for expression '(0xDDDD<<16)+2'. # 174| # 175| ev = (sync_barrierev_t *)isc_event_allocate(sctx->mctx, # 176|-> sctx, LDAPDB_EVENT_SYNCREPL_BARRIER, # 177| finish, NULL, # 178| sizeof(sync_barrierev_t)); Error: CPPCHECK_WARNING (CWE-190): [#def21] bind-dyndb-ldap-11.11/src/syncrepl.c:243: error[integerOverflow]: Signed integer overflow for expression '(0xDDDD<<16)+2'. # 241| # 242| ev = (sync_barrierev_t *)isc_event_allocate(sctx->mctx, # 243|-> sctx, LDAPDB_EVENT_SYNCREPL_BARRIER, # 244| barrier_decrement, NULL, # 245| sizeof(sync_barrierev_t));
| analyzer-version-clippy | 1.90.0 |
| analyzer-version-cppcheck | 2.18.3 |
| analyzer-version-gcc | 15.2.1 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-200.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-gcc-latest-x86_64 |
| project-name | bind-dyndb-ldap-11.11-8.fc44 |
| store-results-to | /tmp/tmpcdgsykdp/bind-dyndb-ldap-11.11-8.fc44.tar.xz |
| time-created | 2025-10-28 17:30:45 |
| time-finished | 2025-10-28 17:32:20 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'gcc,cppcheck,shellcheck,clippy,unicontrol' '-o' '/tmp/tmpcdgsykdp/bind-dyndb-ldap-11.11-8.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpcdgsykdp/bind-dyndb-ldap-11.11-8.fc44.src.rpm' |
| tool-version | csmock-3.8.3.20251027.143044.ge6b947b-1.el9 |