Newly introduced findings

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1]
FreeRDP-3.16.0/libfreerdp/core/aad.c:339:13: warning[-Wanalyzer-malloc-leak]: leak of ‘Stream_New(0, 1024)’
FreeRDP-3.16.0/libfreerdp/core/aad.c:468:12: enter_function: entry to ‘aad_send_auth_request’
FreeRDP-3.16.0/libfreerdp/core/aad.c:478:22: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/aad.c:479:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:483:22: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:483:22: call_function: calling ‘aad_create_jws_header’ from ‘aad_send_auth_request’
#  337|   	size_t bufferlen = 0;
#  338|   	const int length =
#  339|-> 	    winpr_asprintf(&buffer, &bufferlen, "{\"alg\":\"RS256\",\"kid\":\"%s\"}", aad->kid);
#  340|   	if (length < 0)
#  341|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def2]
FreeRDP-3.16.0/libfreerdp/core/aad.c:343:28: warning[-Wanalyzer-malloc-leak]: leak of ‘Stream_New(0, 1024)’
FreeRDP-3.16.0/libfreerdp/core/aad.c:468:12: enter_function: entry to ‘aad_send_auth_request’
FreeRDP-3.16.0/libfreerdp/core/aad.c:478:22: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/aad.c:479:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:483:22: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:483:22: call_function: calling ‘aad_create_jws_header’ from ‘aad_send_auth_request’
#  341|   		return NULL;
#  342|   
#  343|-> 	char* jws_header = crypto_base64url_encode((const BYTE*)buffer, bufferlen);
#  344|   	free(buffer);
#  345|   	return jws_header;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def3]
FreeRDP-3.16.0/libfreerdp/core/aad.c:422:26: warning[-Wanalyzer-malloc-leak]: leak of ‘buffer’
FreeRDP-3.16.0/libfreerdp/core/aad.c:408:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:414:24: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:414:24: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/aad.c:415:12: branch_false: following ‘false’ branch (when ‘buffer’ is non-NULL)...
FreeRDP-3.16.0/libfreerdp/core/aad.c:421:16: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:422:26: danger: ‘buffer’ leaks here; was allocated at [(3)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/2)
#  420|   
#  421|   	size_t fsiglen = siglen;
#  422|-> 	const int dsf2 = winpr_DigestSign_Final(ctx, (BYTE*)buffer, &fsiglen);
#  423|   	if (dsf2 <= 0)
#  424|   	{

Error: GCC_ANALYZER_WARNING (CWE-401): [#def4]
FreeRDP-3.16.0/libfreerdp/core/aad.c:519:9: warning[-Wanalyzer-malloc-leak]: leak of ‘Stream_New(0, 1024)’
FreeRDP-3.16.0/libfreerdp/core/aad.c:478:22: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/aad.c:479:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:483:22: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:484:12: branch_true: following ‘true’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:485:17: branch_true: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:519:9: danger: ‘Stream_New(0, 1024)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/0)
#  517|   fail:
#  518|   	Stream_Free(s, TRUE);
#  519|-> 	free(jws_header);
#  520|   	free(jws_payload);
#  521|   	free(jws_signature);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def5]
FreeRDP-3.16.0/libfreerdp/core/aad.c:617:14: warning[-Wanalyzer-malloc-leak]: leak of ‘winpr_Digest_New()’
FreeRDP-3.16.0/libfreerdp/core/aad.c:610:36: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/aad.c:611:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:617:14: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:617:14: danger: ‘winpr_Digest_New()’ leaks here; was allocated at [(1)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/0)
#  615|   	}
#  616|   
#  617|-> 	if (!winpr_Digest_Init(digest, WINPR_MD_SHA256))
#  618|   	{
#  619|   		WLog_Print(aad->log, WLOG_ERROR, "winpr_Digest_Init(WINPR_MD_SHA256) failed");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def6]
FreeRDP-3.16.0/libfreerdp/core/aad.c:712:20: warning[-Wanalyzer-malloc-leak]: leak of ‘Stream_New(0, 1024)’
FreeRDP-3.16.0/libfreerdp/core/aad.c:468:12: enter_function: entry to ‘aad_send_auth_request’
FreeRDP-3.16.0/libfreerdp/core/aad.c:478:22: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/aad.c:479:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:483:22: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:483:22: call_function: calling ‘aad_create_jws_header’ from ‘aad_send_auth_request’
FreeRDP-3.16.0/libfreerdp/core/aad.c:483:22: return_function: returning to ‘aad_send_auth_request’ from ‘aad_create_jws_header’
FreeRDP-3.16.0/libfreerdp/core/aad.c:484:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:488:23: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:488:23: call_function: calling ‘aad_create_jws_payload’ from ‘aad_send_auth_request’
#  710|   
#  711|   	size_t len = 0;
#  712|-> 	BYTE* bn = freerdp_key_get_param(key, param, &len);
#  713|   	if (!bn)
#  714|   		return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def7]
FreeRDP-3.16.0/libfreerdp/core/aad.c:716:21: warning[-Wanalyzer-malloc-leak]: leak of ‘Stream_New(0, 1024)’
FreeRDP-3.16.0/libfreerdp/core/aad.c:468:12: enter_function: entry to ‘aad_send_auth_request’
FreeRDP-3.16.0/libfreerdp/core/aad.c:478:22: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/aad.c:479:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:483:22: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:483:22: call_function: calling ‘aad_create_jws_header’ from ‘aad_send_auth_request’
FreeRDP-3.16.0/libfreerdp/core/aad.c:483:22: return_function: returning to ‘aad_send_auth_request’ from ‘aad_create_jws_header’
FreeRDP-3.16.0/libfreerdp/core/aad.c:484:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:488:23: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:488:23: call_function: calling ‘aad_create_jws_payload’ from ‘aad_send_auth_request’
#  714|   		return NULL;
#  715|   
#  716|-> 	char* b64 = crypto_base64url_encode(bn, len);
#  717|   	free(bn);
#  718|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def8]
FreeRDP-3.16.0/libfreerdp/core/aad.c:720:17: warning[-Wanalyzer-malloc-leak]: leak of ‘Stream_New(0, 1024)’
FreeRDP-3.16.0/libfreerdp/core/aad.c:468:12: enter_function: entry to ‘aad_send_auth_request’
FreeRDP-3.16.0/libfreerdp/core/aad.c:478:22: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/aad.c:479:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:483:22: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:483:22: call_function: calling ‘aad_create_jws_header’ from ‘aad_send_auth_request’
FreeRDP-3.16.0/libfreerdp/core/aad.c:483:22: return_function: returning to ‘aad_send_auth_request’ from ‘aad_create_jws_header’
FreeRDP-3.16.0/libfreerdp/core/aad.c:484:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:488:23: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:488:23: call_function: calling ‘aad_create_jws_payload’ from ‘aad_send_auth_request’
#  718|   
#  719|   	if (!b64)
#  720|-> 		WLog_Print(wlog, WLOG_ERROR, "failed  base64 url encode BIGNUM");
#  721|   
#  722|   	return b64;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def9]
FreeRDP-3.16.0/libfreerdp/core/aad.c:742:17: warning[-Wanalyzer-malloc-leak]: leak of ‘Stream_New(0, 1024)’
FreeRDP-3.16.0/libfreerdp/core/aad.c:468:12: enter_function: entry to ‘aad_send_auth_request’
FreeRDP-3.16.0/libfreerdp/core/aad.c:478:22: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/aad.c:479:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:483:22: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:483:22: call_function: calling ‘aad_create_jws_header’ from ‘aad_send_auth_request’
FreeRDP-3.16.0/libfreerdp/core/aad.c:483:22: return_function: returning to ‘aad_send_auth_request’ from ‘aad_create_jws_header’
FreeRDP-3.16.0/libfreerdp/core/aad.c:484:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:488:23: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:488:23: call_function: calling ‘aad_create_jws_payload’ from ‘aad_send_auth_request’
#  740|   	if (!e)
#  741|   	{
#  742|-> 		WLog_Print(wlog, WLOG_ERROR, "failed  base64 url encode RSA E");
#  743|   		goto fail;
#  744|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def10]
FreeRDP-3.16.0/libfreerdp/core/aad.c:799:20: warning[-Wanalyzer-malloc-leak]: leak of ‘aad’
FreeRDP-3.16.0/libfreerdp/core/aad.c:794:32: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/aad.c:796:12: branch_false: following ‘false’ branch (when ‘aad’ is non-NULL)...
FreeRDP-3.16.0/libfreerdp/core/aad.c:799:20: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:799:20: danger: ‘aad’ leaks here; was allocated at [(1)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/0)
#  797|   		return NULL;
#  798|   
#  799|-> 	aad->log = WLog_Get(FREERDP_TAG("aad"));
#  800|   	aad->key = freerdp_key_new();
#  801|   	if (!aad->key)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def11]
FreeRDP-3.16.0/libfreerdp/core/aad.c:800:20: warning[-Wanalyzer-malloc-leak]: leak of ‘aad’
FreeRDP-3.16.0/libfreerdp/core/aad.c:794:32: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/aad.c:796:12: branch_false: following ‘false’ branch (when ‘aad’ is non-NULL)...
FreeRDP-3.16.0/libfreerdp/core/aad.c:799:20: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:800:20: danger: ‘aad’ leaks here; was allocated at [(1)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/0)
#  798|   
#  799|   	aad->log = WLog_Get(FREERDP_TAG("aad"));
#  800|-> 	aad->key = freerdp_key_new();
#  801|   	if (!aad->key)
#  802|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def12]
FreeRDP-3.16.0/libfreerdp/core/aad.c:859:29: warning[-Wanalyzer-malloc-leak]: leak of ‘WINPR_JSON_ParseWithLength(data,  length)’
FreeRDP-3.16.0/libfreerdp/core/aad.c:851:28: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/aad.c:852:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:859:29: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:859:29: danger: ‘WINPR_JSON_ParseWithLength(data,  length)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/32/codeFlows/0/threadFlows/0/locations/0)
#  857|   	}
#  858|   
#  859|-> 	access_token_prop = WINPR_JSON_GetObjectItem(json, "access_token");
#  860|   	if (!access_token_prop)
#  861|   	{

Error: GCC_ANALYZER_WARNING (CWE-401): [#def13]
FreeRDP-3.16.0/libfreerdp/core/aad.c:862:17: warning[-Wanalyzer-malloc-leak]: leak of ‘WINPR_JSON_ParseWithLength(data,  length)’
FreeRDP-3.16.0/libfreerdp/core/aad.c:851:28: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/aad.c:852:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:859:29: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:860:12: branch_true: following ‘true’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:862:17: branch_true: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:862:17: danger: ‘WINPR_JSON_ParseWithLength(data,  length)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/33/codeFlows/0/threadFlows/0/locations/0)
#  860|   	if (!access_token_prop)
#  861|   	{
#  862|-> 		WLog_Print(log, WLOG_ERROR, "Response has no \"access_token\" property");
#  863|   		goto cleanup;
#  864|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def14]
FreeRDP-3.16.0/libfreerdp/core/aad.c:866:28: warning[-Wanalyzer-malloc-leak]: leak of ‘WINPR_JSON_ParseWithLength(data,  length)’
FreeRDP-3.16.0/libfreerdp/core/aad.c:851:28: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/aad.c:852:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:859:29: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:860:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:866:28: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:866:28: danger: ‘WINPR_JSON_ParseWithLength(data,  length)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/35/codeFlows/0/threadFlows/0/locations/0)
#  864|   	}
#  865|   
#  866|-> 	access_token_str = WINPR_JSON_GetStringValue(access_token_prop);
#  867|   	if (!access_token_str)
#  868|   	{

Error: GCC_ANALYZER_WARNING (CWE-401): [#def15]
FreeRDP-3.16.0/libfreerdp/core/aad.c:869:17: warning[-Wanalyzer-malloc-leak]: leak of ‘WINPR_JSON_ParseWithLength(data,  length)’
FreeRDP-3.16.0/libfreerdp/core/aad.c:851:28: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/aad.c:852:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:859:29: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:860:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:866:28: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:867:12: branch_true: following ‘true’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:869:17: branch_true: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:869:17: danger: ‘WINPR_JSON_ParseWithLength(data,  length)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/36/codeFlows/0/threadFlows/0/locations/0)
#  867|   	if (!access_token_str)
#  868|   	{
#  869|-> 		WLog_Print(log, WLOG_ERROR, "Invalid value for \"access_token\"");
#  870|   		goto cleanup;
#  871|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def16]
FreeRDP-3.16.0/libfreerdp/core/aad.c:873:17: warning[-Wanalyzer-malloc-leak]: leak of ‘WINPR_JSON_ParseWithLength(data,  length)’
FreeRDP-3.16.0/libfreerdp/core/aad.c:851:28: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/aad.c:852:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:859:29: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:860:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:866:28: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:867:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:873:17: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:873:17: danger: ‘WINPR_JSON_ParseWithLength(data,  length)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/38/codeFlows/0/threadFlows/0/locations/0)
#  871|   	}
#  872|   
#  873|-> 	token = _strdup(access_token_str);
#  874|   
#  875|   cleanup:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def17]
FreeRDP-3.16.0/libfreerdp/core/aad.c:876:9: warning[-Wanalyzer-malloc-leak]: leak of ‘token’
FreeRDP-3.16.0/libfreerdp/core/aad.c:852:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:859:29: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:860:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:866:28: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:867:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:873:17: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:873:17: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/aad.c:876:9: danger: ‘token’ leaks here; was allocated at [(7)](sarif:/runs/0/results/39/codeFlows/0/threadFlows/0/locations/6)
#  874|   
#  875|   cleanup:
#  876|-> 	WINPR_JSON_Delete(json);
#  877|   	return token;
#  878|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def18]
FreeRDP-3.16.0/libfreerdp/core/aad.c:877:16: warning[-Wanalyzer-malloc-leak]: leak of ‘WINPR_JSON_ParseWithLength(data,  length)’
FreeRDP-3.16.0/libfreerdp/core/aad.c:851:28: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/aad.c:852:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:859:29: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:860:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:866:28: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:867:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:873:17: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:877:16: danger: ‘WINPR_JSON_ParseWithLength(data,  length)’ leaks here; was allocated at [(1)](sarif:/runs/0/results/40/codeFlows/0/threadFlows/0/locations/0)
#  875|   cleanup:
#  876|   	WINPR_JSON_Delete(json);
#  877|-> 	return token;
#  878|   }
#  879|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def19]
FreeRDP-3.16.0/libfreerdp/core/aad.c:898:16: warning[-Wanalyzer-malloc-leak]: leak of ‘**context.rdp.wellknown’
FreeRDP-3.16.0/libfreerdp/core/aad.c:880:6: enter_function: entry to ‘aad_fetch_wellknown’
FreeRDP-3.16.0/libfreerdp/core/aad.c:887:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:891:41: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:897:26: call_function: calling ‘freerdp_utils_aad_get_wellknown’ from ‘aad_fetch_wellknown’
FreeRDP-3.16.0/libfreerdp/core/aad.c:897:26: return_function: returning to ‘aad_fetch_wellknown’ from ‘freerdp_utils_aad_get_wellknown’
FreeRDP-3.16.0/libfreerdp/core/aad.c:898:16: danger: ‘**context.rdp.wellknown’ leaks here; was allocated at [(10)](sarif:/runs/0/results/46/codeFlows/0/threadFlows/0/locations/9)
#  896|   		tenantid = freerdp_settings_get_string(context->settings, FreeRDP_GatewayAvdAadtenantid);
#  897|   	rdp->wellknown = freerdp_utils_aad_get_wellknown(log, base, tenantid);
#  898|-> 	return rdp->wellknown ? TRUE : FALSE;
#  899|   }
#  900|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def20]
FreeRDP-3.16.0/libfreerdp/core/aad.c:898:16: warning[-Wanalyzer-malloc-leak]: leak of ‘freerdp_utils_aad_get_wellknown(log,  freerdp_settings_get_string(*context.settings, 2014), tenantid)’
FreeRDP-3.16.0/libfreerdp/core/aad.c:880:6: enter_function: entry to ‘aad_fetch_wellknown’
FreeRDP-3.16.0/libfreerdp/core/aad.c:887:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:891:41: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:897:26: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/aad.c:897:26: call_function: calling ‘freerdp_utils_aad_get_wellknown’ from ‘aad_fetch_wellknown’
#  896|   		tenantid = freerdp_settings_get_string(context->settings, FreeRDP_GatewayAvdAadtenantid);
#  897|   	rdp->wellknown = freerdp_utils_aad_get_wellknown(log, base, tenantid);
#  898|-> 	return rdp->wellknown ? TRUE : FALSE;
#  899|   }
#  900|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def21]
FreeRDP-3.16.0/libfreerdp/core/aad.c:1005:13: warning[-Wanalyzer-malloc-leak]: leak of ‘freerdp_utils_aad_get_wellknown(log,  freerdp_settings_get_string(*context.settings, 2014), tenantid)’
FreeRDP-3.16.0/libfreerdp/core/aad.c:880:6: enter_function: entry to ‘aad_fetch_wellknown’
FreeRDP-3.16.0/libfreerdp/core/aad.c:887:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/aad.c:891:41: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/aad.c:897:26: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/aad.c:897:26: call_function: calling ‘freerdp_utils_aad_get_wellknown’ from ‘aad_fetch_wellknown’
# 1003|   	               tenantid);
# 1004|   
# 1005|-> 	if (!str)
# 1006|   	{
# 1007|   		WLog_Print(log, WLOG_ERROR, "failed to create request URL for tenantid='%s'", tenantid);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def22]
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:309:9: warning[-Wanalyzer-malloc-leak]: leak of ‘Stream_New(0, strnlen(&chunkSize, 11) + *sPacket.length + 2)’
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1524:13: enter_function: entry to ‘rdg_tunnel_connect’
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1528:9: call_function: calling ‘rdg_send_handshake’ from ‘rdg_tunnel_connect’
#  307|   	Stream_Write(sChunk, Stream_Buffer(sPacket), Stream_Length(sPacket));
#  308|   	Stream_Write(sChunk, "\r\n", 2);
#  309|-> 	Stream_SealLength(sChunk);
#  310|   	len = Stream_Length(sChunk);
#  311|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def23]
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:345:24: warning[-Wanalyzer-malloc-leak]: leak of ‘Stream_New(0, payloadSize)’
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1780:13: enter_function: entry to ‘rdg_process_control_packet’
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1787:12: branch_false: following ‘false’ branch (when ‘packetLength > 7’)...
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1793:12: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1793:12: branch_true: following ‘true’ branch (when ‘payloadSize != 0’)...
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1795:21: branch_true: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1795:21: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1797:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1800:24: branch_true: following ‘true’ branch (when ‘readCount < payloadSize’)...
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1802:29: call_function: inlined call to ‘rdg_shall_abort’ from ‘rdg_process_control_packet’
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1802:28: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1807:34: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1807:34: call_function: calling ‘rdg_socket_read’ from ‘rdg_process_control_packet’
#  343|   
#  344|   	if (encodingContext->isWebsocketTransport)
#  345|-> 		return websocket_context_read(encodingContext->context.websocket, bio, pBuffer, size);
#  346|   
#  347|   	switch (encodingContext->httpTransferEncoding)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def24]
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:350:25: warning[-Wanalyzer-malloc-leak]: leak of ‘Stream_New(0, payloadSize)’
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1780:13: enter_function: entry to ‘rdg_process_control_packet’
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1787:12: branch_false: following ‘false’ branch (when ‘packetLength > 7’)...
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1793:12: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1793:12: branch_true: following ‘true’ branch (when ‘payloadSize != 0’)...
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1795:21: branch_true: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1795:21: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1797:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1800:24: branch_true: following ‘true’ branch (when ‘readCount < payloadSize’)...
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1802:29: call_function: inlined call to ‘rdg_shall_abort’ from ‘rdg_process_control_packet’
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1802:28: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1807:34: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rdg.c:1807:34: call_function: calling ‘rdg_socket_read’ from ‘rdg_process_control_packet’
#  348|   	{
#  349|   		case TransferEncodingIdentity:
#  350|-> 			ERR_clear_error();
#  351|   			return BIO_read(bio, pBuffer, (int)size);
#  352|   		case TransferEncodingChunked:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def25]
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:251:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:193:12: branch_false: following ‘false’ branch (when ‘initial == 0’)...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:196:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:200:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:203:27: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:206:9: branch_false: following ‘false’ branch (when ‘initial == 0’)...
 branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:219:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:223:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:228:42: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:230:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:233:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:243:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:246:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:251:13: danger: ‘<unknown>’ leaks here; was allocated at [(9)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/8)
#  249|   
#  250|   	bind_pdu.auth_verifier.auth_type =
#  251|-> 	    rpc_auth_pkg_to_security_provider(credssp_auth_pkg_name(rpc->auth));
#  252|   	bind_pdu.auth_verifier.auth_level = RPC_C_AUTHN_LEVEL_PKT_INTEGRITY;
#  253|   	bind_pdu.auth_verifier.auth_reserved = 0x00;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def26]
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:251:13: warning[-Wanalyzer-malloc-leak]: leak of ‘bind_pdu.p_context_elem.p_cont_elem’
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:193:12: branch_false: following ‘false’ branch (when ‘initial == 0’)...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:196:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:200:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:203:27: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:206:9: branch_false: following ‘false’ branch (when ‘initial == 0’)...
 branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:217:13: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:219:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:223:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:230:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:233:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:243:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:246:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:251:13: danger: ‘bind_pdu.p_context_elem.p_cont_elem’ leaks here; was allocated at [(7)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/6)
#  249|   
#  250|   	bind_pdu.auth_verifier.auth_type =
#  251|-> 	    rpc_auth_pkg_to_security_provider(credssp_auth_pkg_name(rpc->auth));
#  252|   	bind_pdu.auth_verifier.auth_level = RPC_C_AUTHN_LEVEL_PKT_INTEGRITY;
#  253|   	bind_pdu.auth_verifier.auth_reserved = 0x00;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def27]
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:260:18: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:193:12: branch_false: following ‘false’ branch (when ‘initial == 0’)...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:196:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:200:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:203:27: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:206:9: branch_false: following ‘false’ branch (when ‘initial == 0’)...
 branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:219:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:223:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:228:42: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:230:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:233:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:243:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:246:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:260:18: danger: ‘<unknown>’ leaks here; was allocated at [(9)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/8)
#  258|   	bind_pdu.header.frag_length = (UINT16)offset;
#  259|   
#  260|-> 	buffer = Stream_New(NULL, bind_pdu.header.frag_length);
#  261|   
#  262|   	if (!buffer)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def28]
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:260:18: warning[-Wanalyzer-malloc-leak]: leak of ‘bind_pdu.p_context_elem.p_cont_elem’
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:193:12: branch_false: following ‘false’ branch (when ‘initial == 0’)...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:196:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:200:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:203:27: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:206:9: branch_false: following ‘false’ branch (when ‘initial == 0’)...
 branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:217:13: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:219:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:223:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:230:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:233:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:243:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:246:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:260:18: danger: ‘bind_pdu.p_context_elem.p_cont_elem’ leaks here; was allocated at [(7)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/6)
#  258|   	bind_pdu.header.frag_length = (UINT16)offset;
#  259|   
#  260|-> 	buffer = Stream_New(NULL, bind_pdu.header.frag_length);
#  261|   
#  262|   	if (!buffer)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def29]
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:265:14: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:193:12: branch_false: following ‘false’ branch (when ‘initial == 0’)...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:196:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:200:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:203:27: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:206:9: branch_false: following ‘false’ branch (when ‘initial == 0’)...
 branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:219:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:223:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:228:42: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:230:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:233:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:243:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:246:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:262:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:265:14: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:265:14: danger: ‘<unknown>’ leaks here; was allocated at [(9)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/8)
#  263|   		goto fail;
#  264|   
#  265|-> 	if (!rts_write_pdu_bind(buffer, &bind_pdu))
#  266|   		goto fail;
#  267|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def30]
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:265:14: warning[-Wanalyzer-malloc-leak]: leak of ‘Stream_New(0, (long unsigned int)(bind_pdu.header.auth_length + 124))’
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:193:12: branch_false: following ‘false’ branch (when ‘initial == 0’)...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:196:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:200:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:203:27: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:206:9: branch_false: following ‘false’ branch (when ‘initial == 0’)...
 branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:219:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:223:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:230:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:233:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:243:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:246:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:260:18: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:262:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:265:14: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:265:14: danger: ‘Stream_New(0, (long unsigned int)(bind_pdu.header.auth_length + 124))’ leaks here; was allocated at [(13)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/12)
#  263|   		goto fail;
#  264|   
#  265|-> 	if (!rts_write_pdu_bind(buffer, &bind_pdu))
#  266|   		goto fail;
#  267|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def31]
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:265:14: warning[-Wanalyzer-malloc-leak]: leak of ‘bind_pdu.p_context_elem.p_cont_elem’
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:193:12: branch_false: following ‘false’ branch (when ‘initial == 0’)...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:196:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:200:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:203:27: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:206:9: branch_false: following ‘false’ branch (when ‘initial == 0’)...
 branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:217:13: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:219:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:223:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:230:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:233:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:243:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:246:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:262:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:265:14: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:265:14: danger: ‘bind_pdu.p_context_elem.p_cont_elem’ leaks here; was allocated at [(7)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/6)
#  263|   		goto fail;
#  264|   
#  265|-> 	if (!rts_write_pdu_bind(buffer, &bind_pdu))
#  266|   		goto fail;
#  267|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def32]
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:273:14: warning[-Wanalyzer-malloc-leak]: leak of ‘rpc_client_call_new(bind_pdu.header.call_id, 0)’
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:193:12: branch_false: following ‘false’ branch (when ‘initial == 0’)...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:196:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:200:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:203:27: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:206:9: branch_false: following ‘false’ branch (when ‘initial == 0’)...
 branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:219:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:223:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:230:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:233:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:243:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:246:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:262:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:265:14: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:265:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:268:22: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:268:22: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:270:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:273:31: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:273:14: danger: ‘rpc_client_call_new(bind_pdu.header.call_id, 0)’ leaks here; was allocated at [(17)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/16)
#  271|   		goto fail;
#  272|   
#  273|-> 	if (!ArrayList_Append(rpc->client->ClientCallList, clientCall))
#  274|   	{
#  275|   		rpc_client_call_free(clientCall);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def33]
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:273:31: warning[-Wanalyzer-malloc-leak]: leak of ‘rpc_client_call_new(bind_pdu.header.call_id, 0)’
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:193:12: branch_false: following ‘false’ branch (when ‘initial == 0’)...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:196:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:200:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:203:27: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:206:9: branch_false: following ‘false’ branch (when ‘initial == 0’)...
 branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:219:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:223:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:230:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:233:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:243:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:246:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:262:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:265:14: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:265:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:268:22: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:268:22: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:270:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:273:31: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:273:31: danger: ‘rpc_client_call_new(bind_pdu.header.call_id, 0)’ leaks here; was allocated at [(17)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/16)
#  271|   		goto fail;
#  272|   
#  273|-> 	if (!ArrayList_Append(rpc->client->ClientCallList, clientCall))
#  274|   	{
#  275|   		rpc_client_call_free(clientCall);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def34]
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:276:17: warning[-Wanalyzer-malloc-leak]: leak of ‘rpc_client_call_new(bind_pdu.header.call_id, 0)’
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:193:12: branch_false: following ‘false’ branch (when ‘initial == 0’)...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:196:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:200:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:203:27: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:206:9: branch_false: following ‘false’ branch (when ‘initial == 0’)...
 branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:219:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:223:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:230:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:233:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:243:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:246:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:262:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:265:14: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:265:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:268:22: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:268:22: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:270:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:273:31: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:273:12: branch_true: following ‘true’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:275:17: branch_true: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:276:17: danger: ‘rpc_client_call_new(bind_pdu.header.call_id, 0)’ leaks here; was allocated at [(17)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/16)
#  274|   	{
#  275|   		rpc_client_call_free(clientCall);
#  276|-> 		goto fail;
#  277|   	}
#  278|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def35]
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:357:9: warning[-Wanalyzer-malloc-leak]: leak of ‘buffer.pvBuffer’
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:336:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:339:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:353:27: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:354:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:356:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:357:9: danger: ‘buffer.pvBuffer’ leaks here; was allocated at [(3)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/2)
#  355|   		goto fail;
#  356|   	memcpy(buffer.pvBuffer, auth_data, buffer.cbBuffer);
#  357|-> 	credssp_auth_take_input_buffer(rpc->auth, &buffer);
#  358|   
#  359|   	if (credssp_auth_authenticate(rpc->auth) < 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def36]
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:429:14: warning[-Wanalyzer-malloc-leak]: leak of ‘Stream_New(0, (long unsigned int)((int)auth_3_pdu.header.auth_length + 8) + offset & 65535)’
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:398:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:401:29: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:424:18: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:426:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:429:14: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:429:14: danger: ‘Stream_New(0, (long unsigned int)((int)auth_3_pdu.header.auth_length + 8) + offset & 65535)’ leaks here; was allocated at [(3)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/2)
#  427|   		return -1;
#  428|   
#  429|-> 	if (!rts_write_pdu_auth3(buffer, &auth_3_pdu))
#  430|   		goto fail;
#  431|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def37]
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:434:12: warning[-Wanalyzer-malloc-leak]: leak of ‘rpc_client_call_new(auth_3_pdu.header.call_id, 0)’
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:398:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:401:29: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:426:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:429:14: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:429:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:432:22: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:432:22: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/gateway/rpc_bind.c:434:12: danger: ‘rpc_client_call_new(auth_3_pdu.header.call_id, 0)’ leaks here; was allocated at [(7)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/6)
#  432|   	clientCall = rpc_client_call_new(auth_3_pdu.header.call_id, 0);
#  433|   
#  434|-> 	if (ArrayList_Append(rpc->client->ClientCallList, clientCall))
#  435|   	{
#  436|   		Stream_SealLength(buffer);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def38]
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:334:14: warning[-Wanalyzer-malloc-leak]: leak of ‘Stream_New(0, (_wcslen(*tsg.Hostname) + 31) * 2)’
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2027:13: enter_function: entry to ‘TsProxyCreateChannelWriteRequest’
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2034:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2039:12: branch_false: following ‘false’ branch (when ‘count <= 4294967295’)...
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2042:39: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2042:22: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2043:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2047:14: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2047:14: call_function: calling ‘TsProxyWriteTunnelContext’ from ‘TsProxyCreateChannelWriteRequest’
#  332|                                         const CONTEXT_HANDLE* tunnelContext)
#  333|   {
#  334|-> 	if (!Stream_EnsureRemainingCapacity(s, 20))
#  335|   		return FALSE;
#  336|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def39]
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:334:14: warning[-Wanalyzer-malloc-leak]: leak of ‘Stream_New(0, (_wcslen(*tsg.MachineName) + 513) * 2)’
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:1732:13: enter_function: entry to ‘TsProxyAuthorizeTunnelWriteRequest’
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:1740:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:1744:12: branch_false: following ‘false’ branch (when ‘count <= 4294967295’)...
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:1747:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:1749:13: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:1751:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:1754:14: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:1754:14: call_function: calling ‘TsProxyWriteTunnelContext’ from ‘TsProxyAuthorizeTunnelWriteRequest’
#  332|                                         const CONTEXT_HANDLE* tunnelContext)
#  333|   {
#  334|-> 	if (!Stream_EnsureRemainingCapacity(s, 20))
#  335|   		return FALSE;
#  336|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def40]
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:334:14: warning[-Wanalyzer-malloc-leak]: leak of ‘Stream_New(0, 20)’
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2162:13: enter_function: entry to ‘TsProxyCloseTunnelWriteRequest’
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2172:22: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2174:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2178:14: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2178:14: call_function: calling ‘TsProxyWriteTunnelContext’ from ‘TsProxyCloseTunnelWriteRequest’
#  332|                                         const CONTEXT_HANDLE* tunnelContext)
#  333|   {
#  334|-> 	if (!Stream_EnsureRemainingCapacity(s, 20))
#  335|   		return FALSE;
#  336|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def41]
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:334:14: warning[-Wanalyzer-malloc-leak]: leak of ‘Stream_New(0, 40)’
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:1889:13: enter_function: entry to ‘TsProxyMakeTunnelCallWriteRequest’
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:1895:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:1900:13: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:1902:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:1906:16: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:1907:14: call_function: calling ‘TsProxyWriteTunnelContext’ from ‘TsProxyMakeTunnelCallWriteRequest’
#  332|                                         const CONTEXT_HANDLE* tunnelContext)
#  333|   {
#  334|-> 	if (!Stream_EnsureRemainingCapacity(s, 20))
#  335|   		return FALSE;
#  336|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def42]
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:334:14: warning[-Wanalyzer-malloc-leak]: leak of ‘Stream_New(0, length)’
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2849:12: enter_function: entry to ‘tsg_write’
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2853:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2856:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2862:18: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2862:18: call_function: calling ‘TsProxySendToServer’ from ‘tsg_write’
#  332|                                         const CONTEXT_HANDLE* tunnelContext)
#  333|   {
#  334|-> 	if (!Stream_EnsureRemainingCapacity(s, 20))
#  335|   		return FALSE;
#  336|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def43]
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:351:14: warning[-Wanalyzer-malloc-leak]: leak of ‘Stream_New(0, 108)’
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2284:6: enter_function: entry to ‘tsg_proxy_begin’
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2292:14: call_function: calling ‘TsProxyCreateTunnelWriteRequest’ from ‘tsg_proxy_begin’
#  349|   	if (!s)
#  350|   		return FALSE;
#  351|-> 	if (!Stream_EnsureRemainingCapacity(s, 4))
#  352|   		return FALSE;
#  353|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def44]
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2876:20: warning[-Wanalyzer-malloc-leak]: leak of ‘tsg’
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2872:32: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2874:12: branch_false: following ‘false’ branch (when ‘tsg’ is non-NULL)...
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2876:20: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2876:20: danger: ‘tsg’ leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
# 2874|   	if (!tsg)
# 2875|   		return NULL;
# 2876|-> 	tsg->log = WLog_Get(TAG);
# 2877|   	tsg->transport = transport;
# 2878|   	tsg->rpc = rpc_new(tsg->transport);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def45]
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2878:20: warning[-Wanalyzer-malloc-leak]: leak of ‘tsg’
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2872:32: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2874:12: branch_false: following ‘false’ branch (when ‘tsg’ is non-NULL)...
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2876:20: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/gateway/tsg.c:2878:20: danger: ‘tsg’ leaks here; was allocated at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
# 2876|   	tsg->log = WLog_Get(TAG);
# 2877|   	tsg->transport = transport;
# 2878|-> 	tsg->rpc = rpc_new(tsg->transport);
# 2879|   
# 2880|   	if (!tsg->rpc)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def46]
FreeRDP-3.16.0/libfreerdp/core/timer.c:272:26: warning[-Wanalyzer-malloc-leak]: leak of ‘timer’
FreeRDP-3.16.0/libfreerdp/core/timer.c:267:31: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/timer.c:268:12: branch_false: following ‘false’ branch (when ‘timer’ is non-NULL)...
FreeRDP-3.16.0/libfreerdp/core/timer.c:270:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:272:26: danger: ‘timer’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  270|   	timer->rdp = rdp;
#  271|   
#  272|-> 	timer->entries = ArrayList_New(TRUE);
#  273|   	if (!timer->entries)
#  274|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def47]
FreeRDP-3.16.0/libfreerdp/core/timer.c:275:24: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
FreeRDP-3.16.0/libfreerdp/core/timer.c:268:12: branch_false: following ‘false’ branch (when ‘timer’ is non-NULL)...
FreeRDP-3.16.0/libfreerdp/core/timer.c:270:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:272:26: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/timer.c:273:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/timer.c:275:24: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:275:24: danger: ‘<unknown>’ leaks here; was allocated at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#  273|   	if (!timer->entries)
#  274|   		goto fail;
#  275|-> 	wObject* obj = ArrayList_Object(timer->entries);
#  276|   	WINPR_ASSERT(obj);
#  277|   	obj->fnObjectNew = entry_new;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def48]
FreeRDP-3.16.0/libfreerdp/core/timer.c:275:24: warning[-Wanalyzer-malloc-leak]: leak of ‘timer’
FreeRDP-3.16.0/libfreerdp/core/timer.c:267:31: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/timer.c:268:12: branch_false: following ‘false’ branch (when ‘timer’ is non-NULL)...
FreeRDP-3.16.0/libfreerdp/core/timer.c:270:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:273:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/timer.c:275:24: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:275:24: danger: ‘timer’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  273|   	if (!timer->entries)
#  274|   		goto fail;
#  275|-> 	wObject* obj = ArrayList_Object(timer->entries);
#  276|   	WINPR_ASSERT(obj);
#  277|   	obj->fnObjectNew = entry_new;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def49]
FreeRDP-3.16.0/libfreerdp/core/timer.c:280:24: warning[-Wanalyzer-malloc-leak]: leak of ‘timer’
FreeRDP-3.16.0/libfreerdp/core/timer.c:267:31: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/timer.c:268:12: branch_false: following ‘false’ branch (when ‘timer’ is non-NULL)...
FreeRDP-3.16.0/libfreerdp/core/timer.c:270:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:273:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/timer.c:275:24: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:280:24: danger: ‘timer’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  278|   	obj->fnObjectFree = free;
#  279|   
#  280|-> 	timer->event = CreateEventA(NULL, TRUE, FALSE, NULL);
#  281|   	if (!timer->event)
#  282|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def50]
FreeRDP-3.16.0/libfreerdp/core/timer.c:284:28: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
FreeRDP-3.16.0/libfreerdp/core/timer.c:268:12: branch_false: following ‘false’ branch (when ‘timer’ is non-NULL)...
FreeRDP-3.16.0/libfreerdp/core/timer.c:270:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:273:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/timer.c:275:24: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:280:24: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/timer.c:281:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/timer.c:284:28: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:284:28: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/4)
#  282|   		goto fail;
#  283|   
#  284|-> 	timer->mainevent = CreateEventA(NULL, TRUE, FALSE, NULL);
#  285|   	if (!timer->mainevent)
#  286|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def51]
FreeRDP-3.16.0/libfreerdp/core/timer.c:284:28: warning[-Wanalyzer-malloc-leak]: leak of ‘timer’
FreeRDP-3.16.0/libfreerdp/core/timer.c:267:31: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/timer.c:268:12: branch_false: following ‘false’ branch (when ‘timer’ is non-NULL)...
FreeRDP-3.16.0/libfreerdp/core/timer.c:270:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:273:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/timer.c:275:24: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:281:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/timer.c:284:28: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:284:28: danger: ‘timer’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  282|   		goto fail;
#  283|   
#  284|-> 	timer->mainevent = CreateEventA(NULL, TRUE, FALSE, NULL);
#  285|   	if (!timer->mainevent)
#  286|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def52]
FreeRDP-3.16.0/libfreerdp/core/timer.c:290:25: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
FreeRDP-3.16.0/libfreerdp/core/timer.c:268:12: branch_false: following ‘false’ branch (when ‘timer’ is non-NULL)...
FreeRDP-3.16.0/libfreerdp/core/timer.c:270:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:273:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/timer.c:275:24: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:280:24: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/timer.c:281:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/timer.c:284:28: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:285:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/timer.c:289:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:290:25: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/4)
#  288|   #if defined(FREERDP_TIMER_SUPPORTED)
#  289|   	timer->running = true;
#  290|-> 	timer->thread = CreateThread(NULL, 0, timer_thread, timer, 0, NULL);
#  291|   	if (!timer->thread)
#  292|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def53]
FreeRDP-3.16.0/libfreerdp/core/timer.c:290:25: warning[-Wanalyzer-malloc-leak]: leak of ‘timer’
FreeRDP-3.16.0/libfreerdp/core/timer.c:267:31: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/timer.c:268:12: branch_false: following ‘false’ branch (when ‘timer’ is non-NULL)...
FreeRDP-3.16.0/libfreerdp/core/timer.c:270:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:273:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/timer.c:275:24: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:281:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/timer.c:284:28: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:285:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/timer.c:289:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:290:25: danger: ‘timer’ leaks here; was allocated at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
#  288|   #if defined(FREERDP_TIMER_SUPPORTED)
#  289|   	timer->running = true;
#  290|-> 	timer->thread = CreateThread(NULL, 0, timer_thread, timer, 0, NULL);
#  291|   	if (!timer->thread)
#  292|   		goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def54]
FreeRDP-3.16.0/libfreerdp/core/timer.c:297:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
FreeRDP-3.16.0/libfreerdp/core/timer.c:268:12: branch_false: following ‘false’ branch (when ‘timer’ is non-NULL)...
FreeRDP-3.16.0/libfreerdp/core/timer.c:270:9: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:273:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/timer.c:275:24: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:280:24: acquire_memory: allocated here
FreeRDP-3.16.0/libfreerdp/core/timer.c:281:12: branch_false: following ‘false’ branch...
FreeRDP-3.16.0/libfreerdp/core/timer.c:284:28: branch_false: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:285:12: branch_true: following ‘true’ branch...
FreeRDP-3.16.0/libfreerdp/core/timer.c:286:17: branch_true: ...to here
FreeRDP-3.16.0/libfreerdp/core/timer.c:297:9: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/4)
#  295|   
#  296|   fail:
#  297|-> 	freerdp_timer_free(timer);
#  298|   	return NULL;
#  299|   }
Scan Properties

analyzer-version-clippy	1.90.0
analyzer-version-cppcheck	2.18.3
analyzer-version-gcc	15.2.1
analyzer-version-gcc-analyzer	16.0.0
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.90.0
diffbase-analyzer-version-cppcheck	2.18.3
diffbase-analyzer-version-gcc	15.2.1
diffbase-analyzer-version-gcc-analyzer	16.0.0
diffbase-analyzer-version-shellcheck	0.11.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-219.us-west-2.compute.internal
diffbase-known-false-positives	/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
diffbase-mock-config	fedora-rawhide-gcc-latest-x86_64
diffbase-project-name	freerdp-3.16.0-4.fc43
diffbase-store-results-to	/tmp/tmp2u3ms8oc/freerdp-3.16.0-4.fc43.tar.xz
diffbase-time-created	2025-10-28 17:52:32
diffbase-time-finished	2025-10-28 18:00:01
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'gcc,cppcheck,shellcheck,clippy,unicontrol' '-o' '/tmp/tmp2u3ms8oc/freerdp-3.16.0-4.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmp2u3ms8oc/freerdp-3.16.0-4.fc43.src.rpm'
diffbase-tool-version	csmock-3.8.3.20251027.143044.ge6b947b-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-219.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
mock-config	fedora-rawhide-gcc-latest-x86_64
project-name	freerdp-3.16.0-4.fc44
store-results-to	/tmp/tmpx3s63f14/freerdp-3.16.0-4.fc44.tar.xz
time-created	2025-10-28 18:01:48
time-finished	2025-10-28 18:08:56
title	Newly introduced findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'gcc,cppcheck,shellcheck,clippy,unicontrol' '-o' '/tmp/tmpx3s63f14/freerdp-3.16.0-4.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpx3s63f14/freerdp-3.16.0-4.fc44.src.rpm'
tool-version	csmock-3.8.3.20251027.143044.ge6b947b-1.el9