Error: SHELLCHECK_WARNING (CWE-563): [#def1] /usr/bin/apachectl:30:1: warning[SC2034]: ARGV appears unused. Verify use (or export if used externally). # 28| # 29| ACMD="$1" # 30|-> ARGV="$@" # 31| SVC='httpd.service' # 32| HTTPD='/usr/bin/httpd' Error: SHELLCHECK_WARNING (CWE-569): [#def2] /usr/bin/apachectl:30:6: warning[SC2124]: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate. # 28| # 29| ACMD="$1" # 30|-> ARGV="$@" # 31| SVC='httpd.service' # 32| HTTPD='/usr/bin/httpd' Error: SHELLCHECK_WARNING (CWE-456): [#def3] /usr/lib64/httpd/build/instdso.sh:54:9: warning[SC2209]: Use var=$(command) to assign output (or quote to assign string). # 52| case $SYS in # 53| SunOS|HP-UX) # 54|-> INSTALL_CMD=cp # 55| ;; # 56| *) Error: SHELLCHECK_WARNING (CWE-456): [#def4] /usr/lib64/httpd/build/instdso.sh:57:64: warning[SC2209]: Use var=$(command) to assign output (or quote to assign string). # 55| ;; # 56| *) # 57|-> type install >/dev/null 2>&1 && INSTALL_CMD=install || INSTALL_CMD=cp # 58| ;; # 59| esac Error: SHELLCHECK_WARNING (CWE-456): [#def5] /usr/lib64/httpd/build/mkdir.sh:29:9: warning[SC2121]: To assign a variable, use just 'var=value', no 'set ..'. # 27| errstatus=0 # 28| for file in ${1+"$@"} ; do # 29|-> set fnord `echo ":$file" |\ # 30| sed -e 's/^:\//%/' -e 's/^://' -e 's/\// /g' -e 's/^%/\//'` # 31| shift Error: SHELLCHECK_WARNING (CWE-156): [#def6] /usr/lib64/httpd/build/mkdir.sh:29:15: warning[SC2046]: Quote this to prevent word splitting. # 27| errstatus=0 # 28| for file in ${1+"$@"} ; do # 29|-> set fnord `echo ":$file" |\ # 30| sed -e 's/^:\//%/' -e 's/^://' -e 's/\// /g' -e 's/^%/\//'` # 31| shift Error: GCC_ANALYZER_WARNING (CWE-688): [#def7] httpd-2.4.65/modules/aaa/mod_access_compat.c:218:14: warning[-Wanalyzer-null-argument]: use of NULL 'what' where non-null expected httpd-2.4.65/modules/aaa/mod_access_compat.c:242:12: enter_function: entry to 'find_allowdeny' httpd-2.4.65/modules/aaa/mod_access_compat.c:251:17: branch_true: following 'true' branch... httpd-2.4.65/modules/aaa/mod_access_compat.c:252:25: branch_true: ...to here httpd-2.4.65/modules/aaa/mod_access_compat.c:251:17: branch_true: following 'true' branch... httpd-2.4.65/modules/aaa/mod_access_compat.c:252:25: branch_true: ...to here httpd-2.4.65/modules/aaa/mod_access_compat.c:252:12: branch_false: following 'false' branch... httpd-2.4.65/modules/aaa/mod_access_compat.c:256:17: branch_false: ...to here httpd-2.4.65/modules/aaa/mod_access_compat.c:279:16: branch_false: following 'false' branch (when 'gothost != 0')... httpd-2.4.65/modules/aaa/mod_access_compat.c:293:16: branch_false: ...to here httpd-2.4.65/modules/aaa/mod_access_compat.c:293:16: branch_true: following 'true' branch (when 'gothost == 2')... httpd-2.4.65/modules/aaa/mod_access_compat.c:293:45: branch_true: ...to here httpd-2.4.65/modules/aaa/mod_access_compat.c:293:35: call_function: calling 'in_domain' from 'find_allowdeny' #argument 1 of '__builtin_strlen' must be non-null # 216| { # 217| int dl = strlen(domain); # 218|-> int wl = strlen(what); # 219| # 220| if ((wl - dl) >= 0) { Error: GCC_ANALYZER_WARNING (CWE-457): [#def8] httpd-2.4.65/modules/cache/cache_util.c:935:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '*last' httpd-2.4.65/modules/cache/cache_util.c:1139:12: enter_function: entry to 'cache_control_remove' httpd-2.4.65/modules/cache/cache_util.c:1145:8: branch_true: following 'true' branch (when 'cc_header' is non-NULL)... httpd-2.4.65/modules/cache/cache_util.c:1146:24: branch_true: ...to here httpd-2.4.65/modules/cache/cache_util.c:1147:23: call_function: calling 'cache_strqtok' from 'cache_control_remove' # 933| # 934| if (!str) { /* subsequent call */ # 935|-> str = *last; /* start where we left off */ # 936| } # 937| Error: GCC_ANALYZER_WARNING (CWE-476): [#def9] httpd-2.4.65/modules/dav/main/mod_dav.c:2055:27: warning[-Wanalyzer-null-dereference]: dereference of NULL '((dav_walker_ctx)*(void *)((void *)ctx)).doc' httpd-2.4.65/modules/dav/main/mod_dav.c:2069:20: enter_function: entry to 'dav_propfind_walker' httpd-2.4.65/modules/dav/main/mod_dav.c:2097:11: branch_false: following 'false' branch... httpd-2.4.65/modules/dav/main/mod_dav.c:2097:11: branch_false: ...to here httpd-2.4.65/modules/dav/main/mod_dav.c:2100:8: branch_true: following 'true' branch... httpd-2.4.65/modules/dav/main/mod_dav.c:2103:13: branch_true: ...to here httpd-2.4.65/modules/dav/main/mod_dav.c:2103:12: branch_true: following 'true' branch... httpd-2.4.65/modules/dav/main/mod_dav.c:2104:34: branch_true: ...to here httpd-2.4.65/modules/dav/main/mod_dav.c:2107:13: call_function: calling 'dav_cache_badprops' from 'dav_propfind_walker' # 2053| "<D:prop>" DEBUG_CR); # 2054| # 2055|-> elem = dav_find_child(ctx->doc->root, "prop"); # 2056| for (elem = elem->first_child; elem; elem = elem->next) { # 2057| apr_text_append(ctx->w.pool, &hdr, Error: GCC_ANALYZER_WARNING (CWE-457): [#def10] httpd-2.4.65/modules/filters/mod_charset_lite.c:448:33: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value '*cur_str' httpd-2.4.65/modules/filters/mod_charset_lite.c:754:21: enter_function: entry to 'xlate_out_filter' httpd-2.4.65/modules/filters/mod_charset_lite.c:853:8: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_charset_lite.c:857:5: branch_false: ...to here httpd-2.4.65/modules/filters/mod_charset_lite.c:862:12: branch_true: following 'true' branch (when 'done == 0')... httpd-2.4.65/modules/filters/mod_charset_lite.c:863:13: branch_true: ...to here httpd-2.4.65/modules/filters/mod_charset_lite.c:863:12: branch_true: following 'true' branch... httpd-2.4.65/modules/filters/mod_charset_lite.c:864:16: branch_true: ...to here httpd-2.4.65/modules/filters/mod_charset_lite.c:864:16: branch_false: following 'false' branch (when 'consumed_bucket' is NULL)... httpd-2.4.65/modules/filters/mod_charset_lite.c:868:25: branch_false: ...to here httpd-2.4.65/modules/filters/mod_charset_lite.c:868:16: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_charset_lite.c:871:17: branch_false: ...to here httpd-2.4.65/modules/filters/mod_charset_lite.c:871:16: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_charset_lite.c:884:17: branch_false: ...to here httpd-2.4.65/modules/filters/mod_charset_lite.c:884:16: branch_true: following 'true' branch... httpd-2.4.65/modules/filters/mod_charset_lite.c:887:17: branch_true: ...to here httpd-2.4.65/modules/filters/mod_charset_lite.c:890:20: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_charset_lite.c:884:47: branch_false: ...to here httpd-2.4.65/modules/filters/mod_charset_lite.c:862:12: branch_true: following 'true' branch (when 'done == 0')... httpd-2.4.65/modules/filters/mod_charset_lite.c:863:13: branch_true: ...to here httpd-2.4.65/modules/filters/mod_charset_lite.c:908:16: branch_true: following 'true' branch... httpd-2.4.65/modules/filters/mod_charset_lite.c:914:45: branch_true: ...to here httpd-2.4.65/modules/filters/mod_charset_lite.c:915:22: call_function: calling 'finish_partial_char' from 'xlate_out_filter' # 446| # 447| do { # 448|-> ctx->buf[ctx->saved] = **cur_str; # 449| ++ctx->saved; # 450| ++*cur_str; Error: GCC_ANALYZER_WARNING (CWE-457): [#def11] httpd-2.4.65/modules/filters/mod_charset_lite.c:920:22: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'cur_str' httpd-2.4.65/modules/filters/mod_charset_lite.c:853:8: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_charset_lite.c:857:5: branch_false: ...to here httpd-2.4.65/modules/filters/mod_charset_lite.c:862:12: branch_true: following 'true' branch (when 'done == 0')... httpd-2.4.65/modules/filters/mod_charset_lite.c:863:13: branch_true: ...to here httpd-2.4.65/modules/filters/mod_charset_lite.c:863:12: branch_true: following 'true' branch... httpd-2.4.65/modules/filters/mod_charset_lite.c:864:16: branch_true: ...to here httpd-2.4.65/modules/filters/mod_charset_lite.c:864:16: branch_false: following 'false' branch (when 'consumed_bucket' is NULL)... httpd-2.4.65/modules/filters/mod_charset_lite.c:868:25: branch_false: ...to here httpd-2.4.65/modules/filters/mod_charset_lite.c:868:16: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_charset_lite.c:871:17: branch_false: ...to here httpd-2.4.65/modules/filters/mod_charset_lite.c:871:16: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_charset_lite.c:884:17: branch_false: ...to here httpd-2.4.65/modules/filters/mod_charset_lite.c:884:16: branch_true: following 'true' branch... httpd-2.4.65/modules/filters/mod_charset_lite.c:887:17: branch_true: ...to here httpd-2.4.65/modules/filters/mod_charset_lite.c:890:20: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_charset_lite.c:884:47: branch_false: ...to here httpd-2.4.65/modules/filters/mod_charset_lite.c:862:12: branch_true: following 'true' branch (when 'done == 0')... httpd-2.4.65/modules/filters/mod_charset_lite.c:863:13: branch_true: ...to here httpd-2.4.65/modules/filters/mod_charset_lite.c:908:16: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_charset_lite.c:922:62: branch_false: ...to here httpd-2.4.65/modules/filters/mod_charset_lite.c:920:22: danger: use of uninitialized value 'cur_str' here # 918| } # 919| else { # 920|-> rv = apr_xlate_conv_buffer(ctx->xlate, # 921| cur_str, &cur_avail, # 922| tmp + sizeof(tmp) - space_avail, &space_avail); Error: GCC_ANALYZER_WARNING (CWE-688): [#def12] httpd-2.4.65/modules/filters/mod_include.c:2337:9: warning[-Wanalyzer-null-argument]: use of NULL 'tag' where non-null expected httpd-2.4.65/modules/filters/mod_include.c:2306:21: enter_function: entry to 'handle_if' httpd-2.4.65/modules/filters/mod_include.c:2309:11: release_memory: 'tag' is NULL httpd-2.4.65/modules/filters/mod_include.c:2310:11: release_memory: 'tag' is NULL httpd-2.4.65/modules/filters/mod_include.c:2325:8: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_include.c:2330:9: branch_false: ...to here httpd-2.4.65/modules/filters/mod_include.c:2330:8: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_include.c:2335:5: branch_false: ...to here httpd-2.4.65/modules/filters/mod_include.c:2335:5: call_function: calling 'ap_ssi_get_tag_and_value' from 'handle_if' httpd-2.4.65/modules/filters/mod_include.c:2335:5: return_function: returning to 'handle_if' from 'ap_ssi_get_tag_and_value' httpd-2.4.65/modules/filters/mod_include.c:2337:9: release_memory: 'tag' is NULL httpd-2.4.65/modules/filters/mod_include.c:2337:9: danger: argument 1 ('tag') NULL where non-null expected # 2335| ap_ssi_get_tag_and_value(ctx, &tag, &expr, SSI_VALUE_RAW); # 2336| # 2337|-> if (strcmp(tag, "expr")) { # 2338| ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01354) "unknown parameter \"%s\" " # 2339| "to tag if in %s", tag, r->filename); Error: GCC_ANALYZER_WARNING (CWE-688): [#def13] httpd-2.4.65/modules/filters/mod_include.c:2409:9: warning[-Wanalyzer-null-argument]: use of NULL 'tag' where non-null expected httpd-2.4.65/modules/filters/mod_include.c:2380:21: enter_function: entry to 'handle_elif' httpd-2.4.65/modules/filters/mod_include.c:2383:11: release_memory: 'tag' is NULL httpd-2.4.65/modules/filters/mod_include.c:2384:11: release_memory: 'tag' is NULL httpd-2.4.65/modules/filters/mod_include.c:2398:8: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_include.c:2402:9: branch_false: ...to here httpd-2.4.65/modules/filters/mod_include.c:2402:8: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_include.c:2407:5: branch_false: ...to here httpd-2.4.65/modules/filters/mod_include.c:2407:5: call_function: calling 'ap_ssi_get_tag_and_value' from 'handle_elif' httpd-2.4.65/modules/filters/mod_include.c:2407:5: return_function: returning to 'handle_elif' from 'ap_ssi_get_tag_and_value' httpd-2.4.65/modules/filters/mod_include.c:2409:9: release_memory: 'tag' is NULL httpd-2.4.65/modules/filters/mod_include.c:2409:9: danger: argument 1 ('tag') NULL where non-null expected # 2407| ap_ssi_get_tag_and_value(ctx, &tag, &expr, SSI_VALUE_RAW); # 2408| # 2409|-> if (strcmp(tag, "expr")) { # 2410| ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01358) "unknown parameter \"%s\" " # 2411| "to tag if in %s", tag, r->filename); Error: GCC_ANALYZER_WARNING (CWE-476): [#def14] httpd-2.4.65/modules/filters/mod_include.c:3206:17: warning[-Wanalyzer-null-dereference]: dereference of NULL 'data' httpd-2.4.65/modules/filters/mod_include.c:3388:21: enter_function: entry to 'send_parsed_content' httpd-2.4.65/modules/filters/mod_include.c:3399:8: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_include.c:3406:9: branch_false: ...to here httpd-2.4.65/modules/filters/mod_include.c:3406:8: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_include.c:3411:45: branch_false: ...to here httpd-2.4.65/modules/filters/mod_include.c:3419:12: branch_true: following 'true' branch... httpd-2.4.65/modules/filters/mod_include.c:3420:21: branch_true: ...to here httpd-2.4.65/modules/filters/mod_include.c:3420:21: release_memory: 'data' is NULL httpd-2.4.65/modules/filters/mod_include.c:3427:12: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_include.c:3472:13: branch_false: ...to here httpd-2.4.65/modules/filters/mod_include.c:3472:12: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_include.c:3473:13: branch_false: ...to here httpd-2.4.65/modules/filters/mod_include.c:3472:13: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_include.c:3488:9: branch_false: ...to here httpd-2.4.65/modules/filters/mod_include.c:3489:12: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_include.c:3511:13: branch_false: ...to here httpd-2.4.65/modules/filters/mod_include.c:3511:12: branch_true: following 'true' branch... httpd-2.4.65/modules/filters/mod_include.c:3511:22: branch_true: ...to here httpd-2.4.65/modules/filters/mod_include.c:3511:13: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_include.c:3520:17: branch_false: ...to here httpd-2.4.65/modules/filters/mod_include.c:3638:21: release_memory: 'data' is NULL httpd-2.4.65/modules/filters/mod_include.c:3638:21: call_function: calling 'find_argument' from 'send_parsed_content' # 3204| * can safely assume, someone forgot the name of the argument # 3205| */ # 3206|-> switch (*p) { # 3207| case '"': case '\'': case '`': # 3208| *store = NULL; Error: GCC_ANALYZER_WARNING (CWE-476): [#def15] httpd-2.4.65/modules/filters/mod_include.c:3306:13: warning[-Wanalyzer-null-dereference]: dereference of NULL 'data' httpd-2.4.65/modules/filters/mod_include.c:3388:21: enter_function: entry to 'send_parsed_content' httpd-2.4.65/modules/filters/mod_include.c:3399:8: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_include.c:3406:9: branch_false: ...to here httpd-2.4.65/modules/filters/mod_include.c:3406:8: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_include.c:3411:45: branch_false: ...to here httpd-2.4.65/modules/filters/mod_include.c:3419:12: branch_true: following 'true' branch... httpd-2.4.65/modules/filters/mod_include.c:3420:21: branch_true: ...to here httpd-2.4.65/modules/filters/mod_include.c:3420:21: release_memory: 'data' is NULL httpd-2.4.65/modules/filters/mod_include.c:3427:12: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_include.c:3472:13: branch_false: ...to here httpd-2.4.65/modules/filters/mod_include.c:3472:12: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_include.c:3473:13: branch_false: ...to here httpd-2.4.65/modules/filters/mod_include.c:3472:13: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_include.c:3488:9: branch_false: ...to here httpd-2.4.65/modules/filters/mod_include.c:3489:12: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_include.c:3511:13: branch_false: ...to here httpd-2.4.65/modules/filters/mod_include.c:3511:12: branch_true: following 'true' branch... httpd-2.4.65/modules/filters/mod_include.c:3511:22: branch_true: ...to here httpd-2.4.65/modules/filters/mod_include.c:3511:13: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_include.c:3520:17: branch_false: ...to here httpd-2.4.65/modules/filters/mod_include.c:3638:21: release_memory: 'data' is NULL httpd-2.4.65/modules/filters/mod_include.c:3638:21: call_function: calling 'find_argument' from 'send_parsed_content' # 3304| # 3305| case PARSE_ARG_VAL_ESC: # 3306|-> if (*p == intern->quote) { # 3307| ++p; # 3308| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def16] httpd-2.4.65/modules/filters/mod_proxy_html.c:206:8: warning[-Wanalyzer-malloc-leak]: leak of 'newbuf' httpd-2.4.65/modules/filters/mod_proxy_html.c:319:13: enter_function: entry to 'pcomment' httpd-2.4.65/modules/filters/mod_proxy_html.c:323:8: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_proxy_html.c:326:9: branch_false: ...to here httpd-2.4.65/modules/filters/mod_proxy_html.c:326:8: branch_true: following 'true' branch... httpd-2.4.65/modules/filters/mod_proxy_html.c:327:9: branch_true: ...to here httpd-2.4.65/modules/filters/mod_proxy_html.c:328:9: call_function: calling 'pappend' from 'pcomment' # 204| # 205| newbuf = realloc(ctx->buf, ctx->avail); # 206|-> if (newbuf != ctx->buf) { # 207| if (ctx->buf) # 208| apr_pool_cleanup_kill(ctx->f->r->pool, ctx->buf, Error: GCC_ANALYZER_WARNING (CWE-401): [#def17] httpd-2.4.65/modules/filters/mod_proxy_html.c:208:13: warning[-Wanalyzer-malloc-leak]: leak of 'newbuf' httpd-2.4.65/modules/filters/mod_proxy_html.c:319:13: enter_function: entry to 'pcomment' httpd-2.4.65/modules/filters/mod_proxy_html.c:323:8: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_proxy_html.c:326:9: branch_false: ...to here httpd-2.4.65/modules/filters/mod_proxy_html.c:326:8: branch_true: following 'true' branch... httpd-2.4.65/modules/filters/mod_proxy_html.c:327:9: branch_true: ...to here httpd-2.4.65/modules/filters/mod_proxy_html.c:327:9: call_function: calling 'pappend' from 'pcomment' # 206| if (newbuf != ctx->buf) { # 207| if (ctx->buf) # 208|-> apr_pool_cleanup_kill(ctx->f->r->pool, ctx->buf, # 209| (int(*)(void*))free); # 210| apr_pool_cleanup_register(ctx->f->r->pool, newbuf, Error: GCC_ANALYZER_WARNING (CWE-401): [#def18] httpd-2.4.65/modules/filters/mod_proxy_html.c:210:9: warning[-Wanalyzer-malloc-leak]: leak of 'newbuf' httpd-2.4.65/modules/filters/mod_proxy_html.c:319:13: enter_function: entry to 'pcomment' httpd-2.4.65/modules/filters/mod_proxy_html.c:323:8: branch_false: following 'false' branch... httpd-2.4.65/modules/filters/mod_proxy_html.c:326:9: branch_false: ...to here httpd-2.4.65/modules/filters/mod_proxy_html.c:326:8: branch_true: following 'true' branch... httpd-2.4.65/modules/filters/mod_proxy_html.c:327:9: branch_true: ...to here httpd-2.4.65/modules/filters/mod_proxy_html.c:327:9: call_function: calling 'pappend' from 'pcomment' # 208| apr_pool_cleanup_kill(ctx->f->r->pool, ctx->buf, # 209| (int(*)(void*))free); # 210|-> apr_pool_cleanup_register(ctx->f->r->pool, newbuf, # 211| (int(*)(void*))free, apr_pool_cleanup_null); # 212| ctx->buf = newbuf; Error: GCC_ANALYZER_WARNING (CWE-404): [#def19] httpd-2.4.65/modules/filters/sed0.c:50:17: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/modules/filters/sed0.c:46:8: branch_true: following 'true' branch... httpd-2.4.65/modules/filters/sed0.c:49:9: acquire_resource: 'va_start' called here httpd-2.4.65/modules/filters/sed0.c:50:17: danger: missing call to 'va_end' to match 'va_start' at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) # 48| const char* error; # 49| va_start(args, fmt); # 50|-> error = apr_pvsprintf(commands->pool, fmt, args); # 51| commands->errfn(commands->data, error); # 52| va_end(args); Error: GCC_ANALYZER_WARNING (CWE-404): [#def20] httpd-2.4.65/modules/filters/sed1.c:83:17: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/modules/filters/sed1.c:766:21: enter_function: entry to 'command' httpd-2.4.65/modules/filters/sed1.c:780:16: branch_true: following 'true' branch... httpd-2.4.65/modules/filters/sed1.c:781:17: branch_true: ...to here httpd-2.4.65/modules/filters/sed1.c:781:17: call_function: calling 'eval_errf' from 'command' # 81| const char* error; # 82| va_start(args, fmt); # 83|-> error = apr_pvsprintf(eval->pool, fmt, args); # 84| eval->errfn(eval->data, error); # 85| va_end(args); Error: GCC_ANALYZER_WARNING (CWE-775): [#def21] httpd-2.4.65/modules/generators/mod_cgid.c:746:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'sd' httpd-2.4.65/modules/generators/mod_cgid.c:740:15: acquire_resource: stream socket created here httpd-2.4.65/modules/generators/mod_cgid.c:740:8: branch_false: following 'false' branch (when 'sd >= 0')... httpd-2.4.65/modules/generators/mod_cgid.c:746:45: branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:746:5: danger: 'sd' leaks here # 744| } # 745| # 746|-> apr_pool_cleanup_register(pcgi, (void *)((long)sd), # 747| close_unix_socket, close_unix_socket); # 748| Error: GCC_ANALYZER_WARNING (CWE-775): [#def22] httpd-2.4.65/modules/generators/mod_cgid.c:769:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'sd' httpd-2.4.65/modules/generators/mod_cgid.c:740:15: acquire_resource: stream socket created here httpd-2.4.65/modules/generators/mod_cgid.c:740:8: branch_false: following 'false' branch (when 'sd >= 0')... httpd-2.4.65/modules/generators/mod_cgid.c:746:45: branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:752:8: branch_false: following 'false' branch (when 'rc >= 0')... httpd-2.4.65/modules/generators/mod_cgid.c:760:10: branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:761:8: branch_false: following 'false' branch... httpd-2.4.65/modules/generators/mod_cgid.c:768:9: branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:768:8: branch_true: following 'true' branch... httpd-2.4.65/modules/generators/mod_cgid.c:769:9: branch_true: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:769:9: danger: 'sd' leaks here # 767| # 768| if (listen(sd, DEFAULT_CGID_LISTENBACKLOG) < 0) { # 769|-> ap_log_error(APLOG_MARK, APLOG_ERR, errno, main_server, APLOGNO(01245) # 770| "Couldn't listen on unix domain socket"); # 771| return errno; Error: GCC_ANALYZER_WARNING (CWE-775): [#def23] httpd-2.4.65/modules/generators/mod_cgid.c:776:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'sd' httpd-2.4.65/modules/generators/mod_cgid.c:740:15: acquire_resource: stream socket created here httpd-2.4.65/modules/generators/mod_cgid.c:740:8: branch_false: following 'false' branch (when 'sd >= 0')... httpd-2.4.65/modules/generators/mod_cgid.c:746:45: branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:752:8: branch_false: following 'false' branch (when 'rc >= 0')... httpd-2.4.65/modules/generators/mod_cgid.c:760:10: branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:761:8: branch_false: following 'false' branch... httpd-2.4.65/modules/generators/mod_cgid.c:768:9: branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:768:8: branch_false: following 'false' branch... httpd-2.4.65/modules/generators/mod_cgid.c:774:10: branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:774:8: branch_true: following 'true' branch... httpd-2.4.65/modules/generators/mod_cgid.c:775:29: branch_true: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:775:12: branch_true: following 'true' branch... httpd-2.4.65/modules/generators/mod_cgid.c:776:13: branch_true: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:776:13: danger: 'sd' leaks here # 774| if (!geteuid()) { # 775| if (chown(sockname, ap_unixd_config.user_id, -1) < 0) { # 776|-> ap_log_error(APLOG_MARK, APLOG_ERR, errno, main_server, APLOGNO(01246) # 777| "Couldn't change owner of unix domain socket %s", # 778| sockname); Error: GCC_ANALYZER_WARNING (CWE-775): [#def24] httpd-2.4.65/modules/generators/mod_cgid.c:784:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'sd' httpd-2.4.65/modules/generators/mod_cgid.c:740:15: acquire_resource: stream socket created here httpd-2.4.65/modules/generators/mod_cgid.c:740:8: branch_false: following 'false' branch (when 'sd >= 0')... httpd-2.4.65/modules/generators/mod_cgid.c:746:45: branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:752:8: branch_false: following 'false' branch (when 'rc >= 0')... httpd-2.4.65/modules/generators/mod_cgid.c:760:10: branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:761:8: branch_false: following 'false' branch... httpd-2.4.65/modules/generators/mod_cgid.c:768:9: branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:768:8: branch_false: following 'false' branch... httpd-2.4.65/modules/generators/mod_cgid.c:774:10: branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:784:15: danger: 'sd' leaks here # 782| # 783| /* if running as root, switch to configured user/group */ # 784|-> if ((rc = ap_run_drop_privileges(pcgi, ap_server_conf)) != 0) { # 785| return rc; # 786| } Error: GCC_ANALYZER_WARNING (CWE-775): [#def25] httpd-2.4.65/modules/generators/mod_cgid.c:807:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'sd' httpd-2.4.65/modules/generators/mod_cgid.c:740:15: acquire_resource: stream socket created here httpd-2.4.65/modules/generators/mod_cgid.c:740:8: branch_false: following 'false' branch (when 'sd >= 0')... httpd-2.4.65/modules/generators/mod_cgid.c:746:45: branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:752:8: branch_false: following 'false' branch (when 'rc >= 0')... httpd-2.4.65/modules/generators/mod_cgid.c:760:10: branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:761:8: branch_false: following 'false' branch... httpd-2.4.65/modules/generators/mod_cgid.c:768:9: branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:768:8: branch_false: following 'false' branch... httpd-2.4.65/modules/generators/mod_cgid.c:774:10: branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:784:8: branch_false: following 'false' branch... branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:788:12: branch_true: following 'true' branch... httpd-2.4.65/modules/generators/mod_cgid.c:790:15: branch_true: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:807:9: danger: 'sd' leaks here # 805| struct sockaddr_un unix_addr; # 806| # 807|-> apr_pool_clear(ptrans); # 808| # 809| len = sizeof(unix_addr); Error: GCC_ANALYZER_WARNING (CWE-775): [#def26] httpd-2.4.65/modules/generators/mod_cgid.c:810:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'sd' httpd-2.4.65/modules/generators/mod_cgid.c:740:15: acquire_resource: stream socket created here httpd-2.4.65/modules/generators/mod_cgid.c:740:8: branch_false: following 'false' branch (when 'sd >= 0')... httpd-2.4.65/modules/generators/mod_cgid.c:746:45: branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:752:8: branch_false: following 'false' branch (when 'rc >= 0')... httpd-2.4.65/modules/generators/mod_cgid.c:760:10: branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:761:8: branch_false: following 'false' branch... httpd-2.4.65/modules/generators/mod_cgid.c:768:9: branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:768:8: branch_false: following 'false' branch... httpd-2.4.65/modules/generators/mod_cgid.c:774:10: branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:784:8: branch_false: following 'false' branch... branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:788:12: branch_true: following 'true' branch... httpd-2.4.65/modules/generators/mod_cgid.c:790:15: branch_true: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:810:15: danger: 'sd' leaks here # 808| # 809| len = sizeof(unix_addr); # 810|-> sd2 = accept(sd, (struct sockaddr *)&unix_addr, &len); # 811| if (sd2 < 0) { # 812| #if defined(ENETDOWN) Error: GCC_ANALYZER_WARNING (CWE-775): [#def27] httpd-2.4.65/modules/generators/mod_cgid.c:1310:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor 'sd' httpd-2.4.65/modules/generators/mod_cgid.c:1306:19: acquire_resource: stream socket created here httpd-2.4.65/modules/generators/mod_cgid.c:1306:12: branch_false: following 'false' branch (when 'sd >= 0')... httpd-2.4.65/modules/generators/mod_cgid.c:1310:13: branch_false: ...to here httpd-2.4.65/modules/generators/mod_cgid.c:1310:13: danger: 'sd' leaks here # 1308| APLOGNO(01255), "unable to create socket to cgi daemon"); # 1309| } # 1310|-> if (connect(sd, (struct sockaddr *)server_addr, server_addr_len) < 0) { # 1311| /* Save errno for later */ # 1312| connect_errno = errno; Error: GCC_ANALYZER_WARNING (CWE-688): [#def28] httpd-2.4.65/modules/http/http_filters.c:1089:23: warning[-Wanalyzer-null-argument]: use of NULL 'protocol' where non-null expected httpd-2.4.65/modules/http/http_filters.c:1165:18: enter_function: entry to 'ap_basic_http_header' httpd-2.4.65/modules/http/http_filters.c:1167:17: release_memory: 'protocol' is NULL httpd-2.4.65/modules/http/http_filters.c:1169:5: call_function: inlined call to 'basic_http_header_check' from 'ap_basic_http_header' httpd-2.4.65/modules/http/http_filters.c:1170:5: branch_true: ...to here httpd-2.4.65/modules/http/http_filters.c:1170:5: release_memory: 'protocol' is NULL httpd-2.4.65/modules/http/http_filters.c:1170:5: call_function: calling 'basic_http_header' from 'ap_basic_http_header' #argument 1 of '__builtin_strlen' must be non-null # 1087| # 1088| vec[0].iov_base = (void *)protocol; # 1089|-> vec[0].iov_len = strlen(protocol); # 1090| vec[1].iov_base = (void *)" "; # 1091| vec[1].iov_len = sizeof(" ") - 1; Error: GCC_ANALYZER_WARNING (CWE-476): [#def29] httpd-2.4.65/modules/http/http_filters.c:1384:16: warning[-Wanalyzer-null-dereference]: dereference of NULL '*r.content_languages' httpd-2.4.65/modules/http/http_filters.c:1420:38: enter_function: entry to 'ap_http_header_filter' httpd-2.4.65/modules/http/http_filters.c:1437:8: branch_false: following 'false' branch (when 'ctx' is non-NULL)... httpd-2.4.65/modules/http/http_filters.c:1440:14: branch_false: ...to here httpd-2.4.65/modules/http/http_filters.c:1440:13: branch_false: following 'false' branch... httpd-2.4.65/modules/http/http_filters.c:1459:10: branch_false: ...to here httpd-2.4.65/modules/http/http_filters.c:1477:8: branch_true: following 'true' branch... httpd-2.4.65/modules/http/http_filters.c:1478:9: branch_true: ...to here httpd-2.4.65/modules/http/http_filters.c:1478:9: call_function: calling 'merge_response_headers' from 'ap_http_header_filter' # 1382| int i; # 1383| char *token; # 1384|-> char **languages = (char **)(r->content_languages->elts); # 1385| const char *field = apr_table_get(r->headers_out, "Content-Language"); # 1386| Error: GCC_ANALYZER_WARNING (CWE-404): [#def30] httpd-2.4.65/modules/http/http_request.c:834:9: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/modules/http/http_request.c:832:5: acquire_resource: 'va_start' called here httpd-2.4.65/modules/http/http_request.c:833:12: branch_true: following 'true' branch (when 'method' is non-NULL)... httpd-2.4.65/modules/http/http_request.c:834:9: branch_true: ...to here httpd-2.4.65/modules/http/http_request.c:834:9: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0) # 832| va_start(methods, reset); # 833| while ((method = va_arg(methods, const char *)) != NULL) { # 834|-> ap_method_list_add(r->allowed_methods, method); # 835| } # 836| va_end(methods); Error: GCC_ANALYZER_WARNING (CWE-401): [#def31] httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:518:19: warning[-Wanalyzer-malloc-leak]: leak of 'node' httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:467:7: enter_function: entry to 'util_ald_cache_insert' httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:474:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:479:9: branch_false: ...to here httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:479:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:489:33: branch_false: ...to here httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:489:33: call_function: calling 'util_ald_alloc' from 'util_ald_cache_insert' httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:489:33: return_function: returning to 'util_ald_cache_insert' from 'util_ald_alloc' httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:491:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:518:19: branch_false: ...to here httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:518:19: danger: 'node' leaks here; was allocated at [(14)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/13) # 516| # 517| /* Take a copy of the payload before proceeding. */ # 518|-> tmp_payload = (*cache->copy)(cache, payload); # 519| if (tmp_payload == NULL) { # 520| /* Error: GCC_ANALYZER_WARNING (CWE-401): [#def32] httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:524:9: warning[-Wanalyzer-malloc-leak]: leak of 'node' httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:467:7: enter_function: entry to 'util_ald_cache_insert' httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:474:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:479:9: branch_false: ...to here httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:479:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:489:33: branch_false: ...to here httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:489:33: call_function: calling 'util_ald_alloc' from 'util_ald_cache_insert' httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:489:33: return_function: returning to 'util_ald_cache_insert' from 'util_ald_alloc' httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:491:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:518:19: branch_false: ...to here httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:519:8: branch_true: following 'true' branch... httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:524:9: branch_true: ...to here httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:524:9: danger: 'node' leaks here; was allocated at [(14)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/13) # 522| * properly when LDAPSharedCacheSize is too small. # 523| */ # 524|-> ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, APLOGNO(01326) # 525| "LDAPSharedCacheSize is too small. Increase it or " # 526| "reduce LDAPCacheEntries/LDAPOpCacheEntries!"); Error: GCC_ANALYZER_WARNING (CWE-401): [#def33] httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:533:31: warning[-Wanalyzer-malloc-leak]: leak of 'node' httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:467:7: enter_function: entry to 'util_ald_cache_insert' httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:474:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:479:9: branch_false: ...to here httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:479:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:489:33: branch_false: ...to here httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:489:33: call_function: calling 'util_ald_alloc' from 'util_ald_cache_insert' httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:489:33: return_function: returning to 'util_ald_cache_insert' from 'util_ald_alloc' httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:491:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:518:19: branch_false: ...to here httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:519:8: branch_true: following 'true' branch... httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:524:9: branch_true: ...to here httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:527:12: branch_true: following 'true' branch... httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:533:31: branch_true: ...to here httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:533:31: danger: 'node' leaks here; was allocated at [(14)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/13) # 531| * at all. # 532| */ # 533|-> cache->marktime = apr_time_now(); # 534| } # 535| util_ald_cache_purge(cache); Error: GCC_ANALYZER_WARNING (CWE-401): [#def34] httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:548:15: warning[-Wanalyzer-malloc-leak]: leak of 'node' httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:467:7: enter_function: entry to 'util_ald_cache_insert' httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:474:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:479:9: branch_false: ...to here httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:479:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:489:33: branch_false: ...to here httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:489:33: call_function: calling 'util_ald_alloc' from 'util_ald_cache_insert' httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:489:33: return_function: returning to 'util_ald_cache_insert' from 'util_ald_alloc' httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:491:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:518:19: branch_false: ...to here httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:519:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:547:5: branch_false: ...to here httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:548:15: danger: 'node' leaks here; was allocated at [(14)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/13) # 546| /* populate the entry */ # 547| cache->inserts++; # 548|-> hashval = (*cache->hash)(payload) % cache->size; # 549| node->add_time = apr_time_now(); # 550| node->payload = payload; Error: GCC_ANALYZER_WARNING (CWE-401): [#def35] httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:549:22: warning[-Wanalyzer-malloc-leak]: leak of 'node' httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:467:7: enter_function: entry to 'util_ald_cache_insert' httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:474:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:479:9: branch_false: ...to here httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:479:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:489:33: branch_false: ...to here httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:489:33: call_function: calling 'util_ald_alloc' from 'util_ald_cache_insert' httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:489:33: return_function: returning to 'util_ald_cache_insert' from 'util_ald_alloc' httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:491:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:518:19: branch_false: ...to here httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:519:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:547:5: branch_false: ...to here httpd-2.4.65/modules/ldap/util_ldap_cache_mgr.c:549:22: danger: 'node' leaks here; was allocated at [(14)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/13) # 547| cache->inserts++; # 548| hashval = (*cache->hash)(payload) % cache->size; # 549|-> node->add_time = apr_time_now(); # 550| node->payload = payload; # 551| node->next = cache->nodes[hashval]; Error: GCC_ANALYZER_WARNING (CWE-465): [#def36] httpd-2.4.65/modules/lua/lua_dbd.c:413:8: warning[-Wanalyzer-deref-before-check]: check of '*<unknown>.db' for NULL after already dereferencing it httpd-2.4.65/modules/lua/lua_dbd.c:408:17: branch_false: following 'false' branch (when 'x >= have')... httpd-2.4.65/modules/lua/lua_dbd.c:413:9: branch_false: ...to here httpd-2.4.65/modules/lua/lua_dbd.c:413:8: danger: pointer '*<unknown>.db' is checked for NULL here but it was already dereferenced at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0) # 411| # 412| /* Fire off the query */ # 413|-> if (st->db && st->db->alive) { # 414| # 415| /*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ Error: GCC_ANALYZER_WARNING (CWE-465): [#def37] httpd-2.4.65/modules/lua/lua_dbd.c:504:8: warning[-Wanalyzer-deref-before-check]: check of '*<unknown>.db' for NULL after already dereferencing it httpd-2.4.65/modules/lua/lua_dbd.c:499:17: branch_false: following 'false' branch (when 'x >= have')... httpd-2.4.65/modules/lua/lua_dbd.c:504:9: branch_false: ...to here httpd-2.4.65/modules/lua/lua_dbd.c:504:8: danger: pointer '*<unknown>.db' is checked for NULL here but it was already dereferenced at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0) # 502| # 503| /* Fire off the query */ # 504|-> if (st->db && st->db->alive) { # 505| # 506| /*~~~~~~~~~~~~~~*/ Error: GCC_ANALYZER_WARNING (CWE-476): [#def38] httpd-2.4.65/modules/lua/lua_vmprep.c:523:18: warning[-Wanalyzer-null-dereference]: dereference of NULL 'cache_info' httpd-2.4.65/modules/lua/lua_vmprep.c:440:19: release_memory: 'cache_info' is NULL httpd-2.4.65/modules/lua/lua_vmprep.c:443:8: branch_false: following 'false' branch... httpd-2.4.65/modules/lua/lua_vmprep.c:487:13: branch_false: ...to here httpd-2.4.65/modules/lua/lua_vmprep.c:487:12: branch_false: following 'false' branch... httpd-2.4.65/modules/lua/lua_vmprep.c:492:9: branch_false: ...to here httpd-2.4.65/modules/lua/lua_vmprep.c:492:8: branch_false: following 'false' branch... httpd-2.4.65/modules/lua/lua_vmprep.c:503:9: branch_false: ...to here httpd-2.4.65/modules/lua/lua_vmprep.c:503:8: branch_false: following 'false' branch... httpd-2.4.65/modules/lua/lua_vmprep.c:503:53: branch_false: ...to here httpd-2.4.65/modules/lua/lua_vmprep.c:508:12: branch_false: following 'false' branch... httpd-2.4.65/modules/lua/lua_vmprep.c:516:13: branch_false: ...to here httpd-2.4.65/modules/lua/lua_vmprep.c:516:12: branch_true: following 'true' branch... httpd-2.4.65/modules/lua/lua_vmprep.c:518:13: branch_true: ...to here httpd-2.4.65/modules/lua/lua_vmprep.c:523:28: release_memory: 'cache_info' is NULL httpd-2.4.65/modules/lua/lua_vmprep.c:523:28: release_memory: 'cache_info' is NULL httpd-2.4.65/modules/lua/lua_vmprep.c:523:18: danger: dereference of NULL 'cache_info' # 521| loaded in the vm_construct function. # 522| */ # 523|-> if ((cache_info->modified == lua_finfo.mtime && cache_info->size == lua_finfo.size) # 524| || cache_info->modified == 0) { # 525| tryCache = 1; Error: GCC_ANALYZER_WARNING (CWE-476): [#def39] httpd-2.4.65/modules/lua/lua_vmprep.c:531:17: warning[-Wanalyzer-null-dereference]: dereference of NULL 'cache_info' httpd-2.4.65/modules/lua/lua_vmprep.c:440:19: release_memory: 'cache_info' is NULL httpd-2.4.65/modules/lua/lua_vmprep.c:443:8: branch_false: following 'false' branch... httpd-2.4.65/modules/lua/lua_vmprep.c:487:13: branch_false: ...to here httpd-2.4.65/modules/lua/lua_vmprep.c:487:12: branch_false: following 'false' branch... httpd-2.4.65/modules/lua/lua_vmprep.c:492:9: branch_false: ...to here httpd-2.4.65/modules/lua/lua_vmprep.c:492:8: branch_false: following 'false' branch... httpd-2.4.65/modules/lua/lua_vmprep.c:503:9: branch_false: ...to here httpd-2.4.65/modules/lua/lua_vmprep.c:503:8: branch_false: following 'false' branch... httpd-2.4.65/modules/lua/lua_vmprep.c:503:53: branch_false: ...to here httpd-2.4.65/modules/lua/lua_vmprep.c:508:12: branch_false: following 'false' branch... httpd-2.4.65/modules/lua/lua_vmprep.c:516:13: branch_false: ...to here httpd-2.4.65/modules/lua/lua_vmprep.c:516:12: branch_false: following 'false' branch... httpd-2.4.65/modules/lua/lua_vmprep.c:530:17: branch_false: ...to here httpd-2.4.65/modules/lua/lua_vmprep.c:530:17: branch_true: following 'true' branch... httpd-2.4.65/modules/lua/lua_vmprep.c:531:27: branch_true: ...to here httpd-2.4.65/modules/lua/lua_vmprep.c:531:27: release_memory: 'cache_info' is NULL httpd-2.4.65/modules/lua/lua_vmprep.c:531:17: danger: dereference of NULL 'cache_info' # 529| } # 530| else if (spec->codecache == AP_LUA_CACHE_NEVER) { # 531|-> if (cache_info->runs == 0) # 532| tryCache = 1; # 533| } Error: GCC_ANALYZER_WARNING (CWE-476): [#def40] httpd-2.4.65/modules/lua/lua_vmprep.c:534:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'cache_info' httpd-2.4.65/modules/lua/lua_vmprep.c:440:19: release_memory: 'cache_info' is NULL httpd-2.4.65/modules/lua/lua_vmprep.c:443:8: branch_false: following 'false' branch... httpd-2.4.65/modules/lua/lua_vmprep.c:487:13: branch_false: ...to here httpd-2.4.65/modules/lua/lua_vmprep.c:487:12: branch_false: following 'false' branch... httpd-2.4.65/modules/lua/lua_vmprep.c:492:9: branch_false: ...to here httpd-2.4.65/modules/lua/lua_vmprep.c:492:8: branch_false: following 'false' branch... httpd-2.4.65/modules/lua/lua_vmprep.c:503:9: branch_false: ...to here httpd-2.4.65/modules/lua/lua_vmprep.c:503:8: branch_false: following 'false' branch... httpd-2.4.65/modules/lua/lua_vmprep.c:503:53: branch_false: ...to here httpd-2.4.65/modules/lua/lua_vmprep.c:508:12: branch_false: following 'false' branch... httpd-2.4.65/modules/lua/lua_vmprep.c:516:13: branch_false: ...to here httpd-2.4.65/modules/lua/lua_vmprep.c:516:12: branch_false: following 'false' branch... httpd-2.4.65/modules/lua/lua_vmprep.c:530:17: branch_false: ...to here httpd-2.4.65/modules/lua/lua_vmprep.c:530:17: branch_false: following 'false' branch... branch_false: ...to here httpd-2.4.65/modules/lua/lua_vmprep.c:534:19: release_memory: 'cache_info' is NULL httpd-2.4.65/modules/lua/lua_vmprep.c:534:9: danger: dereference of NULL 'cache_info' # 532| tryCache = 1; # 533| } # 534|-> cache_info->runs++; # 535| } # 536| if (tryCache == 0 && spec->scope != AP_LUA_SCOPE_ONCE) { Error: GCC_ANALYZER_WARNING (CWE-476): [#def41] httpd-2.4.65/modules/mappers/mod_negotiation.c:2088:41: warning[-Wanalyzer-null-dereference]: dereference of NULL 'best' httpd-2.4.65/modules/mappers/mod_negotiation.c:2808:12: enter_function: entry to 'do_negotiation' httpd-2.4.65/modules/mappers/mod_negotiation.c:2852:8: branch_false: following 'false' branch... httpd-2.4.65/modules/mappers/mod_negotiation.c:2856:9: branch_false: ...to here httpd-2.4.65/modules/mappers/mod_negotiation.c:2861:18: call_function: calling 'best_match' from 'do_negotiation' # 2086| * this variant, then we prefer this variant # 2087| */ # 2088|-> if (variant->encoding_quality > best->encoding_quality) { # 2089| *p_bestq = q; # 2090| return 1; Error: GCC_ANALYZER_WARNING (CWE-476): [#def42] httpd-2.4.65/modules/mappers/mod_negotiation.c:2590:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'arr' httpd-2.4.65/modules/mappers/mod_negotiation.c:2473:12: branch_true: following 'true' branch... httpd-2.4.65/modules/mappers/mod_negotiation.c:2473:43: branch_true: ...to here httpd-2.4.65/modules/mappers/mod_negotiation.c:2482:12: branch_true: following 'true' branch (when 'first_variant != 0')... httpd-2.4.65/modules/mappers/mod_negotiation.c:2483:13: branch_true: ...to here httpd-2.4.65/modules/mappers/mod_negotiation.c:2576:12: branch_false: following 'false' branch... httpd-2.4.65/modules/mappers/mod_negotiation.c:2589:8: branch_true: following 'true' branch... httpd-2.4.65/modules/mappers/mod_negotiation.c:2590:9: danger: dereference of NULL 'arr' # 2588| # 2589| if (neg->send_alternates && neg->avail_vars->nelts) { # 2590|-> arr->nelts--; /* remove last comma */ # 2591| apr_table_mergen(hdrs, "Alternates", # 2592| apr_array_pstrcat(r->pool, arr, '\0')); Error: GCC_ANALYZER_WARNING (CWE-404): [#def43] httpd-2.4.65/modules/mappers/mod_rewrite.c:523:12: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/modules/mappers/mod_rewrite.c:5617:12: enter_function: entry to 'hook_mimetype' httpd-2.4.65/modules/mappers/mod_rewrite.c:5623:8: branch_true: following 'true' branch... httpd-2.4.65/modules/mappers/mod_rewrite.c:5624:9: call_function: calling 'do_rewritelog' from 'hook_mimetype' # 521| # 522| va_start(ap, fmt); # 523|-> text = apr_pvsprintf(r->pool, fmt, ap); # 524| va_end(ap); # 525| Error: GCC_ANALYZER_WARNING (CWE-127): [#def44] httpd-2.4.65/modules/mappers/mod_vhost_alias.c:368:27: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read httpd-2.4.65/modules/mappers/mod_vhost_alias.c:382:12: enter_function: entry to 'mva_translate' httpd-2.4.65/modules/mappers/mod_vhost_alias.c:403:13: branch_true: following 'true' branch... httpd-2.4.65/modules/mappers/mod_vhost_alias.c:404:9: branch_true: ...to here httpd-2.4.65/modules/mappers/mod_vhost_alias.c:428:5: call_function: calling 'vhost_alias_interpolate' from 'mva_translate' # 366| } # 367| /* no double slashes */ # 368|-> if (dest - buf > 0 && dest[-1] == '/') { # 369| --dest; # 370| } Error: GCC_ANALYZER_WARNING (CWE-404): [#def45] httpd-2.4.65/modules/metadata/mod_mime_magic.c:593:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/modules/metadata/mod_mime_magic.c:1691:13: enter_function: entry to 'mprint' httpd-2.4.65/modules/metadata/mod_mime_magic.c:1715:12: branch_true: following 'true' branch... httpd-2.4.65/modules/metadata/mod_mime_magic.c:1716:49: branch_true: ...to here httpd-2.4.65/modules/metadata/mod_mime_magic.c:1716:20: call_function: calling 'magic_rsl_printf' from 'mprint' # 591| /* assemble the string into the buffer */ # 592| va_start(ap, str); # 593|-> apr_vsnprintf(buf, sizeof(buf), str, ap); # 594| va_end(ap); # 595| Error: GCC_ANALYZER_WARNING (CWE-476): [#def46] httpd-2.4.65/modules/session/mod_session_crypto.c:246:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'options' httpd-2.4.65/modules/session/mod_session_crypto.c:214:8: branch_false: following 'false' branch... httpd-2.4.65/modules/session/mod_session_crypto.c:221:37: branch_false: ...to here httpd-2.4.65/modules/session/mod_session_crypto.c:222:8: branch_true: following 'true' branch... httpd-2.4.65/modules/session/mod_session_crypto.c:230:19: branch_true: ...to here httpd-2.4.65/modules/session/mod_session_crypto.c:234:53: branch_false: following 'false' branch (when 'hi' is NULL)... httpd-2.4.65/modules/session/mod_session_crypto.c:246:16: branch_false: ...to here httpd-2.4.65/modules/session/mod_session_crypto.c:246:16: release_memory: 'options' is NULL httpd-2.4.65/modules/session/mod_session_crypto.c:246:9: danger: dereference of NULL 'options + (sizetype)offset' # 244| offset += klen; # 245| } # 246|-> options[offset] = 0; # 247| # 248| ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01824) Error: GCC_ANALYZER_WARNING (CWE-476): [#def47] httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:522:28: warning[-Wanalyzer-null-dereference]: dereference of NULL 'sslconn' httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:451:35: branch_false: following 'false' branch (when 'sslconn' is NULL)... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:453:20: branch_false: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:453:20: branch_true: following 'true' branch (when 'ssl' is non-NULL)... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:453:26: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:471:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:518:22: branch_false: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:522:8: branch_true: following 'true' branch (when 'ncipher_suite' is non-NULL)... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:522:28: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:522:28: danger: dereference of NULL 'sslconn' # 520| sc->server->auth.cipher_suite : NULL); # 521| # 522|-> if (ncipher_suite && (!sslconn->cipher_suite # 523| || strcmp(ncipher_suite, sslconn->cipher_suite))) { # 524| /* remember old state */ Error: GCC_ANALYZER_WARNING (CWE-476): [#def48] httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:728:22: warning[-Wanalyzer-null-dereference]: dereference of NULL 'sslconn' httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:451:35: branch_false: following 'false' branch (when 'sslconn' is NULL)... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:453:20: branch_false: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:453:20: branch_true: following 'true' branch (when 'ssl' is non-NULL)... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:453:26: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:471:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:518:22: branch_false: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:678:12: branch_true: following 'true' branch... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:679:18: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:679:16: branch_false: following 'false' branch... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:682:19: branch_false: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:713:21: branch_true: following 'true' branch (when 'verify != 0')... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:728:22: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:728:22: danger: dereference of NULL 'sslconn' # 726| * chain). # 727| */ # 728|-> n = (sslconn->verify_depth != UNSET) # 729| ? sslconn->verify_depth # 730| : hssc->server->auth.verify_depth; Error: GCC_ANALYZER_WARNING (CWE-476): [#def49] httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:730:23: warning[-Wanalyzer-null-dereference]: dereference of NULL 'hssc' httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:451:35: branch_true: following 'true' branch (when 'sslconn' is non-NULL)... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:451:17: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:452:35: branch_false: following 'false' branch (when 'handshakeserver' is NULL)... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:453:20: branch_false: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:453:20: branch_true: following 'true' branch (when 'ssl' is non-NULL)... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:453:26: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:471:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:518:22: branch_false: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:678:12: branch_true: following 'true' branch... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:679:18: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:679:16: branch_false: following 'false' branch... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:682:19: branch_false: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:713:21: branch_true: following 'true' branch (when 'verify != 0')... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:728:22: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:728:21: branch_false: following 'false' branch... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:730:23: branch_false: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:730:23: danger: dereference of NULL 'hssc' # 728| n = (sslconn->verify_depth != UNSET) # 729| ? sslconn->verify_depth # 730|-> : hssc->server->auth.verify_depth; # 731| /* determine the new depth */ # 732| sslconn->verify_depth = (dc->nVerifyDepth != UNSET) Error: GCC_ANALYZER_WARNING (CWE-476): [#def50] httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:762:17: warning[-Wanalyzer-null-dereference]: dereference of NULL 'hssc' httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:451:35: branch_true: following 'true' branch (when 'sslconn' is non-NULL)... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:451:17: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:452:35: branch_false: following 'false' branch (when 'handshakeserver' is NULL)... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:453:20: branch_false: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:453:20: branch_true: following 'true' branch (when 'ssl' is non-NULL)... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:453:26: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:471:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:518:22: branch_false: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:678:12: branch_true: following 'true' branch... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:679:18: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:679:16: branch_false: following 'false' branch... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:682:19: branch_false: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:713:21: branch_true: following 'true' branch (when 'verify != 0')... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:728:22: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:728:21: branch_true: following 'true' branch... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:732:42: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:735:20: branch_true: following 'true' branch... httpd-2.4.65/modules/ssl/ssl_private.h:318:1: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:737:21: branch_false: following 'false' branch... branch_false: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:753:12: branch_true: following 'true' branch... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:753:13: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:753:13: branch_true: following 'true' branch (when 'renegotiate != 0')... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:755:17: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:762:16: branch_true: following 'true' branch... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:762:17: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:762:17: danger: dereference of NULL 'hssc' # 760| strNE(sc1->server->auth.f, sc2->server->auth.f))) # 761| # 762|-> if (MODSSL_CFG_CA_NE(ca_cert_file, sc, hssc) || # 763| MODSSL_CFG_CA_NE(ca_cert_path, sc, hssc)) { # 764| if (verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) { Error: GCC_ANALYZER_WARNING (CWE-476): [#def51] httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:763:17: warning[-Wanalyzer-null-dereference]: dereference of NULL 'hssc' httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:451:35: branch_true: following 'true' branch (when 'sslconn' is non-NULL)... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:451:17: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:452:35: branch_false: following 'false' branch (when 'handshakeserver' is NULL)... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:453:20: branch_false: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:453:20: branch_true: following 'true' branch (when 'ssl' is non-NULL)... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:453:26: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:471:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:518:22: branch_false: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:678:12: branch_true: following 'true' branch... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:679:18: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:679:16: branch_false: following 'false' branch... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:682:19: branch_false: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:713:21: branch_true: following 'true' branch (when 'verify != 0')... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:728:22: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:728:21: branch_true: following 'true' branch... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:732:42: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:735:20: branch_true: following 'true' branch... httpd-2.4.65/modules/ssl/ssl_private.h:318:1: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:737:21: branch_false: following 'false' branch... branch_false: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:753:12: branch_true: following 'true' branch... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:753:13: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:753:13: branch_true: following 'true' branch (when 'renegotiate != 0')... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:755:17: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:762:16: branch_false: following 'false' branch... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:763:17: branch_false: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:762:17: branch_true: following 'true' branch... httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:763:17: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_kernel.c:763:17: danger: dereference of NULL 'hssc' # 761| # 762| if (MODSSL_CFG_CA_NE(ca_cert_file, sc, hssc) || # 763|-> MODSSL_CFG_CA_NE(ca_cert_path, sc, hssc)) { # 764| if (verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) { # 765| ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02256) Error: GCC_ANALYZER_WARNING (CWE-404): [#def52] httpd-2.4.65/modules/ssl/ssl_engine_log.c:136:14: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/modules/ssl/ssl_engine_log.c:211:6: enter_function: entry to 'ssl_log_xerror' httpd-2.4.65/modules/ssl/ssl_engine_log.c:217:8: acquire_resource: 'va_start' called here httpd-2.4.65/modules/ssl/ssl_engine_log.c:218:8: call_function: calling 'ssl_log_cert_error' from 'ssl_log_xerror' # 134| char *name; # 135| # 136|-> msglen = apr_vsnprintf(buf, sizeof buf, format, ap); # 137| # 138| if (cert) { Error: GCC_ANALYZER_WARNING (CWE-126): [#def53] httpd-2.4.65/modules/ssl/ssl_engine_vars.c:357:9: warning[-Wanalyzer-out-of-bounds]: buffer over-read httpd-2.4.65/modules/ssl/ssl_engine_vars.c:1191:20: enter_function: entry to 'ssl_var_log_handler_c' httpd-2.4.65/modules/ssl/ssl_engine_vars.c:1196:8: branch_false: following 'false' branch... httpd-2.4.65/modules/ssl/ssl_engine_vars.c:1199:8: branch_true: following 'true' branch (when the strings are equal)... httpd-2.4.65/modules/ssl/ssl_engine_vars.c:1200:18: branch_true: ...to here httpd-2.4.65/modules/ssl/ssl_engine_vars.c:1200:18: call_function: calling 'ssl_var_lookup' from 'ssl_var_log_handler_c' # 355| # 356| ssl = sslconn->ssl; # 357|-> if (strlen(var) > 8 && strcEQn(var, "VERSION_", 8)) { # 358| result = ssl_var_lookup_ssl_version(p, var+8); # 359| } Error: GCC_ANALYZER_WARNING (CWE-688): [#def54] httpd-2.4.65/server/config.c:1926:13: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected httpd-2.4.65/server/config.c:1902:26: enter_function: entry to 'ap_process_fnmatch_configs' httpd-2.4.65/server/config.c:1926:28: call_function: calling 'ap_server_root_relative' from 'ap_process_fnmatch_configs' httpd-2.4.65/server/config.c:1926:28: return_function: returning to 'ap_process_fnmatch_configs' from 'ap_server_root_relative' httpd-2.4.65/server/config.c:1926:13: danger: argument 2 ('ap_server_root_relative(ptemp, "conf/httpd.conf")') NULL where non-null expected # 1924| if ((ap_server_pre_read_config->nelts # 1925| || ap_server_post_read_config->nelts) # 1926|-> && !(strcmp(fname, ap_server_root_relative(ptemp, SERVER_CONFIG_FILE)))) { # 1927| apr_finfo_t finfo; # 1928| Error: GCC_ANALYZER_WARNING (CWE-404): [#def55] httpd-2.4.65/server/log.c:593:11: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/log.c:1767:21: enter_function: entry to 'piped_log_spawn' httpd-2.4.65/server/log.c:1786:9: call_function: calling 'ap_log_error_' from 'piped_log_spawn' # 591| if (!arg) # 592| return 0; # 593|-> end = apr_cpystrn(buf, arg, buflen); # 594| return end - buf; # 595| } Error: GCC_ANALYZER_WARNING (CWE-404): [#def56] httpd-2.4.65/server/log.c:691:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/log.c:1743:18: enter_function: entry to 'ap_log_assert' httpd-2.4.65/server/log.c:1749:5: call_function: calling 'ap_log_error_' from 'ap_log_assert' # 689| } # 690| # 691|-> ap_recent_ctime_ex(buf, apr_time_now(), option, &time_len); # 692| # 693| /* ap_recent_ctime_ex includes the trailing \0 in time_len */ Error: GCC_ANALYZER_WARNING (CWE-404): [#def57] httpd-2.4.65/server/log.c:792:15: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/log.c:1767:21: enter_function: entry to 'piped_log_spawn' httpd-2.4.65/server/log.c:1786:9: call_function: calling 'ap_log_error_' from 'piped_log_spawn' # 790| # 791| if (status < APR_OS_START_EAIERR) { # 792|-> len = apr_snprintf(buf, buflen, "(%d)", status); # 793| } # 794| else if (status < APR_OS_START_SYSERR) { Error: GCC_ANALYZER_WARNING (CWE-404): [#def58] httpd-2.4.65/server/log.c:795:15: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/log.c:1767:21: enter_function: entry to 'piped_log_spawn' httpd-2.4.65/server/log.c:1786:9: call_function: calling 'ap_log_error_' from 'piped_log_spawn' # 793| } # 794| else if (status < APR_OS_START_SYSERR) { # 795|-> len = apr_snprintf(buf, buflen, "(EAI %d)", # 796| status - APR_OS_START_EAIERR); # 797| } Error: GCC_ANALYZER_WARNING (CWE-404): [#def59] httpd-2.4.65/server/log.c:799:15: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/log.c:1767:21: enter_function: entry to 'piped_log_spawn' httpd-2.4.65/server/log.c:1786:9: call_function: calling 'ap_log_error_' from 'piped_log_spawn' # 797| } # 798| else if (status < 100000 + APR_OS_START_SYSERR) { # 799|-> len = apr_snprintf(buf, buflen, "(OS %d)", # 800| status - APR_OS_START_SYSERR); # 801| } Error: GCC_ANALYZER_WARNING (CWE-404): [#def60] httpd-2.4.65/server/log.c:803:15: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/log.c:1767:21: enter_function: entry to 'piped_log_spawn' httpd-2.4.65/server/log.c:1786:9: call_function: calling 'ap_log_error_' from 'piped_log_spawn' # 801| } # 802| else { # 803|-> len = apr_snprintf(buf, buflen, "(os 0x%08x)", # 804| status - APR_OS_START_SYSERR); # 805| } Error: GCC_ANALYZER_WARNING (CWE-404): [#def61] httpd-2.4.65/server/log.c:806:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/log.c:1767:21: enter_function: entry to 'piped_log_spawn' httpd-2.4.65/server/log.c:1786:9: call_function: calling 'ap_log_error_' from 'piped_log_spawn' # 804| status - APR_OS_START_SYSERR); # 805| } # 806|-> apr_strerror(status, buf + len, buflen - len); # 807| len += strlen(buf + len); # 808| return len; Error: GCC_ANALYZER_WARNING (CWE-404): [#def62] httpd-2.4.65/server/log.c:1043:9: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/log.c:1821:13: enter_function: entry to 'piped_log_maintenance' httpd-2.4.65/server/log.c:1835:12: branch_true: following 'true' branch... httpd-2.4.65/server/log.c:1836:13: branch_true: ...to here httpd-2.4.65/server/log.c:1836:13: call_function: calling 'ap_log_error_' from 'piped_log_maintenance' # 1041| *errstr_start = len; # 1042| #ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED # 1043|-> if (apr_vsnprintf(scratch, MAX_STRING_LEN, errstr_fmt, args)) { # 1044| len += ap_escape_errorlog_item(buf + len, scratch, # 1045| buflen - len); Error: GCC_ANALYZER_WARNING (CWE-404): [#def63] httpd-2.4.65/server/log.c:1093:17: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/log.c:1743:18: enter_function: entry to 'ap_log_assert' httpd-2.4.65/server/log.c:1749:5: call_function: calling 'ap_log_error_' from 'ap_log_assert' # 1091| *errstr_start = len; # 1092| #ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED # 1093|-> if (apr_vsnprintf(scratch, MAX_STRING_LEN, err_fmt, args)) { # 1094| len += ap_escape_errorlog_item(buf + len, scratch, # 1095| buflen - len); Error: GCC_ANALYZER_WARNING (CWE-404): [#def64] httpd-2.4.65/server/log.c:1111:28: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/log.c:1743:18: enter_function: entry to 'ap_log_assert' httpd-2.4.65/server/log.c:1749:5: call_function: calling 'ap_log_error_' from 'ap_log_assert' # 1109| } # 1110| else { # 1111|-> int item_len = (*item->func)(info, item->arg, buf + len, # 1112| buflen - len); # 1113| if (!item_len) { Error: GCC_ANALYZER_WARNING (CWE-404): [#def65] httpd-2.4.65/server/protocol.c:2074:15: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/protocol.c:2220:24: enter_function: entry to 'ap_rvputs' httpd-2.4.65/server/protocol.c:2227:8: branch_false: following 'false' branch... httpd-2.4.65/server/protocol.c:2234:5: branch_false: ...to here httpd-2.4.65/server/protocol.c:2234:5: acquire_resource: 'va_start' called here httpd-2.4.65/server/protocol.c:2237:12: branch_false: following 'false' branch (when 's' is non-NULL)... httpd-2.4.65/server/protocol.c:2240:15: branch_false: ...to here httpd-2.4.65/server/protocol.c:2241:13: call_function: calling 'buffer_output' from 'ap_rvputs' # 2072| if (f == NULL) { # 2073| /* our filter hasn't been added yet */ # 2074|-> ctx = apr_pcalloc(r->pool, sizeof(*ctx)); # 2075| ctx->tmpbb = apr_brigade_create(r->pool, r->connection->bucket_alloc); # 2076| Error: GCC_ANALYZER_WARNING (CWE-404): [#def66] httpd-2.4.65/server/protocol.c:2075:22: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/protocol.c:2220:24: enter_function: entry to 'ap_rvputs' httpd-2.4.65/server/protocol.c:2227:8: branch_false: following 'false' branch... httpd-2.4.65/server/protocol.c:2234:5: branch_false: ...to here httpd-2.4.65/server/protocol.c:2234:5: acquire_resource: 'va_start' called here httpd-2.4.65/server/protocol.c:2237:12: branch_false: following 'false' branch (when 's' is non-NULL)... httpd-2.4.65/server/protocol.c:2240:15: branch_false: ...to here httpd-2.4.65/server/protocol.c:2241:13: call_function: calling 'buffer_output' from 'ap_rvputs' # 2073| /* our filter hasn't been added yet */ # 2074| ctx = apr_pcalloc(r->pool, sizeof(*ctx)); # 2075|-> ctx->tmpbb = apr_brigade_create(r->pool, r->connection->bucket_alloc); # 2076| # 2077| ap_add_output_filter("OLD_WRITE", ctx, r, r->connection); Error: GCC_ANALYZER_WARNING (CWE-476): [#def67] httpd-2.4.65/server/protocol.c:2095:5: warning[-Wanalyzer-null-dereference]: dereference of NULL '*r.output_filters' httpd-2.4.65/server/protocol.c:2152:12: enter_function: entry to 'r_flush' httpd-2.4.65/server/protocol.c:2161:8: branch_false: following 'false' branch... httpd-2.4.65/server/protocol.c:2165:30: branch_false: ...to here httpd-2.4.65/server/protocol.c:2165:9: call_function: calling 'buffer_output' from 'r_flush' # 2093| # 2094| f = insert_old_write_filter(r); # 2095|-> ctx = f->ctx; # 2096| # 2097| /* if the first filter is not our buffering filter, then we have to Error: GCC_ANALYZER_WARNING (CWE-404): [#def68] httpd-2.4.65/server/protocol.c:2102:25: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/protocol.c:2220:24: enter_function: entry to 'ap_rvputs' httpd-2.4.65/server/protocol.c:2227:8: branch_false: following 'false' branch... httpd-2.4.65/server/protocol.c:2234:5: branch_false: ...to here httpd-2.4.65/server/protocol.c:2234:5: acquire_resource: 'va_start' called here httpd-2.4.65/server/protocol.c:2237:12: branch_false: following 'false' branch (when 's' is non-NULL)... httpd-2.4.65/server/protocol.c:2240:15: branch_false: ...to here httpd-2.4.65/server/protocol.c:2241:13: call_function: calling 'buffer_output' from 'ap_rvputs' # 2100| if (f != r->output_filters) { # 2101| apr_status_t rv; # 2102|-> apr_bucket *b = apr_bucket_transient_create(str, len, c->bucket_alloc); # 2103| APR_BRIGADE_INSERT_TAIL(ctx->tmpbb, b); # 2104| Error: GCC_ANALYZER_WARNING (CWE-404): [#def69] httpd-2.4.65/server/protocol.c:2111:19: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/protocol.c:2220:24: enter_function: entry to 'ap_rvputs' httpd-2.4.65/server/protocol.c:2227:8: branch_false: following 'false' branch... httpd-2.4.65/server/protocol.c:2234:5: branch_false: ...to here httpd-2.4.65/server/protocol.c:2234:5: acquire_resource: 'va_start' called here httpd-2.4.65/server/protocol.c:2237:12: branch_false: following 'false' branch (when 's' is non-NULL)... httpd-2.4.65/server/protocol.c:2240:15: branch_false: ...to here httpd-2.4.65/server/protocol.c:2241:13: call_function: calling 'buffer_output' from 'ap_rvputs' # 2109| # 2110| if (ctx->bb == NULL) { # 2111|-> ctx->bb = apr_brigade_create(r->pool, c->bucket_alloc); # 2112| } # 2113| Error: GCC_ANALYZER_WARNING (CWE-404): [#def70] httpd-2.4.65/server/protocol.c:2190:15: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/protocol.c:2205:24: enter_function: entry to 'ap_rprintf' httpd-2.4.65/server/protocol.c:2210:8: branch_false: following 'false' branch... httpd-2.4.65/server/protocol.c:2213:5: branch_false: ...to here httpd-2.4.65/server/protocol.c:2213:5: acquire_resource: 'va_start' called here httpd-2.4.65/server/protocol.c:2214:9: call_function: calling 'ap_vrprintf' from 'ap_rprintf' # 2188| return -1; # 2189| # 2190|-> written = apr_vformatter(r_flush, &vd.vbuff, fmt, va); # 2191| # 2192| if (written != -1) { Error: GCC_ANALYZER_WARNING (CWE-688): [#def71] httpd-2.4.65/server/scoreboard.c:707:5: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected #argument 2 of '__builtin_memcpy' must be non-null # 705| worker_score *ws = ap_get_scoreboard_worker_from_indexes(child_num, thread_num); # 706| # 707|-> memcpy(dest, ws, sizeof *ws); # 708| # 709| /* For extra safety, NUL-terminate the strings returned, though it Error: GCC_ANALYZER_WARNING (CWE-476): [#def72] httpd-2.4.65/server/util.c:384:13: warning[-Wanalyzer-null-dereference]: dereference of NULL 'result' httpd-2.4.65/server/util.c:3123:26: enter_function: entry to 'ap_varbuf_regsub' httpd-2.4.65/server/util.c:3130:12: call_function: calling 'regsub_core' from 'ap_varbuf_regsub' # 382| return APR_ENOMEM; # 383| if (!vb) { # 384|-> *result = apr_pstrmemdup(p, src, len); # 385| return APR_SUCCESS; # 386| } Error: GCC_ANALYZER_WARNING (CWE-688): [#def73] httpd-2.4.65/server/util.c:417:25: warning[-Wanalyzer-null-argument]: use of NULL 'p' where non-null expected httpd-2.4.65/server/util.c:3123:26: enter_function: entry to 'ap_varbuf_regsub' httpd-2.4.65/server/util.c:3130:12: call_function: calling 'regsub_core' from 'ap_varbuf_regsub' # 415| # 416| if (!vb) { # 417|-> *result = dst = apr_palloc(p, len + 1); # 418| } # 419| else { Error: GCC_ANALYZER_WARNING (CWE-404): [#def74] httpd-2.4.65/server/util_cookies.c:64:9: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/util_cookies.c:62:5: acquire_resource: 'va_start' called here httpd-2.4.65/server/util_cookies.c:63:12: branch_true: following 'true' branch (when 't' is non-NULL)... httpd-2.4.65/server/util_cookies.c:64:9: branch_true: ...to here httpd-2.4.65/server/util_cookies.c:64:9: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0) # 62| va_start(vp, maxage); # 63| while ((t = va_arg(vp, apr_table_t *))) { # 64|-> apr_table_addn(t, SET_COOKIE, rfc2109); # 65| } # 66| va_end(vp); Error: GCC_ANALYZER_WARNING (CWE-404): [#def75] httpd-2.4.65/server/util_cookies.c:106:9: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/util_cookies.c:104:5: acquire_resource: 'va_start' called here httpd-2.4.65/server/util_cookies.c:105:12: branch_true: following 'true' branch (when 't' is non-NULL)... httpd-2.4.65/server/util_cookies.c:106:9: branch_true: ...to here httpd-2.4.65/server/util_cookies.c:106:9: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0) # 104| va_start(vp, maxage); # 105| while ((t = va_arg(vp, apr_table_t *))) { # 106|-> apr_table_addn(t, SET_COOKIE2, rfc2965); # 107| } # 108| va_end(vp); Error: GCC_ANALYZER_WARNING (CWE-404): [#def76] httpd-2.4.65/server/util_cookies.c:134:9: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/util_cookies.c:132:5: acquire_resource: 'va_start' called here httpd-2.4.65/server/util_cookies.c:133:12: branch_true: following 'true' branch (when 't' is non-NULL)... httpd-2.4.65/server/util_cookies.c:134:9: branch_true: ...to here httpd-2.4.65/server/util_cookies.c:134:9: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0) # 132| va_start(vp, attrs); # 133| while ((t = va_arg(vp, apr_table_t *))) { # 134|-> apr_table_addn(t, SET_COOKIE, rfc2109); # 135| } # 136| va_end(vp); Error: GCC_ANALYZER_WARNING (CWE-404): [#def77] httpd-2.4.65/server/util_cookies.c:162:9: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/util_cookies.c:160:5: acquire_resource: 'va_start' called here httpd-2.4.65/server/util_cookies.c:161:12: branch_true: following 'true' branch (when 't' is non-NULL)... httpd-2.4.65/server/util_cookies.c:162:9: branch_true: ...to here httpd-2.4.65/server/util_cookies.c:162:9: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0) # 160| va_start(vp, attrs2); # 161| while ((t = va_arg(vp, apr_table_t *))) { # 162|-> apr_table_addn(t, SET_COOKIE2, rfc2965); # 163| } # 164| va_end(vp); Error: GCC_ANALYZER_WARNING (CWE-127): [#def78] httpd-2.4.65/server/util_expr_parse.c:1054:36: warning[-Wanalyzer-out-of-bounds]: buffer under-read httpd-2.4.65/server/util_expr_parse.c:1247:1: enter_function: entry to 'ap_expr_yyparse' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_true: following 'true' branch (when 'yyn == -35')... httpd-2.4.65/server/util_expr_parse.c:1421:5: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_true: following 'true' branch (when 'yyn == 0')... httpd-2.4.65/server/util_expr_parse.c:1480:5: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1933:13: branch_false: following 'false' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1936:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1936:6: branch_true: following 'true' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1947:33: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1947:33: call_function: calling 'yysyntax_error' from 'ap_expr_yyparse' # 1052| yytype_int16 *yyssp, int yytoken) # 1053| { # 1054|-> YYSIZE_T yysize0 = yytnamerr (0, yytname[yytoken]); # 1055| YYSIZE_T yysize = yysize0; # 1056| YYSIZE_T yysize1; Error: GCC_ANALYZER_WARNING (CWE-688): [#def79] httpd-2.4.65/server/util_expr_parse.c:1143:22: warning[-Wanalyzer-null-argument]: use of NULL 'yyformat' where non-null expected httpd-2.4.65/server/util_expr_parse.c:1247:1: enter_function: entry to 'ap_expr_yyparse' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:7: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1447:5: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_true: following 'true' branch (when 'yyn == 0')... httpd-2.4.65/server/util_expr_parse.c:1480:5: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1933:43: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1936:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1936:6: branch_true: following 'true' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1947:33: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1947:33: call_function: calling 'yysyntax_error' from 'ap_expr_yyparse' #argument 1 of '__builtin_strlen' must be non-null # 1141| } # 1142| # 1143|-> yysize1 = yysize + yystrlen (yyformat); # 1144| if (! (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM)) # 1145| return 2; Error: GCC_ANALYZER_WARNING (CWE-401): [#def80] httpd-2.4.65/server/util_expr_parse.c:1381:29: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/32) # 1379| yytype_int16 *yyss1 = yyss; # 1380| union yyalloc *yyptr = # 1381|-> (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); # 1382| if (! yyptr) # 1383| goto yyexhaustedlab; Error: GCC_ANALYZER_WARNING (CWE-457): [#def81] httpd-2.4.65/server/util_expr_parse.c:1384:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'yyss' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1384:9: danger: use of uninitialized value 'yyss' here # 1382| if (! yyptr) # 1383| goto yyexhaustedlab; # 1384|-> YYSTACK_RELOCATE (yyss_alloc, yyss); # 1385| YYSTACK_RELOCATE (yyvs_alloc, yyvs); # 1386| # undef YYSTACK_RELOCATE Error: GCC_ANALYZER_WARNING (CWE-401): [#def82] httpd-2.4.65/server/util_expr_parse.c:1429:16: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1429:16: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/32) # 1427| { # 1428| YYDPRINTF ((stderr, "Reading a token: ")); # 1429|-> yychar = YYLEX; # 1430| } # 1431| Error: GCC_ANALYZER_WARNING (CWE-127): [#def83] httpd-2.4.65/server/util_expr_parse.c:1918:13: warning[-Wanalyzer-out-of-bounds]: buffer under-read httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1918:13: danger: out-of-bounds read at byte -45 but 'yypgoto' starts at byte 0 # 1916| number reduced by. */ # 1917| # 1918|-> yyn = yyr1[yyn]; # 1919| # 1920| yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; Error: GCC_ANALYZER_WARNING (CWE-127): [#def84] httpd-2.4.65/server/util_expr_parse.c:1922:15: warning[-Wanalyzer-out-of-bounds]: buffer under-read httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1922:15: danger: out-of-bounds read at byte -45 but 'yydefgoto' starts at byte 0 # 1920| yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; # 1921| if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) # 1922|-> yystate = yytable[yystate]; # 1923| else # 1924| yystate = yydefgoto[yyn - YYNTOKENS]; Error: GCC_ANALYZER_WARNING (CWE-401): [#def85] httpd-2.4.65/server/util_expr_parse.y:117:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:117:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/32) # 115| ; # 116| # 117|-> expr : T_TRUE { $$ = ap_expr_make(op_True, NULL, NULL, ctx); } # 118| | T_FALSE { $$ = ap_expr_make(op_False, NULL, NULL, ctx); } # 119| | T_OP_NOT expr { $$ = ap_expr_make(op_Not, $2, NULL, ctx); } Error: GCC_ANALYZER_WARNING (CWE-401): [#def86] httpd-2.4.65/server/util_expr_parse.y:118:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:118:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/32) # 116| # 117| expr : T_TRUE { $$ = ap_expr_make(op_True, NULL, NULL, ctx); } # 118|-> | T_FALSE { $$ = ap_expr_make(op_False, NULL, NULL, ctx); } # 119| | T_OP_NOT expr { $$ = ap_expr_make(op_Not, $2, NULL, ctx); } # 120| | expr T_OP_OR expr { $$ = ap_expr_make(op_Or, $1, $3, ctx); } Error: GCC_ANALYZER_WARNING (CWE-401): [#def87] httpd-2.4.65/server/util_expr_parse.y:119:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:119:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/32) # 117| expr : T_TRUE { $$ = ap_expr_make(op_True, NULL, NULL, ctx); } # 118| | T_FALSE { $$ = ap_expr_make(op_False, NULL, NULL, ctx); } # 119|-> | T_OP_NOT expr { $$ = ap_expr_make(op_Not, $2, NULL, ctx); } # 120| | expr T_OP_OR expr { $$ = ap_expr_make(op_Or, $1, $3, ctx); } # 121| | expr T_OP_AND expr { $$ = ap_expr_make(op_And, $1, $3, ctx); } Error: GCC_ANALYZER_WARNING (CWE-401): [#def88] httpd-2.4.65/server/util_expr_parse.y:120:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:120:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/32) # 118| | T_FALSE { $$ = ap_expr_make(op_False, NULL, NULL, ctx); } # 119| | T_OP_NOT expr { $$ = ap_expr_make(op_Not, $2, NULL, ctx); } # 120|-> | expr T_OP_OR expr { $$ = ap_expr_make(op_Or, $1, $3, ctx); } # 121| | expr T_OP_AND expr { $$ = ap_expr_make(op_And, $1, $3, ctx); } # 122| | comparison { $$ = ap_expr_make(op_Comp, $1, NULL, ctx); } Error: GCC_ANALYZER_WARNING (CWE-401): [#def89] httpd-2.4.65/server/util_expr_parse.y:121:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:121:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/32) # 119| | T_OP_NOT expr { $$ = ap_expr_make(op_Not, $2, NULL, ctx); } # 120| | expr T_OP_OR expr { $$ = ap_expr_make(op_Or, $1, $3, ctx); } # 121|-> | expr T_OP_AND expr { $$ = ap_expr_make(op_And, $1, $3, ctx); } # 122| | comparison { $$ = ap_expr_make(op_Comp, $1, NULL, ctx); } # 123| | T_OP_UNARY word { $$ = ap_expr_unary_op_make( $1, $2, ctx); } Error: GCC_ANALYZER_WARNING (CWE-401): [#def90] httpd-2.4.65/server/util_expr_parse.y:122:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:122:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/32) # 120| | expr T_OP_OR expr { $$ = ap_expr_make(op_Or, $1, $3, ctx); } # 121| | expr T_OP_AND expr { $$ = ap_expr_make(op_And, $1, $3, ctx); } # 122|-> | comparison { $$ = ap_expr_make(op_Comp, $1, NULL, ctx); } # 123| | T_OP_UNARY word { $$ = ap_expr_unary_op_make( $1, $2, ctx); } # 124| | word T_OP_BINARY word { $$ = ap_expr_binary_op_make($2, $1, $3, ctx); } Error: GCC_ANALYZER_WARNING (CWE-401): [#def91] httpd-2.4.65/server/util_expr_parse.y:123:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:123:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/32) # 121| | expr T_OP_AND expr { $$ = ap_expr_make(op_And, $1, $3, ctx); } # 122| | comparison { $$ = ap_expr_make(op_Comp, $1, NULL, ctx); } # 123|-> | T_OP_UNARY word { $$ = ap_expr_unary_op_make( $1, $2, ctx); } # 124| | word T_OP_BINARY word { $$ = ap_expr_binary_op_make($2, $1, $3, ctx); } # 125| | '(' expr ')' { $$ = $2; } Error: GCC_ANALYZER_WARNING (CWE-401): [#def92] httpd-2.4.65/server/util_expr_parse.y:124:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:124:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/32) # 122| | comparison { $$ = ap_expr_make(op_Comp, $1, NULL, ctx); } # 123| | T_OP_UNARY word { $$ = ap_expr_unary_op_make( $1, $2, ctx); } # 124|-> | word T_OP_BINARY word { $$ = ap_expr_binary_op_make($2, $1, $3, ctx); } # 125| | '(' expr ')' { $$ = $2; } # 126| | T_ERROR { YYABORT; } Error: GCC_ANALYZER_WARNING (CWE-401): [#def93] httpd-2.4.65/server/util_expr_parse.y:129:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:129:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/32) # 127| ; # 128| # 129|-> comparison: word T_OP_EQ word { $$ = ap_expr_make(op_EQ, $1, $3, ctx); } # 130| | word T_OP_NE word { $$ = ap_expr_make(op_NE, $1, $3, ctx); } # 131| | word T_OP_LT word { $$ = ap_expr_make(op_LT, $1, $3, ctx); } Error: GCC_ANALYZER_WARNING (CWE-401): [#def94] httpd-2.4.65/server/util_expr_parse.y:130:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:130:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/32) # 128| # 129| comparison: word T_OP_EQ word { $$ = ap_expr_make(op_EQ, $1, $3, ctx); } # 130|-> | word T_OP_NE word { $$ = ap_expr_make(op_NE, $1, $3, ctx); } # 131| | word T_OP_LT word { $$ = ap_expr_make(op_LT, $1, $3, ctx); } # 132| | word T_OP_LE word { $$ = ap_expr_make(op_LE, $1, $3, ctx); } Error: GCC_ANALYZER_WARNING (CWE-401): [#def95] httpd-2.4.65/server/util_expr_parse.y:131:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:131:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/32) # 129| comparison: word T_OP_EQ word { $$ = ap_expr_make(op_EQ, $1, $3, ctx); } # 130| | word T_OP_NE word { $$ = ap_expr_make(op_NE, $1, $3, ctx); } # 131|-> | word T_OP_LT word { $$ = ap_expr_make(op_LT, $1, $3, ctx); } # 132| | word T_OP_LE word { $$ = ap_expr_make(op_LE, $1, $3, ctx); } # 133| | word T_OP_GT word { $$ = ap_expr_make(op_GT, $1, $3, ctx); } Error: GCC_ANALYZER_WARNING (CWE-401): [#def96] httpd-2.4.65/server/util_expr_parse.y:132:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:132:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/32) # 130| | word T_OP_NE word { $$ = ap_expr_make(op_NE, $1, $3, ctx); } # 131| | word T_OP_LT word { $$ = ap_expr_make(op_LT, $1, $3, ctx); } # 132|-> | word T_OP_LE word { $$ = ap_expr_make(op_LE, $1, $3, ctx); } # 133| | word T_OP_GT word { $$ = ap_expr_make(op_GT, $1, $3, ctx); } # 134| | word T_OP_GE word { $$ = ap_expr_make(op_GE, $1, $3, ctx); } Error: GCC_ANALYZER_WARNING (CWE-401): [#def97] httpd-2.4.65/server/util_expr_parse.y:133:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:133:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/32) # 131| | word T_OP_LT word { $$ = ap_expr_make(op_LT, $1, $3, ctx); } # 132| | word T_OP_LE word { $$ = ap_expr_make(op_LE, $1, $3, ctx); } # 133|-> | word T_OP_GT word { $$ = ap_expr_make(op_GT, $1, $3, ctx); } # 134| | word T_OP_GE word { $$ = ap_expr_make(op_GE, $1, $3, ctx); } # 135| | word T_OP_STR_EQ word { $$ = ap_expr_make(op_STR_EQ, $1, $3, ctx); } Error: GCC_ANALYZER_WARNING (CWE-401): [#def98] httpd-2.4.65/server/util_expr_parse.y:134:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:134:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/32) # 132| | word T_OP_LE word { $$ = ap_expr_make(op_LE, $1, $3, ctx); } # 133| | word T_OP_GT word { $$ = ap_expr_make(op_GT, $1, $3, ctx); } # 134|-> | word T_OP_GE word { $$ = ap_expr_make(op_GE, $1, $3, ctx); } # 135| | word T_OP_STR_EQ word { $$ = ap_expr_make(op_STR_EQ, $1, $3, ctx); } # 136| | word T_OP_STR_NE word { $$ = ap_expr_make(op_STR_NE, $1, $3, ctx); } Error: GCC_ANALYZER_WARNING (CWE-401): [#def99] httpd-2.4.65/server/util_expr_parse.y:135:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:135:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/32) # 133| | word T_OP_GT word { $$ = ap_expr_make(op_GT, $1, $3, ctx); } # 134| | word T_OP_GE word { $$ = ap_expr_make(op_GE, $1, $3, ctx); } # 135|-> | word T_OP_STR_EQ word { $$ = ap_expr_make(op_STR_EQ, $1, $3, ctx); } # 136| | word T_OP_STR_NE word { $$ = ap_expr_make(op_STR_NE, $1, $3, ctx); } # 137| | word T_OP_STR_LT word { $$ = ap_expr_make(op_STR_LT, $1, $3, ctx); } Error: GCC_ANALYZER_WARNING (CWE-401): [#def100] httpd-2.4.65/server/util_expr_parse.y:136:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:136:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/32) # 134| | word T_OP_GE word { $$ = ap_expr_make(op_GE, $1, $3, ctx); } # 135| | word T_OP_STR_EQ word { $$ = ap_expr_make(op_STR_EQ, $1, $3, ctx); } # 136|-> | word T_OP_STR_NE word { $$ = ap_expr_make(op_STR_NE, $1, $3, ctx); } # 137| | word T_OP_STR_LT word { $$ = ap_expr_make(op_STR_LT, $1, $3, ctx); } # 138| | word T_OP_STR_LE word { $$ = ap_expr_make(op_STR_LE, $1, $3, ctx); } Error: GCC_ANALYZER_WARNING (CWE-401): [#def101] httpd-2.4.65/server/util_expr_parse.y:137:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:137:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/32) # 135| | word T_OP_STR_EQ word { $$ = ap_expr_make(op_STR_EQ, $1, $3, ctx); } # 136| | word T_OP_STR_NE word { $$ = ap_expr_make(op_STR_NE, $1, $3, ctx); } # 137|-> | word T_OP_STR_LT word { $$ = ap_expr_make(op_STR_LT, $1, $3, ctx); } # 138| | word T_OP_STR_LE word { $$ = ap_expr_make(op_STR_LE, $1, $3, ctx); } # 139| | word T_OP_STR_GT word { $$ = ap_expr_make(op_STR_GT, $1, $3, ctx); } Error: GCC_ANALYZER_WARNING (CWE-401): [#def102] httpd-2.4.65/server/util_expr_parse.y:138:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:138:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/32) # 136| | word T_OP_STR_NE word { $$ = ap_expr_make(op_STR_NE, $1, $3, ctx); } # 137| | word T_OP_STR_LT word { $$ = ap_expr_make(op_STR_LT, $1, $3, ctx); } # 138|-> | word T_OP_STR_LE word { $$ = ap_expr_make(op_STR_LE, $1, $3, ctx); } # 139| | word T_OP_STR_GT word { $$ = ap_expr_make(op_STR_GT, $1, $3, ctx); } # 140| | word T_OP_STR_GE word { $$ = ap_expr_make(op_STR_GE, $1, $3, ctx); } Error: GCC_ANALYZER_WARNING (CWE-401): [#def103] httpd-2.4.65/server/util_expr_parse.y:139:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:139:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/32) # 137| | word T_OP_STR_LT word { $$ = ap_expr_make(op_STR_LT, $1, $3, ctx); } # 138| | word T_OP_STR_LE word { $$ = ap_expr_make(op_STR_LE, $1, $3, ctx); } # 139|-> | word T_OP_STR_GT word { $$ = ap_expr_make(op_STR_GT, $1, $3, ctx); } # 140| | word T_OP_STR_GE word { $$ = ap_expr_make(op_STR_GE, $1, $3, ctx); } # 141| | word T_OP_IN wordlist { $$ = ap_expr_make(op_IN, $1, $3, ctx); } Error: GCC_ANALYZER_WARNING (CWE-401): [#def104] httpd-2.4.65/server/util_expr_parse.y:140:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:140:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/32) # 138| | word T_OP_STR_LE word { $$ = ap_expr_make(op_STR_LE, $1, $3, ctx); } # 139| | word T_OP_STR_GT word { $$ = ap_expr_make(op_STR_GT, $1, $3, ctx); } # 140|-> | word T_OP_STR_GE word { $$ = ap_expr_make(op_STR_GE, $1, $3, ctx); } # 141| | word T_OP_IN wordlist { $$ = ap_expr_make(op_IN, $1, $3, ctx); } # 142| | word T_OP_REG regex { $$ = ap_expr_make(op_REG, $1, $3, ctx); } Error: GCC_ANALYZER_WARNING (CWE-401): [#def105] httpd-2.4.65/server/util_expr_parse.y:141:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:141:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/32) # 139| | word T_OP_STR_GT word { $$ = ap_expr_make(op_STR_GT, $1, $3, ctx); } # 140| | word T_OP_STR_GE word { $$ = ap_expr_make(op_STR_GE, $1, $3, ctx); } # 141|-> | word T_OP_IN wordlist { $$ = ap_expr_make(op_IN, $1, $3, ctx); } # 142| | word T_OP_REG regex { $$ = ap_expr_make(op_REG, $1, $3, ctx); } # 143| | word T_OP_NRE regex { $$ = ap_expr_make(op_NRE, $1, $3, ctx); } Error: GCC_ANALYZER_WARNING (CWE-401): [#def106] httpd-2.4.65/server/util_expr_parse.y:142:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:142:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/32) # 140| | word T_OP_STR_GE word { $$ = ap_expr_make(op_STR_GE, $1, $3, ctx); } # 141| | word T_OP_IN wordlist { $$ = ap_expr_make(op_IN, $1, $3, ctx); } # 142|-> | word T_OP_REG regex { $$ = ap_expr_make(op_REG, $1, $3, ctx); } # 143| | word T_OP_NRE regex { $$ = ap_expr_make(op_NRE, $1, $3, ctx); } # 144| ; Error: GCC_ANALYZER_WARNING (CWE-401): [#def107] httpd-2.4.65/server/util_expr_parse.y:143:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:143:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/32) # 141| | word T_OP_IN wordlist { $$ = ap_expr_make(op_IN, $1, $3, ctx); } # 142| | word T_OP_REG regex { $$ = ap_expr_make(op_REG, $1, $3, ctx); } # 143|-> | word T_OP_NRE regex { $$ = ap_expr_make(op_NRE, $1, $3, ctx); } # 144| ; # 145| Error: GCC_ANALYZER_WARNING (CWE-401): [#def108] httpd-2.4.65/server/util_expr_parse.y:150:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:150:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/29/codeFlows/0/threadFlows/0/locations/32) # 148| ; # 149| # 150|-> words : word { $$ = ap_expr_make(op_ListElement, $1, NULL, ctx); } # 151| | words ',' word { $$ = ap_expr_make(op_ListElement, $3, $1, ctx); } # 152| ; Error: GCC_ANALYZER_WARNING (CWE-401): [#def109] httpd-2.4.65/server/util_expr_parse.y:151:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:151:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/32) # 149| # 150| words : word { $$ = ap_expr_make(op_ListElement, $1, NULL, ctx); } # 151|-> | words ',' word { $$ = ap_expr_make(op_ListElement, $3, $1, ctx); } # 152| ; # 153| Error: GCC_ANALYZER_WARNING (CWE-401): [#def110] httpd-2.4.65/server/util_expr_parse.y:154:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:154:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/31/codeFlows/0/threadFlows/0/locations/32) # 152| ; # 153| # 154|-> string : string strpart { $$ = ap_expr_make(op_Concat, $1, $2, ctx); } # 155| | strpart { $$ = $1; } # 156| | T_ERROR { YYABORT; } Error: GCC_ANALYZER_WARNING (CWE-401): [#def111] httpd-2.4.65/server/util_expr_parse.y:159:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:159:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/32/codeFlows/0/threadFlows/0/locations/32) # 157| ; # 158| # 159|-> strpart : T_STRING { $$ = ap_expr_make(op_String, $1, NULL, ctx); } # 160| | var { $$ = $1; } # 161| | backref { $$ = $1; } Error: GCC_ANALYZER_WARNING (CWE-401): [#def112] httpd-2.4.65/server/util_expr_parse.y:164:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:164:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/33/codeFlows/0/threadFlows/0/locations/32) # 162| ; # 163| # 164|-> var : T_VAR_BEGIN T_ID T_VAR_END { $$ = ap_expr_var_make($2, ctx); } # 165| | T_VAR_BEGIN T_ID ':' string T_VAR_END { $$ = ap_expr_str_func_make($2, $4, ctx); } # 166| ; Error: GCC_ANALYZER_WARNING (CWE-401): [#def113] httpd-2.4.65/server/util_expr_parse.y:165:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:165:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/34/codeFlows/0/threadFlows/0/locations/32) # 163| # 164| var : T_VAR_BEGIN T_ID T_VAR_END { $$ = ap_expr_var_make($2, ctx); } # 165|-> | T_VAR_BEGIN T_ID ':' string T_VAR_END { $$ = ap_expr_str_func_make($2, $4, ctx); } # 166| ; # 167| Error: GCC_ANALYZER_WARNING (CWE-401): [#def114] httpd-2.4.65/server/util_expr_parse.y:168:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:168:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/35/codeFlows/0/threadFlows/0/locations/32) # 166| ; # 167| # 168|-> word : T_DIGIT { $$ = ap_expr_make(op_Digit, $1, NULL, ctx); } # 169| | word T_OP_CONCAT word { $$ = ap_expr_make(op_Concat, $1, $3, ctx); } # 170| | var { $$ = $1; } Error: GCC_ANALYZER_WARNING (CWE-401): [#def115] httpd-2.4.65/server/util_expr_parse.y:169:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:169:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/36/codeFlows/0/threadFlows/0/locations/32) # 167| # 168| word : T_DIGIT { $$ = ap_expr_make(op_Digit, $1, NULL, ctx); } # 169|-> | word T_OP_CONCAT word { $$ = ap_expr_make(op_Concat, $1, $3, ctx); } # 170| | var { $$ = $1; } # 171| | backref { $$ = $1; } Error: GCC_ANALYZER_WARNING (CWE-401): [#def116] httpd-2.4.65/server/util_expr_parse.y:174:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:174:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/37/codeFlows/0/threadFlows/0/locations/32) # 172| | strfunccall { $$ = $1; } # 173| | T_STR_BEGIN string T_STR_END { $$ = $2; } # 174|-> | T_STR_BEGIN T_STR_END { $$ = ap_expr_make(op_String, "", NULL, ctx); } # 175| ; # 176| Error: GCC_ANALYZER_WARNING (CWE-401): [#def117] httpd-2.4.65/server/util_expr_parse.y:179:30: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:179:30: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/38/codeFlows/0/threadFlows/0/locations/32) # 177| regex : T_REGEX { # 178| ap_regex_t *regex; # 179|-> if ((regex = ap_pregcomp(ctx->pool, $1, # 180| AP_REG_EXTENDED|AP_REG_NOSUB)) == NULL) { # 181| ctx->error = "Failed to compile regular expression"; Error: GCC_ANALYZER_WARNING (CWE-401): [#def118] httpd-2.4.65/server/util_expr_parse.y:184:33: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:179:20: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.y:184:33: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:184:33: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/39/codeFlows/0/threadFlows/0/locations/32) # 182| YYERROR; # 183| } # 184|-> $$ = ap_expr_make(op_Regex, regex, NULL, ctx); # 185| } # 186| | T_REGEX_I { Error: GCC_ANALYZER_WARNING (CWE-401): [#def119] httpd-2.4.65/server/util_expr_parse.y:188:30: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:188:30: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/40/codeFlows/0/threadFlows/0/locations/32) # 186| | T_REGEX_I { # 187| ap_regex_t *regex; # 188|-> if ((regex = ap_pregcomp(ctx->pool, $1, # 189| AP_REG_EXTENDED|AP_REG_NOSUB|AP_REG_ICASE)) == NULL) { # 190| ctx->error = "Failed to compile regular expression"; Error: GCC_ANALYZER_WARNING (CWE-401): [#def120] httpd-2.4.65/server/util_expr_parse.y:193:33: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:188:20: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.y:193:33: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:193:33: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/41/codeFlows/0/threadFlows/0/locations/32) # 191| YYERROR; # 192| } # 193|-> $$ = ap_expr_make(op_Regex, regex, NULL, ctx); # 194| } # 195| ; Error: GCC_ANALYZER_WARNING (CWE-401): [#def121] httpd-2.4.65/server/util_expr_parse.y:198:26: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:198:26: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/42/codeFlows/0/threadFlows/0/locations/32) # 196| # 197| backref : T_REGEX_BACKREF { # 198|-> int *n = apr_palloc(ctx->pool, sizeof(int)); # 199| *n = $1; # 200| $$ = ap_expr_make(op_RegexBackref, n, NULL, ctx); Error: GCC_ANALYZER_WARNING (CWE-401): [#def122] httpd-2.4.65/server/util_expr_parse.y:200:33: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:200:33: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/43/codeFlows/0/threadFlows/0/locations/32) # 198| int *n = apr_palloc(ctx->pool, sizeof(int)); # 199| *n = $1; # 200|-> $$ = ap_expr_make(op_RegexBackref, n, NULL, ctx); # 201| } # 202| ; Error: GCC_ANALYZER_WARNING (CWE-401): [#def123] httpd-2.4.65/server/util_expr_parse.y:204:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:204:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/44/codeFlows/0/threadFlows/0/locations/32) # 202| ; # 203| # 204|-> lstfunccall : T_ID '(' word ')' { $$ = ap_expr_list_func_make($1, $3, ctx); } # 205| ; # 206| Error: GCC_ANALYZER_WARNING (CWE-401): [#def124] httpd-2.4.65/server/util_expr_parse.y:207:23: warning[-Wanalyzer-malloc-leak]: leak of 'yyptr' httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1420:6: branch_false: following 'false' branch (when 'yyn != -35')... httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1426:6: branch_true: following 'true' branch (when 'ap_expr_yychar == -2')... httpd-2.4.65/server/util_expr_parse.c:1429:16: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1446:6: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1449:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1459:6: branch_false: following 'false' branch (when 'yyerrstatus == 0')... httpd-2.4.65/server/util_expr_parse.c:1469:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1342:6: branch_true: following 'true' branch... httpd-2.4.65/server/util_expr_parse.c:1345:31: branch_true: ...to here httpd-2.4.65/server/util_expr_parse.c:1372:10: branch_false: following 'false' branch (when 'yystacksize <= 9999')... httpd-2.4.65/server/util_expr_parse.c:1374:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1381:29: acquire_memory: allocated here httpd-2.4.65/server/util_expr_parse.c:1382:12: branch_false: following 'false' branch (when 'yyptr' is non-NULL)... httpd-2.4.65/server/util_expr_parse.c:1384:9: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1387:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1393:7: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1399:10: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1405:6: branch_false: following 'false' branch (when 'yystate != 28')... httpd-2.4.65/server/util_expr_parse.c:1408:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.c:1479:6: branch_false: following 'false' branch (when 'yyn != 0')... httpd-2.4.65/server/util_expr_parse.c:1481:3: branch_false: ...to here httpd-2.4.65/server/util_expr_parse.y:207:23: danger: 'yyptr' leaks here; was allocated at [(33)](sarif:/runs/0/results/45/codeFlows/0/threadFlows/0/locations/32) # 205| ; # 206| # 207|-> strfunccall : T_ID '(' word ')' { $$ = ap_expr_str_func_make($1, $3, ctx); } # 208| ; # 209| Error: GCC_ANALYZER_WARNING (CWE-476): [#def125] httpd-2.4.65/server/util_expr_scan.c:1721:58: warning[-Wanalyzer-null-dereference]: dereference of NULL 'b' httpd-2.4.65/server/util_expr_scan.c:1672:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_scan.c:1676:14: branch_false: ...to here httpd-2.4.65/server/util_expr_scan.c:1676:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_scan.c:1698:32: branch_false: ...to here httpd-2.4.65/server/util_expr_scan.c:1703:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_scan.c:1712:25: branch_false: ...to here httpd-2.4.65/server/util_expr_scan.c:1714:25: branch_true: following 'true' branch (when 'num_to_read <= 0')... httpd-2.4.65/server/util_expr_scan.c:1718:45: branch_true: ...to here httpd-2.4.65/server/util_expr_scan.c:1718:45: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_scan.c:1721:40: branch_false: ...to here httpd-2.4.65/server/util_expr_scan.c:1721:58: danger: dereference of NULL 'b' # 1719| # 1720| int yy_c_buf_p_offset = # 1721|-> (int) (yyg->yy_c_buf_p - b->yy_ch_buf); # 1722| # 1723| if ( b->yy_is_our_buffer ) Error: GCC_ANALYZER_WARNING (CWE-401): [#def126] httpd-2.4.65/server/util_expr_scan.c:2009:9: warning[-Wanalyzer-malloc-leak]: leak of 'malloc(64)' httpd-2.4.65/server/util_expr_scan.c:2001:21: enter_function: entry to 'ap_expr_yy_create_buffer' httpd-2.4.65/server/util_expr_scan.c:2005:31: call_function: inlined call to 'ap_expr_yyalloc' from 'ap_expr_yy_create_buffer' httpd-2.4.65/server/util_expr_scan.c:2006:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_scan.c:2009:9: branch_false: ...to here httpd-2.4.65/server/util_expr_scan.c:2009:9: danger: 'malloc(64)' leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2) # 2007| YY_FATAL_ERROR( "out of dynamic memory in ap_expr_yy_create_buffer()" ); # 2008| # 2009|-> b->yy_buf_size = size; # 2010| # 2011| /* yy_ch_buf has to be 2 characters longer than the size given because Error: GCC_ANALYZER_WARNING (CWE-476): [#def127] httpd-2.4.65/server/util_expr_scan.c:2057:9: warning[-Wanalyzer-null-dereference]: dereference of NULL 'b' httpd-2.4.65/server/util_expr_scan.c:1936:10: enter_function: entry to 'ap_expr_yyrestart' httpd-2.4.65/server/util_expr_scan.c:1941:9: call_function: calling 'ap_expr_yyensure_buffer_stack' from 'ap_expr_yyrestart' httpd-2.4.65/server/util_expr_scan.c:1941:9: return_function: returning to 'ap_expr_yyrestart' from 'ap_expr_yyensure_buffer_stack' httpd-2.4.65/server/util_expr_scan.c:1943:13: call_function: calling 'ap_expr_yy_create_buffer' from 'ap_expr_yyrestart' httpd-2.4.65/server/util_expr_scan.c:1943:13: return_function: returning to 'ap_expr_yyrestart' from 'ap_expr_yy_create_buffer' httpd-2.4.65/server/util_expr_scan.c:1946:9: branch_false: following 'false' branch... httpd-2.4.65/server/util_expr_scan.c:1946:9: branch_false: ...to here httpd-2.4.65/server/util_expr_scan.c:1946:9: call_function: calling 'ap_expr_yy_init_buffer' from 'ap_expr_yyrestart' # 2055| ap_expr_yy_flush_buffer(b ,yyscanner); # 2056| # 2057|-> b->yy_input_file = file; # 2058| b->yy_fill_buffer = 1; # 2059| Error: GCC_ANALYZER_WARNING (CWE-401): [#def128] httpd-2.4.65/server/util_expr_scan.c:2275:33: warning[-Wanalyzer-malloc-leak]: leak of 'malloc(n)' httpd-2.4.65/server/util_expr_scan.c:2259:17: enter_function: entry to 'ap_expr_yy_scan_bytes' httpd-2.4.65/server/util_expr_scan.c:2268:24: call_function: inlined call to 'ap_expr_yyalloc' from 'ap_expr_yy_scan_bytes' httpd-2.4.65/server/util_expr_scan.c:2269:12: branch_false: following 'false' branch... branch_false: ...to here httpd-2.4.65/server/util_expr_scan.c:2277:13: call_function: calling 'ap_expr_yy_scan_buffer' from 'ap_expr_yy_scan_bytes' # 2273| buf[i] = yybytes[i]; # 2274| # 2275|-> buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; # 2276| # 2277| b = ap_expr_yy_scan_buffer(buf,n ,yyscanner); Error: GCC_ANALYZER_WARNING (CWE-404): [#def129] httpd-2.4.65/server/util_filter.c:620:23: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/util_filter.c:611:8: branch_true: following 'true' branch... httpd-2.4.65/server/util_filter.c:612:12: branch_true: ...to here httpd-2.4.65/server/util_filter.c:612:12: branch_true: following 'true' branch... httpd-2.4.65/server/util_filter.c:613:16: branch_true: ...to here httpd-2.4.65/server/util_filter.c:613:16: branch_false: following 'false' branch (when 'fmt' is non-NULL)... httpd-2.4.65/server/util_filter.c:619:17: branch_false: ...to here httpd-2.4.65/server/util_filter.c:619:17: acquire_resource: 'va_start' called here httpd-2.4.65/server/util_filter.c:620:23: danger: missing call to 'va_end' to match 'va_start' at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6) # 618| const char *res; # 619| va_start(ap, fmt); # 620|-> res = apr_pvsprintf(r->pool, fmt, ap); # 621| va_end(ap); # 622| ap_log_rerror(APLOG_MARK, APLOG_DEBUG, rv, r, APLOGNO(03158) Error: GCC_ANALYZER_WARNING (CWE-404): [#def130] httpd-2.4.65/server/util_filter.c:712:10: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/util_filter.c:711:5: acquire_resource: 'va_start' called here httpd-2.4.65/server/util_filter.c:712:10: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0) # 710| # 711| va_start(args, bb); # 712|-> rv = apr_brigade_vputstrs(bb, ap_filter_flush, f, args); # 713| va_end(args); # 714| return rv; Error: GCC_ANALYZER_WARNING (CWE-404): [#def131] httpd-2.4.65/server/util_filter.c:726:10: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/util_filter.c:725:5: acquire_resource: 'va_start' called here httpd-2.4.65/server/util_filter.c:726:10: danger: missing call to 'va_end' to match 'va_start' at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0) # 724| # 725| va_start(args, fmt); # 726|-> rv = apr_brigade_vprintf(bb, ap_filter_flush, f, fmt, args); # 727| va_end(args); # 728| return rv; Error: GCC_ANALYZER_WARNING (CWE-476): [#def132] httpd-2.4.65/server/util_mutex.c:518:13: warning[-Wanalyzer-null-dereference]: dereference of NULL '0' httpd-2.4.65/server/util_mutex.c:501:23: enter_function: entry to 'ap_dump_mutexes' httpd-2.4.65/server/util_mutex.c:505:50: branch_true: following 'true' branch (when 'idx' is non-NULL)... httpd-2.4.65/server/util_mutex.c:511:9: branch_true: ...to here httpd-2.4.65/server/util_mutex.c:513:17: call_function: calling 'mxcfg_lookup' from 'ap_dump_mutexes' httpd-2.4.65/server/util_mutex.c:513:17: return_function: returning to 'ap_dump_mutexes' from 'mxcfg_lookup' httpd-2.4.65/server/util_mutex.c:518:13: danger: dereference of NULL 'mxcfg_lookup(p, name)' # 516| continue; # 517| } # 518|-> if (mxcfg->none) { # 519| apr_file_printf(out, "Mutex %s: none\n", name); # 520| continue; Error: GCC_ANALYZER_WARNING (CWE-457): [#def133] httpd-2.4.65/server/util_regex.c:170:27: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value 'subs' httpd-2.4.65/server/util_regex.c:141:17: enter_function: entry to 'ap_rxplus_exec' httpd-2.4.65/server/util_regex.c:149:8: branch_false: following 'false' branch... httpd-2.4.65/server/util_regex.c:153:5: branch_false: ...to here httpd-2.4.65/server/util_regex.c:154:8: branch_true: following 'true' branch... httpd-2.4.65/server/util_regex.c:155:23: branch_true: ...to here httpd-2.4.65/server/util_regex.c:157:12: branch_false: following 'false' branch... httpd-2.4.65/server/util_regex.c:160:18: branch_false: ...to here httpd-2.4.65/server/util_regex.c:165:12: branch_true: following 'true' branch... httpd-2.4.65/server/util_regex.c:167:20: branch_true: ...to here httpd-2.4.65/server/util_regex.c:167:20: call_function: calling 'ap_rxplus_exec' from 'ap_rxplus_exec' # 168| if (ret > 1) { # 169| /* a further substitution happened */ # 170|-> diffsz += strlen(subs) - strlen(remainder); # 171| remainder = subs; # 172| } Error: GCC_ANALYZER_WARNING (CWE-404): [#def134] httpd-2.4.65/server/util_script.c:482:13: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/util_script.c:870:24: enter_function: entry to 'ap_scan_script_header_err_strs_ex' httpd-2.4.65/server/util_script.c:879:5: acquire_resource: 'va_start' called here httpd-2.4.65/server/util_script.c:882:11: call_function: calling 'ap_scan_script_header_err_core_ex' from 'ap_scan_script_header_err_strs_ex' # 480| # 481| /* temporary place to hold headers to merge in later */ # 482|-> merge = apr_table_make(r->pool, 10); # 483| # 484| /* The HTTP specification says that it is legal to merge duplicate Error: GCC_ANALYZER_WARNING (CWE-404): [#def135] httpd-2.4.65/server/util_script.c:490:20: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/util_script.c:870:24: enter_function: entry to 'ap_scan_script_header_err_strs_ex' httpd-2.4.65/server/util_script.c:879:5: acquire_resource: 'va_start' called here httpd-2.4.65/server/util_script.c:882:11: call_function: calling 'ap_scan_script_header_err_core_ex' from 'ap_scan_script_header_err_strs_ex' # 488| * Oh what a pain it is. # 489| */ # 490|-> cookie_table = apr_table_make(r->pool, 2); # 491| apr_table_do(set_cookie_doo_doo, cookie_table, r->err_headers_out, "Set-Cookie", NULL); # 492| Error: GCC_ANALYZER_WARNING (CWE-404): [#def136] httpd-2.4.65/server/util_script.c:491:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/util_script.c:870:24: enter_function: entry to 'ap_scan_script_header_err_strs_ex' httpd-2.4.65/server/util_script.c:879:5: acquire_resource: 'va_start' called here httpd-2.4.65/server/util_script.c:882:11: call_function: calling 'ap_scan_script_header_err_core_ex' from 'ap_scan_script_header_err_strs_ex' # 489| */ # 490| cookie_table = apr_table_make(r->pool, 2); # 491|-> apr_table_do(set_cookie_doo_doo, cookie_table, r->err_headers_out, "Set-Cookie", NULL); # 492| # 493| while (1) { Error: GCC_ANALYZER_WARNING (CWE-404): [#def137] httpd-2.4.65/server/util_script.c:572:17: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/util_script.c:870:24: enter_function: entry to 'ap_scan_script_header_err_strs_ex' httpd-2.4.65/server/util_script.c:879:5: acquire_resource: 'va_start' called here httpd-2.4.65/server/util_script.c:882:11: call_function: calling 'ap_scan_script_header_err_core_ex' from 'ap_scan_script_header_err_strs_ex' # 570| if (trace_log) { # 571| if (first_header) # 572|-> ap_log_rerror(SCRIPT_LOG_MARK, APLOG_TRACE4, 0, r, # 573| "Headers from script '%s':", # 574| apr_filepath_name_get(r->filename)); Error: GCC_ANALYZER_WARNING (CWE-404): [#def138] httpd-2.4.65/server/util_script.c:627:14: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/util_script.c:892:24: enter_function: entry to 'ap_scan_script_header_err_strs' httpd-2.4.65/server/util_script.c:900:5: acquire_resource: 'va_start' called here httpd-2.4.65/server/util_script.c:903:11: call_function: calling 'ap_scan_script_header_err_core_ex' from 'ap_scan_script_header_err_strs' # 625| } # 626| # 627|-> if (!ap_cstr_casecmp(w, "Content-type")) { # 628| char *tmp; # 629| Error: GCC_ANALYZER_WARNING (CWE-404): [#def139] httpd-2.4.65/server/util_script.c:637:19: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/util_script.c:892:24: enter_function: entry to 'ap_scan_script_header_err_strs' httpd-2.4.65/server/util_script.c:900:5: acquire_resource: 'va_start' called here httpd-2.4.65/server/util_script.c:903:11: call_function: calling 'ap_scan_script_header_err_core_ex' from 'ap_scan_script_header_err_strs' # 635| } # 636| # 637|-> tmp = apr_pstrdup(r->pool, l); # 638| ap_content_type_tolower(tmp); # 639| ap_set_content_type(r, tmp); Error: GCC_ANALYZER_WARNING (CWE-404): [#def140] httpd-2.4.65/server/util_script.c:638:13: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/util_script.c:892:24: enter_function: entry to 'ap_scan_script_header_err_strs' httpd-2.4.65/server/util_script.c:900:5: acquire_resource: 'va_start' called here httpd-2.4.65/server/util_script.c:903:11: call_function: calling 'ap_scan_script_header_err_core_ex' from 'ap_scan_script_header_err_strs' # 636| # 637| tmp = apr_pstrdup(r->pool, l); # 638|-> ap_content_type_tolower(tmp); # 639| ap_set_content_type(r, tmp); # 640| } Error: GCC_ANALYZER_WARNING (CWE-404): [#def141] httpd-2.4.65/server/util_script.c:639:13: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/server/util_script.c:892:24: enter_function: entry to 'ap_scan_script_header_err_strs' httpd-2.4.65/server/util_script.c:900:5: acquire_resource: 'va_start' called here httpd-2.4.65/server/util_script.c:903:11: call_function: calling 'ap_scan_script_header_err_core_ex' from 'ap_scan_script_header_err_strs' # 637| tmp = apr_pstrdup(r->pool, l); # 638| ap_content_type_tolower(tmp); # 639|-> ap_set_content_type(r, tmp); # 640| } # 641| /* Error: GCC_ANALYZER_WARNING (CWE-401): [#def142] httpd-2.4.65/support/suexec.c:160:9: warning[-Wanalyzer-malloc-leak]: leak of 'actual_gname' httpd-2.4.65/support/suexec.c:270:5: enter_function: entry to 'main' httpd-2.4.65/support/suexec.c:291:5: call_function: calling 'clean_env' from 'main' httpd-2.4.65/support/suexec.c:291:5: return_function: returning to 'main' from 'clean_env' httpd-2.4.65/support/suexec.c:298:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:306:8: branch_false: ...to here httpd-2.4.65/support/suexec.c:306:8: branch_true: following 'true' branch (when 'argc > 1')... httpd-2.4.65/support/suexec.c:307:15: branch_true: ...to here httpd-2.4.65/support/suexec.c:348:8: branch_false: following 'false' branch (when 'argc > 3')... httpd-2.4.65/support/suexec.c:353:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:368:8: branch_false: following 'false' branch (when the strings are equal)... httpd-2.4.65/support/suexec.c:380:10: branch_false: ...to here httpd-2.4.65/support/suexec.c:380:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:380:9: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:391:10: branch_false: ...to here httpd-2.4.65/support/suexec.c:400:12: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:415:9: branch_false: ...to here httpd-2.4.65/support/suexec.c:415:8: branch_true: following 'true' branch... httpd-2.4.65/support/suexec.c:416:19: branch_true: ...to here httpd-2.4.65/support/suexec.c:416:12: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:427:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:428:25: acquire_memory: allocated here httpd-2.4.65/support/suexec.c:428:8: branch_false: following 'false' branch (when 'actual_gname' is non-NULL)... httpd-2.4.65/support/suexec.c:463:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:466:8: branch_true: following 'true' branch... httpd-2.4.65/support/suexec.c:467:9: branch_true: ...to here httpd-2.4.65/support/suexec.c:467:9: call_function: calling 'log_err' from 'main' # 158| #if defined(AP_LOG_SYSLOG) # 159| if (!log_open) { # 160|-> openlog("suexec", LOG_PID, AP_LOG_FACILITY); # 161| log_open = 1; # 162| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def143] httpd-2.4.65/support/suexec.c:160:9: warning[-Wanalyzer-malloc-leak]: leak of 'actual_uname' httpd-2.4.65/support/suexec.c:270:5: enter_function: entry to 'main' httpd-2.4.65/support/suexec.c:291:5: call_function: calling 'clean_env' from 'main' httpd-2.4.65/support/suexec.c:291:5: return_function: returning to 'main' from 'clean_env' httpd-2.4.65/support/suexec.c:298:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:306:8: branch_false: ...to here httpd-2.4.65/support/suexec.c:306:8: branch_true: following 'true' branch (when 'argc > 1')... httpd-2.4.65/support/suexec.c:307:15: branch_true: ...to here httpd-2.4.65/support/suexec.c:348:8: branch_false: following 'false' branch (when 'argc > 3')... httpd-2.4.65/support/suexec.c:353:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:368:8: branch_false: following 'false' branch (when the strings are equal)... httpd-2.4.65/support/suexec.c:380:10: branch_false: ...to here httpd-2.4.65/support/suexec.c:380:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:380:9: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:391:10: branch_false: ...to here httpd-2.4.65/support/suexec.c:400:12: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:415:9: branch_false: ...to here httpd-2.4.65/support/suexec.c:415:8: branch_true: following 'true' branch... httpd-2.4.65/support/suexec.c:416:19: branch_true: ...to here httpd-2.4.65/support/suexec.c:416:12: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:427:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:428:8: branch_false: following 'false' branch (when 'actual_gname' is non-NULL)... httpd-2.4.65/support/suexec.c:463:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:464:20: acquire_memory: allocated here httpd-2.4.65/support/suexec.c:466:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:475:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:475:5: call_function: calling 'log_no_err' from 'main' # 158| #if defined(AP_LOG_SYSLOG) # 159| if (!log_open) { # 160|-> openlog("suexec", LOG_PID, AP_LOG_FACILITY); # 161| log_open = 1; # 162| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def144] httpd-2.4.65/support/suexec.c:160:9: warning[-Wanalyzer-malloc-leak]: leak of 'cleanenv' httpd-2.4.65/support/suexec.c:270:5: enter_function: entry to 'main' httpd-2.4.65/support/suexec.c:291:5: call_function: calling 'clean_env' from 'main' # 158| #if defined(AP_LOG_SYSLOG) # 159| if (!log_open) { # 160|-> openlog("suexec", LOG_PID, AP_LOG_FACILITY); # 161| log_open = 1; # 162| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def145] httpd-2.4.65/support/suexec.c:160:9: warning[-Wanalyzer-malloc-leak]: leak of 'target_homedir' httpd-2.4.65/support/suexec.c:270:5: enter_function: entry to 'main' httpd-2.4.65/support/suexec.c:291:5: call_function: calling 'clean_env' from 'main' httpd-2.4.65/support/suexec.c:291:5: return_function: returning to 'main' from 'clean_env' httpd-2.4.65/support/suexec.c:298:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:306:8: branch_false: ...to here httpd-2.4.65/support/suexec.c:306:8: branch_true: following 'true' branch (when 'argc > 1')... httpd-2.4.65/support/suexec.c:307:15: branch_true: ...to here httpd-2.4.65/support/suexec.c:348:8: branch_false: following 'false' branch (when 'argc > 3')... httpd-2.4.65/support/suexec.c:353:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:368:8: branch_false: following 'false' branch (when the strings are equal)... httpd-2.4.65/support/suexec.c:380:10: branch_false: ...to here httpd-2.4.65/support/suexec.c:380:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:380:9: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:391:10: branch_false: ...to here httpd-2.4.65/support/suexec.c:400:12: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:415:9: branch_false: ...to here httpd-2.4.65/support/suexec.c:415:8: branch_true: following 'true' branch... httpd-2.4.65/support/suexec.c:416:19: branch_true: ...to here httpd-2.4.65/support/suexec.c:416:12: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:427:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:428:8: branch_false: following 'false' branch (when 'actual_gname' is non-NULL)... httpd-2.4.65/support/suexec.c:463:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:465:22: acquire_memory: allocated here httpd-2.4.65/support/suexec.c:466:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:475:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:475:5: call_function: calling 'log_no_err' from 'main' # 158| #if defined(AP_LOG_SYSLOG) # 159| if (!log_open) { # 160|-> openlog("suexec", LOG_PID, AP_LOG_FACILITY); # 161| log_open = 1; # 162| } Error: GCC_ANALYZER_WARNING (CWE-404): [#def146] httpd-2.4.65/support/suexec.c:160:9: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/support/suexec.c:270:5: enter_function: entry to 'main' httpd-2.4.65/support/suexec.c:291:5: call_function: calling 'clean_env' from 'main' # 158| #if defined(AP_LOG_SYSLOG) # 159| if (!log_open) { # 160|-> openlog("suexec", LOG_PID, AP_LOG_FACILITY); # 161| log_open = 1; # 162| } Error: GCC_ANALYZER_WARNING (CWE-401): [#def147] httpd-2.4.65/support/suexec.c:164:5: warning[-Wanalyzer-malloc-leak]: leak of 'actual_gname' httpd-2.4.65/support/suexec.c:270:5: enter_function: entry to 'main' httpd-2.4.65/support/suexec.c:291:5: call_function: calling 'clean_env' from 'main' httpd-2.4.65/support/suexec.c:291:5: return_function: returning to 'main' from 'clean_env' httpd-2.4.65/support/suexec.c:298:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:306:8: branch_false: ...to here httpd-2.4.65/support/suexec.c:306:8: branch_true: following 'true' branch (when 'argc > 1')... httpd-2.4.65/support/suexec.c:307:15: branch_true: ...to here httpd-2.4.65/support/suexec.c:348:8: branch_false: following 'false' branch (when 'argc > 3')... httpd-2.4.65/support/suexec.c:353:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:368:8: branch_false: following 'false' branch (when the strings are equal)... httpd-2.4.65/support/suexec.c:380:10: branch_false: ...to here httpd-2.4.65/support/suexec.c:380:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:380:9: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:391:10: branch_false: ...to here httpd-2.4.65/support/suexec.c:400:12: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:415:9: branch_false: ...to here httpd-2.4.65/support/suexec.c:415:8: branch_true: following 'true' branch... httpd-2.4.65/support/suexec.c:416:19: branch_true: ...to here httpd-2.4.65/support/suexec.c:416:12: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:427:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:428:25: acquire_memory: allocated here httpd-2.4.65/support/suexec.c:428:8: branch_false: following 'false' branch (when 'actual_gname' is non-NULL)... httpd-2.4.65/support/suexec.c:463:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:466:8: branch_true: following 'true' branch... httpd-2.4.65/support/suexec.c:467:9: branch_true: ...to here httpd-2.4.65/support/suexec.c:467:9: call_function: calling 'log_err' from 'main' # 162| } # 163| # 164|-> vsyslog(is_error ? LOG_ERR : LOG_INFO, fmt, ap); # 165| #elif defined(AP_LOG_EXEC) # 166| time_t timevar; Error: GCC_ANALYZER_WARNING (CWE-401): [#def148] httpd-2.4.65/support/suexec.c:164:5: warning[-Wanalyzer-malloc-leak]: leak of 'actual_uname' httpd-2.4.65/support/suexec.c:270:5: enter_function: entry to 'main' httpd-2.4.65/support/suexec.c:291:5: call_function: calling 'clean_env' from 'main' httpd-2.4.65/support/suexec.c:291:5: return_function: returning to 'main' from 'clean_env' httpd-2.4.65/support/suexec.c:298:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:306:8: branch_false: ...to here httpd-2.4.65/support/suexec.c:306:8: branch_true: following 'true' branch (when 'argc > 1')... httpd-2.4.65/support/suexec.c:307:15: branch_true: ...to here httpd-2.4.65/support/suexec.c:348:8: branch_false: following 'false' branch (when 'argc > 3')... httpd-2.4.65/support/suexec.c:353:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:368:8: branch_false: following 'false' branch (when the strings are equal)... httpd-2.4.65/support/suexec.c:380:10: branch_false: ...to here httpd-2.4.65/support/suexec.c:380:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:380:9: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:391:10: branch_false: ...to here httpd-2.4.65/support/suexec.c:400:12: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:415:9: branch_false: ...to here httpd-2.4.65/support/suexec.c:415:8: branch_true: following 'true' branch... httpd-2.4.65/support/suexec.c:416:19: branch_true: ...to here httpd-2.4.65/support/suexec.c:416:12: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:427:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:428:8: branch_false: following 'false' branch (when 'actual_gname' is non-NULL)... httpd-2.4.65/support/suexec.c:463:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:464:20: acquire_memory: allocated here httpd-2.4.65/support/suexec.c:466:8: branch_true: following 'true' branch... httpd-2.4.65/support/suexec.c:467:9: branch_true: ...to here httpd-2.4.65/support/suexec.c:467:9: call_function: calling 'log_err' from 'main' # 162| } # 163| # 164|-> vsyslog(is_error ? LOG_ERR : LOG_INFO, fmt, ap); # 165| #elif defined(AP_LOG_EXEC) # 166| time_t timevar; Error: GCC_ANALYZER_WARNING (CWE-401): [#def149] httpd-2.4.65/support/suexec.c:164:5: warning[-Wanalyzer-malloc-leak]: leak of 'cleanenv' httpd-2.4.65/support/suexec.c:270:5: enter_function: entry to 'main' httpd-2.4.65/support/suexec.c:291:5: call_function: calling 'clean_env' from 'main' # 162| } # 163| # 164|-> vsyslog(is_error ? LOG_ERR : LOG_INFO, fmt, ap); # 165| #elif defined(AP_LOG_EXEC) # 166| time_t timevar; Error: GCC_ANALYZER_WARNING (CWE-401): [#def150] httpd-2.4.65/support/suexec.c:164:5: warning[-Wanalyzer-malloc-leak]: leak of 'target_homedir' httpd-2.4.65/support/suexec.c:270:5: enter_function: entry to 'main' httpd-2.4.65/support/suexec.c:291:5: call_function: calling 'clean_env' from 'main' httpd-2.4.65/support/suexec.c:291:5: return_function: returning to 'main' from 'clean_env' httpd-2.4.65/support/suexec.c:298:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:306:8: branch_false: ...to here httpd-2.4.65/support/suexec.c:306:8: branch_true: following 'true' branch (when 'argc > 1')... httpd-2.4.65/support/suexec.c:307:15: branch_true: ...to here httpd-2.4.65/support/suexec.c:348:8: branch_false: following 'false' branch (when 'argc > 3')... httpd-2.4.65/support/suexec.c:353:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:368:8: branch_false: following 'false' branch (when the strings are equal)... httpd-2.4.65/support/suexec.c:380:10: branch_false: ...to here httpd-2.4.65/support/suexec.c:380:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:380:9: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:391:10: branch_false: ...to here httpd-2.4.65/support/suexec.c:400:12: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:415:9: branch_false: ...to here httpd-2.4.65/support/suexec.c:415:8: branch_true: following 'true' branch... httpd-2.4.65/support/suexec.c:416:19: branch_true: ...to here httpd-2.4.65/support/suexec.c:416:12: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:427:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:428:8: branch_false: following 'false' branch (when 'actual_gname' is non-NULL)... httpd-2.4.65/support/suexec.c:463:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:465:22: acquire_memory: allocated here httpd-2.4.65/support/suexec.c:466:8: branch_true: following 'true' branch... httpd-2.4.65/support/suexec.c:467:9: branch_true: ...to here httpd-2.4.65/support/suexec.c:467:9: call_function: calling 'log_err' from 'main' # 162| } # 163| # 164|-> vsyslog(is_error ? LOG_ERR : LOG_INFO, fmt, ap); # 165| #elif defined(AP_LOG_EXEC) # 166| time_t timevar; Error: GCC_ANALYZER_WARNING (CWE-404): [#def151] httpd-2.4.65/support/suexec.c:164:5: warning[-Wanalyzer-va-list-leak]: missing call to 'va_end' httpd-2.4.65/support/suexec.c:270:5: enter_function: entry to 'main' httpd-2.4.65/support/suexec.c:291:5: call_function: calling 'clean_env' from 'main' # 162| } # 163| # 164|-> vsyslog(is_error ? LOG_ERR : LOG_INFO, fmt, ap); # 165| #elif defined(AP_LOG_EXEC) # 166| time_t timevar; Error: GCC_ANALYZER_WARNING (CWE-401): [#def152] httpd-2.4.65/support/suexec.c:504:34: warning[-Wanalyzer-malloc-leak]: leak of 'actual_gname' httpd-2.4.65/support/suexec.c:270:5: enter_function: entry to 'main' httpd-2.4.65/support/suexec.c:291:5: call_function: calling 'clean_env' from 'main' httpd-2.4.65/support/suexec.c:291:5: return_function: returning to 'main' from 'clean_env' httpd-2.4.65/support/suexec.c:298:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:306:8: branch_false: ...to here httpd-2.4.65/support/suexec.c:306:8: branch_true: following 'true' branch (when 'argc > 1')... httpd-2.4.65/support/suexec.c:307:15: branch_true: ...to here httpd-2.4.65/support/suexec.c:348:8: branch_false: following 'false' branch (when 'argc > 3')... httpd-2.4.65/support/suexec.c:353:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:368:8: branch_false: following 'false' branch (when the strings are equal)... httpd-2.4.65/support/suexec.c:380:10: branch_false: ...to here httpd-2.4.65/support/suexec.c:380:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:380:9: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:391:10: branch_false: ...to here httpd-2.4.65/support/suexec.c:400:12: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:415:9: branch_false: ...to here httpd-2.4.65/support/suexec.c:416:12: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:427:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:428:25: acquire_memory: allocated here httpd-2.4.65/support/suexec.c:428:8: branch_false: following 'false' branch (when 'actual_gname' is non-NULL)... httpd-2.4.65/support/suexec.c:463:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:466:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:475:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:475:5: call_function: calling 'log_no_err' from 'main' httpd-2.4.65/support/suexec.c:475:5: return_function: returning to 'main' from 'log_no_err' httpd-2.4.65/support/suexec.c:484:8: branch_false: following 'false' branch (when 'uid > 999')... httpd-2.4.65/support/suexec.c:493:8: branch_false: ...to here httpd-2.4.65/support/suexec.c:493:8: branch_false: following 'false' branch (when 'gid > 999')... httpd-2.4.65/support/suexec.c:504:10: branch_false: ...to here httpd-2.4.65/support/suexec.c:504:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:504:34: branch_false: ...to here httpd-2.4.65/support/suexec.c:504:34: danger: 'actual_gname' leaks here; was allocated at [(26)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/25) # 502| * and setgid() to the target group. If unsuccessful, error out. # 503| */ # 504|-> if (((setgid(gid)) != 0) || (initgroups(actual_uname, gid) != 0)) { # 505| log_err("failed to setgid/initgroups (%lu: %s): %s\n", # 506| (unsigned long)gid, cmd, strerror(errno)); Error: GCC_ANALYZER_WARNING (CWE-401): [#def153] httpd-2.4.65/support/suexec.c:504:34: warning[-Wanalyzer-malloc-leak]: leak of 'actual_uname' httpd-2.4.65/support/suexec.c:270:5: enter_function: entry to 'main' httpd-2.4.65/support/suexec.c:291:5: call_function: calling 'clean_env' from 'main' httpd-2.4.65/support/suexec.c:291:5: return_function: returning to 'main' from 'clean_env' httpd-2.4.65/support/suexec.c:298:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:306:8: branch_false: ...to here httpd-2.4.65/support/suexec.c:306:8: branch_true: following 'true' branch (when 'argc > 1')... httpd-2.4.65/support/suexec.c:307:15: branch_true: ...to here httpd-2.4.65/support/suexec.c:348:8: branch_false: following 'false' branch (when 'argc > 3')... httpd-2.4.65/support/suexec.c:353:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:368:8: branch_false: following 'false' branch (when the strings are equal)... httpd-2.4.65/support/suexec.c:380:10: branch_false: ...to here httpd-2.4.65/support/suexec.c:380:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:380:9: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:391:10: branch_false: ...to here httpd-2.4.65/support/suexec.c:400:12: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:415:9: branch_false: ...to here httpd-2.4.65/support/suexec.c:416:12: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:427:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:428:8: branch_false: following 'false' branch (when 'actual_gname' is non-NULL)... httpd-2.4.65/support/suexec.c:463:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:464:20: acquire_memory: allocated here httpd-2.4.65/support/suexec.c:466:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:475:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:475:5: call_function: calling 'log_no_err' from 'main' httpd-2.4.65/support/suexec.c:475:5: return_function: returning to 'main' from 'log_no_err' httpd-2.4.65/support/suexec.c:484:8: branch_false: following 'false' branch (when 'uid > 999')... httpd-2.4.65/support/suexec.c:493:8: branch_false: ...to here httpd-2.4.65/support/suexec.c:493:8: branch_false: following 'false' branch (when 'gid > 999')... httpd-2.4.65/support/suexec.c:504:10: branch_false: ...to here httpd-2.4.65/support/suexec.c:504:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:504:34: branch_false: ...to here httpd-2.4.65/support/suexec.c:504:34: danger: 'actual_uname' leaks here; was allocated at [(28)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/27) # 502| * and setgid() to the target group. If unsuccessful, error out. # 503| */ # 504|-> if (((setgid(gid)) != 0) || (initgroups(actual_uname, gid) != 0)) { # 505| log_err("failed to setgid/initgroups (%lu: %s): %s\n", # 506| (unsigned long)gid, cmd, strerror(errno)); Error: GCC_ANALYZER_WARNING (CWE-401): [#def154] httpd-2.4.65/support/suexec.c:504:34: warning[-Wanalyzer-malloc-leak]: leak of 'target_homedir' httpd-2.4.65/support/suexec.c:270:5: enter_function: entry to 'main' httpd-2.4.65/support/suexec.c:291:5: call_function: calling 'clean_env' from 'main' httpd-2.4.65/support/suexec.c:291:5: return_function: returning to 'main' from 'clean_env' httpd-2.4.65/support/suexec.c:298:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:306:8: branch_false: ...to here httpd-2.4.65/support/suexec.c:306:8: branch_true: following 'true' branch (when 'argc > 1')... httpd-2.4.65/support/suexec.c:307:15: branch_true: ...to here httpd-2.4.65/support/suexec.c:348:8: branch_false: following 'false' branch (when 'argc > 3')... httpd-2.4.65/support/suexec.c:353:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:368:8: branch_false: following 'false' branch (when the strings are equal)... httpd-2.4.65/support/suexec.c:380:10: branch_false: ...to here httpd-2.4.65/support/suexec.c:380:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:380:9: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:391:10: branch_false: ...to here httpd-2.4.65/support/suexec.c:400:12: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:415:9: branch_false: ...to here httpd-2.4.65/support/suexec.c:416:12: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:427:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:428:8: branch_false: following 'false' branch (when 'actual_gname' is non-NULL)... httpd-2.4.65/support/suexec.c:463:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:465:22: acquire_memory: allocated here httpd-2.4.65/support/suexec.c:466:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:475:5: branch_false: ...to here httpd-2.4.65/support/suexec.c:475:5: call_function: calling 'log_no_err' from 'main' httpd-2.4.65/support/suexec.c:475:5: return_function: returning to 'main' from 'log_no_err' httpd-2.4.65/support/suexec.c:484:8: branch_false: following 'false' branch (when 'uid > 999')... httpd-2.4.65/support/suexec.c:493:8: branch_false: ...to here httpd-2.4.65/support/suexec.c:493:8: branch_false: following 'false' branch (when 'gid > 999')... httpd-2.4.65/support/suexec.c:504:10: branch_false: ...to here httpd-2.4.65/support/suexec.c:504:8: branch_false: following 'false' branch... httpd-2.4.65/support/suexec.c:504:34: branch_false: ...to here httpd-2.4.65/support/suexec.c:504:34: danger: 'target_homedir' leaks here; was allocated at [(28)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/27) # 502| * and setgid() to the target group. If unsuccessful, error out. # 503| */ # 504|-> if (((setgid(gid)) != 0) || (initgroups(actual_uname, gid) != 0)) { # 505| log_err("failed to setgid/initgroups (%lu: %s): %s\n", # 506| (unsigned long)gid, cmd, strerror(errno));
| analyzer-version-clippy | 1.90.0 |
| analyzer-version-cppcheck | 2.18.3 |
| analyzer-version-gcc | 15.2.1 |
| analyzer-version-gcc-analyzer | 16.0.0 |
| analyzer-version-shellcheck | 0.11.0 |
| analyzer-version-unicontrol | 0.0.2 |
| enabled-plugins | clippy, cppcheck, gcc, shellcheck, unicontrol |
| exit-code | 0 |
| host | ip-172-16-1-104.us-west-2.compute.internal |
| known-false-positives | /usr/share/csmock/known-false-positives.js |
| known-false-positives-rpm | known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch |
| mock-config | fedora-rawhide-gcc-latest-x86_64 |
| project-name | httpd-2.4.65-1.fc44 |
| store-results-to | /tmp/tmp64s1c6q7/httpd-2.4.65-1.fc44.tar.xz |
| time-created | 2025-10-28 18:15:15 |
| time-finished | 2025-10-28 18:19:22 |
| tool | csmock |
| tool-args | '/usr/bin/csmock' '-r' 'fedora-rawhide-gcc-latest-x86_64' '-t' 'gcc,cppcheck,shellcheck,clippy,unicontrol' '-o' '/tmp/tmp64s1c6q7/httpd-2.4.65-1.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--install=gcc-latest' '--gcc-analyzer-bin=/opt/gcc-latest/bin/gcc' '/tmp/tmp64s1c6q7/httpd-2.4.65-1.fc44.src.rpm' |
| tool-version | csmock-3.8.3.20251027.143044.ge6b947b-1.el9 |