Fixed findings

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-404): [#def1]
gpgme-1.24.3/src/gpgme-tool.c:1300:10: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
gpgme-1.24.3/src/gpgme-tool.c:2870:1: enter_function: entry to ‘cmd_keylist’
gpgme-1.24.3/src/gpgme-tool.c:2913:3: call_function: calling ‘result_xml_tag_start’ from ‘cmd_keylist’
# 1298|   gt_write_data (gpgme_tool_t gt, const void *buf, size_t len)
# 1299|   {
# 1300|->   return gt->write_data (gt->write_data_hook, buf, len);
# 1301|   }
# 1302|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def2]
gpgme-1.24.3/src/gpgme-tool.c:1596:13: warning[-Wanalyzer-malloc-leak]: leak of ‘keys’
gpgme-1.24.3/src/gpgme-tool.c:2653:1: enter_function: entry to ‘cmd_import’
gpgme-1.24.3/src/gpgme-tool.c:2657:6: branch_true: following ‘true’ branch...
gpgme-1.24.3/src/gpgme-tool.c:2661:14: call_function: calling ‘gt_import_keys’ from ‘cmd_import’
# 1594|     for (idx = 0; idx < cnt; idx++)
# 1595|       {
# 1596|->       err = gpgme_get_key (gt->ctx, fpr[idx], &keys[idx], 0);
# 1597|         if (err)
# 1598|   	break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def3]
gpgme-1.24.3/src/gpgme-tool.c:1603:13: warning[-Wanalyzer-malloc-leak]: leak of ‘keys’
gpgme-1.24.3/src/gpgme-tool.c:2653:1: enter_function: entry to ‘cmd_import’
gpgme-1.24.3/src/gpgme-tool.c:2657:6: branch_true: following ‘true’ branch...
gpgme-1.24.3/src/gpgme-tool.c:2661:14: call_function: calling ‘gt_import_keys’ from ‘cmd_import’
# 1601|       {
# 1602|         keys[cnt] = NULL;
# 1603|->       err = gpgme_op_import_keys (gt->ctx, keys);
# 1604|       }
# 1605|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def4]
gpgme-1.24.3/src/gpgme-tool.c:1916:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fn,  <unknown>)’
gpgme-1.24.3/src/gpgme-tool.c:2999:1: enter_function: entry to ‘cmd_getauditlog’
gpgme-1.24.3/src/gpgme-tool.c:3010:6: branch_false: following ‘false’ branch...
gpgme-1.24.3/src/gpgme-tool.c:3012:9: branch_false: ...to here
gpgme-1.24.3/src/gpgme-tool.c:3012:9: call_function: calling ‘server_data_obj’ from ‘cmd_getauditlog’
# 1914|   	return gpg_error_from_syserror ();
# 1915|   
# 1916|->       err = gpgme_data_new_from_stream (data, *fs);
# 1917|       }
# 1918|     else

Error: GCC_ANALYZER_WARNING (CWE-401): [#def5]
gpgme-1.24.3/src/gpgme-tool.c:1916:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(fn,  <unknown>)’
gpgme-1.24.3/src/gpgme-tool.c:2999:1: enter_function: entry to ‘cmd_getauditlog’
gpgme-1.24.3/src/gpgme-tool.c:3010:6: branch_false: following ‘false’ branch...
gpgme-1.24.3/src/gpgme-tool.c:3012:9: branch_false: ...to here
gpgme-1.24.3/src/gpgme-tool.c:3012:9: call_function: calling ‘server_data_obj’ from ‘cmd_getauditlog’
# 1914|   	return gpg_error_from_syserror ();
# 1915|   
# 1916|->       err = gpgme_data_new_from_stream (data, *fs);
# 1917|       }
# 1918|     else

Scan Properties

analyzer-version-clippy	1.90.0
analyzer-version-cppcheck	2.18.3
analyzer-version-gcc	15.2.1
analyzer-version-gcc-analyzer	16.0.0
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.90.0
diffbase-analyzer-version-cppcheck	2.18.3
diffbase-analyzer-version-gcc	15.2.1
diffbase-analyzer-version-gcc-analyzer	16.0.0
diffbase-analyzer-version-shellcheck	0.11.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-45.us-west-2.compute.internal
diffbase-known-false-positives	/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
diffbase-mock-config	fedora-rawhide-gcc-latest-x86_64
diffbase-project-name	gpgme-1.24.3-6.fc44
diffbase-store-results-to	/tmp/tmp8l057b2i/gpgme-1.24.3-6.fc44.tar.xz
diffbase-time-created	2025-10-28 18:16:06
diffbase-time-finished	2025-10-28 18:23:54
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'gcc,cppcheck,shellcheck,clippy,unicontrol' '-o' '/tmp/tmp8l057b2i/gpgme-1.24.3-6.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmp8l057b2i/gpgme-1.24.3-6.fc44.src.rpm'
diffbase-tool-version	csmock-3.8.3.20251027.143044.ge6b947b-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-45.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
mock-config	fedora-rawhide-gcc-latest-x86_64
project-name	gpgme-1.24.3-6.fc43
store-results-to	/tmp/tmpcik0a6e3/gpgme-1.24.3-6.fc43.tar.xz
time-created	2025-10-28 18:07:22
time-finished	2025-10-28 18:15:31
title	Fixed findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'gcc,cppcheck,shellcheck,clippy,unicontrol' '-o' '/tmp/tmpcik0a6e3/gpgme-1.24.3-6.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmpcik0a6e3/gpgme-1.24.3-6.fc43.src.rpm'
tool-version	csmock-3.8.3.20251027.143044.ge6b947b-1.el9