chrony-4.8-3.fc44

List of Findings

Error: SHELLCHECK_WARNING (CWE-457): [#def1]
/etc/dhcp/dhclient.d/chrony.sh:4:30: warning[SC2154]: interface is referenced but not assigned.
#    2|   
#    3|   CHRONY_SOURCEDIR=/run/chrony-dhcp
#    4|-> SERVERFILE=$CHRONY_SOURCEDIR/$interface.sources
#    5|   
#    6|   chrony_config() {

Error: SHELLCHECK_WARNING (CWE-457): [#def2]
/etc/dhcp/dhclient.d/chrony.sh:13:17: warning[SC2154]: new_ntp_servers is referenced but not assigned.
#   11|   	if [ "$PEERNTP" != "no" ]; then
#   12|   		mkdir -p $CHRONY_SOURCEDIR
#   13|-> 		for server in $new_ntp_servers; do
#   14|   			echo "server $server ${NTPSERVERARGS:-iburst}" >> "$SERVERFILE"
#   15|   		done

Error: GCC_ANALYZER_WARNING (CWE-457): [#def3]
chrony-4.8/getdate.c:1225:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyss’
chrony-4.8/getdate.c:1183:6: branch_true: following ‘true’ branch...
chrony-4.8/getdate.c:1189:28: branch_true: ...to here
chrony-4.8/getdate.c:1212:10: branch_false: following ‘false’ branch (when ‘yystacksize <= 9999’)...
chrony-4.8/getdate.c:1214:7: branch_false: ...to here
chrony-4.8/getdate.c:1223:12: branch_false: following ‘false’ branch (when ‘yyptr’ is non-NULL)...
chrony-4.8/getdate.c:1225:9: branch_false: ...to here
chrony-4.8/getdate.c:1225:9: danger: use of uninitialized value ‘yyss’ here
# 1223|           if (! yyptr)
# 1224|             YYNOMEM;
# 1225|->         YYSTACK_RELOCATE (yyss_alloc, yyss);
# 1226|           YYSTACK_RELOCATE (yyvs_alloc, yyvs);
# 1227|   #  undef YYSTACK_RELOCATE

Error: GCC_ANALYZER_WARNING (CWE-457): [#def4]
chrony-4.8/getdate.c:1352:3: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*(unsigned int *)<unknown>’
chrony-4.8/getdate.c:1183:6: branch_false: following ‘false’ branch...
chrony-4.8/getdate.c:1247:6: branch_false: ...to here
chrony-4.8/getdate.c:1247:6: branch_false: following ‘false’ branch (when ‘gd_state != 2’)...
chrony-4.8/getdate.c:1250:3: branch_false: ...to here
chrony-4.8/getdate.c:1262:6: branch_true: following ‘true’ branch (when ‘yyn == -20’)...
chrony-4.8/getdate.c:1263:5: branch_true: ...to here
chrony-4.8/getdate.c:1332:6: branch_false: following ‘false’ branch (when ‘yyn != 0’)...
chrony-4.8/getdate.c:1334:3: branch_false: ...to here
chrony-4.8/getdate.c:1352:3: danger: use of uninitialized value ‘*(unsigned int *)<unknown>’ here
# 1350|        unconditionally makes the parser a bit smaller, and it avoids a
# 1351|        GCC warning that YYVAL may be used uninitialized.  */
# 1352|->   yyval = yyvsp[1-yylen];
# 1353|   
# 1354|   

Error: CPPCHECK_WARNING (CWE-457): [#def5]
chrony-4.8/hwclock.c:195: warning[uninitvar]: Uninitialized variable: min_delay
#  193|       }
#  194|   
#  195|->     if (i == 0 || min_delay > delay) {
#  196|         min_delay = delay;
#  197|         min_reading = i;

Error: CPPCHECK_WARNING (CWE-457): [#def6]
chrony-4.8/keys.c:336: error[uninitvar]: Uninitialized variable: buf
#  334|     switch (key->class) {
#  335|       case NTP_MAC:
#  336|->       return HSH_Hash(key->data.ntp_mac.hash_id, buf, 0, buf, 0, buf, sizeof (buf));
#  337|       case CMAC:
#  338|         return CMC_Hash(key->data.cmac, buf, 0, buf, sizeof (buf));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def7]
chrony-4.8/main.c:364:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[0]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_true: following ‘true’ branch (when ‘pid < 0’)...
chrony-4.8/main.c:364:5: branch_true: ...to here
chrony-4.8/main.c:364:5: danger: ‘pipefd[0]’ leaks here
#  362|   
#  363|     if (pid < 0) {
#  364|->     LOG_FATAL("fork() failed : %s", strerror(errno));
#  365|     } else if (pid > 0) {
#  366|       /* In the 'grandparent' */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def8]
chrony-4.8/main.c:364:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[1]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_true: following ‘true’ branch (when ‘pid < 0’)...
chrony-4.8/main.c:364:5: branch_true: ...to here
chrony-4.8/main.c:364:5: danger: ‘pipefd[1]’ leaks here
#  362|   
#  363|     if (pid < 0) {
#  364|->     LOG_FATAL("fork() failed : %s", strerror(errno));
#  365|     } else if (pid > 0) {
#  366|       /* In the 'grandparent' */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def9]
chrony-4.8/main.c:371:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[0]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_true: following ‘true’ branch (when ‘pid != 0’)...
chrony-4.8/main.c:371:5: branch_true: ...to here
chrony-4.8/main.c:371:5: danger: ‘pipefd[0]’ leaks here
#  369|   
#  370|       /* Don't exit before the 'parent' */
#  371|->     waitpid(pid, NULL, 0);
#  372|   
#  373|       r = read(pipefd[0], message, sizeof (message));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def10]
chrony-4.8/main.c:371:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[1]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_true: following ‘true’ branch (when ‘pid != 0’)...
chrony-4.8/main.c:371:5: branch_true: ...to here
chrony-4.8/main.c:371:5: danger: ‘pipefd[1]’ leaks here
#  369|   
#  370|       /* Don't exit before the 'parent' */
#  371|->     waitpid(pid, NULL, 0);
#  372|   
#  373|       r = read(pipefd[0], message, sizeof (message));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def11]
chrony-4.8/main.c:375:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[0]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_true: following ‘true’ branch (when ‘pid != 0’)...
chrony-4.8/main.c:371:5: branch_true: ...to here
chrony-4.8/main.c:375:5: danger: ‘pipefd[0]’ leaks here
#  373|       r = read(pipefd[0], message, sizeof (message));
#  374|   
#  375|->     close(pipefd[0]);
#  376|       close(pipefd[1]);
#  377|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def12]
chrony-4.8/main.c:375:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[1]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_true: following ‘true’ branch (when ‘pid != 0’)...
chrony-4.8/main.c:371:5: branch_true: ...to here
chrony-4.8/main.c:375:5: danger: ‘pipefd[1]’ leaks here
#  373|       r = read(pipefd[0], message, sizeof (message));
#  374|   
#  375|->     close(pipefd[0]);
#  376|       close(pipefd[1]);
#  377|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def13]
chrony-4.8/main.c:376:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[1]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_true: following ‘true’ branch (when ‘pid != 0’)...
chrony-4.8/main.c:371:5: branch_true: ...to here
chrony-4.8/main.c:376:5: danger: ‘pipefd[1]’ leaks here
#  374|   
#  375|       close(pipefd[0]);
#  376|->     close(pipefd[1]);
#  377|   
#  378|       if (r != 1 || message[0] != '\0') {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def14]
chrony-4.8/main.c:394:7: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[0]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_true: following ‘true’ branch (when ‘pid < 0’)...
chrony-4.8/main.c:394:7: branch_true: ...to here
chrony-4.8/main.c:394:7: danger: ‘pipefd[0]’ leaks here
#  392|   
#  393|       if (pid < 0) {
#  394|->       LOG_FATAL("fork() failed : %s", strerror(errno));
#  395|       } else if (pid > 0) {
#  396|         /* In the 'parent' */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def15]
chrony-4.8/main.c:394:7: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[1]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_true: following ‘true’ branch (when ‘pid < 0’)...
chrony-4.8/main.c:394:7: branch_true: ...to here
chrony-4.8/main.c:394:7: danger: ‘pipefd[1]’ leaks here
#  392|   
#  393|       if (pid < 0) {
#  394|->       LOG_FATAL("fork() failed : %s", strerror(errno));
#  395|       } else if (pid > 0) {
#  396|         /* In the 'parent' */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def16]
chrony-4.8/main.c:397:7: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[0]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:395:15: branch_false: ...to here
chrony-4.8/main.c:395:15: branch_true: following ‘true’ branch (when ‘pid != 0’)...
chrony-4.8/main.c:397:7: branch_true: ...to here
chrony-4.8/main.c:397:7: danger: ‘pipefd[0]’ leaks here
#  395|       } else if (pid > 0) {
#  396|         /* In the 'parent' */
#  397|->       close(pipefd[0]);
#  398|         close(pipefd[1]);
#  399|         exit(0);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def17]
chrony-4.8/main.c:397:7: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[1]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:395:15: branch_false: ...to here
chrony-4.8/main.c:395:15: branch_true: following ‘true’ branch (when ‘pid != 0’)...
chrony-4.8/main.c:397:7: branch_true: ...to here
chrony-4.8/main.c:397:7: danger: ‘pipefd[1]’ leaks here
#  395|       } else if (pid > 0) {
#  396|         /* In the 'parent' */
#  397|->       close(pipefd[0]);
#  398|         close(pipefd[1]);
#  399|         exit(0);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def18]
chrony-4.8/main.c:398:7: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[1]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:395:15: branch_false: ...to here
chrony-4.8/main.c:395:15: branch_true: following ‘true’ branch (when ‘pid != 0’)...
chrony-4.8/main.c:397:7: branch_true: ...to here
chrony-4.8/main.c:398:7: danger: ‘pipefd[1]’ leaks here
#  396|         /* In the 'parent' */
#  397|         close(pipefd[0]);
#  398|->       close(pipefd[1]);
#  399|         exit(0);
#  400|       } else {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def19]
chrony-4.8/main.c:405:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[0]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:395:15: branch_false: ...to here
chrony-4.8/main.c:395:15: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:404:11: branch_false: ...to here
chrony-4.8/main.c:404:10: branch_true: following ‘true’ branch...
chrony-4.8/main.c:405:9: branch_true: ...to here
chrony-4.8/main.c:405:9: danger: ‘pipefd[0]’ leaks here
#  403|         /* Change current directory to / */
#  404|         if (chdir("/") < 0) {
#  405|->         LOG_FATAL("chdir() failed : %s", strerror(errno));
#  406|         }
#  407|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def20]
chrony-4.8/main.c:405:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[1]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:395:15: branch_false: ...to here
chrony-4.8/main.c:395:15: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:404:11: branch_false: ...to here
chrony-4.8/main.c:404:10: branch_true: following ‘true’ branch...
chrony-4.8/main.c:405:9: branch_true: ...to here
chrony-4.8/main.c:405:9: danger: ‘pipefd[1]’ leaks here
#  403|         /* Change current directory to / */
#  404|         if (chdir("/") < 0) {
#  405|->         LOG_FATAL("chdir() failed : %s", strerror(errno));
#  406|         }
#  407|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def21]
chrony-4.8/main.c:411:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[0]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:395:15: branch_false: ...to here
chrony-4.8/main.c:395:15: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:404:11: branch_false: ...to here
chrony-4.8/main.c:404:10: branch_false: following ‘false’ branch...
 branch_false: ...to here
chrony-4.8/main.c:410:18: branch_true: following ‘true’ branch (when ‘fd != 1024’)...
chrony-4.8/main.c:411:19: branch_true: ...to here
chrony-4.8/main.c:410:18: branch_true: following ‘true’ branch (when ‘fd != 1024’)...
chrony-4.8/main.c:411:19: branch_true: ...to here
chrony-4.8/main.c:411:33: danger: ‘pipefd[0]’ leaks here
#  409|            the parent pipe yet, or reusable file descriptors. */
#  410|         for (fd=0; fd<1024; fd++) {
#  411|->         if (fd != pipefd[1] && !SCK_IsReusable(fd))
#  412|             close(fd);
#  413|         }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def22]
chrony-4.8/main.c:411:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[1]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:395:15: branch_false: ...to here
chrony-4.8/main.c:395:15: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:404:11: branch_false: ...to here
chrony-4.8/main.c:404:10: branch_false: following ‘false’ branch...
 branch_false: ...to here
chrony-4.8/main.c:410:18: branch_true: following ‘true’ branch (when ‘fd != 1024’)...
chrony-4.8/main.c:411:19: branch_true: ...to here
chrony-4.8/main.c:411:12: branch_true: following ‘true’ branch...
chrony-4.8/main.c:411:33: branch_true: ...to here
chrony-4.8/main.c:411:33: danger: ‘pipefd[1]’ leaks here
#  409|            the parent pipe yet, or reusable file descriptors. */
#  410|         for (fd=0; fd<1024; fd++) {
#  411|->         if (fd != pipefd[1] && !SCK_IsReusable(fd))
#  412|             close(fd);
#  413|         }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def23]
chrony-4.8/main.c:411:33: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[fd]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:395:15: branch_false: ...to here
chrony-4.8/main.c:395:15: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:404:11: branch_false: ...to here
chrony-4.8/main.c:404:10: branch_false: following ‘false’ branch...
 branch_false: ...to here
chrony-4.8/main.c:410:18: branch_true: following ‘true’ branch (when ‘fd != 1024’)...
chrony-4.8/main.c:411:19: branch_true: ...to here
chrony-4.8/main.c:411:12: branch_true: following ‘true’ branch...
chrony-4.8/main.c:411:33: branch_true: ...to here
chrony-4.8/main.c:411:33: danger: ‘pipefd[fd]’ leaks here
#  409|            the parent pipe yet, or reusable file descriptors. */
#  410|         for (fd=0; fd<1024; fd++) {
#  411|->         if (fd != pipefd[1] && !SCK_IsReusable(fd))
#  412|             close(fd);
#  413|         }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def24]
chrony-4.8/main.c:412:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[0]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:395:15: branch_false: ...to here
chrony-4.8/main.c:395:15: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:404:11: branch_false: ...to here
chrony-4.8/main.c:404:10: branch_false: following ‘false’ branch...
 branch_false: ...to here
chrony-4.8/main.c:410:18: branch_true: following ‘true’ branch (when ‘fd != 1024’)...
chrony-4.8/main.c:411:19: branch_true: ...to here
chrony-4.8/main.c:410:18: branch_true: following ‘true’ branch (when ‘fd != 1024’)...
chrony-4.8/main.c:411:19: branch_true: ...to here
chrony-4.8/main.c:412:11: danger: ‘pipefd[0]’ leaks here
#  410|         for (fd=0; fd<1024; fd++) {
#  411|           if (fd != pipefd[1] && !SCK_IsReusable(fd))
#  412|->           close(fd);
#  413|         }
#  414|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def25]
chrony-4.8/main.c:412:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[1]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:395:15: branch_false: ...to here
chrony-4.8/main.c:395:15: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:404:11: branch_false: ...to here
chrony-4.8/main.c:404:10: branch_false: following ‘false’ branch...
 branch_false: ...to here
chrony-4.8/main.c:410:18: branch_true: following ‘true’ branch (when ‘fd != 1024’)...
chrony-4.8/main.c:411:19: branch_true: ...to here
chrony-4.8/main.c:411:12: branch_true: following ‘true’ branch...
chrony-4.8/main.c:412:11: danger: ‘pipefd[1]’ leaks here
#  410|         for (fd=0; fd<1024; fd++) {
#  411|           if (fd != pipefd[1] && !SCK_IsReusable(fd))
#  412|->           close(fd);
#  413|         }
#  414|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def26]
chrony-4.8/main.c:412:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[fd]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:395:15: branch_false: ...to here
chrony-4.8/main.c:395:15: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:404:11: branch_false: ...to here
chrony-4.8/main.c:404:10: branch_false: following ‘false’ branch...
 branch_false: ...to here
chrony-4.8/main.c:410:18: branch_true: following ‘true’ branch (when ‘fd != 1024’)...
chrony-4.8/main.c:411:19: branch_true: ...to here
chrony-4.8/main.c:411:12: branch_true: following ‘true’ branch...
chrony-4.8/main.c:412:11: danger: ‘pipefd[fd]’ leaks here
#  410|         for (fd=0; fd<1024; fd++) {
#  411|           if (fd != pipefd[1] && !SCK_IsReusable(fd))
#  412|->           close(fd);
#  413|         }
#  414|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def27]
chrony-4.8/main.c:415:7: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[0]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:395:15: branch_false: ...to here
chrony-4.8/main.c:395:15: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:404:11: branch_false: ...to here
chrony-4.8/main.c:404:10: branch_false: following ‘false’ branch...
 branch_false: ...to here
chrony-4.8/main.c:410:18: branch_true: following ‘true’ branch (when ‘fd != 1024’)...
chrony-4.8/main.c:411:19: branch_true: ...to here
chrony-4.8/main.c:415:7: danger: ‘pipefd[0]’ leaks here
#  413|         }
#  414|   
#  415|->       LOG_SetParentFd(pipefd[1]);
#  416|   
#  417|         /* Open /dev/null as new stdin/out/err */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def28]
chrony-4.8/main.c:415:7: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[1]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:395:15: branch_false: ...to here
chrony-4.8/main.c:395:15: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:404:11: branch_false: ...to here
chrony-4.8/main.c:404:10: branch_false: following ‘false’ branch...
 branch_false: ...to here
chrony-4.8/main.c:410:18: branch_true: following ‘true’ branch (when ‘fd != 1024’)...
chrony-4.8/main.c:411:19: branch_true: ...to here
chrony-4.8/main.c:415:7: danger: ‘pipefd[1]’ leaks here
#  413|         }
#  414|   
#  415|->       LOG_SetParentFd(pipefd[1]);
#  416|   
#  417|         /* Open /dev/null as new stdin/out/err */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def29]
chrony-4.8/main.c:419:10: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 0)’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:395:15: branch_false: ...to here
chrony-4.8/main.c:395:15: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:404:11: branch_false: ...to here
chrony-4.8/main.c:404:10: branch_false: following ‘false’ branch...
 branch_false: ...to here
chrony-4.8/main.c:410:18: branch_true: following ‘true’ branch (when ‘fd != 1024’)...
chrony-4.8/main.c:411:19: branch_true: ...to here
chrony-4.8/main.c:419:11: acquire_resource: opened here
chrony-4.8/main.c:419:10: danger: ‘open("/dev/null", 0)’ leaks here; was opened at [(16)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/15)
#  417|         /* Open /dev/null as new stdin/out/err */
#  418|         errno = 0;
#  419|->       if (open(DEV_NULL, O_RDONLY) != STDIN_FILENO ||
#  420|             open(DEV_NULL, O_WRONLY) != STDOUT_FILENO ||
#  421|             open(DEV_NULL, O_RDWR) != STDERR_FILENO)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def30]
chrony-4.8/main.c:419:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 1)’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:395:15: branch_false: ...to here
chrony-4.8/main.c:395:15: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:404:11: branch_false: ...to here
chrony-4.8/main.c:404:10: branch_false: following ‘false’ branch...
 branch_false: ...to here
chrony-4.8/main.c:410:18: branch_true: following ‘true’ branch (when ‘fd != 1024’)...
chrony-4.8/main.c:411:19: branch_true: ...to here
chrony-4.8/main.c:419:10: branch_false: following ‘false’ branch...
chrony-4.8/main.c:420:11: branch_false: ...to here
chrony-4.8/main.c:420:11: acquire_resource: opened here
chrony-4.8/main.c:419:11: danger: ‘open("/dev/null", 1)’ leaks here; was opened at [(18)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/17)
#  417|         /* Open /dev/null as new stdin/out/err */
#  418|         errno = 0;
#  419|->       if (open(DEV_NULL, O_RDONLY) != STDIN_FILENO ||
#  420|             open(DEV_NULL, O_WRONLY) != STDOUT_FILENO ||
#  421|             open(DEV_NULL, O_RDWR) != STDERR_FILENO)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def31]
chrony-4.8/main.c:419:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open("/dev/null", 2)’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:395:15: branch_false: ...to here
chrony-4.8/main.c:395:15: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:404:11: branch_false: ...to here
chrony-4.8/main.c:404:10: branch_false: following ‘false’ branch...
 branch_false: ...to here
chrony-4.8/main.c:410:18: branch_true: following ‘true’ branch (when ‘fd != 1024’)...
chrony-4.8/main.c:411:19: branch_true: ...to here
chrony-4.8/main.c:419:10: branch_false: following ‘false’ branch...
chrony-4.8/main.c:420:11: branch_false: ...to here
chrony-4.8/main.c:419:11: branch_false: following ‘false’ branch...
chrony-4.8/main.c:421:11: branch_false: ...to here
chrony-4.8/main.c:421:11: acquire_resource: opened here
chrony-4.8/main.c:419:11: danger: ‘open("/dev/null", 2)’ leaks here; was opened at [(20)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/19)
#  417|         /* Open /dev/null as new stdin/out/err */
#  418|         errno = 0;
#  419|->       if (open(DEV_NULL, O_RDONLY) != STDIN_FILENO ||
#  420|             open(DEV_NULL, O_WRONLY) != STDOUT_FILENO ||
#  421|             open(DEV_NULL, O_RDWR) != STDERR_FILENO)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def32]
chrony-4.8/main.c:419:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[0]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:395:15: branch_false: ...to here
chrony-4.8/main.c:395:15: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:404:11: branch_false: ...to here
chrony-4.8/main.c:404:10: branch_false: following ‘false’ branch...
 branch_false: ...to here
chrony-4.8/main.c:410:18: branch_true: following ‘true’ branch (when ‘fd != 1024’)...
chrony-4.8/main.c:411:19: branch_true: ...to here
chrony-4.8/main.c:419:11: danger: ‘pipefd[0]’ leaks here
#  417|         /* Open /dev/null as new stdin/out/err */
#  418|         errno = 0;
#  419|->       if (open(DEV_NULL, O_RDONLY) != STDIN_FILENO ||
#  420|             open(DEV_NULL, O_WRONLY) != STDOUT_FILENO ||
#  421|             open(DEV_NULL, O_RDWR) != STDERR_FILENO)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def33]
chrony-4.8/main.c:420:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[0]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:395:15: branch_false: ...to here
chrony-4.8/main.c:395:15: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:404:11: branch_false: ...to here
chrony-4.8/main.c:404:10: branch_false: following ‘false’ branch...
 branch_false: ...to here
chrony-4.8/main.c:410:18: branch_true: following ‘true’ branch (when ‘fd != 1024’)...
chrony-4.8/main.c:411:19: branch_true: ...to here
chrony-4.8/main.c:419:10: branch_false: following ‘false’ branch...
chrony-4.8/main.c:420:11: branch_false: ...to here
chrony-4.8/main.c:420:11: danger: ‘pipefd[0]’ leaks here
#  418|         errno = 0;
#  419|         if (open(DEV_NULL, O_RDONLY) != STDIN_FILENO ||
#  420|->           open(DEV_NULL, O_WRONLY) != STDOUT_FILENO ||
#  421|             open(DEV_NULL, O_RDWR) != STDERR_FILENO)
#  422|           LOG_FATAL("Could not open %s : %s", DEV_NULL, strerror(errno));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def34]
chrony-4.8/main.c:421:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[0]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:395:15: branch_false: ...to here
chrony-4.8/main.c:395:15: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:404:11: branch_false: ...to here
chrony-4.8/main.c:404:10: branch_false: following ‘false’ branch...
 branch_false: ...to here
chrony-4.8/main.c:410:18: branch_true: following ‘true’ branch (when ‘fd != 1024’)...
chrony-4.8/main.c:411:19: branch_true: ...to here
chrony-4.8/main.c:419:10: branch_false: following ‘false’ branch...
chrony-4.8/main.c:420:11: branch_false: ...to here
chrony-4.8/main.c:419:11: branch_false: following ‘false’ branch...
chrony-4.8/main.c:421:11: branch_false: ...to here
chrony-4.8/main.c:421:11: danger: ‘pipefd[0]’ leaks here
#  419|         if (open(DEV_NULL, O_RDONLY) != STDIN_FILENO ||
#  420|             open(DEV_NULL, O_WRONLY) != STDOUT_FILENO ||
#  421|->           open(DEV_NULL, O_RDWR) != STDERR_FILENO)
#  422|           LOG_FATAL("Could not open %s : %s", DEV_NULL, strerror(errno));
#  423|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def35]
chrony-4.8/main.c:422:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[0]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:395:15: branch_false: ...to here
chrony-4.8/main.c:395:15: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:404:11: branch_false: ...to here
chrony-4.8/main.c:404:10: branch_false: following ‘false’ branch...
 branch_false: ...to here
chrony-4.8/main.c:410:18: branch_true: following ‘true’ branch (when ‘fd != 1024’)...
chrony-4.8/main.c:411:19: branch_true: ...to here
chrony-4.8/main.c:422:9: danger: ‘pipefd[0]’ leaks here
#  420|             open(DEV_NULL, O_WRONLY) != STDOUT_FILENO ||
#  421|             open(DEV_NULL, O_RDWR) != STDERR_FILENO)
#  422|->         LOG_FATAL("Could not open %s : %s", DEV_NULL, strerror(errno));
#  423|       }
#  424|     }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def36]
chrony-4.8/main.c:425:1: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘pipefd[0]’
chrony-4.8/main.c:356:6: branch_false: following ‘false’ branch...
chrony-4.8/main.c:361:9: branch_false: ...to here
chrony-4.8/main.c:363:6: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:365:13: branch_false: ...to here
chrony-4.8/main.c:365:13: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:388:5: branch_false: ...to here
chrony-4.8/main.c:393:8: branch_false: following ‘false’ branch (when ‘pid >= 0’)...
chrony-4.8/main.c:395:15: branch_false: ...to here
chrony-4.8/main.c:395:15: branch_false: following ‘false’ branch (when ‘pid == 0’)...
chrony-4.8/main.c:404:11: branch_false: ...to here
chrony-4.8/main.c:404:10: branch_false: following ‘false’ branch...
 branch_false: ...to here
chrony-4.8/main.c:410:18: branch_true: following ‘true’ branch (when ‘fd != 1024’)...
chrony-4.8/main.c:411:19: branch_true: ...to here
chrony-4.8/main.c:419:10: branch_false: following ‘false’ branch...
chrony-4.8/main.c:420:11: branch_false: ...to here
chrony-4.8/main.c:419:11: branch_false: following ‘false’ branch...
chrony-4.8/main.c:421:11: branch_false: ...to here
chrony-4.8/main.c:419:11: branch_false: following ‘false’ branch...
chrony-4.8/main.c:425:1: branch_false: ...to here
chrony-4.8/main.c:425:1: danger: ‘pipefd[0]’ leaks here
#  423|       }
#  424|     }
#  425|-> }
#  426|   
#  427|   /* ================================================== */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def37]
chrony-4.8/nameserv_async.c:117:3: warning[-Wanalyzer-fd-leak]: leak of file descriptor
chrony-4.8/nameserv_async.c:112:6: branch_false: following ‘false’ branch...
chrony-4.8/nameserv_async.c:116:3: branch_false: ...to here
chrony-4.8/nameserv_async.c:117:3: danger: leaks here
#  115|   
#  116|     UTI_FdSetCloexec(inst->pipe[0]);
#  117|->   UTI_FdSetCloexec(inst->pipe[1]);
#  118|   
#  119|     if (pthread_create(&inst->thread, NULL, start_resolving, inst)) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def38]
chrony-4.8/nameserv_async.c:117:3: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*<unknown>.pipe[0]’
chrony-4.8/nameserv_async.c:112:6: branch_false: following ‘false’ branch...
chrony-4.8/nameserv_async.c:116:3: branch_false: ...to here
chrony-4.8/nameserv_async.c:117:3: danger: ‘*<unknown>.pipe[0]’ leaks here
#  115|   
#  116|     UTI_FdSetCloexec(inst->pipe[0]);
#  117|->   UTI_FdSetCloexec(inst->pipe[1]);
#  118|   
#  119|     if (pthread_create(&inst->thread, NULL, start_resolving, inst)) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def39]
chrony-4.8/refclock_pps.c:67:3: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(RCL_GetDriverParameter(instance), 2)’
chrony-4.8/refclock_pps.c:63:8: acquire_resource: opened here
chrony-4.8/refclock_pps.c:64:6: branch_false: following ‘false’ branch...
chrony-4.8/refclock_pps.c:67:3: branch_false: ...to here
chrony-4.8/refclock_pps.c:67:3: danger: ‘open(RCL_GetDriverParameter(instance), 2)’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   65|       LOG_FATAL("Could not open %s : %s", path, strerror(errno));
#   66|   
#   67|->   UTI_FdSetCloexec(fd);
#   68|   
#   69|     if (time_pps_create(fd, &handle) < 0)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def40]
chrony-4.8/refclock_rtc.c:112:3: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(RCL_GetDriverParameter(instance), 0)’
chrony-4.8/refclock_rtc.c:102:6: branch_false: following ‘false’ branch...
chrony-4.8/refclock_rtc.c:107:11: acquire_resource: opened here
chrony-4.8/refclock_rtc.c:108:6: branch_false: following ‘false’ branch...
chrony-4.8/refclock_rtc.c:112:3: branch_false: ...to here
chrony-4.8/refclock_rtc.c:112:3: danger: ‘open(RCL_GetDriverParameter(instance), 0)’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  110|   
#  111|     /* Close on exec */
#  112|->   UTI_FdSetCloexec(rtcfd);
#  113|   
#  114|     rtc = MallocNew(struct refrtc_instance);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def41]
chrony-4.8/reference.c:523:7: warning[-Wanalyzer-malloc-leak]: leak of ‘popen(&buffer, "w")’
chrony-4.8/reference.c:495:6: branch_true: following ‘true’ branch...
chrony-4.8/reference.c:496:7: branch_true: ...to here
chrony-4.8/reference.c:495:7: branch_true: following ‘true’ branch...
chrony-4.8/reference.c:497:5: branch_true: ...to here
chrony-4.8/reference.c:498:9: acquire_memory: allocated here
chrony-4.8/reference.c:499:8: branch_true: following ‘true’ branch...
chrony-4.8/reference.c:500:11: branch_true: ...to here
chrony-4.8/reference.c:523:7: danger: ‘popen(&buffer, "w")’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  521|                 "  which exceeded the reporting threshold of %.3f seconds\n\n",
#  522|                 -offset, mail_change_threshold);
#  523|->       pclose(p);
#  524|       } else {
#  525|         LOG(LOGS_ERR, "Could not send mail notification to user %s\n",

Error: GCC_ANALYZER_WARNING (CWE-775): [#def42]
chrony-4.8/socket.c:256:7: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock_fd’
chrony-4.8/socket.c:1479:1: enter_function: entry to ‘SCK_OpenUnixStreamSocket’
chrony-4.8/socket.c:1481:10: call_function: calling ‘open_unix_socket’ from ‘SCK_OpenUnixStreamSocket’
#  254|   set_socket_nonblock(int sock_fd)
#  255|   {
#  256|->   if (fcntl(sock_fd, F_SETFL, O_NONBLOCK) < 0) {
#  257|       DEBUG_LOG("Could not set O_NONBLOCK : %s", strerror(errno));
#  258|       return 0;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def43]
chrony-4.8/socket.c:289:8: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock_fd’
chrony-4.8/socket.c:1479:1: enter_function: entry to ‘SCK_OpenUnixStreamSocket’
chrony-4.8/socket.c:1481:10: call_function: calling ‘open_unix_socket’ from ‘SCK_OpenUnixStreamSocket’
#  287|         (supported_socket_flags & SOCK_CLOEXEC) == 0 &&
#  288|   #endif
#  289|->       !UTI_FdSetCloexec(sock_fd))
#  290|       return 0;
#  291|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def44]
chrony-4.8/socket.c:612:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open_socket(1, type,  flags)’
chrony-4.8/socket.c:1479:1: enter_function: entry to ‘SCK_OpenUnixStreamSocket’
chrony-4.8/socket.c:1481:10: call_function: calling ‘open_unix_socket’ from ‘SCK_OpenUnixStreamSocket’
#  610|   
#  611|     if (len + 1 > sizeof (sa->sun_path)) {
#  612|->     DEBUG_LOG("Unix socket path %s too long", addr);
#  613|       return 0;
#  614|     }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def45]
chrony-4.8/socket.c:636:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open_socket(1, type,  flags)’
chrony-4.8/socket.c:1479:1: enter_function: entry to ‘SCK_OpenUnixStreamSocket’
chrony-4.8/socket.c:1481:10: call_function: calling ‘open_unix_socket’ from ‘SCK_OpenUnixStreamSocket’
#  634|   
#  635|     if (unlink(addr) < 0)
#  636|->     DEBUG_LOG("Could not remove %s : %s", addr, strerror(errno));
#  637|   
#  638|     /* PRV_BindSocket() doesn't support Unix sockets yet */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def46]
chrony-4.8/socket.c:659:7: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open_socket(1, type,  flags)’
chrony-4.8/socket.c:1479:1: enter_function: entry to ‘SCK_OpenUnixStreamSocket’
chrony-4.8/socket.c:1481:10: call_function: calling ‘open_unix_socket’ from ‘SCK_OpenUnixStreamSocket’
#  657|       return 0;
#  658|   
#  659|->   if (connect(sock_fd, &saddr.sa, saddr_len) < 0) {
#  660|       DEBUG_LOG("Could not connect Unix socket to %s : %s", addr, strerror(errno));
#  661|       return 0;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def47]
chrony-4.8/socket.c:689:3: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open_socket(1, type,  flags)’
chrony-4.8/socket.c:1479:1: enter_function: entry to ‘SCK_OpenUnixStreamSocket’
chrony-4.8/socket.c:1481:10: call_function: calling ‘open_unix_socket’ from ‘SCK_OpenUnixStreamSocket’
#  687|       goto error;
#  688|   
#  689|->   DEBUG_LOG("Opened Unix socket fd=%d%s%s%s%s",
#  690|               sock_fd,
#  691|               remote_addr ? " remote=" : "", remote_addr ? remote_addr : "",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def48]
chrony-4.8/util.c:1434:3: warning[-Wanalyzer-malloc-leak]: leak of ‘file’
chrony-4.8/util.c:1378:6: branch_false: following ‘false’ branch...
chrony-4.8/util.c:1381:3: branch_false: ...to here
chrony-4.8/util.c:1427:10: acquire_memory: allocated here
chrony-4.8/util.c:1428:6: branch_false: following ‘false’ branch (when ‘file’ is non-NULL)...
chrony-4.8/util.c:1434:3: branch_false: ...to here
chrony-4.8/util.c:1434:3: branch_true: following ‘true’ branch...
chrony-4.8/util.c:1434:3: branch_true: ...to here
chrony-4.8/util.c:1434:3: danger: ‘file’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
# 1432|     }
# 1433|   
# 1434|->   DEBUG_LOG("Opened %s fd=%d mode=%c", path, fd, mode);
# 1435|   
# 1436|     return file;

Scan Properties

analyzer-version-clippy1.90.0
analyzer-version-cppcheck2.18.3
analyzer-version-gcc15.2.1
analyzer-version-gcc-analyzer16.0.0
analyzer-version-shellcheck0.11.0
analyzer-version-unicontrol0.0.2
enabled-pluginsclippy, cppcheck, gcc, shellcheck, unicontrol
exit-code0
hostip-172-16-1-179.us-west-2.compute.internal
known-false-positives/usr/share/csmock/known-false-positives.js
known-false-positives-rpmknown-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
mock-configfedora-rawhide-gcc-latest-x86_64
project-namechrony-4.8-3.fc44
store-results-to/tmp/tmpoy342u62/chrony-4.8-3.fc44.tar.xz
time-created2025-10-28 17:40:29
time-finished2025-10-28 17:42:07
toolcsmock
tool-args'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'gcc,cppcheck,shellcheck,clippy,unicontrol' '-o' '/tmp/tmpoy342u62/chrony-4.8-3.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpoy342u62/chrony-4.8-3.fc44.src.rpm'
tool-versioncsmock-3.8.3.20251027.143044.ge6b947b-1.el9