krb5-1.21.3-10.fc44

List of Findings

Error: SHELLCHECK_WARNING (CWE-88): [#def1]
/usr/bin/k5srvutil:37:10: error[SC2068]: Double quote array expansions to avoid re-splitting elements.
#   35|       
#   36|   cmd_error() {
#   37|->     echo $@ 2>&1
#   38|       }
#   39|   

Error: SHELLCHECK_WARNING (CWE-563): [#def2]
/usr/bin/krb5-config:39:1: warning[SC2034]: DL_LIB appears unused. Verify use (or export if used externally).
#   37|   PROG_RPATH_FLAGS=''
#   38|   PTHREAD_CFLAGS='-pthread'
#   39|-> DL_LIB=''
#   40|   DEFCCNAME='FILE:/tmp/krb5cc_%{uid}'
#   41|   DEFKTNAME='FILE:/etc/krb5.keytab'

Error: SHELLCHECK_WARNING (CWE-563): [#def3]
/usr/bin/krb5-config:43:1: warning[SC2034]: SELINUX_LIBS appears unused. Verify use (or export if used externally).
#   41|   DEFKTNAME='FILE:/etc/krb5.keytab'
#   42|   DEFCKTNAME='FILE:/var/kerberos/krb5/user/%{euid}/client.keytab'
#   43|-> SELINUX_LIBS='-lselinux '
#   44|   
#   45|   LIBS='-lkeyutils -lcrypto -lresolv '

Error: SHELLCHECK_WARNING (CWE-563): [#def4]
/usr/bin/krb5-config:45:1: warning[SC2034]: LIBS appears unused. Verify use (or export if used externally).
#   43|   SELINUX_LIBS='-lselinux '
#   44|   
#   45|-> LIBS='-lkeyutils -lcrypto -lresolv '
#   46|   GEN_LIB=
#   47|   

Error: SHELLCHECK_WARNING (CWE-563): [#def5]
/usr/bin/krb5-config:46:1: warning[SC2034]: GEN_LIB appears unused. Verify use (or export if used externally).
#   44|   
#   45|   LIBS='-lkeyutils -lcrypto -lresolv '
#   46|-> GEN_LIB=
#   47|   
#   48|   # Defaults for program

Error: SHELLCHECK_WARNING (CWE-571): [#def6]
/usr/libexec/krb5-tests-x86_64:8:8: warning[SC2155]: Declare and assign separately to avoid masking return values.
#    6|   export RPM_PACKAGE_RELEASE=10
#    7|   export RPM_ARCH=x86_64
#    8|-> export RPM_BUILD_NCPUS="$(getconf _NPROCESSORS_ONLN)"
#    9|   
#   10|   testdir="$(mktemp -d)"

Error: SHELLCHECK_WARNING (CWE-569): [#def7]
/usr/libexec/krb5-tests-x86_64:11:14: warning[SC2064]: Use single quotes, otherwise this expands now rather than when signalled.
#    9|   
#   10|   testdir="$(mktemp -d)"
#   11|-> trap "rm -rf ${testdir}" EXIT
#   12|   
#   13|   build_flags="$(eval "echo $(rpm --eval '%{_smp_mflags}')")"

Error: SHELLCHECK_WARNING (CWE-563): [#def8]
/usr/share/krb5-tests/x86_64/build-tools/krb5-config:39:1: warning[SC2034]: DL_LIB appears unused. Verify use (or export if used externally).
#   37|   PROG_RPATH_FLAGS=''
#   38|   PTHREAD_CFLAGS='-pthread'
#   39|-> DL_LIB=''
#   40|   DEFCCNAME='FILE:/tmp/krb5cc_%{uid}'
#   41|   DEFKTNAME='FILE:/etc/krb5.keytab'

Error: SHELLCHECK_WARNING (CWE-563): [#def9]
/usr/share/krb5-tests/x86_64/build-tools/krb5-config:43:1: warning[SC2034]: SELINUX_LIBS appears unused. Verify use (or export if used externally).
#   41|   DEFKTNAME='FILE:/etc/krb5.keytab'
#   42|   DEFCKTNAME='FILE:/var/kerberos/krb5/user/%{euid}/client.keytab'
#   43|-> SELINUX_LIBS='-lselinux '
#   44|   
#   45|   LIBS='-lkeyutils -lcrypto -lresolv '

Error: SHELLCHECK_WARNING (CWE-563): [#def10]
/usr/share/krb5-tests/x86_64/build-tools/krb5-config:45:1: warning[SC2034]: LIBS appears unused. Verify use (or export if used externally).
#   43|   SELINUX_LIBS='-lselinux '
#   44|   
#   45|-> LIBS='-lkeyutils -lcrypto -lresolv '
#   46|   GEN_LIB=
#   47|   

Error: SHELLCHECK_WARNING (CWE-563): [#def11]
/usr/share/krb5-tests/x86_64/build-tools/krb5-config:46:1: warning[SC2034]: GEN_LIB appears unused. Verify use (or export if used externally).
#   44|   
#   45|   LIBS='-lkeyutils -lcrypto -lresolv '
#   46|-> GEN_LIB=
#   47|   
#   48|   # Defaults for program

Error: SHELLCHECK_WARNING (CWE-563): [#def12]
/usr/share/krb5-tests/x86_64/build-tools/krb5-config.in:39:1: warning[SC2034]: DL_LIB appears unused. Verify use (or export if used externally).
#   37|   PROG_RPATH_FLAGS='@PROG_RPATH_FLAGS@'
#   38|   PTHREAD_CFLAGS='@PTHREAD_CFLAGS@'
#   39|-> DL_LIB='@DL_LIB@'
#   40|   DEFCCNAME='@DEFCCNAME@'
#   41|   DEFKTNAME='@DEFKTNAME@'

Error: SHELLCHECK_WARNING (CWE-563): [#def13]
/usr/share/krb5-tests/x86_64/build-tools/krb5-config.in:43:1: warning[SC2034]: SELINUX_LIBS appears unused. Verify use (or export if used externally).
#   41|   DEFKTNAME='@DEFKTNAME@'
#   42|   DEFCKTNAME='@DEFCKTNAME@'
#   43|-> SELINUX_LIBS='@SELINUX_LIBS@'
#   44|   
#   45|   LIBS='@LIBS@'

Error: SHELLCHECK_WARNING (CWE-563): [#def14]
/usr/share/krb5-tests/x86_64/build-tools/krb5-config.in:45:1: warning[SC2034]: LIBS appears unused. Verify use (or export if used externally).
#   43|   SELINUX_LIBS='@SELINUX_LIBS@'
#   44|   
#   45|-> LIBS='@LIBS@'
#   46|   GEN_LIB=@GEN_LIB@
#   47|   

Error: SHELLCHECK_WARNING (CWE-563): [#def15]
/usr/share/krb5-tests/x86_64/build-tools/krb5-config.in:46:1: warning[SC2034]: GEN_LIB appears unused. Verify use (or export if used externally).
#   44|   
#   45|   LIBS='@LIBS@'
#   46|-> GEN_LIB=@GEN_LIB@
#   47|   
#   48|   # Defaults for program

Error: SHELLCHECK_WARNING (CWE-398): [#def16]
/usr/share/krb5-tests/x86_64/ccapi/test/test_ccapi.sh:8:1: warning[SC2113]: 'function' keyword is non-standard. Use 'foo()' instead of 'function foo'.
#    6|   failure_count=0
#    7|   
#    8|-> function run_test {
#    9|   	if [[ -e $TEST_DIR/$1 ]]; then
#   10|   		./$TEST_DIR/$1

Error: SHELLCHECK_WARNING: [#def17]
/usr/share/krb5-tests/x86_64/ccapi/test/test_ccapi.sh:9:5: warning[SC3010]: In POSIX sh, [[ ]] is undefined.
#    7|   
#    8|   function run_test {
#    9|-> 	if [[ -e $TEST_DIR/$1 ]]; then
#   10|   		./$TEST_DIR/$1
#   11|   		failure_count=`expr $failure_count + $?`

Error: SHELLCHECK_WARNING (CWE-563): [#def18]
/usr/share/krb5-tests/x86_64/config.status:22:3: warning[SC2034]: NULLCMD appears unused. Verify use (or export if used externally).
#   20|   then :
#   21|     emulate sh
#   22|->   NULLCMD=:
#   23|     # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
#   24|     # is contrary to our usage.  Disable this feature.

Error: SHELLCHECK_WARNING (CWE-398): [#def19]
/usr/share/krb5-tests/x86_64/config.status:25:12: error[SC2142]: Aliases can't use positional parameters. Use a function.
#   23|     # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
#   24|     # is contrary to our usage.  Disable this feature.
#   25|->   alias -g '${1+"$@"}'='"$@"'
#   26|     setopt NO_GLOB_SUBST
#   27|   else case e in #(

Error: SHELLCHECK_WARNING: [#def20]
/usr/share/krb5-tests/x86_64/config.status:27:11: warning[SC2194]: This word is constant. Did you forget the $ on a variable?
#   25|     alias -g '${1+"$@"}'='"$@"'
#   26|     setopt NO_GLOB_SUBST
#   27|-> else case e in #(
#   28|     e) case `(set -o) 2>/dev/null` in #(
#   29|     *posix*) :

Error: SHELLCHECK_WARNING: [#def21]
/usr/share/krb5-tests/x86_64/config.status:30:12: warning[SC3040]: In POSIX sh, set option posix is undefined.
#   28|     e) case `(set -o) 2>/dev/null` in #(
#   29|     *posix*) :
#   30|->     set -o posix ;; #(
#   31|     *) :
#   32|        ;;

Error: SHELLCHECK_WARNING (CWE-569): [#def22]
/usr/share/krb5-tests/x86_64/config.status:67:16: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it.
#   65|   # in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
#   66|   for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
#   67|-> do eval test \${$as_var+y} \
#   68|     && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
#   69|   done

Error: SHELLCHECK_WARNING (CWE-569): [#def23]
/usr/share/krb5-tests/x86_64/config.status:67:26: warning[SC1083]: This } is literal. Check expression (missing ;/\n?) or quote it.
#   65|   # in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
#   66|   for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
#   67|-> do eval test \${$as_var+y} \
#   68|     && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
#   69|   done

Error: SHELLCHECK_WARNING (CWE-563): [#def24]
/usr/share/krb5-tests/x86_64/config.status:80:24: warning[SC2034]: FPATH appears unused. Verify use (or export if used externally).
#   78|     PATH_SEPARATOR=:
#   79|     (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
#   80|->     (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
#   81|         PATH_SEPARATOR=';'
#   82|     }

Error: SHELLCHECK_WARNING (CWE-563): [#def25]
/usr/share/krb5-tests/x86_64/config.status:159:1: warning[SC2034]: as_unset appears unused. Verify use (or export if used externally).
#  157|     { eval $1=; unset $1;}
#  158|   }
#  159|-> as_unset=as_fn_unset
#  160|   
#  161|   # as_fn_append VAR VALUE

Error: SHELLCHECK_WARNING: [#def26]
/usr/share/krb5-tests/x86_64/config.status:173:11: warning[SC2194]: This word is constant. Did you forget the $ on a variable?
#  171|       eval $1+=\$2
#  172|     }'
#  173|-> else case e in #(
#  174|     e) as_fn_append ()
#  175|     {

Error: SHELLCHECK_WARNING: [#def27]
/usr/share/krb5-tests/x86_64/config.status:192:11: warning[SC2194]: This word is constant. Did you forget the $ on a variable?
#  190|       as_val=$(( $* ))
#  191|     }'
#  192|-> else case e in #(
#  193|     e) as_fn_arith ()
#  194|     {

Error: SHELLCHECK_WARNING (CWE-563): [#def28]
/usr/share/krb5-tests/x86_64/config.status:195:5: warning[SC2034]: as_val appears unused. Verify use (or export if used externally).
#  193|     e) as_fn_arith ()
#  194|     {
#  195|->     as_val=`expr "$@" || test $? -eq 1`
#  196|     } ;;
#  197|   esac

Error: SHELLCHECK_WARNING (CWE-456): [#def29]
/usr/share/krb5-tests/x86_64/config.status:203:3: warning[SC2209]: Use var=$(command) to assign output (or quote to assign string).
#  201|   if expr a : '\(a\)' >/dev/null 2>&1 &&
#  202|      test "X`expr 00001 : '.*\(...\)'`" = X001; then
#  203|->   as_expr=expr
#  204|   else
#  205|     as_expr=false

Error: SHELLCHECK_WARNING (CWE-456): [#def30]
/usr/share/krb5-tests/x86_64/config.status:209:3: warning[SC2209]: Use var=$(command) to assign output (or quote to assign string).
#  207|   
#  208|   if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
#  209|->   as_basename=basename
#  210|   else
#  211|     as_basename=false

Error: SHELLCHECK_WARNING (CWE-456): [#def31]
/usr/share/krb5-tests/x86_64/config.status:215:3: warning[SC2209]: Use var=$(command) to assign output (or quote to assign string).
#  213|   
#  214|   if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
#  215|->   as_dirname=dirname
#  216|   else
#  217|     as_dirname=false

Error: SHELLCHECK_WARNING (CWE-480): [#def32]
/usr/share/krb5-tests/x86_64/config.status:250:8: warning[SC1007]: Remove space after = if trying to assign a value (for empty string, use var='' ... ).
#  248|   # These variables are no longer used directly by Autoconf, but are AC_SUBSTed
#  249|   # for compatibility with existing Makefiles.
#  250|-> ECHO_C= ECHO_N= ECHO_T=
#  251|   case `echo -n x` in #(((((
#  252|   -n*)

Error: SHELLCHECK_WARNING (CWE-480): [#def33]
/usr/share/krb5-tests/x86_64/config.status:250:16: warning[SC1007]: Remove space after = if trying to assign a value (for empty string, use var='' ... ).
#  248|   # These variables are no longer used directly by Autoconf, but are AC_SUBSTed
#  249|   # for compatibility with existing Makefiles.
#  250|-> ECHO_C= ECHO_N= ECHO_T=
#  251|   case `echo -n x` in #(((((
#  252|   -n*)

Error: SHELLCHECK_WARNING: [#def34]
/usr/share/krb5-tests/x86_64/config.status:251:12: warning[SC3037]: In POSIX sh, echo flags are undefined.
#  249|   # for compatibility with existing Makefiles.
#  250|   ECHO_C= ECHO_N= ECHO_T=
#  251|-> case `echo -n x` in #(((((
#  252|   -n*)
#  253|     case `echo 'xy\c'` in

Error: SHELLCHECK_WARNING (CWE-563): [#def35]
/usr/share/krb5-tests/x86_64/config.status:255:8: warning[SC2034]: ECHO_C appears unused. Verify use (or export if used externally).
#  253|     case `echo 'xy\c'` in
#  254|     *c*) ECHO_T='	';;	# ECHO_T is single tab character.
#  255|->   xy)  ECHO_C='\c';;
#  256|     *)   echo `echo ksh88 bug on AIX 6.1` > /dev/null
#  257|          ECHO_T='	';;

Error: SHELLCHECK_WARNING (CWE-156): [#def36]
/usr/share/krb5-tests/x86_64/config.status:256:13: warning[SC2046]: Quote this to prevent word splitting.
#  254|     *c*) ECHO_T='	';;	# ECHO_T is single tab character.
#  255|     xy)  ECHO_C='\c';;
#  256|->   *)   echo `echo ksh88 bug on AIX 6.1` > /dev/null
#  257|          ECHO_T='	';;
#  258|     esac;;

Error: SHELLCHECK_WARNING (CWE-563): [#def37]
/usr/share/krb5-tests/x86_64/config.status:257:8: warning[SC2034]: ECHO_T appears unused. Verify use (or export if used externally).
#  255|     xy)  ECHO_C='\c';;
#  256|     *)   echo `echo ksh88 bug on AIX 6.1` > /dev/null
#  257|->        ECHO_T='	';;
#  258|     esac;;
#  259|   *)

Error: SHELLCHECK_WARNING (CWE-563): [#def38]
/usr/share/krb5-tests/x86_64/config.status:260:3: warning[SC2034]: ECHO_N appears unused. Verify use (or export if used externally).
#  258|     esac;;
#  259|   *)
#  260|->   ECHO_N='-n';;
#  261|   esac
#  262|   

Error: SHELLCHECK_WARNING (CWE-563): [#def39]
/usr/share/krb5-tests/x86_64/config.status:266:1: warning[SC2034]: as_echo appears unused. Verify use (or export if used externally).
#  264|   # the shell variables $as_echo and $as_echo_n.  New code should use
#  265|   # AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
#  266|-> as_echo='printf %s\n'
#  267|   as_echo_n='printf %s'
#  268|   

Error: SHELLCHECK_WARNING (CWE-563): [#def40]
/usr/share/krb5-tests/x86_64/config.status:267:1: warning[SC2034]: as_echo_n appears unused. Verify use (or export if used externally).
#  265|   # AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
#  266|   as_echo='printf %s\n'
#  267|-> as_echo_n='printf %s'
#  268|   
#  269|   rm -f conf$$ conf$$.exe conf$$.file

Error: SHELLCHECK_WARNING (CWE-456): [#def41]
/usr/share/krb5-tests/x86_64/config.status:286:5: warning[SC2209]: Use var=$(command) to assign output (or quote to assign string).
#  284|         as_ln_s='cp -pR'
#  285|     elif ln conf$$.file conf$$ 2>/dev/null; then
#  286|->     as_ln_s=ln
#  287|     else
#  288|       as_ln_s='cp -pR'

Error: SHELLCHECK_WARNING (CWE-563): [#def42]
/usr/share/krb5-tests/x86_64/config.status:291:3: warning[SC2034]: as_ln_s appears unused. Verify use (or export if used externally).
#  289|     fi
#  290|   else
#  291|->   as_ln_s='cp -pR'
#  292|   fi
#  293|   rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file

Error: SHELLCHECK_WARNING (CWE-563): [#def43]
/usr/share/krb5-tests/x86_64/config.status:359:1: warning[SC2034]: as_test_x appears unused. Verify use (or export if used externally).
#  357|     test -f "$1" && test -x "$1"
#  358|   } # as_fn_executable_p
#  359|-> as_test_x='test -x'
#  360|   as_executable_p=as_fn_executable_p
#  361|   

Error: SHELLCHECK_WARNING (CWE-563): [#def44]
/usr/share/krb5-tests/x86_64/config.status:360:1: warning[SC2034]: as_executable_p appears unused. Verify use (or export if used externally).
#  358|   } # as_fn_executable_p
#  359|   as_test_x='test -x'
#  360|-> as_executable_p=as_fn_executable_p
#  361|   
#  362|   # Sed expression to map a string onto a valid CPP name.

Error: SHELLCHECK_WARNING (CWE-563): [#def45]
/usr/share/krb5-tests/x86_64/config.status:364:1: warning[SC2034]: as_tr_cpp appears unused. Verify use (or export if used externally).
#  362|   # Sed expression to map a string onto a valid CPP name.
#  363|   as_sed_cpp="y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g"
#  364|-> as_tr_cpp="eval sed '$as_sed_cpp'" # deprecated
#  365|   
#  366|   # Sed expression to map a string onto a valid variable name.

Error: SHELLCHECK_WARNING (CWE-563): [#def46]
/usr/share/krb5-tests/x86_64/config.status:368:1: warning[SC2034]: as_tr_sh appears unused. Verify use (or export if used externally).
#  366|   # Sed expression to map a string onto a valid variable name.
#  367|   as_sed_sh="y%*+%pp%;s%[^_$as_cr_alnum]%_%g"
#  368|-> as_tr_sh="eval sed '$as_sed_sh'" # deprecated
#  369|   
#  370|   

Error: SHELLCHECK_WARNING (CWE-569): [#def47]
/usr/share/krb5-tests/x86_64/config.status:378:8: warning[SC2124]: Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.
#  376|   # report actual input values of CONFIG_FILES etc. instead of their
#  377|   # values after options handling.
#  378|-> ac_log="
#  379|   This file was extended by Kerberos 5 $as_me 1.21.3, which was
#  380|   generated by GNU Autoconf 2.72.  Invocation command line was

Error: SHELLCHECK_WARNING (CWE-456): [#def48]
/usr/share/krb5-tests/x86_64/config.status:436:19: warning[SC2209]: Use var=$(command) to assign output (or quote to assign string).
#  434|   INSTALL='/usr/bin/install -c'
#  435|   AWK='gawk'
#  436|-> test -n "$AWK" || AWK=awk
#  437|   # The default lists apply if the user does not specify any file.
#  438|   ac_need_defaults=:

Error: SHELLCHECK_WARNING (CWE-456): [#def49]
/usr/share/krb5-tests/x86_64/config.status:455:5: warning[SC2209]: Use var=$(command) to assign output (or quote to assign string).
#  453|       ac_option=$1
#  454|       ac_optarg=$2
#  455|->     ac_shift=shift
#  456|       ;;
#  457|     esac

Error: SHELLCHECK_WARNING (CWE-456): [#def50]
/usr/share/krb5-tests/x86_64/config.status:513:7: warning[SC2121]: To assign a variable, use just 'var=value', no 'set ..'.
#  511|   
#  512|   if $ac_cs_recheck; then
#  513|->   set X /bin/sh './configure'  '--build=x86_64-redhat-linux' '--host=x86_64-redhat-linux' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/bin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' 'CC=gcc' 'CFLAGS=-O2 -flto=auto -ffat-lto-objects -fexcep [...]
#  514|     shift
#  515|     \printf "%s\n" "running CONFIG_SHELL=/bin/sh $*" >&6
/usr/share/krb5-tests/x86_64/config.status:513:7: note: trimmed 1 message(s) with length over 512

Error: SHELLCHECK_WARNING (CWE-457): [#def51]
/usr/share/krb5-tests/x86_64/config.status:532:25: warning[SC2154]: ac_config_targets is referenced but not assigned (did you mean 'ac_config_target'?).
#  530|   
#  531|   # Handling of arguments.
#  532|-> for ac_config_target in $ac_config_targets
#  533|   do
#  534|     case $ac_config_target in

Error: SHELLCHECK_WARNING (CWE-480): [#def52]
/usr/share/krb5-tests/x86_64/config.status:688:7: warning[SC1007]: Remove space after = if trying to assign a value (for empty string, use var='' ... ).
#  686|   $debug ||
#  687|   {
#  688|->   tmp= ac_tmp=
#  689|     trap 'exit_status=$?
#  690|     : "${ac_tmp:=$tmp}"

Error: SHELLCHECK_WARNING (CWE-457): [#def53]
/usr/share/krb5-tests/x86_64/config.status:689:8: warning[SC2154]: exit_status is referenced but not assigned.
#  687|   {
#  688|     tmp= ac_tmp=
#  689|->   trap 'exit_status=$?
#  690|     : "${ac_tmp:=$tmp}"
#  691|     { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status

Error: SHELLCHECK_WARNING (CWE-398): [#def54]
/usr/share/krb5-tests/x86_64/config.status:693:27: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names.
#  691|     { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
#  692|   ' 0
#  693|->   trap 'as_fn_exit 1' 1 2 13 15
#  694|   }
#  695|   # Create a (secure) tmp directory for tmp files.

Error: SHELLCHECK_WARNING: [#def55]
/usr/share/krb5-tests/x86_64/config.status:702:16: warning[SC3028]: In POSIX sh, RANDOM is undefined.
#  700|   }  ||
#  701|   {
#  702|->   tmp=./conf$$-$RANDOM
#  703|     (umask 077 && mkdir "$tmp")
#  704|   } || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5

Error: SHELLCHECK_WARNING (CWE-456): [#def56]
/usr/share/krb5-tests/x86_64/config.status:1305:7: warning[SC2121]: To assign a variable, use just 'var=value', no 'set ..'.
# 1303|     ac_save_IFS=$IFS
# 1304|     IFS=:
# 1305|->   set x $ac_tag
# 1306|     IFS=$ac_save_IFS
# 1307|     shift

Error: SHELLCHECK_WARNING (CWE-563): [#def57]
/usr/share/krb5-tests/x86_64/config.status:1312:7: warning[SC2034]: ac_source appears unused. Verify use (or export if used externally).
# 1310|   
# 1311|     case $ac_mode in
# 1312|->   :L) ac_source=$1;;
# 1313|     :[FH])
# 1314|       ac_file_inputs=

Error: SHELLCHECK_WARNING (CWE-480): [#def58]
/usr/share/krb5-tests/x86_64/config.status:1386:18: warning[SC1007]: Remove space after = if trying to assign a value (for empty string, use var='' ... ).
# 1384|   
# 1385|   case "$ac_dir" in
# 1386|-> .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
# 1387|   *)
# 1388|     ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`

Error: SHELLCHECK_WARNING (CWE-563): [#def59]
/usr/share/krb5-tests/x86_64/config.status:1399:1: warning[SC2034]: ac_top_builddir appears unused. Verify use (or export if used externally).
# 1397|   ac_abs_builddir=$ac_pwd$ac_dir_suffix
# 1398|   # for backward compatibility:
# 1399|-> ac_top_builddir=$ac_top_build_prefix
# 1400|   
# 1401|   case $srcdir in

Error: SHELLCHECK_WARNING (CWE-563): [#def60]
/usr/share/krb5-tests/x86_64/config.status:1454:1: warning[SC2034]: ac_sed_extra appears unused. Verify use (or export if used externally).
# 1452|     s&\${datarootdir}&${prefix}/share&g' ;;
# 1453|   esac
# 1454|-> ac_sed_extra="/^[	 ]*VPATH[	 ]*=[	 ]*/{
# 1455|   h
# 1456|   s///

Error: SHELLCHECK_WARNING: [#def61]
/usr/share/krb5-tests/x86_64/config/install-sh:142:33: warning[SC2320]: This $? refers to echo/printf, not a previous command. Assign to variable to avoid it being overwritten.
#  140|           shift;;
#  141|   
#  142|->     --help) echo "$usage"; exit $?;;
#  143|   
#  144|       -m) mode=$2

Error: SHELLCHECK_WARNING: [#def62]
/usr/share/krb5-tests/x86_64/config/install-sh:173:47: warning[SC2320]: This $? refers to echo/printf, not a previous command. Assign to variable to avoid it being overwritten.
#  171|       -T) is_target_a_directory=never;;
#  172|   
#  173|->     --version) echo "$0 $scriptversion"; exit $?;;
#  174|   
#  175|       --) shift

Error: SHELLCHECK_WARNING (CWE-456): [#def63]
/usr/share/krb5-tests/x86_64/config/install-sh:204:11: warning[SC2121]: To assign a variable, use just 'var=value', no 'set ..'.
#  202|       if test -n "$dst_arg"; then
#  203|         # $@ is not empty: it contains at least $arg.
#  204|->       set fnord "$@" "$dst_arg"
#  205|         shift # fnord
#  206|       fi

Error: SHELLCHECK_WARNING (CWE-569): [#def64]
/usr/share/krb5-tests/x86_64/config/install-sh:237:18: warning[SC2064]: Use single quotes, otherwise this expands now rather than when signalled.
#  235|   if test -z "$dir_arg"; then
#  236|     do_exit='(exit $ret); exit $ret'
#  237|->   trap "ret=129; $do_exit" 1
#  238|     trap "ret=130; $do_exit" 2
#  239|     trap "ret=141; $do_exit" 13

Error: SHELLCHECK_WARNING (CWE-569): [#def65]
/usr/share/krb5-tests/x86_64/config/install-sh:238:18: warning[SC2064]: Use single quotes, otherwise this expands now rather than when signalled.
#  236|     do_exit='(exit $ret); exit $ret'
#  237|     trap "ret=129; $do_exit" 1
#  238|->   trap "ret=130; $do_exit" 2
#  239|     trap "ret=141; $do_exit" 13
#  240|     trap "ret=143; $do_exit" 15

Error: SHELLCHECK_WARNING (CWE-569): [#def66]
/usr/share/krb5-tests/x86_64/config/install-sh:239:18: warning[SC2064]: Use single quotes, otherwise this expands now rather than when signalled.
#  237|     trap "ret=129; $do_exit" 1
#  238|     trap "ret=130; $do_exit" 2
#  239|->   trap "ret=141; $do_exit" 13
#  240|     trap "ret=143; $do_exit" 15
#  241|   

Error: SHELLCHECK_WARNING (CWE-398): [#def67]
/usr/share/krb5-tests/x86_64/config/install-sh:239:28: warning[SC2172]: Trapping signals by number is not well defined. Prefer signal names.
#  237|     trap "ret=129; $do_exit" 1
#  238|     trap "ret=130; $do_exit" 2
#  239|->   trap "ret=141; $do_exit" 13
#  240|     trap "ret=143; $do_exit" 15
#  241|   

Error: SHELLCHECK_WARNING (CWE-569): [#def68]
/usr/share/krb5-tests/x86_64/config/install-sh:240:18: warning[SC2064]: Use single quotes, otherwise this expands now rather than when signalled.
#  238|     trap "ret=130; $do_exit" 2
#  239|     trap "ret=141; $do_exit" 13
#  240|->   trap "ret=143; $do_exit" 15
#  241|   
#  242|     # Set umask so as not to create temps with too-generous modes.

Error: SHELLCHECK_WARNING: [#def69]
/usr/share/krb5-tests/x86_64/config/install-sh:339:27: warning[SC3028]: In POSIX sh, RANDOM is undefined.
#  337|   	# The $RANDOM variable is not portable (e.g., dash).  Use it
#  338|   	# here however when possible just to lower collision chance.
#  339|-> 	tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
#  340|   
#  341|   	trap '

Error: SHELLCHECK_WARNING (CWE-457): [#def70]
/usr/share/krb5-tests/x86_64/config/install-sh:341:7: warning[SC2154]: ret is referenced but not assigned.
#  339|   	tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
#  340|   
#  341|-> 	trap '
#  342|   	  ret=$?
#  343|   	  rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null

Error: SHELLCHECK_WARNING (CWE-456): [#def71]
/usr/share/krb5-tests/x86_64/config/install-sh:403:11: warning[SC2121]: To assign a variable, use just 'var=value', no 'set ..'.
#  401|         IFS=/
#  402|         set -f
#  403|->       set fnord $dstdir
#  404|         shift
#  405|         set +f

Error: SHELLCHECK_WARNING (CWE-456): [#def72]
/usr/share/krb5-tests/x86_64/config/install-sh:488:12: warning[SC2121]: To assign a variable, use just 'var=value', no 'set ..'.
#  486|          new=`LC_ALL=C ls -dlL "$dsttmp"  2>/dev/null` &&
#  487|          set -f &&
#  488|->        set X $old && old=:$2:$4:$5:$6 &&
#  489|          set X $new && new=:$2:$4:$5:$6 &&
#  490|          set +f &&

Error: SHELLCHECK_WARNING (CWE-456): [#def73]
/usr/share/krb5-tests/x86_64/config/install-sh:489:12: warning[SC2121]: To assign a variable, use just 'var=value', no 'set ..'.
#  487|          set -f &&
#  488|          set X $old && old=:$2:$4:$5:$6 &&
#  489|->        set X $new && new=:$2:$4:$5:$6 &&
#  490|          set +f &&
#  491|          test "$old" = "$new" &&

Error: SHELLCHECK_WARNING (CWE-456): [#def74]
/usr/share/krb5-tests/x86_64/config/mkinstalldirs:13:8: warning[SC2121]: To assign a variable, use just 'var=value', no 'set ..'.
#   11|   for file
#   12|   do
#   13|->    set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
#   14|      shift
#   15|   

Error: SHELLCHECK_WARNING (CWE-156): [#def75]
/usr/share/krb5-tests/x86_64/config/mkinstalldirs:13:14: warning[SC2046]: Quote this to prevent word splitting.
#   11|   for file
#   12|   do
#   13|->    set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'`
#   14|      shift
#   15|   

Error: SHELLCHECK_WARNING (CWE-88): [#def76]
/usr/share/krb5-tests/x86_64/kadmin/cli/k5srvutil.sh:37:10: error[SC2068]: Double quote array expansions to avoid re-splitting elements.
#   35|       
#   36|   cmd_error() {
#   37|->     echo $@ 2>&1
#   38|       }
#   39|   

Error: SHELLCHECK_WARNING (CWE-456): [#def77]
/usr/share/krb5-tests/x86_64/lib/krb5/krb/transit-tests:26:5: warning[SC2121]: To assign a variable, use just 'var=value', no 'set ..'.
#   24|   eval $check
#   25|   
#   26|-> set EDU ATHENA.MIT.EDU ,
#   27|   expected="MIT.EDU"
#   28|   eval $check

Error: SHELLCHECK_WARNING (CWE-456): [#def78]
/usr/share/krb5-tests/x86_64/lib/krb5/krb/transit-tests:30:5: warning[SC2121]: To assign a variable, use just 'var=value', no 'set ..'.
#   28|   eval $check
#   29|   
#   30|-> set x x "/COM,/HP,/APOLLO, /COM/DEC"
#   31|   expected="/COM /COM/HP /COM/HP/APOLLO /COM/DEC"
#   32|   eval $check

Error: SHELLCHECK_WARNING (CWE-456): [#def79]
/usr/share/krb5-tests/x86_64/lib/krb5/krb/transit-tests:34:5: warning[SC2121]: To assign a variable, use just 'var=value', no 'set ..'.
#   32|   eval $check
#   33|   
#   34|-> set x x EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.
#   35|   expected="EDU MIT.EDU ATHENA.MIT.EDU WASHINGTON.EDU CS.WASHINGTON.EDU"
#   36|   eval $check

Error: SHELLCHECK_WARNING (CWE-563): [#def80]
/usr/share/krb5-tests/x86_64/lib/krb5/krb/transit-tests:50:1: warning[SC2034]: expected appears unused. Verify use (or export if used externally).
#   48|   
#   49|   set XYZZY.ATHENA.MIT.EDU XYZZY.CS.CMU.EDU ,EDU,
#   50|-> expected="EDU MIT.EDU ATHENA.MIT.EDU CMU.EDU CS.CMU.EDU"
#   51|   eval $check
#   52|   

Error: SHELLCHECK_WARNING (CWE-563): [#def81]
/usr/share/krb5-tests/x86_64/tests/pkinit-certs/make-certs.sh:13:1: warning[SC2034]: TLS_SERVER_EKU appears unused. Verify use (or export if used externally).
#   11|   PKINIT_KDC_EKU=1.3.6.1.5.2.3.5
#   12|   PKINIT_CLIENT_EKU=1.3.6.1.5.2.3.4
#   13|-> TLS_SERVER_EKU=1.3.6.1.5.5.7.3.1
#   14|   TLS_CLIENT_EKU=1.3.6.1.5.5.7.3.2
#   15|   EMAIL_PROTECTION_EKU=1.3.6.1.5.5.7.3.4

Error: SHELLCHECK_WARNING (CWE-563): [#def82]
/usr/share/krb5-tests/x86_64/tests/pkinit-certs/make-certs.sh:14:1: warning[SC2034]: TLS_CLIENT_EKU appears unused. Verify use (or export if used externally).
#   12|   PKINIT_CLIENT_EKU=1.3.6.1.5.2.3.4
#   13|   TLS_SERVER_EKU=1.3.6.1.5.5.7.3.1
#   14|-> TLS_CLIENT_EKU=1.3.6.1.5.5.7.3.2
#   15|   EMAIL_PROTECTION_EKU=1.3.6.1.5.5.7.3.4
#   16|   # Add TLS EKUs to these if we're testing with NSS and we still have to

Error: SHELLCHECK_WARNING (CWE-563): [#def83]
/usr/share/krb5-tests/x86_64/tests/pkinit-certs/make-certs.sh:15:1: warning[SC2034]: EMAIL_PROTECTION_EKU appears unused. Verify use (or export if used externally).
#   13|   TLS_SERVER_EKU=1.3.6.1.5.5.7.3.1
#   14|   TLS_CLIENT_EKU=1.3.6.1.5.5.7.3.2
#   15|-> EMAIL_PROTECTION_EKU=1.3.6.1.5.5.7.3.4
#   16|   # Add TLS EKUs to these if we're testing with NSS and we still have to
#   17|   # piggy-back on the TLS trust settings.

Error: SHELLCHECK_WARNING (CWE-563): [#def84]
/usr/share/krb5-tests/x86_64/tests/proxy-certs/make-certs.sh:4:1: warning[SC2034]: NAMETYPE appears unused. Verify use (or export if used externally).
#    2|   
#    3|   PWD=`pwd`
#    4|-> NAMETYPE=1
#    5|   KEYSIZE=2048
#    6|   DAYS=4000

Error: SHELLCHECK_WARNING (CWE-563): [#def85]
/usr/share/krb5-tests/x86_64/tests/proxy-certs/make-certs.sh:7:1: warning[SC2034]: REALM appears unused. Verify use (or export if used externally).
#    5|   KEYSIZE=2048
#    6|   DAYS=4000
#    7|-> REALM=KRBTEST.COM
#    8|   TLS_SERVER_EKU=1.3.6.1.5.5.7.3.1
#    9|   PROXY_EKU_LIST=$TLS_SERVER_EKU

Error: SHELLCHECK_WARNING (CWE-156): [#def86]
/usr/share/krb5-tests/x86_64/tests/proxy-certs/make-certs.sh:119:47: warning[SC2046]: Quote this to prevent word splitting.
#  117|   SUBJECT=proxy openssl x509 -outform der -in proxy-ideal.pem -out bad.der
#  118|   length=`od -Ad bad.der | tail -n 1 | awk '{print $1}'`
#  119|-> dd if=/dev/zero bs=1 of=bad.der count=16 seek=`expr $length - 16`
#  120|   SUBJECT=proxy openssl x509 -inform der -in bad.der -out tmp.pem
#  121|   cat privkey.pem tmp.pem > proxy-badsig.pem

Error: SHELLCHECK_WARNING (CWE-156): [#def87]
/usr/share/krb5-tests/x86_64/util/check-ac-syms:28:57: warning[SC2046]: Quote this to prevent word splitting.
#   26|   
#   27|   if test -s acsyms.extra; then
#   28|->   echo ERROR: Symbol or symbols defined here but not in `basename $3`: `cat acsyms.extra`
#   29|     rm -f acsyms.extra
#   30|     exit 1

Error: SHELLCHECK_WARNING (CWE-156): [#def88]
/usr/share/krb5-tests/x86_64/util/check-ac-syms:28:72: warning[SC2046]: Quote this to prevent word splitting.
#   26|   
#   27|   if test -s acsyms.extra; then
#   28|->   echo ERROR: Symbol or symbols defined here but not in `basename $3`: `cat acsyms.extra`
#   29|     rm -f acsyms.extra
#   30|     exit 1

Error: SHELLCHECK_WARNING (CWE-477): [#def89]
/usr/share/krb5-tests/x86_64/util/et/compile_et.sh:26:15: warning[SC2166]: Prefer [ p ] || [ q ] as [ p -o q ] is not well defined.
#   24|   
#   25|   # --localedir requires --textdomain.
#   26|-> if [ $# -ne 1 -o \( -n "$LOCALEDIR" -a -z "$TEXTDOMAIN" \) ]; then
#   27|       echo $usage 1>&2 ; exit 1
#   28|   fi

Error: SHELLCHECK_WARNING (CWE-477): [#def90]
/usr/share/krb5-tests/x86_64/util/et/compile_et.sh:26:37: warning[SC2166]: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
#   24|   
#   25|   # --localedir requires --textdomain.
#   26|-> if [ $# -ne 1 -o \( -n "$LOCALEDIR" -a -z "$TEXTDOMAIN" \) ]; then
#   27|       echo $usage 1>&2 ; exit 1
#   28|   fi

Error: SHELLCHECK_WARNING (CWE-456): [#def91]
/usr/share/krb5-tests/x86_64/util/et/config_script:17:2: warning[SC2209]: Use var=$(command) to assign output (or quote to assign string).
#   15|   
#   16|   if test "${AWK}x" = "x" ; then
#   17|-> 	AWK=awk
#   18|   fi
#   19|   if test "${SED}x" = "x" ; then

Error: SHELLCHECK_WARNING (CWE-456): [#def92]
/usr/share/krb5-tests/x86_64/util/et/config_script:20:2: warning[SC2209]: Use var=$(command) to assign output (or quote to assign string).
#   18|   fi
#   19|   if test "${SED}x" = "x" ; then
#   20|-> 	SED=sed
#   21|   fi
#   22|   sed -e "s;@DIR@;${DIR};" -e "s;@AWK@;${AWK};" -e "s;@SED@;${SED};" $FILE

Error: SHELLCHECK_WARNING (CWE-563): [#def93]
/usr/share/krb5-tests/x86_64/util/getsyms:9:2: warning[SC2034]: types appears unused. Verify use (or export if used externally).
#    7|   	libs=""
#    8|   	headers=""
#    9|-> 	types=""
#   10|   	funcs=""
#   11|   	AC_MACRODIR=./util/autoconf

Error: SHELLCHECK_WARNING (CWE-477): [#def94]
/usr/share/krb5-tests/x86_64/util/lndir:39:15: warning[SC2166]: Prefer [ p ] || [ q ] as [ p -o q ] is not well defined.
#   37|   esac
#   38|   
#   39|-> if [ $# -lt 1 -o $# -gt 2 ]
#   40|   then
#   41|   	echo "$USAGE"

Error: SHELLCHECK_WARNING (CWE-252): [#def95]
/usr/share/krb5-tests/x86_64/util/lndir:61:1: warning[SC2164]: Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
#   59|   fi
#   60|   
#   61|-> cd $DIRTO
#   62|   
#   63|   if [ ! -d $DIRFROM ]

Error: SHELLCHECK_WARNING (CWE-156): [#def96]
/usr/share/krb5-tests/x86_64/util/lndir:72:6: warning[SC2046]: Quote this to prevent word splitting.
#   70|   pwd=`pwd`
#   71|   
#   72|-> if [ `(cd $DIRFROM; pwd)` = $pwd ]
#   73|   then
#   74|   	echo "$pwd: FROM and TO are identical!"

Error: SHELLCHECK_WARNING (CWE-398): [#def97]
/usr/share/krb5-tests/x86_64/util/lndir:78:13: warning[SC2045]: Iterating over ls output is fragile. Use globs.
#   76|   fi
#   77|   
#   78|-> for file in `ls -a $DIRFROM`
#   79|   do
#   80|   	if [ ! -d $DIRFROM/$file ]

Error: SHELLCHECK_WARNING (CWE-477): [#def98]
/usr/share/krb5-tests/x86_64/util/lndir:84:27: warning[SC2166]: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
#   82|   		ln -s $DIRFROM/$file .
#   83|   	else
#   84|-> 	       if [ $file != RCS -a $file != CVS -a $file != . -a $file != .. ]
#   85|   		then
#   86|   			echo $file:

Error: SHELLCHECK_WARNING (CWE-477): [#def99]
/usr/share/krb5-tests/x86_64/util/lndir:84:43: warning[SC2166]: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
#   82|   		ln -s $DIRFROM/$file .
#   83|   	else
#   84|-> 	       if [ $file != RCS -a $file != CVS -a $file != . -a $file != .. ]
#   85|   		then
#   86|   			echo $file:

Error: SHELLCHECK_WARNING (CWE-477): [#def100]
/usr/share/krb5-tests/x86_64/util/lndir:84:57: warning[SC2166]: Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
#   82|   		ln -s $DIRFROM/$file .
#   83|   	else
#   84|-> 	       if [ $file != RCS -a $file != CVS -a $file != . -a $file != .. ]
#   85|   		then
#   86|   			echo $file:

Error: SHELLCHECK_WARNING (CWE-252): [#def101]
/usr/share/krb5-tests/x86_64/util/lndir:88:5: warning[SC2164]: Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
#   86|   			echo $file:
#   87|   			mkdir $file
#   88|-> 			(cd $file
#   89|   			 pwd=`pwd`
#   90|   			 case "$DIRFROM" in

Error: SHELLCHECK_WARNING (CWE-156): [#def102]
/usr/share/krb5-tests/x86_64/util/lndir:94:10: warning[SC2046]: Quote this to prevent word splitting.
#   92|   				 *)  DIRFROM=../$DIRFROM ;;
#   93|   			 esac
#   94|-> 			 if [ `(cd $DIRFROM/$file; pwd)` = $pwd ]
#   95|   			 then
#   96|   				echo "$pwd: FROM and TO are identical!"

Error: SHELLCHECK_WARNING (CWE-156): [#def103]
/usr/share/krb5-tests/x86_64/util/mkrel:115:7: warning[SC2046]: Quote this to prevent word splitting.
#  113|   if test $newstyle = t; then
#  114|   	echo "parsing new style patchlevel.h..."
#  115|-> 	eval `sed -n 's/#define \([A-Z0-9_]*\)[ \t]*\(.*\)/\1=\2/p' < $reldir/src/patchlevel.h`
#  116|   	if test "$KRB5_RELTAG" != $reltag && \
#  117|   		test "$KRB5_RELTAG" != `echo $reltag|sed 's%[^/]*/%%'` ; then

Error: SHELLCHECK_WARNING (CWE-156): [#def104]
/usr/share/krb5-tests/x86_64/util/mkrel:117:26: warning[SC2046]: Quote this to prevent word splitting.
#  115|   	eval `sed -n 's/#define \([A-Z0-9_]*\)[ \t]*\(.*\)/\1=\2/p' < $reldir/src/patchlevel.h`
#  116|   	if test "$KRB5_RELTAG" != $reltag && \
#  117|-> 		test "$KRB5_RELTAG" != `echo $reltag|sed 's%[^/]*/%%'` ; then
#  118|   		echo "WARNING: patchlevel.h '$KRB5_RELTAG' != $reltag"
#  119|   	fi

Error: SHELLCHECK_WARNING (CWE-398): [#def105]
/usr/share/krb5-tests/x86_64/util/mkrel:176:1: warning[SC2038]: Use 'find .. -print0 | xargs -0 ..' or 'find .. -exec .. +' to allow non-alphanumeric filenames.
#  174|   
#  175|   echo "Nuking unneeded files..."
#  176|-> find $reldir \( -name TODO -o -name todo -o -name .cvsignore \
#  177|   	-o -name .gitignore -o -name BADSYMS -o -name .Sanitize \
#  178|   	-o -name .rconf \) -print | xargs rm -f || true

Error: SHELLCHECK_WARNING (CWE-252): [#def106]
/usr/share/krb5-tests/x86_64/util/ss/config_script:19:6: warning[SC2164]: Use 'cd ... || exit' or 'cd ... || return' in case cd fails.
#   17|   	DIR=.
#   18|   fi
#   19|-> DIR=`cd ${DIR}; pwd`
#   20|   if test "${AWK}x" = "x" ; then
#   21|   	AWK=awk

Error: SHELLCHECK_WARNING (CWE-456): [#def107]
/usr/share/krb5-tests/x86_64/util/ss/config_script:21:2: warning[SC2209]: Use var=$(command) to assign output (or quote to assign string).
#   19|   DIR=`cd ${DIR}; pwd`
#   20|   if test "${AWK}x" = "x" ; then
#   21|-> 	AWK=awk
#   22|   fi
#   23|   if test "${SED}x" = "x" ; then

Error: SHELLCHECK_WARNING (CWE-456): [#def108]
/usr/share/krb5-tests/x86_64/util/ss/config_script:24:2: warning[SC2209]: Use var=$(command) to assign output (or quote to assign string).
#   22|   fi
#   23|   if test "${SED}x" = "x" ; then
#   24|-> 	SED=sed
#   25|   fi
#   26|   

Error: SHELLCHECK_WARNING (CWE-569): [#def109]
/usr/share/krb5-tests/x86_64/util/trim-valgrind-logs:3:7: warning[SC2125]: Brace expansions and globs are literal in assignments. Quote it or use an array.
#    1|   #!/usr/bin/sh
#    2|   
#    3|-> files=vg.*
#    4|   
#    5|   logname() {

Error: SHELLCHECK_WARNING (CWE-569): [#def110]
/usr/share/krb5-tests/x86_64/util/trim-valgrind-logs:15:11: warning[SC2048]: Use "$@" (with quotes) to prevent whitespace problems.
#   13|   		return
#   14|   	fi
#   15|-> 	for f in $* ; do
#   16|   		echo $f : `logname $f`
#   17|   	done

Error: SHELLCHECK_WARNING (CWE-156): [#def111]
/usr/share/krb5-tests/x86_64/util/trim-valgrind-logs:16:13: warning[SC2046]: Quote this to prevent word splitting.
#   14|   	fi
#   15|   	for f in $* ; do
#   16|-> 		echo $f : `logname $f`
#   17|   	done
#   18|   }

Error: SHELLCHECK_WARNING (CWE-569): [#def112]
/usr/share/krb5-tests/x86_64/util/trim-valgrind-logs:31:11: warning[SC2048]: Use "$@" (with quotes) to prevent whitespace problems.
#   29|   		return
#   30|   	fi
#   31|-> 	for f in $* ; do
#   32|   		n=`logname $f`
#   33|   		for d in $discard_list; do

Error: SHELLCHECK_WARNING (CWE-569): [#def113]
/usr/share/krb5-tests/x86_64/util/trim-valgrind-logs:47:36: warning[SC2048]: Use "$@" (with quotes) to prevent whitespace problems.
#   45|   		return
#   46|   	fi
#   47|-> 	grep -l "ERROR SUMMARY: 0 errors" $* | while read name ; do
#   48|   		echo rm $name : no errors in `logname $name`
#   49|   		rm $name

Error: SHELLCHECK_WARNING (CWE-156): [#def114]
/usr/share/krb5-tests/x86_64/util/trim-valgrind-logs:48:32: warning[SC2046]: Quote this to prevent word splitting.
#   46|   	fi
#   47|   	grep -l "ERROR SUMMARY: 0 errors" $* | while read name ; do
#   48|-> 		echo rm $name : no errors in `logname $name`
#   49|   		rm $name
#   50|   	done

Error: SHELLCHECK_WARNING (CWE-569): [#def115]
/usr/share/krb5-tests/x86_64/util/trim-valgrind-logs:57:36: warning[SC2048]: Use "$@" (with quotes) to prevent whitespace problems.
#   55|   	    return
#   56|   	fi
#   57|-> 	grep -l "ERROR SUMMARY: 0 errors" $* | \
#   58|   	    grep -l "definitely lost: 0 bytes" $* | \
#   59|   	    xargs grep -l "possibly lost: 0 bytes" | \

Error: SHELLCHECK_WARNING (CWE-569): [#def116]
/usr/share/krb5-tests/x86_64/util/trim-valgrind-logs:58:41: warning[SC2048]: Use "$@" (with quotes) to prevent whitespace problems.
#   56|   	fi
#   57|   	grep -l "ERROR SUMMARY: 0 errors" $* | \
#   58|-> 	    grep -l "definitely lost: 0 bytes" $* | \
#   59|   	    xargs grep -l "possibly lost: 0 bytes" | \
#   60|   	    xargs grep -l "still reachable: 0 bytes in 0 blocks" | \

Error: SHELLCHECK_WARNING (CWE-156): [#def117]
/usr/share/krb5-tests/x86_64/util/trim-valgrind-logs:62:44: warning[SC2046]: Quote this to prevent word splitting.
#   60|   	    xargs grep -l "still reachable: 0 bytes in 0 blocks" | \
#   61|   	    while read name ; do
#   62|-> 	    echo rm $name : no leaks or errors in `logname $name`
#   63|   	    rm $name
#   64|   	done

Error: GCC_ANALYZER_WARNING (CWE-775): [#def118]
krb5-1.21.3/src/appl/gss-sample/gss-client.c:141:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘s’
krb5-1.21.3/src/appl/gss-sample/gss-client.c:400:1: enter_function: entry to ‘call_server’
krb5-1.21.3/src/appl/gss-sample/gss-client.c:424:14: call_function: calling ‘connect_to_server’ from ‘call_server’
#  139|       }
#  140|       if (connect(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) {
#  141|->         perror("connecting to server");
#  142|           (void) closesocket(s);
#  143|           return -1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def119]
krb5-1.21.3/src/appl/gss-sample/gss-client.c:142:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘s’
krb5-1.21.3/src/appl/gss-sample/gss-client.c:400:1: enter_function: entry to ‘call_server’
krb5-1.21.3/src/appl/gss-sample/gss-client.c:424:14: call_function: calling ‘connect_to_server’ from ‘call_server’
#  140|       if (connect(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) {
#  141|           perror("connecting to server");
#  142|->         (void) closesocket(s);
#  143|           return -1;
#  144|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def120]
krb5-1.21.3/src/appl/gss-sample/gss-client.c:194:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘connect_to_server(host,  port)’
krb5-1.21.3/src/appl/gss-sample/gss-client.c:400:1: enter_function: entry to ‘call_server’
krb5-1.21.3/src/appl/gss-sample/gss-client.c:424:14: call_function: calling ‘connect_to_server’ from ‘call_server’
krb5-1.21.3/src/appl/gss-sample/gss-client.c:424:14: return_function: returning to ‘call_server’ from ‘connect_to_server’
krb5-1.21.3/src/appl/gss-sample/gss-client.c:424:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/gss-sample/gss-client.c:428:9: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-client.c:428:9: call_function: calling ‘client_establish_context’ from ‘call_server’
#  192|   
#  193|       if (!auth_flag)
#  194|->         return send_token(s, TOKEN_NOOP, empty_token);
#  195|   
#  196|       if (spnego) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def121]
krb5-1.21.3/src/appl/gss-sample/gss-client.c:213:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘connect_to_server(host,  port)’
krb5-1.21.3/src/appl/gss-sample/gss-client.c:400:1: enter_function: entry to ‘call_server’
krb5-1.21.3/src/appl/gss-sample/gss-client.c:424:14: call_function: calling ‘connect_to_server’ from ‘call_server’
krb5-1.21.3/src/appl/gss-sample/gss-client.c:424:14: return_function: returning to ‘call_server’ from ‘connect_to_server’
krb5-1.21.3/src/appl/gss-sample/gss-client.c:424:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/gss-sample/gss-client.c:428:9: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-client.c:428:9: call_function: calling ‘client_establish_context’ from ‘call_server’
#  211|           send_tok.length = strlen(username);
#  212|   
#  213|->         maj_stat = gss_import_name(&min_stat, &send_tok,
#  214|                                      (gss_OID) gss_nt_user_name, &gss_username);
#  215|           if (maj_stat != GSS_S_COMPLETE) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def122]
krb5-1.21.3/src/appl/gss-sample/gss-client.c:216:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘connect_to_server(host,  port)’
krb5-1.21.3/src/appl/gss-sample/gss-client.c:400:1: enter_function: entry to ‘call_server’
krb5-1.21.3/src/appl/gss-sample/gss-client.c:424:14: call_function: calling ‘connect_to_server’ from ‘call_server’
krb5-1.21.3/src/appl/gss-sample/gss-client.c:424:14: return_function: returning to ‘call_server’ from ‘connect_to_server’
krb5-1.21.3/src/appl/gss-sample/gss-client.c:424:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/gss-sample/gss-client.c:428:9: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-client.c:428:9: call_function: calling ‘client_establish_context’ from ‘call_server’
#  214|                                      (gss_OID) gss_nt_user_name, &gss_username);
#  215|           if (maj_stat != GSS_S_COMPLETE) {
#  216|->             display_status("parsing client name", maj_stat, min_stat);
#  217|               goto cleanup;
#  218|           }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def123]
krb5-1.21.3/src/appl/gss-sample/gss-client.c:225:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘connect_to_server(host,  port)’
krb5-1.21.3/src/appl/gss-sample/gss-client.c:400:1: enter_function: entry to ‘call_server’
krb5-1.21.3/src/appl/gss-sample/gss-client.c:424:14: call_function: calling ‘connect_to_server’ from ‘call_server’
krb5-1.21.3/src/appl/gss-sample/gss-client.c:424:14: return_function: returning to ‘call_server’ from ‘connect_to_server’
krb5-1.21.3/src/appl/gss-sample/gss-client.c:424:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/gss-sample/gss-client.c:428:9: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-client.c:428:9: call_function: calling ‘client_establish_context’ from ‘call_server’
#  223|           pwbuf.length = strlen(password);
#  224|   
#  225|->         maj_stat = gss_acquire_cred_with_password(&min_stat, gss_username,
#  226|                                                     &pwbuf, 0, mechsp,
#  227|                                                     GSS_C_INITIATE, &cred, NULL,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def124]
krb5-1.21.3/src/appl/gss-sample/gss-server.c:330:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘s’
krb5-1.21.3/src/appl/gss-sample/gss-server.c:323:14: acquire_resource: stream socket created here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:323:8: branch_false: following ‘false’ branch (when ‘s >= 0’)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:328:12: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:329:9: acquire_resource: socket created here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:329:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:330:9: branch_true: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:330:9: danger: ‘s’ leaks here
#  328|       (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof(on));
#  329|       if (bind(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) {
#  330|->         perror("binding socket");
#  331|           (void) closesocket(s);
#  332|           return -1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def125]
krb5-1.21.3/src/appl/gss-sample/gss-server.c:331:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘s’
krb5-1.21.3/src/appl/gss-sample/gss-server.c:323:14: acquire_resource: stream socket created here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:323:8: branch_false: following ‘false’ branch (when ‘s >= 0’)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:328:12: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:329:9: acquire_resource: socket created here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:329:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:330:9: branch_true: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:331:16: danger: ‘s’ leaks here
#  329|       if (bind(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) {
#  330|           perror("binding socket");
#  331|->         (void) closesocket(s);
#  332|           return -1;
#  333|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def126]
krb5-1.21.3/src/appl/gss-sample/gss-server.c:335:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘s’
krb5-1.21.3/src/appl/gss-sample/gss-server.c:323:14: acquire_resource: stream socket created here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:323:8: branch_false: following ‘false’ branch (when ‘s >= 0’)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:328:12: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:329:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:334:9: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:334:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:335:9: branch_true: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:335:9: danger: ‘s’ leaks here
#  333|       }
#  334|       if (listen(s, 5) < 0) {
#  335|->         perror("listening on socket");
#  336|           (void) closesocket(s);
#  337|           return -1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def127]
krb5-1.21.3/src/appl/gss-sample/gss-server.c:336:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘s’
krb5-1.21.3/src/appl/gss-sample/gss-server.c:323:14: acquire_resource: stream socket created here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:323:8: branch_false: following ‘false’ branch (when ‘s >= 0’)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:328:12: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:329:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:334:9: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:334:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:335:9: branch_true: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:336:16: danger: ‘s’ leaks here
#  334|       if (listen(s, 5) < 0) {
#  335|           perror("listening on socket");
#  336|->         (void) closesocket(s);
#  337|           return -1;
#  338|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def128]
krb5-1.21.3/src/appl/gss-sample/gss-server.c:709:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘logfile’
krb5-1.21.3/src/appl/gss-sample/gss-server.c:674:12: branch_true: following ‘true’ branch (when ‘argc != 0’)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:675:13: branch_true: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:675:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:691:18: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:691:17: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:693:20: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:693:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:695:20: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:695:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:697:20: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:697:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:699:20: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:699:19: branch_true: following ‘true’ branch (when the strings are equal)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:700:13: branch_true: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:702:16: branch_false: following ‘false’ branch (when ‘argc != 0’)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:708:18: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:708:16: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:711:27: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:711:27: acquire_resource: opened here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:713:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:674:12: branch_true: following ‘true’ branch (when ‘argc != 0’)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:675:13: branch_true: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:675:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:691:18: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:691:17: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:693:20: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:693:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:695:20: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:695:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:697:20: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:697:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:699:20: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:699:19: branch_true: following ‘true’ branch (when the strings are equal)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:700:13: branch_true: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:702:16: branch_false: following ‘false’ branch (when ‘argc != 0’)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:708:18: branch_false: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:708:16: branch_true: following ‘true’ branch (when the strings are equal)...
krb5-1.21.3/src/appl/gss-sample/gss-server.c:709:27: branch_true: ...to here
krb5-1.21.3/src/appl/gss-sample/gss-server.c:709:17: danger: ‘logfile’ leaks here; was opened at [(19)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/18)
#  707|                * to /dev/null. */
#  708|               if (!strcmp(*argv, "/dev/null")) {
#  709|->                 logfile = display_file = NULL;
#  710|               } else {
#  711|                   logfile = fopen(*argv, "a");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def129]
krb5-1.21.3/src/appl/sample/sclient/sclient.c:179:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/sample/sclient/sclient.c:108:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:113:14: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:114:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:119:12: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:130:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:135:9: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:135:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:142:8: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:148:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:155:5: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:156:21: branch_true: following ‘true’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:172:16: acquire_resource: stream socket created here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:173:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:177:42: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:177:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:178:65: branch_true: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:179:13: danger: ‘sock’ leaks here
#  177|           if (connect(sock, ap->ai_addr, ap->ai_addrlen) < 0) {
#  178|               fprintf(stderr, "%s: connect: %s\n", mbuf, strerror(errno));
#  179|->             close(sock);
#  180|               sock = -1;
#  181|               continue;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def130]
krb5-1.21.3/src/appl/sample/sclient/sclient.c:193:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/sample/sclient/sclient.c:108:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:113:14: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:114:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:119:12: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:130:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:135:9: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:135:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:142:8: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:148:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:155:5: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:156:21: branch_true: following ‘true’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:172:16: acquire_resource: stream socket created here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:173:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:177:42: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:177:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:185:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:188:5: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:193:14: danger: ‘sock’ leaks here
#  191|       cksum_data.length = strlen(argv[1]);
#  192|   
#  193|->     retval = krb5_cc_default(context, &ccdef);
#  194|       if (retval) {
#  195|           com_err(argv[0], retval, "while getting default ccache");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def131]
krb5-1.21.3/src/appl/sample/sclient/sclient.c:195:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/sample/sclient/sclient.c:108:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:113:14: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:114:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:119:12: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:130:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:135:9: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:135:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:142:8: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:148:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:155:5: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:156:21: branch_true: following ‘true’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:172:16: acquire_resource: stream socket created here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:173:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:177:42: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:177:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:185:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:188:5: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:194:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:195:9: branch_true: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:195:9: danger: ‘sock’ leaks here
#  193|       retval = krb5_cc_default(context, &ccdef);
#  194|       if (retval) {
#  195|->         com_err(argv[0], retval, "while getting default ccache");
#  196|           exit(1);
#  197|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def132]
krb5-1.21.3/src/appl/sample/sclient/sclient.c:199:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/sample/sclient/sclient.c:108:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:113:14: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:114:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:119:12: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:130:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:135:9: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:135:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:142:8: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:148:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:155:5: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:156:21: branch_true: following ‘true’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:172:16: acquire_resource: stream socket created here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:173:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:177:42: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:177:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:185:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:188:5: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:194:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:199:14: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:199:14: danger: ‘sock’ leaks here
#  197|       }
#  198|   
#  199|->     retval = krb5_cc_get_principal(context, ccdef, &client);
#  200|       if (retval) {
#  201|           com_err(argv[0], retval, "while getting client principal name");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def133]
krb5-1.21.3/src/appl/sample/sclient/sclient.c:201:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/sample/sclient/sclient.c:108:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:113:14: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:114:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:119:12: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:130:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:135:9: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:135:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:142:8: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:148:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:155:5: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:156:21: branch_true: following ‘true’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:172:16: acquire_resource: stream socket created here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:173:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:177:42: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:177:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:185:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:188:5: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:194:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:199:14: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:200:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:201:9: branch_true: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:201:9: danger: ‘sock’ leaks here
#  199|       retval = krb5_cc_get_principal(context, ccdef, &client);
#  200|       if (retval) {
#  201|->         com_err(argv[0], retval, "while getting client principal name");
#  202|           exit(1);
#  203|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def134]
krb5-1.21.3/src/appl/sample/sclient/sclient.c:204:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/sample/sclient/sclient.c:108:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:113:14: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:114:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:119:12: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:130:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:135:9: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:135:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:142:8: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:148:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:155:5: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:156:21: branch_true: following ‘true’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:172:16: acquire_resource: stream socket created here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:173:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:177:42: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:177:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:185:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:188:5: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:194:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:199:14: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:200:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sclient/sclient.c:204:14: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sclient/sclient.c:204:14: danger: ‘sock’ leaks here
#  202|           exit(1);
#  203|       }
#  204|->     retval = krb5_sendauth(context, &auth_context, (krb5_pointer) &sock,
#  205|                              SAMPLE_VERSION, client, server,
#  206|                              AP_OPTS_MUTUAL_REQUIRED,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def135]
krb5-1.21.3/src/appl/sample/sserver/sserver.c:177:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/sample/sserver/sserver.c:99:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sserver/sserver.c:105:5: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:140:8: branch_true: following ‘true’ branch (when ‘argc > 1’)...
krb5-1.21.3/src/appl/sample/sserver/sserver.c:141:16: branch_true: ...to here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:146:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sserver/sserver.c:157:8: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:157:8: branch_true: following ‘true’ branch (when ‘port != 0’)...
krb5-1.21.3/src/appl/sample/sserver/sserver.c:161:21: branch_true: ...to here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:161:21: acquire_resource: stream socket created here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:161:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sserver/sserver.c:166:16: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:172:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sserver/sserver.c:176:13: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:176:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/appl/sample/sserver/sserver.c:177:13: branch_true: ...to here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:177:13: danger: ‘sock’ leaks here
#  175|           }
#  176|           if (listen(sock, 1) == -1) {
#  177|->             syslog(LOG_ERR, "listen: %m");
#  178|               exit(3);
#  179|           }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def136]
krb5-1.21.3/src/appl/sample/sserver/sserver.c:182:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/sample/sserver/sserver.c:99:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sserver/sserver.c:105:5: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:140:8: branch_true: following ‘true’ branch (when ‘argc > 1’)...
krb5-1.21.3/src/appl/sample/sserver/sserver.c:141:16: branch_true: ...to here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:146:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sserver/sserver.c:157:8: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:157:8: branch_true: following ‘true’ branch (when ‘port != 0’)...
krb5-1.21.3/src/appl/sample/sserver/sserver.c:161:21: branch_true: ...to here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:161:21: acquire_resource: stream socket created here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:161:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sserver/sserver.c:166:16: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:172:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sserver/sserver.c:176:13: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:176:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sserver/sserver.c:181:9: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:182:9: danger: ‘sock’ leaks here
#  180|   
#  181|           printf("starting...\n");
#  182|->         fflush(stdout);
#  183|   
#  184|           if ((acc = accept(sock, (struct sockaddr *)&peername, &namelen)) == -1){

Error: GCC_ANALYZER_WARNING (CWE-775): [#def137]
krb5-1.21.3/src/appl/sample/sserver/sserver.c:184:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/sample/sserver/sserver.c:99:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sserver/sserver.c:105:5: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:140:8: branch_true: following ‘true’ branch (when ‘argc > 1’)...
krb5-1.21.3/src/appl/sample/sserver/sserver.c:141:16: branch_true: ...to here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:146:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sserver/sserver.c:157:8: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:157:8: branch_true: following ‘true’ branch (when ‘port != 0’)...
krb5-1.21.3/src/appl/sample/sserver/sserver.c:161:21: branch_true: ...to here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:161:21: acquire_resource: stream socket created here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:161:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sserver/sserver.c:166:16: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:172:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sserver/sserver.c:176:13: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:176:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/sample/sserver/sserver.c:181:9: branch_false: ...to here
krb5-1.21.3/src/appl/sample/sserver/sserver.c:184:20: danger: ‘sock’ leaks here
#  182|           fflush(stdout);
#  183|   
#  184|->         if ((acc = accept(sock, (struct sockaddr *)&peername, &namelen)) == -1){
#  185|               syslog(LOG_ERR, "accept: %m");
#  186|               exit(3);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def138]
krb5-1.21.3/src/appl/simple/client/sim_client.c:189:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/simple/client/sim_client.c:93:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:98:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:127:8: branch_true: following ‘true’ branch (when ‘argc > 0’)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:128:12: branch_true: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:128:12: branch_false: following ‘false’ branch (when ‘hostname’ is NULL)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:130:9: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:133:8: branch_false: following ‘false’ branch (when ‘hostname’ is non-NULL)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:140:17: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:140:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:146:12: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:154:8: branch_true: following ‘true’ branch (when ‘port == 0’)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:156:21: branch_true: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:156:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:160:27: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:166:17: acquire_resource: datagram socket created here
krb5-1.21.3/src/appl/simple/client/sim_client.c:166:8: branch_false: following ‘false’ branch (when ‘sock >= 0’)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:171:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:188:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:189:27: branch_true: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:189:9: danger: ‘sock’ leaks here
#  187|       /* Bind it to set the address; kernel will fill in port # */
#  188|       if (bind(sock, (struct sockaddr *)&c_sock, sizeof(c_sock)) < 0) {
#  189|->         com_err(progname, errno, "while binding datagram socket");
#  190|           exit(1);
#  191|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def139]
krb5-1.21.3/src/appl/simple/client/sim_client.c:199:19: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/simple/client/sim_client.c:93:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:98:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:127:8: branch_true: following ‘true’ branch (when ‘argc > 0’)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:128:12: branch_true: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:128:12: branch_false: following ‘false’ branch (when ‘hostname’ is NULL)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:130:9: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:133:8: branch_false: following ‘false’ branch (when ‘hostname’ is non-NULL)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:140:17: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:140:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:146:12: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:154:8: branch_true: following ‘true’ branch (when ‘port == 0’)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:156:21: branch_true: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:156:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:160:27: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:166:17: acquire_resource: datagram socket created here
krb5-1.21.3/src/appl/simple/client/sim_client.c:166:8: branch_false: following ‘false’ branch (when ‘sock >= 0’)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:171:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:188:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:195:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:199:19: danger: ‘sock’ leaks here
#  197|   
#  198|       /* Get credentials for server */
#  199|->     if ((retval = krb5_cc_default(context, &ccdef))) {
#  200|           com_err(progname, retval, "while getting default ccache");
#  201|           exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def140]
krb5-1.21.3/src/appl/simple/client/sim_client.c:200:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/simple/client/sim_client.c:93:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:98:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:127:8: branch_true: following ‘true’ branch (when ‘argc > 0’)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:128:12: branch_true: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:128:12: branch_false: following ‘false’ branch (when ‘hostname’ is NULL)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:130:9: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:133:8: branch_false: following ‘false’ branch (when ‘hostname’ is non-NULL)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:140:17: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:140:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:146:12: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:154:8: branch_true: following ‘true’ branch (when ‘port == 0’)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:156:21: branch_true: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:156:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:160:27: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:166:17: acquire_resource: datagram socket created here
krb5-1.21.3/src/appl/simple/client/sim_client.c:166:8: branch_false: following ‘false’ branch (when ‘sock >= 0’)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:171:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:188:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:195:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:199:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:200:9: branch_true: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:200:9: danger: ‘sock’ leaks here
#  198|       /* Get credentials for server */
#  199|       if ((retval = krb5_cc_default(context, &ccdef))) {
#  200|->         com_err(progname, retval, "while getting default ccache");
#  201|           exit(1);
#  202|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def141]
krb5-1.21.3/src/appl/simple/client/sim_client.c:204:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/simple/client/sim_client.c:93:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:98:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:127:8: branch_true: following ‘true’ branch (when ‘argc > 0’)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:128:12: branch_true: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:128:12: branch_false: following ‘false’ branch (when ‘hostname’ is NULL)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:130:9: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:133:8: branch_false: following ‘false’ branch (when ‘hostname’ is non-NULL)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:140:17: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:140:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:146:12: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:154:8: branch_true: following ‘true’ branch (when ‘port == 0’)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:156:21: branch_true: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:156:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:160:27: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:166:17: acquire_resource: datagram socket created here
krb5-1.21.3/src/appl/simple/client/sim_client.c:166:8: branch_false: following ‘false’ branch (when ‘sock >= 0’)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:171:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:188:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:195:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:199:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:204:14: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:204:14: danger: ‘sock’ leaks here
#  202|       }
#  203|   
#  204|->     retval = krb5_mk_req(context, &auth_context, AP_OPTS_USE_SUBKEY, service,
#  205|                            hostname, &inbuf, ccdef, &packet);
#  206|       if (retval) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def142]
krb5-1.21.3/src/appl/simple/client/sim_client.c:207:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/simple/client/sim_client.c:93:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:98:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:127:8: branch_true: following ‘true’ branch (when ‘argc > 0’)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:128:12: branch_true: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:128:12: branch_false: following ‘false’ branch (when ‘hostname’ is NULL)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:130:9: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:133:8: branch_false: following ‘false’ branch (when ‘hostname’ is non-NULL)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:140:17: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:140:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:146:12: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:154:8: branch_true: following ‘true’ branch (when ‘port == 0’)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:156:21: branch_true: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:156:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:160:27: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:166:17: acquire_resource: datagram socket created here
krb5-1.21.3/src/appl/simple/client/sim_client.c:166:8: branch_false: following ‘false’ branch (when ‘sock >= 0’)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:171:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:188:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:195:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:199:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:204:14: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:206:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:207:9: branch_true: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:207:9: danger: ‘sock’ leaks here
#  205|                            hostname, &inbuf, ccdef, &packet);
#  206|       if (retval) {
#  207|->         com_err(progname, retval, "while preparing AP_REQ");
#  208|           exit(1);
#  209|       }

Error: GCC_ANALYZER_WARNING (CWE-666): [#def143]
krb5-1.21.3/src/appl/simple/client/sim_client.c:215:9: warning[-Wanalyzer-fd-phase-mismatch]: ‘connect’ on file descriptor ‘sock’ in wrong phase
krb5-1.21.3/src/appl/simple/client/sim_client.c:93:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:98:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:127:8: branch_true: following ‘true’ branch (when ‘argc > 0’)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:128:12: branch_true: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:128:12: branch_false: following ‘false’ branch (when ‘hostname’ is NULL)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:130:9: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:133:8: branch_false: following ‘false’ branch (when ‘hostname’ is non-NULL)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:140:17: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:140:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:146:12: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:154:8: branch_true: following ‘true’ branch (when ‘port == 0’)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:156:21: branch_true: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:156:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:160:27: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:166:17: acquire_resource: datagram socket created here
krb5-1.21.3/src/appl/simple/client/sim_client.c:166:8: branch_false: following ‘false’ branch (when ‘sock >= 0’)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:171:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:188:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:195:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:199:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:204:14: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:206:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:210:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:215:9: danger: ‘connect’ expects a new socket file descriptor but ‘sock’ is bound
#  213|          properly bound for getsockname() below. */
#  214|   
#  215|->     if (connect(sock, (struct sockaddr *)&s_sock, sizeof(s_sock)) == -1) {
#  216|           com_err(progname, errno, "while connecting to server");
#  217|           exit(1);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def144]
krb5-1.21.3/src/appl/simple/client/sim_client.c:216:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/simple/client/sim_client.c:93:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:98:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:127:8: branch_true: following ‘true’ branch (when ‘argc > 0’)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:128:12: branch_true: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:128:12: branch_false: following ‘false’ branch (when ‘hostname’ is NULL)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:130:9: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:133:8: branch_false: following ‘false’ branch (when ‘hostname’ is non-NULL)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:140:17: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:140:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:146:12: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:154:8: branch_true: following ‘true’ branch (when ‘port == 0’)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:156:21: branch_true: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:156:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:160:27: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:166:17: acquire_resource: datagram socket created here
krb5-1.21.3/src/appl/simple/client/sim_client.c:166:8: branch_false: following ‘false’ branch (when ‘sock >= 0’)...
krb5-1.21.3/src/appl/simple/client/sim_client.c:171:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:188:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:195:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:199:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:204:14: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:206:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:210:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:215:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/appl/simple/client/sim_client.c:216:27: branch_true: ...to here
krb5-1.21.3/src/appl/simple/client/sim_client.c:216:9: danger: ‘sock’ leaks here
#  214|   
#  215|       if (connect(sock, (struct sockaddr *)&s_sock, sizeof(s_sock)) == -1) {
#  216|->         com_err(progname, errno, "while connecting to server");
#  217|           exit(1);
#  218|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def145]
krb5-1.21.3/src/appl/simple/server/sim_server.c:159:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/simple/server/sim_server.c:92:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/appl/simple/server/sim_server.c:125:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/server/sim_server.c:132:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/server/sim_server.c:136:8: branch_true: following ‘true’ branch (when ‘port == 0’)...
krb5-1.21.3/src/appl/simple/server/sim_server.c:138:21: branch_true: ...to here
krb5-1.21.3/src/appl/simple/server/sim_server.c:138:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/server/sim_server.c:142:27: branch_false: ...to here
krb5-1.21.3/src/appl/simple/server/sim_server.c:148:17: acquire_resource: datagram socket created here
krb5-1.21.3/src/appl/simple/server/sim_server.c:148:8: branch_false: following ‘false’ branch (when ‘sock >= 0’)...
krb5-1.21.3/src/appl/simple/server/sim_server.c:154:12: branch_false: ...to here
krb5-1.21.3/src/appl/simple/server/sim_server.c:158:9: acquire_resource: socket created here
krb5-1.21.3/src/appl/simple/server/sim_server.c:158:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/appl/simple/server/sim_server.c:159:9: branch_true: ...to here
krb5-1.21.3/src/appl/simple/server/sim_server.c:159:9: danger: ‘sock’ leaks here
#  157|       /* Bind the socket */
#  158|       if (bind(sock, (struct sockaddr *)&s_sock, sizeof(s_sock))) {
#  159|->         perror("binding datagram socket");
#  160|           exit(1);
#  161|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def146]
krb5-1.21.3/src/appl/simple/server/sim_server.c:164:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/simple/server/sim_server.c:92:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/appl/simple/server/sim_server.c:125:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/server/sim_server.c:132:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/server/sim_server.c:136:8: branch_true: following ‘true’ branch (when ‘port == 0’)...
krb5-1.21.3/src/appl/simple/server/sim_server.c:138:21: branch_true: ...to here
krb5-1.21.3/src/appl/simple/server/sim_server.c:138:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/server/sim_server.c:142:27: branch_false: ...to here
krb5-1.21.3/src/appl/simple/server/sim_server.c:148:17: acquire_resource: datagram socket created here
krb5-1.21.3/src/appl/simple/server/sim_server.c:148:8: branch_false: following ‘false’ branch (when ‘sock >= 0’)...
krb5-1.21.3/src/appl/simple/server/sim_server.c:154:12: branch_false: ...to here
krb5-1.21.3/src/appl/simple/server/sim_server.c:158:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/server/sim_server.c:163:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/server/sim_server.c:164:5: danger: ‘sock’ leaks here
#  162|   
#  163|       printf("starting...\n");
#  164|->     fflush(stdout);
#  165|   
#  166|   #ifdef DEBUG

Error: GCC_ANALYZER_WARNING (CWE-775): [#def147]
krb5-1.21.3/src/appl/simple/server/sim_server.c:174:14: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/simple/server/sim_server.c:92:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/appl/simple/server/sim_server.c:125:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/server/sim_server.c:132:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/server/sim_server.c:136:8: branch_true: following ‘true’ branch (when ‘port == 0’)...
krb5-1.21.3/src/appl/simple/server/sim_server.c:138:21: branch_true: ...to here
krb5-1.21.3/src/appl/simple/server/sim_server.c:138:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/server/sim_server.c:142:27: branch_false: ...to here
krb5-1.21.3/src/appl/simple/server/sim_server.c:148:17: acquire_resource: datagram socket created here
krb5-1.21.3/src/appl/simple/server/sim_server.c:148:8: branch_false: following ‘false’ branch (when ‘sock >= 0’)...
krb5-1.21.3/src/appl/simple/server/sim_server.c:154:12: branch_false: ...to here
krb5-1.21.3/src/appl/simple/server/sim_server.c:158:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/simple/server/sim_server.c:163:5: branch_false: ...to here
krb5-1.21.3/src/appl/simple/server/sim_server.c:174:14: danger: ‘sock’ leaks here
#  172|       /* use "recvfrom" so we know client's address */
#  173|       len = sizeof(struct sockaddr_in);
#  174|->     if ((i = recvfrom(sock, (char *)pktbuf, sizeof(pktbuf), flags,
#  175|                         (struct sockaddr *)&c_sock, &len)) < 0) {
#  176|           perror("receiving datagram");

Error: GCC_ANALYZER_WARNING (CWE-775): [#def148]
krb5-1.21.3/src/appl/user_user/server.c:83:24: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/user_user/server.c:61:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/user_user/server.c:68:13: branch_false: ...to here
krb5-1.21.3/src/appl/user_user/server.c:73:21: acquire_resource: stream socket created here
krb5-1.21.3/src/appl/user_user/server.c:73:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/user_user/server.c:78:9: branch_false: ...to here
krb5-1.21.3/src/appl/user_user/server.c:80:12: branch_false: following ‘false’ branch (when ‘argc != 2’)...
krb5-1.21.3/src/appl/user_user/server.c:83:24: branch_false: ...to here
krb5-1.21.3/src/appl/user_user/server.c:83:24: danger: ‘sock’ leaks here
#   81|               l_inaddr.sin_port = htons(atoi(argv[1]));
#   82|           } else  {
#   83|->             if (!(sp = getservbyname("uu-sample", "tcp"))) {
#   84|                   com_err("uu-server", 0, "can't find uu-sample/tcp service");
#   85|                   exit(3);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def149]
krb5-1.21.3/src/appl/user_user/server.c:84:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/user_user/server.c:61:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/user_user/server.c:68:13: branch_false: ...to here
krb5-1.21.3/src/appl/user_user/server.c:73:21: acquire_resource: stream socket created here
krb5-1.21.3/src/appl/user_user/server.c:73:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/user_user/server.c:78:9: branch_false: ...to here
krb5-1.21.3/src/appl/user_user/server.c:80:12: branch_false: following ‘false’ branch (when ‘argc != 2’)...
krb5-1.21.3/src/appl/user_user/server.c:83:24: branch_false: ...to here
krb5-1.21.3/src/appl/user_user/server.c:83:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/appl/user_user/server.c:84:17: branch_true: ...to here
krb5-1.21.3/src/appl/user_user/server.c:84:17: danger: ‘sock’ leaks here
#   82|           } else  {
#   83|               if (!(sp = getservbyname("uu-sample", "tcp"))) {
#   84|->                 com_err("uu-server", 0, "can't find uu-sample/tcp service");
#   85|                   exit(3);
#   86|               }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def150]
krb5-1.21.3/src/appl/user_user/server.c:96:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/user_user/server.c:61:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/user_user/server.c:68:13: branch_false: ...to here
krb5-1.21.3/src/appl/user_user/server.c:73:21: acquire_resource: stream socket created here
krb5-1.21.3/src/appl/user_user/server.c:73:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/user_user/server.c:78:9: branch_false: ...to here
krb5-1.21.3/src/appl/user_user/server.c:91:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/user_user/server.c:95:13: branch_false: ...to here
krb5-1.21.3/src/appl/user_user/server.c:95:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/appl/user_user/server.c:96:34: branch_true: ...to here
krb5-1.21.3/src/appl/user_user/server.c:96:13: danger: ‘sock’ leaks here
#   94|           }
#   95|           if (listen(sock, 1) == -1) {
#   96|->             com_err("uu-server", errno, "listening");
#   97|               exit(3);
#   98|           }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def151]
krb5-1.21.3/src/appl/user_user/server.c:101:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/user_user/server.c:61:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/user_user/server.c:68:13: branch_false: ...to here
krb5-1.21.3/src/appl/user_user/server.c:73:21: acquire_resource: stream socket created here
krb5-1.21.3/src/appl/user_user/server.c:73:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/user_user/server.c:78:9: branch_false: ...to here
krb5-1.21.3/src/appl/user_user/server.c:91:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/user_user/server.c:95:13: branch_false: ...to here
krb5-1.21.3/src/appl/user_user/server.c:95:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/user_user/server.c:100:9: branch_false: ...to here
krb5-1.21.3/src/appl/user_user/server.c:101:9: danger: ‘sock’ leaks here
#   99|   
#  100|           printf("Server started\n");
#  101|->         fflush(stdout);
#  102|   
#  103|           if ((acc = accept(sock, (struct sockaddr *)&f_inaddr, &namelen)) == -1) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def152]
krb5-1.21.3/src/appl/user_user/server.c:103:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/appl/user_user/server.c:61:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/user_user/server.c:68:13: branch_false: ...to here
krb5-1.21.3/src/appl/user_user/server.c:73:21: acquire_resource: stream socket created here
krb5-1.21.3/src/appl/user_user/server.c:73:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/user_user/server.c:78:9: branch_false: ...to here
krb5-1.21.3/src/appl/user_user/server.c:91:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/user_user/server.c:95:13: branch_false: ...to here
krb5-1.21.3/src/appl/user_user/server.c:95:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/appl/user_user/server.c:100:9: branch_false: ...to here
krb5-1.21.3/src/appl/user_user/server.c:103:20: danger: ‘sock’ leaks here
#  101|           fflush(stdout);
#  102|   
#  103|->         if ((acc = accept(sock, (struct sockaddr *)&f_inaddr, &namelen)) == -1) {
#  104|               com_err("uu-server", errno, "accepting");
#  105|               exit(3);

Error: COMPILER_WARNING: [#def153]
krb5-1.21.3/src/clients/kinit/kinit.c: scope_hint: In function ‘extended_com_err_fn’
krb5-1.21.3/src/clients/kinit/kinit.c:191:5: warning[-Wsuggest-attribute=format]: function ‘extended_com_err_fn’ might be a candidate for ‘gnu_printf’ format attribute
#  191 |     vfprintf(stderr, fmt, args);
#      |     ^~~~~~~~
#  189|       fprintf(stderr, "%s: %s ", myprog, emsg);
#  190|       krb5_free_error_message(errctx, emsg);
#  191|->     vfprintf(stderr, fmt, args);
#  192|       fprintf(stderr, "\n");
#  193|   }

Error: COMPILER_WARNING: [#def154]
krb5-1.21.3/src/clients/klist/klist.c: scope_hint: In function ‘extended_com_err_fn’
krb5-1.21.3/src/clients/klist/klist.c:119:5: warning[-Wsuggest-attribute=format]: function ‘extended_com_err_fn’ might be a candidate for ‘gnu_printf’ format attribute
#  119 |     vfprintf(stderr, fmt, args);
#      |     ^~~~~~~~
#  117|       fprintf(stderr, "%s: %s%s", prog, msg, (*fmt == '\0') ? "" : " ");
#  118|       krb5_free_error_message(context, msg);
#  119|->     vfprintf(stderr, fmt, args);
#  120|       fprintf(stderr, "\n");
#  121|   }

Error: COMPILER_WARNING (CWE-252): [#def155]
krb5-1.21.3/src/clients/ksu/authorization.c: scope_hint: In function ‘fcmd_resolve’
krb5-1.21.3/src/clients/ksu/authorization.c:348:13: warning[-Wunused-result]: ignoring return value of ‘asprintf’ declared with attribute ‘warn_unused_result’
#  348 |             asprintf(&err, _("Error: bad entry - %s in %s file, must be "
#      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  349 |                              "either full path or just the cmd name\n"),
#      |                              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  350 |                      fcmd, KRB5_USERS_NAME);
#      |                      ~~~~~~~~~~~~~~~~~~~~~~
#  346|           /* must be either full path or just the cmd name */
#  347|           if (strchr(fcmd, '/')){
#  348|->             asprintf(&err, _("Error: bad entry - %s in %s file, must be "
#  349|                                "either full path or just the cmd name\n"),
#  350|                        fcmd, KRB5_USERS_NAME);

Error: COMPILER_WARNING (CWE-252): [#def156]
krb5-1.21.3/src/clients/ksu/authorization.c:371:13: warning[-Wunused-result]: ignoring return value of ‘asprintf’ declared with attribute ‘warn_unused_result’
#  371 |             asprintf(&err, _("Error: bad entry - %s in %s file, CMD_PATH "
#      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  372 |                              "contains no paths \n"), fcmd, KRB5_USERS_NAME);
#      |                              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  369|   
#  370|           if (! tc){
#  371|->             asprintf(&err, _("Error: bad entry - %s in %s file, CMD_PATH "
#  372|                                "contains no paths \n"), fcmd, KRB5_USERS_NAME);
#  373|               *out_err = err;

Error: COMPILER_WARNING (CWE-252): [#def157]
krb5-1.21.3/src/clients/ksu/authorization.c:380:17: warning[-Wunused-result]: ignoring return value of ‘asprintf’ declared with attribute ‘warn_unused_result’
#  380 |                 asprintf(&err, _("Error: bad path %s in CMD_PATH for %s must "
#      |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  381 |                                  "start with '/' \n"), tc, KRB5_USERS_NAME );
#      |                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  378|           do{
#  379|               if (*tc != '/'){  /* must be full path */
#  380|->                 asprintf(&err, _("Error: bad path %s in CMD_PATH for %s must "
#  381|                                    "start with '/' \n"), tc, KRB5_USERS_NAME );
#  382|                   *out_err = err;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def158]
krb5-1.21.3/src/clients/ksu/authorization.c:570:21: warning[-Wanalyzer-file-leak]: leak of FILE ‘login_fp’
krb5-1.21.3/src/clients/ksu/authorization.c:72:1: enter_function: entry to ‘krb5_authorization’
krb5-1.21.3/src/clients/ksu/authorization.c:88:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/ksu/authorization.c:91:14: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:92:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/ksu/authorization.c:101:20: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:105:8: branch_true: following ‘true’ branch (when ‘k5login_flag == 0’)...
krb5-1.21.3/src/clients/ksu/authorization.c:106:20: branch_true: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:106:20: acquire_resource: opened here
krb5-1.21.3/src/clients/ksu/authorization.c:107:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/ksu/authorization.c:109:30: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:109:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/ksu/authorization.c:113:8: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:113:8: branch_false: following ‘false’ branch (when ‘k5users_flag != 0’)...
krb5-1.21.3/src/clients/ksu/authorization.c:121:9: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:130:8: branch_true: following ‘true’ branch (when ‘k5login_flag == 0’)...
krb5-1.21.3/src/clients/ksu/authorization.c:131:13: branch_true: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:136:18: call_function: calling ‘k5login_lookup’ from ‘krb5_authorization’
#  568|       int chunk_count = 1;
#  569|   
#  570|->     line = (char *) xcalloc (BUFSIZ, sizeof (char ));
#  571|       line_ptr = line;
#  572|       line[0] = '\0';

Error: GCC_ANALYZER_WARNING (CWE-775): [#def159]
krb5-1.21.3/src/clients/ksu/authorization.c:570:21: warning[-Wanalyzer-file-leak]: leak of FILE ‘users_fp’
krb5-1.21.3/src/clients/ksu/authorization.c:72:1: enter_function: entry to ‘krb5_authorization’
krb5-1.21.3/src/clients/ksu/authorization.c:88:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/ksu/authorization.c:91:14: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:92:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/ksu/authorization.c:101:20: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:105:8: branch_false: following ‘false’ branch (when ‘k5login_flag != 0’)...
krb5-1.21.3/src/clients/ksu/authorization.c:113:8: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:113:8: branch_true: following ‘true’ branch (when ‘k5users_flag == 0’)...
krb5-1.21.3/src/clients/ksu/authorization.c:114:20: branch_true: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:114:20: acquire_resource: opened here
krb5-1.21.3/src/clients/ksu/authorization.c:115:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/ksu/authorization.c:117:30: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:117:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/ksu/authorization.c:121:9: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:130:8: branch_false: following ‘false’ branch (when ‘k5login_flag != 0’)...
krb5-1.21.3/src/clients/ksu/authorization.c:145:8: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:145:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/clients/ksu/authorization.c:146:18: call_function: calling ‘k5users_lookup’ from ‘krb5_authorization’
#  568|       int chunk_count = 1;
#  569|   
#  570|->     line = (char *) xcalloc (BUFSIZ, sizeof (char ));
#  571|       line_ptr = line;
#  572|       line[0] = '\0';

Error: GCC_ANALYZER_WARNING (CWE-775): [#def160]
krb5-1.21.3/src/clients/ksu/authorization.c:582:20: warning[-Wanalyzer-file-leak]: leak of FILE ‘login_fp’
krb5-1.21.3/src/clients/ksu/authorization.c:72:1: enter_function: entry to ‘krb5_authorization’
krb5-1.21.3/src/clients/ksu/authorization.c:88:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/ksu/authorization.c:91:14: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:92:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/ksu/authorization.c:101:20: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:105:8: branch_true: following ‘true’ branch (when ‘k5login_flag == 0’)...
krb5-1.21.3/src/clients/ksu/authorization.c:106:20: branch_true: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:106:20: acquire_resource: opened here
krb5-1.21.3/src/clients/ksu/authorization.c:107:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/ksu/authorization.c:109:30: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:109:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/ksu/authorization.c:113:8: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:113:8: branch_false: following ‘false’ branch (when ‘k5users_flag != 0’)...
krb5-1.21.3/src/clients/ksu/authorization.c:121:9: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:130:8: branch_true: following ‘true’ branch (when ‘k5login_flag == 0’)...
krb5-1.21.3/src/clients/ksu/authorization.c:131:13: branch_true: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:136:18: call_function: calling ‘k5login_lookup’ from ‘krb5_authorization’
#  580|           else {
#  581|               chunk_count ++;
#  582|->             line = xrealloc(line, chunk_count * BUFSIZ);
#  583|   
#  584|               line_ptr = line + (BUFSIZ -1) *( chunk_count -1) ;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def161]
krb5-1.21.3/src/clients/ksu/authorization.c:582:20: warning[-Wanalyzer-file-leak]: leak of FILE ‘users_fp’
krb5-1.21.3/src/clients/ksu/authorization.c:72:1: enter_function: entry to ‘krb5_authorization’
krb5-1.21.3/src/clients/ksu/authorization.c:88:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/ksu/authorization.c:91:14: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:92:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/ksu/authorization.c:101:20: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:105:8: branch_false: following ‘false’ branch (when ‘k5login_flag != 0’)...
krb5-1.21.3/src/clients/ksu/authorization.c:113:8: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:113:8: branch_true: following ‘true’ branch (when ‘k5users_flag == 0’)...
krb5-1.21.3/src/clients/ksu/authorization.c:114:20: branch_true: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:114:20: acquire_resource: opened here
krb5-1.21.3/src/clients/ksu/authorization.c:115:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/ksu/authorization.c:117:30: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:117:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/ksu/authorization.c:121:9: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:130:8: branch_false: following ‘false’ branch (when ‘k5login_flag != 0’)...
krb5-1.21.3/src/clients/ksu/authorization.c:145:8: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/authorization.c:145:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/clients/ksu/authorization.c:146:18: call_function: calling ‘k5users_lookup’ from ‘krb5_authorization’
#  580|           else {
#  581|               chunk_count ++;
#  582|->             line = xrealloc(line, chunk_count * BUFSIZ);
#  583|   
#  584|               line_ptr = line + (BUFSIZ -1) *( chunk_count -1) ;

Error: CPPCHECK_WARNING (CWE-401): [#def162]
krb5-1.21.3/src/clients/ksu/heuristic.c:57: error[memleak]: Memory leak: temp_list
#   55|       retval = get_line(fp, &line);
#   56|       if (retval)
#   57|->         return retval;
#   58|   
#   59|       while (line){

Error: CPPCHECK_WARNING (CWE-401): [#def163]
krb5-1.21.3/src/clients/ksu/heuristic.c:69: error[memleakOnRealloc]: Common realloc mistake: 'temp_list' nulled but not freed upon failure
#   67|           if(count == (chunk_count * CHUNK -1)){
#   68|               chunk_count ++;
#   69|->             if (!(temp_list = (char **) realloc(temp_list,
#   70|                                                   chunk_count * CHUNK * sizeof(char *)))){
#   71|                   return ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def164]
krb5-1.21.3/src/clients/ksu/heuristic.c:223:14: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(&k5login_path, "r")’
krb5-1.21.3/src/clients/ksu/heuristic.c:214:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/ksu/heuristic.c:217:20: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/heuristic.c:220:8: branch_true: following ‘true’ branch (when ‘k5login_flag == 0’)...
krb5-1.21.3/src/clients/ksu/heuristic.c:221:25: branch_true: ...to here
krb5-1.21.3/src/clients/ksu/heuristic.c:221:25: acquire_resource: opened here
krb5-1.21.3/src/clients/ksu/heuristic.c:221:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/ksu/heuristic.c:223:31: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/heuristic.c:223:14: danger: ‘fopen(&k5login_path, "r")’ leaks here; was opened at [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4)
#  221|           if ((login_fp = fopen(k5login_path, "r")) == NULL)
#  222|               return 0;
#  223|->         if ( fowner(login_fp, pwd->pw_uid) == FALSE){
#  224|               close_time(1 /*k5users_flag*/, (FILE *) 0 /*users_fp*/,
#  225|                          k5login_flag,login_fp);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def165]
krb5-1.21.3/src/clients/ksu/heuristic.c:233:14: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(&k5users_path, "r")’
krb5-1.21.3/src/clients/ksu/heuristic.c:214:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/ksu/heuristic.c:217:20: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/heuristic.c:220:8: branch_false: following ‘false’ branch (when ‘k5login_flag != 0’)...
krb5-1.21.3/src/clients/ksu/heuristic.c:229:8: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/heuristic.c:229:8: branch_true: following ‘true’ branch (when ‘k5users_flag == 0’)...
krb5-1.21.3/src/clients/ksu/heuristic.c:230:25: branch_true: ...to here
krb5-1.21.3/src/clients/ksu/heuristic.c:230:25: acquire_resource: opened here
krb5-1.21.3/src/clients/ksu/heuristic.c:230:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/ksu/heuristic.c:233:31: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/heuristic.c:233:14: danger: ‘fopen(&k5users_path, "r")’ leaks here; was opened at [(7)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/6)
#  231|               return 0;
#  232|   
#  233|->         if ( fowner(users_fp, pwd->pw_uid) == FALSE){
#  234|               close_time(k5users_flag,users_fp, k5login_flag,login_fp);
#  235|               return 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def166]
krb5-1.21.3/src/clients/ksu/main.c:992:5: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘sep’
krb5-1.21.3/src/clients/ksu/main.c:975:1: enter_function: entry to ‘resolve_target_cache’
krb5-1.21.3/src/clients/ksu/main.c:981:17: release_memory: ‘ccname’ is NULL
krb5-1.21.3/src/clients/ksu/main.c:981:33: release_memory: ‘ccname’ is NULL
krb5-1.21.3/src/clients/ksu/main.c:986:14: call_function: calling ‘get_configured_defccname’ from ‘resolve_target_cache’
krb5-1.21.3/src/clients/ksu/main.c:986:14: return_function: returning to ‘resolve_target_cache’ from ‘get_configured_defccname’
krb5-1.21.3/src/clients/ksu/main.c:987:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/ksu/main.c:991:11: branch_false: ...to here
krb5-1.21.3/src/clients/ksu/main.c:992:5: danger: dereference of NULL ‘sep’
#  990|       /* Check if the configured default name uses a switchable type. */
#  991|       sep = strchr(target, ':');
#  992|->     *sep = '\0';
#  993|       switchable = krb5_cc_support_switch(context, target);
#  994|       *sep = ':';

Error: COMPILER_WARNING (CWE-252): [#def167]
krb5-1.21.3/src/clients/ksu/main.c: scope_hint: In function ‘set_env_var’
krb5-1.21.3/src/clients/ksu/main.c:1088:5: warning[-Wunused-result]: ignoring return value of ‘asprintf’ declared with attribute ‘warn_unused_result’
# 1088 |     asprintf(&env_var_buf,"%s=%s",name, value);
#      |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1086|       char * env_var_buf;
# 1087|   
# 1088|->     asprintf(&env_var_buf,"%s=%s",name, value);
# 1089|       return putenv(env_var_buf);
# 1090|   

Error: COMPILER_WARNING: [#def168]
krb5-1.21.3/src/clients/ksu/xmalloc.c: scope_hint: In function ‘xasprintf’
krb5-1.21.3/src/clients/ksu/xmalloc.c:74:5: warning[-Wsuggest-attribute=format]: function ‘xasprintf’ might be a candidate for ‘gnu_printf’ format attribute
#   74 |     if (vasprintf(&out, format, args) < 0) {
#      |     ^~
#   72|   
#   73|       va_start (args, format);
#   74|->     if (vasprintf(&out, format, args) < 0) {
#   75|           perror (prog_name);
#   76|           exit (1);

Error: COMPILER_WARNING: [#def169]
krb5-1.21.3/src/clients/kvno/kvno.c: scope_hint: In function ‘extended_com_err_fn’
krb5-1.21.3/src/clients/kvno/kvno.c:191:5: warning[-Wsuggest-attribute=format]: function ‘extended_com_err_fn’ might be a candidate for ‘gnu_printf’ format attribute
#  191 |     vfprintf(stderr, fmt, args);
#      |     ^~~~~~~~
#  189|       fprintf(stderr, "%s: %s ", myprog, emsg);
#  190|       krb5_free_error_message(context, emsg);
#  191|->     vfprintf(stderr, fmt, args);
#  192|       fprintf(stderr, "\n");
#  193|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def170]
krb5-1.21.3/src/clients/kvno/kvno.c:240:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(file_name, "r")’
krb5-1.21.3/src/clients/kvno/kvno.c:232:10: acquire_resource: opened here
krb5-1.21.3/src/clients/kvno/kvno.c:233:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:238:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/clients/kvno/kvno.c:240:37: branch_true: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:240:13: danger: ‘fopen(file_name, "r")’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  238|           if (line == NULL) {
#  239|               ret = EINVAL;
#  240|->             k5_setmsg(context, ret, _("No begin line not found"));
#  241|               goto cleanup;
#  242|           }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def171]
krb5-1.21.3/src/clients/kvno/kvno.c:247:5: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(file_name, "r")’
krb5-1.21.3/src/clients/kvno/kvno.c:219:1: enter_function: entry to ‘read_pem_file’
krb5-1.21.3/src/clients/kvno/kvno.c:232:10: acquire_resource: opened here
krb5-1.21.3/src/clients/kvno/kvno.c:233:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:237:16: call_function: calling ‘read_line’ from ‘read_pem_file’
krb5-1.21.3/src/clients/kvno/kvno.c:237:16: return_function: returning to ‘read_pem_file’ from ‘read_line’
krb5-1.21.3/src/clients/kvno/kvno.c:238:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/kvno/kvno.c:243:13: branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:247:5: danger: ‘fopen(file_name, "r")’ leaks here; was opened at [(2)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/1)
#  245|       }
#  246|   
#  247|->     k5_buf_init_dynamic(&buf);
#  248|       for (;;) {
#  249|           line = read_line(fp, linebuf, sizeof(linebuf));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def172]
krb5-1.21.3/src/clients/kvno/kvno.c:252:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(file_name, "r")’
krb5-1.21.3/src/clients/kvno/kvno.c:219:1: enter_function: entry to ‘read_pem_file’
krb5-1.21.3/src/clients/kvno/kvno.c:232:10: acquire_resource: opened here
krb5-1.21.3/src/clients/kvno/kvno.c:233:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:237:16: call_function: calling ‘read_line’ from ‘read_pem_file’
krb5-1.21.3/src/clients/kvno/kvno.c:237:16: return_function: returning to ‘read_pem_file’ from ‘read_line’
krb5-1.21.3/src/clients/kvno/kvno.c:238:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/kvno/kvno.c:243:13: branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:250:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/clients/kvno/kvno.c:252:37: branch_true: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:252:13: danger: ‘fopen(file_name, "r")’ leaks here; was opened at [(2)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/1)
#  250|           if (line == NULL) {
#  251|               ret = EINVAL;
#  252|->             k5_setmsg(context, ret, _("No end line found"));
#  253|               goto cleanup;
#  254|           }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def173]
krb5-1.21.3/src/clients/kvno/kvno.c:263:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(file_name, "r")’
krb5-1.21.3/src/clients/kvno/kvno.c:219:1: enter_function: entry to ‘read_pem_file’
krb5-1.21.3/src/clients/kvno/kvno.c:232:10: acquire_resource: opened here
krb5-1.21.3/src/clients/kvno/kvno.c:233:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:237:16: call_function: calling ‘read_line’ from ‘read_pem_file’
krb5-1.21.3/src/clients/kvno/kvno.c:237:16: return_function: returning to ‘read_pem_file’ from ‘read_line’
krb5-1.21.3/src/clients/kvno/kvno.c:238:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/kvno/kvno.c:243:13: branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:249:16: call_function: calling ‘read_line’ from ‘read_pem_file’
krb5-1.21.3/src/clients/kvno/kvno.c:249:16: return_function: returning to ‘read_pem_file’ from ‘read_line’
krb5-1.21.3/src/clients/kvno/kvno.c:250:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/kvno/kvno.c:256:13: branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:256:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/kvno/kvno.c:261:13: branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:263:13: danger: ‘fopen(file_name, "r")’ leaks here; was opened at [(2)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/1)
#  261|           if (*line == '\0' || strchr(line, ':') != NULL) {
#  262|               ret = EINVAL;
#  263|->             k5_setmsg(context, ret, _("Unexpected header line"));
#  264|               goto cleanup;
#  265|           }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def174]
krb5-1.21.3/src/clients/kvno/kvno.c:267:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(file_name, "r")’
krb5-1.21.3/src/clients/kvno/kvno.c:219:1: enter_function: entry to ‘read_pem_file’
krb5-1.21.3/src/clients/kvno/kvno.c:232:10: acquire_resource: opened here
krb5-1.21.3/src/clients/kvno/kvno.c:233:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:237:16: call_function: calling ‘read_line’ from ‘read_pem_file’
krb5-1.21.3/src/clients/kvno/kvno.c:237:16: return_function: returning to ‘read_pem_file’ from ‘read_line’
krb5-1.21.3/src/clients/kvno/kvno.c:238:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/kvno/kvno.c:243:13: branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:249:16: call_function: calling ‘read_line’ from ‘read_pem_file’
krb5-1.21.3/src/clients/kvno/kvno.c:249:16: return_function: returning to ‘read_pem_file’ from ‘read_line’
krb5-1.21.3/src/clients/kvno/kvno.c:250:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/kvno/kvno.c:256:13: branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:256:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/kvno/kvno.c:261:13: branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:261:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/kvno/kvno.c:261:30: branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:261:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/kvno/kvno.c:267:9: branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:267:9: danger: ‘fopen(file_name, "r")’ leaks here; was opened at [(2)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/1)
#  265|           }
#  266|   
#  267|->         k5_buf_add(&buf, line);
#  268|       }
#  269|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def175]
krb5-1.21.3/src/clients/kvno/kvno.c:270:11: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(file_name, "r")’
krb5-1.21.3/src/clients/kvno/kvno.c:219:1: enter_function: entry to ‘read_pem_file’
krb5-1.21.3/src/clients/kvno/kvno.c:232:10: acquire_resource: opened here
krb5-1.21.3/src/clients/kvno/kvno.c:233:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:237:16: call_function: calling ‘read_line’ from ‘read_pem_file’
krb5-1.21.3/src/clients/kvno/kvno.c:237:16: return_function: returning to ‘read_pem_file’ from ‘read_line’
krb5-1.21.3/src/clients/kvno/kvno.c:238:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/kvno/kvno.c:243:13: branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:249:16: call_function: calling ‘read_line’ from ‘read_pem_file’
krb5-1.21.3/src/clients/kvno/kvno.c:249:16: return_function: returning to ‘read_pem_file’ from ‘read_line’
krb5-1.21.3/src/clients/kvno/kvno.c:250:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/kvno/kvno.c:256:13: branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:270:11: danger: ‘fopen(file_name, "r")’ leaks here; was opened at [(2)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/1)
#  268|       }
#  269|   
#  270|->     b64 = k5_buf_cstring(&buf);
#  271|       if (b64 == NULL) {
#  272|           ret = ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def176]
krb5-1.21.3/src/clients/kvno/kvno.c:275:16: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(file_name, "r")’
krb5-1.21.3/src/clients/kvno/kvno.c:219:1: enter_function: entry to ‘read_pem_file’
krb5-1.21.3/src/clients/kvno/kvno.c:232:10: acquire_resource: opened here
krb5-1.21.3/src/clients/kvno/kvno.c:233:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:237:16: call_function: calling ‘read_line’ from ‘read_pem_file’
krb5-1.21.3/src/clients/kvno/kvno.c:237:16: return_function: returning to ‘read_pem_file’ from ‘read_line’
krb5-1.21.3/src/clients/kvno/kvno.c:238:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/kvno/kvno.c:243:13: branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:249:16: call_function: calling ‘read_line’ from ‘read_pem_file’
krb5-1.21.3/src/clients/kvno/kvno.c:249:16: return_function: returning to ‘read_pem_file’ from ‘read_line’
krb5-1.21.3/src/clients/kvno/kvno.c:250:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/kvno/kvno.c:256:13: branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:271:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/kvno/kvno.c:275:16: branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:275:16: danger: ‘fopen(file_name, "r")’ leaks here; was opened at [(2)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/1)
#  273|           goto cleanup;
#  274|       }
#  275|->     der_cert = k5_base64_decode(b64, &dlen);
#  276|       if (der_cert == NULL) {
#  277|           ret = EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def177]
krb5-1.21.3/src/clients/kvno/kvno.c:278:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(file_name, "r")’
krb5-1.21.3/src/clients/kvno/kvno.c:219:1: enter_function: entry to ‘read_pem_file’
krb5-1.21.3/src/clients/kvno/kvno.c:232:10: acquire_resource: opened here
krb5-1.21.3/src/clients/kvno/kvno.c:233:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:237:16: call_function: calling ‘read_line’ from ‘read_pem_file’
krb5-1.21.3/src/clients/kvno/kvno.c:237:16: return_function: returning to ‘read_pem_file’ from ‘read_line’
krb5-1.21.3/src/clients/kvno/kvno.c:238:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/kvno/kvno.c:243:13: branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:249:16: call_function: calling ‘read_line’ from ‘read_pem_file’
krb5-1.21.3/src/clients/kvno/kvno.c:249:16: return_function: returning to ‘read_pem_file’ from ‘read_line’
krb5-1.21.3/src/clients/kvno/kvno.c:250:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/kvno/kvno.c:256:13: branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:271:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/clients/kvno/kvno.c:275:16: branch_false: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:276:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/clients/kvno/kvno.c:278:33: branch_true: ...to here
krb5-1.21.3/src/clients/kvno/kvno.c:278:9: danger: ‘fopen(file_name, "r")’ leaks here; was opened at [(2)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/1)
#  276|       if (der_cert == NULL) {
#  277|           ret = EINVAL;
#  278|->         k5_setmsg(context, ret, _("Invalid base64"));
#  279|           goto cleanup;
#  280|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def178]
krb5-1.21.3/src/include/k5-int.h:2282:11: warning[-Wanalyzer-malloc-leak]: leak of ‘k5alloc((long unsigned int)(length + 1), &code)’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:123:1: enter_function: entry to ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:145:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: return_function: returning to ‘krb5_gss_import_name’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:206:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: following ‘false’ branch (when ‘input_name_type’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:212:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:237:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:238:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:238:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:240:21: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:250:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:251:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:251:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:253:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:254:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:257:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:257:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:258:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:258:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:260:23: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:261:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:264:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:264:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:265:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:265:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:267:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:269:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:270:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:275:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:28: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:20: call_function: calling ‘k5alloc’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:20: return_function: returning to ‘krb5_gss_import_name’ from ‘k5alloc’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:277:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:279:13: branch_false: ...to here
krb5-1.21.3/src/include/k5-int.h:2291:12: call_function: inlined call to ‘k5calloc’ from ‘k5alloc’
# 2280|   
# 2281|       /* Allocate at least one byte since zero-byte allocs may return NULL. */
# 2282|->     ptr = calloc(nmemb ? nmemb : 1, size ? size : 1);
# 2283|       *code = (ptr == NULL) ? ENOMEM : 0;
# 2284|       return ptr;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def179]
krb5-1.21.3/src/include/k5-int.h:2309:17: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*input_name_buffer.value, *input_name_buffer.length, & code)’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:123:1: enter_function: entry to ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:145:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: return_function: returning to ‘krb5_gss_import_name’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:206:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: following ‘false’ branch (when ‘input_name_type’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:212:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:237:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:238:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:238:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:240:21: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:250:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:251:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:251:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:253:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:254:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:257:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:257:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:258:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:258:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:260:23: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:261:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:264:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:264:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:265:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:265:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:267:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:269:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:270:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:275:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:28: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:20: call_function: calling ‘k5alloc’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:20: return_function: returning to ‘krb5_gss_import_name’ from ‘k5alloc’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:277:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:279:13: branch_false: ...to here
krb5-1.21.3/src/include/k5-int.h:2309:17: danger: ‘k5memdup0(*input_name_buffer.value, *input_name_buffer.length, & code)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/8)
# 2307|   k5memdup0(const void *in, size_t len, krb5_error_code *code)
# 2308|   {
# 2309|->     void *ptr = k5alloc(len + 1, code);
# 2310|   
# 2311|       if (ptr != NULL && len > 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def180]
krb5-1.21.3/src/include/k5-thread.h:358:12: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:182:1: enter_function: entry to ‘create_list_node’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:191:8: branch_false: following ‘false’ branch (when ‘list’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:196:20: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:196:20: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:197:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:201:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:204:8: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:209:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:212:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:217:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:217:11: call_function: inlined call to ‘k5_mutex_init’ from ‘create_list_node’
#  356|   static inline int k5_mutex_init(k5_mutex_t *m)
#  357|   {
#  358|->     return k5_os_mutex_init(m);
#  359|   }
#  360|   static inline int k5_mutex_finish_init(k5_mutex_t *m)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def181]
krb5-1.21.3/src/include/k5-thread.h:358:12: warning[-Wanalyzer-malloc-leak]: leak of ‘cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:504:1: enter_function: entry to ‘json_to_kgcred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:514:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:517:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:517:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:518:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:520:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:520:9: call_function: inlined call to ‘k5_mutex_init’ from ‘json_to_kgcred’
#  356|   static inline int k5_mutex_init(k5_mutex_t *m)
#  357|   {
#  358|->     return k5_os_mutex_init(m);
#  359|   }
#  360|   static inline int k5_mutex_finish_init(k5_mutex_t *m)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def182]
krb5-1.21.3/src/include/k5-thread.h:358:12: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:182:1: enter_function: entry to ‘create_list_node’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:191:8: branch_false: following ‘false’ branch (when ‘list’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:196:20: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:197:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:201:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:203:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:204:8: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:209:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:212:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:217:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:217:11: call_function: inlined call to ‘k5_mutex_init’ from ‘create_list_node’
#  356|   static inline int k5_mutex_init(k5_mutex_t *m)
#  357|   {
#  358|->     return k5_os_mutex_init(m);
#  359|   }
#  360|   static inline int k5_mutex_finish_init(k5_mutex_t *m)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def183]
krb5-1.21.3/src/include/k5-thread.h:358:12: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*token.value, *token.length, & ret)’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:592:1: enter_function: entry to ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:605:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: return_function: returning to ‘krb5_gss_import_cred’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:612:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:623:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:624:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: call_function: calling ‘check_element’ from ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: return_function: returning to ‘krb5_gss_import_cred’ from ‘check_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:627:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:628:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:627:9: branch_false: following ‘false’ branch (when the strings are equal)...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:630:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:630:9: call_function: calling ‘json_to_kgcred’ from ‘krb5_gss_import_cred’
#  356|   static inline int k5_mutex_init(k5_mutex_t *m)
#  357|   {
#  358|->     return k5_os_mutex_init(m);
#  359|   }
#  360|   static inline int k5_mutex_finish_init(k5_mutex_t *m)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def184]
krb5-1.21.3/src/include/k5-thread.h:358:12: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:182:1: enter_function: entry to ‘create_list_node’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:190:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:191:8: branch_false: following ‘false’ branch (when ‘list’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:196:20: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:197:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:201:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:204:8: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:209:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:212:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:217:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:217:11: call_function: inlined call to ‘k5_mutex_init’ from ‘create_list_node’
#  356|   static inline int k5_mutex_init(k5_mutex_t *m)
#  357|   {
#  358|->     return k5_os_mutex_init(m);
#  359|   }
#  360|   static inline int k5_mutex_finish_init(k5_mutex_t *m)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def185]
krb5-1.21.3/src/include/k5-thread.h:358:12: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:112:1: enter_function: entry to ‘json_to_kgname’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:119:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:121:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:121:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:124:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:124:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:126:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:126:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:127:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:129:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:129:9: call_function: inlined call to ‘k5_mutex_init’ from ‘json_to_kgname’
#  356|   static inline int k5_mutex_init(k5_mutex_t *m)
#  357|   {
#  358|->     return k5_os_mutex_init(m);
#  359|   }
#  360|   static inline int k5_mutex_finish_init(k5_mutex_t *m)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def186]
krb5-1.21.3/src/include/k5-thread.h:358:12: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/gssapi/krb5/acquire_cred.c:1355:1: enter_function: entry to ‘iakerb_gss_acquire_cred_from’
krb5-1.21.3/src/lib/gssapi/krb5/acquire_cred.c:1365:12: call_function: calling ‘acquire_cred_from’ from ‘iakerb_gss_acquire_cred_from’
#  356|   static inline int k5_mutex_init(k5_mutex_t *m)
#  357|   {
#  358|->     return k5_os_mutex_init(m);
#  359|   }
#  360|   static inline int k5_mutex_finish_init(k5_mutex_t *m)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def187]
krb5-1.21.3/src/include/k5-thread.h:369:13: warning[-Wanalyzer-malloc-leak]: leak of ‘n’
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:317:1: enter_function: entry to ‘krb5int_cc_typecursor_new’
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:322:9: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:323:8: branch_false: following ‘false’ branch (when ‘n’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:326:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:326:5: call_function: calling ‘k5_mutex_lock’ from ‘krb5int_cc_typecursor_new’
#  367|   static inline void k5_mutex_lock(k5_mutex_t *m)
#  368|   {
#  369|->     int r = k5_os_mutex_lock(m);
#  370|   #ifndef NDEBUG
#  371|       if (r != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def188]
krb5-1.21.3/src/include/k5-thread.h:369:13: warning[-Wanalyzer-malloc-leak]: leak of ‘pfx’
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:202:1: enter_function: entry to ‘krb5_cc_resolve’
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:210:8: branch_false: following ‘false’ branch (when ‘name’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:213:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:214:8: branch_false: following ‘false’ branch (when ‘cp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:221:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:223:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:225:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:226:12: branch_false: following ‘false’ branch (when ‘pfx’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:237:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:239:11: call_function: calling ‘krb5int_cc_getops’ from ‘krb5_cc_resolve’
#  367|   static inline void k5_mutex_lock(k5_mutex_t *m)
#  368|   {
#  369|->     int r = k5_os_mutex_lock(m);
#  370|   #ifndef NDEBUG
#  371|       if (r != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def189]
krb5-1.21.3/src/include/k5-thread.h:369:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c:64:1: enter_function: entry to ‘gss_krb5int_set_allowable_enctypes’
krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c:80:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c:81:5: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c:86:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c:97:27: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c:97:18: call_function: inlined call to ‘k5calloc’ from ‘gss_krb5int_set_allowable_enctypes’
 branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c:100:24: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c:105:8: branch_false: following ‘false’ branch (when ‘j != 0’)...
krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c:110:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c:110:5: call_function: calling ‘k5_mutex_lock’ from ‘gss_krb5int_set_allowable_enctypes’
#  367|   static inline void k5_mutex_lock(k5_mutex_t *m)
#  368|   {
#  369|->     int r = k5_os_mutex_lock(m);
#  370|   #ifndef NDEBUG
#  371|       if (r != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def190]
krb5-1.21.3/src/include/k5-thread.h:381:13: warning[-Wanalyzer-malloc-leak]: leak of ‘fileoff’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:438:1: enter_function: entry to ‘krb5_ktfile_start_seq_get’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:443:5: call_function: calling ‘k5_mutex_lock’ from ‘krb5_ktfile_start_seq_get’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:443:5: return_function: returning to ‘krb5_ktfile_start_seq_get’ from ‘k5_mutex_lock’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:452:29: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:452:8: branch_false: following ‘false’ branch (when ‘fileoff’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:458:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:460:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:462:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:463:9: call_function: calling ‘k5_mutex_unlock’ from ‘krb5_ktfile_start_seq_get’
#  379|   static inline void k5_mutex_unlock(k5_mutex_t *m)
#  380|   {
#  381|->     int r = k5_os_mutex_unlock(m);
#  382|   #ifndef NDEBUG
#  383|       if (r != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def191]
krb5-1.21.3/src/include/k5-thread.h:381:13: warning[-Wanalyzer-malloc-leak]: leak of ‘me_copy.mech.elements’
krb5-1.21.3/src/lib/gssapi/generic/util_errmap.c:242:11: enter_function: entry to ‘gssint_mecherrmap_map_errcode’
krb5-1.21.3/src/lib/gssapi/generic/util_errmap.c:244:12: call_function: calling ‘gssint_mecherrmap_map’ from ‘gssint_mecherrmap_map_errcode’
#  379|   static inline void k5_mutex_unlock(k5_mutex_t *m)
#  380|   {
#  381|->     int r = k5_os_mutex_unlock(m);
#  382|   #ifndef NDEBUG
#  383|       if (r != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def192]
krb5-1.21.3/src/include/k5-thread.h:381:13: warning[-Wanalyzer-malloc-leak]: leak of ‘n’
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:317:1: enter_function: entry to ‘krb5int_cc_typecursor_new’
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:322:9: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:323:8: branch_false: following ‘false’ branch (when ‘n’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:326:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:326:5: call_function: calling ‘k5_mutex_lock’ from ‘krb5int_cc_typecursor_new’
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:326:5: return_function: returning to ‘krb5int_cc_typecursor_new’ from ‘k5_mutex_lock’
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:328:5: call_function: calling ‘k5_mutex_unlock’ from ‘krb5int_cc_typecursor_new’
#  379|   static inline void k5_mutex_unlock(k5_mutex_t *m)
#  380|   {
#  381|->     int r = k5_os_mutex_unlock(m);
#  382|   #ifndef NDEBUG
#  383|       if (r != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def193]
krb5-1.21.3/src/include/k5-thread.h:381:13: warning[-Wanalyzer-malloc-leak]: leak of ‘pfx’
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:202:1: enter_function: entry to ‘krb5_cc_resolve’
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:210:8: branch_false: following ‘false’ branch (when ‘name’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:213:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:214:8: branch_false: following ‘false’ branch (when ‘cp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:221:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:223:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:225:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:226:12: branch_false: following ‘false’ branch (when ‘pfx’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:237:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:239:11: call_function: calling ‘krb5int_cc_getops’ from ‘krb5_cc_resolve’
#  379|   static inline void k5_mutex_unlock(k5_mutex_t *m)
#  380|   {
#  381|->     int r = k5_os_mutex_unlock(m);
#  382|   #ifndef NDEBUG
#  383|       if (r != 0) {

Error: COMPILER_WARNING (CWE-252): [#def194]
krb5-1.21.3/src/clients/ksu/ksu.h:30: included_from: Included from here.
krb5-1.21.3/src/clients/ksu/main.c:30: included_from: Included from here.
krb5-1.21.3/src/clients/ksu/main.c: scope_hint: In function ‘main’
krb5-1.21.3/src/include/k5-util.h:67:34: warning[-Wunused-result]: ignoring return value of ‘seteuid’ declared with attribute ‘warn_unused_result’
#   67 | #  define krb5_seteuid(EUID)    (seteuid((uid_t)(EUID)))
#      |                                 ~^~~~~~~~~~~~~~~~~~~~~~~
krb5-1.21.3/src/clients/ksu/main.c:571:13: note: in expansion of macro ‘krb5_seteuid’
#  571 |             krb5_seteuid(0); /*So we have some chance of sweeping up*/
#      |             ^~~~~~~~~~~~
#   65|   
#   66|   #if defined(HAVE_SETEUID)
#   67|-> #  define krb5_seteuid(EUID)    (seteuid((uid_t)(EUID)))
#   68|   #elif defined(HAVE_SETRESUID)
#   69|   #  define krb5_seteuid(EUID)    setresuid(getuid(), (uid_t)(EUID), geteuid())

Error: GCC_ANALYZER_WARNING (CWE-775): [#def195]
krb5-1.21.3/src/include/port-sockets.h:231:10: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:796:1: enter_function: entry to ‘kcm_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:805:11: call_function: calling ‘kcmio_connect’ from ‘kcm_gen_new’
#  229|   #endif
#  230|   
#  231|->     st = connect(fd, addr, addrlen);
#  232|       if (st == -1)
#  233|           return st;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def196]
krb5-1.21.3/src/include/port-sockets.h:231:10: warning[-Wanalyzer-malloc-leak]: leak of ‘io’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:796:1: enter_function: entry to ‘kcm_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:805:11: call_function: calling ‘kcmio_connect’ from ‘kcm_gen_new’
#  229|   #endif
#  230|   
#  231|->     st = connect(fd, addr, addrlen);
#  232|       if (st == -1)
#  233|           return st;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def197]
krb5-1.21.3/src/kadmin/cli/getdate.y:218:22: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693951].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  216|   
#  217|   time	: tUNUMBER tMERIDIAN {
#  218|-> 	    yyHour = $1;
#  219|   	    yyMinutes = 0;
#  220|   	    yySeconds = 0;

Error: GCC_ANALYZER_WARNING (CWE-127): [#def198]
krb5-1.21.3/src/kadmin/cli/getdate.y:224:22: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  222|   	}
#  223|   	| tUNUMBER ':' tUNUMBER o_merid {
#  224|-> 	    yyHour = $1;
#  225|   	    yyMinutes = $3;
#  226|   	    yySeconds = 0;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def199]
krb5-1.21.3/src/kadmin/cli/getdate.y:225:25: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693951].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  223|   	| tUNUMBER ':' tUNUMBER o_merid {
#  224|   	    yyHour = $1;
#  225|-> 	    yyMinutes = $3;
#  226|   	    yySeconds = 0;
#  227|   	    yyMeridian = $4;

Error: GCC_ANALYZER_WARNING (CWE-127): [#def200]
krb5-1.21.3/src/kadmin/cli/getdate.y:230:22: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  228|   	}
#  229|   	| tUNUMBER ':' tUNUMBER tSNUMBER {
#  230|-> 	    yyHour = $1;
#  231|   	    yyMinutes = $3;
#  232|   	    yyMeridian = MER24;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def201]
krb5-1.21.3/src/kadmin/cli/getdate.y:231:25: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693951].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  229|   	| tUNUMBER ':' tUNUMBER tSNUMBER {
#  230|   	    yyHour = $1;
#  231|-> 	    yyMinutes = $3;
#  232|   	    yyMeridian = MER24;
#  233|   	    yyDSTmode = DSToff;

Error: GCC_ANALYZER_WARNING (CWE-127): [#def202]
krb5-1.21.3/src/kadmin/cli/getdate.y:237:22: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  235|   	}
#  236|   	| tUNUMBER ':' tUNUMBER ':' tUNUMBER o_merid {
#  237|-> 	    yyHour = $1;
#  238|   	    yyMinutes = $3;
#  239|   	    yySeconds = $5;

Error: GCC_ANALYZER_WARNING (CWE-127): [#def203]
krb5-1.21.3/src/kadmin/cli/getdate.y:238:25: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  236|   	| tUNUMBER ':' tUNUMBER ':' tUNUMBER o_merid {
#  237|   	    yyHour = $1;
#  238|-> 	    yyMinutes = $3;
#  239|   	    yySeconds = $5;
#  240|   	    yyMeridian = $6;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def204]
krb5-1.21.3/src/kadmin/cli/getdate.y:239:25: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693951].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  237|   	    yyHour = $1;
#  238|   	    yyMinutes = $3;
#  239|-> 	    yySeconds = $5;
#  240|   	    yyMeridian = $6;
#  241|   	}

Error: GCC_ANALYZER_WARNING (CWE-127): [#def205]
krb5-1.21.3/src/kadmin/cli/getdate.y:243:22: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  241|   	}
#  242|   	| tUNUMBER ':' tUNUMBER ':' tUNUMBER tSNUMBER {
#  243|-> 	    yyHour = $1;
#  244|   	    yyMinutes = $3;
#  245|   	    yySeconds = $5;

Error: GCC_ANALYZER_WARNING (CWE-127): [#def206]
krb5-1.21.3/src/kadmin/cli/getdate.y:244:25: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  242|   	| tUNUMBER ':' tUNUMBER ':' tUNUMBER tSNUMBER {
#  243|   	    yyHour = $1;
#  244|-> 	    yyMinutes = $3;
#  245|   	    yySeconds = $5;
#  246|   	    yyMeridian = MER24;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def207]
krb5-1.21.3/src/kadmin/cli/getdate.y:245:25: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693951].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  243|   	    yyHour = $1;
#  244|   	    yyMinutes = $3;
#  245|-> 	    yySeconds = $5;
#  246|   	    yyMeridian = MER24;
#  247|   	    yyDSTmode = DSToff;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def208]
krb5-1.21.3/src/kadmin/cli/getdate.y:262:26: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693951].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  260|   	|
#  261|   	  tZONE tDST {
#  262|-> 	    yyTimezone = $1;
#  263|   	    yyDSTmode = DSTon;
#  264|   	}

Error: GCC_ANALYZER_WARNING (CWE-457): [#def209]
krb5-1.21.3/src/kadmin/cli/getdate.y:273:27: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693951].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  271|   	| tDAY ',' {
#  272|   	    yyDayOrdinal = 1;
#  273|-> 	    yyDayNumber = $1;
#  274|   	}
#  275|   	| tUNUMBER tDAY {

Error: GCC_ANALYZER_WARNING (CWE-457): [#def210]
krb5-1.21.3/src/kadmin/cli/getdate.y:276:28: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693951].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  274|   	}
#  275|   	| tUNUMBER tDAY {
#  276|-> 	    yyDayOrdinal = $1;
#  277|   	    yyDayNumber = $2;
#  278|   	}

Error: GCC_ANALYZER_WARNING (CWE-127): [#def211]
krb5-1.21.3/src/kadmin/cli/getdate.y:282:23: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  280|   
#  281|   date	: tUNUMBER '/' tUNUMBER {
#  282|-> 	    yyMonth = $1;
#  283|   	    yyDay = $3;
#  284|   	}

Error: GCC_ANALYZER_WARNING (CWE-457): [#def212]
krb5-1.21.3/src/kadmin/cli/getdate.y:282:23: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693950].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  280|   
#  281|   date	: tUNUMBER '/' tUNUMBER {
#  282|-> 	    yyMonth = $1;
#  283|   	    yyDay = $3;
#  284|   	}

Error: GCC_ANALYZER_WARNING (CWE-127): [#def213]
krb5-1.21.3/src/kadmin/cli/getdate.y:286:23: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  284|   	}
#  285|   	| tUNUMBER '/' tUNUMBER '/' tUNUMBER {
#  286|-> 	    yyMonth = $1;
#  287|   	    yyDay = $3;
#  288|   	    yyYear = $5;

Error: GCC_ANALYZER_WARNING (CWE-127): [#def214]
krb5-1.21.3/src/kadmin/cli/getdate.y:287:21: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  285|   	| tUNUMBER '/' tUNUMBER '/' tUNUMBER {
#  286|   	    yyMonth = $1;
#  287|-> 	    yyDay = $3;
#  288|   	    yyYear = $5;
#  289|   	}

Error: GCC_ANALYZER_WARNING (CWE-457): [#def215]
krb5-1.21.3/src/kadmin/cli/getdate.y:287:21: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693950].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  285|   	| tUNUMBER '/' tUNUMBER '/' tUNUMBER {
#  286|   	    yyMonth = $1;
#  287|-> 	    yyDay = $3;
#  288|   	    yyYear = $5;
#  289|   	}

Error: GCC_ANALYZER_WARNING (CWE-127): [#def216]
krb5-1.21.3/src/kadmin/cli/getdate.y:292:22: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  290|   	| tUNUMBER tSNUMBER tSNUMBER {
#  291|   	    /* ISO 8601 format.  yyyy-mm-dd.  */
#  292|-> 	    yyYear = $1;
#  293|   	    yyMonth = -$2;
#  294|   	    yyDay = -$3;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def217]
krb5-1.21.3/src/kadmin/cli/getdate.y:292:22: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693950].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  290|   	| tUNUMBER tSNUMBER tSNUMBER {
#  291|   	    /* ISO 8601 format.  yyyy-mm-dd.  */
#  292|-> 	    yyYear = $1;
#  293|   	    yyMonth = -$2;
#  294|   	    yyDay = -$3;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def218]
krb5-1.21.3/src/kadmin/cli/getdate.y:293:24: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693951].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  291|   	    /* ISO 8601 format.  yyyy-mm-dd.  */
#  292|   	    yyYear = $1;
#  293|-> 	    yyMonth = -$2;
#  294|   	    yyDay = -$3;
#  295|   	}

Error: GCC_ANALYZER_WARNING (CWE-127): [#def219]
krb5-1.21.3/src/kadmin/cli/getdate.y:298:21: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  296|   	| tUNUMBER tMONTH tSNUMBER {
#  297|   	    /* e.g. 17-JUN-1992.  */
#  298|-> 	    yyDay = $1;
#  299|   	    yyMonth = $2;
#  300|   	    yyYear = -$3;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def220]
krb5-1.21.3/src/kadmin/cli/getdate.y:298:21: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693950].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  296|   	| tUNUMBER tMONTH tSNUMBER {
#  297|   	    /* e.g. 17-JUN-1992.  */
#  298|-> 	    yyDay = $1;
#  299|   	    yyMonth = $2;
#  300|   	    yyYear = -$3;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def221]
krb5-1.21.3/src/kadmin/cli/getdate.y:299:23: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693951].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  297|   	    /* e.g. 17-JUN-1992.  */
#  298|   	    yyDay = $1;
#  299|-> 	    yyMonth = $2;
#  300|   	    yyYear = -$3;
#  301|   	}

Error: GCC_ANALYZER_WARNING (CWE-457): [#def222]
krb5-1.21.3/src/kadmin/cli/getdate.y:303:23: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693951].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  301|   	}
#  302|   	| tMONTH tUNUMBER {
#  303|-> 	    yyMonth = $1;
#  304|   	    yyDay = $2;
#  305|   	}

Error: GCC_ANALYZER_WARNING (CWE-127): [#def223]
krb5-1.21.3/src/kadmin/cli/getdate.y:307:23: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  305|   	}
#  306|   	| tMONTH tUNUMBER ',' tUNUMBER {
#  307|-> 	    yyMonth = $1;
#  308|   	    yyDay = $2;
#  309|   	    yyYear = $4;

Error: GCC_ANALYZER_WARNING (CWE-127): [#def224]
krb5-1.21.3/src/kadmin/cli/getdate.y:308:21: warning[-Wanalyzer-out-of-bounds]: stack-based buffer under-read
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  306|   	| tMONTH tUNUMBER ',' tUNUMBER {
#  307|   	    yyMonth = $1;
#  308|-> 	    yyDay = $2;
#  309|   	    yyYear = $4;
#  310|   	}

Error: GCC_ANALYZER_WARNING (CWE-457): [#def225]
krb5-1.21.3/src/kadmin/cli/getdate.y:308:21: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693950].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  306|   	| tMONTH tUNUMBER ',' tUNUMBER {
#  307|   	    yyMonth = $1;
#  308|-> 	    yyDay = $2;
#  309|   	    yyYear = $4;
#  310|   	}

Error: GCC_ANALYZER_WARNING (CWE-457): [#def226]
krb5-1.21.3/src/kadmin/cli/getdate.y:313:21: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693951].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  311|   	| tUNUMBER tMONTH {
#  312|   	    yyMonth = $2;
#  313|-> 	    yyDay = $1;
#  314|   	}
#  315|   	| tUNUMBER tMONTH tUNUMBER {

Error: GCC_ANALYZER_WARNING (CWE-457): [#def227]
krb5-1.21.3/src/kadmin/cli/getdate.y:316:23: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693951].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  314|   	}
#  315|   	| tUNUMBER tMONTH tUNUMBER {
#  316|-> 	    yyMonth = $2;
#  317|   	    yyDay = $1;
#  318|   	    yyYear = $3;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def228]
krb5-1.21.3/src/kadmin/cli/getdate.y:317:21: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693950].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  315|   	| tUNUMBER tMONTH tUNUMBER {
#  316|   	    yyMonth = $2;
#  317|-> 	    yyDay = $1;
#  318|   	    yyYear = $3;
#  319|   	}

Error: GCC_ANALYZER_WARNING (CWE-457): [#def229]
krb5-1.21.3/src/kadmin/cli/getdate.y:330:29: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693951].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  328|   
#  329|   relunit	: tUNUMBER tMINUTE_UNIT {
#  330|-> 	    yyRelSeconds += $1 * $2 * 60L;
#  331|   	}
#  332|   	| tSNUMBER tMINUTE_UNIT {

Error: GCC_ANALYZER_WARNING (CWE-457): [#def230]
krb5-1.21.3/src/kadmin/cli/getdate.y:333:29: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693951].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  331|   	}
#  332|   	| tSNUMBER tMINUTE_UNIT {
#  333|-> 	    yyRelSeconds += $1 * $2 * 60L;
#  334|   	}
#  335|   	| tMINUTE_UNIT {

Error: GCC_ANALYZER_WARNING (CWE-457): [#def231]
krb5-1.21.3/src/kadmin/cli/getdate.y:339:29: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693951].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  337|   	}
#  338|   	| tSNUMBER tSEC_UNIT {
#  339|-> 	    yyRelSeconds += $1;
#  340|   	}
#  341|   	| tUNUMBER tSEC_UNIT {

Error: GCC_ANALYZER_WARNING (CWE-457): [#def232]
krb5-1.21.3/src/kadmin/cli/getdate.y:342:29: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693951].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  340|   	}
#  341|   	| tUNUMBER tSEC_UNIT {
#  342|-> 	    yyRelSeconds += $1;
#  343|   	}
#  344|   	| tSEC_UNIT {

Error: GCC_ANALYZER_WARNING (CWE-457): [#def233]
krb5-1.21.3/src/kadmin/cli/getdate.y:348:27: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693951].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  346|   	}
#  347|   	| tSNUMBER tMONTH_UNIT {
#  348|-> 	    yyRelMonth += $1 * $2;
#  349|   	}
#  350|   	| tUNUMBER tMONTH_UNIT {

Error: GCC_ANALYZER_WARNING (CWE-457): [#def234]
krb5-1.21.3/src/kadmin/cli/getdate.y:351:27: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyvsp[2305843009213693951].Number’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
#  349|   	}
#  350|   	| tUNUMBER tMONTH_UNIT {
#  351|-> 	    yyRelMonth += $1 * $2;
#  352|   	}
#  353|   	| tMONTH_UNIT {

Error: COMPILER_WARNING: [#def235]
krb5-1.21.3/src/kadmin/cli/kadmin.c: scope_hint: In function ‘extended_com_err_fn’
krb5-1.21.3/src/kadmin/cli/kadmin.c:240:5: warning[-Wsuggest-attribute=format]: function ‘extended_com_err_fn’ might be a candidate for ‘gnu_printf’ format attribute
#  240 |     vfprintf(stderr, fmt, args);
#      |     ^~~~~~~~
#  238|           error("%s: ", myprog);
#  239|       }
#  240|->     vfprintf(stderr, fmt, args);
#  241|       error("\n");
#  242|   }

Error: COMPILER_WARNING (CWE-252): [#def236]
krb5-1.21.3/src/kadmin/cli/kadmin.c: scope_hint: In function ‘kadmin_startup’
krb5-1.21.3/src/kadmin/cli/kadmin.c:356:13: warning[-Wunused-result]: ignoring return value of ‘asprintf’ declared with attribute ‘warn_unused_result’
#  356 |             asprintf(&db_name, "dbname=%s", optarg);
#      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  354|               /* db_name has to be passed as part of the db_args. */
#  355|               free(db_name);
#  356|->             asprintf(&db_name, "dbname=%s", optarg);
#  357|   
#  358|               db_args_size++;

Error: COMPILER_WARNING (CWE-252): [#def237]
krb5-1.21.3/src/kadmin/cli/kadmin.c: scope_hint: In function ‘kadmin_delprinc’
krb5-1.21.3/src/kadmin/cli/kadmin.c:692:9: warning[-Wunused-result]: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’
#  692 |         fgets(reply, sizeof (reply), stdin);
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  690|           printf(_("Are you sure you want to delete the principal \"%s\"? "
#  691|                    "(yes/no): "), canon);
#  692|->         fgets(reply, sizeof (reply), stdin);
#  693|           if (strcmp("yes\n", reply)) {
#  694|               fprintf(stderr, _("Principal \"%s\" not deleted\n"), canon);

Error: COMPILER_WARNING (CWE-252): [#def238]
krb5-1.21.3/src/kadmin/cli/kadmin.c: scope_hint: In function ‘kadmin_renameprinc’
krb5-1.21.3/src/kadmin/cli/kadmin.c:753:9: warning[-Wunused-result]: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’
#  753 |         fgets(reply, sizeof(reply), stdin);
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  751|           printf(_("Are you sure you want to rename the principal \"%s\" "
#  752|                    "to \"%s\"? (yes/no): "), ocanon, ncanon);
#  753|->         fgets(reply, sizeof(reply), stdin);
#  754|           if (strcmp("yes\n", reply)) {
#  755|               fprintf(stderr, _("Principal \"%s\" not renamed\n"), ocanon);

Error: COMPILER_WARNING (CWE-252): [#def239]
krb5-1.21.3/src/kadmin/cli/kadmin.c: scope_hint: In function ‘kadmin_delpol’
krb5-1.21.3/src/kadmin/cli/kadmin.c:1716:9: warning[-Wunused-result]: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’
# 1716 |         fgets(reply, sizeof(reply), stdin);
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1714|           printf(_("Are you sure you want to delete the policy \"%s\"? "
# 1715|                    "(yes/no): "), argv[1]);
# 1716|->         fgets(reply, sizeof(reply), stdin);
# 1717|           if (strcmp("yes\n", reply)) {
# 1718|               fprintf(stderr, _("Policy \"%s\" not deleted.\n"), argv[1]);

Error: COMPILER_WARNING (CWE-704): [#def240]
krb5-1.21.3/src/kadmin/cli/kadmin_ct.c:10:13: warning[-Wlto-type-mismatch]: type of ‘kadmin_addprinc’ does not match original declaration
#   10 | extern void kadmin_addprinc __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1193:1: note: type mismatch in parameter 3
# 1193 | kadmin_addprinc(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1193:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/cli/kadmin.c:1193:1: note: ‘kadmin_addprinc’ was previously declared here
#    8|       (char const *)0
#    9|   };
#   10|-> extern void kadmin_addprinc __SS_PROTO;
#   11|   static char const * const ssu00002[] = {
#   12|   "delete_principal",

Error: COMPILER_WARNING (CWE-704): [#def241]
krb5-1.21.3/src/kadmin/cli/kadmin_ct.c:16:13: warning[-Wlto-type-mismatch]: type of ‘kadmin_delprinc’ does not match original declaration
#   16 | extern void kadmin_delprinc __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:666:1: note: type mismatch in parameter 3
#  666 | kadmin_delprinc(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:666:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/cli/kadmin.c:666:1: note: ‘kadmin_delprinc’ was previously declared here
#   14|       (char const *)0
#   15|   };
#   16|-> extern void kadmin_delprinc __SS_PROTO;
#   17|   static char const * const ssu00003[] = {
#   18|   "modify_principal",

Error: COMPILER_WARNING (CWE-704): [#def242]
krb5-1.21.3/src/kadmin/cli/kadmin_ct.c:22:13: warning[-Wlto-type-mismatch]: type of ‘kadmin_modprinc’ does not match original declaration
#   22 | extern void kadmin_modprinc __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1316:1: note: type mismatch in parameter 3
# 1316 | kadmin_modprinc(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1316:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/cli/kadmin.c:1316:1: note: ‘kadmin_modprinc’ was previously declared here
#   20|       (char const *)0
#   21|   };
#   22|-> extern void kadmin_modprinc __SS_PROTO;
#   23|   static char const * const ssu00004[] = {
#   24|   "rename_principal",

Error: COMPILER_WARNING (CWE-704): [#def243]
krb5-1.21.3/src/kadmin/cli/kadmin_ct.c:28:13: warning[-Wlto-type-mismatch]: type of ‘kadmin_renameprinc’ does not match original declaration
#   28 | extern void kadmin_renameprinc __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:714:1: note: type mismatch in parameter 3
#  714 | kadmin_renameprinc(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:714:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/cli/kadmin.c:714:1: note: ‘kadmin_renameprinc’ was previously declared here
#   26|       (char const *)0
#   27|   };
#   28|-> extern void kadmin_renameprinc __SS_PROTO;
#   29|   static char const * const ssu00005[] = {
#   30|   "change_password",

Error: COMPILER_WARNING (CWE-704): [#def244]
krb5-1.21.3/src/kadmin/cli/kadmin_ct.c:34:13: warning[-Wlto-type-mismatch]: type of ‘kadmin_cpw’ does not match original declaration
#   34 | extern void kadmin_cpw __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:787:1: note: type mismatch in parameter 3
#  787 | kadmin_cpw(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:787:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/cli/kadmin.c:787:1: note: ‘kadmin_cpw’ was previously declared here
#   32|       (char const *)0
#   33|   };
#   34|-> extern void kadmin_cpw __SS_PROTO;
#   35|   static char const * const ssu00006[] = {
#   36|   "get_principal",

Error: COMPILER_WARNING (CWE-704): [#def245]
krb5-1.21.3/src/kadmin/cli/kadmin_ct.c:40:13: warning[-Wlto-type-mismatch]: type of ‘kadmin_getprinc’ does not match original declaration
#   40 | extern void kadmin_getprinc __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1389:1: note: type mismatch in parameter 3
# 1389 | kadmin_getprinc(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1389:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/cli/kadmin.c:1389:1: note: ‘kadmin_getprinc’ was previously declared here
#   38|       (char const *)0
#   39|   };
#   40|-> extern void kadmin_getprinc __SS_PROTO;
#   41|   static char const * const ssu00007[] = {
#   42|   "list_principals",

Error: COMPILER_WARNING (CWE-704): [#def246]
krb5-1.21.3/src/kadmin/cli/kadmin_ct.c:48:13: warning[-Wlto-type-mismatch]: type of ‘kadmin_getprincs’ does not match original declaration
#   48 | extern void kadmin_getprincs __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1525:1: note: type mismatch in parameter 3
# 1525 | kadmin_getprincs(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1525:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/cli/kadmin.c:1525:1: note: ‘kadmin_getprincs’ was previously declared here
#   46|       (char const *)0
#   47|   };
#   48|-> extern void kadmin_getprincs __SS_PROTO;
#   49|   static char const * const ssu00008[] = {
#   50|   "add_policy",

Error: COMPILER_WARNING (CWE-704): [#def247]
krb5-1.21.3/src/kadmin/cli/kadmin_ct.c:54:13: warning[-Wlto-type-mismatch]: type of ‘kadmin_addpol’ does not match original declaration
#   54 | extern void kadmin_addpol __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1662:1: note: type mismatch in parameter 3
# 1662 | kadmin_addpol(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1662:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/cli/kadmin.c:1662:1: note: ‘kadmin_addpol’ was previously declared here
#   52|       (char const *)0
#   53|   };
#   54|-> extern void kadmin_addpol __SS_PROTO;
#   55|   static char const * const ssu00009[] = {
#   56|   "modify_policy",

Error: COMPILER_WARNING (CWE-704): [#def248]
krb5-1.21.3/src/kadmin/cli/kadmin_ct.c:60:13: warning[-Wlto-type-mismatch]: type of ‘kadmin_modpol’ does not match original declaration
#   60 | extern void kadmin_modpol __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1683:1: note: type mismatch in parameter 3
# 1683 | kadmin_modpol(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1683:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/cli/kadmin.c:1683:1: note: ‘kadmin_modpol’ was previously declared here
#   58|       (char const *)0
#   59|   };
#   60|-> extern void kadmin_modpol __SS_PROTO;
#   61|   static char const * const ssu00010[] = {
#   62|   "delete_policy",

Error: COMPILER_WARNING (CWE-704): [#def249]
krb5-1.21.3/src/kadmin/cli/kadmin_ct.c:66:13: warning[-Wlto-type-mismatch]: type of ‘kadmin_delpol’ does not match original declaration
#   66 | extern void kadmin_delpol __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1704:1: note: type mismatch in parameter 3
# 1704 | kadmin_delpol(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1704:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/cli/kadmin.c:1704:1: note: ‘kadmin_delpol’ was previously declared here
#   64|       (char const *)0
#   65|   };
#   66|-> extern void kadmin_delpol __SS_PROTO;
#   67|   static char const * const ssu00011[] = {
#   68|   "get_policy",

Error: COMPILER_WARNING (CWE-704): [#def250]
krb5-1.21.3/src/kadmin/cli/kadmin_ct.c:72:13: warning[-Wlto-type-mismatch]: type of ‘kadmin_getpol’ does not match original declaration
#   72 | extern void kadmin_getpol __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1730:1: note: type mismatch in parameter 3
# 1730 | kadmin_getpol(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1730:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/cli/kadmin.c:1730:1: note: ‘kadmin_getpol’ was previously declared here
#   70|       (char const *)0
#   71|   };
#   72|-> extern void kadmin_getpol __SS_PROTO;
#   73|   static char const * const ssu00012[] = {
#   74|   "list_policies",

Error: COMPILER_WARNING (CWE-704): [#def251]
krb5-1.21.3/src/kadmin/cli/kadmin_ct.c:80:13: warning[-Wlto-type-mismatch]: type of ‘kadmin_getpols’ does not match original declaration
#   80 | extern void kadmin_getpols __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1776:1: note: type mismatch in parameter 3
# 1776 | kadmin_getpols(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1776:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/cli/kadmin.c:1776:1: note: ‘kadmin_getpols’ was previously declared here
#   78|       (char const *)0
#   79|   };
#   80|-> extern void kadmin_getpols __SS_PROTO;
#   81|   static char const * const ssu00013[] = {
#   82|   "get_privs",

Error: COMPILER_WARNING (CWE-704): [#def252]
krb5-1.21.3/src/kadmin/cli/kadmin_ct.c:86:13: warning[-Wlto-type-mismatch]: type of ‘kadmin_getprivs’ does not match original declaration
#   86 | extern void kadmin_getprivs __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1798:1: note: type mismatch in parameter 3
# 1798 | kadmin_getprivs(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1798:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/cli/kadmin.c:1798:1: note: ‘kadmin_getprivs’ was previously declared here
#   84|       (char const *)0
#   85|   };
#   86|-> extern void kadmin_getprivs __SS_PROTO;
#   87|   static char const * const ssu00014[] = {
#   88|   "ktadd",

Error: COMPILER_WARNING (CWE-704): [#def253]
krb5-1.21.3/src/kadmin/cli/kadmin_ct.c:92:13: warning[-Wlto-type-mismatch]: type of ‘kadmin_keytab_add’ does not match original declaration
#   92 | extern void kadmin_keytab_add __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/cli/keytab.c:114:1: note: type mismatch in parameter 3
#  114 | kadmin_keytab_add(int argc, char **argv)
#      | ^
krb5-1.21.3/src/kadmin/cli/keytab.c:114:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/cli/keytab.c:114:1: note: ‘kadmin_keytab_add’ was previously declared here
#   90|       (char const *)0
#   91|   };
#   92|-> extern void kadmin_keytab_add __SS_PROTO;
#   93|   static char const * const ssu00015[] = {
#   94|   "ktremove",

Error: COMPILER_WARNING (CWE-704): [#def254]
krb5-1.21.3/src/kadmin/cli/kadmin_ct.c:98:13: warning[-Wlto-type-mismatch]: type of ‘kadmin_keytab_remove’ does not match original declaration
#   98 | extern void kadmin_keytab_remove __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/cli/keytab.c:206:1: note: type mismatch in parameter 3
#  206 | kadmin_keytab_remove(int argc, char **argv)
#      | ^
krb5-1.21.3/src/kadmin/cli/keytab.c:206:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/cli/keytab.c:206:1: note: ‘kadmin_keytab_remove’ was previously declared here
#   96|       (char const *)0
#   97|   };
#   98|-> extern void kadmin_keytab_remove __SS_PROTO;
#   99|   static char const * const ssu00016[] = {
#  100|   "lock",

Error: COMPILER_WARNING (CWE-704): [#def255]
krb5-1.21.3/src/kadmin/cli/kadmin_ct.c:103:13: warning[-Wlto-type-mismatch]: type of ‘kadmin_lock’ does not match original declaration
#  103 | extern void kadmin_lock __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:636:1: note: type mismatch in parameter 3
#  636 | kadmin_lock(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:636:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/cli/kadmin.c:636:1: note: ‘kadmin_lock’ was previously declared here
#  101|       (char const *)0
#  102|   };
#  103|-> extern void kadmin_lock __SS_PROTO;
#  104|   static char const * const ssu00017[] = {
#  105|   "unlock",

Error: COMPILER_WARNING (CWE-704): [#def256]
krb5-1.21.3/src/kadmin/cli/kadmin_ct.c:108:13: warning[-Wlto-type-mismatch]: type of ‘kadmin_unlock’ does not match original declaration
#  108 | extern void kadmin_unlock __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:651:1: note: type mismatch in parameter 3
#  651 | kadmin_unlock(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:651:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/cli/kadmin.c:651:1: note: ‘kadmin_unlock’ was previously declared here
#  106|       (char const *)0
#  107|   };
#  108|-> extern void kadmin_unlock __SS_PROTO;
#  109|   static char const * const ssu00018[] = {
#  110|   "purgekeys",

Error: COMPILER_WARNING (CWE-704): [#def257]
krb5-1.21.3/src/kadmin/cli/kadmin_ct.c:113:13: warning[-Wlto-type-mismatch]: type of ‘kadmin_purgekeys’ does not match original declaration
#  113 | extern void kadmin_purgekeys __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1823:1: note: type mismatch in parameter 3
# 1823 | kadmin_purgekeys(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1823:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/cli/kadmin.c:1823:1: note: ‘kadmin_purgekeys’ was previously declared here
#  111|       (char const *)0
#  112|   };
#  113|-> extern void kadmin_purgekeys __SS_PROTO;
#  114|   static char const * const ssu00019[] = {
#  115|   "get_strings",

Error: COMPILER_WARNING (CWE-704): [#def258]
krb5-1.21.3/src/kadmin/cli/kadmin_ct.c:119:13: warning[-Wlto-type-mismatch]: type of ‘kadmin_getstrings’ does not match original declaration
#  119 | extern void kadmin_getstrings __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1875:1: note: type mismatch in parameter 3
# 1875 | kadmin_getstrings(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1875:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/cli/kadmin.c:1875:1: note: ‘kadmin_getstrings’ was previously declared here
#  117|       (char const *)0
#  118|   };
#  119|-> extern void kadmin_getstrings __SS_PROTO;
#  120|   static char const * const ssu00020[] = {
#  121|   "set_string",

Error: COMPILER_WARNING (CWE-704): [#def259]
krb5-1.21.3/src/kadmin/cli/kadmin_ct.c:125:13: warning[-Wlto-type-mismatch]: type of ‘kadmin_setstring’ does not match original declaration
#  125 | extern void kadmin_setstring __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1921:1: note: type mismatch in parameter 3
# 1921 | kadmin_setstring(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1921:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/cli/kadmin.c:1921:1: note: ‘kadmin_setstring’ was previously declared here
#  123|       (char const *)0
#  124|   };
#  125|-> extern void kadmin_setstring __SS_PROTO;
#  126|   static char const * const ssu00021[] = {
#  127|   "del_string",

Error: COMPILER_WARNING (CWE-704): [#def260]
krb5-1.21.3/src/kadmin/cli/kadmin_ct.c:131:13: warning[-Wlto-type-mismatch]: type of ‘kadmin_delstring’ does not match original declaration
#  131 | extern void kadmin_delstring __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1962:1: note: type mismatch in parameter 3
# 1962 | kadmin_delstring(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/cli/kadmin.c:1962:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/cli/kadmin.c:1962:1: note: ‘kadmin_delstring’ was previously declared here
#  129|       (char const *)0
#  130|   };
#  131|-> extern void kadmin_delstring __SS_PROTO;
#  132|   static char const * const ssu00022[] = {
#  133|   "list_requests",

Error: GCC_ANALYZER_WARNING (CWE-457): [#def261]
krb5-1.21.3/src/kadmin/cli/y.tab.c:1224:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyss’
krb5-1.21.3/src/kadmin/cli/getdate.y:864:1: enter_function: entry to ‘get_date_rel’
krb5-1.21.3/src/kadmin/cli/getdate.y:880:12: branch_false: following ‘false’ branch (when ‘tm’ is non-NULL)...
krb5-1.21.3/src/kadmin/cli/getdate.y:882:9: branch_false: ...to here
krb5-1.21.3/src/kadmin/cli/getdate.y:884:12: branch_false: following ‘false’ branch (when ‘tm’ is non-NULL)...
krb5-1.21.3/src/kadmin/cli/getdate.y:886:24: branch_false: ...to here
krb5-1.21.3/src/kadmin/cli/getdate.y:890:8: branch_false: following ‘false’ branch (when ‘tm’ is non-NULL)...
krb5-1.21.3/src/kadmin/cli/getdate.y:892:14: branch_false: ...to here
krb5-1.21.3/src/kadmin/cli/getdate.y:948:9: call_function: calling ‘getdate_yyparse’ from ‘get_date_rel’
# 1222|           if (! yyptr)
# 1223|             YYNOMEM;
# 1224|->         YYSTACK_RELOCATE (yyss_alloc, yyss);
# 1225|           YYSTACK_RELOCATE (yyvs_alloc, yyvs);
# 1226|   #  undef YYSTACK_RELOCATE

Error: GCC_ANALYZER_WARNING (CWE-457): [#def262]
krb5-1.21.3/src/kadmin/cli/y.tab.c:1351:3: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
# 1349|        unconditionally makes the parser a bit smaller, and it avoids a
# 1350|        GCC warning that YYVAL may be used uninitialized.  */
# 1351|->   yyval = yyvsp[1-yylen];
# 1352|   
# 1353|   

Error: GCC_ANALYZER_WARNING: [#def263]
krb5-1.21.3/src/kadmin/dbutil/dump.c:239:5: warning[-Wanalyzer-fd-use-without-check]: ‘write’ on possibly invalid file descriptor ‘fd’
krb5-1.21.3/src/kadmin/dbutil/dump.c:1191:1: enter_function: entry to ‘dump_db’
krb5-1.21.3/src/kadmin/dbutil/dump.c:1277:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1292:9: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1292:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1300:9: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1352:8: branch_false: following ‘false’ branch (when ‘ofile’ is NULL)...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1364:9: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1372:8: branch_false: following ‘false’ branch (when ‘dump_sno == 0’)...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1385:9: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1389:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1395:9: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1403:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1404:9: branch_true: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1405:9: call_function: calling ‘finish_ofile’ from ‘dump_db’
krb5-1.21.3/src/kadmin/dbutil/dump.c:1405:9: return_function: returning to ‘dump_db’ from ‘finish_ofile’
krb5-1.21.3/src/kadmin/dbutil/dump.c:1406:9: call_function: calling ‘update_ok_file’ from ‘dump_db’
#  237|   update_ok_file(krb5_context context, int fd)
#  238|   {
#  239|->     write(fd, "", 1);
#  240|       krb5_lock_file(context, fd, KRB5_LOCKMODE_UNLOCK);
#  241|       close(fd);

Error: COMPILER_WARNING (CWE-252): [#def264]
krb5-1.21.3/src/kadmin/dbutil/dump.c: scope_hint: In function ‘update_ok_file’
krb5-1.21.3/src/kadmin/dbutil/dump.c:239:5: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  239 |     write(fd, "", 1);
#      |     ^~~~~~~~~~~~~~~~
#  237|   update_ok_file(krb5_context context, int fd)
#  238|   {
#  239|->     write(fd, "", 1);
#  240|       krb5_lock_file(context, fd, KRB5_LOCKMODE_UNLOCK);
#  241|       close(fd);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def265]
krb5-1.21.3/src/kadmin/dbutil/dump.c:1426:20: warning[-Wanalyzer-file-leak]: leak of FILE ‘f’
krb5-1.21.3/src/kadmin/dbutil/dump.c:1436:1: enter_function: entry to ‘load_db’
krb5-1.21.3/src/kadmin/dbutil/dump.c:1490:8: branch_true: following ‘true’ branch (when ‘dumpfile’ is non-NULL)...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1491:13: branch_true: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1491:13: acquire_resource: opened here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1492:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1502:9: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1502:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1507:9: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1507:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1516:25: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1547:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1552:12: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1558:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1583:8: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1594:9: call_function: calling ‘restore_dump’ from ‘load_db’
# 1424|   
# 1425|       /* Process the records. */
# 1426|->     while (!(err = dump->load_record(context, dumpfile, f, verbose, &lineno)));
# 1427|       if (err != -1) {
# 1428|           fprintf(stderr, _("%s: error processing line %d of %s\n"), progname,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def266]
krb5-1.21.3/src/kadmin/dbutil/dump.c:1532:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘f’
krb5-1.21.3/src/kadmin/dbutil/dump.c:1490:8: branch_true: following ‘true’ branch (when ‘dumpfile’ is non-NULL)...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1491:13: branch_true: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1491:13: acquire_resource: opened here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1492:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1502:9: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1502:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1507:9: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1507:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1516:25: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1531:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1532:9: branch_true: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1532:9: danger: ‘f’ leaks here; was opened at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
# 1530|   
# 1531|       if (global_params.iprop_enabled &&
# 1532|->         ulog_map(util_context, global_params.iprop_logfile,
# 1533|                    global_params.iprop_ulogsize)) {
# 1534|           fprintf(stderr, _("Could not open iprop ulog\n"));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def267]
krb5-1.21.3/src/kadmin/dbutil/dump.c:1547:14: warning[-Wanalyzer-file-leak]: leak of FILE ‘f’
krb5-1.21.3/src/kadmin/dbutil/dump.c:1490:8: branch_true: following ‘true’ branch (when ‘dumpfile’ is non-NULL)...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1491:13: branch_true: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1491:13: acquire_resource: opened here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1492:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1502:9: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1502:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1507:9: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1507:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1516:25: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1538:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1546:8: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1546:8: branch_true: following ‘true’ branch (when ‘update == 0’)...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1547:14: branch_true: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1547:14: danger: ‘f’ leaks here; was opened at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
# 1545|        * promote it to be the live db. */
# 1546|       if (!update) {
# 1547|->         if (!add_db_arg("temporary")) {
# 1548|               com_err(progname, ENOMEM, _("computing parameters for database"));
# 1549|               goto error;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def268]
krb5-1.21.3/src/kadmin/dbutil/dump.c:1548:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘f’
krb5-1.21.3/src/kadmin/dbutil/dump.c:1490:8: branch_true: following ‘true’ branch (when ‘dumpfile’ is non-NULL)...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1491:13: branch_true: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1491:13: acquire_resource: opened here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1492:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1502:9: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1502:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1507:9: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1507:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1516:25: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1538:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1546:8: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1546:8: branch_true: following ‘true’ branch (when ‘update == 0’)...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1547:14: branch_true: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1547:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1548:39: branch_true: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1548:13: danger: ‘f’ leaks here; was opened at [(3)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/2)
# 1546|       if (!update) {
# 1547|           if (!add_db_arg("temporary")) {
# 1548|->             com_err(progname, ENOMEM, _("computing parameters for database"));
# 1549|               goto error;
# 1550|           }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def269]
krb5-1.21.3/src/kadmin/dbutil/dump.c:1557:15: warning[-Wanalyzer-file-leak]: leak of FILE ‘f’
krb5-1.21.3/src/kadmin/dbutil/dump.c:1490:8: branch_true: following ‘true’ branch (when ‘dumpfile’ is non-NULL)...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1491:13: branch_true: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1491:13: acquire_resource: opened here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1492:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1502:9: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1502:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1507:9: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1507:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1516:25: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1538:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1546:8: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1546:8: branch_true: following ‘true’ branch (when ‘update == 0’)...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1547:14: branch_true: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1547:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1552:12: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1557:15: danger: ‘f’ leaks here; was opened at [(3)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/2)
# 1555|           }
# 1556|   
# 1557|->         ret = krb5_db_create(util_context, db5util_db_args);
# 1558|           if (ret) {
# 1559|               com_err(progname, ret, _("while creating database"));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def270]
krb5-1.21.3/src/kadmin/dbutil/dump.c:1559:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘f’
krb5-1.21.3/src/kadmin/dbutil/dump.c:1490:8: branch_true: following ‘true’ branch (when ‘dumpfile’ is non-NULL)...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1491:13: branch_true: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1491:13: acquire_resource: opened here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1492:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1502:9: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1502:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1507:9: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1507:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1516:25: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1538:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1546:8: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1546:8: branch_true: following ‘true’ branch (when ‘update == 0’)...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1547:14: branch_true: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1547:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1552:12: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1558:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1559:36: branch_true: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1559:13: danger: ‘f’ leaks here; was opened at [(3)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/2)
# 1557|           ret = krb5_db_create(util_context, db5util_db_args);
# 1558|           if (ret) {
# 1559|->             com_err(progname, ret, _("while creating database"));
# 1560|               goto error;
# 1561|           }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def271]
krb5-1.21.3/src/kadmin/dbutil/dump.c:1659:5: warning[-Wanalyzer-file-leak]: leak of FILE ‘f’
krb5-1.21.3/src/kadmin/dbutil/dump.c:1490:8: branch_true: following ‘true’ branch (when ‘dumpfile’ is non-NULL)...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1491:13: branch_true: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1491:13: acquire_resource: opened here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1492:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1502:9: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1656:8: branch_true: following ‘true’ branch (when ‘f’ is non-NULL)...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1656:22: branch_true: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1656:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/dump.c:1659:5: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/dump.c:1659:5: danger: ‘f’ leaks here; was opened at [(3)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/2)
# 1657|           fclose(f);
# 1658|   
# 1659|->     return;
# 1660|   
# 1661|   error:

Error: GCC_ANALYZER_WARNING (CWE-476): [#def272]
krb5-1.21.3/src/kadmin/dbutil/kdb5_create.c:193:5: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
krb5-1.21.3/src/kadmin/dbutil/kdb5_create.c:181:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/kdb5_create.c:189:5: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/kdb5_create.c:193:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/kdb5_create.c:193:5: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/kdb5_create.c:193:5: danger: dereference of NULL ‘<unknown>’
#  191|       krb5_princ_set_realm_data(util_context, &tgt_princ, global_params.realm);
#  192|       krb5_princ_set_realm_length(util_context, &tgt_princ, strlen(global_params.realm));
#  193|->     krb5_princ_component(util_context, &tgt_princ,1)->data = global_params.realm;
#  194|       krb5_princ_component(util_context, &tgt_princ,1)->length = strlen(global_params.realm);
#  195|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def273]
krb5-1.21.3/src/kadmin/dbutil/kdb5_create.c:194:5: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
krb5-1.21.3/src/kadmin/dbutil/kdb5_create.c:181:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/kdb5_create.c:189:5: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/kdb5_create.c:193:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/kadmin/dbutil/kdb5_create.c:193:5: branch_true: ...to here
krb5-1.21.3/src/kadmin/dbutil/kdb5_create.c:194:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/dbutil/kdb5_create.c:194:5: branch_false: ...to here
krb5-1.21.3/src/kadmin/dbutil/kdb5_create.c:194:5: danger: dereference of NULL ‘<unknown>’
#  192|       krb5_princ_set_realm_length(util_context, &tgt_princ, strlen(global_params.realm));
#  193|       krb5_princ_component(util_context, &tgt_princ,1)->data = global_params.realm;
#  194|->     krb5_princ_component(util_context, &tgt_princ,1)->length = strlen(global_params.realm);
#  195|   
#  196|       printf(_("Initializing database '%s' for realm '%s',\n"

Error: GCC_ANALYZER_WARNING (CWE-688): [#def274]
krb5-1.21.3/src/kadmin/dbutil/kdb5_mkey.c:341:5: warning[-Wanalyzer-null-argument]: use of NULL where non-null expected
krb5-1.21.3/src/kadmin/dbutil/kdb5_mkey.c:341:5: release_memory: using NULL here
krb5-1.21.3/src/kadmin/dbutil/kdb5_mkey.c:342:10: release_memory: using NULL here
krb5-1.21.3/src/kadmin/dbutil/kdb5_mkey.c:341:5: release_memory: using NULL here
krb5-1.21.3/src/kadmin/dbutil/kdb5_mkey.c:342:10: release_memory: using NULL here
krb5-1.21.3/src/kadmin/dbutil/kdb5_mkey.c:341:5: danger: argument 1 (‘new_mkeyblock.contents’) NULL where non-null expected
#  339|       /* clean up */
#  340|       krb5_db_free_principal(util_context, master_entry);
#  341|->     zap((char *)new_mkeyblock.contents, new_mkeyblock.length);
#  342|       free(new_mkeyblock.contents);
#  343|       if (pw_str) {

Error: COMPILER_WARNING: [#def275]
krb5-1.21.3/src/kadmin/dbutil/kdb5_util.c: scope_hint: In function ‘extended_com_err_fn’
krb5-1.21.3/src/kadmin/dbutil/kdb5_util.c:177:5: warning[-Wsuggest-attribute=format]: function ‘extended_com_err_fn’ might be a candidate for ‘gnu_printf’ format attribute
#  177 |     vfprintf (stderr, fmt, args);
#      |     ^~~~~~~~
#  175|           fprintf (stderr, "%s: ", myprog);
#  176|       }
#  177|->     vfprintf (stderr, fmt, args);
#  178|       fprintf (stderr, "\n");
#  179|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def276]
krb5-1.21.3/src/kadmin/dbutil/tabdump.c:587:14: warning[-Wanalyzer-file-leak]: leak of FILE ‘args.f’
krb5-1.21.3/src/kadmin/dbutil/tabdump.c:606:1: enter_function: entry to ‘tabdump’
krb5-1.21.3/src/kadmin/dbutil/tabdump.c:644:17: branch_true: following ‘true’ branch (when ‘i != 7’)...
krb5-1.21.3/src/kadmin/dbutil/tabdump.c:645:13: branch_true: ...to here
krb5-1.21.3/src/kadmin/dbutil/tabdump.c:645:12: branch_true: following ‘true’ branch (when the strings are equal)...
krb5-1.21.3/src/kadmin/dbutil/tabdump.c:646:13: branch_true: ...to here
krb5-1.21.3/src/kadmin/dbutil/tabdump.c:646:13: call_function: calling ‘setup_args’ from ‘tabdump’
#  585|           rh = rechandle_csv(f, rectype);
#  586|       else
#  587|->         rh = rechandle_tabsep(f, rectype);
#  588|       if (rh == NULL)
#  589|           return ENOMEM;

Error: COMPILER_WARNING: [#def277]
krb5-1.21.3/src/kadmin/dbutil/tdumputil.c: scope_hint: In function ‘writequoted’
krb5-1.21.3/src/kadmin/dbutil/tdumputil.c:109:5: warning[-Wsuggest-attribute=format]: function ‘writequoted’ might be a candidate for ‘gnu_printf’ format attribute
#  109 |     ret = vasprintf(&s, fmt, ap);
#      |     ^~~
#  107|   
#  108|       assert(fl.quotechar != '\0');
#  109|->     ret = vasprintf(&s, fmt, ap);
#  110|       if (ret < 0)
#  111|           return ret;

Error: COMPILER_WARNING (CWE-704): [#def278]
krb5-1.21.3/src/kadmin/ktutil/ktutil_ct.c:9:13: warning[-Wlto-type-mismatch]: type of ‘ktutil_clear_list’ does not match original declaration
#    9 | extern void ktutil_clear_list __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:66:1: note: type mismatch in parameter 3
#   66 | ktutil_clear_list(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:66:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:66:1: note: ‘ktutil_clear_list’ was previously declared here
#    7|       (char const *)0
#    8|   };
#    9|-> extern void ktutil_clear_list __SS_PROTO;
#   10|   static char const * const ssu00002[] = {
#   11|   "read_kt",

Error: COMPILER_WARNING (CWE-704): [#def279]
krb5-1.21.3/src/kadmin/ktutil/ktutil_ct.c:15:13: warning[-Wlto-type-mismatch]: type of ‘ktutil_read_v5’ does not match original declaration
#   15 | extern void ktutil_read_v5 __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:81:1: note: type mismatch in parameter 3
#   81 | ktutil_read_v5(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:81:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:81:1: note: ‘ktutil_read_v5’ was previously declared here
#   13|       (char const *)0
#   14|   };
#   15|-> extern void ktutil_read_v5 __SS_PROTO;
#   16|   static char const * const ssu00003[] = {
#   17|   "read_st",

Error: COMPILER_WARNING (CWE-704): [#def280]
krb5-1.21.3/src/kadmin/ktutil/ktutil_ct.c:21:13: warning[-Wlto-type-mismatch]: type of ‘ktutil_read_v4’ does not match original declaration
#   21 | extern void ktutil_read_v4 __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:95:1: note: type mismatch in parameter 3
#   95 | ktutil_read_v4(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:95:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:95:1: note: ‘ktutil_read_v4’ was previously declared here
#   19|       (char const *)0
#   20|   };
#   21|-> extern void ktutil_read_v4 __SS_PROTO;
#   22|   static char const * const ssu00004[] = {
#   23|   "write_kt",

Error: COMPILER_WARNING (CWE-704): [#def281]
krb5-1.21.3/src/kadmin/ktutil/ktutil_ct.c:27:13: warning[-Wlto-type-mismatch]: type of ‘ktutil_write_v5’ does not match original declaration
#   27 | extern void ktutil_write_v5 __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:102:1: note: type mismatch in parameter 3
#  102 | ktutil_write_v5(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:102:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:102:1: note: ‘ktutil_write_v5’ was previously declared here
#   25|       (char const *)0
#   26|   };
#   27|-> extern void ktutil_write_v5 __SS_PROTO;
#   28|   static char const * const ssu00005[] = {
#   29|   "write_st",

Error: COMPILER_WARNING (CWE-704): [#def282]
krb5-1.21.3/src/kadmin/ktutil/ktutil_ct.c:33:13: warning[-Wlto-type-mismatch]: type of ‘ktutil_write_v4’ does not match original declaration
#   33 | extern void ktutil_write_v4 __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:116:1: note: type mismatch in parameter 3
#  116 | ktutil_write_v4(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:116:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:116:1: note: ‘ktutil_write_v4’ was previously declared here
#   31|       (char const *)0
#   32|   };
#   33|-> extern void ktutil_write_v4 __SS_PROTO;
#   34|   static char const * const ssu00006[] = {
#   35|   "add_entry",

Error: COMPILER_WARNING (CWE-704): [#def283]
krb5-1.21.3/src/kadmin/ktutil/ktutil_ct.c:39:13: warning[-Wlto-type-mismatch]: type of ‘ktutil_add_entry’ does not match original declaration
#   39 | extern void ktutil_add_entry __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:123:1: note: type mismatch in parameter 3
#  123 | ktutil_add_entry(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:123:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:123:1: note: ‘ktutil_add_entry’ was previously declared here
#   37|       (char const *)0
#   38|   };
#   39|-> extern void ktutil_add_entry __SS_PROTO;
#   40|   static char const * const ssu00007[] = {
#   41|   "delete_entry",

Error: COMPILER_WARNING (CWE-704): [#def284]
krb5-1.21.3/src/kadmin/ktutil/ktutil_ct.c:45:13: warning[-Wlto-type-mismatch]: type of ‘ktutil_delete_entry’ does not match original declaration
#   45 | extern void ktutil_delete_entry __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:180:1: note: type mismatch in parameter 3
#  180 | ktutil_delete_entry(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:180:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:180:1: note: ‘ktutil_delete_entry’ was previously declared here
#   43|       (char const *)0
#   44|   };
#   45|-> extern void ktutil_delete_entry __SS_PROTO;
#   46|   static char const * const ssu00008[] = {
#   47|   "list",

Error: COMPILER_WARNING (CWE-704): [#def285]
krb5-1.21.3/src/kadmin/ktutil/ktutil_ct.c:51:13: warning[-Wlto-type-mismatch]: type of ‘ktutil_list’ does not match original declaration
#   51 | extern void ktutil_list __SS_PROTO;
#      |             ^
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:194:1: note: type mismatch in parameter 3
#  194 | ktutil_list(int argc, char *argv[])
#      | ^
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:194:1: note: type ‘void’ should match type ‘int’
krb5-1.21.3/src/kadmin/ktutil/ktutil.c:194:1: note: ‘ktutil_list’ was previously declared here
#   49|       (char const *)0
#   50|   };
#   51|-> extern void ktutil_list __SS_PROTO;
#   52|   static char const * const ssu00009[] = {
#   53|   "list_requests",

Error: COMPILER_WARNING (CWE-252): [#def286]
krb5-1.21.3/src/kadmin/ktutil/ktutil_funcs.c: scope_hint: In function ‘ktutil_add’
krb5-1.21.3/src/kadmin/ktutil/ktutil_funcs.c:206:9: warning[-Wunused-result]: ignoring return value of ‘fgets’ declared with attribute ‘warn_unused_result’
#  206 |         fgets(buf, BUFSIZ, stdin);
#      |         ^~~~~~~~~~~~~~~~~~~~~~~~~
#  204|       } else {
#  205|           printf(_("Key for %s (hex): "), princ_full);
#  206|->         fgets(buf, BUFSIZ, stdin);
#  207|           /*
#  208|            * We need to get rid of the trailing '\n' from fgets.

Error: CPPCHECK_WARNING (CWE-476): [#def287]
krb5-1.21.3/src/kadmin/server/auth_acl.c:395: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: state
#  393|       int lineno, incr;
#  394|   
#  395|->     state->list = NULL;
#  396|   
#  397|       /* Open the ACL file for reading. */

Error: CPPCHECK_WARNING (CWE-476): [#def288]
krb5-1.21.3/src/kadmin/server/auth_acl.c:557: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: state
#  555|           return KRB5_PLUGIN_NO_HANDLE;
#  556|       state = malloc(sizeof(*state));
#  557|->     state->list = NULL;
#  558|       ret = load_acl_file(context, acl_file, state);
#  559|       if (ret) {

Error: GCC_ANALYZER_WARNING (CWE-688): [#def289]
krb5-1.21.3/src/kadmin/server/schpw.c:268:20: warning[-Wanalyzer-null-argument]: use of NULL ‘targetstr’ where non-null expected
krb5-1.21.3/src/kadmin/server/schpw.c:433:1: enter_function: entry to ‘dispatch’
krb5-1.21.3/src/kadmin/server/schpw.c:444:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kadmin/server/schpw.c:452:16: call_function: inlined call to ‘k5alloc’ from ‘dispatch’
krb5-1.21.3/src/kadmin/server/schpw.c:456:11: branch_false: ...to here
krb5-1.21.3/src/kadmin/server/schpw.c:456:11: call_function: calling ‘process_chpw_request’ from ‘dispatch’
#argument 1 of ‘__builtin_strlen’ must be non-null
#  266|               targetp = targetstr;
#  267|           } else {
#  268|->             tlen = strlen(targetstr);
#  269|               trunc_name(&tlen, &tdots);
#  270|               targetp = clientstr;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def290]
krb5-1.21.3/src/kdc/dispatch.c:181:18: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘realm’
krb5-1.21.3/src/kdc/dispatch.c:90:1: enter_function: entry to ‘dispatch’
krb5-1.21.3/src/kdc/dispatch.c:101:13: call_function: inlined call to ‘k5alloc’ from ‘dispatch’
krb5-1.21.3/src/kdc/dispatch.c:106:5: branch_false: ...to here
krb5-1.21.3/src/kdc/dispatch.c:116:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/kdc/dispatch.c:122:26: branch_true: ...to here
krb5-1.21.3/src/kdc/dispatch.c:135:9: call_function: calling ‘finish_dispatch’ from ‘dispatch’
#  179|   make_too_big_error(kdc_realm_t *realm, krb5_data **out)
#  180|   {
#  181|->     krb5_context context = realm->realm_context;
#  182|       krb5_error errpkt;
#  183|       krb5_error_code retval;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def291]
krb5-1.21.3/src/kdc/do_tgs_req.c:200:21: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘request’
krb5-1.21.3/src/kdc/do_tgs_req.c:1164:1: enter_function: entry to ‘process_tgs_req’
krb5-1.21.3/src/kdc/do_tgs_req.c:1179:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/kdc/do_tgs_req.c:1180:9: branch_true: ...to here
krb5-1.21.3/src/kdc/do_tgs_req.c:1202:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/kdc/do_tgs_req.c:1203:9: branch_true: ...to here
krb5-1.21.3/src/kdc/do_tgs_req.c:1205:8: branch_true: following ‘true’ branch (when ‘ret != 0’)...
krb5-1.21.3/src/kdc/do_tgs_req.c:1206:16: branch_true: ...to here
krb5-1.21.3/src/kdc/do_tgs_req.c:1207:9: release_memory: using NULL here
krb5-1.21.3/src/kdc/do_tgs_req.c:1211:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kdc/do_tgs_req.c:1217:16: branch_false: ...to here
krb5-1.21.3/src/kdc/do_tgs_req.c:1217:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/kdc/do_tgs_req.c:1218:15: branch_true: ...to here
krb5-1.21.3/src/kdc/do_tgs_req.c:1218:15: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kdc/do_tgs_req.c:1218:15: branch_false: ...to here
krb5-1.21.3/src/kdc/do_tgs_req.c:1218:15: release_memory: using NULL here
krb5-1.21.3/src/kdc/do_tgs_req.c:1218:15: call_function: calling ‘prepare_error_tgs’ from ‘process_tgs_req’
#  198|           return(retval);
#  199|       errpkt.error = errcode_to_protocol(code);
#  200|->     errpkt.server = request->server;
#  201|       if (ticket && ticket->enc_part2)
#  202|           errpkt.client = ticket->enc_part2->client;

Error: CPPCHECK_WARNING (CWE-758): [#def292]
krb5-1.21.3/src/kdc/kdc_authdata.c:131: warning[objectIndex]: The address of variable 'ad_type' might be accessed at non-zero index.
#  129|   
#  130|       for (i = 0; i < count; i++) {
#  131|->         switch (ad_types[i]) {
#  132|           case KRB5_AUTHDATA_SIGNTICKET:
#  133|           case KRB5_AUTHDATA_KDC_ISSUED:

Error: GCC_ANALYZER_WARNING (CWE-122): [#def293]
krb5-1.21.3/src/kdc/kdc_preauth.c:665:13: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
krb5-1.21.3/src/kdc/kdc_preauth.c:1395:1: enter_function: entry to ‘return_padata’
krb5-1.21.3/src/kdc/kdc_preauth.c:1415:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kdc/kdc_preauth.c:1420:10: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_preauth.c:1420:32: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kdc/kdc_preauth.c:1425:25: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_preauth.c:1425:16: call_function: inlined call to ‘k5calloc’ from ‘return_padata’
krb5-1.21.3/src/kdc/kdc_preauth.c:1428:5: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_preauth.c:1428:5: call_function: calling ‘sort_pa_order’ from ‘return_padata’
#  663|       for (j = 0; j < n_preauth_systems; j++) {
#  664|           if (preauth_systems[j].return_padata != NULL)
#  665|->             pa_order[i++] = j;
#  666|       }
#  667|       n_repliers = i;

Error: GCC_ANALYZER_WARNING (CWE-126): [#def294]
krb5-1.21.3/src/kdc/kdc_preauth.c:674:29: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read
krb5-1.21.3/src/kdc/kdc_preauth.c:1395:1: enter_function: entry to ‘return_padata’
krb5-1.21.3/src/kdc/kdc_preauth.c:1415:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kdc/kdc_preauth.c:1420:10: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_preauth.c:1420:32: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kdc/kdc_preauth.c:1425:25: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_preauth.c:1425:16: call_function: inlined call to ‘k5calloc’ from ‘return_padata’
krb5-1.21.3/src/kdc/kdc_preauth.c:1428:5: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_preauth.c:1428:5: call_function: calling ‘sort_pa_order’ from ‘return_padata’
#  672|           /* If this module replaces the key, then it's okay to leave it where it
#  673|            * is in the order. */
#  674|->         if (preauth_systems[pa_order[i]].flags & PA_REPLACES_KEY)
#  675|               continue;
#  676|           /* If not, search for a module which does, and swap in the first one we

Error: GCC_ANALYZER_WARNING (CWE-126): [#def295]
krb5-1.21.3/src/kdc/kdc_preauth.c:679:33: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read
krb5-1.21.3/src/kdc/kdc_preauth.c:1395:1: enter_function: entry to ‘return_padata’
krb5-1.21.3/src/kdc/kdc_preauth.c:1415:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kdc/kdc_preauth.c:1420:10: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_preauth.c:1420:32: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kdc/kdc_preauth.c:1425:25: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_preauth.c:1425:16: call_function: inlined call to ‘k5calloc’ from ‘return_padata’
krb5-1.21.3/src/kdc/kdc_preauth.c:1428:5: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_preauth.c:1428:5: call_function: calling ‘sort_pa_order’ from ‘return_padata’
#  677|            * find. */
#  678|           for (j = i + 1; j < n_repliers; j++) {
#  679|->             if (preauth_systems[pa_order[j]].flags & PA_REPLACES_KEY) {
#  680|                   k = pa_order[j];
#  681|                   pa_order[j] = pa_order[i];

Error: GCC_ANALYZER_WARNING (CWE-122): [#def296]
krb5-1.21.3/src/kdc/kdc_preauth.c:681:17: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
krb5-1.21.3/src/kdc/kdc_preauth.c:1395:1: enter_function: entry to ‘return_padata’
krb5-1.21.3/src/kdc/kdc_preauth.c:1415:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kdc/kdc_preauth.c:1420:10: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_preauth.c:1420:32: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kdc/kdc_preauth.c:1425:25: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_preauth.c:1425:16: call_function: inlined call to ‘k5calloc’ from ‘return_padata’
krb5-1.21.3/src/kdc/kdc_preauth.c:1428:5: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_preauth.c:1428:5: call_function: calling ‘sort_pa_order’ from ‘return_padata’
#  679|               if (preauth_systems[pa_order[j]].flags & PA_REPLACES_KEY) {
#  680|                   k = pa_order[j];
#  681|->                 pa_order[j] = pa_order[i];
#  682|                   pa_order[i] = k;
#  683|                   break;

Error: GCC_ANALYZER_WARNING (CWE-126): [#def297]
krb5-1.21.3/src/kdc/kdc_preauth.c:704:54: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read
krb5-1.21.3/src/kdc/kdc_preauth.c:1395:1: enter_function: entry to ‘return_padata’
krb5-1.21.3/src/kdc/kdc_preauth.c:1415:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kdc/kdc_preauth.c:1420:10: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_preauth.c:1420:32: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kdc/kdc_preauth.c:1425:25: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_preauth.c:1425:16: call_function: inlined call to ‘k5calloc’ from ‘return_padata’
krb5-1.21.3/src/kdc/kdc_preauth.c:1428:5: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_preauth.c:1428:5: call_function: calling ‘sort_pa_order’ from ‘return_padata’
#  702|               for (j = i + 1; j < n_key_replacers; j++) {
#  703|                   if (pa_list_includes(request->padata,
#  704|->                                      preauth_systems[pa_order[j]].type)) {
#  705|                       k = pa_order[j];
#  706|                       pa_order[j] = pa_order[i];

Error: GCC_ANALYZER_WARNING (CWE-126): [#def298]
krb5-1.21.3/src/kdc/kdc_preauth.c:1438:30: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read
krb5-1.21.3/src/kdc/kdc_preauth.c:1395:1: enter_function: entry to ‘return_padata’
krb5-1.21.3/src/kdc/kdc_preauth.c:1415:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kdc/kdc_preauth.c:1420:10: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_preauth.c:1420:32: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kdc/kdc_preauth.c:1425:25: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_preauth.c:1425:16: call_function: inlined call to ‘k5calloc’ from ‘return_padata’
krb5-1.21.3/src/kdc/kdc_preauth.c:1428:5: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_preauth.c:1428:5: call_function: calling ‘sort_pa_order’ from ‘return_padata’
krb5-1.21.3/src/kdc/kdc_preauth.c:1428:5: return_function: returning to ‘return_padata’ from ‘sort_pa_order’
krb5-1.21.3/src/kdc/kdc_preauth.c:1432:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kdc/kdc_preauth.c:1435:5: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_preauth.c:1438:30: branch_true: following ‘true’ branch...
krb5-1.21.3/src/kdc/kdc_preauth.c:1439:14: branch_true: ...to here
krb5-1.21.3/src/kdc/kdc_preauth.c:1440:12: branch_false: following ‘false’ branch (when ‘key_modified == 0’)...
krb5-1.21.3/src/kdc/kdc_preauth.c:1442:13: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_preauth.c:1438:30: danger: out-of-bounds read from byte 4 till byte 7 but region ends at byte 4
# 1436|       null_item.length = 0;
# 1437|   
# 1438|->     for (pa_type = pa_order; *pa_type != -1; pa_type++) {
# 1439|           ap = &preauth_systems[*pa_type];
# 1440|           if (key_modified && (ap->flags & PA_REPLACES_KEY))

Error: CPPCHECK_WARNING (CWE-476): [#def299]
krb5-1.21.3/src/kdc/kdc_util.c:1275: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: p
# 1273|   
# 1274|       name_type = krb5_princ_type(context, req->user);
# 1275|->     p[0] = (name_type >> 0 ) & 0xFF;
# 1276|       p[1] = (name_type >> 8 ) & 0xFF;
# 1277|       p[2] = (name_type >> 16) & 0xFF;

Error: CPPCHECK_WARNING (CWE-476): [#def300]
krb5-1.21.3/src/kdc/kdc_util.c:1276: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: p
# 1274|       name_type = krb5_princ_type(context, req->user);
# 1275|       p[0] = (name_type >> 0 ) & 0xFF;
# 1276|->     p[1] = (name_type >> 8 ) & 0xFF;
# 1277|       p[2] = (name_type >> 16) & 0xFF;
# 1278|       p[3] = (name_type >> 24) & 0xFF;

Error: CPPCHECK_WARNING (CWE-476): [#def301]
krb5-1.21.3/src/kdc/kdc_util.c:1277: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: p
# 1275|       p[0] = (name_type >> 0 ) & 0xFF;
# 1276|       p[1] = (name_type >> 8 ) & 0xFF;
# 1277|->     p[2] = (name_type >> 16) & 0xFF;
# 1278|       p[3] = (name_type >> 24) & 0xFF;
# 1279|       p += 4;

Error: CPPCHECK_WARNING (CWE-476): [#def302]
krb5-1.21.3/src/kdc/kdc_util.c:1278: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: p
# 1276|       p[1] = (name_type >> 8 ) & 0xFF;
# 1277|       p[2] = (name_type >> 16) & 0xFF;
# 1278|->     p[3] = (name_type >> 24) & 0xFF;
# 1279|       p += 4;
# 1280|   

Error: CPPCHECK_WARNING (CWE-682): [#def303]
krb5-1.21.3/src/kdc/kdc_util.c:1279: error[nullPointerArithmeticOutOfMemory]: If memory allocation fails: pointer addition with NULL pointer.
# 1277|       p[2] = (name_type >> 16) & 0xFF;
# 1278|       p[3] = (name_type >> 24) & 0xFF;
# 1279|->     p += 4;
# 1280|   
# 1281|       for (i = 0; i < krb5_princ_size(context, req->user); i++) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def304]
krb5-1.21.3/src/kdc/kdc_util.c:1286:14: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
krb5-1.21.3/src/kdc/kdc_util.c:1254:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kdc/kdc_util.c:1262:5: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_util.c:1270:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kdc/kdc_util.c:1274:5: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_util.c:1281:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/kdc/kdc_util.c:1282:13: branch_true: ...to here
krb5-1.21.3/src/kdc/kdc_util.c:1282:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/kdc/kdc_util.c:1283:13: branch_true: ...to here
krb5-1.21.3/src/kdc/kdc_util.c:1286:14: branch_true: following ‘true’ branch...
krb5-1.21.3/src/kdc/kdc_util.c:1286:14: branch_true: ...to here
krb5-1.21.3/src/kdc/kdc_util.c:1281:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/kdc/kdc_util.c:1282:13: branch_true: ...to here
krb5-1.21.3/src/kdc/kdc_util.c:1282:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kdc/kdc_util.c:1286:14: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_util.c:1286:14: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kdc/kdc_util.c:1286:14: branch_false: ...to here
krb5-1.21.3/src/kdc/kdc_util.c:1286:14: danger: dereference of NULL ‘<unknown>’
# 1284|                      krb5_princ_component(context, req->user, i)->length);
# 1285|           }
# 1286|->         p += krb5_princ_component(context, req->user, i)->length;
# 1287|       }
# 1288|   

Error: GCC_ANALYZER_WARNING (CWE-404): [#def305]
krb5-1.21.3/src/kdc/main.c:96:5: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
krb5-1.21.3/src/kdc/main.c:597:1: enter_function: entry to ‘initialize_realms’
krb5-1.21.3/src/kdc/main.c:674:12: branch_true: following ‘true’ branch (when ‘c != -1’)...
krb5-1.21.3/src/kdc/main.c:675:9: branch_true: ...to here
krb5-1.21.3/src/kdc/main.c:694:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/kdc/main.c:695:47: branch_true: ...to here
krb5-1.21.3/src/kdc/main.c:695:20: branch_true: following ‘true’ branch (when ‘rdatap’ is non-NULL)...
krb5-1.21.3/src/kdc/main.c:696:30: branch_true: ...to here
krb5-1.21.3/src/kdc/main.c:696:30: call_function: calling ‘init_realm’ from ‘initialize_realms’
#   94|           krb5_copy_error_message(shandle.kdc_err_context, call_context);
#   95|       va_start(ap, fmt);
#   96|->     com_err_va(kdc_progname, code, fmt, ap);
#   97|       va_end(ap);
#   98|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def306]
krb5-1.21.3/src/kprop/kprop.c:246:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘s’
krb5-1.21.3/src/kprop/kprop.c:232:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kprop/kprop.c:239:10: branch_false: ...to here
krb5-1.21.3/src/kprop/kprop.c:239:25: branch_true: following ‘true’ branch (when ‘res’ is non-NULL)...
krb5-1.21.3/src/kprop/kprop.c:240:13: branch_true: ...to here
krb5-1.21.3/src/kprop/kprop.c:240:13: acquire_resource: socket created here
krb5-1.21.3/src/kprop/kprop.c:241:12: branch_false: following ‘false’ branch (when ‘s >= 0’)...
krb5-1.21.3/src/kprop/kprop.c:246:13: branch_false: ...to here
krb5-1.21.3/src/kprop/kprop.c:246:13: danger: ‘s’ leaks here
#  244|           }
#  245|   
#  246|->         if (connect(s, res->ai_addr, res->ai_addrlen) < 0) {
#  247|               retval = errno;
#  248|               close(s);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def307]
krb5-1.21.3/src/kprop/kprop.c:354:11: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(strdup(data_fn), 0)’
krb5-1.21.3/src/kprop/kprop.c:343:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kprop/kprop.c:348:10: branch_false: ...to here
krb5-1.21.3/src/kprop/kprop.c:348:10: acquire_resource: opened here
krb5-1.21.3/src/kprop/kprop.c:349:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kprop/kprop.c:354:11: branch_false: ...to here
krb5-1.21.3/src/kprop/kprop.c:354:11: danger: ‘open(strdup(data_fn), 0)’ leaks here; was opened at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  352|       }
#  353|   
#  354|->     err = krb5_lock_file(context, fd,
#  355|                            KRB5_LOCKMODE_SHARED | KRB5_LOCKMODE_DONTBLOCK);
#  356|       if (err == EAGAIN || err == EWOULDBLOCK || errno == EACCES) {

Error: COMPILER_WARNING (CWE-252): [#def308]
krb5-1.21.3/src/kprop/kprop.c: scope_hint: In function ‘update_last_prop_file’
krb5-1.21.3/src/kprop/kprop.c:591:5: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  591 |     write(fd, "", 1);
#      |     ^~~~~~~~~~~~~~~~
#  589|           return;
#  590|       }
#  591|->     write(fd, "", 1);
#  592|       free(file_last_prop);
#  593|       close(fd);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def309]
krb5-1.21.3/src/kprop/kpropd.c:189:8: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "w")’
krb5-1.21.3/src/kprop/kpropd.c:185:10: acquire_resource: opened here
krb5-1.21.3/src/kprop/kpropd.c:186:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kprop/kpropd.c:188:26: branch_false: ...to here
krb5-1.21.3/src/kprop/kpropd.c:189:8: danger: ‘fopen(path, "w")’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  187|           return errno;
#  188|       pid = (unsigned long)getpid();
#  189|->     if (fprintf(fp, "%ld\n", pid) < 0 || fclose(fp) == EOF)
#  190|           return errno;
#  191|       return 0;

Error: COMPILER_WARNING (CWE-252): [#def310]
krb5-1.21.3/src/kprop/kpropd.c: scope_hint: In function ‘alarm_handler’
krb5-1.21.3/src/kprop/kpropd.c:216:5: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  216 |     write(STDERR_FILENO, timeout_msg, strlen(timeout_msg));
#      |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  214|       static char *timeout_msg = "Full propagation timed out\n";
#  215|   
#  216|->     write(STDERR_FILENO, timeout_msg, strlen(timeout_msg));
#  217|       exit(1);
#  218|   }

Error: COMPILER_WARNING (CWE-252): [#def311]
krb5-1.21.3/src/kprop/kpropd.c: scope_hint: In function ‘main’
krb5-1.21.3/src/kprop/kpropd.c:276:13: warning[-Wunused-result]: ignoring return value of ‘daemon’ declared with attribute ‘warn_unused_result’
#  276 |             daemon(0, 0);
#      |             ^~~~~~~~~~~~
#  274|           /* "ready" is a sentinel for the test framework. */
#  275|           if (!debug && !nodaemon) {
#  276|->             daemon(0, 0);
#  277|           } else {
#  278|               printf(_("ready\n"));

Error: GCC_ANALYZER_WARNING (CWE-775): [#def312]
krb5-1.21.3/src/kprop/kpropd.c:419:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘finet’
krb5-1.21.3/src/kprop/kpropd.c:389:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kprop/kpropd.c:394:57: branch_false: ...to here
krb5-1.21.3/src/kprop/kpropd.c:394:13: acquire_resource: socket created here
krb5-1.21.3/src/kprop/kpropd.c:395:8: branch_false: following ‘false’ branch (when ‘finet >= 0’)...
krb5-1.21.3/src/kprop/kpropd.c:400:5: branch_false: ...to here
krb5-1.21.3/src/kprop/kpropd.c:414:8: branch_false: following ‘false’ branch (when ‘ret >= 0’)...
krb5-1.21.3/src/kprop/kpropd.c:418:9: branch_false: ...to here
krb5-1.21.3/src/kprop/kpropd.c:418:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/kprop/kpropd.c:419:27: branch_true: ...to here
krb5-1.21.3/src/kprop/kpropd.c:419:9: danger: ‘finet’ leaks here
#  417|       }
#  418|       if (listen(finet, 5) < 0) {
#  419|->         com_err(progname, errno, "in listen call");
#  420|           exit(1);
#  421|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def313]
krb5-1.21.3/src/kprop/kpropd.c:427:13: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘finet’
krb5-1.21.3/src/kprop/kpropd.c:389:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kprop/kpropd.c:394:57: branch_false: ...to here
krb5-1.21.3/src/kprop/kpropd.c:394:13: acquire_resource: socket created here
krb5-1.21.3/src/kprop/kpropd.c:395:8: branch_false: following ‘false’ branch (when ‘finet >= 0’)...
krb5-1.21.3/src/kprop/kpropd.c:400:5: branch_false: ...to here
krb5-1.21.3/src/kprop/kpropd.c:414:8: branch_false: following ‘false’ branch (when ‘ret >= 0’)...
krb5-1.21.3/src/kprop/kpropd.c:418:9: branch_false: ...to here
krb5-1.21.3/src/kprop/kpropd.c:418:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/kprop/kpropd.c:427:13: danger: ‘finet’ leaks here
#  425|           if (debug)
#  426|               fprintf(stderr, _("waiting for a kprop connection\n"));
#  427|->         s = accept(finet, (struct sockaddr *) &frominet, &fromlen);
#  428|   
#  429|           if (s < 0) {

Error: COMPILER_WARNING: [#def314]
krb5-1.21.3/src/kprop/kpropd.c: scope_hint: In function ‘parse_args’
krb5-1.21.3/src/kprop/kpropd.c:1138:26: warning[-Wsuggest-attribute=format]: argument 1 of ‘set_com_err_hook’ might be a candidate for a format attribute
# 1138 |         set_com_err_hook(kpropd_com_err_proc);
#      |                          ^~~~~~~~~~~~~~~~~~~
# 1136|       openlog("kpropd", LOG_PID | LOG_ODELAY, SYSLOG_CLASS);
# 1137|       if (!debug)
# 1138|->         set_com_err_hook(kpropd_com_err_proc);
# 1139|   
# 1140|       if (realm == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def315]
krb5-1.21.3/src/kprop/kpropd.c:1342:28: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(acl_file_name, "r")’
krb5-1.21.3/src/kprop/kpropd.c:1311:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kprop/kpropd.c:1314:16: branch_false: ...to here
krb5-1.21.3/src/kprop/kpropd.c:1314:16: acquire_resource: opened here
krb5-1.21.3/src/kprop/kpropd.c:1315:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/kprop/kpropd.c:1318:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/kprop/kpropd.c:1319:14: branch_true: ...to here
krb5-1.21.3/src/kprop/kpropd.c:1319:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/kprop/kpropd.c:1321:15: branch_false: ...to here
krb5-1.21.3/src/kprop/kpropd.c:1324:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/kprop/kpropd.c:1325:13: branch_true: ...to here
krb5-1.21.3/src/kprop/kpropd.c:1341:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/kprop/kpropd.c:1342:28: branch_true: ...to here
krb5-1.21.3/src/kprop/kpropd.c:1342:28: danger: ‘fopen(acl_file_name, "r")’ leaks here; was opened at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
# 1340|                */
# 1341|               if (*ptr != '\0' &&
# 1342|->                 ((retval = krb5_string_to_enctype(ptr, &acl_etype)) ||
# 1343|                    (acl_etype != auth_etype)))
# 1344|                   continue;

Error: COMPILER_WARNING (CWE-563): [#def316]
krb5-1.21.3/src/lib/apputils/net-server.c: scope_hint: In function ‘loop_add_address’
krb5-1.21.3/src/lib/apputils/net-server.c:193:39: warning[-Wunused-value]: right-hand operand of comma expression has no effect
#  193 |     (set.data[idx] = set.data[--set.n], 0)
#      |     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~
krb5-1.21.3/src/lib/apputils/net-server.c:328:13: note: in expansion of macro ‘DEL’
#  328 |             DEL(bind_addresses, i);
#      |             ^~~
#  191|   
#  192|   #define DEL(set, idx)                           \
#  193|->     (set.data[idx] = set.data[--set.n], 0)
#  194|   
#  195|   #define FREE_SET_DATA(set)                                      \

Error: GCC_ANALYZER_WARNING (CWE-401): [#def317]
krb5-1.21.3/src/lib/apputils/net-server.c:475:5: warning[-Wanalyzer-malloc-leak]: leak of ‘prepare_for_dispatch(ctx,  ev)’
krb5-1.21.3/src/lib/apputils/net-server.c:1276:1: enter_function: entry to ‘process_tcp_connection_read’
krb5-1.21.3/src/lib/apputils/net-server.c:1291:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/apputils/net-server.c:1292:20: branch_true: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:1299:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/apputils/net-server.c:1301:12: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:1301:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/apputils/net-server.c:1303:9: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:1304:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/apputils/net-server.c:1305:28: branch_true: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:1307:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/apputils/net-server.c:1311:60: branch_true: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:1317:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/apputils/net-server.c:1324:25: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:1324:25: call_function: calling ‘prepare_for_dispatch’ from ‘process_tcp_connection_read’
krb5-1.21.3/src/lib/apputils/net-server.c:1324:25: return_function: returning to ‘process_tcp_connection_read’ from ‘prepare_for_dispatch’
krb5-1.21.3/src/lib/apputils/net-server.c:1325:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/apputils/net-server.c:1329:17: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:1329:17: call_function: calling ‘process_tcp_response’ from ‘process_tcp_connection_read’
#  473|   
#  474|       /* Remove the event from the events. */
#  475|->     FOREACH_ELT(events, i, tmp)
#  476|           if (tmp == ev) {
#  477|               DEL(events, i);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def318]
krb5-1.21.3/src/lib/apputils/net-server.c:533:10: warning[-Wanalyzer-malloc-leak]: leak of ‘newconn’
krb5-1.21.3/src/lib/apputils/net-server.c:550:1: enter_function: entry to ‘add_fd’
krb5-1.21.3/src/lib/apputils/net-server.c:559:8: branch_false: following ‘false’ branch (when ‘sock <= 1023’)...
krb5-1.21.3/src/lib/apputils/net-server.c:564:15: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:564:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/apputils/net-server.c:565:8: branch_false: following ‘false’ branch (when ‘newconn’ is non-NULL)...
krb5-1.21.3/src/lib/apputils/net-server.c:570:5: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:575:15: call_function: calling ‘make_event’ from ‘add_fd’
#  531|       void *tmp;
#  532|   
#  533|->     ev = verto_add_io(ctx, flags, callback, sock);
#  534|       if (!ev) {
#  535|           com_err(conn->prog, ENOMEM, _("cannot create io event"));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def319]
krb5-1.21.3/src/lib/apputils/net-server.c:535:9: warning[-Wanalyzer-malloc-leak]: leak of ‘newconn’
krb5-1.21.3/src/lib/apputils/net-server.c:550:1: enter_function: entry to ‘add_fd’
krb5-1.21.3/src/lib/apputils/net-server.c:559:8: branch_false: following ‘false’ branch (when ‘sock <= 1023’)...
krb5-1.21.3/src/lib/apputils/net-server.c:564:15: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:564:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/apputils/net-server.c:565:8: branch_false: following ‘false’ branch (when ‘newconn’ is non-NULL)...
krb5-1.21.3/src/lib/apputils/net-server.c:570:5: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:575:15: call_function: calling ‘make_event’ from ‘add_fd’
#  533|       ev = verto_add_io(ctx, flags, callback, sock);
#  534|       if (!ev) {
#  535|->         com_err(conn->prog, ENOMEM, _("cannot create io event"));
#  536|           return NULL;
#  537|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def320]
krb5-1.21.3/src/lib/apputils/net-server.c:540:9: warning[-Wanalyzer-malloc-leak]: leak of ‘newconn’
krb5-1.21.3/src/lib/apputils/net-server.c:550:1: enter_function: entry to ‘add_fd’
krb5-1.21.3/src/lib/apputils/net-server.c:559:8: branch_false: following ‘false’ branch (when ‘sock <= 1023’)...
krb5-1.21.3/src/lib/apputils/net-server.c:564:15: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:564:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/apputils/net-server.c:565:8: branch_false: following ‘false’ branch (when ‘newconn’ is non-NULL)...
krb5-1.21.3/src/lib/apputils/net-server.c:570:5: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:575:15: call_function: calling ‘make_event’ from ‘add_fd’
#  538|   
#  539|       if (!ADD(events, ev, tmp)) {
#  540|->         com_err(conn->prog, ENOMEM, _("cannot save event"));
#  541|           verto_del(ev);
#  542|           return NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def321]
krb5-1.21.3/src/lib/apputils/net-server.c:541:9: warning[-Wanalyzer-malloc-leak]: leak of ‘newconn’
krb5-1.21.3/src/lib/apputils/net-server.c:550:1: enter_function: entry to ‘add_fd’
krb5-1.21.3/src/lib/apputils/net-server.c:559:8: branch_false: following ‘false’ branch (when ‘sock <= 1023’)...
krb5-1.21.3/src/lib/apputils/net-server.c:564:15: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:564:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/apputils/net-server.c:565:8: branch_false: following ‘false’ branch (when ‘newconn’ is non-NULL)...
krb5-1.21.3/src/lib/apputils/net-server.c:570:5: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:575:15: call_function: calling ‘make_event’ from ‘add_fd’
#  539|       if (!ADD(events, ev, tmp)) {
#  540|           com_err(conn->prog, ENOMEM, _("cannot save event"));
#  541|->         verto_del(ev);
#  542|           return NULL;
#  543|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def322]
krb5-1.21.3/src/lib/apputils/net-server.c:545:5: warning[-Wanalyzer-malloc-leak]: leak of ‘newconn’
krb5-1.21.3/src/lib/apputils/net-server.c:550:1: enter_function: entry to ‘add_fd’
krb5-1.21.3/src/lib/apputils/net-server.c:559:8: branch_false: following ‘false’ branch (when ‘sock <= 1023’)...
krb5-1.21.3/src/lib/apputils/net-server.c:564:15: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:564:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/apputils/net-server.c:565:8: branch_false: following ‘false’ branch (when ‘newconn’ is non-NULL)...
krb5-1.21.3/src/lib/apputils/net-server.c:570:5: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:575:15: call_function: calling ‘make_event’ from ‘add_fd’
#  543|       }
#  544|   
#  545|->     verto_set_private(ev, conn, free_socket);
#  546|       return ev;
#  547|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def323]
krb5-1.21.3/src/lib/apputils/net-server.c:575:5: warning[-Wanalyzer-malloc-leak]: leak of ‘newconn’
krb5-1.21.3/src/lib/apputils/net-server.c:559:8: branch_false: following ‘false’ branch (when ‘sock <= 1023’)...
krb5-1.21.3/src/lib/apputils/net-server.c:564:15: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:564:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/apputils/net-server.c:565:8: branch_false: following ‘false’ branch (when ‘newconn’ is non-NULL)...
krb5-1.21.3/src/lib/apputils/net-server.c:570:5: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:575:5: danger: ‘newconn’ leaks here; was allocated at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
#  573|       newconn->type = conntype;
#  574|   
#  575|->     *ev_out = make_event(ctx, flags, callback, sock, newconn);
#  576|       return 0;
#  577|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def324]
krb5-1.21.3/src/lib/apputils/net-server.c:606:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/lib/apputils/net-server.c:599:12: acquire_resource: socket created here
krb5-1.21.3/src/lib/apputils/net-server.c:600:8: branch_false: following ‘false’ branch (when ‘sock != -1’)...
krb5-1.21.3/src/lib/apputils/net-server.c:606:5: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:606:5: danger: ‘sock’ leaks here
#  604|           return e;
#  605|       }
#  606|->     set_cloexec_fd(sock);
#  607|   
#  608|   #ifndef _WIN32                  /* Windows FD_SETSIZE is a count. */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def325]
krb5-1.21.3/src/lib/apputils/net-server.c:1049:22: warning[-Wanalyzer-malloc-leak]: leak of ‘state’
krb5-1.21.3/src/lib/apputils/net-server.c:1041:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/apputils/net-server.c:1042:8: branch_false: following ‘false’ branch (when ‘state’ is non-NULL)...
krb5-1.21.3/src/lib/apputils/net-server.c:1047:21: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:1049:22: danger: ‘state’ leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
# 1047|       state->handle = conn->handle;
# 1048|       state->prog = conn->prog;
# 1049|->     state->port_fd = verto_get_fd(ev);
# 1050|       assert(state->port_fd >= 0);
# 1051|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def326]
krb5-1.21.3/src/lib/apputils/net-server.c:1055:10: warning[-Wanalyzer-malloc-leak]: leak of ‘state’
krb5-1.21.3/src/lib/apputils/net-server.c:1041:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/apputils/net-server.c:1042:8: branch_false: following ‘false’ branch (when ‘state’ is non-NULL)...
krb5-1.21.3/src/lib/apputils/net-server.c:1047:21: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:1050:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/apputils/net-server.c:1052:5: branch_true: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:1055:10: danger: ‘state’ leaks here; was allocated at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
# 1053|       state->daddr_len = sizeof(state->daddr);
# 1054|       memset(&state->auxaddr, 0, sizeof(state->auxaddr));
# 1055|->     cc = recv_from_to(state->port_fd, state->pktbuf, sizeof(state->pktbuf), 0,
# 1056|                         (struct sockaddr *)&state->saddr, &state->saddr_len,
# 1057|                         (struct sockaddr *)&state->daddr, &state->daddr_len,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def327]
krb5-1.21.3/src/lib/apputils/net-server.c:1266:19: warning[-Wanalyzer-malloc-leak]: leak of ‘state’
krb5-1.21.3/src/lib/apputils/net-server.c:1261:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/apputils/net-server.c:1262:8: branch_false: following ‘false’ branch (when ‘state’ is non-NULL)...
krb5-1.21.3/src/lib/apputils/net-server.c:1266:19: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:1266:19: danger: ‘state’ leaks here; was allocated at [(1)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/0)
# 1264|           return NULL;
# 1265|       }
# 1266|->     state->conn = verto_get_private(ev);
# 1267|       state->sock = verto_get_fd(ev);
# 1268|       state->ctx = ctx;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def328]
krb5-1.21.3/src/lib/apputils/net-server.c:1267:19: warning[-Wanalyzer-malloc-leak]: leak of ‘state’
krb5-1.21.3/src/lib/apputils/net-server.c:1261:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/apputils/net-server.c:1262:8: branch_false: following ‘false’ branch (when ‘state’ is non-NULL)...
krb5-1.21.3/src/lib/apputils/net-server.c:1266:19: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:1267:19: danger: ‘state’ leaks here; was allocated at [(1)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/0)
# 1265|       }
# 1266|       state->conn = verto_get_private(ev);
# 1267|->     state->sock = verto_get_fd(ev);
# 1268|       state->ctx = ctx;
# 1269|       verto_set_private(ev, NULL, NULL); /* Don't close the fd or free conn! */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def329]
krb5-1.21.3/src/lib/apputils/net-server.c:1269:5: warning[-Wanalyzer-malloc-leak]: leak of ‘state’
krb5-1.21.3/src/lib/apputils/net-server.c:1261:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/apputils/net-server.c:1262:8: branch_false: following ‘false’ branch (when ‘state’ is non-NULL)...
krb5-1.21.3/src/lib/apputils/net-server.c:1266:19: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:1269:5: danger: ‘state’ leaks here; was allocated at [(1)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/0)
# 1267|       state->sock = verto_get_fd(ev);
# 1268|       state->ctx = ctx;
# 1269|->     verto_set_private(ev, NULL, NULL); /* Don't close the fd or free conn! */
# 1270|       remove_event_from_set(ev); /* Remove it from the set. */
# 1271|       verto_del(ev);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def330]
krb5-1.21.3/src/lib/apputils/net-server.c:1271:5: warning[-Wanalyzer-malloc-leak]: leak of ‘state’
krb5-1.21.3/src/lib/apputils/net-server.c:1261:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/apputils/net-server.c:1262:8: branch_false: following ‘false’ branch (when ‘state’ is non-NULL)...
krb5-1.21.3/src/lib/apputils/net-server.c:1266:19: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:1271:5: danger: ‘state’ leaks here; was allocated at [(1)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/0)
# 1269|       verto_set_private(ev, NULL, NULL); /* Don't close the fd or free conn! */
# 1270|       remove_event_from_set(ev); /* Remove it from the set. */
# 1271|->     verto_del(ev);
# 1272|       return state;
# 1273|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def331]
krb5-1.21.3/src/lib/apputils/net-server.c:1355:13: warning[-Wanalyzer-malloc-leak]: leak of ‘prepare_for_dispatch(ctx,  ev)’
krb5-1.21.3/src/lib/apputils/net-server.c:1276:1: enter_function: entry to ‘process_tcp_connection_read’
krb5-1.21.3/src/lib/apputils/net-server.c:1291:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/apputils/net-server.c:1334:19: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:1339:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/apputils/net-server.c:1341:12: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:1341:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/apputils/net-server.c:1343:9: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:1344:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/apputils/net-server.c:1348:17: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:1348:17: call_function: calling ‘prepare_for_dispatch’ from ‘process_tcp_connection_read’
krb5-1.21.3/src/lib/apputils/net-server.c:1348:17: return_function: returning to ‘process_tcp_connection_read’ from ‘prepare_for_dispatch’
krb5-1.21.3/src/lib/apputils/net-server.c:1349:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/apputils/net-server.c:1352:33: branch_false: ...to here
krb5-1.21.3/src/lib/apputils/net-server.c:1355:13: danger: ‘prepare_for_dispatch(ctx,  ev)’ leaks here; was allocated at [(12)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/11)
# 1353|           state->request.data = conn->buffer + 4;
# 1354|   
# 1355|->         if (getsockname(verto_get_fd(ev), ss2sa(&state->local_saddr),
# 1356|                           &local_saddrlen) < 0) {
# 1357|               krb5_klog_syslog(LOG_ERR, _("getsockname failed: %s"),

Error: GCC_ANALYZER_WARNING (CWE-775): [#def332]
krb5-1.21.3/src/lib/crypto/krb/prng.c:86:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(device, 0)’
krb5-1.21.3/src/lib/crypto/krb/prng.c:83:10: acquire_resource: opened here
krb5-1.21.3/src/lib/crypto/krb/prng.c:84:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/prng.c:86:5: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/prng.c:86:5: danger: ‘open(device, 0)’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   84|       if (fd == -1)
#   85|           return FALSE;
#   86|->     set_cloexec_fd(fd);
#   87|       if (fstat(fd, &sb) == -1 || S_ISREG(sb.st_mode))
#   88|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def333]
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:69:5: warning[-Wanalyzer-malloc-leak]: leak of ‘k5alloc(concatlen, & ret)’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:34:1: enter_function: entry to ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:52:14: call_function: calling ‘k5alloc’ from ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:52:14: return_function: returning to ‘krb5int_dk_string_to_key’ from ‘k5alloc’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:53:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:55:18: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:55:18: call_function: calling ‘k5alloc’ from ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:55:18: return_function: returning to ‘krb5int_dk_string_to_key’ from ‘k5alloc’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:56:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:58:19: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:58:19: call_function: calling ‘k5alloc’ from ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:58:19: return_function: returning to ‘krb5int_dk_string_to_key’ from ‘k5alloc’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:59:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:64:8: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:64:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:66:8: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:66:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:69:5: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:69:5: danger: ‘k5alloc(concatlen, & ret)’ leaks here; was allocated at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#   67|           memcpy(concat + string->length, salt->data, salt->length);
#   68|   
#   69|->     krb5int_nfold(concatlen*8, concat, keybytes*8, foldstring);
#   70|   
#   71|       indata.length = keybytes;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def334]
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:69:5: warning[-Wanalyzer-malloc-leak]: leak of ‘k5alloc(keybytes, & ret)’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:34:1: enter_function: entry to ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:52:14: call_function: calling ‘k5alloc’ from ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:52:14: return_function: returning to ‘krb5int_dk_string_to_key’ from ‘k5alloc’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:53:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:55:18: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:55:18: call_function: calling ‘k5alloc’ from ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:55:18: return_function: returning to ‘krb5int_dk_string_to_key’ from ‘k5alloc’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:56:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:58:19: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:58:19: call_function: calling ‘k5alloc’ from ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:58:19: return_function: returning to ‘krb5int_dk_string_to_key’ from ‘k5alloc’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:59:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:64:8: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:64:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:66:8: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:66:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:69:5: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:69:5: danger: ‘k5alloc(keybytes, & ret)’ leaks here; was allocated at [(13)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/12)
#   67|           memcpy(concat + string->length, salt->data, salt->length);
#   68|   
#   69|->     krb5int_nfold(concatlen*8, concat, keybytes*8, foldstring);
#   70|   
#   71|       indata.length = keybytes;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def335]
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:69:5: warning[-Wanalyzer-malloc-leak]: leak of ‘k5alloc(keylength, & ret)’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:34:1: enter_function: entry to ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:52:14: call_function: calling ‘k5alloc’ from ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:52:14: return_function: returning to ‘krb5int_dk_string_to_key’ from ‘k5alloc’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:53:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:55:18: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:55:18: call_function: calling ‘k5alloc’ from ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:55:18: return_function: returning to ‘krb5int_dk_string_to_key’ from ‘k5alloc’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:56:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:58:19: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:58:19: call_function: calling ‘k5alloc’ from ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:58:19: return_function: returning to ‘krb5int_dk_string_to_key’ from ‘k5alloc’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:59:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:64:8: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:64:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:66:8: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:66:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:69:5: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:69:5: danger: ‘k5alloc(keylength, & ret)’ leaks here; was allocated at [(21)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/20)
#   67|           memcpy(concat + string->length, salt->data, salt->length);
#   68|   
#   69|->     krb5int_nfold(concatlen*8, concat, keybytes*8, foldstring);
#   70|   
#   71|       indata.length = keybytes;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def336]
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:77:11: warning[-Wanalyzer-malloc-leak]: leak of ‘foldkeyblock.contents’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:34:1: enter_function: entry to ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:52:14: call_function: calling ‘k5alloc’ from ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:52:14: return_function: returning to ‘krb5int_dk_string_to_key’ from ‘k5alloc’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:53:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:55:18: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:55:18: call_function: calling ‘k5alloc’ from ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:55:18: return_function: returning to ‘krb5int_dk_string_to_key’ from ‘k5alloc’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:56:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:58:19: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:58:19: call_function: calling ‘k5alloc’ from ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:58:19: return_function: returning to ‘krb5int_dk_string_to_key’ from ‘k5alloc’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:59:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:64:8: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:64:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:66:8: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:66:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:69:5: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:77:11: danger: ‘foldkeyblock.contents’ leaks here; was allocated at [(21)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/20)
#   75|       foldkeyblock.enctype = ktp->etype;
#   76|   
#   77|->     ret = ktp->rand2key(&indata, &foldkeyblock);
#   78|       if (ret != 0)
#   79|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def337]
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:77:11: warning[-Wanalyzer-malloc-leak]: leak of ‘k5alloc(concatlen, & ret)’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:34:1: enter_function: entry to ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:52:14: call_function: calling ‘k5alloc’ from ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:52:14: return_function: returning to ‘krb5int_dk_string_to_key’ from ‘k5alloc’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:53:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:55:18: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:55:18: call_function: calling ‘k5alloc’ from ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:55:18: return_function: returning to ‘krb5int_dk_string_to_key’ from ‘k5alloc’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:56:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:58:19: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:58:19: call_function: calling ‘k5alloc’ from ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:58:19: return_function: returning to ‘krb5int_dk_string_to_key’ from ‘k5alloc’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:59:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:64:8: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:64:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:66:8: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:66:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:69:5: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:77:11: danger: ‘k5alloc(concatlen, & ret)’ leaks here; was allocated at [(5)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/4)
#   75|       foldkeyblock.enctype = ktp->etype;
#   76|   
#   77|->     ret = ktp->rand2key(&indata, &foldkeyblock);
#   78|       if (ret != 0)
#   79|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def338]
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:81:11: warning[-Wanalyzer-malloc-leak]: leak of ‘k5alloc(concatlen, & ret)’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:34:1: enter_function: entry to ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:52:14: call_function: calling ‘k5alloc’ from ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:52:14: return_function: returning to ‘krb5int_dk_string_to_key’ from ‘k5alloc’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:53:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:55:18: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:55:18: call_function: calling ‘k5alloc’ from ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:55:18: return_function: returning to ‘krb5int_dk_string_to_key’ from ‘k5alloc’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:56:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:58:19: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:58:19: call_function: calling ‘k5alloc’ from ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:58:19: return_function: returning to ‘krb5int_dk_string_to_key’ from ‘k5alloc’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:59:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:64:8: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:64:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:66:8: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:66:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:69:5: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:78:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:81:11: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:81:11: danger: ‘k5alloc(concatlen, & ret)’ leaks here; was allocated at [(5)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/4)
#   79|           goto cleanup;
#   80|   
#   81|->     ret = krb5_k_create_key(NULL, &foldkeyblock, &foldkey);
#   82|       if (ret != 0)
#   83|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def339]
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:90:11: warning[-Wanalyzer-malloc-leak]: leak of ‘k5alloc(concatlen, & ret)’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:34:1: enter_function: entry to ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:52:14: call_function: calling ‘k5alloc’ from ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:52:14: return_function: returning to ‘krb5int_dk_string_to_key’ from ‘k5alloc’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:53:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:55:18: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:55:18: call_function: calling ‘k5alloc’ from ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:55:18: return_function: returning to ‘krb5int_dk_string_to_key’ from ‘k5alloc’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:56:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:58:19: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:58:19: call_function: calling ‘k5alloc’ from ‘krb5int_dk_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:58:19: return_function: returning to ‘krb5int_dk_string_to_key’ from ‘k5alloc’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:59:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:64:8: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:64:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:66:8: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:66:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:69:5: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:78:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:81:11: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:82:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:87:5: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:90:11: danger: ‘k5alloc(concatlen, & ret)’ leaks here; was allocated at [(5)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/4)
#   88|       indata.data = (char *) kerberos;
#   89|   
#   90|->     ret = krb5int_derive_keyblock(ktp->enc, NULL, foldkey, keyblock, &indata,
#   91|                                     DERIVE_RFC3961);
#   92|       if (ret != 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def340]
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:163:11: warning[-Wanalyzer-malloc-leak]: leak of ‘sandp.data’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:109:1: enter_function: entry to ‘pbkdf2_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:122:8: branch_false: following ‘false’ branch (when ‘params’ is NULL)...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:139:8: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:139:8: branch_false: following ‘false’ branch (when ‘iter_count <= 16777215’)...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:143:25: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:145:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:148:8: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:148:8: branch_true: following ‘true’ branch (when ‘pepper’ is non-NULL)...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:149:34: branch_true: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:149:15: call_function: calling ‘alloc_data’ from ‘pbkdf2_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:149:15: return_function: returning to ‘pbkdf2_string_to_key’ from ‘alloc_data’
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:150:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:153:12: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:156:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_pbkdf2.c:163:11: danger: ‘sandp.data’ leaks here; was allocated at [(12)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/11)
#  161|   
#  162|       hash = (ktp->hash != NULL) ? ktp->hash : &krb5int_hash_sha1;
#  163|->     err = krb5int_pbkdf2_hmac(hash, &out, iter_count, string, salt);
#  164|       if (err)
#  165|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def341]
krb5-1.21.3/src/lib/crypto/krb/s2k_rc4.c:27:11: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*string.data, (long unsigned int)*string.length, & err)’
krb5-1.21.3/src/lib/crypto/krb/s2k_rc4.c:6:1: enter_function: entry to ‘krb5int_arcfour_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_rc4.c:17:8: branch_false: following ‘false’ branch (when ‘params’ is NULL)...
krb5-1.21.3/src/lib/crypto/krb/s2k_rc4.c:20:9: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_rc4.c:20:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_rc4.c:24:36: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_rc4.c:24:12: call_function: calling ‘k5memdup0’ from ‘krb5int_arcfour_string_to_key’
krb5-1.21.3/src/lib/crypto/krb/s2k_rc4.c:24:12: return_function: returning to ‘krb5int_arcfour_string_to_key’ from ‘k5memdup0’
krb5-1.21.3/src/lib/crypto/krb/s2k_rc4.c:25:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/s2k_rc4.c:27:11: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/s2k_rc4.c:27:11: danger: ‘k5memdup0(*string.data, (long unsigned int)*string.length, & err)’ leaks here; was allocated at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10)
#   25|       if (utf8 == NULL)
#   26|           return err;
#   27|->     err = k5_utf8_to_utf16le(utf8, &copystr, &copystrlen);
#   28|       zapfree(utf8, string->length);
#   29|       if (err)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def342]
krb5-1.21.3/src/lib/crypto/krb/verify_checksum_iov.c:72:11: warning[-Wanalyzer-malloc-leak]: leak of ‘computed.data’
krb5-1.21.3/src/lib/crypto/krb/verify_checksum_iov.c:30:1: enter_function: entry to ‘krb5_k_verify_checksum_iov’
krb5-1.21.3/src/lib/crypto/krb/verify_checksum_iov.c:49:11: call_function: calling ‘find_cksumtype’ from ‘krb5_k_verify_checksum_iov’
krb5-1.21.3/src/lib/crypto/krb/verify_checksum_iov.c:49:11: return_function: returning to ‘krb5_k_verify_checksum_iov’ from ‘find_cksumtype’
krb5-1.21.3/src/lib/crypto/krb/verify_checksum_iov.c:50:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/verify_checksum_iov.c:53:11: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/verify_checksum_iov.c:53:11: call_function: calling ‘verify_key’ from ‘krb5_k_verify_checksum_iov’
krb5-1.21.3/src/lib/crypto/krb/verify_checksum_iov.c:53:11: return_function: returning to ‘krb5_k_verify_checksum_iov’ from ‘verify_key’
krb5-1.21.3/src/lib/crypto/krb/verify_checksum_iov.c:54:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/verify_checksum_iov.c:57:16: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/verify_checksum_iov.c:59:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/verify_checksum_iov.c:63:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/verify_checksum_iov.c:68:33: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/verify_checksum_iov.c:68:11: call_function: calling ‘alloc_data’ from ‘krb5_k_verify_checksum_iov’
krb5-1.21.3/src/lib/crypto/krb/verify_checksum_iov.c:68:11: return_function: returning to ‘krb5_k_verify_checksum_iov’ from ‘alloc_data’
krb5-1.21.3/src/lib/crypto/krb/verify_checksum_iov.c:69:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/crypto/krb/verify_checksum_iov.c:72:11: branch_false: ...to here
krb5-1.21.3/src/lib/crypto/krb/verify_checksum_iov.c:72:11: danger: ‘computed.data’ leaks here; was allocated at [(24)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/23)
#   70|           return ret;
#   71|   
#   72|->     ret = ctp->checksum(ctp, key, usage, data, num_data, &computed);
#   73|       if (ret == 0) {
#   74|           *valid = (k5_bcmp(computed.data, checksum->data.data,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def343]
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:549:16: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:501:1: enter_function: entry to ‘generic_gss_copy_oid_set’
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:513:8: branch_true: following ‘true’ branch (when ‘new_oidset’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:514:9: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:516:8: branch_false: following ‘false’ branch (when ‘oidset’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:519:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:519:8: branch_false: following ‘false’ branch (when ‘new_oidset’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:522:38: call_function: inlined call to ‘gssalloc_calloc’ from ‘generic_gss_copy_oid_set’
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:522:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:528:26: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:528:10: call_function: inlined call to ‘gssalloc_calloc’ from ‘generic_gss_copy_oid_set’
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:527:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:532:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:534:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:535:30: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:538:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:542:52: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:534:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:535:30: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:538:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:540:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:549:16: danger: ‘<unknown>’ leaks here; was allocated at [(12)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/11)
#  547|   done:
#  548|       if (major != GSS_S_COMPLETE) {
#  549|->         (void) generic_gss_release_oid_set(&minor, &copy);
#  550|       }
#  551|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def344]
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:549:16: warning[-Wanalyzer-malloc-leak]: leak of ‘copy’
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:501:1: enter_function: entry to ‘generic_gss_copy_oid_set’
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:513:8: branch_true: following ‘true’ branch (when ‘new_oidset’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:514:9: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:516:8: branch_false: following ‘false’ branch (when ‘oidset’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:519:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:519:8: branch_false: following ‘false’ branch (when ‘new_oidset’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:522:38: call_function: inlined call to ‘gssalloc_calloc’ from ‘generic_gss_copy_oid_set’
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:522:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:528:26: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:527:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:530:9: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:549:16: danger: ‘copy’ leaks here; was allocated at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#  547|   done:
#  548|       if (major != GSS_S_COMPLETE) {
#  549|->         (void) generic_gss_release_oid_set(&minor, &copy);
#  550|       }
#  551|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def345]
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:549:16: warning[-Wanalyzer-malloc-leak]: leak of ‘out’
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:501:1: enter_function: entry to ‘generic_gss_copy_oid_set’
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:513:8: branch_true: following ‘true’ branch (when ‘new_oidset’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:514:9: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:516:8: branch_false: following ‘false’ branch (when ‘oidset’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:519:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:519:8: branch_false: following ‘false’ branch (when ‘new_oidset’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:522:38: call_function: inlined call to ‘gssalloc_calloc’ from ‘generic_gss_copy_oid_set’
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:522:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:528:26: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:528:10: call_function: inlined call to ‘gssalloc_calloc’ from ‘generic_gss_copy_oid_set’
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:527:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:532:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:534:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:535:30: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:538:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:540:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/generic/oid_ops.c:549:16: danger: ‘out’ leaks here; was allocated at [(12)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/11)
#  547|   done:
#  548|       if (major != GSS_S_COMPLETE) {
#  549|->         (void) generic_gss_release_oid_set(&minor, &copy);
#  550|       }
#  551|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def346]
krb5-1.21.3/src/lib/gssapi/krb5/accept_sec_context.c:1163:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
krb5-1.21.3/src/lib/gssapi/krb5/accept_sec_context.c:1291:1: enter_function: entry to ‘krb5_gss_accept_sec_context’
krb5-1.21.3/src/lib/gssapi/krb5/accept_sec_context.c:1305:12: call_function: calling ‘krb5_gss_accept_sec_context_ext’ from ‘krb5_gss_accept_sec_context’
# 1161|       if (major_status == GSS_S_COMPLETE ||
# 1162|           (major_status == GSS_S_CONTINUE_NEEDED && code != KRB5KRB_AP_ERR_MSG_TYPE)) {
# 1163|->         ctx->k5_context = context;
# 1164|           context = NULL;
# 1165|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def347]
krb5-1.21.3/src/lib/gssapi/krb5/disp_status.c:79:9: warning[-Wanalyzer-malloc-leak]: leak of ‘s’
krb5-1.21.3/src/lib/gssapi/krb5/disp_status.c:107:6: enter_function: entry to ‘krb5_gss_save_error_string’
krb5-1.21.3/src/lib/gssapi/krb5/disp_status.c:109:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/disp_status.c:110:8: branch_true: following ‘true’ branch (when ‘s’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/disp_status.c:111:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/disp_status.c:111:13: call_function: calling ‘gss_krb5_save_error_string_nocopy’ from ‘krb5_gss_save_error_string’
#   77|       fprintf(stderr, "%s(%lu, %s)", __FUNCTION__, (unsigned long) minor_code, msg);
#   78|   #endif
#   79|->     p = k5_getspecific(K5_KEY_GSS_KRB5_ERROR_MESSAGE);
#   80|       if (!p) {
#   81|           p = malloc(sizeof(*p));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def348]
krb5-1.21.3/src/lib/gssapi/krb5/disp_status.c:92:13: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
krb5-1.21.3/src/lib/gssapi/krb5/disp_status.c:107:6: enter_function: entry to ‘krb5_gss_save_error_string’
krb5-1.21.3/src/lib/gssapi/krb5/disp_status.c:110:8: branch_true: following ‘true’ branch (when ‘s’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/disp_status.c:111:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/disp_status.c:111:13: call_function: calling ‘gss_krb5_save_error_string_nocopy’ from ‘krb5_gss_save_error_string’
#   90|               goto fail;
#   91|           }
#   92|->         if (k5_setspecific(K5_KEY_GSS_KRB5_ERROR_MESSAGE, p) != 0) {
#   93|               gsserrmap_destroy(p);
#   94|               free(p);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def349]
krb5-1.21.3/src/lib/gssapi/krb5/disp_status.c:92:13: warning[-Wanalyzer-malloc-leak]: leak of ‘s’
krb5-1.21.3/src/lib/gssapi/krb5/disp_status.c:107:6: enter_function: entry to ‘krb5_gss_save_error_string’
krb5-1.21.3/src/lib/gssapi/krb5/disp_status.c:109:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/disp_status.c:110:8: branch_true: following ‘true’ branch (when ‘s’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/disp_status.c:111:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/disp_status.c:111:13: call_function: calling ‘gss_krb5_save_error_string_nocopy’ from ‘krb5_gss_save_error_string’
#   90|               goto fail;
#   91|           }
#   92|->         if (k5_setspecific(K5_KEY_GSS_KRB5_ERROR_MESSAGE, p) != 0) {
#   93|               gsserrmap_destroy(p);
#   94|               free(p);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def350]
krb5-1.21.3/src/lib/gssapi/krb5/export_sec_context.c:68:17: warning[-Wanalyzer-malloc-leak]: leak of ‘obp’
krb5-1.21.3/src/lib/gssapi/krb5/export_sec_context.c:30:1: enter_function: entry to ‘krb5_gss_export_sec_context’
krb5-1.21.3/src/lib/gssapi/krb5/export_sec_context.c:47:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/export_sec_context.c:52:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/export_sec_context.c:56:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/export_sec_context.c:60:20: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/export_sec_context.c:60:20: call_function: inlined call to ‘gssalloc_malloc’ from ‘krb5_gss_export_sec_context’
krb5-1.21.3/src/lib/gssapi/krb5/export_sec_context.c:60:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/export_sec_context.c:65:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/export_sec_context.c:68:17: danger: ‘obp’ leaks here; was allocated at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#   66|       blen = bufsize;
#   67|       /* Externalize the context */
#   68|->     if ((kret = kg_ctx_externalize(context, ctx, &obp, &blen)))
#   69|           goto error_out;
#   70|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def351]
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:299:22: warning[-Wanalyzer-malloc-leak]: leak of ‘new_name’
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:291:8: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:292:20: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:292:20: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:293:12: branch_false: following ‘false’ branch (when ‘new_name’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:299:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:299:22: danger: ‘new_name’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  297|       }
#  298|   
#  299|->     kg_ccache_name = k5_getspecific(K5_KEY_GSS_KRB5_CCACHE_NAME);
#  300|       swap = kg_ccache_name;
#  301|       kg_ccache_name = new_name;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def352]
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:303:12: warning[-Wanalyzer-malloc-leak]: leak of ‘new_name’
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:291:8: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:292:20: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:292:20: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:293:12: branch_false: following ‘false’ branch (when ‘new_name’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:299:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:303:12: danger: ‘new_name’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  301|       kg_ccache_name = new_name;
#  302|       new_name = swap;
#  303|->     kerr = k5_setspecific(K5_KEY_GSS_KRB5_CCACHE_NAME, kg_ccache_name);
#  304|       if (kerr != 0) {
#  305|           /* Can't store, so free up the storage.  */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def353]
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:807:15: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*local_user.value, *local_user.length, & code)’
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:776:1: enter_function: entry to ‘krb5_gss_authorize_localname’
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:795:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:800:41: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:800:12: call_function: calling ‘k5memdup0’ from ‘krb5_gss_authorize_localname’
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:800:12: return_function: returning to ‘krb5_gss_authorize_localname’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:801:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:807:15: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/gssapi_krb5.c:807:15: danger: ‘k5memdup0(*local_user.value, *local_user.length, & code)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/8)
#  805|       }
#  806|   
#  807|->     user_ok = krb5_kuserok(context, kname->princ, user);
#  808|   
#  809|       free(user);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def354]
krb5-1.21.3/src/lib/gssapi/krb5/iakerb.c:702:12: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/gssapi/krb5/iakerb.c:685:1: enter_function: entry to ‘iakerb_alloc_context’
krb5-1.21.3/src/lib/gssapi/krb5/iakerb.c:692:11: call_function: inlined call to ‘k5alloc’ from ‘iakerb_alloc_context’
krb5-1.21.3/src/lib/gssapi/krb5/iakerb.c:696:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/iakerb.c:702:12: danger: ‘ptr’ leaks here; was allocated at [(4)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/3)
#  700|       ctx->established = 0;
#  701|   
#  702|->     code = krb5_gss_init_context(&ctx->k5c);
#  703|       if (code != 0)
#  704|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def355]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:44:9: warning[-Wanalyzer-malloc-leak]: leak of ‘addrs’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:252:1: enter_function: entry to ‘json_to_addresses’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:260:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:262:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:262:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:265:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:266:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:267:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:268:64: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:268:13: call_function: calling ‘json_to_address’ from ‘json_to_addresses’
#   42|       k5_json_value v;
#   43|   
#   44|->     v = k5_json_array_get(array, idx);
#   45|       return (k5_json_get_tid(v) == tid) ? v : NULL;
#   46|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def356]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:44:9: warning[-Wanalyzer-malloc-leak]: leak of ‘authdata’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:320:1: enter_function: entry to ‘json_to_authdata’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:328:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:330:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:333:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:334:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:335:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:337:47: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:336:13: call_function: calling ‘json_to_authdata_element’ from ‘json_to_authdata’
#   42|       k5_json_value v;
#   43|   
#   44|->     v = k5_json_array_get(array, idx);
#   45|       return (k5_json_get_tid(v) == tid) ? v : NULL;
#   46|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def357]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:44:9: warning[-Wanalyzer-malloc-leak]: leak of ‘etypes’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:81:1: enter_function: entry to ‘json_to_etypes’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:89:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:91:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:91:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:94:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:95:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:96:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:97:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:97:13: call_function: calling ‘check_element’ from ‘json_to_etypes’
#   42|       k5_json_value v;
#   43|   
#   44|->     v = k5_json_array_get(array, idx);
#   45|       return (k5_json_get_tid(v) == tid) ? v : NULL;
#   46|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def358]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:44:9: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*token.value, *token.length, & ret)’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:592:1: enter_function: entry to ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:605:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: return_function: returning to ‘krb5_gss_import_cred’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:612:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:623:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:624:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: call_function: calling ‘check_element’ from ‘krb5_gss_import_cred’
#   42|       k5_json_value v;
#   43|   
#   44|->     v = k5_json_array_get(array, idx);
#   45|       return (k5_json_get_tid(v) == tid) ? v : NULL;
#   46|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def359]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:45:13: warning[-Wanalyzer-malloc-leak]: leak of ‘addrs’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:252:1: enter_function: entry to ‘json_to_addresses’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:260:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:262:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:262:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:265:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:266:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:267:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:268:64: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:268:13: call_function: calling ‘json_to_address’ from ‘json_to_addresses’
#   43|   
#   44|       v = k5_json_array_get(array, idx);
#   45|->     return (k5_json_get_tid(v) == tid) ? v : NULL;
#   46|   }
#   47|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def360]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:45:13: warning[-Wanalyzer-malloc-leak]: leak of ‘authdata’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:320:1: enter_function: entry to ‘json_to_authdata’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:328:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:330:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:333:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:334:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:335:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:337:47: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:336:13: call_function: calling ‘json_to_authdata_element’ from ‘json_to_authdata’
#   43|   
#   44|       v = k5_json_array_get(array, idx);
#   45|->     return (k5_json_get_tid(v) == tid) ? v : NULL;
#   46|   }
#   47|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def361]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:45:13: warning[-Wanalyzer-malloc-leak]: leak of ‘etypes’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:81:1: enter_function: entry to ‘json_to_etypes’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:89:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:91:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:91:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:94:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:95:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:96:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:97:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:97:13: call_function: calling ‘check_element’ from ‘json_to_etypes’
#   43|   
#   44|       v = k5_json_array_get(array, idx);
#   45|->     return (k5_json_get_tid(v) == tid) ? v : NULL;
#   46|   }
#   47|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def362]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:45:13: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*token.value, *token.length, & ret)’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:592:1: enter_function: entry to ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:605:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: return_function: returning to ‘krb5_gss_import_cred’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:612:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:623:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:624:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: call_function: calling ‘check_element’ from ‘krb5_gss_import_cred’
#   43|   
#   44|       v = k5_json_array_get(array, idx);
#   45|->     return (k5_json_get_tid(v) == tid) ? v : NULL;
#   46|   }
#   47|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def363]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:100:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘etypes’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:81:1: enter_function: entry to ‘json_to_etypes’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:89:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:91:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:91:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:94:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:95:14: acquire_memory: this call could return NULL
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:96:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:97:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:97:13: call_function: calling ‘check_element’ from ‘json_to_etypes’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:97:13: return_function: returning to ‘json_to_etypes’ from ‘check_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:98:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:100:21: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:100:9: danger: ‘etypes + i * 4’ could be NULL: unchecked value from [(6)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/5)
#   98|           if (n == NULL)
#   99|               goto invalid;
#  100|->         etypes[i] = k5_json_number_value(n);
#  101|       }
#  102|       *etypes_out = etypes;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def364]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:100:21: warning[-Wanalyzer-malloc-leak]: leak of ‘etypes’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:81:1: enter_function: entry to ‘json_to_etypes’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:89:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:91:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:91:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:94:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:95:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:96:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:97:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:97:13: call_function: calling ‘check_element’ from ‘json_to_etypes’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:97:13: return_function: returning to ‘json_to_etypes’ from ‘check_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:98:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:100:21: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:100:21: danger: ‘etypes’ leaks here; was allocated at [(6)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/5)
#   98|           if (n == NULL)
#   99|               goto invalid;
#  100|->         etypes[i] = k5_json_number_value(n);
#  101|       }
#  102|       *etypes_out = etypes;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def365]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:119:9: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*token.value, *token.length, & ret)’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:592:1: enter_function: entry to ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:605:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: return_function: returning to ‘krb5_gss_import_cred’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:612:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:623:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:624:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: call_function: calling ‘check_element’ from ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: return_function: returning to ‘krb5_gss_import_cred’ from ‘check_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:627:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:628:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:627:9: branch_false: following ‘false’ branch (when the strings are equal)...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:630:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:630:9: call_function: calling ‘json_to_kgcred’ from ‘krb5_gss_import_cred’
#  117|   
#  118|       *name_out = NULL;
#  119|->     if (k5_json_get_tid(v) == K5_JSON_TID_NULL)
#  120|           return 0;
#  121|       if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def366]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:121:9: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*token.value, *token.length, & ret)’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:592:1: enter_function: entry to ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:605:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: return_function: returning to ‘krb5_gss_import_cred’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:612:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:623:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:624:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: call_function: calling ‘check_element’ from ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: return_function: returning to ‘krb5_gss_import_cred’ from ‘check_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:627:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:628:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:627:9: branch_false: following ‘false’ branch (when the strings are equal)...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:630:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:630:9: call_function: calling ‘json_to_kgcred’ from ‘krb5_gss_import_cred’
#  119|       if (k5_json_get_tid(v) == K5_JSON_TID_NULL)
#  120|           return 0;
#  121|->     if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)
#  122|           return -1;
#  123|       array = v;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def367]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:221:5: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘addr_out’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:252:1: enter_function: entry to ‘json_to_addresses’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:260:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:262:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:262:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:265:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:266:13: acquire_memory: this call could return NULL
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:267:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:268:64: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:268:13: call_function: calling ‘json_to_address’ from ‘json_to_addresses’
#  219|       size_t len;
#  220|   
#  221|->     *addr_out = NULL;
#  222|       if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)
#  223|           return -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def368]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:222:9: warning[-Wanalyzer-malloc-leak]: leak of ‘addrs’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:252:1: enter_function: entry to ‘json_to_addresses’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:260:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:262:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:262:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:265:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:266:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:267:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:268:64: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:268:13: call_function: calling ‘json_to_address’ from ‘json_to_addresses’
#  220|   
#  221|       *addr_out = NULL;
#  222|->     if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)
#  223|           return -1;
#  224|       array = v;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def369]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:225:9: warning[-Wanalyzer-malloc-leak]: leak of ‘addrs’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:252:1: enter_function: entry to ‘json_to_addresses’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:260:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:262:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:262:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:265:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:266:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:267:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:268:64: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:268:13: call_function: calling ‘json_to_address’ from ‘json_to_addresses’
#  223|           return -1;
#  224|       array = v;
#  225|->     if (k5_json_array_length(array) != 2)
#  226|           return -1;
#  227|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def370]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:238:22: warning[-Wanalyzer-malloc-leak]: leak of ‘addrs’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:252:1: enter_function: entry to ‘json_to_addresses’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:260:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:262:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:262:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:265:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:266:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:267:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:268:64: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:268:13: call_function: calling ‘json_to_address’ from ‘json_to_addresses’
#  236|       if (addr == NULL)
#  237|           return -1;
#  238|->     addr->addrtype = k5_json_number_value(n);
#  239|       if (k5_json_string_unbase64(s, &addr->contents, &len)) {
#  240|           free(addr);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def371]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:238:22: warning[-Wanalyzer-malloc-leak]: leak of ‘addr’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:213:1: enter_function: entry to ‘json_to_address’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:222:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:225:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:225:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:228:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:228:9: call_function: calling ‘check_element’ from ‘json_to_address’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:228:9: return_function: returning to ‘json_to_address’ from ‘check_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:229:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:231:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:231:9: call_function: calling ‘check_element’ from ‘json_to_address’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:231:9: return_function: returning to ‘json_to_address’ from ‘check_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:232:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:235:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:235:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:236:8: branch_false: following ‘false’ branch (when ‘addr’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:238:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:238:22: danger: ‘addr’ leaks here; was allocated at [(20)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/19)
#  236|       if (addr == NULL)
#  237|           return -1;
#  238|->     addr->addrtype = k5_json_number_value(n);
#  239|       if (k5_json_string_unbase64(s, &addr->contents, &len)) {
#  240|           free(addr);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def372]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:239:9: warning[-Wanalyzer-malloc-leak]: leak of ‘addrs’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:252:1: enter_function: entry to ‘json_to_addresses’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:260:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:262:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:262:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:265:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:266:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:267:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:268:64: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:268:13: call_function: calling ‘json_to_address’ from ‘json_to_addresses’
#  237|           return -1;
#  238|       addr->addrtype = k5_json_number_value(n);
#  239|->     if (k5_json_string_unbase64(s, &addr->contents, &len)) {
#  240|           free(addr);
#  241|           return -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def373]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:239:9: warning[-Wanalyzer-malloc-leak]: leak of ‘addr’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:213:1: enter_function: entry to ‘json_to_address’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:222:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:225:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:225:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:228:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:228:9: call_function: calling ‘check_element’ from ‘json_to_address’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:228:9: return_function: returning to ‘json_to_address’ from ‘check_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:229:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:231:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:231:9: call_function: calling ‘check_element’ from ‘json_to_address’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:231:9: return_function: returning to ‘json_to_address’ from ‘check_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:232:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:235:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:235:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:236:8: branch_false: following ‘false’ branch (when ‘addr’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:238:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:239:9: danger: ‘addr’ leaks here; was allocated at [(20)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/19)
#  237|           return -1;
#  238|       addr->addrtype = k5_json_number_value(n);
#  239|->     if (k5_json_string_unbase64(s, &addr->contents, &len)) {
#  240|           free(addr);
#  241|           return -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def374]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:268:13: warning[-Wanalyzer-malloc-leak]: leak of ‘addrs’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:260:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:262:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:262:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:265:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:266:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:267:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:268:64: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:268:13: danger: ‘addrs’ leaks here; was allocated at [(5)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/4)
#  266|       addrs = calloc(len + 1, sizeof(*addrs));
#  267|       for (i = 0; i < len; i++) {
#  268|->         if (json_to_address(k5_json_array_get(array, i), &addrs[i]))
#  269|               goto invalid;
#  270|       }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def375]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:271:5: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘addrs’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:260:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:262:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:262:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:265:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:266:13: acquire_memory: this call could return NULL
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:267:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:271:10: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:271:5: danger: ‘addrs + i * 8’ could be NULL: unchecked value from [(5)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/4)
#  269|               goto invalid;
#  270|       }
#  271|->     addrs[i] = NULL;
#  272|       *addresses_out = addrs;
#  273|       return 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def376]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:276:5: warning[-Wanalyzer-malloc-leak]: leak of ‘addrs’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:252:1: enter_function: entry to ‘json_to_addresses’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:260:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:262:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:262:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:265:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:266:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:267:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:268:64: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:268:13: call_function: calling ‘json_to_address’ from ‘json_to_addresses’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:268:13: return_function: returning to ‘json_to_addresses’ from ‘json_to_address’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:268:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:269:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:276:5: danger: ‘addrs’ leaks here; was allocated at [(6)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/5)
#  274|   
#  275|   invalid:
#  276|->     krb5_free_addresses(context, addrs);
#  277|       return -1;
#  278|   }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def377]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:290:5: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘ad_out’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:320:1: enter_function: entry to ‘json_to_authdata’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:328:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:330:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:333:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:334:16: acquire_memory: this call could return NULL
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:335:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:337:47: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:336:13: call_function: calling ‘json_to_authdata_element’ from ‘json_to_authdata’
#  288|       size_t len;
#  289|   
#  290|->     *ad_out = NULL;
#  291|       if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)
#  292|           return -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def378]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:291:9: warning[-Wanalyzer-malloc-leak]: leak of ‘authdata’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:320:1: enter_function: entry to ‘json_to_authdata’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:328:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:330:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:333:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:334:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:335:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:337:47: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:336:13: call_function: calling ‘json_to_authdata_element’ from ‘json_to_authdata’
#  289|   
#  290|       *ad_out = NULL;
#  291|->     if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)
#  292|           return -1;
#  293|       array = v;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def379]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:294:9: warning[-Wanalyzer-malloc-leak]: leak of ‘authdata’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:320:1: enter_function: entry to ‘json_to_authdata’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:328:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:330:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:333:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:334:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:335:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:337:47: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:336:13: call_function: calling ‘json_to_authdata_element’ from ‘json_to_authdata’
#  292|           return -1;
#  293|       array = v;
#  294|->     if (k5_json_array_length(array) != 2)
#  295|           return -1;
#  296|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def380]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:307:19: warning[-Wanalyzer-malloc-leak]: leak of ‘ad’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:282:1: enter_function: entry to ‘json_to_authdata_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:291:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:294:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:294:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:297:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:297:9: call_function: calling ‘check_element’ from ‘json_to_authdata_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:297:9: return_function: returning to ‘json_to_authdata_element’ from ‘check_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:298:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:300:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:300:9: call_function: calling ‘check_element’ from ‘json_to_authdata_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:300:9: return_function: returning to ‘json_to_authdata_element’ from ‘check_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:301:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:304:10: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:304:10: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:305:8: branch_false: following ‘false’ branch (when ‘ad’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:307:19: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:307:19: danger: ‘ad’ leaks here; was allocated at [(20)](sarif:/runs/0/results/31/codeFlows/0/threadFlows/0/locations/19)
#  305|       if (ad == NULL)
#  306|           return -1;
#  307|->     ad->ad_type = k5_json_number_value(n);
#  308|       if (k5_json_string_unbase64(s, &ad->contents, &len)) {
#  309|           free(ad);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def381]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:307:19: warning[-Wanalyzer-malloc-leak]: leak of ‘authdata’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:320:1: enter_function: entry to ‘json_to_authdata’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:328:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:330:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:333:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:334:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:335:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:337:47: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:336:13: call_function: calling ‘json_to_authdata_element’ from ‘json_to_authdata’
#  305|       if (ad == NULL)
#  306|           return -1;
#  307|->     ad->ad_type = k5_json_number_value(n);
#  308|       if (k5_json_string_unbase64(s, &ad->contents, &len)) {
#  309|           free(ad);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def382]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:308:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ad’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:282:1: enter_function: entry to ‘json_to_authdata_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:291:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:294:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:294:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:297:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:297:9: call_function: calling ‘check_element’ from ‘json_to_authdata_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:297:9: return_function: returning to ‘json_to_authdata_element’ from ‘check_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:298:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:300:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:300:9: call_function: calling ‘check_element’ from ‘json_to_authdata_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:300:9: return_function: returning to ‘json_to_authdata_element’ from ‘check_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:301:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:304:10: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:304:10: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:305:8: branch_false: following ‘false’ branch (when ‘ad’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:307:19: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:308:9: danger: ‘ad’ leaks here; was allocated at [(20)](sarif:/runs/0/results/34/codeFlows/0/threadFlows/0/locations/19)
#  306|           return -1;
#  307|       ad->ad_type = k5_json_number_value(n);
#  308|->     if (k5_json_string_unbase64(s, &ad->contents, &len)) {
#  309|           free(ad);
#  310|           return -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def383]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:308:9: warning[-Wanalyzer-malloc-leak]: leak of ‘authdata’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:320:1: enter_function: entry to ‘json_to_authdata’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:328:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:330:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:333:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:334:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:335:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:337:47: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:336:13: call_function: calling ‘json_to_authdata_element’ from ‘json_to_authdata’
#  306|           return -1;
#  307|       ad->ad_type = k5_json_number_value(n);
#  308|->     if (k5_json_string_unbase64(s, &ad->contents, &len)) {
#  309|           free(ad);
#  310|           return -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def384]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:336:13: warning[-Wanalyzer-malloc-leak]: leak of ‘authdata’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:328:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:330:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:333:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:334:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:335:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:337:47: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:336:13: danger: ‘authdata’ leaks here; was allocated at [(5)](sarif:/runs/0/results/35/codeFlows/0/threadFlows/0/locations/4)
#  334|       authdata = calloc(len + 1, sizeof(*authdata));
#  335|       for (i = 0; i < len; i++) {
#  336|->         if (json_to_authdata_element(k5_json_array_get(array, i),
#  337|                                        &authdata[i]))
#  338|               goto invalid;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def385]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:340:5: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘authdata’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:328:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:330:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:333:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:334:16: acquire_memory: this call could return NULL
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:335:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:340:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:340:5: danger: ‘authdata + i * 8’ could be NULL: unchecked value from [(5)](sarif:/runs/0/results/36/codeFlows/0/threadFlows/0/locations/4)
#  338|               goto invalid;
#  339|       }
#  340|->     authdata[i] = NULL;
#  341|       *authdata_out = authdata;
#  342|       return 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def386]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:345:5: warning[-Wanalyzer-malloc-leak]: leak of ‘authdata’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:320:1: enter_function: entry to ‘json_to_authdata’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:328:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:330:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:333:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:334:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:335:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:337:47: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:336:13: call_function: calling ‘json_to_authdata_element’ from ‘json_to_authdata’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:336:13: return_function: returning to ‘json_to_authdata’ from ‘json_to_authdata_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:336:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:338:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:345:5: danger: ‘authdata’ leaks here; was allocated at [(6)](sarif:/runs/0/results/37/codeFlows/0/threadFlows/0/locations/5)
#  343|   
#  344|   invalid:
#  345|->     krb5_free_authdata(context, authdata);
#  346|       return -1;
#  347|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def387]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:514:9: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*token.value, *token.length, & ret)’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:592:1: enter_function: entry to ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:605:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: return_function: returning to ‘krb5_gss_import_cred’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:612:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:623:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:624:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: call_function: calling ‘check_element’ from ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: return_function: returning to ‘krb5_gss_import_cred’ from ‘check_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:627:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:628:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:627:9: branch_false: following ‘false’ branch (when the strings are equal)...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:630:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:630:9: call_function: calling ‘json_to_kgcred’ from ‘krb5_gss_import_cred’
#  512|   
#  513|       *cred_out = NULL;
#  514|->     if (k5_json_array_length(array) != 14)
#  515|           return -1;
#  516|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def388]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:528:19: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*token.value, *token.length, & ret)’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:592:1: enter_function: entry to ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:605:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: return_function: returning to ‘krb5_gss_import_cred’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:612:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:623:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:624:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: call_function: calling ‘check_element’ from ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: return_function: returning to ‘krb5_gss_import_cred’ from ‘check_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:627:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:628:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:627:9: branch_false: following ‘false’ branch (when the strings are equal)...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:630:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:630:9: call_function: calling ‘json_to_kgcred’ from ‘krb5_gss_import_cred’
#  526|       if (n == NULL)
#  527|           goto invalid;
#  528|->     cred->usage = k5_json_number_value(n);
#  529|   
#  530|       if (json_to_kgname(context, k5_json_array_get(array, 1), &cred->name))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def389]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:530:9: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*token.value, *token.length, & ret)’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:592:1: enter_function: entry to ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:605:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: return_function: returning to ‘krb5_gss_import_cred’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:612:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:623:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:624:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: call_function: calling ‘check_element’ from ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: return_function: returning to ‘krb5_gss_import_cred’ from ‘check_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:627:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:628:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:627:9: branch_false: following ‘false’ branch (when the strings are equal)...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:630:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:630:9: call_function: calling ‘json_to_kgcred’ from ‘krb5_gss_import_cred’
#  528|       cred->usage = k5_json_number_value(n);
#  529|   
#  530|->     if (json_to_kgname(context, k5_json_array_get(array, 1), &cred->name))
#  531|           goto invalid;
#  532|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def390]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:9: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*token.value, *token.length, & ret)’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:592:1: enter_function: entry to ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:605:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: return_function: returning to ‘krb5_gss_import_cred’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:612:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:9: danger: ‘k5memdup0(*token.value, *token.length, & ret)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/41/codeFlows/0/threadFlows/0/locations/8)
#  615|           goto cleanup;
#  616|       }
#  617|->     if (k5_json_decode(copy, &v))
#  618|           goto invalid;
#  619|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def391]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:9: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*token.value, *token.length, & ret)’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:592:1: enter_function: entry to ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:605:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: return_function: returning to ‘krb5_gss_import_cred’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:612:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:9: danger: ‘k5memdup0(*token.value, *token.length, & ret)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/42/codeFlows/0/threadFlows/0/locations/8)
#  619|   
#  620|       /* Decode the CRED_EXPORT_MAGIC array wrapper. */
#  621|->     if (k5_json_get_tid(v) != K5_JSON_TID_ARRAY)
#  622|           goto invalid;
#  623|       array = v;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def392]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:624:9: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*token.value, *token.length, & ret)’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:592:1: enter_function: entry to ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:605:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: return_function: returning to ‘krb5_gss_import_cred’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:612:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:623:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:624:9: danger: ‘k5memdup0(*token.value, *token.length, & ret)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/43/codeFlows/0/threadFlows/0/locations/8)
#  622|           goto invalid;
#  623|       array = v;
#  624|->     if (k5_json_array_length(array) != 2)
#  625|           goto invalid;
#  626|       str = check_element(array, 0, K5_JSON_TID_STRING);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def393]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:628:9: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*token.value, *token.length, & ret)’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:592:1: enter_function: entry to ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:605:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: return_function: returning to ‘krb5_gss_import_cred’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:612:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:623:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:624:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: call_function: calling ‘check_element’ from ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: return_function: returning to ‘krb5_gss_import_cred’ from ‘check_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:627:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:628:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:628:9: danger: ‘k5memdup0(*token.value, *token.length, & ret)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/44/codeFlows/0/threadFlows/0/locations/8)
#  626|       str = check_element(array, 0, K5_JSON_TID_STRING);
#  627|       if (str == NULL ||
#  628|->         strcmp(k5_json_string_utf8(str), CRED_EXPORT_MAGIC) != 0)
#  629|           goto invalid;
#  630|       if (json_to_kgcred(context, k5_json_array_get(array, 1), &cred))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def394]
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:630:33: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*token.value, *token.length, & ret)’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:592:1: enter_function: entry to ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:605:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:611:12: return_function: returning to ‘krb5_gss_import_cred’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:612:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:617:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:621:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:623:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:624:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: call_function: calling ‘check_element’ from ‘krb5_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:626:11: return_function: returning to ‘krb5_gss_import_cred’ from ‘check_element’
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:627:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:628:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:627:9: branch_false: following ‘false’ branch (when the strings are equal)...
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:630:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_cred.c:630:33: danger: ‘k5memdup0(*token.value, *token.length, & ret)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/45/codeFlows/0/threadFlows/0/locations/8)
#  628|           strcmp(k5_json_string_utf8(str), CRED_EXPORT_MAGIC) != 0)
#  629|           goto invalid;
#  630|->     if (json_to_kgcred(context, k5_json_array_get(array, 1), &cred))
#  631|           goto invalid;
#  632|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def395]
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:63:12: warning[-Wanalyzer-malloc-leak]: leak of ‘k5alloc((long unsigned int)(length + 1), &code)’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:123:1: enter_function: entry to ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:145:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: return_function: returning to ‘krb5_gss_import_name’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:206:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: following ‘false’ branch (when ‘input_name_type’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:212:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:237:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:238:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:238:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:240:21: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:250:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:251:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:251:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:253:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:254:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:257:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:257:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:258:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:258:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:260:23: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:261:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:264:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:264:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:265:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:265:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:267:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:269:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:270:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:275:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:28: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:20: call_function: calling ‘k5alloc’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:20: return_function: returning to ‘krb5_gss_import_name’ from ‘k5alloc’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:277:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:279:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:284:16: branch_true: following ‘true’ branch (when ‘is_composite != 0’)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:285:17: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:285:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:286:26: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:291:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:292:24: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:292:24: call_function: calling ‘import_name_composite’ from ‘krb5_gss_import_name’
#   61|           return 0;
#   62|   
#   63|->     code = krb5_authdata_context_init(context, &ad_context);
#   64|       if (code != 0)
#   65|           return code;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def396]
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:63:12: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*input_name_buffer.value, *input_name_buffer.length, & code)’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:123:1: enter_function: entry to ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:145:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: return_function: returning to ‘krb5_gss_import_name’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:206:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: following ‘false’ branch (when ‘input_name_type’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:212:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:237:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:238:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:238:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:240:21: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:250:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:251:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:251:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:253:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:254:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:257:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:257:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:258:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:258:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:260:23: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:261:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:264:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:264:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:265:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:265:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:267:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:269:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:270:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:275:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:28: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:20: call_function: calling ‘k5alloc’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:20: return_function: returning to ‘krb5_gss_import_name’ from ‘k5alloc’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:277:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:279:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:284:16: branch_true: following ‘true’ branch (when ‘is_composite != 0’)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:285:17: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:285:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:286:26: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:291:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:292:24: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:292:24: call_function: calling ‘import_name_composite’ from ‘krb5_gss_import_name’
#   61|           return 0;
#   62|   
#   63|->     code = krb5_authdata_context_init(context, &ad_context);
#   64|       if (code != 0)
#   65|           return code;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def397]
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:70:12: warning[-Wanalyzer-malloc-leak]: leak of ‘k5alloc((long unsigned int)(length + 1), &code)’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:123:1: enter_function: entry to ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:145:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: return_function: returning to ‘krb5_gss_import_name’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:206:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: following ‘false’ branch (when ‘input_name_type’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:212:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:237:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:238:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:238:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:240:21: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:250:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:251:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:251:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:253:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:254:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:257:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:257:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:258:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:258:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:260:23: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:261:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:264:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:264:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:265:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:265:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:267:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:269:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:270:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:275:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:28: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:20: call_function: calling ‘k5alloc’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:20: return_function: returning to ‘krb5_gss_import_name’ from ‘k5alloc’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:277:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:279:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:284:16: branch_true: following ‘true’ branch (when ‘is_composite != 0’)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:285:17: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:285:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:286:26: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:291:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:292:24: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:292:24: call_function: calling ‘import_name_composite’ from ‘krb5_gss_import_name’
#   68|       data.length = enc_length;
#   69|   
#   70|->     code = krb5_authdata_import_attributes(context,
#   71|                                              ad_context,
#   72|                                              AD_USAGE_MASK,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def398]
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:70:12: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*input_name_buffer.value, *input_name_buffer.length, & code)’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:123:1: enter_function: entry to ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:145:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: return_function: returning to ‘krb5_gss_import_name’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:206:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: following ‘false’ branch (when ‘input_name_type’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:212:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:237:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:238:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:238:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:240:21: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:250:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:251:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:251:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:253:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:254:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:257:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:257:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:258:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:258:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:260:23: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:261:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:264:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:264:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:265:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:265:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:267:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:269:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:270:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:275:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:28: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:20: call_function: calling ‘k5alloc’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:20: return_function: returning to ‘krb5_gss_import_name’ from ‘k5alloc’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:277:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:279:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:284:16: branch_true: following ‘true’ branch (when ‘is_composite != 0’)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:285:17: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:285:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:286:26: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:291:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:292:24: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:292:24: call_function: calling ‘import_name_composite’ from ‘krb5_gss_import_name’
#   68|       data.length = enc_length;
#   69|   
#   70|->     code = krb5_authdata_import_attributes(context,
#   71|                                              ad_context,
#   72|                                              AD_USAGE_MASK,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def399]
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:75:9: warning[-Wanalyzer-malloc-leak]: leak of ‘k5alloc((long unsigned int)(length + 1), &code)’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:123:1: enter_function: entry to ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:145:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: return_function: returning to ‘krb5_gss_import_name’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:206:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: following ‘false’ branch (when ‘input_name_type’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:212:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:237:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:238:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:238:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:240:21: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:250:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:251:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:251:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:253:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:254:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:257:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:257:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:258:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:258:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:260:23: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:261:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:264:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:264:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:265:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:265:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:267:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:269:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:270:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:275:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:28: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:20: call_function: calling ‘k5alloc’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:20: return_function: returning to ‘krb5_gss_import_name’ from ‘k5alloc’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:277:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:279:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:284:16: branch_true: following ‘true’ branch (when ‘is_composite != 0’)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:285:17: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:285:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:286:26: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:291:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:292:24: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:292:24: call_function: calling ‘import_name_composite’ from ‘krb5_gss_import_name’
#   73|                                              &data);
#   74|       if (code != 0) {
#   75|->         krb5_authdata_context_free(context, ad_context);
#   76|           return code;
#   77|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def400]
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:75:9: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*input_name_buffer.value, *input_name_buffer.length, & code)’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:123:1: enter_function: entry to ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:145:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: return_function: returning to ‘krb5_gss_import_name’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:206:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: following ‘false’ branch (when ‘input_name_type’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:212:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:237:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:238:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:238:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:240:21: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:250:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:251:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:251:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:253:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:254:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:257:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:257:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:258:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:258:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:260:23: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:261:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:264:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:264:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:265:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:265:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:267:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:269:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:270:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:275:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:28: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:20: call_function: calling ‘k5alloc’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:276:20: return_function: returning to ‘krb5_gss_import_name’ from ‘k5alloc’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:277:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:279:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:284:16: branch_true: following ‘true’ branch (when ‘is_composite != 0’)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:285:17: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:285:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:286:26: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:291:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:292:24: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:292:24: call_function: calling ‘import_name_composite’ from ‘krb5_gss_import_name’
#   73|                                              &data);
#   74|       if (code != 0) {
#   75|->         krb5_authdata_context_free(context, ad_context);
#   76|           return code;
#   77|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def401]
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:162:16: warning[-Wanalyzer-malloc-leak]: leak of ‘host’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:123:1: enter_function: entry to ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:145:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_true: following ‘true’ branch (when ‘input_name_type’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:149:10: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:152:16: call_function: calling ‘parse_hostbased’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:152:16: return_function: returning to ‘krb5_gss_import_name’ from ‘parse_hostbased’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:154:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:162:16: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:162:16: danger: ‘host’ leaks here; was allocated at [(14)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/13)
#  160|            * it would require a lot of code changes.
#  161|            */
#  162|->         code = krb5_sname_to_principal(context, host, service, KRB5_NT_SRV_HST,
#  163|                                          &princ);
#  164|           if (code)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def402]
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:162:16: warning[-Wanalyzer-malloc-leak]: leak of ‘service’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:123:1: enter_function: entry to ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:145:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_true: following ‘true’ branch (when ‘input_name_type’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:149:10: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:152:16: call_function: calling ‘parse_hostbased’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:152:16: return_function: returning to ‘krb5_gss_import_name’ from ‘parse_hostbased’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:154:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:162:16: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:162:16: danger: ‘service’ leaks here; was allocated at [(10)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/9)
#  160|            * it would require a lot of code changes.
#  161|            */
#  162|->         code = krb5_sname_to_principal(context, host, service, KRB5_NT_SRV_HST,
#  163|                                          &princ);
#  164|           if (code)

Error: COMPILER_WARNING (CWE-563): [#def403]
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:198:23: warning[-Wunused-variable]: unused variable ‘pwx’
#  198 |         struct passwd pwx;
#      |                       ^~~
#  196|   #ifndef NO_PASSWORD
#  197|           uid_t uid;
#  198|->         struct passwd pwx;
#  199|           char pwbuf[BUFSIZ];
#  200|   #endif

Error: COMPILER_WARNING (CWE-563): [#def404]
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c: scope_hint: In function ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:199:14: warning[-Wunused-variable]: unused variable ‘pwbuf’
#  199 |         char pwbuf[BUFSIZ];
#      |              ^~~~~
#  197|           uid_t uid;
#  198|           struct passwd pwx;
#  199|->         char pwbuf[BUFSIZ];
#  200|   #endif
#  201|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def405]
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:222:17: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*input_name_buffer.value, *input_name_buffer.length, & code)’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:123:1: enter_function: entry to ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:145:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: return_function: returning to ‘krb5_gss_import_name’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:206:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: following ‘false’ branch (when ‘input_name_type’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:212:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:219:19: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:222:17: danger: ‘k5memdup0(*input_name_buffer.value, *input_name_buffer.length, & code)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/8)
#  220|               uid = *(uid_t *) input_name_buffer->value;
#  221|           do_getpwuid:
#  222|->             if (k5_getpwuid_r(uid, &pwx, pwbuf, sizeof(pwbuf), &pw) == 0)
#  223|                   stringrep = pw->pw_name;
#  224|               else

Error: GCC_ANALYZER_WARNING (CWE-401): [#def406]
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:307:20: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*input_name_buffer.value, *input_name_buffer.length, & code)’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:123:1: enter_function: entry to ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:145:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: return_function: returning to ‘krb5_gss_import_name’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:206:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: following ‘false’ branch (when ‘input_name_type’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:212:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:222:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:223:17: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:306:12: branch_true: following ‘true’ branch (when ‘stringrep’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:307:20: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:307:20: danger: ‘k5memdup0(*input_name_buffer.value, *input_name_buffer.length, & code)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/8)
#  305|           /* At this point, stringrep is set, or if not, code is. */
#  306|           if (stringrep) {
#  307|->             code = krb5_parse_name_flags(context, stringrep, flags, &princ);
#  308|               if (code)
#  309|                   goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def407]
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:307:20: warning[-Wanalyzer-malloc-leak]: leak of ‘stringrep’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:123:1: enter_function: entry to ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:145:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: return_function: returning to ‘krb5_gss_import_name’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:206:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_true: following ‘true’ branch (when ‘input_name_type’ is NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:306:12: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:306:12: branch_true: following ‘true’ branch (when ‘stringrep’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:307:20: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:307:20: danger: ‘stringrep’ leaks here; was allocated at [(9)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/8)
#  305|           /* At this point, stringrep is set, or if not, code is. */
#  306|           if (stringrep) {
#  307|->             code = krb5_parse_name_flags(context, stringrep, flags, &princ);
#  308|               if (code)
#  309|                   goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def408]
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:318:12: warning[-Wanalyzer-malloc-leak]: leak of ‘service’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:123:1: enter_function: entry to ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:145:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_true: following ‘true’ branch (when ‘input_name_type’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:149:10: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:152:16: call_function: calling ‘parse_hostbased’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:152:16: return_function: returning to ‘krb5_gss_import_name’ from ‘parse_hostbased’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:154:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:162:16: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:164:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:318:12: danger: ‘service’ leaks here; was allocated at [(10)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/9)
#  316|   
#  317|       /* Create a name and save it in the validation database. */
#  318|->     code = kg_init_name(context, princ, service, host, ad_context,
#  319|                           KG_INIT_NAME_NO_COPY, &name);
#  320|       if (code)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def409]
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:318:12: warning[-Wanalyzer-malloc-leak]: leak of ‘stringrep’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:123:1: enter_function: entry to ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:145:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: call_function: calling ‘k5memdup0’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:204:15: return_function: returning to ‘krb5_gss_import_name’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:206:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:211:12: branch_true: following ‘true’ branch (when ‘input_name_type’ is NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:306:12: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:306:12: branch_true: following ‘true’ branch (when ‘stringrep’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:307:20: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:308:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:318:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:318:12: danger: ‘stringrep’ leaks here; was allocated at [(9)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/8)
#  316|   
#  317|       /* Create a name and save it in the validation database. */
#  318|->     code = kg_init_name(context, princ, service, host, ad_context,
#  319|                           KG_INIT_NAME_NO_COPY, &name);
#  320|       if (code)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def410]
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:333:9: warning[-Wanalyzer-malloc-leak]: leak of ‘service’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:123:1: enter_function: entry to ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:145:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_true: following ‘true’ branch (when ‘input_name_type’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:149:10: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:152:16: call_function: calling ‘parse_hostbased’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:152:16: return_function: returning to ‘krb5_gss_import_name’ from ‘parse_hostbased’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:154:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:162:16: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:164:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:165:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:332:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:333:9: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:333:9: danger: ‘service’ leaks here; was allocated at [(10)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/9)
#  331|       *minor_status = (OM_uint32)code;
#  332|       if (*minor_status)
#  333|->         save_error_info(*minor_status, context);
#  334|       krb5_free_principal(context, princ);
#  335|       krb5_authdata_context_free(context, ad_context);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def411]
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:334:5: warning[-Wanalyzer-malloc-leak]: leak of ‘service’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:123:1: enter_function: entry to ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:145:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_true: following ‘true’ branch (when ‘input_name_type’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:149:10: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:152:16: call_function: calling ‘parse_hostbased’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:152:16: return_function: returning to ‘krb5_gss_import_name’ from ‘parse_hostbased’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:154:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:162:16: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:164:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:165:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:332:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:334:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:334:5: danger: ‘service’ leaks here; was allocated at [(10)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/9)
#  332|       if (*minor_status)
#  333|           save_error_info(*minor_status, context);
#  334|->     krb5_free_principal(context, princ);
#  335|       krb5_authdata_context_free(context, ad_context);
#  336|       krb5_free_context(context);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def412]
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:335:5: warning[-Wanalyzer-malloc-leak]: leak of ‘service’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:123:1: enter_function: entry to ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:145:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_true: following ‘true’ branch (when ‘input_name_type’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:149:10: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:152:16: call_function: calling ‘parse_hostbased’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:152:16: return_function: returning to ‘krb5_gss_import_name’ from ‘parse_hostbased’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:154:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:162:16: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:164:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:165:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:332:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:334:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:335:5: danger: ‘service’ leaks here; was allocated at [(10)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/9)
#  333|           save_error_info(*minor_status, context);
#  334|       krb5_free_principal(context, princ);
#  335|->     krb5_authdata_context_free(context, ad_context);
#  336|       krb5_free_context(context);
#  337|       free(tmp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def413]
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:336:5: warning[-Wanalyzer-malloc-leak]: leak of ‘service’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:123:1: enter_function: entry to ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:145:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:148:8: branch_true: following ‘true’ branch (when ‘input_name_type’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:149:10: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:152:16: call_function: calling ‘parse_hostbased’ from ‘krb5_gss_import_name’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:152:16: return_function: returning to ‘krb5_gss_import_name’ from ‘parse_hostbased’
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:154:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:162:16: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:164:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:165:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:332:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:334:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/import_name.c:336:5: danger: ‘service’ leaks here; was allocated at [(10)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/9)
#  334|       krb5_free_principal(context, princ);
#  335|       krb5_authdata_context_free(context, ad_context);
#  336|->     krb5_free_context(context);
#  337|       free(tmp);
#  338|       free(tmp2);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def414]
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:343:36: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘finished’
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:240:1: enter_function: entry to ‘make_gss_checksum’
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:248:16: release_memory: ‘finished’ is NULL
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:256:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:311:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:311:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:313:9: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:313:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:332:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:333:5: call_function: calling ‘k5_buf_add_uint32_le’ from ‘make_gss_checksum’
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:333:5: return_function: returning to ‘make_gss_checksum’ from ‘k5_buf_add_uint32_le’
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:335:5: call_function: calling ‘k5_buf_add_uint32_le’ from ‘make_gss_checksum’
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:335:5: return_function: returning to ‘make_gss_checksum’ from ‘k5_buf_add_uint32_le’
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:336:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:341:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:341:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:342:9: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:342:9: call_function: calling ‘k5_buf_add_uint32_be’ from ‘make_gss_checksum’
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:342:9: return_function: returning to ‘make_gss_checksum’ from ‘k5_buf_add_uint32_be’
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:343:44: release_memory: ‘finished’ is NULL
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:343:36: danger: dereference of NULL ‘finished’
#  341|       if (data->exts->iakerb.conv != NULL) {
#  342|           k5_buf_add_uint32_be(&buf, KRB5_GSS_EXTS_IAKERB_FINISHED);
#  343|->         k5_buf_add_uint32_be(&buf, finished->length);
#  344|           k5_buf_add_len(&buf, finished->data, finished->length);
#  345|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def415]
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:434:9: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc((long unsigned int)gssint_g_token_size(mech_type,  ap_req.length))’
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:364:1: enter_function: entry to ‘make_ap_req_v1’
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:384:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:387:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:410:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:414:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:418:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:428:16: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:429:13: call_function: inlined call to ‘gssalloc_malloc’ from ‘make_ap_req_v1’
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:430:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:434:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:434:9: danger: ‘malloc((long unsigned int)gssint_g_token_size(mech_type,  ap_req.length))’ leaks here; was allocated at [(9)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/8)
#  432|               goto cleanup;
#  433|           }
#  434|->         k5_buf_init_fixed(&buf, t, tlen);
#  435|           g_make_token_header(&buf, mech_type, ap_req.length, KG_TOK_CTX_AP_REQ);
#  436|           k5_buf_add_len(&buf, ap_req.data, ap_req.length);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def416]
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:517:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:492:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:500:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:507:40: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:507:8: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:514:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/init_sec_context.c:517:17: danger: ‘ctx’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  515|       ctx->magic = KG_CONTEXT;
#  516|       ctx_free = ctx;
#  517|->     if ((code = krb5_auth_con_init(context, &ctx->auth_context)))
#  518|           goto cleanup;
#  519|       krb5_auth_con_setflags(context, ctx->auth_context,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def417]
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:116:5: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc((long unsigned int)gssint_g_token_size(oid, (unsigned int)cksum_size + tmsglen + 14))’
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:274:1: enter_function: entry to ‘kg_seal’
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:308:16: call_function: calling ‘make_seal_token_v1’ from ‘kg_seal’
#  114|       if (t == NULL)
#  115|           return(ENOMEM);
#  116|->     k5_buf_init_fixed(&buf, t, tlen);
#  117|   
#  118|       /*** fill in the token */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def418]
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:166:21: warning[-Wanalyzer-malloc-leak]: leak of ‘plain’
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:274:1: enter_function: entry to ‘kg_seal’
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:308:16: call_function: calling ‘make_seal_token_v1’ from ‘kg_seal’
#  164|   
#  165|       if (conflen) {
#  166|->         if ((code = kg_make_confounder(context, enc->keyblock.enctype,
#  167|                                          plain))) {
#  168|               xfree(plain);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def419]
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:190:12: warning[-Wanalyzer-malloc-leak]: leak of ‘data_ptr’
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:274:1: enter_function: entry to ‘kg_seal’
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:308:16: call_function: calling ‘make_seal_token_v1’ from ‘kg_seal’
#  188|       plaind.length = 8 + msglen;
#  189|       plaind.data = data_ptr;
#  190|->     code = krb5_k_make_checksum(context, md5cksum.checksum_type, seq,
#  191|                                   sign_usage, &plaind, &md5cksum);
#  192|       xfree(data_ptr);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def420]
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:190:12: warning[-Wanalyzer-malloc-leak]: leak of ‘plain’
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:274:1: enter_function: entry to ‘kg_seal’
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:308:16: call_function: calling ‘make_seal_token_v1’ from ‘kg_seal’
#  188|       plaind.length = 8 + msglen;
#  189|       plaind.data = data_ptr;
#  190|->     code = krb5_k_make_checksum(context, md5cksum.checksum_type, seq,
#  191|                                   sign_usage, &plaind, &md5cksum);
#  192|       xfree(data_ptr);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def421]
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:202:5: warning[-Wanalyzer-malloc-leak]: leak of ‘plain’
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:274:1: enter_function: entry to ‘kg_seal’
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:308:16: call_function: calling ‘make_seal_token_v1’ from ‘kg_seal’
#  200|       memcpy(checksum, md5cksum.contents, cksum_size);
#  201|   
#  202|->     krb5_free_checksum_contents(context, &md5cksum);
#  203|   
#  204|       /* create the seq_num */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def422]
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:206:12: warning[-Wanalyzer-malloc-leak]: leak of ‘plain’
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:274:1: enter_function: entry to ‘kg_seal’
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:308:16: call_function: calling ‘make_seal_token_v1’ from ‘kg_seal’
#  204|       /* create the seq_num */
#  205|   
#  206|->     code = kg_make_seq_num(context, seq, direction?0:0xff,
#  207|                              (krb5_ui_4)*seqnum, checksum, metadata + 6);
#  208|       if (code) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def423]
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:222:20: warning[-Wanalyzer-malloc-leak]: leak of ‘plain’
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:339:1: enter_function: entry to ‘krb5_gss_wrap’
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:344:11: call_function: calling ‘kg_seal’ from ‘krb5_gss_wrap’
#  220|               int i;
#  221|               store_32_be(*seqnum, bigend_seqnum);
#  222|->             code = krb5_k_key_keyblock(context, enc, &enc_key);
#  223|               if (code)
#  224|               {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def424]
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:232:20: warning[-Wanalyzer-malloc-leak]: leak of ‘plain’
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:339:1: enter_function: entry to ‘krb5_gss_wrap’
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:344:11: call_function: calling ‘kg_seal’ from ‘krb5_gss_wrap’
#  230|               for (i = 0; i <= 15; i++)
#  231|                   ((char *) enc_key->contents)[i] ^=0xf0;
#  232|->             code = kg_arcfour_docrypt(enc_key, 0, bigend_seqnum, 4, plain,
#  233|                                         tmsglen, payload);
#  234|               krb5_free_keyblock (context, enc_key);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def425]
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:234:13: warning[-Wanalyzer-malloc-leak]: leak of ‘plain’
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:339:1: enter_function: entry to ‘krb5_gss_wrap’
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:344:11: call_function: calling ‘kg_seal’ from ‘krb5_gss_wrap’
#  232|               code = kg_arcfour_docrypt(enc_key, 0, bigend_seqnum, 4, plain,
#  233|                                         tmsglen, payload);
#  234|->             krb5_free_keyblock (context, enc_key);
#  235|               if (code)
#  236|               {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def426]
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:244:20: warning[-Wanalyzer-malloc-leak]: leak of ‘plain’
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:274:1: enter_function: entry to ‘kg_seal’
krb5-1.21.3/src/lib/gssapi/krb5/k5seal.c:308:16: call_function: calling ‘make_seal_token_v1’ from ‘kg_seal’
#  242|           break;
#  243|           default:
#  244|->             code = kg_encrypt(context, enc, KG_USAGE_SEAL, NULL,  plain,
#  245|                                 payload, tmsglen);
#  246|               if (code) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def427]
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:137:24: warning[-Wanalyzer-malloc-leak]: leak of ‘plain.data’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:61:1: enter_function: entry to ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:101:5: branch_true: following ‘true’ branch (when ‘key’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:113:9: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:113:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:119:30: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:119:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:132:34: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:132:15: call_function: calling ‘alloc_data’ from ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:132:15: return_function: returning to ‘gss_krb5int_make_seal_token_v3’ from ‘alloc_data’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:133:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:137:24: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:137:24: danger: ‘plain.data’ leaks here; was allocated at [(10)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/9)
#  135|   
#  136|           /* Get size of ciphertext.  */
#  137|->         encrypt_size = krb5_encrypt_size(plain.length, key->keyblock.enctype);
#  138|           if (encrypt_size > SIZE_MAX / 2) {
#  139|               err = ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def428]
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:171:15: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(bufsize)’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:61:1: enter_function: entry to ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:101:5: branch_true: following ‘true’ branch (when ‘key’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:113:9: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:113:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:119:30: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:119:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:132:34: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:132:15: call_function: calling ‘alloc_data’ from ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:132:15: return_function: returning to ‘gss_krb5int_make_seal_token_v3’ from ‘alloc_data’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:133:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:137:24: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:138:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:142:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:144:18: call_function: inlined call to ‘gssalloc_malloc’ from ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:145:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:151:9: call_function: inlined call to ‘store_16_be’ from ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:171:15: danger: ‘malloc(bufsize)’ leaks here; was allocated at [(18)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/17)
#  169|           cipher.ciphertext.length = bufsize - 16;
#  170|           cipher.enctype = key->keyblock.enctype;
#  171|->         err = krb5_k_encrypt(context, key, key_usage, 0, &plain, &cipher);
#  172|           if (err)
#  173|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def429]
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:171:15: warning[-Wanalyzer-malloc-leak]: leak of ‘plain.data’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:61:1: enter_function: entry to ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:101:5: branch_true: following ‘true’ branch (when ‘key’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:113:9: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:113:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:119:30: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:119:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:132:34: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:132:15: call_function: calling ‘alloc_data’ from ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:132:15: return_function: returning to ‘gss_krb5int_make_seal_token_v3’ from ‘alloc_data’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:133:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:137:24: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:138:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:142:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:145:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:151:9: call_function: inlined call to ‘store_16_be’ from ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:171:15: danger: ‘plain.data’ leaks here; was allocated at [(10)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/9)
#  169|           cipher.ciphertext.length = bufsize - 16;
#  170|           cipher.enctype = key->keyblock.enctype;
#  171|->         err = krb5_k_encrypt(context, key, key_usage, 0, &plain, &cipher);
#  172|           if (err)
#  173|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def430]
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:199:15: warning[-Wanalyzer-malloc-leak]: leak of ‘plain.data’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:61:1: enter_function: entry to ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:101:5: branch_true: following ‘true’ branch (when ‘key’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:113:9: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:113:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:185:46: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:185:15: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:194:5: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:195:15: call_function: calling ‘alloc_data’ from ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:195:15: return_function: returning to ‘gss_krb5int_make_seal_token_v3’ from ‘alloc_data’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:196:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:199:15: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:199:15: danger: ‘plain.data’ leaks here; was allocated at [(10)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/9)
#  197|               goto cleanup;
#  198|   
#  199|->         err = krb5_c_checksum_length(context, cksumtype, &cksumsize);
#  200|           if (err)
#  201|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def431]
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:231:9: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(bufsize)’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:61:1: enter_function: entry to ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:101:5: branch_true: following ‘true’ branch (when ‘key’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:113:9: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:113:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:185:46: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:185:15: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:194:5: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:195:15: call_function: calling ‘alloc_data’ from ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:195:15: return_function: returning to ‘gss_krb5int_make_seal_token_v3’ from ‘alloc_data’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:196:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:199:15: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:200:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:203:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:203:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:205:24: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:206:18: call_function: inlined call to ‘gssalloc_malloc’ from ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:207:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:213:9: call_function: inlined call to ‘store_16_be’ from ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:219:12: branch_true: following ‘true’ branch (when ‘toktype == 513’)...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:223:13: call_function: inlined call to ‘store_16_be’ from ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:238:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:241:15: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:243:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:247:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:231:9: danger: ‘malloc(bufsize)’ leaks here; was allocated at [(20)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/19)
#  229|               store_16_be(0xffff, outbuf+6);
#  230|           }
#  231|->         store_64_be(ctx->seq_send, outbuf+8);
#  232|   
#  233|           memcpy(plain.data, message->value, message->length);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def432]
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:241:15: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(bufsize)’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:61:1: enter_function: entry to ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:101:5: branch_true: following ‘true’ branch (when ‘key’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:113:9: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:113:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:185:46: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:185:15: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:194:5: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:195:15: call_function: calling ‘alloc_data’ from ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:195:15: return_function: returning to ‘gss_krb5int_make_seal_token_v3’ from ‘alloc_data’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:196:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:199:15: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:200:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:203:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:203:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:205:24: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:206:18: call_function: inlined call to ‘gssalloc_malloc’ from ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:207:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:213:9: call_function: inlined call to ‘store_16_be’ from ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:219:12: branch_true: following ‘true’ branch (when ‘toktype == 513’)...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:223:13: call_function: inlined call to ‘store_16_be’ from ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:238:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:241:15: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:241:15: danger: ‘malloc(bufsize)’ leaks here; was allocated at [(20)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/19)
#  239|               memcpy(outbuf + 16, message2->value, message2->length);
#  240|   
#  241|->         err = krb5_k_make_checksum(context, cksumtype, key,
#  242|                                      key_usage, &plain, &sum);
#  243|           if (err) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def433]
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:241:15: warning[-Wanalyzer-malloc-leak]: leak of ‘plain.data’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:61:1: enter_function: entry to ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:101:5: branch_true: following ‘true’ branch (when ‘key’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:113:9: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:113:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:185:46: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:185:15: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:194:5: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:195:15: call_function: calling ‘alloc_data’ from ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:195:15: return_function: returning to ‘gss_krb5int_make_seal_token_v3’ from ‘alloc_data’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:196:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:199:15: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:200:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:203:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:203:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:205:24: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:207:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:213:9: call_function: inlined call to ‘store_16_be’ from ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:219:12: branch_true: following ‘true’ branch (when ‘toktype == 513’)...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:223:13: call_function: inlined call to ‘store_16_be’ from ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:238:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:241:15: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:241:15: danger: ‘plain.data’ leaks here; was allocated at [(10)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/9)
#  239|               memcpy(outbuf + 16, message2->value, message2->length);
#  240|   
#  241|->         err = krb5_k_make_checksum(context, cksumtype, key,
#  242|                                      key_usage, &plain, &sum);
#  243|           if (err) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def434]
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:283:5: warning[-Wanalyzer-malloc-leak]: leak of ‘plain.data’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:61:1: enter_function: entry to ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:101:5: branch_true: following ‘true’ branch (when ‘key’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:113:9: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:113:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:185:46: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:185:15: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:266:15: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:195:15: call_function: calling ‘alloc_data’ from ‘gss_krb5int_make_seal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:195:15: return_function: returning to ‘gss_krb5int_make_seal_token_v3’ from ‘alloc_data’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:196:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:199:15: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:283:5: danger: ‘plain.data’ leaks here; was allocated at [(10)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/9)
#  281|   
#  282|   cleanup:
#  283|->     krb5_free_checksum_contents(context, &sum);
#  284|       zapfree(plain.data, plain.length);
#  285|       gssalloc_free(outbuf);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def435]
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:394:19: warning[-Wanalyzer-malloc-leak]: leak of ‘plain.data’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:293:1: enter_function: entry to ‘gss_krb5int_unseal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:329:8: branch_false: following ‘false’ branch (when ‘bodysize > 15’)...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:334:10: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:334:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:354:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:361:5: branch_true: following ‘true’ branch (when ‘key’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:363:8: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:363:8: branch_true: following ‘true’ branch (when ‘toktype == 513’)...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:364:13: call_function: inlined call to ‘load_16_be’ from ‘gss_krb5int_unseal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:364:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:366:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:366:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:368:14: call_function: inlined call to ‘load_16_be’ from ‘gss_krb5int_unseal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:371:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:376:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:376:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:381:16: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:391:26: call_function: inlined call to ‘gssalloc_malloc’ from ‘gss_krb5int_unseal_token_v3’
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:392:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:394:19: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5sealv3.c:394:19: danger: ‘plain.data’ leaks here; was allocated at [(21)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/20)
#  392|               if (plain.data == NULL)
#  393|                   goto no_mem;
#  394|->             err = krb5_k_decrypt(context, key, key_usage, 0,
#  395|                                    &cipher, &plain);
#  396|               if (err) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def436]
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:96:16: warning[-Wanalyzer-malloc-leak]: leak of ‘token.value’
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:338:1: enter_function: entry to ‘kg_unseal’
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:368:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:373:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:373:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:378:16: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:394:15: call_function: calling ‘kg_unseal_v1’ from ‘kg_unseal’
#   94|            * 1964 tokens. */
#   95|           *minor_status = 0;
#   96|->         return GSS_S_DEFECTIVE_TOKEN;
#   97|       }
#   98|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def437]
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:169:24: warning[-Wanalyzer-malloc-leak]: leak of ‘plain’
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:338:1: enter_function: entry to ‘kg_unseal’
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:368:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:373:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:373:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:378:16: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:394:15: call_function: calling ‘kg_unseal_v1’ from ‘kg_unseal’
#  167|                   int i;
#  168|                   store_32_be(seqnum, bigend_seqnum);
#  169|->                 code = krb5_k_key_keyblock(context, ctx->enc, &enc_key);
#  170|                   if (code)
#  171|                   {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def438]
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:180:24: warning[-Wanalyzer-malloc-leak]: leak of ‘plain’
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:338:1: enter_function: entry to ‘kg_unseal’
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:368:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:373:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:373:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:378:16: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:394:15: call_function: calling ‘kg_unseal_v1’ from ‘kg_unseal’
#  178|                   for (i = 0; i <= 15; i++)
#  179|                       ((char *) enc_key->contents)[i] ^=0xf0;
#  180|->                 code = kg_arcfour_docrypt (enc_key, 0,
#  181|                                              &bigend_seqnum[0], 4,
#  182|                                              ptr+14+cksum_len, tmsglen,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def439]
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:186:24: warning[-Wanalyzer-malloc-leak]: leak of ‘plain’
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:338:1: enter_function: entry to ‘kg_unseal’
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:368:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:373:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:373:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:378:16: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:394:15: call_function: calling ‘kg_unseal_v1’ from ‘kg_unseal’
#  184|                   krb5_free_keyblock (context, enc_key);
#  185|               } else {
#  186|->                 code = kg_decrypt(context, ctx->enc, KG_USAGE_SEAL, NULL,
#  187|                                     ptr+14+cksum_len, plain, tmsglen);
#  188|               }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def440]
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:245:12: warning[-Wanalyzer-malloc-leak]: leak of ‘token.value’
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:338:1: enter_function: entry to ‘kg_unseal’
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:368:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:373:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:373:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:378:16: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:394:15: call_function: calling ‘kg_unseal_v1’ from ‘kg_unseal’
#  243|       md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR;
#  244|   
#  245|->     code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen);
#  246|       if (code)
#  247|           return(code);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def441]
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:274:12: warning[-Wanalyzer-malloc-leak]: leak of ‘data_ptr’
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:338:1: enter_function: entry to ‘kg_unseal’
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:368:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:373:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:373:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:378:16: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:394:15: call_function: calling ‘kg_unseal_v1’ from ‘kg_unseal’
#  272|       plaind.length = 8 + plainlen;
#  273|       plaind.data = data_ptr;
#  274|->     code = krb5_k_make_checksum(context, md5cksum.checksum_type,
#  275|                                   ctx->seq, sign_usage,
#  276|                                   &plaind, &md5cksum);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def442]
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:274:12: warning[-Wanalyzer-malloc-leak]: leak of ‘token.value’
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:338:1: enter_function: entry to ‘kg_unseal’
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:368:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:373:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:373:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:378:16: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:394:15: call_function: calling ‘kg_unseal_v1’ from ‘kg_unseal’
#  272|       plaind.length = 8 + plainlen;
#  273|       plaind.data = data_ptr;
#  274|->     code = krb5_k_make_checksum(context, md5cksum.checksum_type,
#  275|                                   ctx->seq, sign_usage,
#  276|                                   &plaind, &md5cksum);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def443]
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:286:12: warning[-Wanalyzer-malloc-leak]: leak of ‘token.value’
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:338:1: enter_function: entry to ‘kg_unseal’
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:368:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:373:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:373:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:378:16: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:394:15: call_function: calling ‘kg_unseal_v1’ from ‘kg_unseal’
#  284|       }
#  285|   
#  286|->     code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len);
#  287|   
#  288|       krb5_free_checksum_contents(context, &md5cksum);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def444]
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:288:5: warning[-Wanalyzer-malloc-leak]: leak of ‘token.value’
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:338:1: enter_function: entry to ‘kg_unseal’
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:368:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:373:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:373:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:378:16: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unseal.c:394:15: call_function: calling ‘kg_unseal_v1’ from ‘kg_unseal’
#  286|       code = k5_bcmp(md5cksum.contents, ptr + 14, cksum_len);
#  287|   
#  288|->     krb5_free_checksum_contents(context, &md5cksum);
#  289|       if (sealalg != 0xffff)
#  290|           xfree(plain);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def445]
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:341:14: warning[-Wanalyzer-malloc-leak]: leak of ‘tiov’
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:635:1: enter_function: entry to ‘kg_unseal_iov’
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:652:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:653:16: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:653:16: call_function: calling ‘kg_unseal_stream_iov’ from ‘kg_unseal_iov’
#  339|       int toktype2;
#  340|   
#  341|->     header = kg_locate_header_iov(iov, iov_count, toktype);
#  342|       if (header == NULL) {
#  343|           *minor_status = EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def446]
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:534:18: warning[-Wanalyzer-malloc-leak]: leak of ‘tiov’
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:635:1: enter_function: entry to ‘kg_unseal_iov’
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:652:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:653:16: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:653:16: call_function: calling ‘kg_unseal_stream_iov’ from ‘kg_unseal_iov’
#  532|   
#  533|           if (rrc != 0) {
#  534|->             if (!gss_krb5int_rotate_left((unsigned char *)stream->buffer.value + 16,
#  535|                                            stream->buffer.length - 16, rrc)) {
#  536|                   code = ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def447]
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:543:20: warning[-Wanalyzer-malloc-leak]: leak of ‘tiov’
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:635:1: enter_function: entry to ‘kg_unseal_iov’
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:652:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:653:16: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:653:16: call_function: calling ‘kg_unseal_stream_iov’ from ‘kg_unseal_iov’
#  541|   
#  542|           if (conf_req_flag) {
#  543|->             code = krb5_c_crypto_length(context, enctype, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen);
#  544|               if (code != 0)
#  545|                   goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def448]
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:550:16: warning[-Wanalyzer-malloc-leak]: leak of ‘tiov’
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:635:1: enter_function: entry to ‘kg_unseal_iov’
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:652:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:653:16: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:653:16: call_function: calling ‘kg_unseal_stream_iov’ from ‘kg_unseal_iov’
#  548|   
#  549|           /* no PADDING for CFX, EC is used instead */
#  550|->         code = krb5_c_crypto_length(context, enctype,
#  551|                                       conf_req_flag ? KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM,
#  552|                                       &k5_trailerlen);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def449]
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:565:13: warning[-Wanalyzer-malloc-leak]: leak of ‘tiov’
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:635:1: enter_function: entry to ‘kg_unseal_iov’
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:652:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:653:16: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:653:16: call_function: calling ‘kg_unseal_stream_iov’ from ‘kg_unseal_iov’
#  563|       case KG_TOK_DEL_CTX:
#  564|           theader->buffer.length += ctx->cksum_size +
#  565|->             kg_confounder_size(context, ctx->enc->keyblock.enctype);
#  566|   
#  567|           /*

Error: GCC_ANALYZER_WARNING (CWE-401): [#def450]
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:608:16: warning[-Wanalyzer-malloc-leak]: leak of ‘tiov’
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:635:1: enter_function: entry to ‘kg_unseal_iov’
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:652:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:653:16: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/k5unsealiov.c:653:16: call_function: calling ‘kg_unseal_stream_iov’ from ‘kg_unseal_iov’
#  606|   
#  607|       if (data->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
#  608|->         code = kg_allocate_iov(tdata, tdata->buffer.length);
#  609|           if (code != 0)
#  610|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def451]
krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c:289:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c:175:1: enter_function: entry to ‘make_external_lucid_ctx_v1’
krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c:185:8: branch_false: following ‘false’ branch (when ‘lctx’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c:190:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c:200:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c:208:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c:208:13: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c:212:23: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c:212:23: call_function: calling ‘copy_keyblock_to_lucid_key’ from ‘make_external_lucid_ctx_v1’
krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c:212:23: return_function: returning to ‘make_external_lucid_ctx_v1’ from ‘copy_keyblock_to_lucid_key’
krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c:212:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c:215:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c:215:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c:216:27: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c:216:27: call_function: calling ‘copy_keyblock_to_lucid_key’ from ‘make_external_lucid_ctx_v1’
krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c:216:27: return_function: returning to ‘make_external_lucid_ctx_v1’ from ‘copy_keyblock_to_lucid_key’
krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c:216:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c:218:17: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/lucid_context.c:233:9: call_function: calling ‘free_external_lucid_ctx_v1’ from ‘make_external_lucid_ctx_v1’
#  287|                   free_lucid_key_data(&ctx->cfx_kd.acceptor_subkey);
#  288|           }
#  289|->         xfree(ctx);
#  290|           ctx = NULL;
#  291|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def452]
krb5-1.21.3/src/lib/gssapi/krb5/naming_exts.c:165:12: warning[-Wanalyzer-malloc-leak]: leak of ‘host’
krb5-1.21.3/src/lib/gssapi/krb5/naming_exts.c:139:1: enter_function: entry to ‘kg_acceptor_princ’
krb5-1.21.3/src/lib/gssapi/krb5/naming_exts.c:147:8: branch_false: following ‘false’ branch (when ‘name’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/naming_exts.c:151:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/naming_exts.c:151:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/naming_exts.c:154:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/naming_exts.c:154:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/naming_exts.c:158:15: call_function: calling ‘k5memdup0’ from ‘kg_acceptor_princ’
krb5-1.21.3/src/lib/gssapi/krb5/naming_exts.c:158:15: return_function: returning to ‘kg_acceptor_princ’ from ‘k5memdup0’
krb5-1.21.3/src/lib/gssapi/krb5/naming_exts.c:159:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/naming_exts.c:165:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/naming_exts.c:165:12: danger: ‘host’ leaks here; was allocated at [(13)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/12)
#  163|           host = "";
#  164|   
#  165|->     code = krb5_build_principal(context, princ_out, 0, "", name->service, host,
#  166|                                   (char *)NULL);
#  167|       if (*princ_out != NULL)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def453]
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:120:16: warning[-Wanalyzer-malloc-leak]: leak of ‘ns.data’
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:35:1: enter_function: entry to ‘krb5_gss_pseudo_random’
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:61:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:81:8: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:86:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:86:8: branch_false: following ‘false’ branch (when ‘desired_output_len != 0’)...
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:89:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:90:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:94:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:99:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:102:21: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:103:15: call_function: calling ‘k5alloc’ from ‘krb5_gss_pseudo_random’
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:103:15: return_function: returning to ‘krb5_gss_pseudo_random’ from ‘k5alloc’
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:104:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:109:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:110:14: call_function: calling ‘k5alloc’ from ‘krb5_gss_pseudo_random’
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:110:14: return_function: returning to ‘krb5_gss_pseudo_random’ from ‘k5alloc’
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:111:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:114:25: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:117:12: branch_true: following ‘true’ branch (when ‘desired_output_len > 0’)...
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:118:24: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:120:16: danger: ‘ns.data’ leaks here; was allocated at [(15)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/14)
#  118|           store_32_be(i, ns.data);
#  119|   
#  120|->         code = krb5_k_prf(ctx->k5_context, key, &ns, &t);
#  121|           if (code != 0)
#  122|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def454]
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:120:16: warning[-Wanalyzer-malloc-leak]: leak of ‘t.data’
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:35:1: enter_function: entry to ‘krb5_gss_pseudo_random’
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:61:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:81:8: branch_false: following ‘false’ branch (when ‘key’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:86:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:86:8: branch_false: following ‘false’ branch (when ‘desired_output_len != 0’)...
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:89:22: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:90:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:94:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:99:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:102:21: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:103:15: call_function: calling ‘k5alloc’ from ‘krb5_gss_pseudo_random’
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:103:15: return_function: returning to ‘krb5_gss_pseudo_random’ from ‘k5alloc’
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:104:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:109:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:110:14: call_function: calling ‘k5alloc’ from ‘krb5_gss_pseudo_random’
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:110:14: return_function: returning to ‘krb5_gss_pseudo_random’ from ‘k5alloc’
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:111:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:114:25: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:117:12: branch_true: following ‘true’ branch (when ‘desired_output_len > 0’)...
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:118:24: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/prf.c:120:16: danger: ‘t.data’ leaks here; was allocated at [(23)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/22)
#  118|           store_32_be(i, ns.data);
#  119|   
#  120|->         code = krb5_k_prf(ctx->k5_context, key, &ns, &t);
#  121|           if (code != 0)
#  122|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def455]
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:83:9: warning[-Wanalyzer-malloc-leak]: leak of ‘oid’
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:74:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:77:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:77:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:80:21: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:80:21: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:81:8: branch_false: following ‘false’ branch (when ‘oid’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:83:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:83:9: danger: ‘oid’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#   81|       if (oid == NULL)
#   82|           return ENOMEM;
#   83|->     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) {
#   84|           free(oid);
#   85|           return EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def456]
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:93:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:74:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:77:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:77:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:80:21: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:81:8: branch_false: following ‘false’ branch (when ‘oid’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:83:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:83:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:87:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:88:21: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:89:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:93:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:93:9: danger: ‘<unknown>’ leaks here; was allocated at [(9)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/8)
#   91|           return ENOMEM;
#   92|       }
#   93|->     if (krb5_ser_unpack_bytes((krb5_octet *) oid->elements,
#   94|                                 oid->length, &bp, &remain)) {
#   95|           free(oid->elements);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def457]
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:93:9: warning[-Wanalyzer-malloc-leak]: leak of ‘oid’
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:74:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:77:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:77:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:80:21: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:80:21: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:81:8: branch_false: following ‘false’ branch (when ‘oid’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:83:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:83:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:87:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:89:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:93:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:93:9: danger: ‘oid’ leaks here; was allocated at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#   91|           return ENOMEM;
#   92|       }
#   93|->     if (krb5_ser_unpack_bytes((krb5_octet *) oid->elements,
#   94|                                 oid->length, &bp, &remain)) {
#   95|           free(oid->elements);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def458]
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:101:9: warning[-Wanalyzer-malloc-leak]: leak of ‘oid’
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:74:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:77:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:77:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:80:21: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:80:21: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:81:8: branch_false: following ‘false’ branch (when ‘oid’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:83:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:83:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:87:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:89:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:93:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:93:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:101:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:101:9: danger: ‘oid’ leaks here; was allocated at [(5)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/4)
#   99|   
#  100|       /* Read in and check our trailing magic number */
#  101|->     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) {
#  102|           free(oid->elements);
#  103|           free(oid);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def459]
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:521:20: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:497:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:500:10: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:507:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:511:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:511:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:515:14: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:515:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:511:13: branch_true: following ‘true’ branch (when ‘ctx’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:516:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:521:20: danger: ‘ctx’ leaks here; was allocated at [(7)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/6)
#  519|   
#  520|               /* Get static data */
#  521|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  522|               ctx->initiate = (int) ibuf;
#  523|               (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def460]
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:523:20: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:497:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:500:10: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:507:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:511:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:511:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:515:14: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:515:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:511:13: branch_true: following ‘true’ branch (when ‘ctx’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:516:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:523:20: danger: ‘ctx’ leaks here; was allocated at [(7)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/6)
#  521|               (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  522|               ctx->initiate = (int) ibuf;
#  523|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  524|               ctx->established = (int) ibuf;
#  525|               (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def461]
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:525:20: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:497:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:500:10: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:507:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:511:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:511:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:515:14: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:515:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:511:13: branch_true: following ‘true’ branch (when ‘ctx’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:516:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:525:20: danger: ‘ctx’ leaks here; was allocated at [(7)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/6)
#  523|               (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  524|               ctx->established = (int) ibuf;
#  525|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  526|               ctx->have_acceptor_subkey = (int) ibuf;
#  527|               (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def462]
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:527:20: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:497:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:500:10: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:507:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:511:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:511:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:515:14: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:515:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:511:13: branch_true: following ‘true’ branch (when ‘ctx’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:516:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:527:20: danger: ‘ctx’ leaks here; was allocated at [(7)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/6)
#  525|               (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  526|               ctx->have_acceptor_subkey = (int) ibuf;
#  527|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  528|               ctx->seed_init = (int) ibuf;
#  529|               (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def463]
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:529:20: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:497:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:500:10: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:507:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:511:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:511:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:515:14: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:515:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:511:13: branch_true: following ‘true’ branch (when ‘ctx’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:516:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:529:20: danger: ‘ctx’ leaks here; was allocated at [(7)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/6)
#  527|               (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  528|               ctx->seed_init = (int) ibuf;
#  529|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  530|               ctx->gss_flags = (int) ibuf;
#  531|               (void) krb5_ser_unpack_bytes((krb5_octet *) ctx->seed,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def464]
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:531:20: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:497:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:500:10: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:507:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:511:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:511:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:515:14: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:515:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:511:13: branch_true: following ‘true’ branch (when ‘ctx’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:516:13: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/ser_sctx.c:531:20: danger: ‘ctx’ leaks here; was allocated at [(7)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/6)
#  529|               (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  530|               ctx->gss_flags = (int) ibuf;
#  531|->             (void) krb5_ser_unpack_bytes((krb5_octet *) ctx->seed,
#  532|                                            sizeof(ctx->seed),
#  533|                                            &bp, &remain);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def465]
krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c:101:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c:64:1: enter_function: entry to ‘gss_krb5int_set_allowable_enctypes’
krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c:80:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c:81:5: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c:86:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c:97:27: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c:97:18: call_function: inlined call to ‘k5calloc’ from ‘gss_krb5int_set_allowable_enctypes’
 branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c:100:24: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/set_allowable_enctypes.c:101:13: danger: ‘ptr’ leaks here; was allocated at [(7)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/6)
#   99|           goto error_out;
#  100|       for (i = 0, j = 0; i < req->num_ktypes && req->ktypes[i]; i++) {
#  101|->         if (krb5_c_valid_enctype(req->ktypes[i]))
#  102|               new_ktypes[j++] = req->ktypes[i];
#  103|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def466]
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:110:20: warning[-Wanalyzer-malloc-leak]: leak of ‘kiov’
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:102:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:104:19: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:104:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:105:8: branch_false: following ‘false’ branch (when ‘kiov’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:109:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:109:8: branch_true: following ‘true’ branch (when ‘toktype == 513’)...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:110:20: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:110:20: danger: ‘kiov’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  108|       /* Checksum over ( Header | Confounder | Data | Pad ) */
#  109|       if (toktype == KG_TOK_WRAP_MSG)
#  110|->         conf_len = kg_confounder_size(context, enc->keyblock.enctype);
#  111|   
#  112|       /* Checksum output */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def467]
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:140:25: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:102:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:104:19: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:105:8: branch_false: following ‘false’ branch (when ‘kiov’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:109:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:109:8: branch_false: following ‘false’ branch (when ‘toktype != 513’)...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:113:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:115:25: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:116:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:123:24: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:132:8: branch_false: following ‘false’ branch (when ‘toktype != 513’)...
 branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:139:17: branch_true: following ‘true’ branch (when ‘j < iov_count’)...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:140:50: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:140:25: danger: ‘<unknown>’ leaks here; was allocated at [(7)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/6)
#  138|   
#  139|       for (j = 0; j < iov_count; j++) {
#  140|->         kiov[i].flags = kg_translate_flag_iov(iov[j].type);
#  141|           kiov[i].data.length = iov[j].buffer.length;
#  142|           kiov[i].data.data = (char *)iov[j].buffer.value;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def468]
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:140:25: warning[-Wanalyzer-malloc-leak]: leak of ‘kiov’
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:102:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:104:19: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:104:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:105:8: branch_false: following ‘false’ branch (when ‘kiov’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:109:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:109:8: branch_false: following ‘false’ branch (when ‘toktype != 513’)...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:113:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:116:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:123:24: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:132:8: branch_false: following ‘false’ branch (when ‘toktype != 513’)...
 branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:139:17: branch_true: following ‘true’ branch (when ‘j < iov_count’)...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:140:50: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:140:25: danger: ‘kiov’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  138|   
#  139|       for (j = 0; j < iov_count; j++) {
#  140|->         kiov[i].flags = kg_translate_flag_iov(iov[j].type);
#  141|           kiov[i].data.length = iov[j].buffer.length;
#  142|           kiov[i].data.data = (char *)iov[j].buffer.value;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def469]
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:146:12: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:102:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:104:19: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:105:8: branch_false: following ‘false’ branch (when ‘kiov’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:109:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:109:8: branch_false: following ‘false’ branch (when ‘toktype != 513’)...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:113:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:115:25: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:116:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:123:24: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:132:8: branch_false: following ‘false’ branch (when ‘toktype != 513’)...
 branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:146:12: danger: ‘<unknown>’ leaks here; was allocated at [(7)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/6)
#  144|       }
#  145|   
#  146|->     code = krb5_k_make_checksum_iov(context, type, seq, sign_usage, kiov, i);
#  147|       if (code == 0) {
#  148|           checksum->length = kiov[0].data.length;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def470]
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:146:12: warning[-Wanalyzer-malloc-leak]: leak of ‘kiov’
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:102:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:104:19: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:104:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:105:8: branch_false: following ‘false’ branch (when ‘kiov’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:109:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:109:8: branch_false: following ‘false’ branch (when ‘toktype != 513’)...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:113:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:116:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:123:24: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:132:8: branch_false: following ‘false’ branch (when ‘toktype != 513’)...
 branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:146:12: danger: ‘kiov’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  144|       }
#  145|   
#  146|->     code = krb5_k_make_checksum_iov(context, type, seq, sign_usage, kiov, i);
#  147|       if (code == 0) {
#  148|           checksum->length = kiov[0].data.length;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def471]
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:208:25: warning[-Wanalyzer-malloc-leak]: leak of ‘kiov’
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:182:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:185:14: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:186:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:188:15: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:189:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:191:8: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:196:15: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:199:18: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:200:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:201:8: branch_false: following ‘false’ branch (when ‘kiov’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:207:17: branch_true: following ‘true’ branch (when ‘i < iov_count’)...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:208:50: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:208:25: danger: ‘kiov’ leaks here; was allocated at [(9)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/8)
#  206|       /* Data */
#  207|       for (j = 0; j < iov_count; j++) {
#  208|->         kiov[i].flags = kg_translate_flag_iov(iov[j].type);
#  209|           kiov[i].data.length = iov[j].buffer.length;
#  210|           kiov[i].data.data = (char *)iov[j].buffer.value;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def472]
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:232:16: warning[-Wanalyzer-malloc-leak]: leak of ‘kiov’
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:182:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:185:14: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:186:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:188:15: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:189:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:191:8: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:196:15: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:199:18: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:200:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:201:8: branch_false: following ‘false’ branch (when ‘kiov’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:231:8: branch_true: following ‘true’ branch (when ‘verify != 0’)...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:232:16: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:232:16: danger: ‘kiov’ leaks here; was allocated at [(9)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/8)
#  230|   
#  231|       if (verify)
#  232|->         code = krb5_k_verify_checksum_iov(context, type, key, sign_usage, kiov, kiov_count, valid);
#  233|       else
#  234|           code = krb5_k_make_checksum_iov(context, type, key, sign_usage, kiov, kiov_count);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def473]
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:234:16: warning[-Wanalyzer-malloc-leak]: leak of ‘kiov’
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:182:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:185:14: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:186:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:188:15: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:189:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:191:8: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:196:15: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:199:18: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:200:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:201:8: branch_false: following ‘false’ branch (when ‘kiov’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:231:8: branch_false: following ‘false’ branch (when ‘verify == 0’)...
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:234:16: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_cksum.c:234:16: danger: ‘kiov’ leaks here; was allocated at [(9)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/8)
#  232|           code = krb5_k_verify_checksum_iov(context, type, key, sign_usage, kiov, kiov_count, valid);
#  233|       else
#  234|->         code = krb5_k_make_checksum_iov(context, type, key, sign_usage, kiov, kiov_count);
#  235|   
#  236|       xfree(kiov);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def474]
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:128:12: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:487:1: enter_function: entry to ‘kg_decrypt_iov’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:496:12: call_function: calling ‘iv_to_state’ from ‘kg_decrypt_iov’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:496:12: return_function: returning to ‘kg_decrypt_iov’ from ‘iv_to_state’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:497:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:500:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:500:12: call_function: calling ‘kg_translate_iov’ from ‘kg_decrypt_iov’
#  126|       if (enctype == ENCTYPE_ARCFOUR_HMAC || enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
#  127|           return 8;
#  128|->     code = krb5_c_block_size(context, enctype, &blocksize);
#  129|       if (code)
#  130|           return(-1); /* XXX */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def475]
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:128:12: warning[-Wanalyzer-malloc-leak]: leak of ‘state’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:487:1: enter_function: entry to ‘kg_decrypt_iov’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:496:12: call_function: calling ‘iv_to_state’ from ‘kg_decrypt_iov’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:496:12: return_function: returning to ‘kg_decrypt_iov’ from ‘iv_to_state’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:497:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:500:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:500:12: call_function: calling ‘kg_translate_iov’ from ‘kg_decrypt_iov’
#  126|       if (enctype == ENCTYPE_ARCFOUR_HMAC || enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
#  127|           return 8;
#  128|->     code = krb5_c_block_size(context, enctype, &blocksize);
#  129|       if (code)
#  130|           return(-1); /* XXX */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def476]
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:360:12: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:487:1: enter_function: entry to ‘kg_decrypt_iov’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:496:12: call_function: calling ‘iv_to_state’ from ‘kg_decrypt_iov’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:496:12: return_function: returning to ‘kg_decrypt_iov’ from ‘iv_to_state’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:497:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:500:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:500:12: call_function: calling ‘kg_translate_iov’ from ‘kg_decrypt_iov’
#  358|       assert(trailer == NULL || rrc == 0);
#  359|   
#  360|->     code = krb5_c_crypto_length(context, enctype, KRB5_CRYPTO_TYPE_HEADER,
#  361|                                   &k5_headerlen);
#  362|       if (code != 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def477]
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:360:12: warning[-Wanalyzer-malloc-leak]: leak of ‘state’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:487:1: enter_function: entry to ‘kg_decrypt_iov’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:496:12: call_function: calling ‘iv_to_state’ from ‘kg_decrypt_iov’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:496:12: return_function: returning to ‘kg_decrypt_iov’ from ‘iv_to_state’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:497:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:500:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:500:12: call_function: calling ‘kg_translate_iov’ from ‘kg_decrypt_iov’
#  358|       assert(trailer == NULL || rrc == 0);
#  359|   
#  360|->     code = krb5_c_crypto_length(context, enctype, KRB5_CRYPTO_TYPE_HEADER,
#  361|                                   &k5_headerlen);
#  362|       if (code != 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def478]
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:365:12: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:487:1: enter_function: entry to ‘kg_decrypt_iov’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:496:12: call_function: calling ‘iv_to_state’ from ‘kg_decrypt_iov’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:496:12: return_function: returning to ‘kg_decrypt_iov’ from ‘iv_to_state’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:497:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:500:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:500:12: call_function: calling ‘kg_translate_iov’ from ‘kg_decrypt_iov’
#  363|           return code;
#  364|   
#  365|->     code = krb5_c_crypto_length(context, enctype, KRB5_CRYPTO_TYPE_TRAILER,
#  366|                                   &k5_trailerlen);
#  367|       if (code != 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def479]
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:365:12: warning[-Wanalyzer-malloc-leak]: leak of ‘state’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:487:1: enter_function: entry to ‘kg_decrypt_iov’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:496:12: call_function: calling ‘iv_to_state’ from ‘kg_decrypt_iov’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:496:12: return_function: returning to ‘kg_decrypt_iov’ from ‘iv_to_state’
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:497:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:500:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/krb5/util_crypt.c:500:12: call_function: calling ‘kg_translate_iov’ from ‘kg_decrypt_iov’
#  363|           return code;
#  364|   
#  365|->     code = krb5_c_crypto_length(context, enctype, KRB5_CRYPTO_TYPE_TRAILER,
#  366|                                   &k5_trailerlen);
#  367|       if (code != 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def480]
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:296:12: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:324:1: enter_function: entry to ‘copy_union_cred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:334:8: branch_false: following ‘false’ branch (when ‘ncred’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:26: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:338:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:342:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:344:49: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:345:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:347:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:350:18: call_function: calling ‘copy_mech_cred’ from ‘copy_union_cred’
#  294|       gss_OID_set_desc oidset;
#  295|   
#  296|->     mech = gssint_get_mechanism(mech_oid);
#  297|       if (mech == NULL)
#  298|   	return (GSS_S_BAD_MECH);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def481]
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:296:12: warning[-Wanalyzer-malloc-leak]: leak of ‘ncred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:324:1: enter_function: entry to ‘copy_union_cred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:333:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:334:8: branch_false: following ‘false’ branch (when ‘ncred’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:338:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:342:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:344:49: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:345:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:347:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:350:18: call_function: calling ‘copy_mech_cred’ from ‘copy_union_cred’
#  294|       gss_OID_set_desc oidset;
#  295|   
#  296|->     mech = gssint_get_mechanism(mech_oid);
#  297|       if (mech == NULL)
#  298|   	return (GSS_S_BAD_MECH);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def482]
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:300:18: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:324:1: enter_function: entry to ‘copy_union_cred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:334:8: branch_false: following ‘false’ branch (when ‘ncred’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:26: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:338:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:342:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:344:49: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:345:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:347:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:350:18: call_function: calling ‘copy_mech_cred’ from ‘copy_union_cred’
#  298|   	return (GSS_S_BAD_MECH);
#  299|       if (mech->gss_export_cred != NULL && mech->gss_import_cred != NULL) {
#  300|-> 	status = mech->gss_export_cred(minor_status, cred_in, &buf);
#  301|   	if (status != GSS_S_COMPLETE)
#  302|   	    return (status);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def483]
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:300:18: warning[-Wanalyzer-malloc-leak]: leak of ‘ncred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:324:1: enter_function: entry to ‘copy_union_cred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:333:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:334:8: branch_false: following ‘false’ branch (when ‘ncred’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:338:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:342:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:344:49: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:345:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:347:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:350:18: call_function: calling ‘copy_mech_cred’ from ‘copy_union_cred’
#  298|   	return (GSS_S_BAD_MECH);
#  299|       if (mech->gss_export_cred != NULL && mech->gss_import_cred != NULL) {
#  300|-> 	status = mech->gss_export_cred(minor_status, cred_in, &buf);
#  301|   	if (status != GSS_S_COMPLETE)
#  302|   	    return (status);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def484]
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:303:18: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:324:1: enter_function: entry to ‘copy_union_cred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:334:8: branch_false: following ‘false’ branch (when ‘ncred’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:26: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:338:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:342:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:344:49: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:345:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:347:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:350:18: call_function: calling ‘copy_mech_cred’ from ‘copy_union_cred’
#  301|   	if (status != GSS_S_COMPLETE)
#  302|   	    return (status);
#  303|-> 	status = mech->gss_import_cred(minor_status, &buf, cred_out);
#  304|   	(void) gss_release_buffer(&tmpmin, &buf);
#  305|       } else if (mech->gss_inquire_cred != NULL &&

Error: GCC_ANALYZER_WARNING (CWE-401): [#def485]
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:303:18: warning[-Wanalyzer-malloc-leak]: leak of ‘ncred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:324:1: enter_function: entry to ‘copy_union_cred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:333:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:334:8: branch_false: following ‘false’ branch (when ‘ncred’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:338:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:342:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:344:49: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:345:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:347:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:350:18: call_function: calling ‘copy_mech_cred’ from ‘copy_union_cred’
#  301|   	if (status != GSS_S_COMPLETE)
#  302|   	    return (status);
#  303|-> 	status = mech->gss_import_cred(minor_status, &buf, cred_out);
#  304|   	(void) gss_release_buffer(&tmpmin, &buf);
#  305|       } else if (mech->gss_inquire_cred != NULL &&

Error: GCC_ANALYZER_WARNING (CWE-401): [#def486]
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:304:16: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:324:1: enter_function: entry to ‘copy_union_cred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:334:8: branch_false: following ‘false’ branch (when ‘ncred’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:26: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:338:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:342:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:344:49: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:345:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:347:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:350:18: call_function: calling ‘copy_mech_cred’ from ‘copy_union_cred’
#  302|   	    return (status);
#  303|   	status = mech->gss_import_cred(minor_status, &buf, cred_out);
#  304|-> 	(void) gss_release_buffer(&tmpmin, &buf);
#  305|       } else if (mech->gss_inquire_cred != NULL &&
#  306|   	       mech->gss_acquire_cred != NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def487]
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:304:16: warning[-Wanalyzer-malloc-leak]: leak of ‘ncred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:324:1: enter_function: entry to ‘copy_union_cred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:333:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:334:8: branch_false: following ‘false’ branch (when ‘ncred’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:338:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:342:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:344:49: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:345:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:347:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:350:18: call_function: calling ‘copy_mech_cred’ from ‘copy_union_cred’
#  302|   	    return (status);
#  303|   	status = mech->gss_import_cred(minor_status, &buf, cred_out);
#  304|-> 	(void) gss_release_buffer(&tmpmin, &buf);
#  305|       } else if (mech->gss_inquire_cred != NULL &&
#  306|   	       mech->gss_acquire_cred != NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def488]
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:307:18: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:324:1: enter_function: entry to ‘copy_union_cred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:334:8: branch_false: following ‘false’ branch (when ‘ncred’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:26: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:338:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:342:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:344:49: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:345:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:347:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:350:18: call_function: calling ‘copy_mech_cred’ from ‘copy_union_cred’
#  305|       } else if (mech->gss_inquire_cred != NULL &&
#  306|   	       mech->gss_acquire_cred != NULL) {
#  307|-> 	status = mech->gss_inquire_cred(minor_status, cred_in, &name, &life,
#  308|   					&usage, NULL);
#  309|   	if (status != GSS_S_COMPLETE)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def489]
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:307:18: warning[-Wanalyzer-malloc-leak]: leak of ‘ncred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:324:1: enter_function: entry to ‘copy_union_cred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:333:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:334:8: branch_false: following ‘false’ branch (when ‘ncred’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:338:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:342:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:344:49: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:345:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:347:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:350:18: call_function: calling ‘copy_mech_cred’ from ‘copy_union_cred’
#  305|       } else if (mech->gss_inquire_cred != NULL &&
#  306|   	       mech->gss_acquire_cred != NULL) {
#  307|-> 	status = mech->gss_inquire_cred(minor_status, cred_in, &name, &life,
#  308|   					&usage, NULL);
#  309|   	if (status != GSS_S_COMPLETE)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def490]
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:312:27: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:324:1: enter_function: entry to ‘copy_union_cred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:334:8: branch_false: following ‘false’ branch (when ‘ncred’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:26: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:338:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:342:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:344:49: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:345:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:347:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:350:18: call_function: calling ‘copy_mech_cred’ from ‘copy_union_cred’
#  310|   	    return (status);
#  311|   	oidset.count = 1;
#  312|-> 	oidset.elements = gssint_get_public_oid(mech_oid);
#  313|   	status = mech->gss_acquire_cred(minor_status, name, life, &oidset,
#  314|   					usage, cred_out, NULL, NULL);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def491]
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:312:27: warning[-Wanalyzer-malloc-leak]: leak of ‘ncred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:324:1: enter_function: entry to ‘copy_union_cred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:333:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:334:8: branch_false: following ‘false’ branch (when ‘ncred’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:338:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:342:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:344:49: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:345:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:347:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:350:18: call_function: calling ‘copy_mech_cred’ from ‘copy_union_cred’
#  310|   	    return (status);
#  311|   	oidset.count = 1;
#  312|-> 	oidset.elements = gssint_get_public_oid(mech_oid);
#  313|   	status = mech->gss_acquire_cred(minor_status, name, life, &oidset,
#  314|   					usage, cred_out, NULL, NULL);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def492]
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:313:18: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:324:1: enter_function: entry to ‘copy_union_cred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:334:8: branch_false: following ‘false’ branch (when ‘ncred’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:26: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:338:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:342:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:344:49: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:345:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:347:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:350:18: call_function: calling ‘copy_mech_cred’ from ‘copy_union_cred’
#  311|   	oidset.count = 1;
#  312|   	oidset.elements = gssint_get_public_oid(mech_oid);
#  313|-> 	status = mech->gss_acquire_cred(minor_status, name, life, &oidset,
#  314|   					usage, cred_out, NULL, NULL);
#  315|   	gss_release_name(&tmpmin, &name);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def493]
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:313:18: warning[-Wanalyzer-malloc-leak]: leak of ‘ncred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:324:1: enter_function: entry to ‘copy_union_cred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:333:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:334:8: branch_false: following ‘false’ branch (when ‘ncred’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:338:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:342:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:344:49: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:345:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:347:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:350:18: call_function: calling ‘copy_mech_cred’ from ‘copy_union_cred’
#  311|   	oidset.count = 1;
#  312|   	oidset.elements = gssint_get_public_oid(mech_oid);
#  313|-> 	status = mech->gss_acquire_cred(minor_status, name, life, &oidset,
#  314|   					usage, cred_out, NULL, NULL);
#  315|   	gss_release_name(&tmpmin, &name);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def494]
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:315:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:324:1: enter_function: entry to ‘copy_union_cred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:334:8: branch_false: following ‘false’ branch (when ‘ncred’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:26: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:338:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:342:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:344:49: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:345:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:347:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:350:18: call_function: calling ‘copy_mech_cred’ from ‘copy_union_cred’
#  313|   	status = mech->gss_acquire_cred(minor_status, name, life, &oidset,
#  314|   					usage, cred_out, NULL, NULL);
#  315|-> 	gss_release_name(&tmpmin, &name);
#  316|       } else {
#  317|   	status = GSS_S_UNAVAILABLE;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def495]
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:315:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ncred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:324:1: enter_function: entry to ‘copy_union_cred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:333:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:334:8: branch_false: following ‘false’ branch (when ‘ncred’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:336:33: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:338:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:342:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:344:49: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:345:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:347:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred.c:350:18: call_function: calling ‘copy_mech_cred’ from ‘copy_union_cred’
#  313|   	status = mech->gss_acquire_cred(minor_status, name, life, &oidset,
#  314|   					usage, cred_out, NULL, NULL);
#  315|-> 	gss_release_name(&tmpmin, &name);
#  316|       } else {
#  317|   	status = GSS_S_UNAVAILABLE;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def496]
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:446:18: warning[-Wanalyzer-malloc-leak]: leak of ‘new_cred_array’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:295:1: enter_function: entry to ‘gss_add_cred_with_password’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:322:14: call_function: calling ‘val_add_cred_pw_args’ from ‘gss_add_cred_with_password’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:322:14: return_function: returning to ‘gss_add_cred_with_password’ from ‘val_add_cred_pw_args’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:334:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:337:14: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:339:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:342:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:343:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:345:10: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:345:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:348:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:348:8: branch_false: following ‘false’ branch (when ‘input_cred_handle’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:359:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:359:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:366:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:370:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:374:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:388:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:391:14: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:394:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:397:14: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:406:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:413:41: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:416:9: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:418:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:423:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:423:8: branch_false: following ‘false’ branch (when ‘acceptor_time_rec’ is NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:426:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:426:8: branch_false: following ‘false’ branch (when ‘initiator_time_rec’ is NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:434:43: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:439:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:443:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:445:8: branch_true: following ‘true’ branch (when ‘actual_mechs’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:446:18: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:446:18: danger: ‘new_cred_array’ leaks here; was allocated at [(41)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/40)
#  444|   
#  445|       if (actual_mechs != NULL) {
#  446|-> 	status = gssint_make_public_oid_set(minor_status, new_mechs_array,
#  447|   					    union_cred->count + 1,
#  448|   					    actual_mechs);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def497]
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:446:18: warning[-Wanalyzer-malloc-leak]: leak of ‘new_mechs_array’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:295:1: enter_function: entry to ‘gss_add_cred_with_password’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:322:14: call_function: calling ‘val_add_cred_pw_args’ from ‘gss_add_cred_with_password’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:322:14: return_function: returning to ‘gss_add_cred_with_password’ from ‘val_add_cred_pw_args’
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:334:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:337:14: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:339:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:342:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:343:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:345:10: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:345:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:348:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:348:8: branch_false: following ‘false’ branch (when ‘input_cred_handle’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:359:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:359:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:366:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:370:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:374:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:388:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:391:14: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:394:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:397:14: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:406:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:413:41: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:413:9: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:418:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:423:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:423:8: branch_false: following ‘false’ branch (when ‘acceptor_time_rec’ is NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:426:8: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:426:8: branch_false: following ‘false’ branch (when ‘initiator_time_rec’ is NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:434:43: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:439:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:443:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:445:8: branch_true: following ‘true’ branch (when ‘actual_mechs’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:446:18: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c:446:18: danger: ‘new_mechs_array’ leaks here; was allocated at [(41)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/40)
#  444|   
#  445|       if (actual_mechs != NULL) {
#  446|-> 	status = gssint_make_public_oid_set(minor_status, new_mechs_array,
#  447|   					    union_cred->count + 1,
#  448|   					    actual_mechs);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def498]
krb5-1.21.3/src/lib/gssapi/mechglue/g_canon_name.c:102:21: warning[-Wanalyzer-malloc-leak]: leak of ‘out_union’
krb5-1.21.3/src/lib/gssapi/mechglue/g_canon_name.c:57:1: enter_function: entry to ‘gss_canonicalize_name’
krb5-1.21.3/src/lib/gssapi/mechglue/g_canon_name.c:64:24: call_function: inlined call to ‘val_canon_name_args’ from ‘gss_canonicalize_name’
krb5-1.21.3/src/lib/gssapi/mechglue/g_canon_name.c:71:24: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_canon_name.c:73:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_canon_name.c:84:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_canon_name.c:84:12: branch_false: following ‘false’ branch (when ‘output_name’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_canon_name.c:91:43: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_canon_name.c:91:43: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_canon_name.c:92:20: branch_false: following ‘false’ branch (when ‘out_union’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_canon_name.c:95:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_canon_name.c:102:21: danger: ‘out_union’ leaks here; was allocated at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10)
#  100|   
#  101|   		/* Allocate the buffer for the user specified representation */
#  102|-> 		if (gssint_create_copy_buffer(in_union->external_name,
#  103|   				&out_union->external_name, 1))
#  104|   			goto allocation_failure;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def499]
krb5-1.21.3/src/lib/gssapi/mechglue/g_dup_name.c:81:13: warning[-Wanalyzer-malloc-leak]: leak of ‘dest_union’
krb5-1.21.3/src/lib/gssapi/mechglue/g_dup_name.c:54:1: enter_function: entry to ‘gss_duplicate_name’
krb5-1.21.3/src/lib/gssapi/mechglue/g_dup_name.c:60:24: call_function: inlined call to ‘val_dup_name_args’ from ‘gss_duplicate_name’
krb5-1.21.3/src/lib/gssapi/mechglue/g_dup_name.c:70:40: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_dup_name.c:70:40: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_dup_name.c:71:12: branch_false: following ‘false’ branch (when ‘dest_union’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_dup_name.c:74:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_dup_name.c:81:13: danger: ‘dest_union’ leaks here; was allocated at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10)
#   79|   
#   80|   	/* Now copy the external representation. */
#   81|-> 	if (gssint_create_copy_buffer(src_union->external_name,
#   82|   				&dest_union->external_name, 0))
#   83|   		goto allocation_failure;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def500]
krb5-1.21.3/src/lib/gssapi/mechglue/g_glue.c:404:20: warning[-Wanalyzer-malloc-leak]: leak of ‘union_name’
krb5-1.21.3/src/lib/gssapi/mechglue/g_glue.c:392:37: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_glue.c:393:8: branch_false: following ‘false’ branch (when ‘union_name’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_glue.c:399:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_glue.c:404:20: danger: ‘union_name’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  402|       union_name->external_name = 0;
#  403|   
#  404|->     major_status = generic_gss_copy_oid(minor_status, &mech->mech_type,
#  405|   					&union_name->mech_type);
#  406|       if (major_status != GSS_S_COMPLETE) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def501]
krb5-1.21.3/src/lib/gssapi/mechglue/g_glue.c:532:14: warning[-Wanalyzer-malloc-leak]: leak of ‘ctx’
krb5-1.21.3/src/lib/gssapi/mechglue/g_glue.c:526:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_glue.c:527:8: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_glue.c:532:14: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_glue.c:532:14: danger: ‘ctx’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  530|       }
#  531|   
#  532|->     status = generic_gss_copy_oid(minor, mech_oid, &ctx->mech_type);
#  533|       if (status != GSS_S_COMPLETE) {
#  534|   	free(ctx);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def502]
krb5-1.21.3/src/lib/gssapi/mechglue/g_imp_name.c:120:20: warning[-Wanalyzer-malloc-leak]: leak of ‘union_name’
krb5-1.21.3/src/lib/gssapi/mechglue/g_imp_name.c:84:1: enter_function: entry to ‘gss_import_name’
krb5-1.21.3/src/lib/gssapi/mechglue/g_imp_name.c:93:20: call_function: calling ‘val_imp_name_args’ from ‘gss_import_name’
krb5-1.21.3/src/lib/gssapi/mechglue/g_imp_name.c:93:20: return_function: returning to ‘gss_import_name’ from ‘val_imp_name_args’
krb5-1.21.3/src/lib/gssapi/mechglue/g_imp_name.c:96:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_imp_name.c:103:37: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_imp_name.c:103:37: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_imp_name.c:104:8: branch_false: following ‘false’ branch (when ‘union_name’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_imp_name.c:107:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_imp_name.c:120:20: danger: ‘union_name’ leaks here; was allocated at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10)
#  118|        * the case, then we make it MN in this call.
#  119|        */
#  120|->     major_status = gssint_create_copy_buffer(input_name_buffer,
#  121|   					    &union_name->external_name, 0);
#  122|       if (major_status != GSS_S_COMPLETE) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def503]
krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c:1592:17: warning[-Wanalyzer-malloc-leak]: leak of ‘aMech’
krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c:1502:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c:1510:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c:1512:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c:1517:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c:1526:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c:1533:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c:1543:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c:1576:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c:1576:17: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c:1577:12: branch_false: following ‘false’ branch (when ‘aMech’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c:1581:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c:1587:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c:1588:20: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c:1588:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c:1590:20: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c:1590:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c:1592:17: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_initialize.c:1592:17: danger: ‘aMech’ leaks here; was allocated at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
# 1590|   		if (aMech->mechNameStr)
# 1591|   			free(aMech->mechNameStr);
# 1592|-> 		generic_gss_release_oid(&minor, &mechOid);
# 1593|   		free(aMech);
# 1594|   		return;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def504]
krb5-1.21.3/src/lib/gssapi/mechglue/g_mechname.c:86:20: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
krb5-1.21.3/src/lib/gssapi/mechglue/g_mechname.c:57:1: enter_function: entry to ‘gss_add_mech_name_type’
krb5-1.21.3/src/lib/gssapi/mechglue/g_mechname.c:63:9: call_function: calling ‘search_mech_spec’ from ‘gss_add_mech_name_type’
krb5-1.21.3/src/lib/gssapi/mechglue/g_mechname.c:63:9: return_function: returning to ‘gss_add_mech_name_type’ from ‘search_mech_spec’
krb5-1.21.3/src/lib/gssapi/mechglue/g_mechname.c:64:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_mechname.c:77:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_mechname.c:77:9: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_mechname.c:78:8: branch_false: following ‘false’ branch (when ‘p’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/mechglue/g_mechname.c:83:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_mechname.c:86:20: danger: ‘p’ leaks here; was allocated at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#   84|       p->mech = 0;
#   85|   
#   86|->     major_status = generic_gss_copy_oid(minor_status, name_type,
#   87|   					&p->name_type);
#   88|       if (major_status) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def505]
krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c:65:14: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c:50:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c:55:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c:58:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c:59:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c:63:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c:65:14: danger: ‘<unknown>’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#   63|       cred->cred_array[0] = mech_cred;
#   64|   
#   65|->     status = generic_gss_copy_oid(minor_status,
#   66|                                     &mech->mech_type,
#   67|                                     &cred->mechs_array);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def506]
krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c:65:14: warning[-Wanalyzer-malloc-leak]: leak of ‘cred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c:49:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c:50:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c:55:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c:59:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c:63:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c:65:14: danger: ‘cred’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   63|       cred->cred_array[0] = mech_cred;
#   64|   
#   65|->     status = generic_gss_copy_oid(minor_status,
#   66|                                     &mech->mech_type,
#   67|                                     &cred->mechs_array);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def507]
krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c:76:9: warning[-Wanalyzer-malloc-leak]: leak of ‘cred’
krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c:49:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c:50:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c:55:5: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c:59:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c:60:9: branch_true: ...to here
krb5-1.21.3/src/lib/gssapi/mechglue/g_set_cred_option.c:76:9: danger: ‘cred’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#   74|   cleanup:
#   75|       if (status != GSS_S_COMPLETE)
#   76|-> 	gss_release_cred(&temp_minor_status, (gss_cred_id_t *)&cred);
#   77|   
#   78|       return status;

Error: COMPILER_WARNING (CWE-563): [#def508]
krb5-1.21.3/src/lib/gssapi/mechglue/gssd_pname_to_uid.c:198:10: warning[-Wunused-variable]: unused variable ‘pwbuf’
#  198 |     char pwbuf[BUFSIZ];
#      |          ^~~~~
#  196|   #ifndef NO_PASSWORD
#  197|       gss_buffer_desc localname;
#  198|->     char pwbuf[BUFSIZ];
#  199|       char *localuser = NULL;
#  200|       struct passwd *pwd = NULL;

Error: COMPILER_WARNING (CWE-563): [#def509]
krb5-1.21.3/src/lib/gssapi/mechglue/gssd_pname_to_uid.c: scope_hint: In function ‘gss_pname_to_uid’
krb5-1.21.3/src/lib/gssapi/mechglue/gssd_pname_to_uid.c:201:19: warning[-Wunused-variable]: unused variable ‘pw’
#  201 |     struct passwd pw;
#      |                   ^~
#  199|       char *localuser = NULL;
#  200|       struct passwd *pwd = NULL;
#  201|->     struct passwd pw;
#  202|       int code = 0;
#  203|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def510]
krb5-1.21.3/src/lib/gssapi/spnego/negoex_util.c:741:13: warning[-Wanalyzer-malloc-leak]: leak of ‘mech’
krb5-1.21.3/src/lib/gssapi/spnego/negoex_util.c:735:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/gssapi/spnego/negoex_util.c:736:8: branch_false: following ‘false’ branch (when ‘mech’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/spnego/negoex_util.c:741:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/spnego/negoex_util.c:741:13: danger: ‘mech’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  739|       }
#  740|   
#  741|->     major = generic_gss_copy_oid(minor, (gss_OID)oid, &mech->oid);
#  742|       if (major != GSS_S_COMPLETE) {
#  743|           free(mech);

Error: GCC_ANALYZER_WARNING (CWE-131): [#def511]
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2651:9: warning[-Wanalyzer-allocation-size]: allocated buffer size is not a multiple of the pointee's size
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2608:1: enter_function: entry to ‘spnego_gss_acquire_cred_impersonate_name’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2632:21: branch_false: following ‘false’ branch (when ‘impersonator_cred_handle’ is NULL)...
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2633:18: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2635:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2638:18: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2643:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2646:18: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2646:18: call_function: calling ‘create_spnego_cred’ from ‘spnego_gss_acquire_cred_impersonate_name’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2646:18: return_function: returning to ‘spnego_gss_acquire_cred_impersonate_name’ from ‘create_spnego_cred’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2647:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2650:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2651:9: danger: assigned to ‘gss_cred_id_t’ {{aka ‘struct gss_cred_id_struct *’}} here; ‘sizeof (struct gss_cred_id_struct)’ is ‘32’
# 2649|   
# 2650|   	out_mcred = GSS_C_NO_CREDENTIAL;
# 2651|-> 	*output_cred_handle = (gss_cred_id_t)out_spcred;
# 2652|   
# 2653|   cleanup:

Error: GCC_ANALYZER_WARNING (CWE-131): [#def512]
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2703:9: warning[-Wanalyzer-allocation-size]: allocated buffer size is not a multiple of the pointee's size
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2662:1: enter_function: entry to ‘spnego_gss_acquire_cred_with_password’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2685:18: call_function: calling ‘get_available_mechs’ from ‘spnego_gss_acquire_cred_with_password’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2685:18: return_function: returning to ‘spnego_gss_acquire_cred_with_password’ from ‘get_available_mechs’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2688:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2691:18: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2695:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2698:18: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2698:18: call_function: calling ‘create_spnego_cred’ from ‘spnego_gss_acquire_cred_with_password’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2698:18: return_function: returning to ‘spnego_gss_acquire_cred_with_password’ from ‘create_spnego_cred’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2699:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2702:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2703:9: danger: assigned to ‘gss_cred_id_t’ {{aka ‘struct gss_cred_id_struct *’}} here; ‘sizeof (struct gss_cred_id_struct)’ is ‘32’
# 2701|   
# 2702|   	mcred = GSS_C_NO_CREDENTIAL;
# 2703|-> 	*output_cred_handle = (gss_cred_id_t)spcred;
# 2704|   
# 2705|   cleanup:

Error: GCC_ANALYZER_WARNING (CWE-131): [#def513]
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2987:9: warning[-Wanalyzer-allocation-size]: allocated buffer size is not a multiple of the pointee's size
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2971:1: enter_function: entry to ‘spnego_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2980:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2983:15: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2983:15: call_function: calling ‘create_spnego_cred’ from ‘spnego_gss_import_cred’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2983:15: return_function: returning to ‘spnego_gss_import_cred’ from ‘create_spnego_cred’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2984:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2987:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:2987:9: danger: assigned to ‘gss_cred_id_t’ {{aka ‘struct gss_cred_id_struct *’}} here; ‘sizeof (struct gss_cred_id_struct)’ is ‘32’
# 2985|   	    return (ret);
# 2986|   
# 2987|-> 	*cred_handle = (gss_cred_id_t)spcred;
# 2988|   	return (ret);
# 2989|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def514]
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3376:9: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(k5_der_value_len(ilen))’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3362:1: enter_function: entry to ‘put_mech_set’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3373:15: call_function: inlined call to ‘gssalloc_malloc’ from ‘put_mech_set’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3374:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3376:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3376:9: danger: ‘malloc(k5_der_value_len(ilen))’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
# 3374|   	if (ptr == NULL)
# 3375|   		return -1;
# 3376|-> 	k5_buf_init_fixed(&buf, ptr, tlen);
# 3377|   
# 3378|   	k5_der_add_taglen(&buf, SEQUENCE_OF, ilen);

Error: CPPCHECK_WARNING (CWE-401): [#def515]
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3608: error[memleak]: Memory leak: buffer.value
# 3606|   	}
# 3607|   
# 3608|-> 	return (buffer);
# 3609|   }
# 3610|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def516]
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3662:9: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(k5_der_value_len(k5_der_value_len(k5_der_value_len(fields_len)) + k5_der_value_len(6)))’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3618:1: enter_function: entry to ‘make_spnego_tokenInit_msg’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3628:12: branch_false: following ‘false’ branch (when ‘outbuf’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3631:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3639:12: branch_false: following ‘false’ branch (when ‘token’ is NULL)...
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3644:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3644:12: branch_false: following ‘false’ branch (when ‘mic’ is NULL)...
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3651:19: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3655:20: call_function: calling ‘k5_der_value_len’ from ‘make_spnego_tokenInit_msg’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3655:20: return_function: returning to ‘make_spnego_tokenInit_msg’ from ‘k5_der_value_len’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3659:13: call_function: inlined call to ‘gssalloc_malloc’ from ‘make_spnego_tokenInit_msg’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3660:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3662:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3662:9: danger: ‘malloc(k5_der_value_len(k5_der_value_len(k5_der_value_len(fields_len)) + k5_der_value_len(6)))’ leaks here; was allocated at [(15)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/14)
# 3660|   	if (t == NULL)
# 3661|   		return (-1);
# 3662|-> 	k5_buf_init_fixed(&buf, t, framed_len);
# 3663|   
# 3664|   	/* Add generic token framing. */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def517]
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3748:9: warning[-Wanalyzer-malloc-leak]: leak of ‘malloc(k5_der_value_len(k5_der_value_len(fields_len)))’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3702:1: enter_function: entry to ‘make_spnego_tokenTarg_msg’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3711:12: branch_false: following ‘false’ branch (when ‘outbuf’ is non-NULL)...
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3713:13: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3713:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3716:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3723:23: call_function: calling ‘k5_der_value_len’ from ‘make_spnego_tokenTarg_msg’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3723:23: return_function: returning to ‘make_spnego_tokenTarg_msg’ from ‘k5_der_value_len’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3724:12: branch_false: following ‘false’ branch (when ‘sendtoken != 1’)...
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3729:12: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3734:12: branch_false: following ‘false’ branch (when ‘mic’ is NULL)...
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3741:19: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3741:19: call_function: calling ‘k5_der_value_len’ from ‘make_spnego_tokenTarg_msg’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3741:19: return_function: returning to ‘make_spnego_tokenTarg_msg’ from ‘k5_der_value_len’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3742:22: call_function: calling ‘k5_der_value_len’ from ‘make_spnego_tokenTarg_msg’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3742:22: return_function: returning to ‘make_spnego_tokenTarg_msg’ from ‘k5_der_value_len’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3745:13: call_function: inlined call to ‘gssalloc_malloc’ from ‘make_spnego_tokenTarg_msg’
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3746:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3748:9: branch_false: ...to here
krb5-1.21.3/src/lib/gssapi/spnego/spnego_mech.c:3748:9: danger: ‘malloc(k5_der_value_len(k5_der_value_len(fields_len)))’ leaks here; was allocated at [(29)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/28)
# 3746|   	if (t == NULL)
# 3747|   		return (GSS_S_DEFECTIVE_TOKEN);
# 3748|-> 	k5_buf_init_fixed(&buf, t, choice_len);
# 3749|   
# 3750|   	/* Add the choice tag and begin the sequence. */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def518]
krb5-1.21.3/src/lib/kadm5/alt_prof.c:67:12: warning[-Wanalyzer-malloc-leak]: leak of ‘lrealm’
krb5-1.21.3/src/lib/kadm5/alt_prof.c:764:1: enter_function: entry to ‘kadm5_get_admin_service_name’
krb5-1.21.3/src/lib/kadm5/alt_prof.c:776:11: call_function: calling ‘kadm5_get_config_params’ from ‘kadm5_get_admin_service_name’
#   65|                      char ***retdata)
#   66|   {
#   67|->     return profile_get_values(acontext, hierarchy, retdata);
#   68|   }
#   69|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def519]
krb5-1.21.3/src/lib/kadm5/alt_prof.c:67:12: warning[-Wanalyzer-malloc-leak]: leak of ‘params.acl_file’
krb5-1.21.3/src/lib/kadm5/alt_prof.c:764:1: enter_function: entry to ‘kadm5_get_admin_service_name’
krb5-1.21.3/src/lib/kadm5/alt_prof.c:776:11: call_function: calling ‘kadm5_get_config_params’ from ‘kadm5_get_admin_service_name’
#   65|                      char ***retdata)
#   66|   {
#   67|->     return profile_get_values(acontext, hierarchy, retdata);
#   68|   }
#   69|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def520]
krb5-1.21.3/src/lib/kadm5/alt_prof.c:67:12: warning[-Wanalyzer-malloc-leak]: leak of ‘params.dbname’
krb5-1.21.3/src/lib/kadm5/alt_prof.c:764:1: enter_function: entry to ‘kadm5_get_admin_service_name’
krb5-1.21.3/src/lib/kadm5/alt_prof.c:776:11: call_function: calling ‘kadm5_get_config_params’ from ‘kadm5_get_admin_service_name’
#   65|                      char ***retdata)
#   66|   {
#   67|->     return profile_get_values(acontext, hierarchy, retdata);
#   68|   }
#   69|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def521]
krb5-1.21.3/src/lib/kadm5/alt_prof.c:325:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘svalue’
krb5-1.21.3/src/lib/kadm5/alt_prof.c:764:1: enter_function: entry to ‘kadm5_get_admin_service_name’
krb5-1.21.3/src/lib/kadm5/alt_prof.c:776:11: call_function: calling ‘kadm5_get_config_params’ from ‘kadm5_get_admin_service_name’
#  323|       } else if (aprofile != NULL &&
#  324|                  !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
#  325|->         *param_out = svalue;
#  326|           *mask_out |= mask_bit;
#  327|           return 1;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def522]
krb5-1.21.3/src/lib/kadm5/alt_prof.c:356:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘ivalue’
krb5-1.21.3/src/lib/kadm5/alt_prof.c:764:1: enter_function: entry to ‘kadm5_get_admin_service_name’
krb5-1.21.3/src/lib/kadm5/alt_prof.c:776:11: call_function: calling ‘kadm5_get_config_params’ from ‘kadm5_get_admin_service_name’
#  354|       } else if (aprofile != NULL &&
#  355|                  !krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue)) {
#  356|->         *param_out = ivalue;
#  357|           *mask_out |= mask_bit;
#  358|       } else if (default_value) {

Error: CPPCHECK_WARNING (CWE-457): [#def523]
krb5-1.21.3/src/lib/kadm5/chpass_util.c:106: warning[uninitvar]: Uninitialized variable: pwsize
#  104|               }
#  105|           }
#  106|->         if (pwsize == 0) {
#  107|   #ifdef ZEROPASSWD
#  108|               memset(buffer, 0, sizeof(buffer));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def524]
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:225:12: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:172:1: enter_function: entry to ‘init_any’
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:194:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:197:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:197:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:203:23: call_function: inlined call to ‘k5alloc’ from ‘init_any’
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:204:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:207:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:225:12: danger: ‘ptr’ leaks here; was allocated at [(12)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/11)
#  223|       memset(&params_local, 0, sizeof(params_local));
#  224|   
#  225|->     code = kadm5_get_config_params(handle->context, 0, params_in,
#  226|                                      &handle->params);
#  227|       if (code)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def525]
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:356:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:172:1: enter_function: entry to ‘init_any’
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:194:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:197:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:197:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:203:23: call_function: inlined call to ‘k5alloc’ from ‘init_any’
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:203:5: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:204:8: branch_true: following ‘true’ branch (when ‘ptr’ is NULL)...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:205:9: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:356:5: danger: ‘ptr’ leaks here; was allocated at [(8)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/7)
#  354|   
#  355|   cleanup:
#  356|->     krb5_free_principal(context, client);
#  357|       krb5_free_principal(context, server);
#  358|       (void)free_handle(handle);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def526]
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:357:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:172:1: enter_function: entry to ‘init_any’
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:194:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:197:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:197:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:203:23: call_function: inlined call to ‘k5alloc’ from ‘init_any’
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:203:5: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:204:8: branch_true: following ‘true’ branch (when ‘ptr’ is NULL)...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:205:9: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:357:5: danger: ‘ptr’ leaks here; was allocated at [(8)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/7)
#  355|   cleanup:
#  356|       krb5_free_principal(context, client);
#  357|->     krb5_free_principal(context, server);
#  358|       (void)free_handle(handle);
#  359|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def527]
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:547:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘s’
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:537:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:541:10: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:541:21: branch_true: following ‘true’ branch (when ‘a’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:542:13: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:542:13: acquire_resource: socket created here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:543:12: branch_false: following ‘false’ branch (when ‘s != -1’)...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:547:15: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:547:15: danger: ‘s’ leaks here
#  545|               goto cleanup;
#  546|           }
#  547|->         err = connect(s, a->ai_addr, a->ai_addrlen);
#  548|           if (err == 0) {
#  549|               *fd = s;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def528]
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:590:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ccname_orig’
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:581:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:583:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:583:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:584:23: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:584:23: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:590:15: danger: ‘ccname_orig’ leaks here; was allocated at [(5)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/4)
#  588|       buf.value = &server;
#  589|       buf.length = sizeof(server);
#  590|->     gssstat = gss_import_name(&minor_stat, &buf,
#  591|                                 (gss_OID)gss_nt_krb5_principal, &gss_target);
#  592|       if (gssstat != GSS_S_COMPLETE)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def529]
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:598:19: warning[-Wanalyzer-malloc-leak]: leak of ‘ccname_orig’
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:581:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:583:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:583:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:584:23: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:584:23: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:592:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:595:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:595:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:596:9: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:598:19: danger: ‘ccname_orig’ leaks here; was allocated at [(5)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/4)
#  596|           buf.value = &client;
#  597|           buf.length = sizeof(client);
#  598|->         gssstat = gss_import_name(&minor_stat, &buf,
#  599|                                     (gss_OID)gss_nt_krb5_principal, &gss_client);
#  600|       } else gss_client = GSS_C_NO_NAME;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def530]
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:605:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ccname_orig’
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:581:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:583:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:583:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:584:23: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:584:23: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:592:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:595:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:595:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:600:12: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:602:8: branch_false: following ‘false’ branch (when ‘gssstat == 0’)...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:605:15: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:605:15: danger: ‘ccname_orig’ leaks here; was allocated at [(5)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/4)
#  603|           goto error;
#  604|   
#  605|->     gssstat = gss_acquire_cred(&minor_stat, gss_client, 0,
#  606|                                  GSS_C_NULL_OID_SET, GSS_C_INITIATE,
#  607|                                  &handle->cred, NULL, NULL);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def531]
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:619:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ccname_orig’
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:581:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:583:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:583:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:584:23: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:584:23: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:592:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:595:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:595:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:596:9: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:618:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:619:9: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:619:9: danger: ‘ccname_orig’ leaks here; was allocated at [(5)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/4)
#  617|   error:
#  618|       if (gss_client)
#  619|->         gss_release_name(&minor_stat, &gss_client);
#  620|       if (gss_target)
#  621|           gss_release_name(&minor_stat, &gss_target);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def532]
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:621:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ccname_orig’
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:581:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:583:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:583:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:584:23: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:584:23: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:592:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:593:9: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:618:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:620:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:620:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:621:9: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:621:9: danger: ‘ccname_orig’ leaks here; was allocated at [(5)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/4)
#  619|           gss_release_name(&minor_stat, &gss_client);
#  620|       if (gss_target)
#  621|->         gss_release_name(&minor_stat, &gss_target);
#  622|   
#  623|       /* Revert to prior gss_krb5 ccache. */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def533]
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:625:19: warning[-Wanalyzer-malloc-leak]: leak of ‘ccname_orig’
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:581:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:583:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:583:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:584:23: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:584:23: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:592:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:593:9: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:618:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:620:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:624:8: branch_true: following ‘true’ branch (when ‘ccname_orig’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:625:19: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:625:19: danger: ‘ccname_orig’ leaks here; was allocated at [(5)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/4)
#  623|       /* Revert to prior gss_krb5 ccache. */
#  624|       if (ccname_orig) {
#  625|->         gssstat = gss_krb5_ccache_name(&minor_stat, ccname_orig, NULL);
#  626|           if (gssstat) {
#  627|               return KADM5_GSS_ERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def534]
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:627:20: warning[-Wanalyzer-malloc-leak]: leak of ‘ccname_orig’
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:581:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:583:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:583:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:584:23: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:584:23: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:618:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:620:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:624:8: branch_true: following ‘true’ branch (when ‘ccname_orig’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:625:19: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:626:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:627:20: danger: ‘ccname_orig’ leaks here; was allocated at [(5)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/4)
#  625|           gssstat = gss_krb5_ccache_name(&minor_stat, ccname_orig, NULL);
#  626|           if (gssstat) {
#  627|->             return KADM5_GSS_ERROR;
#  628|           }
#  629|           free(ccname_orig);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def535]
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:664:33: warning[-Wanalyzer-malloc-leak]: leak of ‘ccname_orig’
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:565:1: enter_function: entry to ‘setup_gss’
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:581:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:583:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:583:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:584:23: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:584:23: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:592:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:595:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:595:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:600:12: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:602:8: branch_false: following ‘false’ branch (when ‘gssstat == 0’)...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:605:15: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:608:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:615:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:615:5: call_function: calling ‘rpc_auth’ from ‘setup_gss’
#  662|           sec.req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
#  663|   
#  664|->         handle->clnt->cl_auth = authgss_create(handle->clnt,
#  665|                                                  gss_target, &sec);
#  666|           if (handle->clnt->cl_auth != NULL)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def536]
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:674:29: warning[-Wanalyzer-malloc-leak]: leak of ‘ccname_orig’
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:565:1: enter_function: entry to ‘setup_gss’
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:581:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:583:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:583:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:584:23: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:584:23: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:592:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:595:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:595:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:596:9: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:602:8: branch_false: following ‘false’ branch (when ‘gssstat == 0’)...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:605:15: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:608:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:615:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/clnt/client_init.c:615:5: call_function: calling ‘rpc_auth’ from ‘setup_gss’
#  672|   
#  673|       /* Fall back to old AUTH_GSSAPI. */
#  674|->     handle->clnt->cl_auth = auth_gssapi_create(handle->clnt,
#  675|                                                  &gssstat,
#  676|                                                  &minor_stat,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def537]
krb5-1.21.3/src/lib/kadm5/kadm_rpc_xdr.c:67:16: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
krb5-1.21.3/src/lib/kadm5/kadm_rpc_xdr.c:1065:1: enter_function: entry to ‘xdr_krb5_principal’
krb5-1.21.3/src/lib/kadm5/kadm_rpc_xdr.c:1090:13: call_function: calling ‘xdr_nullstring’ from ‘xdr_krb5_principal’
#   65|   	       }
#   66|   	  }
#   67|-> 	  if (!xdr_opaque(xdrs, *objp, size))
#   68|   		  return FALSE;
#   69|   	  /* Check that the unmarshalled bytes are a C string. */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def538]
krb5-1.21.3/src/lib/kadm5/kadm_rpc_xdr.c:189:10: warning[-Wanalyzer-malloc-leak]: leak of ‘tl2’
krb5-1.21.3/src/lib/kadm5/kadm_rpc_xdr.c:900:1: enter_function: entry to ‘xdr_mpol_arg’
krb5-1.21.3/src/lib/kadm5/kadm_rpc_xdr.c:902:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/kadm_rpc_xdr.c:906:40: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/kadm_rpc_xdr.c:905:14: call_function: calling ‘_xdr_kadm5_policy_ent_rec’ from ‘xdr_mpol_arg’
#  187|       tmp = (int) *objp;
#  188|   
#  189|->     if (!xdr_int(xdrs, &tmp))
#  190|   	return(FALSE);
#  191|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def539]
krb5-1.21.3/src/lib/kadm5/kadm_rpc_xdr.c:350:21: warning[-Wanalyzer-malloc-leak]: leak of ‘tl2’
krb5-1.21.3/src/lib/kadm5/kadm_rpc_xdr.c:900:1: enter_function: entry to ‘xdr_mpol_arg’
krb5-1.21.3/src/lib/kadm5/kadm_rpc_xdr.c:902:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/kadm_rpc_xdr.c:906:40: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/kadm_rpc_xdr.c:905:14: call_function: calling ‘_xdr_kadm5_policy_ent_rec’ from ‘xdr_mpol_arg’
#  348|   	       if (!xdr_krb5_int16(xdrs, &tl2->tl_data_type))
#  349|   		    return FALSE;
#  350|-> 	       if (!xdr_bytes(xdrs, (char **)&tl2->tl_data_contents, &len, ~0))
#  351|   		    return FALSE;
#  352|   	       tl2->tl_data_length = len;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def540]
krb5-1.21.3/src/lib/kadm5/logger.c:322:25: warning[-Wanalyzer-malloc-leak]: leak of ‘f’
krb5-1.21.3/src/lib/kadm5/logger.c:287:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:291:23: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:292:17: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:307:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:311:31: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:315:28: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:316:33: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:316:33: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/logger.c:317:28: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:322:25: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:322:25: danger: ‘f’ leaks here; was allocated at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#  320|                               continue;
#  321|                           }
#  322|->                         set_cloexec_file(f);
#  323|                           log_control.log_entries[i].lfu_filep = f;
#  324|                           log_control.log_entries[i].log_type = K_LOG_FILE;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def541]
krb5-1.21.3/src/lib/kadm5/logger.c:435:25: warning[-Wanalyzer-malloc-leak]: leak of ‘fdopen(fileno(stderr), "w")’
krb5-1.21.3/src/lib/kadm5/logger.c:287:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:291:23: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:292:17: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:307:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:311:31: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:315:28: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:316:33: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:317:28: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:319:59: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:291:23: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:292:17: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:307:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:331:27: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:331:25: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:432:27: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:432:25: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:434:25: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:434:25: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/logger.c:435:25: danger: ‘fdopen(fileno(stderr), "w")’ leaks here; was allocated at [(19)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/18)
#  433|                       log_control.log_entries[i].lfu_filep =
#  434|                           fdopen(fileno(stderr), "w");
#  435|->                     if (log_control.log_entries[i].lfu_filep) {
#  436|                           log_control.log_entries[i].log_type = K_LOG_STDERR;
#  437|                           log_control.log_entries[i].lfu_fname =

Error: GCC_ANALYZER_WARNING (CWE-775): [#def542]
krb5-1.21.3/src/lib/kadm5/logger.c:447:25: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen("/dev/console", "a+")’
krb5-1.21.3/src/lib/kadm5/logger.c:287:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:291:23: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:292:17: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:307:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:311:31: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:315:28: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:317:29: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:317:28: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:319:59: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:291:23: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:292:17: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:307:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:331:27: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:331:25: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:432:27: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:432:25: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:444:27: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:444:25: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:446:25: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:446:25: acquire_resource: opened here
krb5-1.21.3/src/lib/kadm5/logger.c:447:25: danger: ‘fopen("/dev/console", "a+")’ leaks here; was opened at [(21)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/20)
#  445|                       log_control.log_entries[i].ldu_filep =
#  446|                           CONSOLE_OPEN("a+");
#  447|->                     if (log_control.log_entries[i].ldu_filep) {
#  448|                           set_cloexec_file(log_control.log_entries[i].ldu_filep);
#  449|                           log_control.log_entries[i].log_type = K_LOG_CONSOLE;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def543]
krb5-1.21.3/src/lib/kadm5/logger.c:447:25: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen("/dev/console", "a+")’
krb5-1.21.3/src/lib/kadm5/logger.c:287:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:291:23: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:292:17: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:307:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:311:31: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:315:28: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:317:29: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:317:28: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:319:59: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:291:23: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:292:17: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:307:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:331:27: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:331:25: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:432:27: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:432:25: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:444:27: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:444:25: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:446:25: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:446:25: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/logger.c:447:25: danger: ‘fopen("/dev/console", "a+")’ leaks here; was allocated at [(21)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/20)
#  445|                       log_control.log_entries[i].ldu_filep =
#  446|                           CONSOLE_OPEN("a+");
#  447|->                     if (log_control.log_entries[i].ldu_filep) {
#  448|                           set_cloexec_file(log_control.log_entries[i].ldu_filep);
#  449|                           log_control.log_entries[i].log_type = K_LOG_CONSOLE;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def544]
krb5-1.21.3/src/lib/kadm5/logger.c:463:29: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(cp + 7, "w")’
krb5-1.21.3/src/lib/kadm5/logger.c:287:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:291:23: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:292:17: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:307:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:311:31: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:315:28: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:317:29: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:317:28: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:319:59: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:291:23: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:292:17: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:307:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:331:27: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:331:25: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:432:27: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:432:25: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:444:27: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:444:25: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:456:27: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:456:25: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:460:25: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:460:24: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:462:29: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:462:29: acquire_resource: opened here
krb5-1.21.3/src/lib/kadm5/logger.c:463:29: danger: ‘fopen(cp + 7, "w")’ leaks here; was opened at [(25)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/24)
#  461|                           log_control.log_entries[i].ldu_filep =
#  462|                               DEVICE_OPEN(&cp[7], "w");
#  463|->                         if (log_control.log_entries[i].ldu_filep) {
#  464|                               set_cloexec_file(log_control.log_entries[i].ldu_filep);
#  465|                               log_control.log_entries[i].log_type = K_LOG_DEVICE;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def545]
krb5-1.21.3/src/lib/kadm5/logger.c:463:29: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(cp + 7, "w")’
krb5-1.21.3/src/lib/kadm5/logger.c:287:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:291:23: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:292:17: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:307:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:311:31: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:315:28: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:317:29: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:317:28: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:319:59: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:291:23: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:292:17: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:307:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:331:27: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:331:25: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:432:27: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:432:25: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:444:27: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:444:25: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:456:27: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:456:25: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:460:25: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:460:24: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/logger.c:462:29: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/logger.c:462:29: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/logger.c:463:29: danger: ‘fopen(cp + 7, "w")’ leaks here; was allocated at [(25)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/24)
#  461|                           log_control.log_entries[i].ldu_filep =
#  462|                               DEVICE_OPEN(&cp[7], "w");
#  463|->                         if (log_control.log_entries[i].ldu_filep) {
#  464|                               set_cloexec_file(log_control.log_entries[i].ldu_filep);
#  465|                               log_control.log_entries[i].log_type = K_LOG_DEVICE;

Error: COMPILER_WARNING: [#def546]
krb5-1.21.3/src/lib/kadm5/logger.c: scope_hint: In function ‘krb5_klog_init’
krb5-1.21.3/src/lib/kadm5/logger.c:519:37: warning[-Wsuggest-attribute=format]: argument 1 of ‘set_com_err_hook’ might be a candidate for a format attribute
#  519 |             (void) set_com_err_hook(klog_com_err_proc);
#      |                                     ^~~~~~~~~~~~~~~~~
#  517|           }
#  518|           if (do_com_err)
#  519|->             (void) set_com_err_hook(klog_com_err_proc);
#  520|       }
#  521|       return((log_control.log_nentries) ? 0 : ENOENT);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def547]
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:67:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:40:1: enter_function: entry to ‘k5_kadm5_hook_load’
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:51:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:56:12: call_function: inlined call to ‘k5calloc’ from ‘k5_kadm5_hook_load’
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:63:25: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:64:18: call_function: inlined call to ‘k5alloc’ from ‘k5_kadm5_hook_load’
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:67:57: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:67:15: danger: ‘ptr’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#   65|           if (handle == NULL)
#   66|               goto cleanup;
#   67|->         ret = (*mod)(context, 1, 2, (krb5_plugin_vtable)&handle->vt);
#   68|           if (ret != 0) {         /* Failed vtable init is non-fatal. */
#   69|               free(handle);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def548]
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:75:19: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:40:1: enter_function: entry to ‘k5_kadm5_hook_load’
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:51:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:56:12: call_function: inlined call to ‘k5calloc’ from ‘k5_kadm5_hook_load’
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:63:25: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:64:18: call_function: inlined call to ‘k5alloc’ from ‘k5_kadm5_hook_load’
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:67:57: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:68:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:73:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:74:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:75:19: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:75:19: danger: ‘ptr’ leaks here; was allocated at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#   73|           handle->data = NULL;
#   74|           if (handle->vt.init != NULL) {
#   75|->             ret = handle->vt.init(context, &handle->data);
#   76|               if (ret != 0)       /* Failed initialization is fatal. */
#   77|                   goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def549]
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:91:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:40:1: enter_function: entry to ‘k5_kadm5_hook_load’
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:51:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:56:12: call_function: inlined call to ‘k5calloc’ from ‘k5_kadm5_hook_load’
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:63:25: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:64:18: call_function: inlined call to ‘k5alloc’ from ‘k5_kadm5_hook_load’
krb5-1.21.3/src/lib/kadm5/srv/kadm5_hook.c:91:5: danger: ‘ptr’ leaks here; was allocated at [(5)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/4)
#   89|   cleanup:
#   90|       free(handle);
#   91|->     k5_plugin_free_modules(context, modules);
#   92|       k5_kadm5_hook_free_handles(context, list);
#   93|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def550]
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:69:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:42:1: enter_function: entry to ‘k5_pwqual_load’
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:53:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:58:12: call_function: inlined call to ‘k5calloc’ from ‘k5_pwqual_load’
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:65:25: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:66:18: call_function: inlined call to ‘k5alloc’ from ‘k5_pwqual_load’
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:69:57: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:69:15: danger: ‘ptr’ leaks here; was allocated at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10)
#   67|           if (handle == NULL)
#   68|               goto cleanup;
#   69|->         ret = (*mod)(context, 1, 1, (krb5_plugin_vtable)&handle->vt);
#   70|           if (ret != 0) {         /* Failed vtable init is non-fatal. */
#   71|               free(handle);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def551]
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:77:19: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:42:1: enter_function: entry to ‘k5_pwqual_load’
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:53:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:58:12: call_function: inlined call to ‘k5calloc’ from ‘k5_pwqual_load’
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:65:25: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:66:18: call_function: inlined call to ‘k5alloc’ from ‘k5_pwqual_load’
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:69:57: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:70:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:75:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:76:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:77:19: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:77:19: danger: ‘ptr’ leaks here; was allocated at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#   75|           handle->data = NULL;
#   76|           if (handle->vt.open != NULL) {
#   77|->             ret = handle->vt.open(context, dict_file, &handle->data);
#   78|               if (ret != 0)       /* Failed dictionary binding is fatal. */
#   79|                   goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def552]
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:93:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:42:1: enter_function: entry to ‘k5_pwqual_load’
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:53:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:58:12: call_function: inlined call to ‘k5calloc’ from ‘k5_pwqual_load’
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:65:25: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:66:18: call_function: inlined call to ‘k5alloc’ from ‘k5_pwqual_load’
krb5-1.21.3/src/lib/kadm5/srv/pwqual.c:93:5: danger: ‘ptr’ leaks here; was allocated at [(5)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/4)
#   91|   cleanup:
#   92|       free(handle);
#   93|->     k5_plugin_free_modules(context, modules);
#   94|       k5_pwqual_free_handles(context, list);
#   95|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def553]
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:105:9: warning[-Wanalyzer-malloc-leak]: leak of ‘dict’
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:187:1: enter_function: entry to ‘dict_open’
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:196:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:197:8: branch_false: following ‘false’ branch (when ‘dict’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:199:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:204:11: call_function: calling ‘init_dict’ from ‘dict_open’
#  103|   
#  104|       if (dict_file == NULL) {
#  105|->         krb5_klog_syslog(LOG_INFO,
#  106|                            _("No dictionary file specified, continuing without "
#  107|                              "one."));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def554]
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:110:15: warning[-Wanalyzer-malloc-leak]: leak of ‘dict’
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:187:1: enter_function: entry to ‘dict_open’
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:196:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:197:8: branch_false: following ‘false’ branch (when ‘dict’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:199:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:204:11: call_function: calling ‘init_dict’ from ‘dict_open’
#  108|           return KADM5_OK;
#  109|       }
#  110|->     if ((fd = open(dict_file, O_RDONLY)) == -1) {
#  111|           if (errno == ENOENT) {
#  112|               krb5_klog_syslog(LOG_ERR,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def555]
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:112:13: warning[-Wanalyzer-malloc-leak]: leak of ‘dict’
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:187:1: enter_function: entry to ‘dict_open’
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:196:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:197:8: branch_false: following ‘false’ branch (when ‘dict’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:199:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:204:11: call_function: calling ‘init_dict’ from ‘dict_open’
#  110|       if ((fd = open(dict_file, O_RDONLY)) == -1) {
#  111|           if (errno == ENOENT) {
#  112|->             krb5_klog_syslog(LOG_ERR,
#  113|                                _("WARNING!  Cannot find dictionary file %s, "
#  114|                                  "continuing without one."), dict_file);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def556]
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:119:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(dict_file, 0)’
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:104:8: branch_false: following ‘false’ branch (when ‘dict_file’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:110:15: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:110:15: acquire_resource: opened here
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:110:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:119:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:119:5: danger: ‘open(dict_file, 0)’ leaks here; was opened at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  117|               return errno;
#  118|       }
#  119|->     set_cloexec_fd(fd);
#  120|       if (fstat(fd, &sb) == -1) {
#  121|           close(fd);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def557]
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:119:5: warning[-Wanalyzer-malloc-leak]: leak of ‘dict’
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:187:1: enter_function: entry to ‘dict_open’
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:196:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:197:8: branch_false: following ‘false’ branch (when ‘dict’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:199:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:204:11: call_function: calling ‘init_dict’ from ‘dict_open’
#  117|               return errno;
#  118|       }
#  119|->     set_cloexec_fd(fd);
#  120|       if (fstat(fd, &sb) == -1) {
#  121|           close(fd);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def558]
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:121:9: warning[-Wanalyzer-malloc-leak]: leak of ‘dict’
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:187:1: enter_function: entry to ‘dict_open’
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:196:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:197:8: branch_false: following ‘false’ branch (when ‘dict’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:199:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:204:11: call_function: calling ‘init_dict’ from ‘dict_open’
#  119|       set_cloexec_fd(fd);
#  120|       if (fstat(fd, &sb) == -1) {
#  121|->         close(fd);
#  122|           return errno;
#  123|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def559]
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:126:15: warning[-Wanalyzer-malloc-leak]: leak of ‘dict’
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:187:1: enter_function: entry to ‘dict_open’
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:196:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:197:8: branch_false: following ‘false’ branch (when ‘dict’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:199:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:204:11: call_function: calling ‘init_dict’ from ‘dict_open’
#  124|       dict->word_block = malloc(sb.st_size + 1);
#  125|       if (dict->word_block == NULL) {
#  126|->         (void)close(fd);
#  127|           return ENOMEM;
#  128|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def560]
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:130:15: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:187:1: enter_function: entry to ‘dict_open’
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:197:8: branch_false: following ‘false’ branch (when ‘dict’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:199:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:204:11: call_function: calling ‘init_dict’ from ‘dict_open’
#  128|       }
#  129|       if (read(fd, dict->word_block, sb.st_size) != sb.st_size) {
#  130|->         (void)close(fd);
#  131|           return errno;
#  132|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def561]
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:130:15: warning[-Wanalyzer-malloc-leak]: leak of ‘dict’
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:187:1: enter_function: entry to ‘dict_open’
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:196:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:197:8: branch_false: following ‘false’ branch (when ‘dict’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:199:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:204:11: call_function: calling ‘init_dict’ from ‘dict_open’
#  128|       }
#  129|       if (read(fd, dict->word_block, sb.st_size) != sb.st_size) {
#  130|->         (void)close(fd);
#  131|           return errno;
#  132|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def562]
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:133:11: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:187:1: enter_function: entry to ‘dict_open’
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:197:8: branch_false: following ‘false’ branch (when ‘dict’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:199:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:204:11: call_function: calling ‘init_dict’ from ‘dict_open’
#  131|           return errno;
#  132|       }
#  133|->     (void)close(fd);
#  134|       dict->word_block[sb.st_size] = '\0';
#  135|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def563]
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:133:11: warning[-Wanalyzer-malloc-leak]: leak of ‘dict’
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:187:1: enter_function: entry to ‘dict_open’
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:196:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:197:8: branch_false: following ‘false’ branch (when ‘dict’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:199:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/pwqual_dict.c:204:11: call_function: calling ‘init_dict’ from ‘dict_open’
#  131|           return errno;
#  132|       }
#  133|->     (void)close(fd);
#  134|       dict->word_block[sb.st_size] = '\0';
#  135|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def564]
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:188:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:158:13: enter_function: entry to ‘kadm5_init’
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:176:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:182:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:184:11: call_function: calling ‘dup_db_args’ from ‘kadm5_init’
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:184:11: return_function: returning to ‘kadm5_init’ from ‘dup_db_args’
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:185:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:188:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:188:5: danger: ‘<unknown>’ leaks here; was allocated at [(12)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/11)
#  186|           goto cleanup;
#  187|   
#  188|->     initialize_ovk_error_table();
#  189|       initialize_ovku_error_table();
#  190|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def565]
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:188:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:158:13: enter_function: entry to ‘kadm5_init’
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:176:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:182:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:185:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:188:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:188:5: danger: ‘ptr’ leaks here; was allocated at [(6)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/5)
#  186|           goto cleanup;
#  187|   
#  188|->     initialize_ovk_error_table();
#  189|       initialize_ovku_error_table();
#  190|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def566]
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:189:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:158:13: enter_function: entry to ‘kadm5_init’
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:176:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:182:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:184:11: call_function: calling ‘dup_db_args’ from ‘kadm5_init’
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:184:11: return_function: returning to ‘kadm5_init’ from ‘dup_db_args’
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:185:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:188:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:189:5: danger: ‘<unknown>’ leaks here; was allocated at [(12)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/11)
#  187|   
#  188|       initialize_ovk_error_table();
#  189|->     initialize_ovku_error_table();
#  190|   
#  191|       handle->magic_number = KADM5_SERVER_HANDLE_MAGIC;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def567]
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:189:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:158:13: enter_function: entry to ‘kadm5_init’
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:176:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:182:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:185:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:188:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:189:5: danger: ‘ptr’ leaks here; was allocated at [(6)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/5)
#  187|   
#  188|       initialize_ovk_error_table();
#  189|->     initialize_ovku_error_table();
#  190|   
#  191|       handle->magic_number = KADM5_SERVER_HANDLE_MAGIC;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def568]
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:202:11: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:158:13: enter_function: entry to ‘kadm5_init’
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:176:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:182:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:184:11: call_function: calling ‘dup_db_args’ from ‘kadm5_init’
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:184:11: return_function: returning to ‘kadm5_init’ from ‘dup_db_args’
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:185:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:188:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:202:11: danger: ‘<unknown>’ leaks here; was allocated at [(12)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/11)
#  200|       memset(&params_local, 0, sizeof(params_local));
#  201|   
#  202|->     ret = kadm5_get_config_params(handle->context, 1, params_in,
#  203|                                     &handle->params);
#  204|       if (ret)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def569]
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:202:11: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:158:13: enter_function: entry to ‘kadm5_init’
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:176:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:182:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:185:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:188:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/server_init.c:202:11: danger: ‘ptr’ leaks here; was allocated at [(6)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/5)
#  200|       memset(&params_local, 0, sizeof(params_local));
#  201|   
#  202|->     ret = kadm5_get_config_params(handle->context, 1, params_in,
#  203|                                     &handle->params);
#  204|       if (ret)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def570]
krb5-1.21.3/src/lib/kadm5/srv/server_kdb.c:208:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/kadm5/srv/server_kdb.c:174:1: enter_function: entry to ‘kdb_get_hist_key’
krb5-1.21.3/src/lib/kadm5/srv/server_kdb.c:183:11: call_function: calling ‘kdb_get_entry’ from ‘kdb_get_hist_key’
krb5-1.21.3/src/lib/kadm5/srv/server_kdb.c:183:11: return_function: returning to ‘kdb_get_hist_key’ from ‘kdb_get_entry’
krb5-1.21.3/src/lib/kadm5/srv/server_kdb.c:184:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/server_kdb.c:190:8: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/server_kdb.c:190:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
krb5-1.21.3/src/lib/kadm5/srv/server_kdb.c:193:12: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/server_kdb.c:193:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/server_kdb.c:200:11: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/server_kdb.c:201:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/server_kdb.c:204:26: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/server_kdb.c:204:14: call_function: inlined call to ‘k5calloc’ from ‘kdb_get_hist_key’
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/server_kdb.c:207:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/srv/server_kdb.c:209:67: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/srv/server_kdb.c:208:15: danger: ‘ptr’ leaks here; was allocated at [(16)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/15)
#  206|           goto done;
#  207|       for (i = 0; i < kdb->n_key_data; i++) {
#  208|->         ret = krb5_dbe_decrypt_key_data(handle->context, mkey,
#  209|                                           &kdb->key_data[i], &kblist[i],
#  210|                                           NULL);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def571]
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:137:14: warning[-Wanalyzer-malloc-leak]: leak of ‘name’
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:161:13: enter_function: entry to ‘get_pols_iter’
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:165:17: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:165:8: branch_false: following ‘false’ branch (when ‘name’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:167:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:167:5: call_function: calling ‘get_either_iter’ from ‘get_pols_iter’
#  135|   #endif
#  136|   #ifdef POSIX_REGEXPS
#  137|->     match = (regexec(&data->preg, name, 0, NULL, 0) == 0);
#  138|   #endif
#  139|   #ifdef BSD_REGEXPS

Error: GCC_ANALYZER_WARNING (CWE-401): [#def572]
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:233:15: warning[-Wanalyzer-malloc-leak]: leak of ‘data.names’
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:180:20: enter_function: entry to ‘kadm5_get_either’
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:199:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:201:16: branch_true: following ‘true’ branch (when ‘princ != 0’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:201:16: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:201:16: call_function: calling ‘glob_to_regexp’ from ‘kadm5_get_either’
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:201:16: return_function: returning to ‘kadm5_get_either’ from ‘glob_to_regexp’
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:201:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:210:10: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:205:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:222:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:225:18: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:231:8: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:231:8: branch_true: following ‘true’ branch (when ‘princ != 0’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:232:24: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:233:15: danger: ‘data.names’ leaks here; was allocated at [(17)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/16)
#  231|       if (princ) {
#  232|           data.context = handle->context;
#  233|->         ret = kdb_iter_entry(handle, exp, get_princs_iter, (void *) &data);
#  234|       } else {
#  235|           ret = krb5_db_iter_policy(handle->context, exp, get_pols_iter, (void *)&data);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def573]
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:235:15: warning[-Wanalyzer-malloc-leak]: leak of ‘data.names’
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:180:20: enter_function: entry to ‘kadm5_get_either’
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:199:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:201:16: branch_false: following ‘false’ branch (when ‘princ == 0’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:201:16: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:201:16: call_function: calling ‘glob_to_regexp’ from ‘kadm5_get_either’
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:201:16: return_function: returning to ‘kadm5_get_either’ from ‘glob_to_regexp’
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:201:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:210:10: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:205:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:222:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:225:18: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:231:8: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:231:8: branch_false: following ‘false’ branch (when ‘princ == 0’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:235:15: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_iters.c:235:15: danger: ‘data.names’ leaks here; was allocated at [(23)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/22)
#  233|           ret = kdb_iter_entry(handle, exp, get_princs_iter, (void *) &data);
#  234|       } else {
#  235|->         ret = krb5_db_iter_policy(handle->context, exp, get_pols_iter, (void *)&data);
#  236|       }
#  237|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def574]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:114:11: warning[-Wanalyzer-malloc-leak]: leak of ‘key_data’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1527:1: enter_function: entry to ‘kadm5_setkey_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1538:8: branch_false: following ‘false’ branch (when ‘keyblocks’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1541:8: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1550:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1551:8: branch_false: following ‘false’ branch (when ‘key_data’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1554:17: branch_false: following ‘false’ branch (when ‘i >= n_keys’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1560:11: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1560:11: call_function: calling ‘kadm5_setkey_principal_4’ from ‘kadm5_setkey_principal_3’
#  112|       if (name == NULL)
#  113|           return 0;
#  114|->     ret = kadm5_get_policy(handle->lhandle, (char *)name, policy_out);
#  115|       if (ret == 0)
#  116|           *have_pol_out = TRUE;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def575]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:114:11: warning[-Wanalyzer-malloc-leak]: leak of ‘ks_from_keys’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1589:1: enter_function: entry to ‘kadm5_setkey_principal_4’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1605:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1609:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1625:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1630:8: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1650:11: call_function: calling ‘make_ks_from_key_data’ from ‘kadm5_setkey_principal_4’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1650:11: return_function: returning to ‘kadm5_setkey_principal_4’ from ‘make_ks_from_key_data’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1652:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1655:11: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1655:11: call_function: calling ‘apply_keysalt_policy’ from ‘kadm5_setkey_principal_4’
#  112|       if (name == NULL)
#  113|           return 0;
#  114|->     ret = kadm5_get_policy(handle->lhandle, (char *)name, policy_out);
#  115|       if (ret == 0)
#  116|           *have_pol_out = TRUE;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def576]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:114:11: warning[-Wanalyzer-malloc-leak]: leak of ‘new_ks_tuple’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1228:1: enter_function: entry to ‘kadm5_chpass_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1246:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1253:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1255:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1255:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1259:16: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1259:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1264:8: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1267:11: call_function: calling ‘apply_keysalt_policy’ from ‘kadm5_chpass_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1267:11: return_function: returning to ‘kadm5_chpass_principal_3’ from ‘apply_keysalt_policy’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1269:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1272:10: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1272:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1273:34: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1273:15: call_function: calling ‘get_policy’ from ‘kadm5_chpass_principal_3’
#  112|       if (name == NULL)
#  113|           return 0;
#  114|->     ret = kadm5_get_policy(handle->lhandle, (char *)name, policy_out);
#  115|       if (ret == 0)
#  116|           *have_pol_out = TRUE;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def577]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:171:11: warning[-Wanalyzer-malloc-leak]: leak of ‘key_data’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1527:1: enter_function: entry to ‘kadm5_setkey_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1538:8: branch_false: following ‘false’ branch (when ‘keyblocks’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1541:8: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1550:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1551:8: branch_false: following ‘false’ branch (when ‘key_data’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1554:17: branch_false: following ‘false’ branch (when ‘i >= n_keys’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1560:11: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1560:11: call_function: calling ‘kadm5_setkey_principal_4’ from ‘kadm5_setkey_principal_3’
#  169|       }
#  170|   
#  171|->     ret = krb5_string_to_keysalts(polent.allowed_keysalts,
#  172|                                     ",",   /* Tuple separators */
#  173|                                     NULL,  /* Key/salt separators */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def578]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:171:11: warning[-Wanalyzer-malloc-leak]: leak of ‘ks_from_keys’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1589:1: enter_function: entry to ‘kadm5_setkey_principal_4’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1605:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1609:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1625:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1630:8: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1650:11: call_function: calling ‘make_ks_from_key_data’ from ‘kadm5_setkey_principal_4’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1650:11: return_function: returning to ‘kadm5_setkey_principal_4’ from ‘make_ks_from_key_data’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1652:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1655:11: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1655:11: call_function: calling ‘apply_keysalt_policy’ from ‘kadm5_setkey_principal_4’
#  169|       }
#  170|   
#  171|->     ret = krb5_string_to_keysalts(polent.allowed_keysalts,
#  172|                                     ",",   /* Tuple separators */
#  173|                                     NULL,  /* Key/salt separators */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def579]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:221:9: warning[-Wanalyzer-malloc-leak]: leak of ‘key_data’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1527:1: enter_function: entry to ‘kadm5_setkey_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1538:8: branch_false: following ‘false’ branch (when ‘keyblocks’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1541:8: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1550:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1551:8: branch_false: following ‘false’ branch (when ‘key_data’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1554:17: branch_false: following ‘false’ branch (when ‘i >= n_keys’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1560:11: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1560:11: call_function: calling ‘kadm5_setkey_principal_4’ from ‘kadm5_setkey_principal_3’
#  219|   cleanup:
#  220|       if (have_polent)
#  221|->         kadm5_free_policy_ent(handle->lhandle, &polent);
#  222|       free(ak_ks_tuple);
#  223|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def580]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:221:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ks_from_keys’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1589:1: enter_function: entry to ‘kadm5_setkey_principal_4’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1605:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1609:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1625:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1630:8: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1650:11: call_function: calling ‘make_ks_from_key_data’ from ‘kadm5_setkey_principal_4’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1650:11: return_function: returning to ‘kadm5_setkey_principal_4’ from ‘make_ks_from_key_data’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1652:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1655:11: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1655:11: call_function: calling ‘apply_keysalt_policy’ from ‘kadm5_setkey_principal_4’
#  219|   cleanup:
#  220|       if (have_polent)
#  221|->         kadm5_free_policy_ent(handle->lhandle, &polent);
#  222|       free(ak_ks_tuple);
#  223|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def581]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:221:9: warning[-Wanalyzer-malloc-leak]: leak of ‘new_ks_tuple’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1385:1: enter_function: entry to ‘kadm5_randkey_principal’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1391:9: call_function: calling ‘kadm5_randkey_principal_3’ from ‘kadm5_randkey_principal’
#  219|   cleanup:
#  220|       if (have_polent)
#  221|->         kadm5_free_policy_ent(handle->lhandle, &polent);
#  222|       free(ak_ks_tuple);
#  223|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def582]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1046:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1012:5: enter_function: entry to ‘create_history_entry’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1026:8: branch_false: following ‘false’ branch (when ‘n_key_data >= 0’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1029:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1032:8: branch_false: following ‘false’ branch (when ‘n_key_data != 0’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1035:21: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1035:21: call_function: inlined call to ‘k5calloc’ from ‘create_history_entry’
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1036:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1041:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1043:17: branch_true: following ‘true’ branch (when ‘i < n_key_data’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1044:21: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1044:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1046:15: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1046:15: danger: ‘ptr’ leaks here; was allocated at [(7)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/6)
# 1044|           if (key_data[i].key_data_kvno < kvno)
# 1045|               break;
# 1046|->         ret = krb5_dbe_decrypt_key_data(context, NULL,
# 1047|                                           &key_data[i], &key,
# 1048|                                           &salt);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def583]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1052:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1012:5: enter_function: entry to ‘create_history_entry’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1026:8: branch_false: following ‘false’ branch (when ‘n_key_data >= 0’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1029:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1032:8: branch_false: following ‘false’ branch (when ‘n_key_data != 0’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1035:21: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1035:21: call_function: inlined call to ‘k5calloc’ from ‘create_history_entry’
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1036:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1041:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1043:17: branch_true: following ‘true’ branch (when ‘i < n_key_data’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1044:21: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1044:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1046:15: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1049:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1054:56: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1052:15: danger: ‘ptr’ leaks here; was allocated at [(7)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/6)
# 1050|               goto cleanup;
# 1051|   
# 1052|->         ret = krb5_dbe_encrypt_key_data(context, hist_key, &key, &salt,
# 1053|                                           key_data[i].key_data_kvno,
# 1054|                                           &hist.key_data[hist.n_key_data]);

Error: GCC_ANALYZER_WARNING (CWE-787): [#def584]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1146:13: warning[-Wanalyzer-out-of-bounds]: buffer over-read
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1111:8: branch_false: following ‘false’ branch (when ‘nhist > 1’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1114:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1114:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1124:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1127:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1128:13: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1128:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1134:25: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1136:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1139:30: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1145:29: branch_true: following ‘true’ branch (when ‘i > knext’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1146:32: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1146:13: danger: read of 16 bytes at offset ‘(long unsigned int)(*adb.old_key_len + 4294967295) * 16’ exceeds ‘**adb.old_keys’
# 1144|            */
# 1145|           for (i = nkeys - 1; i > knext; i--) {
# 1146|->             adb->old_keys[i] = adb->old_keys[i - 1];
# 1147|           }
# 1148|           memset(&adb->old_keys[knext], 0, sizeof(osa_pw_hist_ent));

Error: GCC_ANALYZER_WARNING (CWE-122): [#def585]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1146:13: warning[-Wanalyzer-out-of-bounds]: heap-based buffer over-read
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1111:8: branch_false: following ‘false’ branch (when ‘nhist > 1’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1114:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1114:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1124:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1127:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1128:13: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1136:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1139:30: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1145:29: branch_true: following ‘true’ branch (when ‘i > knext’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1146:32: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1146:13: danger: read of 16 bytes at offset ‘(long unsigned int)(*adb.old_key_len + 4294967295) * 16’ exceeds the buffer
# 1144|            */
# 1145|           for (i = nkeys - 1; i > knext; i--) {
# 1146|->             adb->old_keys[i] = adb->old_keys[i - 1];
# 1147|           }
# 1148|           memset(&adb->old_keys[knext], 0, sizeof(osa_pw_hist_ent));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def586]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1184:17: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1111:8: branch_false: following ‘false’ branch (when ‘nhist > 1’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1114:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1114:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1124:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1127:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1149:15: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1149:15: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1168:20: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1168:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1169:12: branch_false: following ‘false’ branch (when ‘tmp’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1171:21: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1176:18: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1180:21: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1181:18: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1183:25: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1184:55: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1184:17: danger: ‘tmp’ leaks here; was allocated at [(9)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/8)
# 1182|               histp = &adb->old_keys[j];
# 1183|               for (j = 0; j < histp->n_key_data; j++) {
# 1184|->                 krb5_free_key_data_contents(context, &histp->key_data[j]);
# 1185|               }
# 1186|               free(histp->key_data);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def587]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1279:15: warning[-Wanalyzer-malloc-leak]: leak of ‘new_ks_tuple’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1228:1: enter_function: entry to ‘kadm5_chpass_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1246:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1253:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1255:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1255:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1259:16: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1259:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1264:8: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1267:11: call_function: calling ‘apply_keysalt_policy’ from ‘kadm5_chpass_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1267:11: return_function: returning to ‘kadm5_chpass_principal_3’ from ‘apply_keysalt_policy’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1269:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1272:10: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1277:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1279:15: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1279:15: danger: ‘new_ks_tuple’ leaks here; was allocated at [(18)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/17)
# 1277|       if (have_pol) {
# 1278|           /* Create a password history entry before we change kdb's key_data. */
# 1279|->         ret = kdb_get_hist_key(handle, &hist_keyblocks, &hist_kvno);
# 1280|           if (ret)
# 1281|               goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def588]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1288:16: warning[-Wanalyzer-malloc-leak]: leak of ‘new_ks_tuple’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1228:1: enter_function: entry to ‘kadm5_chpass_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1246:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1253:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1255:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1255:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1259:16: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1259:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1264:8: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1267:11: call_function: calling ‘apply_keysalt_policy’ from ‘kadm5_chpass_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1267:11: return_function: returning to ‘kadm5_chpass_principal_3’ from ‘apply_keysalt_policy’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1269:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1272:10: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1277:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1288:16: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1288:16: danger: ‘new_ks_tuple’ leaks here; was allocated at [(18)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/17)
# 1286|       }
# 1287|   
# 1288|->     if ((ret = passwd_check(handle, password, have_pol ? &pol : NULL,
# 1289|                               principal)))
# 1290|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def589]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1292:11: warning[-Wanalyzer-malloc-leak]: leak of ‘new_ks_tuple’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1228:1: enter_function: entry to ‘kadm5_chpass_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1246:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1253:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1255:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1255:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1259:16: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1259:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1264:8: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1267:11: call_function: calling ‘apply_keysalt_policy’ from ‘kadm5_chpass_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1267:11: return_function: returning to ‘kadm5_chpass_principal_3’ from ‘apply_keysalt_policy’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1269:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1272:10: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1277:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1288:16: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1288:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1292:11: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1292:11: danger: ‘new_ks_tuple’ leaks here; was allocated at [(18)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/17)
# 1290|           goto done;
# 1291|   
# 1292|->     ret = kdb_get_active_mkey(handle, &act_kvno, &act_mkey);
# 1293|       if (ret)
# 1294|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def590]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1296:11: warning[-Wanalyzer-malloc-leak]: leak of ‘new_ks_tuple’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1228:1: enter_function: entry to ‘kadm5_chpass_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1246:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1253:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1255:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1255:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1259:16: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1259:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1264:8: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1267:11: call_function: calling ‘apply_keysalt_policy’ from ‘kadm5_chpass_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1267:11: return_function: returning to ‘kadm5_chpass_principal_3’ from ‘apply_keysalt_policy’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1269:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1272:10: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1277:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1288:16: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1288:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1292:11: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1293:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1296:11: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1296:11: danger: ‘new_ks_tuple’ leaks here; was allocated at [(18)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/17)
# 1294|           goto done;
# 1295|   
# 1296|->     ret = krb5_dbe_cpw(handle->context, act_mkey, new_ks_tuple, new_n_ks_tuple,
# 1297|                          password, 0 /* increment kvno */,
# 1298|                          keepold, kdb);

Error: CPPCHECK_WARNING (CWE-457): [#def591]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1325: error[legacyUninitvar]: Uninitialized variable: hist_kvno
# 1323|               /* If hist_kvno has changed since the last password change, we
# 1324|                * can't check the history. */
# 1325|->             if (adb.admin_history_kvno == hist_kvno) {
# 1326|                   ret = check_pw_reuse(handle->context, hist_keyblocks,
# 1327|                                        kdb->n_key_data, kdb->key_data,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def592]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1438:9: warning[-Wanalyzer-malloc-leak]: leak of ‘new_ks_tuple’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1396:1: enter_function: entry to ‘kadm5_randkey_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1418:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1422:8: branch_false: following ‘false’ branch (when ‘principal’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1425:16: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1425:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1430:8: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1433:11: call_function: calling ‘apply_keysalt_policy’ from ‘kadm5_randkey_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1433:11: return_function: returning to ‘kadm5_randkey_principal_3’ from ‘apply_keysalt_policy’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1435:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1438:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1438:9: danger: ‘new_ks_tuple’ leaks here; was allocated at [(16)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/15)
# 1436|           goto done;
# 1437|   
# 1438|->     if (krb5_principal_compare(handle->context, principal, hist_princ)) {
# 1439|           /* If changing the history entry, the new entry must have exactly one
# 1440|            * key. */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def593]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1448:11: warning[-Wanalyzer-malloc-leak]: leak of ‘new_ks_tuple’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1396:1: enter_function: entry to ‘kadm5_randkey_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1418:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1422:8: branch_false: following ‘false’ branch (when ‘principal’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1425:16: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1425:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1430:8: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1433:11: call_function: calling ‘apply_keysalt_policy’ from ‘kadm5_randkey_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1433:11: return_function: returning to ‘kadm5_randkey_principal_3’ from ‘apply_keysalt_policy’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1435:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1438:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1448:11: danger: ‘new_ks_tuple’ leaks here; was allocated at [(16)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/15)
# 1446|       }
# 1447|   
# 1448|->     ret = kdb_get_active_mkey(handle, &act_kvno, &act_mkey);
# 1449|       if (ret)
# 1450|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def594]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1452:11: warning[-Wanalyzer-malloc-leak]: leak of ‘new_ks_tuple’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1396:1: enter_function: entry to ‘kadm5_randkey_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1418:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1422:8: branch_false: following ‘false’ branch (when ‘principal’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1425:16: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1425:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1430:8: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1433:11: call_function: calling ‘apply_keysalt_policy’ from ‘kadm5_randkey_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1433:11: return_function: returning to ‘kadm5_randkey_principal_3’ from ‘apply_keysalt_policy’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1435:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1438:9: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1449:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1452:11: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1452:11: danger: ‘new_ks_tuple’ leaks here; was allocated at [(16)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/15)
# 1450|           goto done;
# 1451|   
# 1452|->     ret = krb5_dbe_crk(handle->context, act_mkey, new_ks_tuple, new_n_ks_tuple,
# 1453|                          keepold, kdb);
# 1454|       if (ret)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def595]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1607:5: warning[-Wanalyzer-malloc-leak]: leak of ‘key_data’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1527:1: enter_function: entry to ‘kadm5_setkey_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1538:8: branch_false: following ‘false’ branch (when ‘keyblocks’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1541:8: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1550:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1551:8: branch_false: following ‘false’ branch (when ‘key_data’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1554:17: branch_false: following ‘false’ branch (when ‘i >= n_keys’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1560:11: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1560:11: call_function: calling ‘kadm5_setkey_principal_4’ from ‘kadm5_setkey_principal_3’
# 1605|       CHECK_HANDLE(server_handle);
# 1606|   
# 1607|->     krb5_clear_error_message(handle->context);
# 1608|   
# 1609|       if (principal == NULL || key_data == NULL || n_key_data == 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def596]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1614:9: warning[-Wanalyzer-malloc-leak]: leak of ‘key_data’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1527:1: enter_function: entry to ‘kadm5_setkey_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1538:8: branch_false: following ‘false’ branch (when ‘keyblocks’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1541:8: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1550:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1551:8: branch_false: following ‘false’ branch (when ‘key_data’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1554:17: branch_false: following ‘false’ branch (when ‘i >= n_keys’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1560:11: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1560:11: call_function: calling ‘kadm5_setkey_principal_4’ from ‘kadm5_setkey_principal_3’
# 1612|       /* hist_princ will be NULL when initializing the database. */
# 1613|       if (hist_princ != NULL &&
# 1614|->         krb5_principal_compare(handle->context, principal, hist_princ))
# 1615|           return KADM5_PROTECT_PRINCIPAL;
# 1616|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def597]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1624:11: warning[-Wanalyzer-malloc-leak]: leak of ‘key_data’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1527:1: enter_function: entry to ‘kadm5_setkey_principal_3’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1538:8: branch_false: following ‘false’ branch (when ‘keyblocks’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1541:8: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1550:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1551:8: branch_false: following ‘false’ branch (when ‘key_data’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1554:17: branch_false: following ‘false’ branch (when ‘i >= n_keys’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1560:11: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1560:11: call_function: calling ‘kadm5_setkey_principal_4’ from ‘kadm5_setkey_principal_3’
# 1622|       }
# 1623|   
# 1624|->     ret = kdb_get_entry(handle, principal, &kdb, &adb);
# 1625|       if (ret)
# 1626|           return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def598]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1797:15: warning[-Wanalyzer-malloc-leak]: leak of ‘key_data’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1778:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1781:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1783:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1786:26: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1786:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1787:8: branch_false: following ‘false’ branch (when ‘key_data’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1792:28: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1793:12: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1797:15: danger: ‘key_data’ leaks here; was allocated at [(7)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/6)
# 1795|           key_data[nkeys].kvno = kdb->key_data[i].key_data_kvno;
# 1796|   
# 1797|->         ret = krb5_dbe_decrypt_key_data(handle->context, NULL,
# 1798|                                           &kdb->key_data[i],
# 1799|                                           &key_data[nkeys].key,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def599]
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1839:15: warning[-Wanalyzer-malloc-leak]: leak of ‘keys’
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1833:30: acquire_memory: allocated here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1834:8: branch_false: following ‘false’ branch (when ‘keys’ is non-NULL)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1836:5: branch_false: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1838:17: branch_true: following ‘true’ branch (when ‘i < n_key_data’)...
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1839:75: branch_true: ...to here
krb5-1.21.3/src/lib/kadm5/srv/svr_principal.c:1839:15: danger: ‘keys’ leaks here; was allocated at [(1)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/0)
# 1837|   
# 1838|       for (i = 0; i < n_key_data; i++) {
# 1839|->         ret = krb5_dbe_decrypt_key_data(context, NULL, &key_data[i], &keys[i],
# 1840|                                           NULL);
# 1841|           if (ret) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def600]
krb5-1.21.3/src/lib/kdb/decrypt_key.c:91:11: warning[-Wanalyzer-malloc-leak]: leak of ‘plain.data’
krb5-1.21.3/src/lib/kdb/decrypt_key.c:58:1: enter_function: entry to ‘krb5_dbe_def_decrypt_key_data’
krb5-1.21.3/src/lib/kdb/decrypt_key.c:74:8: branch_false: following ‘false’ branch (when ‘mkey’ is non-NULL)...
krb5-1.21.3/src/lib/kdb/decrypt_key.c:77:9: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/decrypt_key.c:77:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/decrypt_key.c:81:8: branch_false: following ‘false’ branch (when ‘keylen >= 0’)...
krb5-1.21.3/src/lib/kdb/decrypt_key.c:84:5: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/decrypt_key.c:87:11: call_function: calling ‘alloc_data’ from ‘krb5_dbe_def_decrypt_key_data’
krb5-1.21.3/src/lib/kdb/decrypt_key.c:87:11: return_function: returning to ‘krb5_dbe_def_decrypt_key_data’ from ‘alloc_data’
krb5-1.21.3/src/lib/kdb/decrypt_key.c:88:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/decrypt_key.c:91:11: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/decrypt_key.c:91:11: danger: ‘plain.data’ leaks here; was allocated at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10)
#   89|           goto cleanup;
#   90|   
#   91|->     ret = krb5_c_decrypt(context, mkey, 0, 0, &cipher, &plain);
#   92|       if (ret)
#   93|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def601]
krb5-1.21.3/src/lib/kdb/encrypt_key.c:91:11: warning[-Wanalyzer-malloc-leak]: leak of ‘kd.key_data_contents[0]’
krb5-1.21.3/src/lib/kdb/encrypt_key.c:60:1: enter_function: entry to ‘krb5_dbe_def_encrypt_key_data’
krb5-1.21.3/src/lib/kdb/encrypt_key.c:77:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/encrypt_key.c:82:27: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/encrypt_key.c:84:31: call_function: calling ‘k5alloc’ from ‘krb5_dbe_def_encrypt_key_data’
krb5-1.21.3/src/lib/kdb/encrypt_key.c:84:31: return_function: returning to ‘krb5_dbe_def_encrypt_key_data’ from ‘k5alloc’
krb5-1.21.3/src/lib/kdb/encrypt_key.c:85:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/encrypt_key.c:87:17: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/encrypt_key.c:91:11: danger: ‘kd.key_data_contents[0]’ leaks here; was allocated at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#   89|       plain = make_data(dbkey->contents, dbkey->length);
#   90|       cipher.ciphertext = make_data(kd.key_data_contents[0] + 2, clen);
#   91|->     ret = krb5_c_encrypt(context, mkey, 0, 0, &plain, &cipher);
#   92|       if (ret)
#   93|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def602]
krb5-1.21.3/src/lib/kdb/kdb5.c:247:14: warning[-Wanalyzer-malloc-leak]: leak of ‘dal_handle’
krb5-1.21.3/src/lib/kdb/kdb5.c:1179:1: enter_function: entry to ‘krb5_db_fetch_mkey’
krb5-1.21.3/src/lib/kdb/kdb5.c:1192:8: branch_false: following ‘false’ branch (when ‘fromkeyboard == 0’)...
krb5-1.21.3/src/lib/kdb/kdb5.c:1238:13: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:1238:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb5.c:1239:22: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:1239:22: call_function: calling ‘krb5_db_setup_lib_handle’ from ‘krb5_db_fetch_mkey’
#  245|       *libname_out = NULL;
#  246|   
#  247|->     status = krb5_get_default_realm(kcontext, &defrealm);
#  248|       if (status)
#  249|           goto clean_n_exit;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def603]
krb5-1.21.3/src/lib/kdb/kdb5.c:250:14: warning[-Wanalyzer-malloc-leak]: leak of ‘dal_handle’
krb5-1.21.3/src/lib/kdb/kdb5.c:1179:1: enter_function: entry to ‘krb5_db_fetch_mkey’
krb5-1.21.3/src/lib/kdb/kdb5.c:1192:8: branch_false: following ‘false’ branch (when ‘fromkeyboard == 0’)...
krb5-1.21.3/src/lib/kdb/kdb5.c:1238:13: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:1238:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb5.c:1239:22: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:1239:22: call_function: calling ‘krb5_db_setup_lib_handle’ from ‘krb5_db_fetch_mkey’
#  248|       if (status)
#  249|           goto clean_n_exit;
#  250|->     status = profile_get_string(kcontext->profile,
#  251|                                   /* realms */
#  252|                                   KDB_REALM_SECTION,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def604]
krb5-1.21.3/src/lib/kdb/kdb5.c:264:14: warning[-Wanalyzer-malloc-leak]: leak of ‘dal_handle’
krb5-1.21.3/src/lib/kdb/kdb5.c:1179:1: enter_function: entry to ‘krb5_db_fetch_mkey’
krb5-1.21.3/src/lib/kdb/kdb5.c:1192:8: branch_false: following ‘false’ branch (when ‘fromkeyboard == 0’)...
krb5-1.21.3/src/lib/kdb/kdb5.c:1238:13: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:1238:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb5.c:1239:22: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:1239:22: call_function: calling ‘krb5_db_setup_lib_handle’ from ‘krb5_db_fetch_mkey’
#  262|   #define DB2_NAME "db2"
#  263|       /* we got the module section. Get the library name from the module */
#  264|->     status = profile_get_string(kcontext->profile, KDB_MODULE_SECTION, value,
#  265|                                   KDB_LIB_POINTER,
#  266|                                   /* default to db2 */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def605]
krb5-1.21.3/src/lib/kdb/kdb5.c:279:5: warning[-Wanalyzer-malloc-leak]: leak of ‘dal_handle’
krb5-1.21.3/src/lib/kdb/kdb5.c:1179:1: enter_function: entry to ‘krb5_db_fetch_mkey’
krb5-1.21.3/src/lib/kdb/kdb5.c:1192:8: branch_false: following ‘false’ branch (when ‘fromkeyboard == 0’)...
krb5-1.21.3/src/lib/kdb/kdb5.c:1238:13: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:1238:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb5.c:1239:22: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:1239:22: call_function: calling ‘krb5_db_setup_lib_handle’ from ‘krb5_db_fetch_mkey’
#  277|   
#  278|   clean_n_exit:
#  279|->     krb5_free_default_realm(kcontext, defrealm);
#  280|       profile_release_string(value);
#  281|       profile_release_string(lib);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def606]
krb5-1.21.3/src/lib/kdb/kdb5.c:279:5: warning[-Wanalyzer-malloc-leak]: leak of ‘library’
krb5-1.21.3/src/lib/kdb/kdb5.c:1179:1: enter_function: entry to ‘krb5_db_fetch_mkey’
krb5-1.21.3/src/lib/kdb/kdb5.c:1192:8: branch_false: following ‘false’ branch (when ‘fromkeyboard == 0’)...
krb5-1.21.3/src/lib/kdb/kdb5.c:1238:13: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:1238:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb5.c:1239:22: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:1239:22: call_function: calling ‘krb5_db_setup_lib_handle’ from ‘krb5_db_fetch_mkey’
#  277|   
#  278|   clean_n_exit:
#  279|->     krb5_free_default_realm(kcontext, defrealm);
#  280|       profile_release_string(value);
#  281|       profile_release_string(lib);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def607]
krb5-1.21.3/src/lib/kdb/kdb5.c:280:5: warning[-Wanalyzer-malloc-leak]: leak of ‘dal_handle’
krb5-1.21.3/src/lib/kdb/kdb5.c:1179:1: enter_function: entry to ‘krb5_db_fetch_mkey’
krb5-1.21.3/src/lib/kdb/kdb5.c:1192:8: branch_false: following ‘false’ branch (when ‘fromkeyboard == 0’)...
krb5-1.21.3/src/lib/kdb/kdb5.c:1238:13: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:1238:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb5.c:1239:22: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:1239:22: call_function: calling ‘krb5_db_setup_lib_handle’ from ‘krb5_db_fetch_mkey’
#  278|   clean_n_exit:
#  279|       krb5_free_default_realm(kcontext, defrealm);
#  280|->     profile_release_string(value);
#  281|       profile_release_string(lib);
#  282|       return status;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def608]
krb5-1.21.3/src/lib/kdb/kdb5.c:280:5: warning[-Wanalyzer-malloc-leak]: leak of ‘library’
krb5-1.21.3/src/lib/kdb/kdb5.c:1179:1: enter_function: entry to ‘krb5_db_fetch_mkey’
krb5-1.21.3/src/lib/kdb/kdb5.c:1192:8: branch_false: following ‘false’ branch (when ‘fromkeyboard == 0’)...
krb5-1.21.3/src/lib/kdb/kdb5.c:1238:13: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:1238:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb5.c:1239:22: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:1239:22: call_function: calling ‘krb5_db_setup_lib_handle’ from ‘krb5_db_fetch_mkey’
#  278|   clean_n_exit:
#  279|       krb5_free_default_realm(kcontext, defrealm);
#  280|->     profile_release_string(value);
#  281|       profile_release_string(lib);
#  282|       return status;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def609]
krb5-1.21.3/src/lib/kdb/kdb5.c:959:23: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/kdb/kdb5.c:949:1: enter_function: entry to ‘krb5_db_put_principal’
krb5-1.21.3/src/lib/kdb/kdb5.c:959:23: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:959:23: danger: ‘ptr’ leaks here; was allocated at [(7)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/6)
#  957|           if (upd == NULL)
#  958|               goto cleanup;
#  959|->         if ((status = ulog_conv_2logentry(kcontext, entry, upd)))
#  960|               goto cleanup;
#  961|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def610]
krb5-1.21.3/src/lib/kdb/kdb5.c:2110:12: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/kdb/kdb5.c:2092:1: enter_function: entry to ‘krb5_dbe_get_strings’
krb5-1.21.3/src/lib/kdb/kdb5.c:2103:12: call_function: calling ‘begin_attrs’ from ‘krb5_dbe_get_strings’
krb5-1.21.3/src/lib/kdb/kdb5.c:2103:12: return_function: returning to ‘krb5_dbe_get_strings’ from ‘begin_attrs’
krb5-1.21.3/src/lib/kdb/kdb5.c:2104:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2107:12: call_function: calling ‘next_attr’ from ‘krb5_dbe_get_strings’
krb5-1.21.3/src/lib/kdb/kdb5.c:2107:12: return_function: returning to ‘krb5_dbe_get_strings’ from ‘next_attr’
krb5-1.21.3/src/lib/kdb/kdb5.c:2107:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb5.c:2109:39: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2110:12: branch_false: following ‘false’ branch (when ‘newstrings’ is non-NULL)...
krb5-1.21.3/src/lib/kdb/kdb5.c:2113:15: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2113:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/kdb/kdb5.c:2115:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb5.c:2117:16: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2107:12: call_function: calling ‘next_attr’ from ‘krb5_dbe_get_strings’
krb5-1.21.3/src/lib/kdb/kdb5.c:2107:12: return_function: returning to ‘krb5_dbe_get_strings’ from ‘next_attr’
krb5-1.21.3/src/lib/kdb/kdb5.c:2107:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb5.c:2109:39: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2110:12: branch_false: following ‘false’ branch (when ‘newstrings’ is non-NULL)...
krb5-1.21.3/src/lib/kdb/kdb5.c:2113:15: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2115:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb5.c:2117:16: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2107:12: call_function: calling ‘next_attr’ from ‘krb5_dbe_get_strings’
krb5-1.21.3/src/lib/kdb/kdb5.c:2107:12: return_function: returning to ‘krb5_dbe_get_strings’ from ‘next_attr’
krb5-1.21.3/src/lib/kdb/kdb5.c:2107:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb5.c:2109:39: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2110:12: danger: ‘<unknown>’ leaks here; was allocated at [(28)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/27)
# 2108|           /* Add a copy of mapkey and mapvalue to strings. */
# 2109|           newstrings = realloc(strings, (count + 1) * sizeof(*strings));
# 2110|->         if (newstrings == NULL)
# 2111|               goto oom;
# 2112|           strings = newstrings;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def611]
krb5-1.21.3/src/lib/kdb/kdb5.c:2118:9: warning[-Wanalyzer-malloc-leak]: leak of ‘key’
krb5-1.21.3/src/lib/kdb/kdb5.c:2092:1: enter_function: entry to ‘krb5_dbe_get_strings’
krb5-1.21.3/src/lib/kdb/kdb5.c:2103:12: call_function: calling ‘begin_attrs’ from ‘krb5_dbe_get_strings’
krb5-1.21.3/src/lib/kdb/kdb5.c:2103:12: return_function: returning to ‘krb5_dbe_get_strings’ from ‘begin_attrs’
krb5-1.21.3/src/lib/kdb/kdb5.c:2104:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2107:12: call_function: calling ‘next_attr’ from ‘krb5_dbe_get_strings’
krb5-1.21.3/src/lib/kdb/kdb5.c:2107:12: return_function: returning to ‘krb5_dbe_get_strings’ from ‘next_attr’
krb5-1.21.3/src/lib/kdb/kdb5.c:2107:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb5.c:2109:39: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2110:12: branch_false: following ‘false’ branch (when ‘newstrings’ is non-NULL)...
krb5-1.21.3/src/lib/kdb/kdb5.c:2113:15: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2113:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/kdb/kdb5.c:2115:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb5.c:2117:16: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2107:12: call_function: calling ‘next_attr’ from ‘krb5_dbe_get_strings’
krb5-1.21.3/src/lib/kdb/kdb5.c:2107:12: return_function: returning to ‘krb5_dbe_get_strings’ from ‘next_attr’
krb5-1.21.3/src/lib/kdb/kdb5.c:2107:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb5.c:2109:39: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2110:12: branch_false: following ‘false’ branch (when ‘newstrings’ is non-NULL)...
krb5-1.21.3/src/lib/kdb/kdb5.c:2113:15: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2115:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb5.c:2117:16: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2118:9: danger: ‘key’ leaks here; was allocated at [(28)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/27)
# 2116|               goto oom;
# 2117|           strings[count].key = key;
# 2118|->         strings[count].value = val;
# 2119|           count++;
# 2120|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def612]
krb5-1.21.3/src/lib/kdb/kdb5.c:2118:9: warning[-Wanalyzer-malloc-leak]: leak of ‘val’
krb5-1.21.3/src/lib/kdb/kdb5.c:2092:1: enter_function: entry to ‘krb5_dbe_get_strings’
krb5-1.21.3/src/lib/kdb/kdb5.c:2103:12: call_function: calling ‘begin_attrs’ from ‘krb5_dbe_get_strings’
krb5-1.21.3/src/lib/kdb/kdb5.c:2103:12: return_function: returning to ‘krb5_dbe_get_strings’ from ‘begin_attrs’
krb5-1.21.3/src/lib/kdb/kdb5.c:2104:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2107:12: call_function: calling ‘next_attr’ from ‘krb5_dbe_get_strings’
krb5-1.21.3/src/lib/kdb/kdb5.c:2107:12: return_function: returning to ‘krb5_dbe_get_strings’ from ‘next_attr’
krb5-1.21.3/src/lib/kdb/kdb5.c:2107:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb5.c:2109:39: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2110:12: branch_false: following ‘false’ branch (when ‘newstrings’ is non-NULL)...
krb5-1.21.3/src/lib/kdb/kdb5.c:2113:15: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2114:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/kdb/kdb5.c:2115:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb5.c:2117:16: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2107:12: call_function: calling ‘next_attr’ from ‘krb5_dbe_get_strings’
krb5-1.21.3/src/lib/kdb/kdb5.c:2107:12: return_function: returning to ‘krb5_dbe_get_strings’ from ‘next_attr’
krb5-1.21.3/src/lib/kdb/kdb5.c:2107:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb5.c:2109:39: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2110:12: branch_false: following ‘false’ branch (when ‘newstrings’ is non-NULL)...
krb5-1.21.3/src/lib/kdb/kdb5.c:2113:15: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2115:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb5.c:2117:16: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb5.c:2118:9: danger: ‘val’ leaks here; was allocated at [(28)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/27)
# 2116|               goto oom;
# 2117|           strings[count].key = key;
# 2118|->         strings[count].value = val;
# 2119|           count++;
# 2120|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def613]
krb5-1.21.3/src/lib/kdb/kdb_convert.c:287:5: warning[-Wanalyzer-malloc-leak]: leak of ‘princ’
krb5-1.21.3/src/lib/kdb/kdb_convert.c:550:1: enter_function: entry to ‘ulog_conv_2dbentry’
krb5-1.21.3/src/lib/kdb/kdb_convert.c:575:18: call_function: calling ‘k5memdup0’ from ‘ulog_conv_2dbentry’
krb5-1.21.3/src/lib/kdb/kdb_convert.c:575:18: return_function: returning to ‘ulog_conv_2dbentry’ from ‘k5memdup0’
krb5-1.21.3/src/lib/kdb/kdb_convert.c:577:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:580:11: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:582:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:585:11: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:587:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:594:8: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:594:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:601:17: branch_true: following ‘true’ branch (when ‘i < nattrs’)...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:605:17: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:642:24: call_function: calling ‘conv_princ_2db’ from ‘ulog_conv_2dbentry’
#  285|       return princ;
#  286|   error:
#  287|->     krb5_free_principal(context, princ);
#  288|       return NULL;
#  289|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def614]
krb5-1.21.3/src/lib/kdb/kdb_convert.c:332:11: warning[-Wanalyzer-malloc-leak]: leak of ‘attr_types’
krb5-1.21.3/src/lib/kdb/kdb_convert.c:318:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:326:43: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:326:43: acquire_memory: allocated here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:326:8: branch_false: following ‘false’ branch (when ‘attr_types’ is non-NULL)...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:332:42: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:332:11: danger: ‘attr_types’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  330|       }
#  331|   
#  332|->     ret = krb5_db_get_principal(context, entry->princ, 0, &curr);
#  333|       if (ret && ret != KRB5_KDB_NOENTRY) {
#  334|           free(attr_types);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def615]
krb5-1.21.3/src/lib/kdb/kdb_convert.c:359:9: warning[-Wanalyzer-malloc-leak]: leak of ‘attr_types’
krb5-1.21.3/src/lib/kdb/kdb_convert.c:298:1: enter_function: entry to ‘ulog_conv_2logentry’
krb5-1.21.3/src/lib/kdb/kdb_convert.c:318:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:326:43: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:326:43: acquire_memory: allocated here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:326:8: branch_false: following ‘false’ branch (when ‘attr_types’ is non-NULL)...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:332:42: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:338:8: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:338:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:358:9: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:358:9: call_function: calling ‘find_changed_attrs’ from ‘ulog_conv_2logentry’
krb5-1.21.3/src/lib/kdb/kdb_convert.c:358:9: return_function: returning to ‘ulog_conv_2logentry’ from ‘find_changed_attrs’
krb5-1.21.3/src/lib/kdb/kdb_convert.c:359:9: danger: ‘attr_types’ leaks here; was allocated at [(4)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/3)
#  357|           /* Always exclude non-replicated attributes for now. */
#  358|           find_changed_attrs(curr, entry, TRUE, attr_types, &nattrs);
#  359|->         krb5_db_free_principal(context, curr);
#  360|       }
#  361|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def616]
krb5-1.21.3/src/lib/kdb/kdb_convert.c:580:11: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*update.kdb_princ_name.utf8str_t_val, (long unsigned int)*update.kdb_princ_name.utf8str_t_len, & ret)’
krb5-1.21.3/src/lib/kdb/kdb_convert.c:550:1: enter_function: entry to ‘ulog_conv_2dbentry’
krb5-1.21.3/src/lib/kdb/kdb_convert.c:575:18: call_function: calling ‘k5memdup0’ from ‘ulog_conv_2dbentry’
krb5-1.21.3/src/lib/kdb/kdb_convert.c:575:18: return_function: returning to ‘ulog_conv_2dbentry’ from ‘k5memdup0’
krb5-1.21.3/src/lib/kdb/kdb_convert.c:577:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:580:11: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:580:11: danger: ‘k5memdup0(*update.kdb_princ_name.utf8str_t_val, (long unsigned int)*update.kdb_princ_name.utf8str_t_len, & ret)’ leaks here; was allocated at [(7)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/6)
#  578|           goto cleanup;
#  579|   
#  580|->     ret = krb5_parse_name(context, dbprincstr, &dbprinc);
#  581|       free(dbprincstr);
#  582|       if (ret)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def617]
krb5-1.21.3/src/lib/kdb/kdb_convert.c:711:23: warning[-Wanalyzer-malloc-leak]: leak of ‘ent’
krb5-1.21.3/src/lib/kdb/kdb_convert.c:550:1: enter_function: entry to ‘ulog_conv_2dbentry’
krb5-1.21.3/src/lib/kdb/kdb_convert.c:575:18: call_function: calling ‘k5memdup0’ from ‘ulog_conv_2dbentry’
krb5-1.21.3/src/lib/kdb/kdb_convert.c:575:18: return_function: returning to ‘ulog_conv_2dbentry’ from ‘k5memdup0’
krb5-1.21.3/src/lib/kdb/kdb_convert.c:577:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:580:11: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:582:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:585:11: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:587:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:594:8: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:594:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:595:15: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:595:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:596:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:598:9: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:601:17: branch_true: following ‘true’ branch (when ‘i < nattrs’)...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:605:17: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:706:25: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:707:50: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:711:23: danger: ‘ent’ leaks here; was allocated at [(21)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/20)
#  709|                   newtl.tl_data_contents = (krb5_octet *)u.av_tldata.av_tldata_val[j].tl_data.tl_data_val;
#  710|                   newtl.tl_data_next = NULL;
#  711|->                 ret = krb5_dbe_update_tl_data(context, ent, &newtl);
#  712|                   if (ret)
#  713|                       goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def618]
krb5-1.21.3/src/lib/kdb/kdb_convert.c:719:19: warning[-Wanalyzer-malloc-leak]: leak of ‘ent’
krb5-1.21.3/src/lib/kdb/kdb_convert.c:550:1: enter_function: entry to ‘ulog_conv_2dbentry’
krb5-1.21.3/src/lib/kdb/kdb_convert.c:575:18: call_function: calling ‘k5memdup0’ from ‘ulog_conv_2dbentry’
krb5-1.21.3/src/lib/kdb/kdb_convert.c:575:18: return_function: returning to ‘ulog_conv_2dbentry’ from ‘k5memdup0’
krb5-1.21.3/src/lib/kdb/kdb_convert.c:577:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:580:11: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:582:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:585:11: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:587:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:594:8: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:594:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:595:15: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:595:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:596:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:598:9: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:601:17: branch_true: following ‘true’ branch (when ‘i < nattrs’)...
krb5-1.21.3/src/lib/kdb/kdb_convert.c:605:17: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_convert.c:719:19: danger: ‘ent’ leaks here; was allocated at [(21)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/20)
#  717|           }
#  718|           case AT_PW_LAST_CHANGE:
#  719|->             ret = krb5_dbe_update_last_pwd_change(context, ent,
#  720|                                                     u.av_pw_last_change);
#  721|               if (ret)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def619]
krb5-1.21.3/src/lib/kdb/kdb_default.c:228:5: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(keyfile, "rb")’
krb5-1.21.3/src/lib/kdb/kdb_default.c:226:16: acquire_resource: opened here
krb5-1.21.3/src/lib/kdb/kdb_default.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:228:5: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:228:5: danger: ‘fopen(keyfile, "rb")’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  226|       if (!(kf = fopen(keyfile, "rb")))
#  227|           return KRB5_KDB_CANTREAD_STORED;
#  228|->     set_cloexec_file(kf);
#  229|   
#  230|       if (fread((krb5_pointer) &enctype, 2, 1, kf) != 1) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def620]
krb5-1.21.3/src/lib/kdb/kdb_default.c:228:5: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(keyfile, "rb")’
krb5-1.21.3/src/lib/kdb/kdb_default.c:226:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/kdb/kdb_default.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:228:5: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:228:5: danger: ‘fopen(keyfile, "rb")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  226|       if (!(kf = fopen(keyfile, "rb")))
#  227|           return KRB5_KDB_CANTREAD_STORED;
#  228|->     set_cloexec_file(kf);
#  229|   
#  230|       if (fread((krb5_pointer) &enctype, 2, 1, kf) != 1) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def621]
krb5-1.21.3/src/lib/kdb/kdb_default.c:495:18: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/kdb/kdb_default.c:410:8: branch_false: following ‘false’ branch (when ‘mkeys_list’ is non-NULL)...
krb5-1.21.3/src/lib/kdb/kdb_default.c:413:5: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:416:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:418:8: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:418:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:421:21: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:421:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:431:9: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:431:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:432:13: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:432:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:468:44: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:469:8: branch_false: following ‘false’ branch (when ‘mkey_list_head’ is non-NULL)...
krb5-1.21.3/src/lib/kdb/kdb_default.c:474:5: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:484:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:485:13: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:485:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:487:53: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:487:53: acquire_memory: allocated here
krb5-1.21.3/src/lib/kdb/kdb_default.c:488:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:492:13: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:495:18: danger: ‘<unknown>’ leaks here; was allocated at [(19)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/18)
#  493|           }
#  494|           key_data = &master_entry->key_data[i];
#  495|->         retval = krb5_dbe_decrypt_key_data(context, &cur_mkey, key_data,
#  496|                                              &((*mkey_list_node)->keyblock),
#  497|                                              NULL);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def622]
krb5-1.21.3/src/lib/kdb/kdb_default.c:495:18: warning[-Wanalyzer-malloc-leak]: leak of ‘mkey_list_head’
krb5-1.21.3/src/lib/kdb/kdb_default.c:410:8: branch_false: following ‘false’ branch (when ‘mkeys_list’ is non-NULL)...
krb5-1.21.3/src/lib/kdb/kdb_default.c:413:5: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:416:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:418:8: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:418:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:421:21: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:421:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:431:9: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:431:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:432:13: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:432:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:468:44: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:468:44: acquire_memory: allocated here
krb5-1.21.3/src/lib/kdb/kdb_default.c:469:8: branch_false: following ‘false’ branch (when ‘mkey_list_head’ is non-NULL)...
krb5-1.21.3/src/lib/kdb/kdb_default.c:474:5: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:484:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:485:13: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:485:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:487:53: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:488:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:492:13: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:495:18: danger: ‘mkey_list_head’ leaks here; was allocated at [(13)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/12)
#  493|           }
#  494|           key_data = &master_entry->key_data[i];
#  495|->         retval = krb5_dbe_decrypt_key_data(context, &cur_mkey, key_data,
#  496|                                              &((*mkey_list_node)->keyblock),
#  497|                                              NULL);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def623]
krb5-1.21.3/src/lib/kdb/kdb_default.c:508:5: warning[-Wanalyzer-malloc-leak]: leak of ‘mkey_list_head’
krb5-1.21.3/src/lib/kdb/kdb_default.c:410:8: branch_false: following ‘false’ branch (when ‘mkeys_list’ is non-NULL)...
krb5-1.21.3/src/lib/kdb/kdb_default.c:413:5: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:416:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:418:8: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:418:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:421:21: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:421:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:431:9: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:440:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:444:14: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:454:12: branch_false: following ‘false’ branch (when ‘found_key == 1’)...
krb5-1.21.3/src/lib/kdb/kdb_default.c:468:44: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:468:44: acquire_memory: allocated here
krb5-1.21.3/src/lib/kdb/kdb_default.c:469:8: branch_false: following ‘false’ branch (when ‘mkey_list_head’ is non-NULL)...
krb5-1.21.3/src/lib/kdb/kdb_default.c:474:5: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:484:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:485:13: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:485:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:487:53: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:488:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:492:13: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:508:5: danger: ‘mkey_list_head’ leaks here; was allocated at [(13)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/12)
#  506|   
#  507|   clean_n_exit:
#  508|->     krb5_db_free_principal(context, master_entry);
#  509|       krb5_dbe_free_mkey_aux_list(context, mkey_aux_data_list);
#  510|       if (retval != 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def624]
krb5-1.21.3/src/lib/kdb/kdb_default.c:509:5: warning[-Wanalyzer-malloc-leak]: leak of ‘mkey_list_head’
krb5-1.21.3/src/lib/kdb/kdb_default.c:410:8: branch_false: following ‘false’ branch (when ‘mkeys_list’ is non-NULL)...
krb5-1.21.3/src/lib/kdb/kdb_default.c:413:5: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:416:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:418:8: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:418:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:421:21: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:421:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:431:9: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:440:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:444:14: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:454:12: branch_false: following ‘false’ branch (when ‘found_key == 1’)...
krb5-1.21.3/src/lib/kdb/kdb_default.c:468:44: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:468:44: acquire_memory: allocated here
krb5-1.21.3/src/lib/kdb/kdb_default.c:469:8: branch_false: following ‘false’ branch (when ‘mkey_list_head’ is non-NULL)...
krb5-1.21.3/src/lib/kdb/kdb_default.c:474:5: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:484:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:485:13: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:485:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:487:53: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:488:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:492:13: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:509:5: danger: ‘mkey_list_head’ leaks here; was allocated at [(13)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/12)
#  507|   clean_n_exit:
#  508|       krb5_db_free_principal(context, master_entry);
#  509|->     krb5_dbe_free_mkey_aux_list(context, mkey_aux_data_list);
#  510|       if (retval != 0)
#  511|           krb5_dbe_free_key_list(context, mkey_list_head);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def625]
krb5-1.21.3/src/lib/kdb/kdb_default.c:511:9: warning[-Wanalyzer-malloc-leak]: leak of ‘mkey_list_head’
krb5-1.21.3/src/lib/kdb/kdb_default.c:410:8: branch_false: following ‘false’ branch (when ‘mkeys_list’ is non-NULL)...
krb5-1.21.3/src/lib/kdb/kdb_default.c:413:5: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:416:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:418:8: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:418:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:421:21: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:421:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:431:9: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:440:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:444:14: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:454:12: branch_false: following ‘false’ branch (when ‘found_key == 1’)...
krb5-1.21.3/src/lib/kdb/kdb_default.c:468:44: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:468:44: acquire_memory: allocated here
krb5-1.21.3/src/lib/kdb/kdb_default.c:469:8: branch_false: following ‘false’ branch (when ‘mkey_list_head’ is non-NULL)...
krb5-1.21.3/src/lib/kdb/kdb_default.c:474:5: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:484:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:485:13: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:485:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:487:53: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:488:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_default.c:492:13: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:510:8: branch_true: following ‘true’ branch (when ‘retval != 0’)...
krb5-1.21.3/src/lib/kdb/kdb_default.c:511:9: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_default.c:511:9: danger: ‘mkey_list_head’ leaks here; was allocated at [(13)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/12)
#  509|       krb5_dbe_free_mkey_aux_list(context, mkey_aux_data_list);
#  510|       if (retval != 0)
#  511|->         krb5_dbe_free_key_list(context, mkey_list_head);
#  512|       return retval;
#  513|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def626]
krb5-1.21.3/src/lib/kdb/kdb_log.c:408:22: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*upd.kdb_princ_name.utf8str_t_val, (long unsigned int)*upd.kdb_princ_name.utf8str_t_len, & retval)’
krb5-1.21.3/src/lib/kdb/kdb_log.c:375:1: enter_function: entry to ‘ulog_replay’
krb5-1.21.3/src/lib/kdb/kdb_log.c:386:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb_log.c:390:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_log.c:393:21: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_log.c:397:17: branch_true: following ‘true’ branch (when ‘i < no_of_updates’)...
krb5-1.21.3/src/lib/kdb/kdb_log.c:398:14: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_log.c:398:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_log.c:402:13: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_log.c:402:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/kdb/kdb_log.c:404:36: branch_true: ...to here
krb5-1.21.3/src/lib/kdb/kdb_log.c:403:26: call_function: calling ‘k5memdup0’ from ‘ulog_replay’
krb5-1.21.3/src/lib/kdb/kdb_log.c:403:26: return_function: returning to ‘ulog_replay’ from ‘k5memdup0’
krb5-1.21.3/src/lib/kdb/kdb_log.c:405:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/kdb/kdb_log.c:408:22: branch_false: ...to here
krb5-1.21.3/src/lib/kdb/kdb_log.c:408:22: danger: ‘k5memdup0(*upd.kdb_princ_name.utf8str_t_val, (long unsigned int)*upd.kdb_princ_name.utf8str_t_len, & retval)’ leaks here; was allocated at [(17)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/16)
#  406|                   goto cleanup;
#  407|   
#  408|->             retval = krb5_parse_name(context, dbprincstr, &dbprinc);
#  409|               free(dbprincstr);
#  410|               if (retval)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def627]
krb5-1.21.3/src/lib/krad/attr.c:184:22: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp.data’
krb5-1.21.3/src/lib/krad/attr.c:149:1: enter_function: entry to ‘user_password_encode’
krb5-1.21.3/src/lib/krad/attr.c:163:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attr.c:165:5: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attr.c:170:14: call_function: calling ‘alloc_data’ from ‘user_password_encode’
krb5-1.21.3/src/lib/krad/attr.c:170:14: return_function: returning to ‘user_password_encode’ from ‘alloc_data’
krb5-1.21.3/src/lib/krad/attr.c:171:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attr.c:174:5: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attr.c:175:33: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/attr.c:176:16: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attr.c:178:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attr.c:184:22: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attr.c:184:22: danger: ‘tmp.data’ leaks here; was allocated at [(6)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/5)
#  182|               sum.contents = calloc(1, BLOCKSIZE);
#  183|           } else {
#  184|->             retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &tmp,
#  185|                                             &sum);
#  186|           }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def628]
krb5-1.21.3/src/lib/krad/attr.c:195:45: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘sum.contents’
krb5-1.21.3/src/lib/krad/attr.c:149:1: enter_function: entry to ‘user_password_encode’
krb5-1.21.3/src/lib/krad/attr.c:163:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attr.c:165:5: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attr.c:170:14: call_function: calling ‘alloc_data’ from ‘user_password_encode’
krb5-1.21.3/src/lib/krad/attr.c:170:14: return_function: returning to ‘user_password_encode’ from ‘alloc_data’
krb5-1.21.3/src/lib/krad/attr.c:171:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attr.c:174:5: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attr.c:175:33: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/attr.c:176:16: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attr.c:178:13: call_function: calling ‘kr_use_fips’ from ‘user_password_encode’
krb5-1.21.3/src/lib/krad/attr.c:178:13: return_function: returning to ‘user_password_encode’ from ‘kr_use_fips’
krb5-1.21.3/src/lib/krad/attr.c:178:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/attr.c:181:13: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attr.c:182:28: acquire_memory: this call could return NULL
krb5-1.21.3/src/lib/krad/attr.c:187:12: branch_false: following ‘false’ branch (when ‘retval == 0’)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krad/attr.c:194:21: branch_true: following ‘true’ branch (when ‘i != 16’)...
krb5-1.21.3/src/lib/krad/attr.c:195:13: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attr.c:195:45: danger: ‘sum.contents + i’ could be NULL: unchecked value from [(20)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/19)
#  193|   
#  194|           for (i = 0; i < BLOCKSIZE; i++)
#  195|->             outbuf[blck * BLOCKSIZE + i] ^= sum.contents[i];
#  196|           krb5_free_checksum_contents(ctx, &sum);
#  197|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def629]
krb5-1.21.3/src/lib/krad/attr.c:196:9: warning[-Wanalyzer-malloc-leak]: leak of ‘sum.contents’
krb5-1.21.3/src/lib/krad/attr.c:149:1: enter_function: entry to ‘user_password_encode’
krb5-1.21.3/src/lib/krad/attr.c:163:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attr.c:165:5: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attr.c:170:14: call_function: calling ‘alloc_data’ from ‘user_password_encode’
krb5-1.21.3/src/lib/krad/attr.c:170:14: return_function: returning to ‘user_password_encode’ from ‘alloc_data’
krb5-1.21.3/src/lib/krad/attr.c:171:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attr.c:174:5: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attr.c:175:33: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/attr.c:176:16: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attr.c:178:13: call_function: calling ‘kr_use_fips’ from ‘user_password_encode’
krb5-1.21.3/src/lib/krad/attr.c:178:13: return_function: returning to ‘user_password_encode’ from ‘kr_use_fips’
krb5-1.21.3/src/lib/krad/attr.c:178:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/attr.c:181:13: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attr.c:182:28: acquire_memory: allocated here
krb5-1.21.3/src/lib/krad/attr.c:187:12: branch_false: following ‘false’ branch (when ‘retval == 0’)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krad/attr.c:194:21: branch_true: following ‘true’ branch (when ‘i != 16’)...
krb5-1.21.3/src/lib/krad/attr.c:195:13: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attr.c:194:21: branch_true: following ‘true’ branch (when ‘i != 16’)...
krb5-1.21.3/src/lib/krad/attr.c:195:13: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attr.c:196:9: danger: ‘sum.contents’ leaks here; was allocated at [(20)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/19)
#  194|           for (i = 0; i < BLOCKSIZE; i++)
#  195|               outbuf[blck * BLOCKSIZE + i] ^= sum.contents[i];
#  196|->         krb5_free_checksum_contents(ctx, &sum);
#  197|   
#  198|           indx = &outbuf[blck * BLOCKSIZE];

Error: GCC_ANALYZER_WARNING (CWE-401): [#def630]
krb5-1.21.3/src/lib/krad/attr.c:196:9: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp.data’
krb5-1.21.3/src/lib/krad/attr.c:149:1: enter_function: entry to ‘user_password_encode’
krb5-1.21.3/src/lib/krad/attr.c:163:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attr.c:165:5: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attr.c:170:14: call_function: calling ‘alloc_data’ from ‘user_password_encode’
krb5-1.21.3/src/lib/krad/attr.c:170:14: return_function: returning to ‘user_password_encode’ from ‘alloc_data’
krb5-1.21.3/src/lib/krad/attr.c:171:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attr.c:174:5: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attr.c:175:33: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/attr.c:176:16: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attr.c:178:13: call_function: calling ‘kr_use_fips’ from ‘user_password_encode’
krb5-1.21.3/src/lib/krad/attr.c:178:13: return_function: returning to ‘user_password_encode’ from ‘kr_use_fips’
krb5-1.21.3/src/lib/krad/attr.c:178:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/attr.c:181:13: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attr.c:187:12: branch_false: following ‘false’ branch (when ‘retval == 0’)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krad/attr.c:194:21: branch_true: following ‘true’ branch (when ‘i != 16’)...
krb5-1.21.3/src/lib/krad/attr.c:195:13: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attr.c:194:21: branch_true: following ‘true’ branch (when ‘i != 16’)...
krb5-1.21.3/src/lib/krad/attr.c:195:13: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attr.c:196:9: danger: ‘tmp.data’ leaks here; was allocated at [(6)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/5)
#  194|           for (i = 0; i < BLOCKSIZE; i++)
#  195|               outbuf[blck * BLOCKSIZE + i] ^= sum.contents[i];
#  196|->         krb5_free_checksum_contents(ctx, &sum);
#  197|   
#  198|           indx = &outbuf[blck * BLOCKSIZE];

Error: GCC_ANALYZER_WARNING (CWE-401): [#def631]
krb5-1.21.3/src/lib/krad/attr.c:242:22: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp.data’
krb5-1.21.3/src/lib/krad/attr.c:209:1: enter_function: entry to ‘user_password_decode’
krb5-1.21.3/src/lib/krad/attr.c:228:14: call_function: calling ‘alloc_data’ from ‘user_password_decode’
krb5-1.21.3/src/lib/krad/attr.c:228:14: return_function: returning to ‘user_password_decode’ from ‘alloc_data’
krb5-1.21.3/src/lib/krad/attr.c:229:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attr.c:232:5: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attr.c:233:33: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/attr.c:234:16: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attr.c:236:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attr.c:242:22: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attr.c:242:22: danger: ‘tmp.data’ leaks here; was allocated at [(4)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/3)
#  240|               sum.contents = calloc(1, BLOCKSIZE);
#  241|           } else {
#  242|->             retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0,
#  243|                                             &tmp, &sum);
#  244|           }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def632]
krb5-1.21.3/src/lib/krad/attr.c:254:17: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘sum.contents’
krb5-1.21.3/src/lib/krad/attr.c:209:1: enter_function: entry to ‘user_password_decode’
krb5-1.21.3/src/lib/krad/attr.c:228:14: call_function: calling ‘alloc_data’ from ‘user_password_decode’
krb5-1.21.3/src/lib/krad/attr.c:228:14: return_function: returning to ‘user_password_decode’ from ‘alloc_data’
krb5-1.21.3/src/lib/krad/attr.c:229:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attr.c:232:5: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attr.c:233:33: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/attr.c:234:16: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attr.c:236:13: call_function: calling ‘kr_use_fips’ from ‘user_password_decode’
krb5-1.21.3/src/lib/krad/attr.c:236:13: return_function: returning to ‘user_password_decode’ from ‘kr_use_fips’
krb5-1.21.3/src/lib/krad/attr.c:236:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/attr.c:239:13: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attr.c:240:28: acquire_memory: this call could return NULL
krb5-1.21.3/src/lib/krad/attr.c:245:12: branch_false: following ‘false’ branch (when ‘retval == 0’)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krad/attr.c:252:21: branch_true: following ‘true’ branch (when ‘i != 16’)...
krb5-1.21.3/src/lib/krad/attr.c:253:44: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attr.c:254:17: danger: ‘sum.contents + (sizetype)i’ could be NULL: unchecked value from [(18)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/17)
#  252|           for (i = 0; i < BLOCKSIZE; i++) {
#  253|               outbuf[blck * BLOCKSIZE + i] = in->data[blck * BLOCKSIZE + i] ^
#  254|->                 sum.contents[i];
#  255|           }
#  256|           krb5_free_checksum_contents(ctx, &sum);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def633]
krb5-1.21.3/src/lib/krad/attr.c:266:5: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp.data’
krb5-1.21.3/src/lib/krad/attr.c:209:1: enter_function: entry to ‘user_password_decode’
krb5-1.21.3/src/lib/krad/attr.c:228:14: call_function: calling ‘alloc_data’ from ‘user_password_decode’
krb5-1.21.3/src/lib/krad/attr.c:228:14: return_function: returning to ‘user_password_decode’ from ‘alloc_data’
krb5-1.21.3/src/lib/krad/attr.c:229:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attr.c:232:5: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attr.c:233:33: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attr.c:262:15: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attr.c:266:5: danger: ‘tmp.data’ leaks here; was allocated at [(4)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/3)
#  264|           (*outlen)--;
#  265|   
#  266|->     krb5_free_data_contents(ctx, &tmp);
#  267|       return 0;
#  268|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def634]
krb5-1.21.3/src/lib/krad/attrset.c:90:14: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krad/attrset.c:234:1: enter_function: entry to ‘kr_attrset_decode’
krb5-1.21.3/src/lib/krad/attrset.c:246:14: call_function: calling ‘krad_attrset_new’ from ‘kr_attrset_decode’
krb5-1.21.3/src/lib/krad/attrset.c:246:14: return_function: returning to ‘kr_attrset_decode’ from ‘krad_attrset_new’
krb5-1.21.3/src/lib/krad/attrset.c:247:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:250:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/attrset.c:251:16: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:255:18: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attrset.c:259:18: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:260:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attrset.c:263:15: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:264:18: call_function: calling ‘krad_attrset_add’ from ‘kr_attrset_decode’
krb5-1.21.3/src/lib/krad/attrset.c:264:18: return_function: returning to ‘kr_attrset_decode’ from ‘krad_attrset_add’
krb5-1.21.3/src/lib/krad/attrset.c:265:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:250:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/attrset.c:251:16: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:255:18: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attrset.c:259:18: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:260:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attrset.c:263:15: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:264:18: call_function: calling ‘krad_attrset_add’ from ‘kr_attrset_decode’
#   88|       attr *tmp;
#   89|   
#   90|->     retval = kr_attr_valid(type, data);
#   91|       if (retval != 0)
#   92|           return retval;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def635]
krb5-1.21.3/src/lib/krad/attrset.c:90:14: warning[-Wanalyzer-malloc-leak]: leak of ‘set’
krb5-1.21.3/src/lib/krad/attrset.c:234:1: enter_function: entry to ‘kr_attrset_decode’
krb5-1.21.3/src/lib/krad/attrset.c:246:14: call_function: calling ‘krad_attrset_new’ from ‘kr_attrset_decode’
krb5-1.21.3/src/lib/krad/attrset.c:246:14: return_function: returning to ‘kr_attrset_decode’ from ‘krad_attrset_new’
krb5-1.21.3/src/lib/krad/attrset.c:247:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:250:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/attrset.c:251:16: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:255:18: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attrset.c:259:18: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:260:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attrset.c:263:15: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:264:18: call_function: calling ‘krad_attrset_add’ from ‘kr_attrset_decode’
#   88|       attr *tmp;
#   89|   
#   90|->     retval = kr_attr_valid(type, data);
#   91|       if (retval != 0)
#   92|           return retval;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def636]
krb5-1.21.3/src/lib/krad/attrset.c:90:14: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp’
krb5-1.21.3/src/lib/krad/attrset.c:145:1: enter_function: entry to ‘krad_attrset_copy’
krb5-1.21.3/src/lib/krad/attrset.c:151:14: call_function: calling ‘krad_attrset_new’ from ‘krad_attrset_copy’
krb5-1.21.3/src/lib/krad/attrset.c:151:14: return_function: returning to ‘krad_attrset_copy’ from ‘krad_attrset_new’
krb5-1.21.3/src/lib/krad/attrset.c:152:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attrset.c:155:5: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:155:5: branch_true: following ‘true’ branch (when ‘a’ is non-NULL)...
krb5-1.21.3/src/lib/krad/attrset.c:156:49: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:156:18: call_function: calling ‘krad_attrset_add’ from ‘krad_attrset_copy’
#   88|       attr *tmp;
#   89|   
#   90|->     retval = kr_attr_valid(type, data);
#   91|       if (retval != 0)
#   92|           return retval;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def637]
krb5-1.21.3/src/lib/krad/attrset.c:259:18: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krad/attrset.c:234:1: enter_function: entry to ‘kr_attrset_decode’
krb5-1.21.3/src/lib/krad/attrset.c:246:14: call_function: calling ‘krad_attrset_new’ from ‘kr_attrset_decode’
krb5-1.21.3/src/lib/krad/attrset.c:246:14: return_function: returning to ‘kr_attrset_decode’ from ‘krad_attrset_new’
krb5-1.21.3/src/lib/krad/attrset.c:247:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:250:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/attrset.c:251:16: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:255:18: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attrset.c:259:18: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:260:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attrset.c:263:15: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:264:18: call_function: calling ‘krad_attrset_add’ from ‘kr_attrset_decode’
krb5-1.21.3/src/lib/krad/attrset.c:264:18: return_function: returning to ‘kr_attrset_decode’ from ‘krad_attrset_add’
krb5-1.21.3/src/lib/krad/attrset.c:265:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:250:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/attrset.c:251:16: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:255:18: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attrset.c:259:18: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:259:18: danger: ‘<unknown>’ leaks here; was allocated at [(19)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/18)
#  257|               goto cleanup;
#  258|   
#  259|->         retval = kr_attr_decode(ctx, secret, auth, type, &tmp, buffer, &len);
#  260|           if (retval != 0)
#  261|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def638]
krb5-1.21.3/src/lib/krad/attrset.c:259:18: warning[-Wanalyzer-malloc-leak]: leak of ‘set’
krb5-1.21.3/src/lib/krad/attrset.c:234:1: enter_function: entry to ‘kr_attrset_decode’
krb5-1.21.3/src/lib/krad/attrset.c:246:14: call_function: calling ‘krad_attrset_new’ from ‘kr_attrset_decode’
krb5-1.21.3/src/lib/krad/attrset.c:246:14: return_function: returning to ‘kr_attrset_decode’ from ‘krad_attrset_new’
krb5-1.21.3/src/lib/krad/attrset.c:247:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:250:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/attrset.c:251:16: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:255:18: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attrset.c:259:18: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attrset.c:259:18: danger: ‘set’ leaks here; was allocated at [(4)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/3)
#  257|               goto cleanup;
#  258|   
#  259|->         retval = kr_attr_decode(ctx, secret, auth, type, &tmp, buffer, &len);
#  260|           if (retval != 0)
#  261|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def639]
krb5-1.21.3/src/lib/krad/client.c:96:14: warning[-Wanalyzer-malloc-leak]: leak of ‘srv’
krb5-1.21.3/src/lib/krad/client.c:92:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krad/client.c:93:8: branch_false: following ‘false’ branch (when ‘srv’ is non-NULL)...
krb5-1.21.3/src/lib/krad/client.c:96:14: branch_false: ...to here
krb5-1.21.3/src/lib/krad/client.c:96:14: danger: ‘srv’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   94|           return ENOMEM;
#   95|   
#   96|->     retval = kr_remote_new(rc->kctx, rc->vctx, ai, secret, &srv->serv);
#   97|       if (retval != 0) {
#   98|           free(srv);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def640]
krb5-1.21.3/src/lib/krad/client.c:144:14: warning[-Wanalyzer-malloc-leak]: leak of ‘rqst’
krb5-1.21.3/src/lib/krad/client.c:127:8: branch_false: following ‘false’ branch (when ‘ai’ is non-NULL)...
krb5-1.21.3/src/lib/krad/client.c:130:12: branch_false: ...to here
krb5-1.21.3/src/lib/krad/client.c:130:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/krad/client.c:131:8: branch_false: following ‘false’ branch (when ‘rqst’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krad/client.c:134:20: branch_true: following ‘true’ branch (when ‘tmp’ is non-NULL)...
krb5-1.21.3/src/lib/krad/client.c:135:9: branch_true: ...to here
krb5-1.21.3/src/lib/krad/client.c:144:14: danger: ‘rqst’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  142|       rqst->retries = retries;
#  143|   
#  144|->     retval = krad_attrset_copy(attrs, &rqst->attrs);
#  145|       if (retval != 0) {
#  146|           request_free(rqst);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def641]
krb5-1.21.3/src/lib/krad/client.c:275:14: warning[-Wanalyzer-malloc-leak]: leak of ‘srv’
krb5-1.21.3/src/lib/krad/client.c:252:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krad/client.c:253:8: branch_false: following ‘false’ branch (when ‘srv’ is non-NULL)...
krb5-1.21.3/src/lib/krad/client.c:256:9: branch_false: ...to here
krb5-1.21.3/src/lib/krad/client.c:275:14: danger: ‘srv’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  273|       memset(&hints, 0, sizeof(hints));
#  274|       hints.ai_socktype = SOCK_DGRAM;
#  275|->     retval = gai_error_code(getaddrinfo(srv, svc, &hints, ai));
#  276|       free(srv);
#  277|       return retval;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def642]
krb5-1.21.3/src/lib/krad/internal.h:185:11: warning[-Wanalyzer-malloc-leak]: leak of ‘data.data’
krb5-1.21.3/src/lib/krad/packet.c:165:1: enter_function: entry to ‘auth_generate_response’
krb5-1.21.3/src/lib/krad/packet.c:174:14: call_function: calling ‘alloc_data’ from ‘auth_generate_response’
krb5-1.21.3/src/lib/krad/packet.c:174:14: return_function: returning to ‘auth_generate_response’ from ‘alloc_data’
krb5-1.21.3/src/lib/krad/packet.c:175:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:180:5: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:185:9: call_function: calling ‘kr_use_fips’ from ‘auth_generate_response’
#  183|           return 0;
#  184|   
#  185|->     (void)profile_get_boolean(ctx->profile, "libdefaults",
#  186|                                 "radius_md5_fips_override", NULL, 0, &val);
#  187|       return !val;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def643]
krb5-1.21.3/src/lib/krad/internal.h:185:11: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp.data’
krb5-1.21.3/src/lib/krad/attr.c:209:1: enter_function: entry to ‘user_password_decode’
krb5-1.21.3/src/lib/krad/attr.c:228:14: call_function: calling ‘alloc_data’ from ‘user_password_decode’
krb5-1.21.3/src/lib/krad/attr.c:228:14: return_function: returning to ‘user_password_decode’ from ‘alloc_data’
krb5-1.21.3/src/lib/krad/attr.c:229:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/attr.c:232:5: branch_false: ...to here
krb5-1.21.3/src/lib/krad/attr.c:233:33: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/attr.c:234:16: branch_true: ...to here
krb5-1.21.3/src/lib/krad/attr.c:236:13: call_function: calling ‘kr_use_fips’ from ‘user_password_decode’
#  183|           return 0;
#  184|   
#  185|->     (void)profile_get_boolean(ctx->profile, "libdefaults",
#  186|                                 "radius_md5_fips_override", NULL, 0, &val);
#  187|       return !val;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def644]
krb5-1.21.3/src/lib/krad/packet.c:111:12: warning[-Wanalyzer-malloc-leak]: leak of ‘packet_new()’
krb5-1.21.3/src/lib/krad/packet.c:355:1: enter_function: entry to ‘krad_packet_new_request’
krb5-1.21.3/src/lib/krad/packet.c:365:11: call_function: calling ‘packet_new’ from ‘krad_packet_new_request’
krb5-1.21.3/src/lib/krad/packet.c:365:11: return_function: returning to ‘krad_packet_new_request’ from ‘packet_new’
krb5-1.21.3/src/lib/krad/packet.c:366:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:373:14: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:373:14: call_function: calling ‘id_generate’ from ‘krad_packet_new_request’
#  109|   {
#  110|       krb5_data rdata = make_data(buffer, size);
#  111|->     return krb5_c_random_make_octets(ctx, &rdata);
#  112|   }
#  113|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def645]
krb5-1.21.3/src/lib/krad/packet.c:126:13: warning[-Wanalyzer-malloc-leak]: leak of ‘packet_new()’
krb5-1.21.3/src/lib/krad/packet.c:355:1: enter_function: entry to ‘krad_packet_new_request’
krb5-1.21.3/src/lib/krad/packet.c:365:11: call_function: calling ‘packet_new’ from ‘krad_packet_new_request’
krb5-1.21.3/src/lib/krad/packet.c:365:11: return_function: returning to ‘krad_packet_new_request’ from ‘packet_new’
krb5-1.21.3/src/lib/krad/packet.c:366:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:373:14: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:373:14: call_function: calling ‘id_generate’ from ‘krad_packet_new_request’
#  124|       if (retval != 0) {
#  125|           if (cb != NULL)
#  126|->             (*cb)(data, TRUE);
#  127|           return retval;
#  128|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def646]
krb5-1.21.3/src/lib/krad/packet.c:132:20: warning[-Wanalyzer-malloc-leak]: leak of ‘packet_new()’
krb5-1.21.3/src/lib/krad/packet.c:355:1: enter_function: entry to ‘krad_packet_new_request’
krb5-1.21.3/src/lib/krad/packet.c:365:11: call_function: calling ‘packet_new’ from ‘krad_packet_new_request’
krb5-1.21.3/src/lib/krad/packet.c:365:11: return_function: returning to ‘krad_packet_new_request’ from ‘packet_new’
krb5-1.21.3/src/lib/krad/packet.c:366:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:373:14: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:373:14: call_function: calling ‘id_generate’ from ‘krad_packet_new_request’
#  130|       if (cb != NULL) {
#  131|           idmap_init(&used);
#  132|->         for (tmp = (*cb)(data, FALSE); tmp != NULL; tmp = (*cb)(data, FALSE))
#  133|               idmap_set(&used, tmp->pkt.data[1]);
#  134|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def647]
krb5-1.21.3/src/lib/krad/packet.c:132:59: warning[-Wanalyzer-malloc-leak]: leak of ‘packet_new()’
krb5-1.21.3/src/lib/krad/packet.c:355:1: enter_function: entry to ‘krad_packet_new_request’
krb5-1.21.3/src/lib/krad/packet.c:365:11: call_function: calling ‘packet_new’ from ‘krad_packet_new_request’
krb5-1.21.3/src/lib/krad/packet.c:365:11: return_function: returning to ‘krad_packet_new_request’ from ‘packet_new’
krb5-1.21.3/src/lib/krad/packet.c:366:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:373:14: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:373:14: call_function: calling ‘id_generate’ from ‘krad_packet_new_request’
#  130|       if (cb != NULL) {
#  131|           idmap_init(&used);
#  132|->         for (tmp = (*cb)(data, FALSE); tmp != NULL; tmp = (*cb)(data, FALSE))
#  133|               idmap_set(&used, tmp->pkt.data[1]);
#  134|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def648]
krb5-1.21.3/src/lib/krad/packet.c:190:18: warning[-Wanalyzer-malloc-leak]: leak of ‘data.data’
krb5-1.21.3/src/lib/krad/packet.c:165:1: enter_function: entry to ‘auth_generate_response’
krb5-1.21.3/src/lib/krad/packet.c:174:14: call_function: calling ‘alloc_data’ from ‘auth_generate_response’
krb5-1.21.3/src/lib/krad/packet.c:174:14: return_function: returning to ‘auth_generate_response’ from ‘alloc_data’
krb5-1.21.3/src/lib/krad/packet.c:175:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:180:5: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:185:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:190:18: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:190:18: danger: ‘data.data’ leaks here; was allocated at [(4)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/3)
#  188|           hash.contents = calloc(1, AUTH_FIELD_SIZE);
#  189|       } else {
#  190|->         retval = krb5_c_make_checksum(ctx, CKSUMTYPE_RSA_MD5, NULL, 0, &data,
#  191|                                         &hash);
#  192|       }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def649]
krb5-1.21.3/src/lib/krad/packet.c:197:5: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘hash.contents’
krb5-1.21.3/src/lib/krad/packet.c:165:1: enter_function: entry to ‘auth_generate_response’
krb5-1.21.3/src/lib/krad/packet.c:174:14: call_function: calling ‘alloc_data’ from ‘auth_generate_response’
krb5-1.21.3/src/lib/krad/packet.c:174:14: return_function: returning to ‘auth_generate_response’ from ‘alloc_data’
krb5-1.21.3/src/lib/krad/packet.c:175:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:180:5: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:185:9: call_function: calling ‘kr_use_fips’ from ‘auth_generate_response’
krb5-1.21.3/src/lib/krad/packet.c:185:9: return_function: returning to ‘auth_generate_response’ from ‘kr_use_fips’
krb5-1.21.3/src/lib/krad/packet.c:185:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/packet.c:188:25: branch_true: ...to here
krb5-1.21.3/src/lib/krad/packet.c:188:25: acquire_memory: this call could return NULL
krb5-1.21.3/src/lib/krad/packet.c:194:8: branch_false: following ‘false’ branch (when ‘retval == 0’)...
krb5-1.21.3/src/lib/krad/packet.c:197:19: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:197:5: danger: ‘hash.contents’ could be NULL: unchecked value from [(16)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/15)
#  195|           return retval;
#  196|   
#  197|->     memcpy(rauth, hash.contents, AUTH_FIELD_SIZE);
#  198|       krb5_free_checksum_contents(ctx, &hash);
#  199|       return 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def650]
krb5-1.21.3/src/lib/krad/packet.c:198:5: warning[-Wanalyzer-malloc-leak]: leak of ‘hash.contents’
krb5-1.21.3/src/lib/krad/packet.c:165:1: enter_function: entry to ‘auth_generate_response’
krb5-1.21.3/src/lib/krad/packet.c:174:14: call_function: calling ‘alloc_data’ from ‘auth_generate_response’
krb5-1.21.3/src/lib/krad/packet.c:174:14: return_function: returning to ‘auth_generate_response’ from ‘alloc_data’
krb5-1.21.3/src/lib/krad/packet.c:175:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:180:5: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:185:9: call_function: calling ‘kr_use_fips’ from ‘auth_generate_response’
krb5-1.21.3/src/lib/krad/packet.c:185:9: return_function: returning to ‘auth_generate_response’ from ‘kr_use_fips’
krb5-1.21.3/src/lib/krad/packet.c:185:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/packet.c:188:25: branch_true: ...to here
krb5-1.21.3/src/lib/krad/packet.c:188:25: acquire_memory: allocated here
krb5-1.21.3/src/lib/krad/packet.c:194:8: branch_false: following ‘false’ branch (when ‘retval == 0’)...
krb5-1.21.3/src/lib/krad/packet.c:197:19: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:198:5: danger: ‘hash.contents’ leaks here; was allocated at [(16)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/15)
#  196|   
#  197|       memcpy(rauth, hash.contents, AUTH_FIELD_SIZE);
#  198|->     krb5_free_checksum_contents(ctx, &hash);
#  199|       return 0;
#  200|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def651]
krb5-1.21.3/src/lib/krad/packet.c:211:26: warning[-Wanalyzer-malloc-leak]: leak of ‘packet_new()’
krb5-1.21.3/src/lib/krad/packet.c:511:1: enter_function: entry to ‘decode_packet’
krb5-1.21.3/src/lib/krad/packet.c:518:11: call_function: calling ‘packet_new’ from ‘decode_packet’
krb5-1.21.3/src/lib/krad/packet.c:518:11: return_function: returning to ‘decode_packet’ from ‘packet_new’
krb5-1.21.3/src/lib/krad/packet.c:519:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:525:15: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:549:5: call_function: calling ‘krad_packet_free’ from ‘decode_packet’
#  209|       if (pkt == NULL)
#  210|           return NULL;
#  211|->     pkt->pkt = make_data(pkt->buffer, sizeof(pkt->buffer));
#  212|   
#  213|       return pkt;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def652]
krb5-1.21.3/src/lib/krad/packet.c:223:12: warning[-Wanalyzer-malloc-leak]: leak of ‘packet_new()’
krb5-1.21.3/src/lib/krad/packet.c:511:1: enter_function: entry to ‘decode_packet’
krb5-1.21.3/src/lib/krad/packet.c:518:11: call_function: calling ‘packet_new’ from ‘decode_packet’
krb5-1.21.3/src/lib/krad/packet.c:518:11: return_function: returning to ‘decode_packet’ from ‘packet_new’
krb5-1.21.3/src/lib/krad/packet.c:519:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:525:15: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:525:14: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:528:22: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:529:14: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:532:15: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:532:14: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:541:14: call_function: calling ‘packet_set_attrset’ from ‘decode_packet’
#  221|   
#  222|       tmp = make_data(pkt_attr(pkt), pkt->pkt.length - OFFSET_ATTR);
#  223|->     return kr_attrset_decode(ctx, &tmp, secret, pkt_auth(pkt), &pkt->attrset);
#  224|   }
#  225|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def653]
krb5-1.21.3/src/lib/krad/packet.c:240:20: warning[-Wanalyzer-malloc-leak]: leak of ‘packet_new()’
krb5-1.21.3/src/lib/krad/packet.c:421:1: enter_function: entry to ‘krad_packet_new_response’
krb5-1.21.3/src/lib/krad/packet.c:430:11: call_function: calling ‘packet_new’ from ‘krad_packet_new_response’
krb5-1.21.3/src/lib/krad/packet.c:430:11: return_function: returning to ‘krad_packet_new_response’ from ‘packet_new’
krb5-1.21.3/src/lib/krad/packet.c:431:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:435:24: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:435:24: call_function: calling ‘requires_msgauth’ from ‘krad_packet_new_response’
#  238|        * potential responses when UDP or TCP transport is used.
#  239|        */
#  240|->     return code == krad_code_name2num("Access-Request") ||
#  241|           code == krad_code_name2num("Access-Reject") ||
#  242|           code == krad_code_name2num("Access-Accept") ||

Error: GCC_ANALYZER_WARNING (CWE-401): [#def654]
krb5-1.21.3/src/lib/krad/packet.c:241:17: warning[-Wanalyzer-malloc-leak]: leak of ‘packet_new()’
krb5-1.21.3/src/lib/krad/packet.c:421:1: enter_function: entry to ‘krad_packet_new_response’
krb5-1.21.3/src/lib/krad/packet.c:430:11: call_function: calling ‘packet_new’ from ‘krad_packet_new_response’
krb5-1.21.3/src/lib/krad/packet.c:430:11: return_function: returning to ‘krad_packet_new_response’ from ‘packet_new’
krb5-1.21.3/src/lib/krad/packet.c:431:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:435:24: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:435:24: call_function: calling ‘requires_msgauth’ from ‘krad_packet_new_response’
#  239|        */
#  240|       return code == krad_code_name2num("Access-Request") ||
#  241|->         code == krad_code_name2num("Access-Reject") ||
#  242|           code == krad_code_name2num("Access-Accept") ||
#  243|           code == krad_code_name2num("Access-Challenge");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def655]
krb5-1.21.3/src/lib/krad/packet.c:242:17: warning[-Wanalyzer-malloc-leak]: leak of ‘packet_new()’
krb5-1.21.3/src/lib/krad/packet.c:421:1: enter_function: entry to ‘krad_packet_new_response’
krb5-1.21.3/src/lib/krad/packet.c:430:11: call_function: calling ‘packet_new’ from ‘krad_packet_new_response’
krb5-1.21.3/src/lib/krad/packet.c:430:11: return_function: returning to ‘krad_packet_new_response’ from ‘packet_new’
krb5-1.21.3/src/lib/krad/packet.c:431:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:435:24: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:435:24: call_function: calling ‘requires_msgauth’ from ‘krad_packet_new_response’
#  240|       return code == krad_code_name2num("Access-Request") ||
#  241|           code == krad_code_name2num("Access-Reject") ||
#  242|->         code == krad_code_name2num("Access-Accept") ||
#  243|           code == krad_code_name2num("Access-Challenge");
#  244|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def656]
krb5-1.21.3/src/lib/krad/packet.c:243:17: warning[-Wanalyzer-malloc-leak]: leak of ‘packet_new()’
krb5-1.21.3/src/lib/krad/packet.c:421:1: enter_function: entry to ‘krad_packet_new_response’
krb5-1.21.3/src/lib/krad/packet.c:430:11: call_function: calling ‘packet_new’ from ‘krad_packet_new_response’
krb5-1.21.3/src/lib/krad/packet.c:430:11: return_function: returning to ‘krad_packet_new_response’ from ‘packet_new’
krb5-1.21.3/src/lib/krad/packet.c:431:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:435:24: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:435:24: call_function: calling ‘requires_msgauth’ from ‘krad_packet_new_response’
#  241|           code == krad_code_name2num("Access-Reject") ||
#  242|           code == krad_code_name2num("Access-Accept") ||
#  243|->         code == krad_code_name2num("Access-Challenge");
#  244|   }
#  245|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def657]
krb5-1.21.3/src/lib/krad/packet.c:385:33: warning[-Wanalyzer-malloc-leak]: leak of ‘packet_new()’
krb5-1.21.3/src/lib/krad/packet.c:355:1: enter_function: entry to ‘krad_packet_new_request’
krb5-1.21.3/src/lib/krad/packet.c:365:11: call_function: calling ‘packet_new’ from ‘krad_packet_new_request’
krb5-1.21.3/src/lib/krad/packet.c:365:11: return_function: returning to ‘krad_packet_new_request’ from ‘packet_new’
krb5-1.21.3/src/lib/krad/packet.c:366:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:373:14: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:374:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:376:5: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:379:14: call_function: calling ‘auth_generate_random’ from ‘krad_packet_new_request’
krb5-1.21.3/src/lib/krad/packet.c:379:14: return_function: returning to ‘krad_packet_new_request’ from ‘auth_generate_random’
krb5-1.21.3/src/lib/krad/packet.c:380:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:384:25: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:384:24: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/packet.c:385:33: branch_true: ...to here
krb5-1.21.3/src/lib/krad/packet.c:385:33: danger: ‘packet_new()’ leaks here; was allocated at [(4)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/3)
#  383|       /* Determine if Message-Authenticator is required. */
#  384|       msgauth_required = (*secret != '\0' &&
#  385|->                         code == krad_code_name2num("Access-Request"));
#  386|   
#  387|       /* Encode the attributes. */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def658]
krb5-1.21.3/src/lib/krad/packet.c:388:14: warning[-Wanalyzer-malloc-leak]: leak of ‘packet_new()’
krb5-1.21.3/src/lib/krad/packet.c:355:1: enter_function: entry to ‘krad_packet_new_request’
krb5-1.21.3/src/lib/krad/packet.c:365:11: call_function: calling ‘packet_new’ from ‘krad_packet_new_request’
krb5-1.21.3/src/lib/krad/packet.c:365:11: return_function: returning to ‘krad_packet_new_request’ from ‘packet_new’
krb5-1.21.3/src/lib/krad/packet.c:366:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:373:14: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:374:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:376:5: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:379:14: call_function: calling ‘auth_generate_random’ from ‘krad_packet_new_request’
krb5-1.21.3/src/lib/krad/packet.c:379:14: return_function: returning to ‘krad_packet_new_request’ from ‘auth_generate_random’
krb5-1.21.3/src/lib/krad/packet.c:380:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:384:25: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:388:14: danger: ‘packet_new()’ leaks here; was allocated at [(4)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/3)
#  386|   
#  387|       /* Encode the attributes. */
#  388|->     retval = kr_attrset_encode(set, secret, pkt_auth(pkt), msgauth_required,
#  389|                                  pkt_attr(pkt), &attrset_len, &pkt->is_fips);
#  390|       if (retval != 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def659]
krb5-1.21.3/src/lib/krad/packet.c:438:14: warning[-Wanalyzer-malloc-leak]: leak of ‘packet_new()’
krb5-1.21.3/src/lib/krad/packet.c:421:1: enter_function: entry to ‘krad_packet_new_response’
krb5-1.21.3/src/lib/krad/packet.c:430:11: call_function: calling ‘packet_new’ from ‘krad_packet_new_response’
krb5-1.21.3/src/lib/krad/packet.c:430:11: return_function: returning to ‘krad_packet_new_response’ from ‘packet_new’
krb5-1.21.3/src/lib/krad/packet.c:431:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/packet.c:435:24: branch_false: ...to here
krb5-1.21.3/src/lib/krad/packet.c:435:24: call_function: calling ‘requires_msgauth’ from ‘krad_packet_new_response’
krb5-1.21.3/src/lib/krad/packet.c:435:24: return_function: returning to ‘krad_packet_new_response’ from ‘requires_msgauth’
krb5-1.21.3/src/lib/krad/packet.c:438:14: danger: ‘packet_new()’ leaks here; was allocated at [(4)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/3)
#  436|   
#  437|       /* Encode the attributes. */
#  438|->     retval = kr_attrset_encode(set, secret, pkt_auth(request),
#  439|                                  msgauth_required, pkt_attr(pkt), &attrset_len,
#  440|                                  &pkt->is_fips);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def660]
krb5-1.21.3/src/lib/krad/remote.c:178:9: warning[-Wanalyzer-malloc-leak]: leak of ‘new_request’
krb5-1.21.3/src/lib/krad/remote.c:477:1: enter_function: entry to ‘kr_remote_send’
krb5-1.21.3/src/lib/krad/remote.c:491:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/remote.c:493:17: branch_false: ...to here
krb5-1.21.3/src/lib/krad/remote.c:509:14: call_function: calling ‘request_new’ from ‘kr_remote_send’
krb5-1.21.3/src/lib/krad/remote.c:509:14: return_function: returning to ‘kr_remote_send’ from ‘request_new’
krb5-1.21.3/src/lib/krad/remote.c:510:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/remote.c:513:14: branch_false: ...to here
krb5-1.21.3/src/lib/krad/remote.c:513:14: call_function: calling ‘remote_add_flags’ from ‘kr_remote_send’
#  176|   {
#  177|       if (rr->fd >= 0)
#  178|->         close(rr->fd);
#  179|       verto_del(rr->io);
#  180|       rr->fd = -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def661]
krb5-1.21.3/src/lib/krad/remote.c:179:5: warning[-Wanalyzer-malloc-leak]: leak of ‘new_request’
krb5-1.21.3/src/lib/krad/remote.c:477:1: enter_function: entry to ‘kr_remote_send’
krb5-1.21.3/src/lib/krad/remote.c:491:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/remote.c:493:17: branch_false: ...to here
krb5-1.21.3/src/lib/krad/remote.c:509:14: call_function: calling ‘request_new’ from ‘kr_remote_send’
krb5-1.21.3/src/lib/krad/remote.c:509:14: return_function: returning to ‘kr_remote_send’ from ‘request_new’
krb5-1.21.3/src/lib/krad/remote.c:510:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/remote.c:513:14: branch_false: ...to here
krb5-1.21.3/src/lib/krad/remote.c:513:14: call_function: calling ‘remote_add_flags’ from ‘kr_remote_send’
#  177|       if (rr->fd >= 0)
#  178|           close(rr->fd);
#  179|->     verto_del(rr->io);
#  180|       rr->fd = -1;
#  181|       rr->io = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def662]
krb5-1.21.3/src/lib/krad/remote.c:179:5: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp’
krb5-1.21.3/src/lib/krad/remote.c:417:1: enter_function: entry to ‘kr_remote_new’
krb5-1.21.3/src/lib/krad/remote.c:423:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krad/remote.c:424:8: branch_false: following ‘false’ branch (when ‘tmp’ is non-NULL)...
krb5-1.21.3/src/lib/krad/remote.c:426:5: branch_false: ...to here
krb5-1.21.3/src/lib/krad/remote.c:433:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/remote.c:434:9: branch_true: ...to here
krb5-1.21.3/src/lib/krad/remote.c:450:5: call_function: calling ‘kr_remote_free’ from ‘kr_remote_new’
#  177|       if (rr->fd >= 0)
#  178|           close(rr->fd);
#  179|->     verto_del(rr->io);
#  180|       rr->fd = -1;
#  181|       rr->io = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def663]
krb5-1.21.3/src/lib/krad/remote.c:198:9: warning[-Wanalyzer-malloc-leak]: leak of ‘new_request’
krb5-1.21.3/src/lib/krad/remote.c:477:1: enter_function: entry to ‘kr_remote_send’
krb5-1.21.3/src/lib/krad/remote.c:491:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/remote.c:493:17: branch_false: ...to here
krb5-1.21.3/src/lib/krad/remote.c:509:14: call_function: calling ‘request_new’ from ‘kr_remote_send’
krb5-1.21.3/src/lib/krad/remote.c:509:14: return_function: returning to ‘kr_remote_send’ from ‘request_new’
krb5-1.21.3/src/lib/krad/remote.c:510:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/remote.c:513:14: branch_false: ...to here
krb5-1.21.3/src/lib/krad/remote.c:513:14: call_function: calling ‘remote_add_flags’ from ‘kr_remote_send’
#  196|       /* If there is no connection, connect. */
#  197|       if (remote->fd < 0) {
#  198|->         verto_del(remote->io);
#  199|           remote->io = NULL;
#  200|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def664]
krb5-1.21.3/src/lib/krad/remote.c:206:13: warning[-Wanalyzer-malloc-leak]: leak of ‘new_request’
krb5-1.21.3/src/lib/krad/remote.c:477:1: enter_function: entry to ‘kr_remote_send’
krb5-1.21.3/src/lib/krad/remote.c:491:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/remote.c:493:17: branch_false: ...to here
krb5-1.21.3/src/lib/krad/remote.c:509:14: call_function: calling ‘request_new’ from ‘kr_remote_send’
krb5-1.21.3/src/lib/krad/remote.c:509:14: return_function: returning to ‘kr_remote_send’ from ‘request_new’
krb5-1.21.3/src/lib/krad/remote.c:510:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/remote.c:513:14: branch_false: ...to here
krb5-1.21.3/src/lib/krad/remote.c:513:14: call_function: calling ‘remote_add_flags’ from ‘kr_remote_send’
#  204|               return errno;
#  205|   
#  206|->         i = connect(remote->fd, remote->info->ai_addr,
#  207|                       remote->info->ai_addrlen);
#  208|           if (i < 0) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def665]
krb5-1.21.3/src/lib/krad/remote.c:208:12: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘socket(*remote_32(D)->info.ai_family, *remote_32(D)->info.ai_socktype, *remote_32(D)->info.ai_protocol)’
krb5-1.21.3/src/lib/krad/remote.c:404:1: enter_function: entry to ‘on_io’
krb5-1.21.3/src/lib/krad/remote.c:410:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krad/remote.c:411:9: branch_true: ...to here
krb5-1.21.3/src/lib/krad/remote.c:411:9: call_function: calling ‘on_io_write’ from ‘on_io’
#  206|           i = connect(remote->fd, remote->info->ai_addr,
#  207|                       remote->info->ai_addrlen);
#  208|->         if (i < 0) {
#  209|               i = errno;
#  210|               remote_disconnect(remote);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def666]
krb5-1.21.3/src/lib/krad/remote.c:216:22: warning[-Wanalyzer-malloc-leak]: leak of ‘new_request’
krb5-1.21.3/src/lib/krad/remote.c:477:1: enter_function: entry to ‘kr_remote_send’
krb5-1.21.3/src/lib/krad/remote.c:491:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/remote.c:493:17: branch_false: ...to here
krb5-1.21.3/src/lib/krad/remote.c:509:14: call_function: calling ‘request_new’ from ‘kr_remote_send’
krb5-1.21.3/src/lib/krad/remote.c:509:14: return_function: returning to ‘kr_remote_send’ from ‘request_new’
krb5-1.21.3/src/lib/krad/remote.c:510:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/remote.c:513:14: branch_false: ...to here
krb5-1.21.3/src/lib/krad/remote.c:513:14: call_function: calling ‘remote_add_flags’ from ‘kr_remote_send’
#  214|   
#  215|       if (remote->io == NULL) {
#  216|->         remote->io = verto_add_io(remote->vctx, FLAGS_BASE | flags,
#  217|                                     on_io, remote->fd);
#  218|           if (remote->io == NULL)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def667]
krb5-1.21.3/src/lib/krad/remote.c:220:9: warning[-Wanalyzer-malloc-leak]: leak of ‘new_request’
krb5-1.21.3/src/lib/krad/remote.c:477:1: enter_function: entry to ‘kr_remote_send’
krb5-1.21.3/src/lib/krad/remote.c:491:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/remote.c:493:17: branch_false: ...to here
krb5-1.21.3/src/lib/krad/remote.c:509:14: call_function: calling ‘request_new’ from ‘kr_remote_send’
krb5-1.21.3/src/lib/krad/remote.c:509:14: return_function: returning to ‘kr_remote_send’ from ‘request_new’
krb5-1.21.3/src/lib/krad/remote.c:510:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/remote.c:513:14: branch_false: ...to here
krb5-1.21.3/src/lib/krad/remote.c:513:14: call_function: calling ‘remote_add_flags’ from ‘kr_remote_send’
#  218|           if (remote->io == NULL)
#  219|               return ENOMEM;
#  220|->         verto_set_private(remote->io, remote, NULL);
#  221|       }
#  222|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def668]
krb5-1.21.3/src/lib/krad/remote.c:223:16: warning[-Wanalyzer-malloc-leak]: leak of ‘new_request’
krb5-1.21.3/src/lib/krad/remote.c:477:1: enter_function: entry to ‘kr_remote_send’
krb5-1.21.3/src/lib/krad/remote.c:491:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/remote.c:493:17: branch_false: ...to here
krb5-1.21.3/src/lib/krad/remote.c:509:14: call_function: calling ‘request_new’ from ‘kr_remote_send’
krb5-1.21.3/src/lib/krad/remote.c:509:14: return_function: returning to ‘kr_remote_send’ from ‘request_new’
krb5-1.21.3/src/lib/krad/remote.c:510:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krad/remote.c:513:14: branch_false: ...to here
krb5-1.21.3/src/lib/krad/remote.c:513:14: call_function: calling ‘remote_add_flags’ from ‘kr_remote_send’
#  221|       }
#  222|   
#  223|->     curflags = verto_get_flags(remote->io);
#  224|       if ((curflags & flags) != flags)
#  225|           verto_set_flags(remote->io, FLAGS_BASE | curflags | flags);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def669]
krb5-1.21.3/src/lib/krb5/asn.1/asn1_k_encode.c:1266:11: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
krb5-1.21.3/src/lib/krb5/asn.1/asn1_k_encode.c:1263:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/asn.1/asn1_k_encode.c:1264:8: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/asn.1/asn1_k_encode.c:1266:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/asn.1/asn1_k_encode.c:1266:11: danger: ‘data’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
# 1264|       if (data == NULL)
# 1265|           return ENOMEM;
# 1266|->     ret = k5_asn1_full_decode(code, &k5_atype_setpw_req, &req_ptr);
# 1267|       if (ret) {
# 1268|           free(data);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def670]
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:83:12: warning[-Wanalyzer-malloc-leak]: leak of ‘dirname’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:602:1: enter_function: entry to ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:613:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:615:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:615:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: call_function: calling ‘get_context_default_dir’ from ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: return_function: returning to ‘dcc_ptcursor_new’ from ‘get_context_default_dir’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:624:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:627:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:631:11: call_function: inlined call to ‘primary_pathname’ from ‘dcc_ptcursor_new’
#   81|   primary_pathname(const char *dirname, char **path_out)
#   82|   {
#   83|->     return k5_path_join(dirname, "primary", path_out);
#   84|   }
#   85|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def671]
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:83:12: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(dirname)’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:602:1: enter_function: entry to ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:613:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:615:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:615:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: call_function: calling ‘get_context_default_dir’ from ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: return_function: returning to ‘dcc_ptcursor_new’ from ‘get_context_default_dir’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:624:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:626:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:627:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:631:11: call_function: inlined call to ‘primary_pathname’ from ‘dcc_ptcursor_new’
#   81|   primary_pathname(const char *dirname, char **path_out)
#   82|   {
#   83|->     return k5_path_join(dirname, "primary", path_out);
#   84|   }
#   85|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def672]
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:95:11: warning[-Wanalyzer-malloc-leak]: leak of ‘dirname’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:602:1: enter_function: entry to ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:613:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:615:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:615:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: call_function: calling ‘get_context_default_dir’ from ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: return_function: returning to ‘dcc_ptcursor_new’ from ‘get_context_default_dir’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:624:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:627:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:631:11: call_function: inlined call to ‘primary_pathname’ from ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:632:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:634:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:634:11: call_function: calling ‘read_primary_file’ from ‘dcc_ptcursor_new’
#   93|   
#   94|       *out = NULL;
#   95|->     ret = k5_path_join(dirname, filename, &path);
#   96|       if (ret)
#   97|           return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def673]
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:95:11: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(dirname)’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:602:1: enter_function: entry to ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:613:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:615:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:615:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: call_function: calling ‘get_context_default_dir’ from ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: return_function: returning to ‘dcc_ptcursor_new’ from ‘get_context_default_dir’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:624:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:626:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:627:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:631:11: call_function: inlined call to ‘primary_pathname’ from ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:632:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:634:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:634:11: call_function: calling ‘read_primary_file’ from ‘dcc_ptcursor_new’
#   93|   
#   94|       *out = NULL;
#   95|->     ret = k5_path_join(dirname, filename, &path);
#   96|       if (ret)
#   97|           return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def674]
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:169:9: warning[-Wanalyzer-malloc-leak]: leak of ‘dirname’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:602:1: enter_function: entry to ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:613:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:615:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:615:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: call_function: calling ‘get_context_default_dir’ from ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: return_function: returning to ‘dcc_ptcursor_new’ from ‘get_context_default_dir’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:624:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:627:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:631:11: call_function: inlined call to ‘primary_pathname’ from ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:632:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:634:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:634:11: call_function: calling ‘read_primary_file’ from ‘dcc_ptcursor_new’
#  167|       if (buf[len - 1] != '\n' || !filename_is_cache(buf) ||
#  168|           strchr(buf, '/') || strchr(buf, '\\')) {
#  169|->         k5_setmsg(context, KRB5_CC_FORMAT, _("%s contains invalid filename"),
#  170|                     primary_path);
#  171|           return KRB5_CC_FORMAT;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def675]
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:169:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(dirname)’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:602:1: enter_function: entry to ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:613:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:615:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:615:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: call_function: calling ‘get_context_default_dir’ from ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: return_function: returning to ‘dcc_ptcursor_new’ from ‘get_context_default_dir’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:624:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:626:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:627:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:631:11: call_function: inlined call to ‘primary_pathname’ from ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:632:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:634:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:634:11: call_function: calling ‘read_primary_file’ from ‘dcc_ptcursor_new’
#  167|       if (buf[len - 1] != '\n' || !filename_is_cache(buf) ||
#  168|           strchr(buf, '/') || strchr(buf, '\\')) {
#  169|->         k5_setmsg(context, KRB5_CC_FORMAT, _("%s contains invalid filename"),
#  170|                     primary_path);
#  171|           return KRB5_CC_FORMAT;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def676]
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:241:23: warning[-Wanalyzer-malloc-leak]: leak of ‘dirname’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:410:1: enter_function: entry to ‘dcc_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:417:11: call_function: calling ‘get_context_default_dir’ from ‘dcc_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:417:11: return_function: returning to ‘dcc_gen_new’ from ‘get_context_default_dir’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:418:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:420:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:420:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:426:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:426:11: call_function: calling ‘verify_dir’ from ‘dcc_gen_new’
#  239|           if (errno == ENOENT) {
#  240|   #ifdef USE_SELINUX
#  241|->             selabel = krb5int_push_fscreatecon_for(dirname);
#  242|   #endif
#  243|               status = mkdir(dirname, S_IRWXU);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def677]
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:245:13: warning[-Wanalyzer-malloc-leak]: leak of ‘dirname’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:410:1: enter_function: entry to ‘dcc_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:417:11: call_function: calling ‘get_context_default_dir’ from ‘dcc_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:417:11: return_function: returning to ‘dcc_gen_new’ from ‘get_context_default_dir’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:418:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:420:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:420:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:426:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:426:11: call_function: calling ‘verify_dir’ from ‘dcc_gen_new’
#  243|               status = mkdir(dirname, S_IRWXU);
#  244|   #ifdef USE_SELINUX
#  245|->             krb5int_pop_fscreatecon(selabel);
#  246|   #endif
#  247|               if (status == 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def678]
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:250:9: warning[-Wanalyzer-malloc-leak]: leak of ‘dirname’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:410:1: enter_function: entry to ‘dcc_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:417:11: call_function: calling ‘get_context_default_dir’ from ‘dcc_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:417:11: return_function: returning to ‘dcc_gen_new’ from ‘get_context_default_dir’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:418:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:420:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:420:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:426:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:426:11: call_function: calling ‘verify_dir’ from ‘dcc_gen_new’
#  248|                   return 0;
#  249|           }
#  250|->         k5_setmsg(context, KRB5_FCC_NOFILE,
#  251|                     _("Credential cache directory %s does not exist"),
#  252|                     dirname);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def679]
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:256:9: warning[-Wanalyzer-malloc-leak]: leak of ‘dirname’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:410:1: enter_function: entry to ‘dcc_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:417:11: call_function: calling ‘get_context_default_dir’ from ‘dcc_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:417:11: return_function: returning to ‘dcc_gen_new’ from ‘get_context_default_dir’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:418:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:420:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:420:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:426:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:426:11: call_function: calling ‘verify_dir’ from ‘dcc_gen_new’
#  254|       }
#  255|       if (!S_ISDIR(st.st_mode)) {
#  256|->         k5_setmsg(context, KRB5_CC_FORMAT,
#  257|                     _("Credential cache directory %s exists but is not a "
#  258|                       "directory"), dirname);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def680]
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:429:11: warning[-Wanalyzer-malloc-leak]: leak of ‘dirname’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:410:1: enter_function: entry to ‘dcc_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:417:11: call_function: calling ‘get_context_default_dir’ from ‘dcc_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:417:11: return_function: returning to ‘dcc_gen_new’ from ‘get_context_default_dir’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:418:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:420:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:420:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:426:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:426:11: call_function: calling ‘verify_dir’ from ‘dcc_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:426:11: return_function: returning to ‘dcc_gen_new’ from ‘verify_dir’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:427:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:429:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:429:11: danger: ‘dirname’ leaks here; was allocated at [(12)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/11)
#  427|       if (ret)
#  428|           goto cleanup;
#  429|->     ret = k5_path_join(dirname, "tktXXXXXX", &template);
#  430|       if (ret)
#  431|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def681]
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:432:11: warning[-Wanalyzer-malloc-leak]: leak of ‘dirname’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:410:1: enter_function: entry to ‘dcc_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:417:11: call_function: calling ‘get_context_default_dir’ from ‘dcc_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:417:11: return_function: returning to ‘dcc_gen_new’ from ‘get_context_default_dir’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:418:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:420:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:420:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:426:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:426:11: call_function: calling ‘verify_dir’ from ‘dcc_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:426:11: return_function: returning to ‘dcc_gen_new’ from ‘verify_dir’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:427:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:429:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:430:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:432:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:432:11: danger: ‘dirname’ leaks here; was allocated at [(12)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/11)
#  430|       if (ret)
#  431|           goto cleanup;
#  432|->     ret = krb5int_fcc_new_unique(context, template, &fcc);
#  433|       if (ret)
#  434|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def682]
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:446:9: warning[-Wanalyzer-malloc-leak]: leak of ‘dirname’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:410:1: enter_function: entry to ‘dcc_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:417:11: call_function: calling ‘get_context_default_dir’ from ‘dcc_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:417:11: return_function: returning to ‘dcc_gen_new’ from ‘get_context_default_dir’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:418:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:420:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:420:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:426:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:426:11: call_function: calling ‘verify_dir’ from ‘dcc_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:426:11: return_function: returning to ‘dcc_gen_new’ from ‘verify_dir’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:427:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:429:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:430:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:432:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:433:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:434:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:445:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:446:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:446:9: danger: ‘dirname’ leaks here; was allocated at [(12)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/11)
#  444|   cleanup:
#  445|       if (fcc != NULL)
#  446|->         krb5_fcc_ops.destroy(context, fcc);
#  447|       free(dirname);
#  448|       free(template);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def683]
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:626:11: warning[-Wanalyzer-malloc-leak]: leak of ‘dirname’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:602:1: enter_function: entry to ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:613:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:615:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:615:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: call_function: calling ‘get_context_default_dir’ from ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: return_function: returning to ‘dcc_ptcursor_new’ from ‘get_context_default_dir’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:624:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:626:11: danger: ‘dirname’ leaks here; was allocated at [(16)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/15)
#  624|       if (ret || dirname == NULL)
#  625|           goto cleanup;
#  626|->     dir = opendir(dirname);
#  627|       if (dir == NULL)
#  628|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def684]
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:636:9: warning[-Wanalyzer-malloc-leak]: leak of ‘dirname’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:602:1: enter_function: entry to ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:613:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:615:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:615:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: call_function: calling ‘get_context_default_dir’ from ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: return_function: returning to ‘dcc_ptcursor_new’ from ‘get_context_default_dir’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:624:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:627:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:631:11: call_function: inlined call to ‘primary_pathname’ from ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:632:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:634:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:635:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:636:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:636:9: danger: ‘dirname’ leaks here; was allocated at [(16)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/15)
#  634|       ret = read_primary_file(context, primary_path, dirname, &primary);
#  635|       if (ret)
#  636|->         krb5_clear_error_message(context);
#  637|   
#  638|       ret = make_cursor(dirname, primary, dir, cursor_out);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def685]
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:636:9: warning[-Wanalyzer-malloc-leak]: leak of ‘opendir(dirname)’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:602:1: enter_function: entry to ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:613:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:615:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:615:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: call_function: calling ‘get_context_default_dir’ from ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: return_function: returning to ‘dcc_ptcursor_new’ from ‘get_context_default_dir’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:624:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:626:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:627:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:631:11: call_function: inlined call to ‘primary_pathname’ from ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:632:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:634:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:635:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:636:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:636:9: danger: ‘opendir(dirname)’ leaks here; was allocated at [(21)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/20)
#  634|       ret = read_primary_file(context, primary_path, dirname, &primary);
#  635|       if (ret)
#  636|->         krb5_clear_error_message(context);
#  637|   
#  638|       ret = make_cursor(dirname, primary, dir, cursor_out);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def686]
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:649:9: warning[-Wanalyzer-malloc-leak]: leak of ‘dir’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:602:1: enter_function: entry to ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:613:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:615:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:615:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: call_function: calling ‘get_context_default_dir’ from ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:623:11: return_function: returning to ‘dcc_ptcursor_new’ from ‘get_context_default_dir’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:624:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:626:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:627:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:631:11: call_function: inlined call to ‘primary_pathname’ from ‘dcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:632:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:633:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:648:8: branch_true: following ‘true’ branch (when ‘dir’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:649:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_dir.c:649:9: danger: ‘dir’ leaks here; was allocated at [(21)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/20)
#  647|       free(primary);
#  648|       if (dir)
#  649|->         closedir(dir);
#  650|       /* Return an empty cursor if we fail for any reason. */
#  651|       if (*cursor_out == NULL)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def687]
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:169:9: warning[-Wanalyzer-malloc-leak]: leak of ‘fp’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:950:1: enter_function: entry to ‘fcc_get_principal’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:958:11: call_function: calling ‘open_cache_file’ from ‘fcc_get_principal’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:958:11: return_function: returning to ‘fcc_get_principal’ from ‘open_cache_file’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:959:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:961:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:962:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:964:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:964:11: call_function: calling ‘read_principal’ from ‘fcc_get_principal’
#  167|           return ret;
#  168|       if (buf != NULL)
#  169|->         k5_buf_add_len(buf, bytes, 4);
#  170|       *out = (version < 3) ? load_32_n(bytes) : load_32_be(bytes);
#  171|       return 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def688]
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:195:11: warning[-Wanalyzer-malloc-leak]: leak of ‘fp’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:950:1: enter_function: entry to ‘fcc_get_principal’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:958:11: call_function: calling ‘open_cache_file’ from ‘fcc_get_principal’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:958:11: return_function: returning to ‘fcc_get_principal’ from ‘open_cache_file’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:959:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:961:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:962:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:964:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:964:11: call_function: calling ‘read_principal’ from ‘fcc_get_principal’
#  193|       void *ptr;
#  194|   
#  195|->     ptr = k5_buf_get_space(buf, len);
#  196|       return (ptr == NULL) ? KRB5_CC_NOMEM : read_bytes(context, fp, ptr, len);
#  197|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def689]
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:305:5: warning[-Wanalyzer-malloc-leak]: leak of ‘fp’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:950:1: enter_function: entry to ‘fcc_get_principal’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:958:11: call_function: calling ‘open_cache_file’ from ‘fcc_get_principal’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:958:11: return_function: returning to ‘fcc_get_principal’ from ‘open_cache_file’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:959:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:961:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:962:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:964:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:964:11: call_function: calling ‘read_principal’ from ‘fcc_get_principal’
#  303|   
#  304|       *princ = NULL;
#  305|->     k5_buf_init_dynamic(&buf);
#  306|   
#  307|       /* Read the principal representation into memory. */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def690]
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:374:11: warning[-Wanalyzer-malloc-leak]: leak of ‘fp’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:985:1: enter_function: entry to ‘fcc_store’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:997:11: call_function: calling ‘open_cache_file’ from ‘fcc_store’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:997:11: return_function: returning to ‘fcc_store’ from ‘open_cache_file’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:998:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1000:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1020:12: call_function: calling ‘close_cache_file’ from ‘fcc_store’
#  372|       if (fp == NULL)
#  373|           return 0;
#  374|->     ret = krb5_unlock_file(context, fileno(fp));
#  375|       st = fclose(fp);
#  376|       if (ret)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def691]
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:433:25: warning[-Wanalyzer-malloc-leak]: leak of ‘fp’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:985:1: enter_function: entry to ‘fcc_store’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:997:11: call_function: calling ‘open_cache_file’ from ‘fcc_store’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:997:11: return_function: returning to ‘fcc_store’ from ‘open_cache_file’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:998:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1000:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1000:11: call_function: calling ‘read_header’ from ‘fcc_store’
#  431|   
#  432|           default:
#  433|->             if (flen && fseek(fp, flen, SEEK_CUR) != 0)
#  434|                   return KRB5_CC_FORMAT;
#  435|               break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def692]
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:856:11: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:836:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:838:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:842:8: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:848:22: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:848:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:849:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:856:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:856:11: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/4)
#  854|       }
#  855|   
#  856|->     ret = k5_cc_mutex_init(&data->lock);
#  857|       if (ret) {
#  858|           free(data->filename);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def693]
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:856:11: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:836:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:838:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:841:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:842:8: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:848:22: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:849:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:856:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:856:11: danger: ‘data’ leaks here; was allocated at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
#  854|       }
#  855|   
#  856|->     ret = k5_cc_mutex_init(&data->lock);
#  857|       if (ret) {
#  858|           free(data->filename);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def694]
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1005:5: warning[-Wanalyzer-malloc-leak]: leak of ‘fp’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:985:1: enter_function: entry to ‘fcc_store’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:997:11: call_function: calling ‘open_cache_file’ from ‘fcc_store’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:997:11: return_function: returning to ‘fcc_store’ from ‘open_cache_file’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:998:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1000:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1001:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1005:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1005:5: danger: ‘fp’ leaks here; was allocated at [(14)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/13)
# 1003|   
# 1004|       /* Marshal the cred and write it to the file with a single append write. */
# 1005|->     k5_buf_init_dynamic_zap(&buf);
# 1006|       k5_marshal_cred(&buf, version, creds);
# 1007|       ret = k5_buf_status(&buf);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def695]
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1006:5: warning[-Wanalyzer-malloc-leak]: leak of ‘fp’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:985:1: enter_function: entry to ‘fcc_store’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:997:11: call_function: calling ‘open_cache_file’ from ‘fcc_store’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:997:11: return_function: returning to ‘fcc_store’ from ‘open_cache_file’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:998:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1000:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1001:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1005:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1006:5: danger: ‘fp’ leaks here; was allocated at [(14)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/13)
# 1004|       /* Marshal the cred and write it to the file with a single append write. */
# 1005|       k5_buf_init_dynamic_zap(&buf);
# 1006|->     k5_marshal_cred(&buf, version, creds);
# 1007|       ret = k5_buf_status(&buf);
# 1008|       if (ret)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def696]
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1007:11: warning[-Wanalyzer-malloc-leak]: leak of ‘fp’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:985:1: enter_function: entry to ‘fcc_store’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:997:11: call_function: calling ‘open_cache_file’ from ‘fcc_store’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:997:11: return_function: returning to ‘fcc_store’ from ‘open_cache_file’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:998:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1000:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1001:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1005:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1007:11: danger: ‘fp’ leaks here; was allocated at [(14)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/13)
# 1005|       k5_buf_init_dynamic_zap(&buf);
# 1006|       k5_marshal_cred(&buf, version, creds);
# 1007|->     ret = k5_buf_status(&buf);
# 1008|       if (ret)
# 1009|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def697]
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1010:16: warning[-Wanalyzer-malloc-leak]: leak of ‘fp’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:985:1: enter_function: entry to ‘fcc_store’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:997:11: call_function: calling ‘open_cache_file’ from ‘fcc_store’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:997:11: return_function: returning to ‘fcc_store’ from ‘open_cache_file’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:998:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1000:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1001:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1005:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1008:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1010:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1010:16: danger: ‘fp’ leaks here; was allocated at [(14)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/13)
# 1008|       if (ret)
# 1009|           goto cleanup;
# 1010|->     nwritten = write(fileno(fp), buf.data, buf.len);
# 1011|       if (nwritten == -1)
# 1012|           ret = interpret_errno(context, errno);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def698]
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1019:5: warning[-Wanalyzer-malloc-leak]: leak of ‘fp’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:985:1: enter_function: entry to ‘fcc_store’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:997:11: call_function: calling ‘open_cache_file’ from ‘fcc_store’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:997:11: return_function: returning to ‘fcc_store’ from ‘open_cache_file’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:998:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1000:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1019:5: danger: ‘fp’ leaks here; was allocated at [(14)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/13)
# 1017|   
# 1018|   cleanup:
# 1019|->     k5_buf_free(&buf);
# 1020|       ret2 = close_cache_file(context, fp);
# 1021|       k5_cc_mutex_unlock(context, &data->lock);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def699]
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1082:20: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(*data.filename, 524290)’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1049:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1057:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1062:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1065:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1067:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1070:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1070:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1076:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1076:10: acquire_resource: opened here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1077:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1082:20: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1082:20: danger: ‘open(*data.filename, 524290)’ leaks here; was opened at [(9)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/8)
# 1080|       }
# 1081|   
# 1082|->     start_offset = ftell(fcursor->fp);
# 1083|       if (start_offset == -1) {
# 1084|           ret = interpret_errno(context, errno);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def700]
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1119:13: warning[-Wanalyzer-malloc-leak]: leak of ‘k5alloc(expected.len, & ret)’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1031:1: enter_function: entry to ‘delete_cred’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1049:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1057:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1062:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1065:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1067:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1070:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1070:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1076:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1077:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1082:20: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1083:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1087:18: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1090:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1094:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1094:15: call_function: calling ‘k5alloc’ from ‘delete_cred’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1094:15: return_function: returning to ‘delete_cred’ from ‘k5alloc’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1095:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1097:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1098:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1101:33: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1101:15: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1111:25: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1111:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1115:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1115:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1119:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1119:13: danger: ‘k5alloc(expected.len, & ret)’ leaks here; was allocated at [(19)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/18)
# 1117|           goto cleanup;
# 1118|       }
# 1119|->     rwret = write(fd, overwrite.data, overwrite.len);
# 1120|       if (rwret < 0) {
# 1121|           ret = interpret_errno(context, errno);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def701]
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1127:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘open(*data.filename, 524290)’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1049:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1057:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1062:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1065:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1067:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1070:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1070:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1076:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1076:10: acquire_resource: opened here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1077:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1082:20: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1083:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1084:40: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1126:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1127:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1127:9: danger: ‘open(*data.filename, 524290)’ leaks here; was opened at [(9)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/8)
# 1125|   cleanup:
# 1126|       if (fd >= 0)
# 1127|->         close(fd);
# 1128|       zapfree(on_disk, expected.len);
# 1129|       k5_buf_free(&expected);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def702]
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1127:9: warning[-Wanalyzer-malloc-leak]: leak of ‘on_disk’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1031:1: enter_function: entry to ‘delete_cred’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1049:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1057:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1062:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1065:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1067:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1070:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1070:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1076:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1077:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1082:20: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1083:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1087:18: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1090:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1094:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1094:15: call_function: calling ‘k5alloc’ from ‘delete_cred’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1094:15: return_function: returning to ‘delete_cred’ from ‘k5alloc’
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1095:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1097:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1126:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1127:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_file.c:1127:9: danger: ‘on_disk’ leaks here; was allocated at [(19)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/18)
# 1125|   cleanup:
# 1126|       if (fd >= 0)
# 1127|->         close(fd);
# 1128|       zapfree(on_disk, expected.len);
# 1129|       k5_buf_free(&expected);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def703]
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:175:5: warning[-Wanalyzer-malloc-leak]: leak of ‘io’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1139:1: enter_function: entry to ‘kcm_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1152:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1155:11: call_function: calling ‘kcmio_connect’ from ‘kcm_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1155:11: return_function: returning to ‘kcm_ptcursor_new’ from ‘kcmio_connect’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1156:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1160:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1160:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1163:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1163:5: call_function: calling ‘kcmreq_init’ from ‘kcm_ptcursor_new’
#  173|       store_16_be(opcode, bytes + 2);
#  174|   
#  175|->     k5_buf_init_dynamic(&req->reqbuf);
#  176|       k5_buf_add_len(&req->reqbuf, bytes, 4);
#  177|       if (cache != NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def704]
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:176:5: warning[-Wanalyzer-malloc-leak]: leak of ‘io’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1139:1: enter_function: entry to ‘kcm_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1152:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1155:11: call_function: calling ‘kcmio_connect’ from ‘kcm_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1155:11: return_function: returning to ‘kcm_ptcursor_new’ from ‘kcmio_connect’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1156:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1160:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1160:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1163:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1163:5: call_function: calling ‘kcmreq_init’ from ‘kcm_ptcursor_new’
#  174|   
#  175|       k5_buf_init_dynamic(&req->reqbuf);
#  176|->     k5_buf_add_len(&req->reqbuf, bytes, 4);
#  177|       if (cache != NULL) {
#  178|           name = ((struct kcm_cache_data *)cache->data)->residual;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def705]
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:308:11: warning[-Wanalyzer-malloc-leak]: leak of ‘io’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:796:1: enter_function: entry to ‘kcm_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:805:11: call_function: calling ‘kcmio_connect’ from ‘kcm_gen_new’
#  306|       char *path = NULL;
#  307|   
#  308|->     ret = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
#  309|                                KRB5_CONF_KCM_SOCKET, NULL,
#  310|                                DEFAULT_KCM_SOCKET_PATH, &path);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def706]
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:337:9: warning[-Wanalyzer-malloc-leak]: leak of ‘io’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:796:1: enter_function: entry to ‘kcm_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:805:11: call_function: calling ‘kcmio_connect’ from ‘kcm_gen_new’
#  335|   cleanup:
#  336|       if (fd != INVALID_SOCKET)
#  337|->         closesocket(fd);
#  338|       profile_release_string(path);
#  339|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def707]
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:338:5: warning[-Wanalyzer-malloc-leak]: leak of ‘io’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:796:1: enter_function: entry to ‘kcm_gen_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:805:11: call_function: calling ‘kcmio_connect’ from ‘kcm_gen_new’
#  336|       if (fd != INVALID_SOCKET)
#  337|           closesocket(fd);
#  338|->     profile_release_string(path);
#  339|       return ret;
#  340|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def708]
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:358:15: warning[-Wanalyzer-malloc-leak]: leak of ‘io’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1139:1: enter_function: entry to ‘kcm_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1152:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1155:11: call_function: calling ‘kcmio_connect’ from ‘kcm_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1155:11: return_function: returning to ‘kcm_ptcursor_new’ from ‘kcmio_connect’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1156:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1160:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1160:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1163:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1163:5: call_function: calling ‘kcmreq_init’ from ‘kcm_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1163:5: return_function: returning to ‘kcm_ptcursor_new’ from ‘kcmreq_init’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1164:11: call_function: calling ‘kcmio_call’ from ‘kcm_ptcursor_new’
#  356|   
#  357|       for (;;) {
#  358|->         ret = krb5int_net_writev(context, io->fd, sg, 2);
#  359|           if (ret >= 0)
#  360|               return 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def709]
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:373:9: warning[-Wanalyzer-malloc-leak]: leak of ‘io’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1139:1: enter_function: entry to ‘kcm_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1152:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1155:11: call_function: calling ‘kcmio_connect’ from ‘kcm_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1155:11: return_function: returning to ‘kcm_ptcursor_new’ from ‘kcmio_connect’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1156:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1160:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1160:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1163:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1163:5: call_function: calling ‘kcmreq_init’ from ‘kcm_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1163:5: return_function: returning to ‘kcm_ptcursor_new’ from ‘kcmreq_init’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1164:11: call_function: calling ‘kcmio_call’ from ‘kcm_ptcursor_new’
#  371|            * single reconnect attempt won't be robust.
#  372|            */
#  373|->         close(io->fd);
#  374|           ret = kcmio_unix_socket_connect(context, io);
#  375|           if (ret)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def710]
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:412:10: warning[-Wanalyzer-malloc-leak]: leak of ‘reply’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:451:1: enter_function: entry to ‘kcmio_call’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:464:15: call_function: calling ‘kcmio_unix_socket_read’ from ‘kcmio_call’
#  410|       if (reply == NULL)
#  411|           return ENOMEM;
#  412|->     st = krb5_net_read(context, io->fd, reply, len);
#  413|       if (st == -1 || (size_t)st != len) {
#  414|           free(reply);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def711]
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:456:9: warning[-Wanalyzer-malloc-leak]: leak of ‘io’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1139:1: enter_function: entry to ‘kcm_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1152:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1155:11: call_function: calling ‘kcmio_connect’ from ‘kcm_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1155:11: return_function: returning to ‘kcm_ptcursor_new’ from ‘kcmio_connect’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1156:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1160:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1160:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1163:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1163:5: call_function: calling ‘kcmreq_init’ from ‘kcm_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1163:5: return_function: returning to ‘kcm_ptcursor_new’ from ‘kcmreq_init’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1164:11: call_function: calling ‘kcmio_call’ from ‘kcm_ptcursor_new’
#  454|       size_t reply_len = 0;
#  455|   
#  456|->     if (k5_buf_status(&req->reqbuf) != 0)
#  457|           return ENOMEM;
#  458|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def712]
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:487:13: warning[-Wanalyzer-malloc-leak]: leak of ‘cursor’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1099:1: enter_function: entry to ‘make_ptcursor’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1108:8: branch_true: following ‘true’ branch (when ‘residual’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1109:25: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1110:12: branch_false: following ‘false’ branch (when ‘residual_copy’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1113:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1113:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1114:8: branch_false: following ‘false’ branch (when ‘cursor’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1116:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1117:8: branch_true: following ‘true’ branch (when ‘data’ is NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1118:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1130:5: call_function: calling ‘kcmio_close’ from ‘make_ptcursor’
#  485|           kcmio_mach_close(io);
#  486|           if (io->fd != INVALID_SOCKET)
#  487|->             closesocket(io->fd);
#  488|           free(io);
#  489|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def713]
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:487:13: warning[-Wanalyzer-malloc-leak]: leak of ‘io’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1139:1: enter_function: entry to ‘kcm_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1152:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1155:11: call_function: calling ‘kcmio_connect’ from ‘kcm_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1155:11: return_function: returning to ‘kcm_ptcursor_new’ from ‘kcmio_connect’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1156:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1160:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1160:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1161:16: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1161:16: call_function: calling ‘make_ptcursor’ from ‘kcm_ptcursor_new’
#  485|           kcmio_mach_close(io);
#  486|           if (io->fd != INVALID_SOCKET)
#  487|->             closesocket(io->fd);
#  488|           free(io);
#  489|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def714]
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:487:13: warning[-Wanalyzer-malloc-leak]: leak of ‘residual_copy’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1099:1: enter_function: entry to ‘make_ptcursor’
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1108:8: branch_true: following ‘true’ branch (when ‘residual’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1109:25: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1109:25: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1110:12: branch_false: following ‘false’ branch (when ‘residual_copy’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1113:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1114:8: branch_true: following ‘true’ branch (when ‘cursor’ is NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1115:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_kcm.c:1130:5: call_function: calling ‘kcmio_close’ from ‘make_ptcursor’
#  485|           kcmio_mach_close(io);
#  486|           if (io->fd != INVALID_SOCKET)
#  487|->             closesocket(io->fd);
#  488|           free(io);
#  489|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def715]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:298:11: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1505:1: enter_function: entry to ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1516:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1518:11: call_function: inlined call to ‘k5alloc’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1521:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: call_function: calling ‘get_default’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: return_function: returning to ‘krcc_ptcursor_new’ from ‘get_default’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1527:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: call_function: calling ‘get_collection’ from ‘krcc_ptcursor_new’
#  296|       key_serial_t key;
#  297|   
#  298|->     key = keyctl_get_persistent(uid, KEY_SPEC_PROCESS_KEYRING);
#  299|       return (key == -1 && errno == ENOTSUP) ? get_persistent_fallback(uid) :
#  300|           key;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def716]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:298:11: warning[-Wanalyzer-malloc-leak]: leak of ‘anchor_name’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1660:1: enter_function: entry to ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: call_function: calling ‘parse_residual’ from ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: return_function: returning to ‘krcc_switch_to’ from ‘parse_residual’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1669:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: call_function: calling ‘get_collection’ from ‘krcc_switch_to’
#  296|       key_serial_t key;
#  297|   
#  298|->     key = keyctl_get_persistent(uid, KEY_SPEC_PROCESS_KEYRING);
#  299|       return (key == -1 && errno == ENOTSUP) ? get_persistent_fallback(uid) :
#  300|           key;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def717]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:298:11: warning[-Wanalyzer-malloc-leak]: leak of ‘collection_name’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1660:1: enter_function: entry to ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: call_function: calling ‘parse_residual’ from ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: return_function: returning to ‘krcc_switch_to’ from ‘parse_residual’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1669:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: call_function: calling ‘get_collection’ from ‘krcc_switch_to’
#  296|       key_serial_t key;
#  297|   
#  298|->     key = keyctl_get_persistent(uid, KEY_SPEC_PROCESS_KEYRING);
#  299|       return (key == -1 && errno == ENOTSUP) ? get_persistent_fallback(uid) :
#  300|           key;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def718]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:298:11: warning[-Wanalyzer-malloc-leak]: leak of ‘id’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1124:1: enter_function: entry to ‘krcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1137:11: call_function: calling ‘get_default’ from ‘krcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1137:11: return_function: returning to ‘krcc_generate_new’ from ‘get_default’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1139:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1141:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1141:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1147:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1147:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1156:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1156:10: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1157:8: branch_false: following ‘false’ branch (when ‘id’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1162:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1165:11: call_function: calling ‘get_collection’ from ‘krcc_generate_new’
#  296|       key_serial_t key;
#  297|   
#  298|->     key = keyctl_get_persistent(uid, KEY_SPEC_PROCESS_KEYRING);
#  299|       return (key == -1 && errno == ENOTSUP) ? get_persistent_fallback(uid) :
#  300|           key;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def719]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:298:11: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1505:1: enter_function: entry to ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1515:14: call_function: inlined call to ‘k5alloc’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1516:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1518:11: call_function: inlined call to ‘k5alloc’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1521:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: call_function: calling ‘get_default’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: return_function: returning to ‘krcc_ptcursor_new’ from ‘get_default’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1527:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: call_function: calling ‘get_collection’ from ‘krcc_ptcursor_new’
#  296|       key_serial_t key;
#  297|   
#  298|->     key = keyctl_get_persistent(uid, KEY_SPEC_PROCESS_KEYRING);
#  299|       return (key == -1 && errno == ENOTSUP) ? get_persistent_fallback(uid) :
#  300|           key;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def720]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:321:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1505:1: enter_function: entry to ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1516:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1518:11: call_function: inlined call to ‘k5alloc’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1521:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: call_function: calling ‘get_default’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: return_function: returning to ‘krcc_ptcursor_new’ from ‘get_default’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1527:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: call_function: calling ‘get_collection’ from ‘krcc_ptcursor_new’
#  319|       key_serial_t s, u;
#  320|   
#  321|->     s = keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0);
#  322|       u = keyctl_get_keyring_ID(KEY_SPEC_USER_SESSION_KEYRING, 0);
#  323|       return (s == u) ? KEY_SPEC_USER_SESSION_KEYRING : KEY_SPEC_SESSION_KEYRING;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def721]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:321:9: warning[-Wanalyzer-malloc-leak]: leak of ‘anchor_name’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1660:1: enter_function: entry to ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: call_function: calling ‘parse_residual’ from ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: return_function: returning to ‘krcc_switch_to’ from ‘parse_residual’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1669:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: call_function: calling ‘get_collection’ from ‘krcc_switch_to’
#  319|       key_serial_t s, u;
#  320|   
#  321|->     s = keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0);
#  322|       u = keyctl_get_keyring_ID(KEY_SPEC_USER_SESSION_KEYRING, 0);
#  323|       return (s == u) ? KEY_SPEC_USER_SESSION_KEYRING : KEY_SPEC_SESSION_KEYRING;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def722]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:321:9: warning[-Wanalyzer-malloc-leak]: leak of ‘collection_name’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1660:1: enter_function: entry to ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: call_function: calling ‘parse_residual’ from ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: return_function: returning to ‘krcc_switch_to’ from ‘parse_residual’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1669:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: call_function: calling ‘get_collection’ from ‘krcc_switch_to’
#  319|       key_serial_t s, u;
#  320|   
#  321|->     s = keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0);
#  322|       u = keyctl_get_keyring_ID(KEY_SPEC_USER_SESSION_KEYRING, 0);
#  323|       return (s == u) ? KEY_SPEC_USER_SESSION_KEYRING : KEY_SPEC_SESSION_KEYRING;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def723]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:321:9: warning[-Wanalyzer-malloc-leak]: leak of ‘id’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1124:1: enter_function: entry to ‘krcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1137:11: call_function: calling ‘get_default’ from ‘krcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1137:11: return_function: returning to ‘krcc_generate_new’ from ‘get_default’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1139:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1141:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1141:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1147:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1147:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1156:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1156:10: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1157:8: branch_false: following ‘false’ branch (when ‘id’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1162:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1165:11: call_function: calling ‘get_collection’ from ‘krcc_generate_new’
#  319|       key_serial_t s, u;
#  320|   
#  321|->     s = keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0);
#  322|       u = keyctl_get_keyring_ID(KEY_SPEC_USER_SESSION_KEYRING, 0);
#  323|       return (s == u) ? KEY_SPEC_USER_SESSION_KEYRING : KEY_SPEC_SESSION_KEYRING;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def724]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:321:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1505:1: enter_function: entry to ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1516:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1518:11: call_function: inlined call to ‘k5alloc’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1521:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: call_function: calling ‘get_default’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: return_function: returning to ‘krcc_ptcursor_new’ from ‘get_default’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1527:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: call_function: calling ‘get_collection’ from ‘krcc_ptcursor_new’
#  319|       key_serial_t s, u;
#  320|   
#  321|->     s = keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0);
#  322|       u = keyctl_get_keyring_ID(KEY_SPEC_USER_SESSION_KEYRING, 0);
#  323|       return (s == u) ? KEY_SPEC_USER_SESSION_KEYRING : KEY_SPEC_SESSION_KEYRING;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def725]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:322:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1505:1: enter_function: entry to ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1516:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1518:11: call_function: inlined call to ‘k5alloc’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1521:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: call_function: calling ‘get_default’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: return_function: returning to ‘krcc_ptcursor_new’ from ‘get_default’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1527:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: call_function: calling ‘get_collection’ from ‘krcc_ptcursor_new’
#  320|   
#  321|       s = keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0);
#  322|->     u = keyctl_get_keyring_ID(KEY_SPEC_USER_SESSION_KEYRING, 0);
#  323|       return (s == u) ? KEY_SPEC_USER_SESSION_KEYRING : KEY_SPEC_SESSION_KEYRING;
#  324|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def726]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:322:9: warning[-Wanalyzer-malloc-leak]: leak of ‘anchor_name’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1660:1: enter_function: entry to ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: call_function: calling ‘parse_residual’ from ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: return_function: returning to ‘krcc_switch_to’ from ‘parse_residual’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1669:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: call_function: calling ‘get_collection’ from ‘krcc_switch_to’
#  320|   
#  321|       s = keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0);
#  322|->     u = keyctl_get_keyring_ID(KEY_SPEC_USER_SESSION_KEYRING, 0);
#  323|       return (s == u) ? KEY_SPEC_USER_SESSION_KEYRING : KEY_SPEC_SESSION_KEYRING;
#  324|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def727]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:322:9: warning[-Wanalyzer-malloc-leak]: leak of ‘collection_name’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1660:1: enter_function: entry to ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: call_function: calling ‘parse_residual’ from ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: return_function: returning to ‘krcc_switch_to’ from ‘parse_residual’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1669:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: call_function: calling ‘get_collection’ from ‘krcc_switch_to’
#  320|   
#  321|       s = keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0);
#  322|->     u = keyctl_get_keyring_ID(KEY_SPEC_USER_SESSION_KEYRING, 0);
#  323|       return (s == u) ? KEY_SPEC_USER_SESSION_KEYRING : KEY_SPEC_SESSION_KEYRING;
#  324|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def728]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:322:9: warning[-Wanalyzer-malloc-leak]: leak of ‘id’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1124:1: enter_function: entry to ‘krcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1137:11: call_function: calling ‘get_default’ from ‘krcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1137:11: return_function: returning to ‘krcc_generate_new’ from ‘get_default’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1139:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1141:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1141:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1147:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1147:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1156:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1156:10: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1157:8: branch_false: following ‘false’ branch (when ‘id’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1162:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1165:11: call_function: calling ‘get_collection’ from ‘krcc_generate_new’
#  320|   
#  321|       s = keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0);
#  322|->     u = keyctl_get_keyring_ID(KEY_SPEC_USER_SESSION_KEYRING, 0);
#  323|       return (s == u) ? KEY_SPEC_USER_SESSION_KEYRING : KEY_SPEC_SESSION_KEYRING;
#  324|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def729]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:322:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1505:1: enter_function: entry to ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1516:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1518:11: call_function: inlined call to ‘k5alloc’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1521:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: call_function: calling ‘get_default’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: return_function: returning to ‘krcc_ptcursor_new’ from ‘get_default’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1527:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: call_function: calling ‘get_collection’ from ‘krcc_ptcursor_new’
#  320|   
#  321|       s = keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 0);
#  322|->     u = keyctl_get_keyring_ID(KEY_SPEC_USER_SESSION_KEYRING, 0);
#  323|       return (s == u) ? KEY_SPEC_USER_SESSION_KEYRING : KEY_SPEC_SESSION_KEYRING;
#  324|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def730]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:339:11: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1505:1: enter_function: entry to ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1516:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1518:11: call_function: inlined call to ‘k5alloc’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1521:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: call_function: calling ‘get_default’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: return_function: returning to ‘krcc_ptcursor_new’ from ‘get_default’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1527:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: call_function: calling ‘get_collection’ from ‘krcc_ptcursor_new’
#  337|   
#  338|       *key_out = -1;
#  339|->     key = keyctl_search(parent, KRCC_KEY_TYPE_KEYRING, name, possess);
#  340|       if (key == -1) {
#  341|           if (possess != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def731]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:339:11: warning[-Wanalyzer-malloc-leak]: leak of ‘anchor_name’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1660:1: enter_function: entry to ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: call_function: calling ‘parse_residual’ from ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: return_function: returning to ‘krcc_switch_to’ from ‘parse_residual’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1669:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: call_function: calling ‘get_collection’ from ‘krcc_switch_to’
#  337|   
#  338|       *key_out = -1;
#  339|->     key = keyctl_search(parent, KRCC_KEY_TYPE_KEYRING, name, possess);
#  340|       if (key == -1) {
#  341|           if (possess != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def732]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:339:11: warning[-Wanalyzer-malloc-leak]: leak of ‘collection_name’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1660:1: enter_function: entry to ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: call_function: calling ‘parse_residual’ from ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: return_function: returning to ‘krcc_switch_to’ from ‘parse_residual’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1669:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: call_function: calling ‘get_collection’ from ‘krcc_switch_to’
#  337|   
#  338|       *key_out = -1;
#  339|->     key = keyctl_search(parent, KRCC_KEY_TYPE_KEYRING, name, possess);
#  340|       if (key == -1) {
#  341|           if (possess != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def733]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:339:11: warning[-Wanalyzer-malloc-leak]: leak of ‘id’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1124:1: enter_function: entry to ‘krcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1137:11: call_function: calling ‘get_default’ from ‘krcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1137:11: return_function: returning to ‘krcc_generate_new’ from ‘get_default’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1139:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1141:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1141:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1147:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1147:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1156:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1156:10: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1157:8: branch_false: following ‘false’ branch (when ‘id’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1162:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1165:11: call_function: calling ‘get_collection’ from ‘krcc_generate_new’
#  337|   
#  338|       *key_out = -1;
#  339|->     key = keyctl_search(parent, KRCC_KEY_TYPE_KEYRING, name, possess);
#  340|       if (key == -1) {
#  341|           if (possess != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def734]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:339:11: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1505:1: enter_function: entry to ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1516:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1518:11: call_function: inlined call to ‘k5alloc’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1521:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: call_function: calling ‘get_default’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: return_function: returning to ‘krcc_ptcursor_new’ from ‘get_default’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1527:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: call_function: calling ‘get_collection’ from ‘krcc_ptcursor_new’
#  337|   
#  338|       *key_out = -1;
#  339|->     key = keyctl_search(parent, KRCC_KEY_TYPE_KEYRING, name, possess);
#  340|       if (key == -1) {
#  341|           if (possess != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def735]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:342:19: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1505:1: enter_function: entry to ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1516:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1518:11: call_function: inlined call to ‘k5alloc’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1521:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: call_function: calling ‘get_default’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: return_function: returning to ‘krcc_ptcursor_new’ from ‘get_default’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1527:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: call_function: calling ‘get_collection’ from ‘krcc_ptcursor_new’
#  340|       if (key == -1) {
#  341|           if (possess != 0) {
#  342|->             key = add_key(KRCC_KEY_TYPE_KEYRING, name, NULL, 0, possess);
#  343|               if (key == -1)
#  344|                   return errno;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def736]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:342:19: warning[-Wanalyzer-malloc-leak]: leak of ‘anchor_name’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1660:1: enter_function: entry to ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: call_function: calling ‘parse_residual’ from ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: return_function: returning to ‘krcc_switch_to’ from ‘parse_residual’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1669:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: call_function: calling ‘get_collection’ from ‘krcc_switch_to’
#  340|       if (key == -1) {
#  341|           if (possess != 0) {
#  342|->             key = add_key(KRCC_KEY_TYPE_KEYRING, name, NULL, 0, possess);
#  343|               if (key == -1)
#  344|                   return errno;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def737]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:342:19: warning[-Wanalyzer-malloc-leak]: leak of ‘collection_name’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1660:1: enter_function: entry to ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: call_function: calling ‘parse_residual’ from ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: return_function: returning to ‘krcc_switch_to’ from ‘parse_residual’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1669:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: call_function: calling ‘get_collection’ from ‘krcc_switch_to’
#  340|       if (key == -1) {
#  341|           if (possess != 0) {
#  342|->             key = add_key(KRCC_KEY_TYPE_KEYRING, name, NULL, 0, possess);
#  343|               if (key == -1)
#  344|                   return errno;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def738]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:342:19: warning[-Wanalyzer-malloc-leak]: leak of ‘id’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1124:1: enter_function: entry to ‘krcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1137:11: call_function: calling ‘get_default’ from ‘krcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1137:11: return_function: returning to ‘krcc_generate_new’ from ‘get_default’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1139:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1141:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1141:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1147:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1147:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1156:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1156:10: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1157:8: branch_false: following ‘false’ branch (when ‘id’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1162:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1165:11: call_function: calling ‘get_collection’ from ‘krcc_generate_new’
#  340|       if (key == -1) {
#  341|           if (possess != 0) {
#  342|->             key = add_key(KRCC_KEY_TYPE_KEYRING, name, NULL, 0, possess);
#  343|               if (key == -1)
#  344|                   return errno;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def739]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:342:19: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1505:1: enter_function: entry to ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1516:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1518:11: call_function: inlined call to ‘k5alloc’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1521:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: call_function: calling ‘get_default’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: return_function: returning to ‘krcc_ptcursor_new’ from ‘get_default’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1527:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: call_function: calling ‘get_collection’ from ‘krcc_ptcursor_new’
#  340|       if (key == -1) {
#  341|           if (possess != 0) {
#  342|->             key = add_key(KRCC_KEY_TYPE_KEYRING, name, NULL, 0, possess);
#  343|               if (key == -1)
#  344|                   return errno;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def740]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:345:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1505:1: enter_function: entry to ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1516:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1518:11: call_function: inlined call to ‘k5alloc’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1521:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: call_function: calling ‘get_default’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: return_function: returning to ‘krcc_ptcursor_new’ from ‘get_default’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1527:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: call_function: calling ‘get_collection’ from ‘krcc_ptcursor_new’
#  343|               if (key == -1)
#  344|                   return errno;
#  345|->             if (keyctl_link(key, parent) == -1)
#  346|                   return errno;
#  347|           } else {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def741]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:345:17: warning[-Wanalyzer-malloc-leak]: leak of ‘anchor_name’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1660:1: enter_function: entry to ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: call_function: calling ‘parse_residual’ from ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: return_function: returning to ‘krcc_switch_to’ from ‘parse_residual’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1669:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: call_function: calling ‘get_collection’ from ‘krcc_switch_to’
#  343|               if (key == -1)
#  344|                   return errno;
#  345|->             if (keyctl_link(key, parent) == -1)
#  346|                   return errno;
#  347|           } else {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def742]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:345:17: warning[-Wanalyzer-malloc-leak]: leak of ‘collection_name’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1660:1: enter_function: entry to ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: call_function: calling ‘parse_residual’ from ‘krcc_switch_to’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1667:11: return_function: returning to ‘krcc_switch_to’ from ‘parse_residual’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1669:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1671:11: call_function: calling ‘get_collection’ from ‘krcc_switch_to’
#  343|               if (key == -1)
#  344|                   return errno;
#  345|->             if (keyctl_link(key, parent) == -1)
#  346|                   return errno;
#  347|           } else {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def743]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:345:17: warning[-Wanalyzer-malloc-leak]: leak of ‘id’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1124:1: enter_function: entry to ‘krcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1137:11: call_function: calling ‘get_default’ from ‘krcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1137:11: return_function: returning to ‘krcc_generate_new’ from ‘get_default’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1139:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1141:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1141:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1147:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1147:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1156:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1156:10: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1157:8: branch_false: following ‘false’ branch (when ‘id’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1162:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1165:11: call_function: calling ‘get_collection’ from ‘krcc_generate_new’
#  343|               if (key == -1)
#  344|                   return errno;
#  345|->             if (keyctl_link(key, parent) == -1)
#  346|                   return errno;
#  347|           } else {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def744]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:345:17: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1505:1: enter_function: entry to ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1516:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1518:11: call_function: inlined call to ‘k5alloc’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1521:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: call_function: calling ‘get_default’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: return_function: returning to ‘krcc_ptcursor_new’ from ‘get_default’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1527:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1531:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1536:11: call_function: calling ‘get_collection’ from ‘krcc_ptcursor_new’
#  343|               if (key == -1)
#  344|                   return errno;
#  345|->             if (keyctl_link(key, parent) == -1)
#  346|                   return errno;
#  347|           } else {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def745]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:451:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1505:1: enter_function: entry to ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1515:14: call_function: inlined call to ‘k5alloc’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1516:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1518:11: call_function: inlined call to ‘k5alloc’ from ‘krcc_ptcursor_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1521:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1525:11: call_function: calling ‘get_default’ from ‘krcc_ptcursor_new’
#  449|   
#  450|       *anchor_name_out = *collection_name_out = *subsidiary_name_out = NULL;
#  451|->     defname = krb5_cc_default_name(context);
#  452|       if (defname == NULL || strncmp(defname, "KEYRING:", 8) != 0)
#  453|           return 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def746]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1009:28: warning[-Wanalyzer-malloc-leak]: leak of ‘krcursor’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:989:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:994:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:995:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1001:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1001:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1002:8: branch_false: following ‘false’ branch (when ‘krcursor’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1008:26: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1009:28: danger: ‘krcursor’ leaks here; was allocated at [(5)](sarif:/runs/0/results/50/codeFlows/0/threadFlows/0/locations/4)
# 1007|   
# 1008|       krcursor->princ_id = data->princ_id;
# 1009|->     krcursor->offsets_id = keyctl_search(data->cache_id, KRCC_KEY_TYPE_USER,
# 1010|                                            KRCC_TIME_OFFSETS, 0);
# 1011|       krcursor->numkeys = size / sizeof(key_serial_t);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def747]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1014:5: warning[-Wanalyzer-malloc-leak]: leak of ‘krcursor’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:989:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:994:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:995:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1001:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1001:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1002:8: branch_false: following ‘false’ branch (when ‘krcursor’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1008:26: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1014:5: danger: ‘krcursor’ leaks here; was allocated at [(5)](sarif:/runs/0/results/51/codeFlows/0/threadFlows/0/locations/4)
# 1012|       krcursor->keys = keys;
# 1013|   
# 1014|->     k5_cc_mutex_unlock(context, &data->lock);
# 1015|       *cursor = krcursor;
# 1016|       return 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def748]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1100:11: warning[-Wanalyzer-malloc-leak]: leak of ‘ccache’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1566:1: enter_function: entry to ‘krcc_ptcursor_next’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1579:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1582:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1582:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1585:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1590:12: branch_true: following ‘true’ branch (when ‘cache_id != -1’)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1592:49: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1591:20: call_function: calling ‘make_cache’ from ‘krcc_ptcursor_next’
# 1098|           return KRB5_CC_NOMEM;
# 1099|   
# 1100|->     ret = k5_cc_mutex_init(&data->lock);
# 1101|       if (ret) {
# 1102|           free(data);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def749]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1100:11: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1096:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1097:8: branch_false: following ‘false’ branch (when ‘data’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1100:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1100:11: danger: ‘data’ leaks here; was allocated at [(1)](sarif:/runs/0/results/53/codeFlows/0/threadFlows/0/locations/0)
# 1098|           return KRB5_CC_NOMEM;
# 1099|   
# 1100|->     ret = k5_cc_mutex_init(&data->lock);
# 1101|       if (ret) {
# 1102|           free(data);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def750]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1109:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ccache’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1566:1: enter_function: entry to ‘krcc_ptcursor_next’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1579:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1582:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1582:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1585:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1590:12: branch_true: following ‘true’ branch (when ‘cache_id != -1’)...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1592:49: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1591:20: call_function: calling ‘make_cache’ from ‘krcc_ptcursor_next’
# 1107|                                      subsidiary_name, &data->name);
# 1108|       if (ret) {
# 1109|->         k5_cc_mutex_destroy(&data->lock);
# 1110|           free(data);
# 1111|           return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def751]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1148:9: warning[-Wanalyzer-malloc-leak]: leak of ‘anchor_name’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1124:1: enter_function: entry to ‘krcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1137:11: call_function: calling ‘get_default’ from ‘krcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1137:11: return_function: returning to ‘krcc_generate_new’ from ‘get_default’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1139:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1141:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1141:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1147:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1147:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1149:19: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1148:9: danger: ‘anchor_name’ leaks here; was allocated at [(16)](sarif:/runs/0/results/57/codeFlows/0/threadFlows/0/locations/15)
# 1146|       }
# 1147|       if (subsidiary_name != NULL) {
# 1148|->         k5_setmsg(context, KRB5_DCC_CANNOT_CREATE,
# 1149|                     _("Can't create new subsidiary cache because default cache "
# 1150|                       "is already a subsidiary"));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def752]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1148:9: warning[-Wanalyzer-malloc-leak]: leak of ‘collection_name’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1124:1: enter_function: entry to ‘krcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1137:11: call_function: calling ‘get_default’ from ‘krcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1137:11: return_function: returning to ‘krcc_generate_new’ from ‘get_default’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1139:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1141:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1141:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1147:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1147:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1149:19: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1148:9: danger: ‘collection_name’ leaks here; was allocated at [(32)](sarif:/runs/0/results/56/codeFlows/0/threadFlows/0/locations/31)
# 1146|       }
# 1147|       if (subsidiary_name != NULL) {
# 1148|->         k5_setmsg(context, KRB5_DCC_CANNOT_CREATE,
# 1149|                     _("Can't create new subsidiary cache because default cache "
# 1150|                       "is already a subsidiary"));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def753]
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1148:9: warning[-Wanalyzer-malloc-leak]: leak of ‘subsidiary_name’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1124:1: enter_function: entry to ‘krcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1137:11: call_function: calling ‘get_default’ from ‘krcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1137:11: return_function: returning to ‘krcc_generate_new’ from ‘get_default’
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1139:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1141:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1141:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1147:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1147:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1149:19: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_keyring.c:1148:9: danger: ‘subsidiary_name’ leaks here; was allocated at [(40)](sarif:/runs/0/results/55/codeFlows/0/threadFlows/0/locations/39)
# 1146|       }
# 1147|       if (subsidiary_name != NULL) {
# 1148|->         k5_setmsg(context, KRB5_DCC_CANNOT_CREATE,
# 1149|                     _("Can't create new subsidiary cache because default cache "
# 1150|                       "is already a subsidiary"));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def754]
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:144:11: warning[-Wanalyzer-malloc-leak]: leak of ‘lid’
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:537:1: enter_function: entry to ‘krb5_mcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:545:25: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:546:8: branch_false: following ‘false’ branch (when ‘lid’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:549:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:552:5: call_function: calling ‘init_table’ from ‘krb5_mcc_generate_new’
#  142|       if (mcc_hashtab != NULL)
#  143|           return 0;
#  144|->     ret = krb5_c_random_make_octets(context, &d);
#  145|       if (ret)
#  146|           return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def755]
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:147:12: warning[-Wanalyzer-malloc-leak]: leak of ‘lid’
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:537:1: enter_function: entry to ‘krb5_mcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:545:25: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:546:8: branch_false: following ‘false’ branch (when ‘lid’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:549:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:552:5: call_function: calling ‘init_table’ from ‘krb5_mcc_generate_new’
#  145|       if (ret)
#  146|           return ret;
#  147|->     return k5_hashtab_create(seed, 64, &mcc_hashtab);
#  148|   }
#  149|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def756]
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:196:11: warning[-Wanalyzer-malloc-leak]: leak of ‘new_node’
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:192:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:193:8: branch_false: following ‘false’ branch (when ‘new_node’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:195:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:196:11: danger: ‘new_node’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  194|           return ENOMEM;
#  195|       new_node->next = NULL;
#  196|->     ret = krb5_copy_creds(context, cred, &new_node->creds);
#  197|       if (ret) {
#  198|           free(new_node);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def757]
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:382:5: warning[-Wanalyzer-malloc-leak]: leak of ‘mcursor’
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:378:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:379:8: branch_false: following ‘false’ branch (when ‘mcursor’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:381:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:382:5: danger: ‘mcursor’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  380|           return KRB5_CC_NOMEM;
#  381|       d = id->data;
#  382|->     k5_cc_mutex_lock(context, &d->lock);
#  383|       mcursor->generation = d->generation;
#  384|       mcursor->next_link = d->link;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def758]
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:385:5: warning[-Wanalyzer-malloc-leak]: leak of ‘mcursor’
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:378:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:379:8: branch_false: following ‘false’ branch (when ‘mcursor’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:381:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:385:5: danger: ‘mcursor’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  383|       mcursor->generation = d->generation;
#  384|       mcursor->next_link = d->link;
#  385|->     k5_cc_mutex_unlock(context, &d->lock);
#  386|       *cursor = mcursor;
#  387|       return KRB5_OK;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def759]
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:491:11: warning[-Wanalyzer-malloc-leak]: leak of ‘d’
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:487:9: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:488:8: branch_false: following ‘false’ branch (when ‘d’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:491:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:491:11: danger: ‘d’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  489|           return KRB5_CC_NOMEM;
#  490|   
#  491|->     err = k5_cc_mutex_init(&d->lock);
#  492|       if (err) {
#  493|           free(d);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def760]
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:491:11: warning[-Wanalyzer-malloc-leak]: leak of ‘lid’
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:537:1: enter_function: entry to ‘krb5_mcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:545:25: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:546:8: branch_false: following ‘false’ branch (when ‘lid’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:549:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:557:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:563:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:568:11: call_function: calling ‘new_mcc_data’ from ‘krb5_mcc_generate_new’
#  489|           return KRB5_CC_NOMEM;
#  490|   
#  491|->     err = k5_cc_mutex_init(&d->lock);
#  492|       if (err) {
#  493|           free(d);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def761]
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:499:9: warning[-Wanalyzer-malloc-leak]: leak of ‘lid’
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:537:1: enter_function: entry to ‘krb5_mcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:545:25: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:546:8: branch_false: following ‘false’ branch (when ‘lid’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:549:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:557:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:563:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:568:11: call_function: calling ‘new_mcc_data’ from ‘krb5_mcc_generate_new’
#  497|       d->name = strdup(name);
#  498|       if (d->name == NULL) {
#  499|->         k5_cc_mutex_destroy(&d->lock);
#  500|           free(d);
#  501|           return KRB5_CC_NOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def762]
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:511:9: warning[-Wanalyzer-malloc-leak]: leak of ‘lid’
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:537:1: enter_function: entry to ‘krb5_mcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:545:25: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:546:8: branch_false: following ‘false’ branch (when ‘lid’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:549:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:557:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:563:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:568:11: call_function: calling ‘new_mcc_data’ from ‘krb5_mcc_generate_new’
#  509|       d->generation = 0;
#  510|   
#  511|->     if (k5_hashtab_add(mcc_hashtab, d->name, strlen(d->name), d) != 0) {
#  512|           free(d->name);
#  513|           k5_cc_mutex_destroy(&d->lock);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def763]
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:513:9: warning[-Wanalyzer-malloc-leak]: leak of ‘lid’
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:537:1: enter_function: entry to ‘krb5_mcc_generate_new’
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:545:25: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:546:8: branch_false: following ‘false’ branch (when ‘lid’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:549:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:557:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:563:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:568:11: call_function: calling ‘new_mcc_data’ from ‘krb5_mcc_generate_new’
#  511|       if (k5_hashtab_add(mcc_hashtab, d->name, strlen(d->name), d) != 0) {
#  512|           free(d->name);
#  513|->         k5_cc_mutex_destroy(&d->lock);
#  514|           free(d);
#  515|           return KRB5_CC_NOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def764]
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:551:5: warning[-Wanalyzer-malloc-leak]: leak of ‘lid’
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:545:25: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:546:8: branch_false: following ‘false’ branch (when ‘lid’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:549:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:551:5: danger: ‘lid’ leaks here; was allocated at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
#  549|       lid->ops = &krb5_mcc_ops;
#  550|   
#  551|->     k5_cc_mutex_lock(context, &krb5int_mcc_mutex);
#  552|       init_table(context);
#  553|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def765]
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:556:15: warning[-Wanalyzer-malloc-leak]: leak of ‘lid’
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:545:25: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:546:8: branch_false: following ‘false’ branch (when ‘lid’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:549:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:556:15: danger: ‘lid’ leaks here; was allocated at [(1)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/0)
#  554|       /* Check for uniqueness with mutex locked to avoid race conditions */
#  555|       while (1) {
#  556|->         err = krb5int_random_string (context, uniquename, sizeof (uniquename));
#  557|           if (err) {
#  558|               k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def766]
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:558:13: warning[-Wanalyzer-malloc-leak]: leak of ‘lid’
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:545:25: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:546:8: branch_false: following ‘false’ branch (when ‘lid’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:549:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:558:13: danger: ‘lid’ leaks here; was allocated at [(1)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/0)
#  556|           err = krb5int_random_string (context, uniquename, sizeof (uniquename));
#  557|           if (err) {
#  558|->             k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
#  559|               free(lid);
#  560|               return err;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def767]
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:563:13: warning[-Wanalyzer-malloc-leak]: leak of ‘lid’
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:545:25: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:546:8: branch_false: following ‘false’ branch (when ‘lid’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:549:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:557:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:563:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:563:13: danger: ‘lid’ leaks here; was allocated at [(1)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/0)
#  561|           }
#  562|   
#  563|->         if (k5_hashtab_get(mcc_hashtab, uniquename,
#  564|                              strlen(uniquename)) == NULL)
#  565|               break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def768]
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:570:5: warning[-Wanalyzer-malloc-leak]: leak of ‘lid’
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:545:25: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:546:8: branch_false: following ‘false’ branch (when ‘lid’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:549:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:557:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:563:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cc_memory.c:570:5: danger: ‘lid’ leaks here; was allocated at [(1)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/0)
#  568|       err = new_mcc_data(uniquename, &d);
#  569|   
#  570|->     k5_cc_mutex_unlock(context, &krb5int_mcc_mutex);
#  571|       if (err) {
#  572|           free(lid);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def769]
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:395:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:371:1: enter_function: entry to ‘read_creds’
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:381:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:386:12: call_function: inlined call to ‘k5calloc’ from ‘read_creds’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:392:16: call_function: inlined call to ‘k5alloc’ from ‘read_creds’
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:395:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:395:15: danger: ‘ptr’ leaks here; was allocated at [(9)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/8)
#  393|           if (cred == NULL)
#  394|               goto cleanup;
#  395|->         ret = krb5_cc_next_cred(context, ccache, &cur, cred);
#  396|           if (ret == KRB5_CC_END)
#  397|               break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def770]
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:419:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:371:1: enter_function: entry to ‘read_creds’
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:381:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:386:12: call_function: inlined call to ‘k5calloc’ from ‘read_creds’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:392:16: call_function: inlined call to ‘k5alloc’ from ‘read_creds’
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:394:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:418:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:419:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:419:15: danger: ‘ptr’ leaks here; was allocated at [(5)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/4)
#  417|   cleanup:
#  418|       if (cur != NULL)
#  419|->         (void)krb5_cc_end_seq_get(context, ccache, &cur);
#  420|       krb5_free_tgt_creds(context, list);
#  421|       free(cred);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def771]
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:420:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:371:1: enter_function: entry to ‘read_creds’
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:381:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:386:12: call_function: inlined call to ‘k5calloc’ from ‘read_creds’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:392:16: call_function: inlined call to ‘k5alloc’ from ‘read_creds’
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:394:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccbase.c:420:5: danger: ‘ptr’ leaks here; was allocated at [(5)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/4)
#  418|       if (cur != NULL)
#  419|           (void)krb5_cc_end_seq_get(context, ccache, &cur);
#  420|->     krb5_free_tgt_creds(context, list);
#  421|       free(cred);
#  422|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def772]
krb5-1.21.3/src/lib/krb5/ccache/cccursor.c:60:11: warning[-Wanalyzer-malloc-leak]: leak of ‘n’
krb5-1.21.3/src/lib/krb5/ccache/cccursor.c:52:9: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/cccursor.c:53:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/cccursor.c:56:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/cccursor.c:60:11: danger: ‘n’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   58|       n->ops = NULL;
#   59|   
#   60|->     ret = krb5int_cc_typecursor_new(context, &n->typecursor);
#   61|       if (ret)
#   62|           goto errout;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def773]
krb5-1.21.3/src/lib/krb5/ccache/ccmarshal.c:192:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/ccache/ccmarshal.c:549:1: enter_function: entry to ‘krb5_unmarshal_credentials’
krb5-1.21.3/src/lib/krb5/ccache/ccmarshal.c:557:13: call_function: inlined call to ‘k5alloc’ from ‘krb5_unmarshal_credentials’
krb5-1.21.3/src/lib/krb5/ccache/ccmarshal.c:561:58: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccmarshal.c:561:11: call_function: calling ‘k5_unmarshal_cred’ from ‘krb5_unmarshal_credentials’
#  190|   error:
#  191|       k5_input_set_status(in, ret);
#  192|->     krb5_free_principal(NULL, princ);
#  193|       return NULL;
#  194|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def774]
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:95:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:124:1: enter_function: entry to ‘krb5_cc_select’
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:138:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:139:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:139:15: call_function: calling ‘load_modules’ from ‘krb5_cc_select’
#   93|           if (handle == NULL)
#   94|               goto cleanup;
#   95|->         ret = (*mod)(context, 1, 1, (krb5_plugin_vtable)&handle->vt);
#   96|           if (ret != 0) {         /* Failed vtable init is non-fatal. */
#   97|               TRACE_CCSELECT_VTINIT_FAIL(context, ret);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def775]
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:97:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:124:1: enter_function: entry to ‘krb5_cc_select’
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:138:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:139:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:139:15: call_function: calling ‘load_modules’ from ‘krb5_cc_select’
#   95|           ret = (*mod)(context, 1, 1, (krb5_plugin_vtable)&handle->vt);
#   96|           if (ret != 0) {         /* Failed vtable init is non-fatal. */
#   97|->             TRACE_CCSELECT_VTINIT_FAIL(context, ret);
#   98|               free(handle);
#   99|               continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def776]
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:102:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:124:1: enter_function: entry to ‘krb5_cc_select’
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:138:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:139:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:139:15: call_function: calling ‘load_modules’ from ‘krb5_cc_select’
#  100|           }
#  101|           handle->data = NULL;
#  102|->         ret = handle->vt.init(context, &handle->data, &handle->priority);
#  103|           if (ret != 0) {         /* Failed initialization is non-fatal. */
#  104|               TRACE_CCSELECT_INIT_FAIL(context, handle->vt.name, ret);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def777]
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:104:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:124:1: enter_function: entry to ‘krb5_cc_select’
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:138:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:139:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:139:15: call_function: calling ‘load_modules’ from ‘krb5_cc_select’
#  102|           ret = handle->vt.init(context, &handle->data, &handle->priority);
#  103|           if (ret != 0) {         /* Failed initialization is non-fatal. */
#  104|->             TRACE_CCSELECT_INIT_FAIL(context, handle->vt.name, ret);
#  105|               free(handle);
#  106|               continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def778]
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:118:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:124:1: enter_function: entry to ‘krb5_cc_select’
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:138:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:139:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect.c:139:15: call_function: calling ‘load_modules’ from ‘krb5_cc_select’
#  116|   
#  117|   cleanup:
#  118|->     k5_plugin_free_modules(context, modules);
#  119|       free_handles(context, list);
#  120|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def779]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:84:11: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(server_59(D)->data[1].data,  hostlen, & ret)’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:54:1: enter_function: entry to ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:69:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: call_function: calling ‘k5memdup0’ from ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: return_function: returning to ‘hostname_choose’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:75:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:77:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:78:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:84:11: danger: ‘k5memdup0(server_59(D)->data[1].data,  hostlen, & ret)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/8)
#   82|       /* Scan the collection for a cache with a client principal whose realm is
#   83|        * the longest tail of the server hostname. */
#   84|->     ret = krb5_cccol_cursor_new(context, &col_cursor);
#   85|       if (ret)
#   86|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def780]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:84:11: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:54:1: enter_function: entry to ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:69:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: call_function: calling ‘k5memdup0’ from ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: return_function: returning to ‘hostname_choose’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:75:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:77:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:84:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:84:11: danger: ‘p’ leaks here; was allocated at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#   82|       /* Scan the collection for a cache with a client principal whose realm is
#   83|        * the longest tail of the server hostname. */
#   84|->     ret = krb5_cccol_cursor_new(context, &col_cursor);
#   85|       if (ret)
#   86|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def781]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:88:16: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(server_59(D)->data[1].data,  hostlen, & ret)’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:54:1: enter_function: entry to ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:69:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: call_function: calling ‘k5memdup0’ from ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: return_function: returning to ‘hostname_choose’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:75:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:77:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:78:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:85:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:88:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:88:16: danger: ‘k5memdup0(server_59(D)->data[1].data,  hostlen, & ret)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/8)
#   86|           goto done;
#   87|   
#   88|->     for (ret = krb5_cccol_cursor_next(context, col_cursor, &ccache);
#   89|            ret == 0 && ccache != NULL;
#   90|            ret = krb5_cccol_cursor_next(context, col_cursor, &ccache)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def782]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:88:16: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:54:1: enter_function: entry to ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:69:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: call_function: calling ‘k5memdup0’ from ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: return_function: returning to ‘hostname_choose’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:75:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:77:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:84:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:85:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:88:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:88:16: danger: ‘p’ leaks here; was allocated at [(9)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/8)
#   86|           goto done;
#   87|   
#   88|->     for (ret = krb5_cccol_cursor_next(context, col_cursor, &ccache);
#   89|            ret == 0 && ccache != NULL;
#   90|            ret = krb5_cccol_cursor_next(context, col_cursor, &ccache)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def783]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:90:16: warning[-Wanalyzer-malloc-leak]: leak of ‘domain.data’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:54:1: enter_function: entry to ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:69:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: call_function: calling ‘k5memdup0’ from ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: return_function: returning to ‘hostname_choose’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:75:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:77:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:78:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:85:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:88:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:89:10: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:92:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:98:18: call_function: inlined call to ‘make_data’ from ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:99:16: branch_true: following ‘true’ branch (when ‘best_princ’ is NULL)...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:101:30: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:101:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:108:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:109:16: branch_true: following ‘true’ branch (when ‘p’ is NULL)...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:90:16: danger: ‘domain.data’ leaks here; was allocated at [(9)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/8)
#   88|       for (ret = krb5_cccol_cursor_next(context, col_cursor, &ccache);
#   89|            ret == 0 && ccache != NULL;
#   90|->          ret = krb5_cccol_cursor_next(context, col_cursor, &ccache)) {
#   91|           ret = krb5_cc_get_principal(context, ccache, &princ);
#   92|           if (ret) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def784]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:90:16: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:54:1: enter_function: entry to ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:69:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: call_function: calling ‘k5memdup0’ from ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: return_function: returning to ‘hostname_choose’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:75:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:77:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:84:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:85:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:88:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:89:10: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:92:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:98:18: call_function: inlined call to ‘make_data’ from ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:99:16: branch_true: following ‘true’ branch (when ‘best_princ’ is NULL)...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:101:30: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:101:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:108:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:109:16: branch_true: following ‘true’ branch (when ‘p’ is NULL)...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:90:16: danger: ‘p’ leaks here; was allocated at [(9)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/8)
#   88|       for (ret = krb5_cccol_cursor_next(context, col_cursor, &ccache);
#   89|            ret == 0 && ccache != NULL;
#   90|->          ret = krb5_cccol_cursor_next(context, col_cursor, &ccache)) {
#   91|           ret = krb5_cc_get_principal(context, ccache, &princ);
#   92|           if (ret) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def785]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:91:15: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(server_59(D)->data[1].data,  hostlen, & ret)’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:54:1: enter_function: entry to ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:69:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: call_function: calling ‘k5memdup0’ from ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: return_function: returning to ‘hostname_choose’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:75:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:77:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:78:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:85:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:88:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:89:10: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:91:15: danger: ‘k5memdup0(server_59(D)->data[1].data,  hostlen, & ret)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/8)
#   89|            ret == 0 && ccache != NULL;
#   90|            ret = krb5_cccol_cursor_next(context, col_cursor, &ccache)) {
#   91|->         ret = krb5_cc_get_principal(context, ccache, &princ);
#   92|           if (ret) {
#   93|               krb5_cc_close(context, ccache);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def786]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:91:15: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:54:1: enter_function: entry to ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:69:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: call_function: calling ‘k5memdup0’ from ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: return_function: returning to ‘hostname_choose’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:75:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:77:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:84:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:85:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:88:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:89:10: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:91:15: danger: ‘p’ leaks here; was allocated at [(9)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/8)
#   89|            ret == 0 && ccache != NULL;
#   90|            ret = krb5_cccol_cursor_next(context, col_cursor, &ccache)) {
#   91|->         ret = krb5_cc_get_principal(context, ccache, &princ);
#   92|           if (ret) {
#   93|               krb5_cc_close(context, ccache);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def787]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:93:13: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(server_59(D)->data[1].data,  hostlen, & ret)’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:54:1: enter_function: entry to ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:69:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: call_function: calling ‘k5memdup0’ from ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: return_function: returning to ‘hostname_choose’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:75:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:77:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:78:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:85:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:88:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:89:10: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:92:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:93:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:93:13: danger: ‘k5memdup0(server_59(D)->data[1].data,  hostlen, & ret)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/8)
#   91|           ret = krb5_cc_get_principal(context, ccache, &princ);
#   92|           if (ret) {
#   93|->             krb5_cc_close(context, ccache);
#   94|               break;
#   95|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def788]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:93:13: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:54:1: enter_function: entry to ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:69:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: call_function: calling ‘k5memdup0’ from ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: return_function: returning to ‘hostname_choose’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:75:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:77:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:84:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:85:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:88:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:89:10: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:92:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:93:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:93:13: danger: ‘p’ leaks here; was allocated at [(9)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/8)
#   91|           ret = krb5_cc_get_principal(context, ccache, &princ);
#   92|           if (ret) {
#   93|->             krb5_cc_close(context, ccache);
#   94|               break;
#   95|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def789]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:115:13: warning[-Wanalyzer-malloc-leak]: leak of ‘domain.data’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:54:1: enter_function: entry to ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:69:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: call_function: calling ‘k5memdup0’ from ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: return_function: returning to ‘hostname_choose’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:75:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:77:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:78:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:85:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:88:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:89:10: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:92:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:98:18: call_function: inlined call to ‘make_data’ from ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:99:16: branch_true: following ‘true’ branch (when ‘best_princ’ is NULL)...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:101:30: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:101:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:108:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:109:16: branch_true: following ‘true’ branch (when ‘p’ is NULL)...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:114:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:115:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:115:13: danger: ‘domain.data’ leaks here; was allocated at [(9)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/8)
#  113|   
#  114|           if (ccache != NULL)
#  115|->             krb5_cc_close(context, ccache);
#  116|           krb5_free_principal(context, princ);
#  117|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def790]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:115:13: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:54:1: enter_function: entry to ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:69:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: call_function: calling ‘k5memdup0’ from ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: return_function: returning to ‘hostname_choose’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:75:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:77:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:84:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:85:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:88:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:89:10: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:92:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:98:18: call_function: inlined call to ‘make_data’ from ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:99:16: branch_true: following ‘true’ branch (when ‘best_princ’ is NULL)...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:101:30: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:101:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:108:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:109:16: branch_true: following ‘true’ branch (when ‘p’ is NULL)...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:114:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:115:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:115:13: danger: ‘p’ leaks here; was allocated at [(9)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/8)
#  113|   
#  114|           if (ccache != NULL)
#  115|->             krb5_cc_close(context, ccache);
#  116|           krb5_free_principal(context, princ);
#  117|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def791]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:116:9: warning[-Wanalyzer-malloc-leak]: leak of ‘domain.data’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:54:1: enter_function: entry to ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:69:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: call_function: calling ‘k5memdup0’ from ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: return_function: returning to ‘hostname_choose’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:75:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:77:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:78:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:85:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:88:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:89:10: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:92:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:98:18: call_function: inlined call to ‘make_data’ from ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:99:16: branch_true: following ‘true’ branch (when ‘best_princ’ is NULL)...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:101:30: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:101:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:108:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:109:16: branch_true: following ‘true’ branch (when ‘p’ is NULL)...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:116:9: danger: ‘domain.data’ leaks here; was allocated at [(9)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/8)
#  114|           if (ccache != NULL)
#  115|               krb5_cc_close(context, ccache);
#  116|->         krb5_free_principal(context, princ);
#  117|       }
#  118|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def792]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:116:9: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:54:1: enter_function: entry to ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:69:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: call_function: calling ‘k5memdup0’ from ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:74:12: return_function: returning to ‘hostname_choose’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:75:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:77:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:84:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:85:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:88:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:89:10: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:92:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:98:18: call_function: inlined call to ‘make_data’ from ‘hostname_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:99:16: branch_true: following ‘true’ branch (when ‘best_princ’ is NULL)...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:101:30: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:101:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:108:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:109:16: branch_true: following ‘true’ branch (when ‘p’ is NULL)...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_hostname.c:116:9: danger: ‘p’ leaks here; was allocated at [(9)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/8)
#  114|           if (ccache != NULL)
#  115|               krb5_cc_close(context, ccache);
#  116|->         krb5_free_principal(context, princ);
#  117|       }
#  118|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def793]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:64:11: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "r")’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:150:1: enter_function: entry to ‘k5identity_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:165:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:167:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:169:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:171:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:171:10: acquire_resource: opened here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:173:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:177:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:178:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:178:13: call_function: calling ‘parse_line’ from ‘k5identity_choose’
#   62|       }
#   63|   
#   64|->     res = fnmatch(pattern, str, 0);
#   65|       free(str);
#   66|       return (res == 0);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def794]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:64:11: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "r")’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:150:1: enter_function: entry to ‘k5identity_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:165:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:167:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:169:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:171:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:171:10: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:173:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:177:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:178:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:178:13: call_function: calling ‘parse_line’ from ‘k5identity_choose’
#   62|       }
#   63|   
#   64|->     res = fnmatch(pattern, str, 0);
#   65|       free(str);
#   66|       return (res == 0);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def795]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:64:11: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*data.data, (long unsigned int)*data.length, & ret)’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:93:1: enter_function: entry to ‘parse_line’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:103:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:105:25: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:106:8: branch_false: following ‘false’ branch (when ‘princ != princ_end’)...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:110:25: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:111:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:112:29: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:116:12: branch_false: following ‘false’ branch (when ‘sep’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:118:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:119:14: call_function: calling ‘check_constraint’ from ‘parse_line’
#   62|       }
#   63|   
#   64|->     res = fnmatch(pattern, str, 0);
#   65|       free(str);
#   66|       return (res == 0);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def796]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:64:11: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:93:1: enter_function: entry to ‘parse_line’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:103:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:105:25: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:106:8: branch_false: following ‘false’ branch (when ‘princ != princ_end’)...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:110:25: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:111:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:112:29: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:116:12: branch_false: following ‘false’ branch (when ‘sep’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:118:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:119:14: call_function: calling ‘check_constraint’ from ‘parse_line’
#   62|       }
#   63|   
#   64|->     res = fnmatch(pattern, str, 0);
#   65|       free(str);
#   66|       return (res == 0);

Error: COMPILER_WARNING (CWE-563): [#def797]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:134:10: warning[-Wunused-variable]: unused variable ‘pwbuf’
#  134 |     char pwbuf[BUFSIZ];
#      |          ^~~~~
#  132|   {
#  133|       const char *homedir = NULL;
#  134|->     char pwbuf[BUFSIZ];
#  135|       struct passwd pwx, *pwd;
#  136|   

Error: COMPILER_WARNING (CWE-563): [#def798]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c: scope_hint: In function ‘get_homedir’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:135:19: warning[-Wunused-variable]: unused variable ‘pwx’
#  135 |     struct passwd pwx, *pwd;
#      |                   ^~~
#  133|       const char *homedir = NULL;
#  134|       char pwbuf[BUFSIZ];
#  135|->     struct passwd pwx, *pwd;
#  136|   
#  137|       if (!context->profile_secure)

Error: CPPCHECK_WARNING (CWE-457): [#def799]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:141: error[legacyUninitvar]: Uninitialized variable: *(&pwd)
#  139|   
#  140|       if (homedir == NULL) {
#  141|->         if (k5_getpwuid_r(geteuid(), &pwx, pwbuf, sizeof(pwbuf), &pwd) != 0)
#  142|               return NULL;
#  143|           homedir = pwd->pw_dir;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def800]
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:167:11: warning[-Wanalyzer-malloc-leak]: leak of ‘get_homedir(context)’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:150:1: enter_function: entry to ‘k5identity_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:164:15: call_function: calling ‘get_homedir’ from ‘k5identity_choose’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:164:15: return_function: returning to ‘k5identity_choose’ from ‘get_homedir’
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:165:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:167:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/ccache/ccselect_k5identity.c:167:11: danger: ‘get_homedir(context)’ leaks here; was allocated at [(4)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/3)
#  165|       if (homedir == NULL)
#  166|           return KRB5_PLUGIN_NO_HANDLE;
#  167|->     ret = k5_path_join(homedir, ".k5identity", &filename);
#  168|       free(homedir);
#  169|       if (ret)

Error: GCC_ANALYZER_WARNING (CWE-789): [#def801]
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:980:15: warning[-Wanalyzer-tainted-allocation-size]: use of attacker-controlled value ‘(unsigned int)princ_size + 1’ as allocation size without upper-bounds checking
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:479:1: enter_function: entry to ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: call_function: calling ‘k5_mutex_lock’ from ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: return_function: returning to ‘krb5_ktfile_get_next’ from ‘k5_mutex_lock’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:486:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:494:19: call_function: inlined call to ‘krb5_ktfileint_read_entry’ from ‘krb5_ktfile_get_next’
#  978|   
#  979|       ret_entry->principal->realm.length = u_princ_size;
#  980|->     tmpdata = malloc(u_princ_size+1);
#  981|       if (!tmpdata) {
#  982|           error = ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-823): [#def802]
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:990:5: warning[-Wanalyzer-tainted-offset]: use of attacker-controlled value ‘princ_size’ as offset without upper-bounds checking
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:479:1: enter_function: entry to ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: call_function: calling ‘k5_mutex_lock’ from ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: return_function: returning to ‘krb5_ktfile_get_next’ from ‘k5_mutex_lock’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:486:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:494:19: call_function: inlined call to ‘krb5_ktfileint_read_entry’ from ‘krb5_ktfile_get_next’
#  988|           goto fail;
#  989|       }
#  990|->     tmpdata[princ_size] = 0;    /* Some things might be expecting null */
#  991|                                   /* termination...  ``Be conservative in */
#  992|                                   /* what you send out'' */

Error: GCC_ANALYZER_WARNING (CWE-789): [#def803]
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1010:23: warning[-Wanalyzer-tainted-allocation-size]: use of attacker-controlled value ‘(unsigned int)princ_size + 1’ as allocation size without upper-bounds checking
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:479:1: enter_function: entry to ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: call_function: calling ‘k5_mutex_lock’ from ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: return_function: returning to ‘krb5_ktfile_get_next’ from ‘k5_mutex_lock’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:486:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:494:19: call_function: inlined call to ‘krb5_ktfileint_read_entry’ from ‘krb5_ktfile_get_next’
# 1008|           u_princ_size = princ_size;
# 1009|           princ->length = u_princ_size;
# 1010|->         princ->data = malloc(u_princ_size+1);
# 1011|           if (!princ->data) {
# 1012|               error = ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-823): [#def804]
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1019:9: warning[-Wanalyzer-tainted-offset]: use of attacker-controlled value ‘princ_size’ as offset without upper-bounds checking
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:479:1: enter_function: entry to ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: call_function: calling ‘k5_mutex_lock’ from ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: return_function: returning to ‘krb5_ktfile_get_next’ from ‘k5_mutex_lock’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:486:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:494:19: call_function: inlined call to ‘krb5_ktfileint_read_entry’ from ‘krb5_ktfile_get_next’
# 1017|               goto fail;
# 1018|           }
# 1019|->         princ->data[princ_size] = 0; /* Null terminate */
# 1020|       }
# 1021|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def805]
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1024:14: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:479:1: enter_function: entry to ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: call_function: calling ‘k5_mutex_lock’ from ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: return_function: returning to ‘krb5_ktfile_get_next’ from ‘k5_mutex_lock’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:486:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:494:19: call_function: inlined call to ‘krb5_ktfileint_read_entry’ from ‘krb5_ktfile_get_next’
# 1022|       /* read in the principal type, if we can get it */
# 1023|       if (KTVERSION(id) != KRB5_KT_VNO_1) {
# 1024|->         if (!fread(&ret_entry->principal->type,
# 1025|                      sizeof(ret_entry->principal->type), 1, KTFILEP(id))) {
# 1026|               error = KRB5_KT_END;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def806]
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1033:10: warning[-Wanalyzer-malloc-leak]: leak of ‘*ret_entry.principal’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:918:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:921:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:933:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:937:23: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:942:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:944:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:949:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:951:44: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:951:44: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:952:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:956:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:960:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:967:52: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:967:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:971:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:971:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:973:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:973:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:977:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:981:8: branch_false: following ‘false’ branch (when ‘tmpdata’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:985:41: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:985:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:990:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:995:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:996:18: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:997:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1001:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1001:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1003:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1003:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1008:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1011:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1015:61: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1015:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1019:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:995:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1023:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1023:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1033:72: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1033:10: danger: ‘*ret_entry.principal’ leaks here; was allocated at [(9)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/8)
# 1031|   
# 1032|       /* read in the timestamp */
# 1033|->     if (!fread(&ret_entry->timestamp, sizeof(ret_entry->timestamp), 1, KTFILEP(id))) {
# 1034|           error = KRB5_KT_END;
# 1035|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def807]
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1033:10: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:479:1: enter_function: entry to ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: call_function: calling ‘k5_mutex_lock’ from ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: return_function: returning to ‘krb5_ktfile_get_next’ from ‘k5_mutex_lock’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:486:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:494:19: call_function: inlined call to ‘krb5_ktfileint_read_entry’ from ‘krb5_ktfile_get_next’
# 1031|   
# 1032|       /* read in the timestamp */
# 1033|->     if (!fread(&ret_entry->timestamp, sizeof(ret_entry->timestamp), 1, KTFILEP(id))) {
# 1034|           error = KRB5_KT_END;
# 1035|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def808]
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1033:10: warning[-Wanalyzer-malloc-leak]: leak of ‘cur_entry.principal’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:479:1: enter_function: entry to ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: call_function: calling ‘k5_mutex_lock’ from ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: return_function: returning to ‘krb5_ktfile_get_next’ from ‘k5_mutex_lock’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:486:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:494:19: call_function: inlined call to ‘krb5_ktfileint_read_entry’ from ‘krb5_ktfile_get_next’
# 1031|   
# 1032|       /* read in the timestamp */
# 1033|->     if (!fread(&ret_entry->timestamp, sizeof(ret_entry->timestamp), 1, KTFILEP(id))) {
# 1034|           error = KRB5_KT_END;
# 1035|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-789): [#def809]
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1073:45: warning[-Wanalyzer-tainted-allocation-size]: use of attacker-controlled value ‘count’ as allocation size without upper-bounds checking
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:479:1: enter_function: entry to ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: call_function: calling ‘k5_mutex_lock’ from ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: return_function: returning to ‘krb5_ktfile_get_next’ from ‘k5_mutex_lock’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:486:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:494:19: call_function: inlined call to ‘krb5_ktfileint_read_entry’ from ‘krb5_ktfile_get_next’
# 1071|       ret_entry->key.length = u_count;
# 1072|   
# 1073|->     ret_entry->key.contents = (krb5_octet *)malloc(u_count);
# 1074|       if (!ret_entry->key.contents) {
# 1075|           error = ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def810]
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1085:11: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:479:1: enter_function: entry to ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: call_function: calling ‘k5_mutex_lock’ from ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: return_function: returning to ‘krb5_ktfile_get_next’ from ‘k5_mutex_lock’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:486:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:494:19: call_function: inlined call to ‘krb5_ktfileint_read_entry’ from ‘krb5_ktfile_get_next’
# 1083|   
# 1084|       /* Check for a 32-bit kvno extension if four or more bytes remain. */
# 1085|->     pos = ftell(KTFILEP(id));
# 1086|       if (pos - start_pos + 4 <= size) {
# 1087|           if (!fread(&vno32, sizeof(vno32), 1, KTFILEP(id))) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def811]
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1085:11: warning[-Wanalyzer-malloc-leak]: leak of ‘princ’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:479:1: enter_function: entry to ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: call_function: calling ‘k5_mutex_lock’ from ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: return_function: returning to ‘krb5_ktfile_get_next’ from ‘k5_mutex_lock’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:486:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:494:19: call_function: inlined call to ‘krb5_ktfileint_read_entry’ from ‘krb5_ktfile_get_next’
# 1083|   
# 1084|       /* Check for a 32-bit kvno extension if four or more bytes remain. */
# 1085|->     pos = ftell(KTFILEP(id));
# 1086|       if (pos - start_pos + 4 <= size) {
# 1087|           if (!fread(&vno32, sizeof(vno32), 1, KTFILEP(id))) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def812]
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1085:11: warning[-Wanalyzer-malloc-leak]: leak of ‘tmpdata’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:479:1: enter_function: entry to ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: call_function: calling ‘k5_mutex_lock’ from ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: return_function: returning to ‘krb5_ktfile_get_next’ from ‘k5_mutex_lock’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:486:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:494:19: call_function: inlined call to ‘krb5_ktfileint_read_entry’ from ‘krb5_ktfile_get_next’
# 1083|   
# 1084|       /* Check for a 32-bit kvno extension if four or more bytes remain. */
# 1085|->     pos = ftell(KTFILEP(id));
# 1086|       if (pos - start_pos + 4 <= size) {
# 1087|           if (!fread(&vno32, sizeof(vno32), 1, KTFILEP(id))) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def813]
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:1101:9: warning[-Wanalyzer-malloc-leak]: leak of ‘tmpdata’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:479:1: enter_function: entry to ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: call_function: calling ‘k5_mutex_lock’ from ‘krb5_ktfile_get_next’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:485:5: return_function: returning to ‘krb5_ktfile_get_next’ from ‘k5_mutex_lock’
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:486:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:490:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_file.c:494:19: call_function: inlined call to ‘krb5_ktfileint_read_entry’ from ‘krb5_ktfile_get_next’
# 1099|        * Reposition file pointer to the next inter-record length field.
# 1100|        */
# 1101|->     if (fseek(KTFILEP(id), start_pos + size, SEEK_SET) == -1) {
# 1102|           error = errno;
# 1103|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def814]
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:549:11: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:528:1: enter_function: entry to ‘krb5_mkt_add’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:533:5: call_function: calling ‘k5_mutex_lock’ from ‘krb5_mkt_add’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:533:5: return_function: returning to ‘krb5_mkt_add’ from ‘k5_mutex_lock’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:536:8: branch_false: following ‘false’ branch (when ‘cursor’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:540:42: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:540:42: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:541:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:546:28: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:549:11: danger: ‘<unknown>’ leaks here; was allocated at [(9)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/8)
#  547|       cursor->entry->timestamp = entry->timestamp;
#  548|       cursor->entry->vno = entry->vno;
#  549|->     err = krb5_copy_keyblock_contents(context, &(entry->key),
#  550|                                         &(cursor->entry->key));
#  551|       if (err) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def815]
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:549:11: warning[-Wanalyzer-malloc-leak]: leak of ‘cursor’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:528:1: enter_function: entry to ‘krb5_mkt_add’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:533:5: call_function: calling ‘k5_mutex_lock’ from ‘krb5_mkt_add’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:533:5: return_function: returning to ‘krb5_mkt_add’ from ‘k5_mutex_lock’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:535:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:536:8: branch_false: following ‘false’ branch (when ‘cursor’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:540:42: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:541:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:546:28: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:549:11: danger: ‘cursor’ leaks here; was allocated at [(7)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/6)
#  547|       cursor->entry->timestamp = entry->timestamp;
#  548|       cursor->entry->vno = entry->vno;
#  549|->     err = krb5_copy_keyblock_contents(context, &(entry->key),
#  550|                                         &(cursor->entry->key));
#  551|       if (err) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def816]
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:557:11: warning[-Wanalyzer-malloc-leak]: leak of ‘cursor’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:528:1: enter_function: entry to ‘krb5_mkt_add’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:533:5: call_function: calling ‘k5_mutex_lock’ from ‘krb5_mkt_add’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:533:5: return_function: returning to ‘krb5_mkt_add’ from ‘k5_mutex_lock’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:535:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:536:8: branch_false: following ‘false’ branch (when ‘cursor’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:540:42: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:541:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:546:28: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:551:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:557:60: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:557:11: danger: ‘cursor’ leaks here; was allocated at [(7)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/6)
#  555|       }
#  556|   
#  557|->     err = krb5_copy_principal(context, entry->principal, &(cursor->entry->principal));
#  558|       if (err) {
#  559|           krb5_free_keyblock_contents(context, &(cursor->entry->key));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def817]
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:559:9: warning[-Wanalyzer-malloc-leak]: leak of ‘cursor’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:528:1: enter_function: entry to ‘krb5_mkt_add’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:533:5: call_function: calling ‘k5_mutex_lock’ from ‘krb5_mkt_add’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:533:5: return_function: returning to ‘krb5_mkt_add’ from ‘k5_mutex_lock’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:535:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:536:8: branch_false: following ‘false’ branch (when ‘cursor’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:540:42: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:541:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:546:28: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:551:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:557:60: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:558:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:559:48: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:559:9: danger: ‘cursor’ leaks here; was allocated at [(7)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/6)
#  557|       err = krb5_copy_principal(context, entry->principal, &(cursor->entry->principal));
#  558|       if (err) {
#  559|->         krb5_free_keyblock_contents(context, &(cursor->entry->key));
#  560|           free(cursor->entry);
#  561|           free(cursor);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def818]
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:575:12: warning[-Wanalyzer-malloc-leak]: leak of ‘cursor’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:528:1: enter_function: entry to ‘krb5_mkt_add’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:533:5: call_function: calling ‘k5_mutex_lock’ from ‘krb5_mkt_add’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:533:5: return_function: returning to ‘krb5_mkt_add’ from ‘k5_mutex_lock’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:535:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:536:8: branch_false: following ‘false’ branch (when ‘cursor’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:540:42: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:541:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:546:28: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:551:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:557:60: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:558:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:565:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:574:5: call_function: calling ‘k5_mutex_unlock’ from ‘krb5_mkt_add’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:574:5: return_function: returning to ‘krb5_mkt_add’ from ‘k5_mutex_unlock’
krb5-1.21.3/src/lib/krb5/keytab/kt_memory.c:575:12: danger: ‘cursor’ leaks here; was allocated at [(7)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/6)
#  573|   done:
#  574|       KTUNLOCK(id);
#  575|->     return err;
#  576|   }
#  577|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def819]
krb5-1.21.3/src/lib/krb5/keytab/ktbase.c:198:19: warning[-Wanalyzer-malloc-leak]: leak of ‘pfx’
krb5-1.21.3/src/lib/krb5/keytab/ktbase.c:152:1: enter_function: entry to ‘krb5_kt_resolve’
krb5-1.21.3/src/lib/krb5/keytab/ktbase.c:164:8: branch_false: following ‘false’ branch (when ‘cp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/keytab/ktbase.c:167:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/ktbase.c:176:15: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/ktbase.c:182:31: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/ktbase.c:183:15: call_function: calling ‘k5memdup0’ from ‘krb5_kt_resolve’
krb5-1.21.3/src/lib/krb5/keytab/ktbase.c:183:15: return_function: returning to ‘krb5_kt_resolve’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/keytab/ktbase.c:184:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/keytab/ktbase.c:190:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/keytab/ktbase.c:190:5: call_function: calling ‘k5_mutex_lock’ from ‘krb5_kt_resolve’
krb5-1.21.3/src/lib/krb5/keytab/ktbase.c:190:5: return_function: returning to ‘krb5_kt_resolve’ from ‘k5_mutex_lock’
krb5-1.21.3/src/lib/krb5/keytab/ktbase.c:195:5: call_function: calling ‘k5_mutex_unlock’ from ‘krb5_kt_resolve’
krb5-1.21.3/src/lib/krb5/keytab/ktbase.c:195:5: return_function: returning to ‘krb5_kt_resolve’ from ‘k5_mutex_unlock’
krb5-1.21.3/src/lib/krb5/keytab/ktbase.c:196:12: branch_true: following ‘true’ branch (when ‘tlist’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/keytab/ktbase.c:197:21: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/keytab/ktbase.c:197:12: branch_true: following ‘true’ branch (when the strings are equal)...
krb5-1.21.3/src/lib/krb5/keytab/ktbase.c:198:21: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/keytab/ktbase.c:198:19: danger: ‘pfx’ leaks here; was allocated at [(12)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/11)
#  196|       for (; tlist; tlist = tlist->next) {
#  197|           if (strcmp (tlist->ops->prefix, pfx) == 0) {
#  198|->             err = (*tlist->ops->resolve)(context, resid, &id);
#  199|               if (!err)
#  200|                   *ktid = id;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def820]
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:138:11: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:120:1: enter_function: entry to ‘authind_get_attribute_types’
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:131:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:138:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:138:11: danger: ‘ptr’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  136|           return ENOMEM;
#  137|   
#  138|->     ret = krb5int_copy_data_contents(kcontext, &authind_attr, &attrs[0]);
#  139|       if (ret)
#  140|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def821]
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:283:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:256:1: enter_function: entry to ‘authind_internalize’
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:269:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:272:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:272:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:275:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:276:25: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:276:16: call_function: inlined call to ‘k5calloc’ from ‘authind_internalize’
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:281:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:281:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:283:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:283:15: danger: ‘ptr’ leaks here; was allocated at [(9)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/8)
#  281|       for (i = 0; i < count; i++) {
#  282|           /* Get the length. */
#  283|->         ret = krb5_ser_unpack_int32(&len, &bp, &remain);
#  284|           if (ret)
#  285|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def822]
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:298:15: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:256:1: enter_function: entry to ‘authind_internalize’
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:269:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:272:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:272:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:275:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:276:25: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:276:16: call_function: inlined call to ‘k5calloc’ from ‘authind_internalize’
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:281:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:281:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:283:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:284:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:286:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:286:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:292:19: call_function: inlined call to ‘k5alloc’ from ‘authind_internalize’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:293:12: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:295:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:295:15: call_function: calling ‘alloc_data’ from ‘authind_internalize’
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:295:15: return_function: returning to ‘authind_internalize’ from ‘alloc_data’
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:296:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:298:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:298:15: danger: ‘<unknown>’ leaks here; was allocated at [(25)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/24)
#  296|           if (ret)
#  297|               goto cleanup;
#  298|->         ret = krb5_ser_unpack_bytes((uint8_t *)inds[i]->data, len, &bp,
#  299|                                       &remain);
#  300|           if (ret)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def823]
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:298:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:256:1: enter_function: entry to ‘authind_internalize’
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:269:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:272:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:272:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:275:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:276:25: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:276:16: call_function: inlined call to ‘k5calloc’ from ‘authind_internalize’
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:281:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:281:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:283:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:284:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:286:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:286:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:292:19: call_function: inlined call to ‘k5alloc’ from ‘authind_internalize’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:293:12: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:295:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:295:15: call_function: calling ‘alloc_data’ from ‘authind_internalize’
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:295:15: return_function: returning to ‘authind_internalize’ from ‘alloc_data’
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:296:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:298:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:298:15: danger: ‘ptr’ leaks here; was allocated at [(19)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/18)
#  296|           if (ret)
#  297|               goto cleanup;
#  298|->         ret = krb5_ser_unpack_bytes((uint8_t *)inds[i]->data, len, &bp,
#  299|                                       &remain);
#  300|           if (ret)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def824]
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:304:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:256:1: enter_function: entry to ‘authind_internalize’
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:269:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:272:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:272:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:275:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:276:25: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:276:16: call_function: inlined call to ‘k5calloc’ from ‘authind_internalize’
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:281:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:281:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:304:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:304:5: danger: ‘ptr’ leaks here; was allocated at [(9)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/8)
#  302|       }
#  303|   
#  304|->     k5_free_data_ptr_list(aictx->indicators);
#  305|       aictx->indicators = inds;
#  306|       inds = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def825]
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:312:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:256:1: enter_function: entry to ‘authind_internalize’
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:269:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:272:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:272:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:275:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:276:25: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:276:16: call_function: inlined call to ‘k5calloc’ from ‘authind_internalize’
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:281:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:281:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:283:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ai_authdata.c:312:5: danger: ‘ptr’ leaks here; was allocated at [(9)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/8)
#  310|   
#  311|   cleanup:
#  312|->     k5_free_data_ptr_list(inds);
#  313|       return ret;
#  314|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def826]
krb5-1.21.3/src/lib/krb5/krb/authdata.c:87:12: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1119:1: enter_function: entry to ‘krb5_authdata_context_copy’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1128:12: call_function: calling ‘krb5_authdata_context_init’ from ‘krb5_authdata_context_copy’
#   85|           return ENOSYS;
#   86|   
#   87|->     code = (*table->init)(kcontext, &plugin_context);
#   88|       if (code != 0) {
#   89|   #ifdef DEBUG

Error: GCC_ANALYZER_WARNING (CWE-401): [#def827]
krb5-1.21.3/src/lib/krb5/krb/authdata.c:87:12: warning[-Wanalyzer-malloc-leak]: leak of ‘context’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1119:1: enter_function: entry to ‘krb5_authdata_context_copy’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1128:12: call_function: calling ‘krb5_authdata_context_init’ from ‘krb5_authdata_context_copy’
#   85|           return ENOSYS;
#   86|   
#   87|->     code = (*table->init)(kcontext, &plugin_context);
#   88|       if (code != 0) {
#   89|   #ifdef DEBUG

Error: GCC_ANALYZER_WARNING (CWE-401): [#def828]
krb5-1.21.3/src/lib/krb5/krb/authdata.c:106:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1119:1: enter_function: entry to ‘krb5_authdata_context_copy’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1128:12: call_function: calling ‘krb5_authdata_context_init’ from ‘krb5_authdata_context_copy’
#  104|           context->modules[k].name = table->name;
#  105|           if (table->flags != NULL) {
#  106|->             (*table->flags)(kcontext, plugin_context,
#  107|                               context->modules[k].ad_type,
#  108|                               &context->modules[k].flags);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def829]
krb5-1.21.3/src/lib/krb5/krb/authdata.c:106:13: warning[-Wanalyzer-malloc-leak]: leak of ‘context’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1119:1: enter_function: entry to ‘krb5_authdata_context_copy’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1128:12: call_function: calling ‘krb5_authdata_context_init’ from ‘krb5_authdata_context_copy’
#  104|           context->modules[k].name = table->name;
#  105|           if (table->flags != NULL) {
#  106|->             (*table->flags)(kcontext, plugin_context,
#  107|                               context->modules[k].ad_type,
#  108|                               &context->modules[k].flags);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def830]
krb5-1.21.3/src/lib/krb5/krb/authdata.c:119:20: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1119:1: enter_function: entry to ‘krb5_authdata_context_copy’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1128:12: call_function: calling ‘krb5_authdata_context_init’ from ‘krb5_authdata_context_copy’
#  117|   
#  118|               /* For now, single request per context. That may change */
#  119|->             code = (*table->request_init)(kcontext,
#  120|                                             context,
#  121|                                             plugin_context,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def831]
krb5-1.21.3/src/lib/krb5/krb/authdata.c:119:20: warning[-Wanalyzer-malloc-leak]: leak of ‘context’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1119:1: enter_function: entry to ‘krb5_authdata_context_copy’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1128:12: call_function: calling ‘krb5_authdata_context_init’ from ‘krb5_authdata_context_copy’
#  117|   
#  118|               /* For now, single request per context. That may change */
#  119|->             code = (*table->request_init)(kcontext,
#  120|                                             context,
#  121|                                             plugin_context,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def832]
krb5-1.21.3/src/lib/krb5/krb/authdata.c:216:12: warning[-Wanalyzer-malloc-leak]: leak of ‘attrs’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:924:1: enter_function: entry to ‘krb5_authdata_export_attributes’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:936:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:939:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:939:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:940:8: branch_false: following ‘false’ branch (when ‘attrs’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:943:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:946:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:951:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:954:12: call_function: calling ‘k5_ad_externalize’ from ‘krb5_authdata_export_attributes’
#  214|   
#  215|       /* placeholder for count */
#  216|->     code = krb5_ser_pack_int32(0, &bp, &remain);
#  217|       if (code != 0)
#  218|           return code;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def833]
krb5-1.21.3/src/lib/krb5/krb/authdata.c:216:12: warning[-Wanalyzer-malloc-leak]: leak of ‘bp’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:924:1: enter_function: entry to ‘krb5_authdata_export_attributes’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:936:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:939:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:940:8: branch_false: following ‘false’ branch (when ‘attrs’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:943:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:945:19: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:946:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:951:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:954:12: call_function: calling ‘k5_ad_externalize’ from ‘krb5_authdata_export_attributes’
#  214|   
#  215|       /* placeholder for count */
#  216|->     code = krb5_ser_pack_int32(0, &bp, &remain);
#  217|       if (code != 0)
#  218|           return code;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def834]
krb5-1.21.3/src/lib/krb5/krb/authdata.c:240:16: warning[-Wanalyzer-malloc-leak]: leak of ‘attrs’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:924:1: enter_function: entry to ‘krb5_authdata_export_attributes’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:936:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:939:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:939:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:940:8: branch_false: following ‘false’ branch (when ‘attrs’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:943:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:946:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:951:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:954:12: call_function: calling ‘k5_ad_externalize’ from ‘krb5_authdata_export_attributes’
#  238|           namelen = strlen(module->name);
#  239|   
#  240|->         code = krb5_ser_pack_int32((krb5_int32)namelen, &bp, &remain);
#  241|           if (code != 0)
#  242|               break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def835]
krb5-1.21.3/src/lib/krb5/krb/authdata.c:244:16: warning[-Wanalyzer-malloc-leak]: leak of ‘attrs’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:924:1: enter_function: entry to ‘krb5_authdata_export_attributes’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:936:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:939:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:939:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:940:8: branch_false: following ‘false’ branch (when ‘attrs’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:943:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:946:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:951:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:954:12: call_function: calling ‘k5_ad_externalize’ from ‘krb5_authdata_export_attributes’
#  242|               break;
#  243|   
#  244|->         code = krb5_ser_pack_bytes((krb5_octet *)module->name,
#  245|                                      namelen, &bp, &remain);
#  246|           if (code != 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def836]
krb5-1.21.3/src/lib/krb5/krb/authdata.c:249:16: warning[-Wanalyzer-malloc-leak]: leak of ‘attrs’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:924:1: enter_function: entry to ‘krb5_authdata_export_attributes’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:936:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:939:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:939:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:940:8: branch_false: following ‘false’ branch (when ‘attrs’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:943:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:946:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:951:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:954:12: call_function: calling ‘k5_ad_externalize’ from ‘krb5_authdata_export_attributes’
#  247|               break;
#  248|   
#  249|->         code = (*module->ftable->externalize)(kcontext,
#  250|                                                 context,
#  251|                                                 module->plugin_context,

Error: GCC_ANALYZER_WARNING (CWE-476): [#def837]
krb5-1.21.3/src/lib/krb5/krb/authdata.c:424:16: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘tables’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1119:1: enter_function: entry to ‘krb5_authdata_context_copy’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1128:12: call_function: calling ‘krb5_authdata_context_init’ from ‘krb5_authdata_context_copy’
#  422|       /* fill in the structure */
#  423|       for (i = 0, k = 0, code = 0; i < n_tables - internal_count; i++) {
#  424|->         code = k5_ad_init_modules(kcontext, context, tables[i], &k);
#  425|           if (code != 0)
#  426|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def838]
krb5-1.21.3/src/lib/krb5/krb/authdata.c:439:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1119:1: enter_function: entry to ‘krb5_authdata_context_copy’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1128:12: call_function: calling ‘krb5_authdata_context_init’ from ‘krb5_authdata_context_copy’
#  437|   cleanup:
#  438|       if (tables != NULL)
#  439|->         krb5int_free_plugin_dir_data(tables);
#  440|   
#  441|       if (code != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def839]
krb5-1.21.3/src/lib/krb5/krb/authdata.c:439:9: warning[-Wanalyzer-malloc-leak]: leak of ‘context’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1119:1: enter_function: entry to ‘krb5_authdata_context_copy’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1128:12: call_function: calling ‘krb5_authdata_context_init’ from ‘krb5_authdata_context_copy’
#  437|   cleanup:
#  438|       if (tables != NULL)
#  439|->         krb5int_free_plugin_dir_data(tables);
#  440|   
#  441|       if (code != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def840]
krb5-1.21.3/src/lib/krb5/krb/authdata.c:442:9: warning[-Wanalyzer-malloc-leak]: leak of ‘context’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1119:1: enter_function: entry to ‘krb5_authdata_context_copy’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1128:12: call_function: calling ‘krb5_authdata_context_init’ from ‘krb5_authdata_context_copy’
#  440|   
#  441|       if (code != 0) {
#  442|->         krb5int_close_plugin_dirs(&plugins);
#  443|           krb5_authdata_context_free(kcontext, context);
#  444|       } else {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def841]
krb5-1.21.3/src/lib/krb5/krb/authdata.c:555:15: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:611:1: enter_function: entry to ‘krb5int_authdata_verify’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:629:12: call_function: calling ‘k5_get_kdc_issued_authdata’ from ‘krb5int_authdata_verify’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:629:12: return_function: returning to ‘krb5int_authdata_verify’ from ‘k5_get_kdc_issued_authdata’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:631:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:634:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:634:12: call_function: calling ‘get_cammac_authdata’ from ‘krb5int_authdata_verify’
#  553|   
#  554|       for (i = 0; cammacs != NULL && cammacs[i] != NULL; i++) {
#  555|->         ret = k5_unwrap_cammac_svc(kcontext, cammacs[i], key, &elements);
#  556|           if (ret && ret != KRB5KRB_AP_ERR_BAD_INTEGRITY)
#  557|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def842]
krb5-1.21.3/src/lib/krb5/krb/authdata.c:772:13: warning[-Wanalyzer-malloc-leak]: leak of ‘attrs’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:756:1: enter_function: entry to ‘krb5_authdata_get_attribute_types’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:765:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:766:57: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:765:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:766:57: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:779:16: call_function: calling ‘k5_merge_data_list’ from ‘krb5_authdata_get_attribute_types’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:779:16: return_function: returning to ‘krb5_authdata_get_attribute_types’ from ‘k5_merge_data_list’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:780:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:784:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:765:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:766:57: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:769:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:775:53: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:772:13: danger: ‘attrs’ leaks here; was allocated at [(8)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/7)
#  770|               continue;
#  771|   
#  772|->         if ((*module->ftable->get_attribute_types)(kcontext,
#  773|                                                      context,
#  774|                                                      module->plugin_context,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def843]
krb5-1.21.3/src/lib/krb5/krb/authdata.c:781:13: warning[-Wanalyzer-malloc-leak]: leak of ‘attrs’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:756:1: enter_function: entry to ‘krb5_authdata_get_attribute_types’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:765:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:766:57: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:765:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:766:57: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:779:16: call_function: calling ‘k5_merge_data_list’ from ‘krb5_authdata_get_attribute_types’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:779:16: return_function: returning to ‘krb5_authdata_get_attribute_types’ from ‘k5_merge_data_list’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:780:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:784:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:765:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:766:57: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:769:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:775:53: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:772:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:779:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:780:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:781:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:781:13: danger: ‘attrs’ leaks here; was allocated at [(8)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/7)
#  779|           code = k5_merge_data_list(&attrs, attrs2, &attrs_len);
#  780|           if (code != 0) {
#  781|->             krb5int_free_data_list(kcontext, attrs2);
#  782|               break;
#  783|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def844]
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1077:16: warning[-Wanalyzer-malloc-leak]: leak of ‘bp’
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1034:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1035:57: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1044:8: branch_false: following ‘false’ branch (when ‘dst_module’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1048:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1048:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1051:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1051:5: branch_true: following ‘true’ branch (when the strings are equal)...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1054:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1054:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1055:16: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1058:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1059:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1059:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1060:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1060:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1062:16: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1067:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1070:20: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1070:20: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1071:12: branch_false: following ‘false’ branch (when ‘contents’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1074:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata.c:1077:16: danger: ‘bp’ leaks here; was allocated at [(19)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/18)
# 1075|           remain = size;
# 1076|   
# 1077|->         code = (*src_module->ftable->externalize)(kcontext,
# 1078|                                                     context,
# 1079|                                                     src_module->plugin_context,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def845]
krb5-1.21.3/src/lib/krb5/krb/authdata_dec.c:74:12: warning[-Wanalyzer-malloc-leak]: leak of ‘fctx.out’
krb5-1.21.3/src/lib/krb5/krb/authdata_dec.c:160:1: enter_function: entry to ‘krb5_find_authdata’
krb5-1.21.3/src/lib/krb5/krb/authdata_dec.c:169:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/authdata_dec.c:171:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata_dec.c:173:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata_dec.c:173:8: branch_true: following ‘true’ branch (when ‘ticket_authdata’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/authdata_dec.c:174:18: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata_dec.c:174:18: call_function: calling ‘find_authdata_1’ from ‘krb5_find_authdata’
#   72|       data.data = (char *)container->contents;
#   73|   
#   74|->     code = decode_krb5_authdata(&data, authdata);
#   75|       if (code)
#   76|           return code;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def846]
krb5-1.21.3/src/lib/krb5/krb/authdata_dec.c:107:14: warning[-Wanalyzer-malloc-leak]: leak of ‘fctx.out’
krb5-1.21.3/src/lib/krb5/krb/authdata_dec.c:160:1: enter_function: entry to ‘krb5_find_authdata’
krb5-1.21.3/src/lib/krb5/krb/authdata_dec.c:169:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/authdata_dec.c:171:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata_dec.c:173:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata_dec.c:173:8: branch_true: following ‘true’ branch (when ‘ticket_authdata’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/authdata_dec.c:174:18: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata_dec.c:174:18: call_function: calling ‘find_authdata_1’ from ‘krb5_find_authdata’
#  105|       }
#  106|       fctx->out[fctx->length+1] = NULL;
#  107|->     retval = krb5int_copy_authdatum(context, elem,
#  108|                                       &fctx->out[fctx->length]);
#  109|       if (retval == 0)

Error: CPPCHECK_WARNING (CWE-401): [#def847]
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:74: error[memleakOnRealloc]: Common realloc mistake: 'authdata' nulled but not freed upon failure
#   72|               ;
#   73|   
#   74|->         authdata = realloc(authdata, (len + j + 1) * sizeof(krb5_authdata *));
#   75|           if (authdata == NULL)
#   76|               return ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def848]
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:88:9: warning[-Wanalyzer-malloc-leak]: leak of ‘authdata’
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:46:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:47:57: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:51:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:54:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:54:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:60:52: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:68:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:75:12: branch_false: following ‘false’ branch (when ‘authdata’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:78:25: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:51:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:54:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:54:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:60:52: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:63:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:65:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:65:17: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:84:8: branch_true: following ‘true’ branch (when ‘authdata’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:85:17: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:87:8: branch_true: following ‘true’ branch (when ‘code != 0’)...
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:88:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/authdata_exp.c:88:9: danger: ‘authdata’ leaks here; was allocated at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#   86|   
#   87|       if (code != 0) {
#   88|->         krb5_free_authdata(kcontext, authdata);
#   89|           return code;
#   90|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def849]
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:70:9: warning[-Wanalyzer-malloc-leak]: leak of ‘princ_data’
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:58:32: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:59:8: branch_false: following ‘false’ branch (when ‘princ_data’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:61:34: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:62:8: branch_false: following ‘false’ branch (when ‘princ_ret’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:66:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:70:9: danger: ‘princ_data’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   68|       tmpdata.length = rlen;
#   69|       tmpdata.data = (char *) realm;
#   70|->     if (krb5int_copy_data_contents_add0(context, &tmpdata, &princ_ret->realm) != 0) {
#   71|           free(princ_data);
#   72|           free(princ_ret);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def850]
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:70:9: warning[-Wanalyzer-malloc-leak]: leak of ‘princ_ret’
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:59:8: branch_false: following ‘false’ branch (when ‘princ_data’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:61:34: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:61:34: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:62:8: branch_false: following ‘false’ branch (when ‘princ_ret’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:66:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:70:9: danger: ‘princ_ret’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   68|       tmpdata.length = rlen;
#   69|       tmpdata.data = (char *) realm;
#   70|->     if (krb5int_copy_data_contents_add0(context, &tmpdata, &princ_ret->realm) != 0) {
#   71|           free(princ_data);
#   72|           free(princ_ret);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def851]
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:81:13: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:59:8: branch_false: following ‘false’ branch (when ‘princ_data’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:61:34: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:62:8: branch_false: following ‘false’ branch (when ‘princ_ret’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:66:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:70:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:77:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:77:5: acquire_resource: ‘va_start’ called here
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:78:17: branch_true: following ‘true’ branch (when ‘i < count’)...
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:79:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/bld_pr_ext.c:81:13: danger: missing call to ‘va_end’ to match ‘va_start’ at [(7)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/6)
#   79|           tmpdata.length = va_arg(ap, unsigned int);
#   80|           tmpdata.data = va_arg(ap, char *);
#   81|->         if (krb5int_copy_data_contents_add0(context, &tmpdata,
#   82|                                               &princ_data[i]) != 0)
#   83|               goto free_out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def852]
krb5-1.21.3/src/lib/krb5/krb/conv_princ.c:228:14: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp_prealm’
krb5-1.21.3/src/lib/krb5/krb/conv_princ.c:161:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/conv_princ.c:164:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/conv_princ.c:206:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/conv_princ.c:208:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/conv_princ.c:219:18: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/conv_princ.c:220:8: branch_false: following ‘false’ branch (when ‘tmp_prealm’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/conv_princ.c:222:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/conv_princ.c:228:14: danger: ‘tmp_prealm’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  226|          krb5 principal realm from krb5.conf realms stanza */
#  227|   
#  228|->     retval = profile_get_string(context->profile, KRB5_CONF_REALMS,
#  229|                                   tmp_prealm, KRB5_CONF_V4_REALM, 0,
#  230|                                   &tmp_realm);

Error: COMPILER_WARNING: [#def853]
krb5-1.21.3/src/lib/krb5/krb/conv_princ.c: scope_hint: In function ‘krb5_524_conv_principal’
krb5-1.21.3/src/lib/krb5/krb/conv_princ.c:246:13: warning[-Wstringop-truncation]: ‘strncpy’ specified bound depends on the length of the source argument
#  246 |             strncpy(realm, tmp_realm, tmp_realm_len);
#      |             ^
krb5-1.21.3/src/lib/krb5/krb/conv_princ.c:241:30: note: length computed here
#  241 |             tmp_realm_len =  strlen(tmp_realm);
#      |                              ^~~~~~~~~~~~~~~~~
#  244|                   return KRB5_INVALID_PRINCIPAL;
#  245|               }
#  246|->             strncpy(realm, tmp_realm, tmp_realm_len);
#  247|               realm[tmp_realm_len] = '\0';
#  248|               profile_release_string(tmp_realm);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def854]
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:70:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:50:1: enter_function: entry to ‘krb5_copy_addresses’
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:56:8: branch_false: following ‘false’ branch (when ‘inaddr’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:64:8: branch_false: following ‘false’ branch (when ‘tempaddr’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:67:22: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:68:18: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:68:18: call_function: calling ‘krb5_copy_addr’ from ‘krb5_copy_addresses’
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:68:18: return_function: returning to ‘krb5_copy_addresses’ from ‘krb5_copy_addr’
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:69:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:67:38: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:67:22: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:68:18: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:69:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:70:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:70:13: danger: ‘<unknown>’ leaks here; was allocated at [(12)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/11)
#   68|           retval = krb5_copy_addr(context, inaddr[nelems], &tempaddr[nelems]);
#   69|           if (retval) {
#   70|->             krb5_free_addresses(context, tempaddr);
#   71|               return retval;
#   72|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def855]
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:70:13: warning[-Wanalyzer-malloc-leak]: leak of ‘tempaddr’
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:56:8: branch_false: following ‘false’ branch (when ‘inaddr’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:64:40: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:64:8: branch_false: following ‘false’ branch (when ‘tempaddr’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:67:22: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:68:18: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:69:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:70:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_addrs.c:70:13: danger: ‘tempaddr’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   68|           retval = krb5_copy_addr(context, inaddr[nelems], &tempaddr[nelems]);
#   69|           if (retval) {
#   70|->             krb5_free_addresses(context, tempaddr);
#   71|               return retval;
#   72|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def856]
krb5-1.21.3/src/lib/krb5/krb/copy_athctr.c:42:14: warning[-Wanalyzer-malloc-leak]: leak of ‘tempto’
krb5-1.21.3/src/lib/krb5/krb/copy_athctr.c:38:42: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/copy_athctr.c:38:8: branch_false: following ‘false’ branch (when ‘tempto’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/copy_athctr.c:40:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_athctr.c:42:14: danger: ‘tempto’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   40|       *tempto = *authfrom;
#   41|   
#   42|->     retval = krb5_copy_principal(context, authfrom->client, &tempto->client);
#   43|       if (retval) {
#   44|           free(tempto);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def857]
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:88:22: warning[-Wanalyzer-malloc-leak]: leak of ‘tempauthdat’
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:71:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:76:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:82:44: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:82:8: branch_false: following ‘false’ branch (when ‘tempauthdat’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:86:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:86:8: branch_true: following ‘true’ branch (when ‘inauthdat1’ is non-NULL)...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:87:26: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:88:22: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:88:22: danger: ‘tempauthdat’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   86|       if (inauthdat1) {
#   87|           for (nelems = 0; inauthdat1[nelems]; nelems++) {
#   88|->             retval = krb5int_copy_authdatum(context, inauthdat1[nelems],
#   89|                                               &tempauthdat[nelems]);
#   90|               if (retval) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def858]
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:99:22: warning[-Wanalyzer-malloc-leak]: leak of ‘tempauthdat’
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:71:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:76:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:82:44: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:82:8: branch_false: following ‘false’ branch (when ‘tempauthdat’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:86:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:97:8: branch_true: following ‘true’ branch (when ‘inauthdat2’ is non-NULL)...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:98:27: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:100:58: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:99:22: danger: ‘tempauthdat’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#   97|       if (inauthdat2) {
#   98|           for (nelems2 = 0; inauthdat2[nelems2]; nelems2++) {
#   99|->             retval = krb5int_copy_authdatum(context, inauthdat2[nelems2],
#  100|                                               &tempauthdat[nelems++]);
#  101|               if (retval) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def859]
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:102:17: warning[-Wanalyzer-malloc-leak]: leak of ‘tempauthdat’
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:71:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:76:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:82:44: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:82:8: branch_false: following ‘false’ branch (when ‘tempauthdat’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:86:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:97:8: branch_true: following ‘true’ branch (when ‘inauthdat2’ is non-NULL)...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:98:27: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:100:58: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_auth.c:102:17: danger: ‘tempauthdat’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  100|                                               &tempauthdat[nelems++]);
#  101|               if (retval) {
#  102|->                 krb5_free_authdata(context, tempauthdat);
#  103|                   return retval;
#  104|               }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def860]
krb5-1.21.3/src/lib/krb5/krb/copy_creds.c:65:14: warning[-Wanalyzer-malloc-leak]: leak of ‘tempcred’
krb5-1.21.3/src/lib/krb5/krb/copy_creds.c:35:1: enter_function: entry to ‘krb5_copy_creds’
krb5-1.21.3/src/lib/krb5/krb/copy_creds.c:40:36: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/copy_creds.c:40:8: branch_false: following ‘false’ branch (when ‘tempcred’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/copy_creds.c:43:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_creds.c:43:14: call_function: calling ‘k5_copy_creds_contents’ from ‘krb5_copy_creds’
#   63|   
#   64|       *tempcred = *incred;
#   65|->     retval = krb5_copy_principal(context, incred->client, &tempcred->client);
#   66|       if (retval)
#   67|           goto cleanlast;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def861]
krb5-1.21.3/src/lib/krb5/krb/copy_ctx.c:95:11: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/copy_ctx.c:63:8: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/copy_ctx.c:66:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_ctx.c:67:8: branch_false: following ‘false’ branch (when ‘nctx’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/copy_ctx.c:70:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_ctx.c:86:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/copy_ctx.c:87:25: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_ctx.c:87:25: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/copy_ctx.c:95:11: danger: ‘<unknown>’ leaks here; was allocated at [(7)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/6)
#   93|       memset(&nctx->plugins, 0, sizeof(nctx->plugins));
#   94|   
#   95|->     ret = k5_copy_etypes(ctx->tgs_etypes, &nctx->tgs_etypes);
#   96|       if (ret)
#   97|           goto errout;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def862]
krb5-1.21.3/src/lib/krb5/krb/copy_ctx.c:95:11: warning[-Wanalyzer-malloc-leak]: leak of ‘nctx’
krb5-1.21.3/src/lib/krb5/krb/copy_ctx.c:63:8: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/copy_ctx.c:66:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_ctx.c:66:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/copy_ctx.c:67:8: branch_false: following ‘false’ branch (when ‘nctx’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/copy_ctx.c:70:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_ctx.c:86:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/copy_ctx.c:88:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_ctx.c:95:11: danger: ‘nctx’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   93|       memset(&nctx->plugins, 0, sizeof(nctx->plugins));
#   94|   
#   95|->     ret = k5_copy_etypes(ctx->tgs_etypes, &nctx->tgs_etypes);
#   96|       if (ret)
#   97|           goto errout;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def863]
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:53:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:40:8: branch_false: following ‘false’ branch (when ‘tempprinc’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:43:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:45:23: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:47:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:52:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:54:41: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:53:13: danger: ‘<unknown>’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#   51|   
#   52|       for (i = 0; i < inprinc->length; i++) {
#   53|->         if (krb5int_copy_data_contents(context, &inprinc->data[i],
#   54|                                          &tempprinc->data[i]) != 0) {
#   55|               while (--i >= 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def864]
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:53:13: warning[-Wanalyzer-malloc-leak]: leak of ‘tempprinc’
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:38:33: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:40:8: branch_false: following ‘false’ branch (when ‘tempprinc’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:43:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:47:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:52:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:54:41: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:53:13: danger: ‘tempprinc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   51|   
#   52|       for (i = 0; i < inprinc->length; i++) {
#   53|->         if (krb5int_copy_data_contents(context, &inprinc->data[i],
#   54|                                          &tempprinc->data[i]) != 0) {
#   55|               while (--i >= 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def865]
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:63:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:40:8: branch_false: following ‘false’ branch (when ‘tempprinc’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:43:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:45:23: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:47:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:52:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:63:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:63:9: danger: ‘<unknown>’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#   61|       }
#   62|   
#   63|->     if (krb5int_copy_data_contents_add0(context, &inprinc->realm,
#   64|                                           &tempprinc->realm) != 0) {
#   65|           for (i = 0; i < inprinc->length; i++)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def866]
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:63:9: warning[-Wanalyzer-malloc-leak]: leak of ‘tempprinc’
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:38:33: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:40:8: branch_false: following ‘false’ branch (when ‘tempprinc’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:43:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:47:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:52:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:63:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_princ.c:63:9: danger: ‘tempprinc’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#   61|       }
#   62|   
#   63|->     if (krb5int_copy_data_contents_add0(context, &inprinc->realm,
#   64|                                           &tempprinc->realm) != 0) {
#   65|           for (i = 0; i < inprinc->length; i++)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def867]
krb5-1.21.3/src/lib/krb5/krb/copy_tick.c:39:14: warning[-Wanalyzer-malloc-leak]: leak of ‘tempto’
krb5-1.21.3/src/lib/krb5/krb/copy_tick.c:36:41: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/copy_tick.c:36:8: branch_false: following ‘false’ branch (when ‘tempto’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/copy_tick.c:38:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_tick.c:39:14: danger: ‘tempto’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   37|           return ENOMEM;
#   38|       *tempto = *partfrom;
#   39|->     retval = krb5_copy_keyblock(context, partfrom->session,
#   40|                                   &tempto->session);
#   41|       if (retval) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def868]
krb5-1.21.3/src/lib/krb5/krb/copy_tick.c:100:14: warning[-Wanalyzer-malloc-leak]: leak of ‘tempto’
krb5-1.21.3/src/lib/krb5/krb/copy_tick.c:97:35: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/copy_tick.c:97:8: branch_false: following ‘false’ branch (when ‘tempto’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/copy_tick.c:99:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/copy_tick.c:100:14: danger: ‘tempto’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   98|           return ENOMEM;
#   99|       *tempto = *from;
#  100|->     retval = krb5_copy_principal(context, from->server, &tempto->server);
#  101|       if (retval) {
#  102|           free(tempto);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def869]
krb5-1.21.3/src/lib/krb5/krb/decrypt_tk.c:57:19: warning[-Wanalyzer-malloc-leak]: leak of ‘scratch.data’
krb5-1.21.3/src/lib/krb5/krb/decrypt_tk.c:46:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/decrypt_tk.c:49:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/decrypt_tk.c:49:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/decrypt_tk.c:52:22: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/decrypt_tk.c:53:26: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/decrypt_tk.c:53:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/decrypt_tk.c:59:34: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/decrypt_tk.c:57:19: danger: ‘scratch.data’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#   55|   
#   56|       /* call the encryption routine */
#   57|->     if ((retval = krb5_c_decrypt(context, srv_key,
#   58|                                    KRB5_KEYUSAGE_KDC_REP_TICKET, 0,
#   59|                                    &ticket->enc_part, &scratch))) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def870]
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1187:29: warning[-Wanalyzer-malloc-leak]: leak of ‘yyptr’
krb5-1.21.3/src/lib/krb5/krb/x-deltat.y:231:1: enter_function: entry to ‘krb5_string_to_deltat’
krb5-1.21.3/src/lib/krb5/krb/x-deltat.y:236:9: call_function: calling ‘yyparse’ from ‘krb5_string_to_deltat’
# 1185|           yytype_int16 *yyss1 = yyss;
# 1186|           union yyalloc *yyptr =
# 1187|->           (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize));
# 1188|           if (! yyptr)
# 1189|             goto yyexhaustedlab;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def871]
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1190:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyss’
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1148:6: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1151:31: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1178:10: branch_false: following ‘false’ branch (when ‘yystacksize <= 9999’)...
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1180:7: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1188:12: branch_false: following ‘false’ branch (when ‘yyptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1190:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1190:9: danger: use of uninitialized value ‘yyss’ here
# 1188|           if (! yyptr)
# 1189|             goto yyexhaustedlab;
# 1190|->         YYSTACK_RELOCATE (yyss_alloc, yyss);
# 1191|           YYSTACK_RELOCATE (yyvs_alloc, yyvs);
# 1192|   #  undef YYSTACK_RELOCATE

Error: GCC_ANALYZER_WARNING (CWE-457): [#def872]
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1276:3: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yylval’
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1066:1: enter_function: entry to ‘yyparse’
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1148:6: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1211:6: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1211:6: branch_false: following ‘false’ branch (when ‘yystate != 6’)...
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1214:3: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1226:6: branch_false: following ‘false’ branch (when ‘yyn != -16’)...
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1232:6: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1232:6: branch_true: following ‘true’ branch (when ‘yychar == -2’)...
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1235:16: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1235:16: call_function: calling ‘mylex’ from ‘yyparse’
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1235:16: return_function: returning to ‘yyparse’ from ‘mylex’
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1238:6: branch_false: following ‘false’ branch (when ‘yychar != 0’)...
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1245:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1252:6: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1255:6: branch_false: following ‘false’ branch (when ‘yyn != 0’)...
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1265:6: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1265:6: branch_false: following ‘false’ branch (when ‘yyerrstatus == 0’)...
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1276:3: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1276:3: danger: use of uninitialized value ‘yylval’ here
# 1274|     yystate = yyn;
# 1275|     YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN
# 1276|->   *++yyvsp = yylval;
# 1277|     YY_IGNORE_MAYBE_UNINITIALIZED_END
# 1278|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def873]
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1307:3: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>.val’
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1066:1: enter_function: entry to ‘yyparse’
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1148:6: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1211:6: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1211:6: branch_false: following ‘false’ branch (when ‘yystate != 6’)...
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1214:3: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1226:6: branch_false: following ‘false’ branch (when ‘yyn != -16’)...
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1232:6: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1232:6: branch_true: following ‘true’ branch (when ‘yychar == -2’)...
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1235:16: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1235:16: call_function: calling ‘mylex’ from ‘yyparse’
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1235:16: return_function: returning to ‘yyparse’ from ‘mylex’
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1238:6: branch_false: following ‘false’ branch (when ‘yychar != 0’)...
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1245:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1287:6: branch_false: following ‘false’ branch (when ‘yyn != 0’)...
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1289:3: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1307:3: danger: use of uninitialized value ‘*<unknown>.val’ here
# 1305|        unconditionally makes the parser a bit smaller, and it avoids a
# 1306|        GCC warning that YYVAL may be used uninitialized.  */
# 1307|->   yyval = yyvsp[1-yylen];
# 1308|   
# 1309|   

Error: GCC_ANALYZER_WARNING (CWE-127): [#def874]
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1428:13: warning[-Wanalyzer-out-of-bounds]: buffer under-read
krb5-1.21.3/src/lib/krb5/krb/x-deltat.y:231:1: enter_function: entry to ‘krb5_string_to_deltat’
krb5-1.21.3/src/lib/krb5/krb/x-deltat.y:236:9: call_function: calling ‘yyparse’ from ‘krb5_string_to_deltat’
# 1426|     yyn = yyr1[yyn];
# 1427|   
# 1428|->   yystate = yypgoto[yyn - YYNTOKENS] + *yyssp;
# 1429|     if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp)
# 1430|       yystate = yytable[yystate];

Error: GCC_ANALYZER_WARNING (CWE-127): [#def875]
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1432:15: warning[-Wanalyzer-out-of-bounds]: buffer under-read
krb5-1.21.3/src/lib/krb5/krb/x-deltat.y:231:1: enter_function: entry to ‘krb5_string_to_deltat’
krb5-1.21.3/src/lib/krb5/krb/x-deltat.y:236:9: call_function: calling ‘yyparse’ from ‘krb5_string_to_deltat’
# 1430|       yystate = yytable[yystate];
# 1431|     else
# 1432|->     yystate = yydefgoto[yyn - YYNTOKENS];
# 1433|   
# 1434|     goto yynewstate;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def876]
krb5-1.21.3/src/lib/krb5/krb/deltat.c:1626:10: warning[-Wanalyzer-malloc-leak]: leak of ‘yyptr’
krb5-1.21.3/src/lib/krb5/krb/x-deltat.y:231:1: enter_function: entry to ‘krb5_string_to_deltat’
krb5-1.21.3/src/lib/krb5/krb/x-deltat.y:236:9: call_function: calling ‘yyparse’ from ‘krb5_string_to_deltat’
# 1624|       YYSTACK_FREE (yymsg);
# 1625|   #endif
# 1626|->   return yyresult;
# 1627|   }
# 1628|   #line 172 "x-deltat.y" /* yacc.c:1906  */

Error: CPPCHECK_WARNING (CWE-457): [#def877]
krb5-1.21.3/src/lib/krb5/krb/fast.c:192: warning[uninitvar]: Uninitialized variable: value
#  190|       }
#  191|   
#  192|->     return retval ? FALSE : value;
#  193|   
#  194|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def878]
krb5-1.21.3/src/lib/krb5/krb/fast.c:425:18: warning[-Wanalyzer-malloc-leak]: leak of ‘armored_req’
krb5-1.21.3/src/lib/krb5/krb/fast.c:387:5: branch_true: following ‘true’ branch (when ‘state’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/fast.c:388:5: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/fast.c:388:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/fast.c:389:5: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/fast.c:390:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fast.c:394:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fast.c:403:8: branch_true: following ‘true’ branch (when ‘retval == 0’)...
krb5-1.21.3/src/lib/krb5/krb/fast.c:404:49: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/fast.c:403:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fast.c:416:18: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fast.c:417:8: branch_true: following ‘true’ branch (when ‘retval == 0’)...
krb5-1.21.3/src/lib/krb5/krb/fast.c:418:23: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/fast.c:418:23: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/fast.c:419:12: branch_false: following ‘false’ branch (when ‘armored_req’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/fast.c:423:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fast.c:425:18: danger: ‘armored_req’ leaks here; was allocated at [(13)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/12)
#  423|           armored_req->armor = state->armor;
#  424|       if (retval ==0)
#  425|->         retval = krb5_c_make_checksum(context, 0, state->armor_key,
#  426|                                         KRB5_KEYUSAGE_FAST_REQ_CHKSUM,
#  427|                                         to_be_checksummed,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def879]
krb5-1.21.3/src/lib/krb5/krb/fast.c:505:18: warning[-Wanalyzer-malloc-leak]: leak of ‘scratch.data’
krb5-1.21.3/src/lib/krb5/krb/fast.c:486:5: branch_true: following ‘true’ branch (when ‘state’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/fast.c:487:5: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/fast.c:487:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/fast.c:488:16: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/fast.c:492:8: branch_true: following ‘true’ branch (when ‘retval == 0’)...
krb5-1.21.3/src/lib/krb5/krb/fast.c:493:33: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/fast.c:498:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/fast.c:499:49: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/fast.c:499:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/fast.c:500:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fast.c:502:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fast.c:504:8: branch_true: following ‘true’ branch (when ‘retval == 0’)...
krb5-1.21.3/src/lib/krb5/krb/fast.c:505:18: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/fast.c:505:18: danger: ‘scratch.data’ leaks here; was allocated at [(9)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/8)
#  503|       }
#  504|       if (retval == 0)
#  505|->         retval = krb5_c_decrypt(context, state->armor_key,
#  506|                                   KRB5_KEYUSAGE_FAST_REP, NULL,
#  507|                                   encrypted_response, &scratch);

Error: CPPCHECK_WARNING (CWE-457): [#def880]
krb5-1.21.3/src/lib/krb5/krb/fast.c:781: error[legacyUninitvar]: Uninitialized variable: valid
#  779|                                               KRB5_KEYUSAGE_AS_REQ,
#  780|                                               request, checksum, &valid);
#  781|->         if (retval == 0 &&valid == 0)
#  782|               retval = KRB5_KDCREP_MODIFIED;
#  783|           if (retval == 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def881]
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:142:18: warning[-Wanalyzer-malloc-leak]: leak of ‘def_rhost’
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:39:1: enter_function: entry to ‘krb5_fwd_tgt_creds’
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:61:8: branch_false: following ‘false’ branch (when ‘cc’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:66:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:67:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:69:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:96:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:99:55: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:101:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:105:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:109:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:113:54: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:113:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:118:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:118:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:123:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:123:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:124:12: branch_true: following ‘true’ branch (when ‘rhost’ is NULL)...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:125:17: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:125:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:130:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:130:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:135:57: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:135:25: call_function: calling ‘k5memdup0’ from ‘krb5_fwd_tgt_creds’
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:135:25: return_function: returning to ‘krb5_fwd_tgt_creds’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:137:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:142:18: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:142:18: danger: ‘def_rhost’ leaks here; was allocated at [(29)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/28)
#  140|           }
#  141|   
#  142|->         retval = k5_os_hostaddr(context, rhost, &addrs);
#  143|           if (retval)
#  144|               goto errout;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def882]
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:179:9: warning[-Wanalyzer-malloc-leak]: leak of ‘def_rhost’
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:39:1: enter_function: entry to ‘krb5_fwd_tgt_creds’
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:61:8: branch_false: following ‘false’ branch (when ‘cc’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:66:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:67:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:69:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:96:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:99:55: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:101:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:105:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:109:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:113:54: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:113:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:118:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:118:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:123:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:123:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:124:12: branch_true: following ‘true’ branch (when ‘rhost’ is NULL)...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:125:17: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:125:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:130:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:130:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:135:57: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:135:25: call_function: calling ‘k5memdup0’ from ‘krb5_fwd_tgt_creds’
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:135:25: return_function: returning to ‘krb5_fwd_tgt_creds’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:137:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:142:18: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:143:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:144:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:178:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:179:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:179:9: danger: ‘def_rhost’ leaks here; was allocated at [(29)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/28)
#  177|   errout:
#  178|       if (addrs)
#  179|->         krb5_free_addresses(context, addrs);
#  180|       if (defcc)
#  181|           krb5_cc_close(context, defcc);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def883]
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:179:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rhost’
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:39:1: enter_function: entry to ‘krb5_fwd_tgt_creds’
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:61:8: branch_false: following ‘false’ branch (when ‘cc’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:66:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:67:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:69:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:96:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:99:55: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:101:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:105:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:109:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:113:54: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:113:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:118:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:118:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:123:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:123:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:124:12: branch_true: following ‘true’ branch (when ‘rhost’ is NULL)...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:125:17: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:125:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:130:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:130:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:135:57: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:135:25: call_function: calling ‘k5memdup0’ from ‘krb5_fwd_tgt_creds’
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:135:25: return_function: returning to ‘krb5_fwd_tgt_creds’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:137:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:142:18: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:143:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:144:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:178:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:179:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/fwd_tgt.c:179:9: danger: ‘rhost’ leaks here; was allocated at [(29)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/28)
#  177|   errout:
#  178|       if (addrs)
#  179|->         krb5_free_addresses(context, addrs);
#  180|       if (defcc)
#  181|           krb5_cc_close(context, defcc);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def884]
krb5-1.21.3/src/lib/krb5/krb/gen_subkey.c:44:14: warning[-Wanalyzer-malloc-leak]: leak of ‘keyblock’
krb5-1.21.3/src/lib/krb5/krb/gen_subkey.c:40:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/gen_subkey.c:41:8: branch_false: following ‘false’ branch (when ‘keyblock’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/gen_subkey.c:44:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/gen_subkey.c:44:14: danger: ‘keyblock’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   42|           return ENOMEM;
#   43|   
#   44|->     retval = krb5_c_make_random_key(context, enctype, keyblock);
#   45|       if (retval) {
#   46|           free(*subkey);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def885]
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:128:12: warning[-Wanalyzer-malloc-leak]: leak of ‘creds’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1248:1: enter_function: entry to ‘krb5_tkt_creds_step’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1262:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1266:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1272:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1276:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1283:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1286:16: call_function: calling ‘step_get_tgt’ from ‘krb5_tkt_creds_step’
#  126|           return ENOMEM;
#  127|   
#  128|->     code = krb5_cc_retrieve_cred(context, ccache, flags, in_creds, creds);
#  129|       if (code != 0) {
#  130|           free(creds);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def886]
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1104:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1313:1: enter_function: entry to ‘krb5_get_credentials’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1325:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1331:14: call_function: inlined call to ‘k5alloc’ from ‘krb5_get_credentials’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1336:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1336:12: call_function: calling ‘krb5_tkt_creds_init’ from ‘krb5_get_credentials’
# 1102|       krb5_const_principal canonprinc;
# 1103|   
# 1104|->     TRACE_TKT_CREDS(context, in_creds, ccache);
# 1105|       ctx = k5alloc(sizeof(*ctx), &code);
# 1106|       if (ctx == NULL)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def887]
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1122:12: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1313:1: enter_function: entry to ‘krb5_get_credentials’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1325:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1331:14: call_function: inlined call to ‘k5alloc’ from ‘krb5_get_credentials’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1336:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1336:12: call_function: calling ‘krb5_tkt_creds_init’ from ‘krb5_get_credentials’
# 1120|       /* Copy the matching cred so we can modify it.  Steal the copy of the
# 1121|        * service principal name to remember the original request server. */
# 1122|->     code = krb5_copy_creds(context, in_creds, &ctx->in_creds);
# 1123|       if (code != 0)
# 1124|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def888]
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1131:12: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1313:1: enter_function: entry to ‘krb5_get_credentials’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1325:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1331:14: call_function: inlined call to ‘k5alloc’ from ‘krb5_get_credentials’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1336:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1336:12: call_function: calling ‘krb5_tkt_creds_init’ from ‘krb5_get_credentials’
# 1129|       ctx->iter.princ = ctx->req_server;
# 1130|   
# 1131|->     code = k5_canonprinc(context, &ctx->iter, &canonprinc);
# 1132|       if (code == 0 && canonprinc == NULL)
# 1133|           code = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def889]
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1136:12: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1313:1: enter_function: entry to ‘krb5_get_credentials’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1325:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1331:14: call_function: inlined call to ‘k5alloc’ from ‘krb5_get_credentials’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1336:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1336:12: call_function: calling ‘krb5_tkt_creds_init’ from ‘krb5_get_credentials’
# 1134|       if (code != 0)
# 1135|           goto cleanup;
# 1136|->     code = krb5_copy_principal(context, canonprinc, &ctx->in_creds->server);
# 1137|       if (code != 0)
# 1138|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def890]
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1142:12: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1313:1: enter_function: entry to ‘krb5_get_credentials’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1325:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1331:14: call_function: inlined call to ‘k5alloc’ from ‘krb5_get_credentials’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1336:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1336:12: call_function: calling ‘krb5_tkt_creds_init’ from ‘krb5_get_credentials’
# 1140|       ctx->client = ctx->in_creds->client;
# 1141|       ctx->server = ctx->in_creds->server;
# 1142|->     code = krb5_cc_dup(context, ccache, &ctx->ccache);
# 1143|       if (code != 0)
# 1144|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def891]
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1148:12: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1313:1: enter_function: entry to ‘krb5_get_credentials’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1325:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1331:14: call_function: inlined call to ‘k5alloc’ from ‘krb5_get_credentials’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1336:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1336:12: call_function: calling ‘krb5_tkt_creds_init’ from ‘krb5_get_credentials’
# 1146|       /* Get the start realm from the cache config, defaulting to the client
# 1147|        * realm. */
# 1148|->     code = krb5_cc_get_config(context, ccache, NULL, "start_realm",
# 1149|                                 &ctx->start_realm);
# 1150|       if (code != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def892]
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1151:16: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1313:1: enter_function: entry to ‘krb5_get_credentials’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1325:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1331:14: call_function: inlined call to ‘k5alloc’ from ‘krb5_get_credentials’
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1336:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/get_creds.c:1336:12: call_function: calling ‘krb5_tkt_creds_init’ from ‘krb5_get_credentials’
# 1149|                                 &ctx->start_realm);
# 1150|       if (code != 0) {
# 1151|->         code = krb5int_copy_data_contents(context, &ctx->client->realm,
# 1152|                                             &ctx->start_realm);
# 1153|           if (code != 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def893]
krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c:381:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c:1877:1: enter_function: entry to ‘krb5_init_creds_step’
krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c:1901:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c:1916:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c:1916:16: call_function: calling ‘restart_init_creds_loop’ from ‘krb5_init_creds_step’
#  379|               for (; i>=0; i--)
#  380|                   free(preauthp[i]);
#  381|->             free(preauthp);
#  382|               return (ENOMEM);
#  383|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def894]
krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c:771:11: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*realm.data, (long unsigned int)*realm.length, & ret)’
krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c:1877:1: enter_function: entry to ‘krb5_init_creds_step’
krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c:1901:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c:1916:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c:1916:16: call_function: calling ‘restart_init_creds_loop’ from ‘krb5_init_creds_step’
#  769|       if (realmstr == NULL)
#  770|           return FALSE;
#  771|->     ret = profile_get_boolean(profile, KRB5_CONF_REALMS, realmstr,
#  772|                                 KRB5_CONF_DISABLE_ENCRYPTED_TIMESTAMP, FALSE,
#  773|                                 &bval);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def895]
krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c:878:12: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c:1958:1: enter_function: entry to ‘k5_get_init_creds’
krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c:1968:12: call_function: calling ‘krb5_init_creds_init’ from ‘k5_get_init_creds’
#  876|           goto cleanup;
#  877|       ctx->info_pa_permitted = TRUE;
#  878|->     code = krb5_copy_principal(context, client, &ctx->request->client);
#  879|       if (code != 0)
#  880|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def896]
krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c:891:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c:1958:1: enter_function: entry to ‘k5_get_init_creds’
krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c:1968:12: call_function: calling ‘krb5_init_creds_init’ from ‘k5_get_init_creds’
#  889|       if (opt == NULL) {
#  890|           ctx->opt = &ctx->opt_storage;
#  891|->         krb5_get_init_creds_opt_init(ctx->opt);
#  892|       } else {
#  893|           ctx->opt = opt;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def897]
krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c:896:12: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c:1958:1: enter_function: entry to ‘k5_get_init_creds’
krb5-1.21.3/src/lib/krb5/krb/get_in_tkt.c:1968:12: call_function: calling ‘krb5_init_creds_init’ from ‘k5_get_init_creds’
#  894|       }
#  895|   
#  896|->     code = k5_response_items_new(&ctx->rctx.items);
#  897|       if (code != 0)
#  898|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def898]
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:104:20: warning[-Wanalyzer-malloc-leak]: leak of ‘etypes’
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:98:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:100:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:101:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:104:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:106:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:125:12: branch_false: following ‘false’ branch (when ‘p’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:130:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:104:20: danger: ‘etypes’ leaks here; was allocated at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  102|           return ret;
#  103|   
#  104|->     while (!(ret = krb5_kt_next_entry(context, keytab, &entry, &cursor))) {
#  105|           /* Extract what we need from the entry and free it. */
#  106|           etype = entry.key.enctype;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def899]
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:108:17: warning[-Wanalyzer-malloc-leak]: leak of ‘etypes’
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:98:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:100:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:101:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:104:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:106:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:125:12: branch_false: following ‘false’ branch (when ‘p’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:130:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:104:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:106:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:108:17: danger: ‘etypes’ leaks here; was allocated at [(7)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/6)
#  106|           etype = entry.key.enctype;
#  107|           vno = entry.vno;
#  108|->         match = krb5_principal_compare(context, entry.principal, client);
#  109|           krb5_free_keytab_entry_contents(context, &entry);
#  110|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def900]
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:109:9: warning[-Wanalyzer-malloc-leak]: leak of ‘etypes’
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:98:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:100:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:101:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:104:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:106:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:125:12: branch_false: following ‘false’ branch (when ‘p’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:130:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:104:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:106:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:109:9: danger: ‘etypes’ leaks here; was allocated at [(7)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/6)
#  107|           vno = entry.vno;
#  108|           match = krb5_principal_compare(context, entry.principal, client);
#  109|->         krb5_free_keytab_entry_contents(context, &entry);
#  110|   
#  111|           /* Filter out old or non-matching entries and invalid enctypes. */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def901]
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:112:42: warning[-Wanalyzer-malloc-leak]: leak of ‘etypes’
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:98:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:100:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:101:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:104:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:106:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:125:12: branch_false: following ‘false’ branch (when ‘p’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:130:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:104:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:106:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:112:42: danger: ‘etypes’ leaks here; was allocated at [(7)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/6)
#  110|   
#  111|           /* Filter out old or non-matching entries and invalid enctypes. */
#  112|->         if (vno < max_kvno || !match || !krb5_c_valid_enctype(etype))
#  113|               continue;
#  114|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def902]
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:161:13: warning[-Wanalyzer-malloc-leak]: leak of ‘save_list’
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:154:17: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:155:8: branch_false: following ‘false’ branch (when ‘save_list’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:160:17: branch_true: following ‘true’ branch (when ‘i < req_len’)...
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:161:53: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_keytab.c:161:13: danger: ‘save_list’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  159|       req_pos = save_pos = 0;
#  160|       for (i = 0; i < req_len; i++) {
#  161|->         if (k5_etypes_contains(keytab_list, req_list[i]))
#  162|               req_list[req_pos++] = req_list[i];
#  163|           else

Error: CPPCHECK_WARNING (CWE-476): [#def903]
krb5-1.21.3/src/lib/krb5/krb/gic_opt.c:470: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: opte
#  468|       opte = calloc(1, sizeof(*opte));
#  469|       if (opt == NULL)
#  470|->         opte->opt.flags = DEFAULT_FLAGS;
#  471|       else if (opt->flags & GIC_OPT_EXTENDED)
#  472|           *opte = *(struct extended_options *)opt;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def904]
krb5-1.21.3/src/lib/krb5/krb/gic_opt.c:472:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘opte’
krb5-1.21.3/src/lib/krb5/krb/gic_opt.c:468:12: acquire_memory: this call could return NULL
krb5-1.21.3/src/lib/krb5/krb/gic_opt.c:469:8: branch_false: following ‘false’ branch (when ‘opt’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/gic_opt.c:471:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_opt.c:471:13: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/gic_opt.c:472:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_opt.c:472:9: danger: ‘opte’ could be NULL: unchecked value from [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  470|           opte->opt.flags = DEFAULT_FLAGS;
#  471|       else if (opt->flags & GIC_OPT_EXTENDED)
#  472|->         *opte = *(struct extended_options *)opt;
#  473|       else
#  474|           opte->opt = *opt;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def905]
krb5-1.21.3/src/lib/krb5/krb/gic_opt.c:474:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘opte’
krb5-1.21.3/src/lib/krb5/krb/gic_opt.c:468:12: acquire_memory: this call could return NULL
krb5-1.21.3/src/lib/krb5/krb/gic_opt.c:469:8: branch_false: following ‘false’ branch (when ‘opt’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/gic_opt.c:471:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_opt.c:471:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/gic_opt.c:474:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/gic_opt.c:474:9: danger: ‘opte’ could be NULL: unchecked value from [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  472|           *opte = *(struct extended_options *)opt;
#  473|       else
#  474|->         opte->opt = *opt;
#  475|       opte->opt.flags |= GIC_OPT_SHALLOW_COPY;
#  476|       return (krb5_get_init_creds_opt *)opte;

Error: CPPCHECK_WARNING (CWE-476): [#def906]
krb5-1.21.3/src/lib/krb5/krb/gic_opt.c:475: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: opte
#  473|       else
#  474|           opte->opt = *opt;
#  475|->     opte->opt.flags |= GIC_OPT_SHALLOW_COPY;
#  476|       return (krb5_get_init_creds_opt *)opte;
#  477|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def907]
krb5-1.21.3/src/lib/krb5/krb/init_ctx.c:403:41: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
krb5-1.21.3/src/lib/krb5/krb/init_ctx.c:590:1: enter_function: entry to ‘krb5_is_permitted_enctype’
krb5-1.21.3/src/lib/krb5/krb/init_ctx.c:595:9: call_function: calling ‘krb5_get_permitted_enctypes’ from ‘krb5_is_permitted_enctype’
#  401|   
#  402|       /* Stop now if a previous allocation failed or the enctype is filtered. */
#  403|->     if (list == NULL || (!allow_weak && krb5int_c_weak_enctype(etype)))
#  404|           return;
#  405|       if (add) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def908]
krb5-1.21.3/src/lib/krb5/krb/init_ctx.c:479:20: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
krb5-1.21.3/src/lib/krb5/krb/init_ctx.c:590:1: enter_function: entry to ‘krb5_is_permitted_enctype’
krb5-1.21.3/src/lib/krb5/krb/init_ctx.c:595:9: call_function: calling ‘krb5_get_permitted_enctypes’ from ‘krb5_is_permitted_enctype’
#  477|               mod_list(ENCTYPE_CAMELLIA256_CTS_CMAC, sel, weak, &list);
#  478|               mod_list(ENCTYPE_CAMELLIA128_CTS_CMAC, sel, weak, &list);
#  479|->         } else if (krb5_string_to_enctype(token, &etype) == 0) {
#  480|               /* Set a specific enctype. */
#  481|               mod_list(etype, sel, weak, &list);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def909]
krb5-1.21.3/src/lib/krb5/krb/init_ctx.c:483:13: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
krb5-1.21.3/src/lib/krb5/krb/init_ctx.c:590:1: enter_function: entry to ‘krb5_is_permitted_enctype’
krb5-1.21.3/src/lib/krb5/krb/init_ctx.c:595:9: call_function: calling ‘krb5_get_permitted_enctypes’ from ‘krb5_is_permitted_enctype’
#  481|               mod_list(etype, sel, weak, &list);
#  482|           } else {
#  483|->             TRACE_ENCTYPE_LIST_UNKNOWN(context, profkey, token);
#  484|           }
#  485|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def910]
krb5-1.21.3/src/lib/krb5/krb/kdc_rep_dc.c:59:19: warning[-Wanalyzer-malloc-leak]: leak of ‘scratch.data’
krb5-1.21.3/src/lib/krb5/krb/kdc_rep_dc.c:44:8: branch_false: following ‘false’ branch (when ‘decryptarg’ is NULL)...
krb5-1.21.3/src/lib/krb5/krb/kdc_rep_dc.c:52:22: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/kdc_rep_dc.c:53:26: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/kdc_rep_dc.c:53:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/kdc_rep_dc.c:59:58: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/kdc_rep_dc.c:59:19: danger: ‘scratch.data’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   57|       /*dec_rep->enc_part.enctype;*/
#   58|   
#   59|->     if ((retval = krb5_c_decrypt(context, key, usage, 0, &dec_rep->enc_part,
#   60|                                    &scratch))) {
#   61|           free(scratch.data);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def911]
krb5-1.21.3/src/lib/krb5/krb/kerrs.c:53:5: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
krb5-1.21.3/src/lib/krb5/krb/kerrs.c:43:8: branch_false: following ‘false’ branch (when ‘ctx’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/kerrs.c:45:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/kerrs.c:45:5: acquire_resource: ‘va_start’ called here
krb5-1.21.3/src/lib/krb5/krb/kerrs.c:53:5: danger: missing call to ‘va_end’ to match ‘va_start’ at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   51|       }
#   52|   #endif
#   53|->     k5_vset_error(&ctx->err, code, fmt, args);
#   54|   #ifdef DEBUG
#   55|       if (ERROR_MESSAGE_DEBUG())

Error: GCC_ANALYZER_WARNING (CWE-401): [#def912]
krb5-1.21.3/src/lib/krb5/krb/libdef_parse.c:131:5: warning[-Wanalyzer-malloc-leak]: leak of ‘string’
krb5-1.21.3/src/lib/krb5/krb/libdef_parse.c:137:1: enter_function: entry to ‘krb5int_libdefault_boolean’
krb5-1.21.3/src/lib/krb5/krb/libdef_parse.c:143:14: call_function: calling ‘krb5int_libdefault_string’ from ‘krb5int_libdefault_boolean’
#  129|       }
#  130|   
#  131|->     profile_free_list(nameval);
#  132|   
#  133|       return retval;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def913]
krb5-1.21.3/src/lib/krb5/krb/libdef_parse.c:146:15: warning[-Wanalyzer-malloc-leak]: leak of ‘string’
krb5-1.21.3/src/lib/krb5/krb/libdef_parse.c:137:1: enter_function: entry to ‘krb5int_libdefault_boolean’
krb5-1.21.3/src/lib/krb5/krb/libdef_parse.c:143:14: call_function: calling ‘krb5int_libdefault_string’ from ‘krb5int_libdefault_boolean’
krb5-1.21.3/src/lib/krb5/krb/libdef_parse.c:143:14: return_function: returning to ‘krb5int_libdefault_boolean’ from ‘krb5int_libdefault_string’
krb5-1.21.3/src/lib/krb5/krb/libdef_parse.c:145:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/libdef_parse.c:146:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/libdef_parse.c:146:15: danger: ‘string’ leaks here; was allocated at [(15)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/14)
#  144|   
#  145|       if (retval)
#  146|->         return(retval);
#  147|   
#  148|       *ret_value = _krb5_conf_boolean(string);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def914]
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:47:11: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:215:1: enter_function: entry to ‘krb5_mk_1cred’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:222:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:223:8: branch_false: following ‘false’ branch (when ‘list’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:226:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:228:14: call_function: calling ‘krb5_mk_ncred’ from ‘krb5_mk_1cred’
#   45|   
#   46|       /* Start by encoding to-be-encrypted part of the message. */
#   47|->     ret = encode_krb5_enc_cred_part(encpart, &der_enccred);
#   48|       if (ret)
#   49|           return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def915]
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:47:11: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:154:1: enter_function: entry to ‘krb5_mk_ncred’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:170:8: branch_false: following ‘false’ branch (when ‘creds’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:173:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:174:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:177:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:185:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:188:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:189:11: call_function: calling ‘create_krbcred’ from ‘krb5_mk_ncred’
#   45|   
#   46|       /* Start by encoding to-be-encrypted part of the message. */
#   47|->     ret = encode_krb5_enc_cred_part(encpart, &der_enccred);
#   48|       if (ret)
#   49|           return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def916]
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:59:11: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:215:1: enter_function: entry to ‘krb5_mk_1cred’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:222:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:223:8: branch_false: following ‘false’ branch (when ‘list’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:226:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:228:14: call_function: calling ‘krb5_mk_ncred’ from ‘krb5_mk_1cred’
#   57|       }
#   58|   
#   59|->     ret = k5_encrypt_keyhelper(context, key, KRB5_KEYUSAGE_KRB_CRED_ENCPART,
#   60|                                  der_enccred, encdata_out);
#   61|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def917]
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:59:11: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:154:1: enter_function: entry to ‘krb5_mk_ncred’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:170:8: branch_false: following ‘false’ branch (when ‘creds’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:173:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:174:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:177:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:185:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:188:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:189:11: call_function: calling ‘create_krbcred’ from ‘krb5_mk_ncred’
#   57|       }
#   58|   
#   59|->     ret = k5_encrypt_keyhelper(context, key, KRB5_KEYUSAGE_KRB_CRED_ENCPART,
#   60|                                  der_enccred, encdata_out);
#   61|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def918]
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:108:15: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:215:1: enter_function: entry to ‘krb5_mk_1cred’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:222:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:223:8: branch_false: following ‘false’ branch (when ‘list’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:226:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:228:14: call_function: calling ‘krb5_mk_ncred’ from ‘krb5_mk_1cred’
#  106|        * info structure using alias pointers. */
#  107|       for (i = 0; i < ncreds; i++) {
#  108|->         ret = decode_krb5_ticket(&creds[i]->ticket, &tickets[i]);
#  109|           if (ret)
#  110|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def919]
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:108:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:74:1: enter_function: entry to ‘create_krbcred’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:93:15: call_function: inlined call to ‘k5calloc’ from ‘create_krbcred’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:97:19: call_function: inlined call to ‘k5calloc’ from ‘create_krbcred’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:101:14: call_function: inlined call to ‘k5calloc’ from ‘create_krbcred’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:107:17: branch_true: following ‘true’ branch (when ‘i < ncreds’)...
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:108:61: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:108:15: danger: ‘ptr’ leaks here; was allocated at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
#  106|        * info structure using alias pointers. */
#  107|       for (i = 0; i < ncreds; i++) {
#  108|->         ret = decode_krb5_ticket(&creds[i]->ticket, &tickets[i]);
#  109|           if (ret)
#  110|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def920]
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:113:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:215:1: enter_function: entry to ‘krb5_mk_1cred’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:223:8: branch_false: following ‘false’ branch (when ‘list’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:226:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:228:14: call_function: calling ‘krb5_mk_ncred’ from ‘krb5_mk_1cred’
#  111|   
#  112|           tinfos[i].magic = KV5M_CRED_INFO;
#  113|->         tinfos[i].times = creds[i]->times;
#  114|           tinfos[i].flags = creds[i]->ticket_flags;
#  115|           tinfos[i].session = &creds[i]->keyblock;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def921]
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:138:11: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:215:1: enter_function: entry to ‘krb5_mk_1cred’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:223:8: branch_false: following ‘false’ branch (when ‘list’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:226:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:228:14: call_function: calling ‘krb5_mk_ncred’ from ‘krb5_mk_1cred’
#  136|       cred.tickets = tickets;
#  137|       cred.enc_part = enc;
#  138|->     ret = encode_krb5_cred(&cred, der_out);
#  139|       if (ret)
#  140|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def922]
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:146:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:154:1: enter_function: entry to ‘krb5_mk_ncred’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:170:8: branch_false: following ‘false’ branch (when ‘creds’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:173:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:174:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:177:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:185:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:188:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:189:11: call_function: calling ‘create_krbcred’ from ‘krb5_mk_ncred’
#  144|   
#  145|   cleanup:
#  146|->     krb5_free_tickets(context, tickets);
#  147|       krb5_free_data_contents(context, &enc.ciphertext);
#  148|       free(tinfos);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def923]
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:147:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:154:1: enter_function: entry to ‘krb5_mk_ncred’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:170:8: branch_false: following ‘false’ branch (when ‘creds’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:173:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:174:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:177:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:185:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:188:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:189:11: call_function: calling ‘create_krbcred’ from ‘krb5_mk_ncred’
#  145|   cleanup:
#  146|       krb5_free_tickets(context, tickets);
#  147|->     krb5_free_data_contents(context, &enc.ciphertext);
#  148|       free(tinfos);
#  149|       free(ticket_info);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def924]
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:173:11: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:215:1: enter_function: entry to ‘krb5_mk_1cred’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:222:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:223:8: branch_false: following ‘false’ branch (when ‘list’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:226:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:228:14: call_function: calling ‘krb5_mk_ncred’ from ‘krb5_mk_1cred’
#  171|           return KRB5KRB_AP_ERR_BADADDR;
#  172|   
#  173|->     ret = k5_privsafe_gen_rdata(context, authcon, &rdata, rdata_out);
#  174|       if (ret)
#  175|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def925]
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:178:15: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:215:1: enter_function: entry to ‘krb5_mk_1cred’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:222:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:223:8: branch_false: following ‘false’ branch (when ‘list’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:226:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:228:14: call_function: calling ‘krb5_mk_ncred’ from ‘krb5_mk_1cred’
#  176|       /* Historically we always set the timestamp, so keep doing that. */
#  177|       if (rdata.timestamp == 0) {
#  178|->         ret = krb5_us_timeofday(context, &rdata.timestamp, &rdata.usec);
#  179|           if (ret)
#  180|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def926]
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:183:11: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:215:1: enter_function: entry to ‘krb5_mk_1cred’
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:222:12: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:223:8: branch_false: following ‘false’ branch (when ‘list’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:226:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_cred.c:228:14: call_function: calling ‘krb5_mk_ncred’ from ‘krb5_mk_1cred’
#  181|       }
#  182|   
#  183|->     ret = k5_privsafe_gen_addrs(context, authcon, &lstorage, &rstorage,
#  184|                                   &local_addr, &remote_addr);
#  185|       if (ret)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def927]
krb5-1.21.3/src/lib/krb5/krb/mk_priv.c:81:11: warning[-Wanalyzer-malloc-leak]: leak of ‘privmsg.enc_part.ciphertext.data’
krb5-1.21.3/src/lib/krb5/krb/mk_priv.c:44:1: enter_function: entry to ‘create_krbpriv’
krb5-1.21.3/src/lib/krb5/krb/mk_priv.c:68:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/mk_priv.c:72:62: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_priv.c:74:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/mk_priv.c:77:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_priv.c:77:11: call_function: calling ‘alloc_data’ from ‘create_krbpriv’
krb5-1.21.3/src/lib/krb5/krb/mk_priv.c:77:11: return_function: returning to ‘create_krbpriv’ from ‘alloc_data’
krb5-1.21.3/src/lib/krb5/krb/mk_priv.c:78:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/mk_priv.c:81:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_priv.c:81:11: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/mk_priv.c:81:11: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/mk_priv.c:81:11: danger: ‘privmsg.enc_part.ciphertext.data’ leaks here; was allocated at [(8)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/7)
#   79|           goto cleanup;
#   80|   
#   81|->     ret = krb5_k_encrypt(context, key, KRB5_KEYUSAGE_KRB_PRIV_ENCPART,
#   82|                            (cstate->length > 0) ? cstate : NULL, der_encpart,
#   83|                            &privmsg.enc_part);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def928]
krb5-1.21.3/src/lib/krb5/krb/pac.c:68:8: warning[-Wanalyzer-malloc-leak]: leak of ‘nbufs’
krb5-1.21.3/src/lib/krb5/krb/pac.c:1088:1: enter_function: entry to ‘mspac_set_attribute’
krb5-1.21.3/src/lib/krb5/krb/pac.c:1097:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/pac.c:1100:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/pac.c:1100:11: call_function: calling ‘mspac_attr2type’ from ‘mspac_set_attribute’
krb5-1.21.3/src/lib/krb5/krb/pac.c:1100:11: return_function: returning to ‘mspac_set_attribute’ from ‘mspac_attr2type’
krb5-1.21.3/src/lib/krb5/krb/pac.c:1101:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/pac.c:1105:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/pac.c:1105:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/pac.c:1115:44: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/pac.c:1115:15: call_function: calling ‘krb5_pac_add_buffer’ from ‘mspac_set_attribute’
#   66|                       pac->data.length + PAC_INFO_BUFFER_LENGTH +
#   67|                       data->length + pad);
#   68|->     if (ndata == NULL)
#   69|           return ENOMEM;
#   70|       pac->data.data = ndata;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def929]
krb5-1.21.3/src/lib/krb5/krb/pac.c:246:11: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/pac.c:1262:1: enter_function: entry to ‘mspac_copy’
krb5-1.21.3/src/lib/krb5/krb/pac.c:1270:5: branch_true: following ‘true’ branch (when ‘dst_request_context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/pac.c:1271:5: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/pac.c:1271:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/pac.c:1273:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/pac.c:1273:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/pac.c:1274:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/pac.c:1274:15: call_function: calling ‘copy_pac’ from ‘mspac_copy’
#  244|           goto fail;
#  245|   
#  246|->     ret = krb5int_copy_data_contents(context, &src->data, &pac->data);
#  247|       if (ret)
#  248|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def930]
krb5-1.21.3/src/lib/krb5/krb/pac.c:246:11: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/pac.c:1262:1: enter_function: entry to ‘mspac_copy’
krb5-1.21.3/src/lib/krb5/krb/pac.c:1270:5: branch_true: following ‘true’ branch (when ‘dst_request_context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/pac.c:1271:5: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/pac.c:1271:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/pac.c:1273:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/pac.c:1273:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/pac.c:1274:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/pac.c:1274:15: call_function: calling ‘copy_pac’ from ‘mspac_copy’
#  244|           goto fail;
#  245|   
#  246|->     ret = krb5int_copy_data_contents(context, &src->data, &pac->data);
#  247|       if (ret)
#  248|           goto fail;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def931]
krb5-1.21.3/src/lib/krb5/krb/parse.c:119:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/parse.c:234:1: enter_function: entry to ‘krb5_parse_name’
krb5-1.21.3/src/lib/krb5/krb/parse.c:237:12: call_function: calling ‘krb5_parse_name_flags’ from ‘krb5_parse_name’
#  117|       princ = NULL;
#  118|   cleanup:
#  119|->     krb5_free_principal(context, princ);
#  120|       return ret;
#  121|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def932]
krb5-1.21.3/src/lib/krb5/krb/plugin.c:117:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/plugin.c:481:1: enter_function: entry to ‘k5_plugin_register_dyn’
krb5-1.21.3/src/lib/krb5/krb/plugin.c:489:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/plugin.c:492:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/plugin.c:492:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/plugin.c:494:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/plugin.c:496:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
krb5-1.21.3/src/lib/krb5/krb/plugin.c:498:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/plugin.c:498:11: call_function: calling ‘register_module’ from ‘k5_plugin_register_dyn’
#  115|           goto oom;
#  116|       if (path != NULL) {
#  117|->         if (k5_path_join(context->plugin_base_dir, path, &map->dyn_path))
#  118|               goto oom;
#  119|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def933]
krb5-1.21.3/src/lib/krb5/krb/plugin.c:117:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/plugin.c:481:1: enter_function: entry to ‘k5_plugin_register_dyn’
krb5-1.21.3/src/lib/krb5/krb/plugin.c:489:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/plugin.c:492:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/plugin.c:492:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/plugin.c:494:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/plugin.c:496:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
krb5-1.21.3/src/lib/krb5/krb/plugin.c:498:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/plugin.c:498:11: call_function: calling ‘register_module’ from ‘k5_plugin_register_dyn’
#  115|           goto oom;
#  116|       if (path != NULL) {
#  117|->         if (k5_path_join(context->plugin_base_dir, path, &map->dyn_path))
#  118|               goto oom;
#  119|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def934]
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:72:13: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1037:1: enter_function: entry to ‘krb5_preauth_supply_preauth_data’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1045:8: branch_true: following ‘true’ branch (when ‘pctx’ is NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1046:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1046:9: call_function: calling ‘k5_init_preauth_context’ from ‘krb5_preauth_supply_preauth_data’
#   70|           h = *hp;
#   71|           if (h->vt.fini != NULL)
#   72|->             h->vt.fini(context, h->data);
#   73|           free(h);
#   74|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def935]
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:166:13: warning[-Wanalyzer-malloc-leak]: leak of ‘h’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1037:1: enter_function: entry to ‘krb5_preauth_supply_preauth_data’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1045:8: branch_true: following ‘true’ branch (when ‘pctx’ is NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1046:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1046:9: call_function: calling ‘k5_init_preauth_context’ from ‘krb5_preauth_supply_preauth_data’
#  164|   
#  165|           /* Initialize the handle vtable. */
#  166|->         if ((*mod)(context, 1, 1, (krb5_plugin_vtable)&h->vt) != 0) {
#  167|               free(h);
#  168|               continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def936]
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:166:13: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1037:1: enter_function: entry to ‘krb5_preauth_supply_preauth_data’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1045:8: branch_true: following ‘true’ branch (when ‘pctx’ is NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1046:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1046:9: call_function: calling ‘k5_init_preauth_context’ from ‘krb5_preauth_supply_preauth_data’
#  164|   
#  165|           /* Initialize the handle vtable. */
#  166|->         if ((*mod)(context, 1, 1, (krb5_plugin_vtable)&h->vt) != 0) {
#  167|               free(h);
#  168|               continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def937]
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:175:17: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1037:1: enter_function: entry to ‘krb5_preauth_supply_preauth_data’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1045:8: branch_true: following ‘true’ branch (when ‘pctx’ is NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1046:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1046:9: call_function: calling ‘k5_init_preauth_context’ from ‘krb5_preauth_supply_preauth_data’
#  173|               i = search_module_list(list, *tp);
#  174|               if (i != -1) {
#  175|->                 TRACE_PREAUTH_CONFLICT(context, h->vt.name, list[i]->vt.name,
#  176|                                          *tp);
#  177|                   break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def938]
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:185:35: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1037:1: enter_function: entry to ‘krb5_preauth_supply_preauth_data’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1045:8: branch_true: following ‘true’ branch (when ‘pctx’ is NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1046:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1046:9: call_function: calling ‘k5_init_preauth_context’ from ‘krb5_preauth_supply_preauth_data’
#  183|           /* Initialize the module data. */
#  184|           h->data = NULL;
#  185|->         if (h->vt.init != NULL && h->vt.init(context, &h->data) != 0) {
#  186|               free(h);
#  187|               continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def939]
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:202:5: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1037:1: enter_function: entry to ‘krb5_preauth_supply_preauth_data’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1045:8: branch_true: following ‘true’ branch (when ‘pctx’ is NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1046:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:1046:9: call_function: calling ‘k5_init_preauth_context’ from ‘krb5_preauth_supply_preauth_data’
#  200|   
#  201|   cleanup:
#  202|->     k5_plugin_free_modules(context, modules);
#  203|       free_handles(context, list);
#  204|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def940]
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:273:13: warning[-Wanalyzer-malloc-leak]: leak of ‘*reqctx.modreqs + i * 8’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:250:8: branch_false: following ‘false’ branch (when ‘pctx’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:257:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:258:8: branch_false: following ‘false’ branch (when ‘reqctx’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:260:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:265:23: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:266:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:270:17: branch_true: following ‘true’ branch (when ‘count > i’)...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:271:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:272:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:273:51: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:273:13: danger: ‘*reqctx.modreqs + i * 8’ leaks here; was allocated at [(5)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/4)
#  271|           h = pctx->handles[i];
#  272|           if (h->vt.request_init != NULL)
#  273|->             h->vt.request_init(context, h->data, &reqctx->modreqs[i]);
#  274|       }
#  275|       ctx->preauth_reqctx = reqctx;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def941]
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:273:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:250:8: branch_false: following ‘false’ branch (when ‘pctx’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:257:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:258:8: branch_false: following ‘false’ branch (when ‘reqctx’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:260:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:265:23: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:266:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:270:17: branch_true: following ‘true’ branch (when ‘count > i’)...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:271:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:272:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:270:28: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:270:17: branch_true: following ‘true’ branch (when ‘count > i’)...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:271:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:272:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:273:51: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:273:13: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/4)
#  271|           h = pctx->handles[i];
#  272|           if (h->vt.request_init != NULL)
#  273|->             h->vt.request_init(context, h->data, &reqctx->modreqs[i]);
#  274|       }
#  275|       ctx->preauth_reqctx = reqctx;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def942]
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:273:13: warning[-Wanalyzer-malloc-leak]: leak of ‘reqctx’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:250:8: branch_false: following ‘false’ branch (when ‘pctx’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:257:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:257:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:258:8: branch_false: following ‘false’ branch (when ‘reqctx’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:260:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:266:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:270:17: branch_true: following ‘true’ branch (when ‘count > i’)...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:271:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:272:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:273:51: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:273:13: danger: ‘reqctx’ leaks here; was allocated at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
#  271|           h = pctx->handles[i];
#  272|           if (h->vt.request_init != NULL)
#  273|->             h->vt.request_init(context, h->data, &reqctx->modreqs[i]);
#  274|       }
#  275|       ctx->preauth_reqctx = reqctx;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def943]
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:866:16: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:893:1: enter_function: entry to ‘k5_preauth_tryagain’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:907:9: call_function: calling ‘find_module’ from ‘k5_preauth_tryagain’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:907:9: return_function: returning to ‘k5_preauth_tryagain’ from ‘find_module’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:908:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:910:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:911:11: call_function: inlined call to ‘clpreauth_tryagain’ from ‘k5_preauth_tryagain’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:918:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:918:17: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:918:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:925:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:926:11: call_function: calling ‘copy_cookie’ from ‘k5_preauth_tryagain’
#  864|       cookie = krb5int_find_pa_data(context, in_padata, KRB5_PADATA_FX_COOKIE);
#  865|       if (cookie == NULL)
#  866|->         return 0;
#  867|       TRACE_PREAUTH_COOKIE(context, cookie->length, cookie->contents);
#  868|       pa = k5alloc(sizeof(*pa), &ret);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def944]
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:932:5: warning[-Wanalyzer-malloc-leak]: leak of ‘mod_pa’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:893:1: enter_function: entry to ‘k5_preauth_tryagain’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:907:9: call_function: calling ‘find_module’ from ‘k5_preauth_tryagain’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:907:9: return_function: returning to ‘k5_preauth_tryagain’ from ‘find_module’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:908:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:910:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:911:11: call_function: inlined call to ‘clpreauth_tryagain’ from ‘k5_preauth_tryagain’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:918:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:918:17: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:918:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:925:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:926:11: call_function: calling ‘copy_cookie’ from ‘k5_preauth_tryagain’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:926:11: return_function: returning to ‘k5_preauth_tryagain’ from ‘copy_cookie’
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:927:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:932:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:932:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:932:5: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth2.c:932:5: danger: ‘mod_pa’ leaks here; was allocated at [(43)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/42)
#  930|       }
#  931|   
#  932|->     TRACE_PREAUTH_TRYAGAIN_OUTPUT(context, mod_pa);
#  933|       *padata_out = mod_pa;
#  934|       return 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def945]
krb5-1.21.3/src/lib/krb5/krb/preauth_ec.c:82:22: warning[-Wanalyzer-malloc-leak]: leak of ‘scratch.data’
krb5-1.21.3/src/lib/krb5/krb/preauth_ec.c:61:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_ec.c:63:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_ec.c:64:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_ec.c:72:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_ec.c:73:22: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_ec.c:75:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_ec.c:76:38: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_ec.c:76:28: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_ec.c:78:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_ec.c:81:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_ec.c:81:12: branch_true: following ‘true’ branch (when ‘retval == 0’)...
krb5-1.21.3/src/lib/krb5/krb/preauth_ec.c:82:22: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_ec.c:82:22: danger: ‘scratch.data’ leaks here; was allocated at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#   80|           }
#   81|           if (retval == 0)
#   82|->             retval = krb5_c_decrypt(context, challenge_key,
#   83|                                       KRB5_KEYUSAGE_ENC_CHALLENGE_KDC, NULL,
#   84|                                       enc, &scratch);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def946]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:63:11: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:315:1: enter_function: entry to ‘codec_decode_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: call_function: calling ‘codec_value_to_string’ from ‘codec_decode_challenge’
#   61|       char *str;
#   62|   
#   63|->     val = k5_json_object_get(obj, key);
#   64|       if (val == NULL)
#   65|           return ENOENT;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def947]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:63:11: warning[-Wanalyzer-malloc-leak]: leak of ‘chl’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:315:1: enter_function: entry to ‘codec_decode_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: call_function: calling ‘codec_value_to_string’ from ‘codec_decode_challenge’
#   61|       char *str;
#   62|   
#   63|->     val = k5_json_object_get(obj, key);
#   64|       if (val == NULL)
#   65|           return ENOENT;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def948]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:63:11: warning[-Wanalyzer-malloc-leak]: leak of ‘ti’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:315:1: enter_function: entry to ‘codec_decode_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:346:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:349:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:350:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:351:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:29: call_function: calling ‘codec_decode_tokeninfo’ from ‘codec_decode_challenge’
#   61|       char *str;
#   62|   
#   63|->     val = k5_json_object_get(obj, key);
#   64|       if (val == NULL)
#   65|           return ENOENT;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def949]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:63:11: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp.data’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:375:1: enter_function: entry to ‘codec_decode_answer’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:384:8: branch_false: following ‘false’ branch (when ‘answer’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:387:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:388:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:391:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:391:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:394:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:395:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:398:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:399:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:399:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:400:22: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:400:22: call_function: calling ‘codec_value_to_data’ from ‘codec_decode_answer’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:400:22: return_function: returning to ‘codec_decode_answer’ from ‘codec_value_to_data’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:401:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:404:22: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:404:22: call_function: calling ‘codec_value_to_data’ from ‘codec_decode_answer’
#   61|       char *str;
#   62|   
#   63|->     val = k5_json_object_get(obj, key);
#   64|       if (val == NULL)
#   65|           return ENOENT;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def950]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:67:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:315:1: enter_function: entry to ‘codec_decode_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: call_function: calling ‘codec_value_to_string’ from ‘codec_decode_challenge’
#   65|           return ENOENT;
#   66|   
#   67|->     if (k5_json_get_tid(val) != K5_JSON_TID_STRING)
#   68|           return EINVAL;
#   69|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def951]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:67:9: warning[-Wanalyzer-malloc-leak]: leak of ‘chl’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:315:1: enter_function: entry to ‘codec_decode_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: call_function: calling ‘codec_value_to_string’ from ‘codec_decode_challenge’
#   65|           return ENOENT;
#   66|   
#   67|->     if (k5_json_get_tid(val) != K5_JSON_TID_STRING)
#   68|           return EINVAL;
#   69|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def952]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:67:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ti’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:315:1: enter_function: entry to ‘codec_decode_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:346:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:349:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:350:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:351:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:29: call_function: calling ‘codec_decode_tokeninfo’ from ‘codec_decode_challenge’
#   65|           return ENOENT;
#   66|   
#   67|->     if (k5_json_get_tid(val) != K5_JSON_TID_STRING)
#   68|           return EINVAL;
#   69|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def953]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:67:9: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp.data’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:375:1: enter_function: entry to ‘codec_decode_answer’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:384:8: branch_false: following ‘false’ branch (when ‘answer’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:387:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:388:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:391:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:391:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:394:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:395:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:398:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:399:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:399:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:400:22: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:400:22: call_function: calling ‘codec_value_to_data’ from ‘codec_decode_answer’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:400:22: return_function: returning to ‘codec_decode_answer’ from ‘codec_value_to_data’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:401:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:404:22: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:404:22: call_function: calling ‘codec_value_to_data’ from ‘codec_decode_answer’
#   65|           return ENOENT;
#   66|   
#   67|->     if (k5_json_get_tid(val) != K5_JSON_TID_STRING)
#   68|           return EINVAL;
#   69|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def954]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:70:11: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:315:1: enter_function: entry to ‘codec_decode_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: call_function: calling ‘codec_value_to_string’ from ‘codec_decode_challenge’
#   68|           return EINVAL;
#   69|   
#   70|->     str = strdup(k5_json_string_utf8(val));
#   71|       if (str == NULL)
#   72|           return ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def955]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:70:11: warning[-Wanalyzer-malloc-leak]: leak of ‘chl’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:315:1: enter_function: entry to ‘codec_decode_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: call_function: calling ‘codec_value_to_string’ from ‘codec_decode_challenge’
#   68|           return EINVAL;
#   69|   
#   70|->     str = strdup(k5_json_string_utf8(val));
#   71|       if (str == NULL)
#   72|           return ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def956]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:70:11: warning[-Wanalyzer-malloc-leak]: leak of ‘ti’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:315:1: enter_function: entry to ‘codec_decode_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:346:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:349:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:350:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:351:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:29: call_function: calling ‘codec_decode_tokeninfo’ from ‘codec_decode_challenge’
#   68|           return EINVAL;
#   69|   
#   70|->     str = strdup(k5_json_string_utf8(val));
#   71|       if (str == NULL)
#   72|           return ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def957]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:70:11: warning[-Wanalyzer-malloc-leak]: leak of ‘tmp.data’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:375:1: enter_function: entry to ‘codec_decode_answer’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:384:8: branch_false: following ‘false’ branch (when ‘answer’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:387:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:388:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:391:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:391:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:394:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:395:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:398:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:399:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:399:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:400:22: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:400:22: call_function: calling ‘codec_value_to_data’ from ‘codec_decode_answer’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:400:22: return_function: returning to ‘codec_decode_answer’ from ‘codec_value_to_data’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:401:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:404:22: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:404:22: call_function: calling ‘codec_value_to_data’ from ‘codec_decode_answer’
#   68|           return EINVAL;
#   69|   
#   70|->     str = strdup(k5_json_string_utf8(val));
#   71|       if (str == NULL)
#   72|           return ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def958]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:118:11: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:315:1: enter_function: entry to ‘codec_decode_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:346:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:349:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:350:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:351:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:29: call_function: calling ‘codec_decode_tokeninfo’ from ‘codec_decode_challenge’
#  116|       k5_json_value val;
#  117|   
#  118|->     val = k5_json_object_get(obj, key);
#  119|       if (val == NULL)
#  120|           return ENOENT;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def959]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:118:11: warning[-Wanalyzer-malloc-leak]: leak of ‘chl’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:315:1: enter_function: entry to ‘codec_decode_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:346:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:349:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:350:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:351:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:29: call_function: calling ‘codec_decode_tokeninfo’ from ‘codec_decode_challenge’
#  116|       k5_json_value val;
#  117|   
#  118|->     val = k5_json_object_get(obj, key);
#  119|       if (val == NULL)
#  120|           return ENOENT;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def960]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:118:11: warning[-Wanalyzer-malloc-leak]: leak of ‘ti’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:315:1: enter_function: entry to ‘codec_decode_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:346:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:349:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:350:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:351:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:29: call_function: calling ‘codec_decode_tokeninfo’ from ‘codec_decode_challenge’
#  116|       k5_json_value val;
#  117|   
#  118|->     val = k5_json_object_get(obj, key);
#  119|       if (val == NULL)
#  120|           return ENOENT;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def961]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:122:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:315:1: enter_function: entry to ‘codec_decode_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:346:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:349:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:350:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:351:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:29: call_function: calling ‘codec_decode_tokeninfo’ from ‘codec_decode_challenge’
#  120|           return ENOENT;
#  121|   
#  122|->     if (k5_json_get_tid(val) != K5_JSON_TID_NUMBER)
#  123|           return EINVAL;
#  124|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def962]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:122:9: warning[-Wanalyzer-malloc-leak]: leak of ‘chl’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:315:1: enter_function: entry to ‘codec_decode_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:346:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:349:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:350:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:351:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:29: call_function: calling ‘codec_decode_tokeninfo’ from ‘codec_decode_challenge’
#  120|           return ENOENT;
#  121|   
#  122|->     if (k5_json_get_tid(val) != K5_JSON_TID_NUMBER)
#  123|           return EINVAL;
#  124|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def963]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:122:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ti’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:315:1: enter_function: entry to ‘codec_decode_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:346:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:349:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:350:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:351:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:29: call_function: calling ‘codec_decode_tokeninfo’ from ‘codec_decode_challenge’
#  120|           return ENOENT;
#  121|   
#  122|->     if (k5_json_get_tid(val) != K5_JSON_TID_NUMBER)
#  123|           return EINVAL;
#  124|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def964]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:125:14: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:315:1: enter_function: entry to ‘codec_decode_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:346:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:349:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:350:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:351:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:29: call_function: calling ‘codec_decode_tokeninfo’ from ‘codec_decode_challenge’
#  123|           return EINVAL;
#  124|   
#  125|->     *int32 = k5_json_number_value(val);
#  126|       return 0;
#  127|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def965]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:125:14: warning[-Wanalyzer-malloc-leak]: leak of ‘chl’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:315:1: enter_function: entry to ‘codec_decode_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:346:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:349:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:350:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:351:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:29: call_function: calling ‘codec_decode_tokeninfo’ from ‘codec_decode_challenge’
#  123|           return EINVAL;
#  124|   
#  125|->     *int32 = k5_json_number_value(val);
#  126|       return 0;
#  127|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def966]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:125:14: warning[-Wanalyzer-malloc-leak]: leak of ‘ti’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:315:1: enter_function: entry to ‘codec_decode_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:346:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:349:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:350:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:351:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:354:29: call_function: calling ‘codec_decode_tokeninfo’ from ‘codec_decode_challenge’
#  123|           return EINVAL;
#  124|   
#  125|->     *int32 = k5_json_number_value(val);
#  126|       return 0;
#  127|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def967]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: warning[-Wanalyzer-malloc-leak]: leak of ‘chl’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: danger: ‘chl’ leaks here; was allocated at [(9)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/8)
#  338|           goto error;
#  339|   
#  340|->     chl->tokeninfo = calloc(k5_json_array_length(arr) + 1,
#  341|                               sizeof(krb5_responder_otp_tokeninfo*));
#  342|       if (chl->tokeninfo == NULL)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def968]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:349:21: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:346:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:349:21: danger: ‘<unknown>’ leaks here; was allocated at [(11)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/10)
#  347|           goto error;
#  348|   
#  349|->     for (i = 0; i < k5_json_array_length(arr); i++) {
#  350|           tmp = k5_json_array_get(arr, i);
#  351|           if (k5_json_get_tid(tmp) != K5_JSON_TID_OBJECT)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def969]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:349:21: warning[-Wanalyzer-malloc-leak]: leak of ‘chl’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:346:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:349:21: danger: ‘chl’ leaks here; was allocated at [(9)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/8)
#  347|           goto error;
#  348|   
#  349|->     for (i = 0; i < k5_json_array_length(arr); i++) {
#  350|           tmp = k5_json_array_get(arr, i);
#  351|           if (k5_json_get_tid(tmp) != K5_JSON_TID_OBJECT)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def970]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:350:15: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:346:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:349:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:350:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:350:15: danger: ‘<unknown>’ leaks here; was allocated at [(11)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/10)
#  348|   
#  349|       for (i = 0; i < k5_json_array_length(arr); i++) {
#  350|->         tmp = k5_json_array_get(arr, i);
#  351|           if (k5_json_get_tid(tmp) != K5_JSON_TID_OBJECT)
#  352|               goto error;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def971]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:350:15: warning[-Wanalyzer-malloc-leak]: leak of ‘chl’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:346:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:349:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:350:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:350:15: danger: ‘chl’ leaks here; was allocated at [(9)](sarif:/runs/0/results/25/codeFlows/0/threadFlows/0/locations/8)
#  348|   
#  349|       for (i = 0; i < k5_json_array_length(arr); i++) {
#  350|->         tmp = k5_json_array_get(arr, i);
#  351|           if (k5_json_get_tid(tmp) != K5_JSON_TID_OBJECT)
#  352|               goto error;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def972]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:351:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:346:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:349:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:350:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:351:13: danger: ‘<unknown>’ leaks here; was allocated at [(11)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/10)
#  349|       for (i = 0; i < k5_json_array_length(arr); i++) {
#  350|           tmp = k5_json_array_get(arr, i);
#  351|->         if (k5_json_get_tid(tmp) != K5_JSON_TID_OBJECT)
#  352|               goto error;
#  353|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def973]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:351:13: warning[-Wanalyzer-malloc-leak]: leak of ‘chl’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:323:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:326:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:329:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:330:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:333:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:336:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:337:8: branch_false: following ‘false’ branch (when ‘chl’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:340:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:342:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:345:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:346:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:349:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:350:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:351:13: danger: ‘chl’ leaks here; was allocated at [(9)](sarif:/runs/0/results/27/codeFlows/0/threadFlows/0/locations/8)
#  349|       for (i = 0; i < k5_json_array_length(arr); i++) {
#  350|           tmp = k5_json_array_get(arr, i);
#  351|->         if (k5_json_get_tid(tmp) != K5_JSON_TID_OBJECT)
#  352|               goto error;
#  353|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def974]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:359:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:1171:1: enter_function: entry to ‘krb5_responder_otp_get_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:1180:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:1185:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:1185:17: call_function: calling ‘codec_decode_challenge’ from ‘krb5_responder_otp_get_challenge’
#  357|       }
#  358|   
#  359|->     k5_json_release(obj);
#  360|       return chl;
#  361|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def975]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:359:5: warning[-Wanalyzer-malloc-leak]: leak of ‘chl’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:1171:1: enter_function: entry to ‘krb5_responder_otp_get_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:1180:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:1185:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:1185:17: call_function: calling ‘codec_decode_challenge’ from ‘krb5_responder_otp_get_challenge’
#  357|       }
#  358|   
#  359|->     k5_json_release(obj);
#  360|       return chl;
#  361|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def976]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:367:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:1171:1: enter_function: entry to ‘krb5_responder_otp_get_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:1180:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:1185:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:1185:17: call_function: calling ‘codec_decode_challenge’ from ‘krb5_responder_otp_get_challenge’
#  365|               free_tokeninfo(chl->tokeninfo[i]);
#  366|           free(chl->tokeninfo);
#  367|->         free(chl);
#  368|       }
#  369|       k5_json_release(obj);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def977]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:410:13: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘tmp’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:375:1: enter_function: entry to ‘codec_decode_answer’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:384:8: branch_false: following ‘false’ branch (when ‘answer’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:387:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:388:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:391:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:391:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:394:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:395:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:398:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:399:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:399:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:400:22: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:400:22: call_function: calling ‘codec_value_to_data’ from ‘codec_decode_answer’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:400:22: return_function: returning to ‘codec_decode_answer’ from ‘codec_value_to_data’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:401:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:404:22: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:404:22: call_function: calling ‘codec_value_to_data’ from ‘codec_decode_answer’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:404:22: return_function: returning to ‘codec_decode_answer’ from ‘codec_value_to_data’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:405:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:410:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:410:13: danger: use of uninitialized value ‘tmp’ here
#  408|               }
#  409|   
#  410|->             *value = tmp;
#  411|               *ti = tis[i];
#  412|               retval = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def978]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:463:18: warning[-Wanalyzer-malloc-leak]: leak of ‘filtered’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:683:1: enter_function: entry to ‘filter_tokeninfos’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:694:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:695:8: branch_false: following ‘false’ branch (when ‘filtered’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:699:24: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:700:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:700:13: call_function: calling ‘otpvalue_matches_tokeninfo’ from ‘filter_tokeninfos’
#  461|       if (ti->format >= 0 && ti->format < 3) {
#  462|           while (*otpvalue) {
#  463|->             if (!(*table[ti->format])((unsigned char)*otpvalue++))
#  464|                   return 0;
#  465|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def979]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:627:14: warning[-Wanalyzer-malloc-leak]: leak of ‘req’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:615:8: branch_false: following ‘false’ branch (when ‘ti’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:618:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:618:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:621:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:621:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:622:8: branch_false: following ‘false’ branch (when ‘req’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:625:18: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:627:14: danger: ‘req’ leaks here; was allocated at [(5)](sarif:/runs/0/results/34/codeFlows/0/threadFlows/0/locations/4)
#  625|       req->flags = ti->flags & KRB5_OTP_FLAG_NEXTOTP;
#  626|   
#  627|->     retval = krb5int_copy_data_contents(ctx, &ti->vendor, &req->vendor);
#  628|       if (retval != 0)
#  629|           goto error;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def980]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:835:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:825:8: branch_false: following ‘false’ branch (when ‘out’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:827:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:827:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:829:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:833:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:835:9: danger: ‘<unknown>’ leaks here; was allocated at [(3)](sarif:/runs/0/results/35/codeFlows/0/threadFlows/0/locations/2)
#  833|       memset(out[0], 0, sizeof(krb5_pa_data));
#  834|       out[0]->pa_type = KRB5_PADATA_OTP_REQUEST;
#  835|->     if (encode_krb5_pa_otp_req(req, &tmp) != 0)
#  836|           goto error;
#  837|       out[0]->contents = (krb5_octet *)tmp->data;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def981]
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:835:9: warning[-Wanalyzer-malloc-leak]: leak of ‘out’
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:824:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:825:8: branch_false: following ‘false’ branch (when ‘out’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:827:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:829:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:833:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_otp.c:835:9: danger: ‘out’ leaks here; was allocated at [(1)](sarif:/runs/0/results/36/codeFlows/0/threadFlows/0/locations/0)
#  833|       memset(out[0], 0, sizeof(krb5_pa_data));
#  834|       out[0]->pa_type = KRB5_PADATA_OTP_REQUEST;
#  835|->     if (encode_krb5_pa_otp_req(req, &tmp) != 0)
#  836|           goto error;
#  837|       out[0]->contents = (krb5_octet *)tmp->data;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def982]
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:105:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:78:1: enter_function: entry to ‘krb5_responder_pkinit_get_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:92:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:95:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:96:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:100:11: call_function: inlined call to ‘k5alloc’ from ‘krb5_responder_pkinit_get_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:105:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:105:13: danger: ‘ptr’ leaks here; was allocated at [(8)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/7)
#  103|   
#  104|       /* Create the list of identities. */
#  105|->     n_ids = k5_json_object_count(j);
#  106|       chl->identities = k5calloc(n_ids + 1, sizeof(chl->identities[0]), &ret);
#  107|       if (chl->identities == NULL)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def983]
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:113:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:78:1: enter_function: entry to ‘krb5_responder_pkinit_get_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:92:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:95:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:96:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:100:11: call_function: inlined call to ‘k5alloc’ from ‘krb5_responder_pkinit_get_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:105:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:106:23: call_function: inlined call to ‘k5calloc’ from ‘krb5_responder_pkinit_get_challenge’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:107:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:111:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:113:5: danger: ‘ptr’ leaks here; was allocated at [(11)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/10)
#  111|       memset(&get_one_challenge_data, 0, sizeof(get_one_challenge_data));
#  112|       get_one_challenge_data.identities = chl->identities;
#  113|->     k5_json_object_iterate(j, get_one_challenge, &get_one_challenge_data);
#  114|       if (get_one_challenge_data.err != 0) {
#  115|           ret = get_one_challenge_data.err;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def984]
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:120:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:78:1: enter_function: entry to ‘krb5_responder_pkinit_get_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:92:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:95:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:96:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:100:11: call_function: inlined call to ‘k5alloc’ from ‘krb5_responder_pkinit_get_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:105:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:106:23: call_function: inlined call to ‘k5calloc’ from ‘krb5_responder_pkinit_get_challenge’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:107:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:111:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:114:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:120:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:120:5: danger: ‘ptr’ leaks here; was allocated at [(8)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/7)
#  118|   
#  119|       /* All done. */
#  120|->     k5_json_release(j);
#  121|       *chl_out = chl;
#  122|       return 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def985]
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:125:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:78:1: enter_function: entry to ‘krb5_responder_pkinit_get_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:92:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:95:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:96:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:100:11: call_function: inlined call to ‘k5alloc’ from ‘krb5_responder_pkinit_get_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:105:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:106:23: call_function: inlined call to ‘k5calloc’ from ‘krb5_responder_pkinit_get_challenge’
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:106:5: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:107:8: branch_true: following ‘true’ branch (when ‘ptr’ is NULL)...
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:108:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/preauth_pkinit.c:125:5: danger: ‘ptr’ leaks here; was allocated at [(8)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/7)
#  123|   
#  124|   failed:
#  125|->     k5_json_release(j);
#  126|       krb5_responder_pkinit_challenge_free(ctx, rctx, chl);
#  127|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def986]
krb5-1.21.3/src/lib/krb5/krb/random_str.c:54:15: warning[-Wanalyzer-malloc-leak]: leak of ‘bytes’
krb5-1.21.3/src/lib/krb5/krb/random_str.c:46:17: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/random_str.c:47:12: branch_false: following ‘false’ branch (when ‘bytes’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/random_str.c:52:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/random_str.c:54:15: danger: ‘bytes’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   52|           data.length = bytecount;
#   53|           data.data = (char *) bytes;
#   54|->         err = krb5_c_random_make_octets (context, &data);
#   55|       }
#   56|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def987]
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:59:15: warning[-Wanalyzer-malloc-leak]: leak of ‘plain.data’
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:43:1: enter_function: entry to ‘decrypt_encpart’
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:55:11: call_function: calling ‘alloc_data’ from ‘decrypt_encpart’
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:55:11: return_function: returning to ‘decrypt_encpart’ from ‘alloc_data’
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:56:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:58:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:58:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:59:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:59:15: danger: ‘plain.data’ leaks here; was allocated at [(4)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/3)
#   57|           return ret;
#   58|       if (authcon->recv_subkey != NULL) {
#   59|->         ret = krb5_k_decrypt(context, authcon->recv_subkey,
#   60|                                KRB5_KEYUSAGE_KRB_CRED_ENCPART, 0, ctext, &plain);
#   61|           decrypted = (ret == 0);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def988]
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:64:15: warning[-Wanalyzer-malloc-leak]: leak of ‘plain.data’
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:43:1: enter_function: entry to ‘decrypt_encpart’
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:52:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:55:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:55:11: call_function: calling ‘alloc_data’ from ‘decrypt_encpart’
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:55:11: return_function: returning to ‘decrypt_encpart’ from ‘alloc_data’
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:56:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:58:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:58:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:63:23: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:63:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:64:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:64:15: danger: ‘plain.data’ leaks here; was allocated at [(6)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/5)
#   62|       }
#   63|       if (!decrypted && authcon->key != NULL) {
#   64|->         ret = krb5_k_decrypt(context, authcon->key,
#   65|                                KRB5_KEYUSAGE_KRB_CRED_ENCPART, 0, ctext, &plain);
#   66|           decrypted = (ret == 0);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def989]
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:101:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:76:1: enter_function: entry to ‘make_cred_list’
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:89:12: call_function: inlined call to ‘k5calloc’ from ‘make_cred_list’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:95:17: branch_true: following ‘true’ branch (when ‘i < count’)...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:96:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:96:19: call_function: inlined call to ‘k5alloc’ from ‘make_cred_list’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:97:12: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:100:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:101:15: danger: ‘ptr’ leaks here; was allocated at [(9)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/8)
#   99|   
#  100|           info = encpart->ticket_info[i];
#  101|->         ret = krb5_copy_principal(context, info->client, &list[i]->client);
#  102|           if (ret)
#  103|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def990]
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:105:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:76:1: enter_function: entry to ‘make_cred_list’
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:89:12: call_function: inlined call to ‘k5calloc’ from ‘make_cred_list’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:95:17: branch_true: following ‘true’ branch (when ‘i < count’)...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:96:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:96:19: call_function: inlined call to ‘k5alloc’ from ‘make_cred_list’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:97:12: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:100:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:102:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:105:59: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:105:15: danger: ‘ptr’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  103|               goto cleanup;
#  104|   
#  105|->         ret = krb5_copy_principal(context, info->server, &list[i]->server);
#  106|           if (ret)
#  107|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def991]
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:109:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:76:1: enter_function: entry to ‘make_cred_list’
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:89:12: call_function: inlined call to ‘k5calloc’ from ‘make_cred_list’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:95:17: branch_true: following ‘true’ branch (when ‘i < count’)...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:96:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:96:19: call_function: inlined call to ‘k5alloc’ from ‘make_cred_list’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:97:12: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:100:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:102:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:105:59: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:106:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:110:44: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:109:15: danger: ‘ptr’ leaks here; was allocated at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#  107|               goto cleanup;
#  108|   
#  109|->         ret = krb5_copy_keyblock_contents(context, info->session,
#  110|                                             &list[i]->keyblock);
#  111|           if (ret)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def992]
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:114:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:76:1: enter_function: entry to ‘make_cred_list’
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:89:12: call_function: inlined call to ‘k5calloc’ from ‘make_cred_list’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:95:17: branch_true: following ‘true’ branch (when ‘i < count’)...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:96:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:96:19: call_function: inlined call to ‘k5alloc’ from ‘make_cred_list’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:97:12: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:100:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:102:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:105:59: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:106:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:110:44: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:111:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:114:59: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:114:15: danger: ‘ptr’ leaks here; was allocated at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2)
#  112|               goto cleanup;
#  113|   
#  114|->         ret = krb5_copy_addresses(context, info->caddrs, &list[i]->addresses);
#  115|           if (ret)
#  116|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def993]
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:118:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:76:1: enter_function: entry to ‘make_cred_list’
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:89:12: call_function: inlined call to ‘k5calloc’ from ‘make_cred_list’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:95:17: branch_true: following ‘true’ branch (when ‘i < count’)...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:96:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:96:19: call_function: inlined call to ‘k5alloc’ from ‘make_cred_list’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:97:12: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:100:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:102:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:105:59: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:106:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:110:44: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:111:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:114:59: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:115:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:118:34: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:118:15: danger: ‘ptr’ leaks here; was allocated at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
#  116|               goto cleanup;
#  117|   
#  118|->         ret = encode_krb5_ticket(krbcred->tickets[i], &ticket_data);
#  119|           if (ret)
#  120|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def994]
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:136:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:76:1: enter_function: entry to ‘make_cred_list’
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:89:12: call_function: inlined call to ‘k5calloc’ from ‘make_cred_list’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:95:17: branch_true: following ‘true’ branch (when ‘i < count’)...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:96:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:96:19: call_function: inlined call to ‘k5alloc’ from ‘make_cred_list’
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:96:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:97:12: branch_true: following ‘true’ branch (when ‘ptr’ is NULL)...
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:98:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_cred.c:136:5: danger: ‘ptr’ leaks here; was allocated at [(3)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/2)
#  134|   
#  135|   cleanup:
#  136|->     krb5_free_tgt_creds(context, list);
#  137|       return ret;
#  138|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def995]
krb5-1.21.3/src/lib/krb5/krb/rd_priv.c:68:11: warning[-Wanalyzer-malloc-leak]: leak of ‘plaintext.data’
krb5-1.21.3/src/lib/krb5/krb/rd_priv.c:44:1: enter_function: entry to ‘read_krbpriv’
krb5-1.21.3/src/lib/krb5/krb/rd_priv.c:55:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_priv.c:60:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_priv.c:63:41: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_priv.c:63:11: call_function: calling ‘alloc_data’ from ‘read_krbpriv’
krb5-1.21.3/src/lib/krb5/krb/rd_priv.c:63:11: return_function: returning to ‘read_krbpriv’ from ‘alloc_data’
krb5-1.21.3/src/lib/krb5/krb/rd_priv.c:64:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_priv.c:67:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_priv.c:67:14: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_priv.c:69:26: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_priv.c:68:11: danger: ‘plaintext.data’ leaks here; was allocated at [(8)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/7)
#   66|   
#   67|       cstate = (authcon->cstate.length > 0) ? &authcon->cstate : NULL;
#   68|->     ret = krb5_k_decrypt(context, key, KRB5_KEYUSAGE_KRB_PRIV_ENCPART, cstate,
#   69|                            &privmsg->enc_part, &plaintext);
#   70|       if (ret)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def996]
krb5-1.21.3/src/lib/krb5/krb/rd_rep.c:95:14: warning[-Wanalyzer-malloc-leak]: leak of ‘scratch.data’
krb5-1.21.3/src/lib/krb5/krb/rd_rep.c:79:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_rep.c:84:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_rep.c:88:27: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_rep.c:89:20: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/rd_rep.c:90:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_rep.c:97:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_rep.c:95:14: danger: ‘scratch.data’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#   93|       }
#   94|   
#   95|->     retval = krb5_k_decrypt(context, auth_context->key,
#   96|                               KRB5_KEYUSAGE_AP_REP_ENCPART, 0,
#   97|                               &reply->enc_part, &scratch);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def997]
krb5-1.21.3/src/lib/krb5/krb/rd_rep.c:172:19: warning[-Wanalyzer-malloc-leak]: leak of ‘scratch.data’
krb5-1.21.3/src/lib/krb5/krb/rd_rep.c:156:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_rep.c:161:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_rep.c:166:27: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_rep.c:167:26: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/rd_rep.c:167:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_rep.c:174:34: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_rep.c:172:19: danger: ‘scratch.data’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  170|       }
#  171|   
#  172|->     if ((retval = krb5_k_decrypt(context, auth_context->key,
#  173|                                    KRB5_KEYUSAGE_AP_REP_ENCPART, 0,
#  174|                                    &reply->enc_part, &scratch)))

Error: CPPCHECK_WARNING (CWE-401): [#def998]
krb5-1.21.3/src/lib/krb5/krb/rd_req_dec.c:663: error[memleakOnRealloc]: Common realloc mistake: 'desired_etypes' nulled but not freed upon failure
#  661|           desired_etypes = (krb5_enctype *)calloc(4, sizeof(krb5_enctype));
#  662|       else
#  663|->         desired_etypes = (krb5_enctype *)realloc(desired_etypes,
#  664|                                                    (rfc4537_etypes_len + 4) *
#  665|                                                    sizeof(krb5_enctype));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def999]
krb5-1.21.3/src/lib/krb5/krb/rd_req_dec.c:834:19: warning[-Wanalyzer-malloc-leak]: leak of ‘scratch.data’
krb5-1.21.3/src/lib/krb5/krb/rd_req_dec.c:831:26: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/rd_req_dec.c:831:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/rd_req_dec.c:834:19: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/rd_req_dec.c:834:19: danger: ‘scratch.data’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  832|           return(ENOMEM);
#  833|   
#  834|->     if ((retval = krb5_c_decrypt(context, sesskey,
#  835|                                    is_ap_req?KRB5_KEYUSAGE_AP_REQ_AUTH:
#  836|                                    KRB5_KEYUSAGE_TGS_REQ_AUTH, 0,

Error: CPPCHECK_WARNING (CWE-415): [#def1000]
krb5-1.21.3/src/lib/krb5/krb/recvauth.c:107: error[doubleFree]: Memory pointed to by 'data' is freed twice.
#  105|           *version = inbuf;
#  106|       else
#  107|->         free(inbuf.data);
#  108|   
#  109|       /*

Error: CPPCHECK_WARNING (CWE-415): [#def1001]
krb5-1.21.3/src/lib/krb5/krb/recvauth.c:142: error[doubleFree]: Memory pointed to by 'data' is freed twice.
#  140|           problem = krb5_rd_req(context, auth_context, &inbuf, server,
#  141|                                 keytab, &ap_option, ticket);
#  142|->         free(inbuf.data);
#  143|       }
#  144|   

Error: CPPCHECK_WARNING (CWE-476): [#def1002]
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:111: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: p
#  109|           return ENOMEM;
#  110|   
#  111|->     p[0] = (req->user->type >> 0) & 0xFF;
#  112|       p[1] = (req->user->type >> 8) & 0xFF;
#  113|       p[2] = (req->user->type >> 16) & 0xFF;

Error: CPPCHECK_WARNING (CWE-476): [#def1003]
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:112: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: p
#  110|   
#  111|       p[0] = (req->user->type >> 0) & 0xFF;
#  112|->     p[1] = (req->user->type >> 8) & 0xFF;
#  113|       p[2] = (req->user->type >> 16) & 0xFF;
#  114|       p[3] = (req->user->type >> 24) & 0xFF;

Error: CPPCHECK_WARNING (CWE-476): [#def1004]
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:113: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: p
#  111|       p[0] = (req->user->type >> 0) & 0xFF;
#  112|       p[1] = (req->user->type >> 8) & 0xFF;
#  113|->     p[2] = (req->user->type >> 16) & 0xFF;
#  114|       p[3] = (req->user->type >> 24) & 0xFF;
#  115|       p += 4;

Error: CPPCHECK_WARNING (CWE-476): [#def1005]
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:114: warning[nullPointerOutOfMemory]: If memory allocation fails, then there is a possible null pointer dereference: p
#  112|       p[1] = (req->user->type >> 8) & 0xFF;
#  113|       p[2] = (req->user->type >> 16) & 0xFF;
#  114|->     p[3] = (req->user->type >> 24) & 0xFF;
#  115|       p += 4;
#  116|   

Error: CPPCHECK_WARNING (CWE-682): [#def1006]
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:115: error[nullPointerArithmeticOutOfMemory]: If memory allocation fails: pointer addition with NULL pointer.
#  113|       p[2] = (req->user->type >> 16) & 0xFF;
#  114|       p[3] = (req->user->type >> 24) & 0xFF;
#  115|->     p += 4;
#  116|   
#  117|       for (i = 0; i < req->user->length; i++) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1007]
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:131:12: warning[-Wanalyzer-malloc-leak]: leak of ‘data.data’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:418:1: enter_function: entry to ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:464:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:467:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:474:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:477:19: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:481:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:484:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:488:12: call_function: calling ‘convert_to_enterprise’ from ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:488:12: return_function: returning to ‘krb5_get_self_cred_from_kdc’ from ‘convert_to_enterprise’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:489:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:494:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:499:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:501:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:507:10: branch_true: following ‘true’ branch (when ‘referral_count != 10’)...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:511:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:515:21: call_function: inlined call to ‘k5calloc’ from ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:519:24: call_function: inlined call to ‘k5alloc’ from ‘krb5_get_self_cred_from_kdc’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:520:12: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:525:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:530:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:531:20: call_function: calling ‘build_pa_for_user’ from ‘krb5_get_self_cred_from_kdc’
#  129|   
#  130|       /* Per spec, use hmac-md5 checksum regardless of key type. */
#  131|->     code = krb5_c_make_checksum(context, CKSUMTYPE_HMAC_MD5_ARCFOUR, key,
#  132|                                   KRB5_KEYUSAGE_APP_DATA_CKSUM, &data,
#  133|                                   cksum);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1008]
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:131:12: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:418:1: enter_function: entry to ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:464:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:467:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:474:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:477:19: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:481:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:484:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:488:12: call_function: calling ‘convert_to_enterprise’ from ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:488:12: return_function: returning to ‘krb5_get_self_cred_from_kdc’ from ‘convert_to_enterprise’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:489:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:494:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:499:8: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:507:10: branch_true: following ‘true’ branch (when ‘referral_count != 10’)...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:511:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:515:21: call_function: inlined call to ‘k5calloc’ from ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:519:24: call_function: inlined call to ‘k5alloc’ from ‘krb5_get_self_cred_from_kdc’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:520:12: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:525:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:530:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:531:20: call_function: calling ‘build_pa_for_user’ from ‘krb5_get_self_cred_from_kdc’
#  129|   
#  130|       /* Per spec, use hmac-md5 checksum regardless of key type. */
#  131|->     code = krb5_c_make_checksum(context, CKSUMTYPE_HMAC_MD5_ARCFOUR, key,
#  132|                                   KRB5_KEYUSAGE_APP_DATA_CKSUM, &data,
#  133|                                   cksum);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1009]
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:165:12: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:418:1: enter_function: entry to ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:464:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:467:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:474:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:477:19: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:481:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:484:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:488:12: call_function: calling ‘convert_to_enterprise’ from ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:488:12: return_function: returning to ‘krb5_get_self_cred_from_kdc’ from ‘convert_to_enterprise’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:489:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:494:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:499:8: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:507:10: branch_true: following ‘true’ branch (when ‘referral_count != 10’)...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:511:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:515:21: call_function: inlined call to ‘k5calloc’ from ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:519:24: call_function: inlined call to ‘k5alloc’ from ‘krb5_get_self_cred_from_kdc’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:520:12: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:525:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:530:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:531:20: call_function: calling ‘build_pa_for_user’ from ‘krb5_get_self_cred_from_kdc’
#  163|           goto cleanup;
#  164|   
#  165|->     code = encode_krb5_pa_for_user(&for_user, &for_user_data);
#  166|       if (code != 0)
#  167|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1010]
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:187:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:418:1: enter_function: entry to ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:464:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:467:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:474:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:477:19: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:481:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:484:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:488:12: call_function: calling ‘convert_to_enterprise’ from ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:488:12: return_function: returning to ‘krb5_get_self_cred_from_kdc’ from ‘convert_to_enterprise’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:489:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:494:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:499:8: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:507:10: branch_true: following ‘true’ branch (when ‘referral_count != 10’)...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:511:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:515:21: call_function: inlined call to ‘k5calloc’ from ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:519:24: call_function: inlined call to ‘k5alloc’ from ‘krb5_get_self_cred_from_kdc’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:520:12: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:525:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:530:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:531:20: call_function: calling ‘build_pa_for_user’ from ‘krb5_get_self_cred_from_kdc’
#  185|   cleanup:
#  186|       if (for_user.cksum.contents != NULL)
#  187|->         krb5_free_checksum_contents(context, &for_user.cksum);
#  188|       krb5_free_data(context, for_user_data);
#  189|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1011]
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:187:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:418:1: enter_function: entry to ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:464:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:467:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:474:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:477:19: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:481:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:484:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:488:12: call_function: calling ‘convert_to_enterprise’ from ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:488:12: return_function: returning to ‘krb5_get_self_cred_from_kdc’ from ‘convert_to_enterprise’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:489:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:494:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:499:8: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:507:10: branch_true: following ‘true’ branch (when ‘referral_count != 10’)...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:511:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:515:21: call_function: inlined call to ‘k5calloc’ from ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:519:24: call_function: inlined call to ‘k5alloc’ from ‘krb5_get_self_cred_from_kdc’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:520:12: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:525:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:530:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:531:20: call_function: calling ‘build_pa_for_user’ from ‘krb5_get_self_cred_from_kdc’
#  185|   cleanup:
#  186|       if (for_user.cksum.contents != NULL)
#  187|->         krb5_free_checksum_contents(context, &for_user.cksum);
#  188|       krb5_free_data(context, for_user_data);
#  189|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1012]
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:188:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:418:1: enter_function: entry to ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:464:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:467:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:474:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:477:19: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:481:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:484:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:488:12: call_function: calling ‘convert_to_enterprise’ from ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:488:12: return_function: returning to ‘krb5_get_self_cred_from_kdc’ from ‘convert_to_enterprise’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:489:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:494:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:499:8: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:507:10: branch_true: following ‘true’ branch (when ‘referral_count != 10’)...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:511:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:515:21: call_function: inlined call to ‘k5calloc’ from ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:519:24: call_function: inlined call to ‘k5alloc’ from ‘krb5_get_self_cred_from_kdc’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:520:12: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:525:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:530:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:531:20: call_function: calling ‘build_pa_for_user’ from ‘krb5_get_self_cred_from_kdc’
#  186|       if (for_user.cksum.contents != NULL)
#  187|           krb5_free_checksum_contents(context, &for_user.cksum);
#  188|->     krb5_free_data(context, for_user_data);
#  189|   
#  190|       return code;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1013]
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:521:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:418:1: enter_function: entry to ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:464:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:467:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:474:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:477:19: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:481:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:484:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:488:12: call_function: calling ‘convert_to_enterprise’ from ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:488:12: return_function: returning to ‘krb5_get_self_cred_from_kdc’ from ‘convert_to_enterprise’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:489:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:494:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:499:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:501:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:507:10: branch_true: following ‘true’ branch (when ‘referral_count != 10’)...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:511:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:515:21: call_function: inlined call to ‘k5calloc’ from ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:519:24: call_function: inlined call to ‘k5alloc’ from ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:519:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:520:12: branch_true: following ‘true’ branch (when ‘ptr’ is NULL)...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:521:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:521:13: danger: ‘ptr’ leaks here; was allocated at [(20)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/19)
#  519|           in_padata[0] = k5alloc(sizeof(krb5_pa_data), &code);
#  520|           if (in_padata[0] == NULL) {
#  521|->             krb5_free_pa_data(context, in_padata);
#  522|               goto cleanup;
#  523|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1014]
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:557:16: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:418:1: enter_function: entry to ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:464:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:467:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:474:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:477:19: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:481:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:484:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:488:12: call_function: calling ‘convert_to_enterprise’ from ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:488:12: return_function: returning to ‘krb5_get_self_cred_from_kdc’ from ‘convert_to_enterprise’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:489:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:494:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:499:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:501:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:507:10: branch_true: following ‘true’ branch (when ‘referral_count != 10’)...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:511:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:515:21: call_function: inlined call to ‘k5calloc’ from ‘krb5_get_self_cred_from_kdc’
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:519:24: call_function: inlined call to ‘k5alloc’ from ‘krb5_get_self_cred_from_kdc’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:520:12: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:525:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/s4u_creds.c:557:16: danger: ‘ptr’ leaks here; was allocated at [(24)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/23)
#  555|           }
#  556|   
#  557|->         code = krb5_get_cred_via_tkt_ext(context, tgtptr,
#  558|                                            KDC_OPT_CANONICALIZE |
#  559|                                            FLAGS2OPTS(tgtptr->ticket_flags) |

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1015]
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:242:11: warning[-Wanalyzer-malloc-leak]: leak of ‘auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:251:1: enter_function: entry to ‘k5_internalize_auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:268:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: following ‘true’ branch (when ‘auth_context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:277:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:299:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:311:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:316:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:316:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:316:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:16: branch_true: following ‘true’ branch (when ‘kret == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:330:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:330:16: branch_true: following ‘true’ branch (when ‘kret == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:330:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:330:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:337:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:337:16: branch_true: following ‘true’ branch (when ‘kret == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:337:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:337:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:344:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:344:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:345:30: call_function: calling ‘intern_key’ from ‘k5_internalize_auth_context’
#  240|       krb5_error_code ret;
#  241|   
#  242|->     ret = k5_internalize_keyblock(&keyblock, bp, sp);
#  243|       if (ret != 0)
#  244|           return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1016]
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:245:11: warning[-Wanalyzer-malloc-leak]: leak of ‘auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:251:1: enter_function: entry to ‘k5_internalize_auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:268:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: following ‘true’ branch (when ‘auth_context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:277:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:299:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:311:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:316:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:316:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:316:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:16: branch_true: following ‘true’ branch (when ‘kret == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:330:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:330:16: branch_true: following ‘true’ branch (when ‘kret == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:330:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:330:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:337:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:337:16: branch_true: following ‘true’ branch (when ‘kret == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:337:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:337:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:344:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:344:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:345:30: call_function: calling ‘intern_key’ from ‘k5_internalize_auth_context’
#  243|       if (ret != 0)
#  244|           return ret;
#  245|->     ret = krb5_k_create_key(NULL, keyblock, key);
#  246|       krb5_free_keyblock(NULL, keyblock);
#  247|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1017]
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:277:20: warning[-Wanalyzer-malloc-leak]: leak of ‘auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:268:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: following ‘true’ branch (when ‘auth_context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:277:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:277:20: danger: ‘auth_context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#  275|   
#  276|               /* Get auth_context_flags */
#  277|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  278|               auth_context->auth_context_flags = ibuf;
#  279|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1018]
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:281:20: warning[-Wanalyzer-malloc-leak]: leak of ‘auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:268:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: following ‘true’ branch (when ‘auth_context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:277:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:281:20: danger: ‘auth_context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/4)
#  279|   
#  280|               /* Get remote_seq_number */
#  281|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  282|               auth_context->remote_seq_number = ibuf;
#  283|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1019]
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:285:20: warning[-Wanalyzer-malloc-leak]: leak of ‘auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:268:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: following ‘true’ branch (when ‘auth_context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:277:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:285:20: danger: ‘auth_context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4)
#  283|   
#  284|               /* Get local_seq_number */
#  285|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  286|               auth_context->local_seq_number = ibuf;
#  287|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1020]
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:289:20: warning[-Wanalyzer-malloc-leak]: leak of ‘auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:268:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: following ‘true’ branch (when ‘auth_context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:277:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:289:20: danger: ‘auth_context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/4)
#  287|   
#  288|               /* Get req_cksumtype */
#  289|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  290|               auth_context->req_cksumtype = (krb5_cksumtype) ibuf;
#  291|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1021]
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:293:20: warning[-Wanalyzer-malloc-leak]: leak of ‘auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:268:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: following ‘true’ branch (when ‘auth_context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:277:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:293:20: danger: ‘auth_context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/4)
#  291|   
#  292|               /* Get safe_cksumtype */
#  293|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  294|               auth_context->safe_cksumtype = (krb5_cksumtype) ibuf;
#  295|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1022]
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:297:20: warning[-Wanalyzer-malloc-leak]: leak of ‘auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:268:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: following ‘true’ branch (when ‘auth_context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:277:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:297:20: danger: ‘auth_context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/4)
#  295|   
#  296|               /* Get length of cstate */
#  297|->             (void) krb5_ser_unpack_int32(&cstate_len, &bp, &remain);
#  298|   
#  299|               if (cstate_len) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1023]
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:302:28: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:251:1: enter_function: entry to ‘k5_internalize_auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:268:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: following ‘true’ branch (when ‘auth_context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:277:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:299:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:300:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:300:24: call_function: calling ‘alloc_data’ from ‘k5_internalize_auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:300:24: return_function: returning to ‘k5_internalize_auth_context’ from ‘alloc_data’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:301:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:302:28: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:302:28: danger: ‘<unknown>’ leaks here; was allocated at [(12)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/11)
#  300|                   kret = alloc_data(&auth_context->cstate, cstate_len);
#  301|                   if (!kret) {
#  302|->                     kret = krb5_ser_unpack_bytes((krb5_octet *)
#  303|                                                    auth_context->cstate.data,
#  304|                                                    cstate_len, &bp, &remain);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1024]
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:302:28: warning[-Wanalyzer-malloc-leak]: leak of ‘auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:251:1: enter_function: entry to ‘k5_internalize_auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:268:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: following ‘true’ branch (when ‘auth_context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:277:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:299:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:300:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:300:24: call_function: calling ‘alloc_data’ from ‘k5_internalize_auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:300:24: return_function: returning to ‘k5_internalize_auth_context’ from ‘alloc_data’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:301:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:302:28: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:302:28: danger: ‘auth_context’ leaks here; was allocated at [(6)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/5)
#  300|                   kret = alloc_data(&auth_context->cstate, cstate_len);
#  301|                   if (!kret) {
#  302|->                     kret = krb5_ser_unpack_bytes((krb5_octet *)
#  303|                                                    auth_context->cstate.data,
#  304|                                                    cstate_len, &bp, &remain);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1025]
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:313:24: warning[-Wanalyzer-malloc-leak]: leak of ‘auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:268:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: following ‘true’ branch (when ‘auth_context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:277:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:299:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:311:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:313:24: danger: ‘auth_context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/4)
#  311|               tag = 0;
#  312|               if (!kret)
#  313|->                 kret = krb5_ser_unpack_int32(&tag, &bp, &remain);
#  314|   
#  315|               /* This is the remote_addr */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1026]
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:317:30: warning[-Wanalyzer-malloc-leak]: leak of ‘auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:268:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: following ‘true’ branch (when ‘auth_context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:277:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:299:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:311:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:316:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:317:30: danger: ‘auth_context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/4)
#  315|               /* This is the remote_addr */
#  316|               if (!kret && (tag == TOKEN_RADDR)) {
#  317|->                 if (!(kret = k5_internalize_address(&auth_context->remote_addr,
#  318|                                                       &bp, &remain)))
#  319|                       kret = krb5_ser_unpack_int32(&tag, &bp, &remain);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1027]
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:324:30: warning[-Wanalyzer-malloc-leak]: leak of ‘auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:268:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: following ‘true’ branch (when ‘auth_context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:277:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:299:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:311:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:316:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:316:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:316:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:324:30: danger: ‘auth_context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/4)
#  322|               /* This is the remote_port */
#  323|               if (!kret && (tag == TOKEN_RPORT)) {
#  324|->                 if (!(kret = k5_internalize_address(&auth_context->remote_port,
#  325|                                                       &bp, &remain)))
#  326|                       kret = krb5_ser_unpack_int32(&tag, &bp, &remain);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1028]
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:331:30: warning[-Wanalyzer-malloc-leak]: leak of ‘auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:268:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: following ‘true’ branch (when ‘auth_context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:277:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:299:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:311:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:316:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:316:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:316:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:16: branch_true: following ‘true’ branch (when ‘kret == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:330:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:330:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:331:30: danger: ‘auth_context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/4)
#  329|               /* This is the local_addr */
#  330|               if (!kret && (tag == TOKEN_LADDR)) {
#  331|->                 if (!(kret = k5_internalize_address(&auth_context->local_addr,
#  332|                                                       &bp, &remain)))
#  333|                       kret = krb5_ser_unpack_int32(&tag, &bp, &remain);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1029]
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:338:30: warning[-Wanalyzer-malloc-leak]: leak of ‘auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:268:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: following ‘true’ branch (when ‘auth_context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:277:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:299:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:311:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:316:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:316:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:316:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:16: branch_true: following ‘true’ branch (when ‘kret == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:330:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:330:16: branch_true: following ‘true’ branch (when ‘kret == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:330:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:330:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:337:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:337:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:338:30: danger: ‘auth_context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/4)
#  336|               /* This is the local_port */
#  337|               if (!kret && (tag == TOKEN_LPORT)) {
#  338|->                 if (!(kret = k5_internalize_address(&auth_context->local_port,
#  339|                                                       &bp, &remain)))
#  340|                       kret = krb5_ser_unpack_int32(&tag, &bp, &remain);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1030]
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:374:24: warning[-Wanalyzer-malloc-leak]: leak of ‘auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:268:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: following ‘true’ branch (when ‘auth_context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:277:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:299:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:311:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:316:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:316:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:316:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:16: branch_true: following ‘true’ branch (when ‘kret == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:323:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:330:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:330:16: branch_true: following ‘true’ branch (when ‘kret == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:330:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:330:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:337:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:337:16: branch_true: following ‘true’ branch (when ‘kret == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:337:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:337:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:344:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:344:16: branch_true: following ‘true’ branch (when ‘kret == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:344:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:344:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:350:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:350:16: branch_true: following ‘true’ branch (when ‘kret == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:350:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:350:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:357:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:357:16: branch_true: following ‘true’ branch (when ‘kret == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:358:21: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:358:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:367:24: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:373:16: branch_true: following ‘true’ branch (when ‘kret == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:374:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:374:24: danger: ‘auth_context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/4)
#  372|               /* Now find the authentp */
#  373|               if (!kret) {
#  374|->                 kret = k5_internalize_authenticator(&auth_context->authentp,
#  375|                                                       &bp, &remain);
#  376|                   if (kret == EINVAL)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1031]
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:393:17: warning[-Wanalyzer-malloc-leak]: leak of ‘auth_context’
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:268:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:274:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:272:13: branch_true: following ‘true’ branch (when ‘auth_context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:277:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:316:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:393:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_actx.c:393:17: danger: ‘auth_context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/4)
#  391|               }
#  392|               else
#  393|->                 krb5_auth_con_free(NULL, auth_context);
#  394|           }
#  395|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1032]
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:121:20: warning[-Wanalyzer-malloc-leak]: leak of ‘authdata’
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:113:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:117:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:117:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:118:43: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:118:43: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:117:13: branch_true: following ‘true’ branch (when ‘authdata’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:121:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:121:20: danger: ‘authdata’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  119|   
#  120|               /* Get the ad_type */
#  121|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  122|               authdata->ad_type = (krb5_authdatatype) ibuf;
#  123|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1033]
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:125:20: warning[-Wanalyzer-malloc-leak]: leak of ‘authdata’
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:113:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:117:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:117:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:118:43: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:118:43: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:117:13: branch_true: following ‘true’ branch (when ‘authdata’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:121:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:125:20: danger: ‘authdata’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  123|   
#  124|               /* Get the length */
#  125|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  126|               authdata->length = (int) ibuf;
#  127|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1034]
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:131:26: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:113:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:117:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:117:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:118:43: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:117:13: branch_true: following ‘true’ branch (when ‘authdata’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:121:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:130:18: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:129:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:131:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:131:26: danger: ‘<unknown>’ leaks here; was allocated at [(7)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/6)
#  129|               if ((authdata->contents = (krb5_octet *)
#  130|                    malloc((size_t) (ibuf))) &&
#  131|->                 !(kret = krb5_ser_unpack_bytes(authdata->contents,
#  132|                                                  (size_t) ibuf,
#  133|                                                  &bp, &remain))) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1035]
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:131:26: warning[-Wanalyzer-malloc-leak]: leak of ‘authdata’
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:113:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:117:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:117:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:118:43: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:118:43: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:117:13: branch_true: following ‘true’ branch (when ‘authdata’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:121:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:129:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:131:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:131:26: danger: ‘authdata’ leaks here; was allocated at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#  129|               if ((authdata->contents = (krb5_octet *)
#  130|                    malloc((size_t) (ibuf))) &&
#  131|->                 !(kret = krb5_ser_unpack_bytes(authdata->contents,
#  132|                                                  (size_t) ibuf,
#  133|                                                  &bp, &remain))) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1036]
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:134:29: warning[-Wanalyzer-malloc-leak]: leak of ‘authdata’
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:113:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:117:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:117:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:118:43: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:118:43: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:117:13: branch_true: following ‘true’ branch (when ‘authdata’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:121:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:129:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:131:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:129:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:134:29: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_adata.c:134:29: danger: ‘authdata’ leaks here; was allocated at [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4)
#  132|                                                  (size_t) ibuf,
#  133|                                                  &bp, &remain))) {
#  134|->                 if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
#  135|                       ibuf = 0;
#  136|                   if (ibuf == KV5M_AUTHDATA) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1037]
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:124:20: warning[-Wanalyzer-malloc-leak]: leak of ‘address’
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:114:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:118:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:118:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:119:41: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:119:41: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:118:13: branch_true: following ‘true’ branch (when ‘address’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:121:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:124:20: danger: ‘address’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  122|   
#  123|               /* Get the addrtype */
#  124|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  125|               address->addrtype = (krb5_addrtype) ibuf;
#  126|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1038]
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:128:20: warning[-Wanalyzer-malloc-leak]: leak of ‘address’
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:114:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:118:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:118:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:119:41: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:119:41: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:118:13: branch_true: following ‘true’ branch (when ‘address’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:121:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:128:20: danger: ‘address’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  126|   
#  127|               /* Get the length */
#  128|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  129|               address->length = (int) ibuf;
#  130|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1039]
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:133:26: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:114:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:118:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:118:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:119:41: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:118:13: branch_true: following ‘true’ branch (when ‘address’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:121:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:132:53: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:132:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:133:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:133:26: danger: ‘<unknown>’ leaks here; was allocated at [(7)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/6)
#  131|               /* Get the string */
#  132|               if ((address->contents = (krb5_octet *) malloc((size_t) (ibuf))) &&
#  133|->                 !(kret = krb5_ser_unpack_bytes(address->contents,
#  134|                                                  (size_t) ibuf,
#  135|                                                  &bp, &remain))) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1040]
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:133:26: warning[-Wanalyzer-malloc-leak]: leak of ‘address’
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:114:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:118:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:118:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:119:41: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:119:41: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:118:13: branch_true: following ‘true’ branch (when ‘address’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:121:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:132:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:133:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:133:26: danger: ‘address’ leaks here; was allocated at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#  131|               /* Get the string */
#  132|               if ((address->contents = (krb5_octet *) malloc((size_t) (ibuf))) &&
#  133|->                 !(kret = krb5_ser_unpack_bytes(address->contents,
#  134|                                                  (size_t) ibuf,
#  135|                                                  &bp, &remain))) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1041]
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:137:29: warning[-Wanalyzer-malloc-leak]: leak of ‘address’
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:114:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:118:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:118:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:119:41: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:119:41: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:118:13: branch_true: following ‘true’ branch (when ‘address’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:121:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:132:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:133:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:132:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:137:29: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_addr.c:137:29: danger: ‘address’ leaks here; was allocated at [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4)
#  135|                                                  &bp, &remain))) {
#  136|                   /* Get the trailer */
#  137|->                 if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
#  138|                       ibuf = 0;
#  139|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1042]
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:191:20: warning[-Wanalyzer-malloc-leak]: leak of ‘authenticator’
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:182:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:186:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:186:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:188:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:188:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:186:13: branch_true: following ‘true’ branch (when ‘authenticator’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:191:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:191:20: danger: ‘authenticator’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  189|   
#  190|               /* Get ctime */
#  191|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  192|               authenticator->ctime = (krb5_timestamp) ibuf;
#  193|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1043]
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:195:20: warning[-Wanalyzer-malloc-leak]: leak of ‘authenticator’
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:182:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:186:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:186:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:188:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:188:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:186:13: branch_true: following ‘true’ branch (when ‘authenticator’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:191:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:195:20: danger: ‘authenticator’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  193|   
#  194|               /* Get cusec */
#  195|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  196|               authenticator->cusec = ibuf;
#  197|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1044]
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:199:20: warning[-Wanalyzer-malloc-leak]: leak of ‘authenticator’
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:182:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:186:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:186:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:188:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:188:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:186:13: branch_true: following ‘true’ branch (when ‘authenticator’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:191:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:199:20: danger: ‘authenticator’ leaks here; was allocated at [(5)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/4)
#  197|   
#  198|               /* Get seq_number */
#  199|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  200|               authenticator->seq_number = ibuf;
#  201|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1045]
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:205:20: warning[-Wanalyzer-malloc-leak]: leak of ‘authenticator’
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:182:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:186:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:186:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:188:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:188:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:186:13: branch_true: following ‘true’ branch (when ‘authenticator’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:191:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_auth.c:205:20: danger: ‘authenticator’ leaks here; was allocated at [(5)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/4)
#  203|   
#  204|               /* Attempt to read in the client */
#  205|->             kret = k5_internalize_principal(&authenticator->client,
#  206|                                               &bp, &remain);
#  207|               if (kret == EINVAL)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1046]
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:121:20: warning[-Wanalyzer-malloc-leak]: leak of ‘checksum’
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:114:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:118:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:118:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:119:43: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:119:43: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:118:13: branch_true: following ‘true’ branch (when ‘checksum’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:121:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:121:20: danger: ‘checksum’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  119|               (checksum = (krb5_checksum *) calloc(1, sizeof(krb5_checksum)))) {
#  120|               /* Get the checksum_type */
#  121|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  122|               checksum->checksum_type = (krb5_cksumtype) ibuf;
#  123|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1047]
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:125:20: warning[-Wanalyzer-malloc-leak]: leak of ‘checksum’
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:114:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:118:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:118:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:119:43: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:119:43: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:118:13: branch_true: following ‘true’ branch (when ‘checksum’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:121:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:125:20: danger: ‘checksum’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  123|   
#  124|               /* Get the length */
#  125|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  126|               checksum->length = (int) ibuf;
#  127|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1048]
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:132:27: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:114:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:118:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:118:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:119:43: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:118:13: branch_true: following ‘true’ branch (when ‘checksum’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:121:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:129:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:131:19: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:131:19: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:129:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:132:27: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:132:27: danger: ‘<unknown>’ leaks here; was allocated at [(9)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/8)
#  130|                   ((checksum->contents = (krb5_octet *)
#  131|                     malloc((size_t) (ibuf))) &&
#  132|->                  !(kret = krb5_ser_unpack_bytes(checksum->contents,
#  133|                                                   (size_t) ibuf,
#  134|                                                   &bp, &remain)))) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1049]
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:132:27: warning[-Wanalyzer-malloc-leak]: leak of ‘checksum’
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:114:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:118:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:118:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:119:43: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:119:43: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:118:13: branch_true: following ‘true’ branch (when ‘checksum’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:121:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:129:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:131:19: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:129:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:132:27: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:132:27: danger: ‘checksum’ leaks here; was allocated at [(5)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/4)
#  130|                   ((checksum->contents = (krb5_octet *)
#  131|                     malloc((size_t) (ibuf))) &&
#  132|->                  !(kret = krb5_ser_unpack_bytes(checksum->contents,
#  133|                                                   (size_t) ibuf,
#  134|                                                   &bp, &remain)))) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1050]
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:137:24: warning[-Wanalyzer-malloc-leak]: leak of ‘checksum’
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:114:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:118:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:118:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:119:43: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:119:43: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:118:13: branch_true: following ‘true’ branch (when ‘checksum’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:121:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:129:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:137:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_cksum.c:137:24: danger: ‘checksum’ leaks here; was allocated at [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4)
#  135|   
#  136|                   /* Get the trailer */
#  137|->                 kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  138|                   if (!kret && (ibuf == KV5M_CHECKSUM)) {
#  139|                       checksum->magic = KV5M_CHECKSUM;

Error: COMPILER_WARNING (CWE-704): [#def1051]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:30:17: warning[-Wlto-type-mismatch]: type of ‘profile_ser_size’ does not match original declaration
#   30 | krb5_error_code profile_ser_size(krb5_context, profile_t, size_t *);
#      |                 ^
krb5-1.21.3/src/util/profile/prof_init.c:524:11: note: return value type mismatch
#  524 | errcode_t profile_ser_size(const char *unused, profile_t profile,
#      |           ^
krb5-1.21.3/src/util/profile/prof_init.c:524:11: note: type ‘errcode_t’ should match type ‘krb5_error_code’
krb5-1.21.3/src/util/profile/prof_init.c:524:11: note: ‘profile_ser_size’ was previously declared here
krb5-1.21.3/src/util/profile/prof_init.c:524:11: note: code may be misoptimized unless ‘-fno-strict-aliasing’ is used
#   28|   #include "int-proto.h"
#   29|   
#   30|-> krb5_error_code profile_ser_size(krb5_context, profile_t, size_t *);
#   31|   krb5_error_code profile_ser_externalize(krb5_context, profile_t,
#   32|                                           krb5_octet **, size_t *);

Error: COMPILER_WARNING (CWE-704): [#def1052]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:31:17: warning[-Wlto-type-mismatch]: type of ‘profile_ser_externalize’ does not match original declaration
#   31 | krb5_error_code profile_ser_externalize(krb5_context, profile_t,
#      |                 ^
krb5-1.21.3/src/util/profile/prof_init.c:546:11: note: return value type mismatch
#  546 | errcode_t profile_ser_externalize(const char *unused, profile_t profile,
#      |           ^
krb5-1.21.3/src/util/profile/prof_init.c:546:11: note: type ‘errcode_t’ should match type ‘krb5_error_code’
krb5-1.21.3/src/util/profile/prof_init.c:546:11: note: ‘profile_ser_externalize’ was previously declared here
krb5-1.21.3/src/util/profile/prof_init.c:546:11: note: code may be misoptimized unless ‘-fno-strict-aliasing’ is used
#   29|   
#   30|   krb5_error_code profile_ser_size(krb5_context, profile_t, size_t *);
#   31|-> krb5_error_code profile_ser_externalize(krb5_context, profile_t,
#   32|                                           krb5_octet **, size_t *);
#   33|   krb5_error_code profile_ser_internalize(krb5_context, profile_t *,

Error: COMPILER_WARNING (CWE-704): [#def1053]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:33:17: warning[-Wlto-type-mismatch]: type of ‘profile_ser_internalize’ does not match original declaration
#   33 | krb5_error_code profile_ser_internalize(krb5_context, profile_t *,
#      |                 ^
krb5-1.21.3/src/util/profile/prof_init.c:600:11: note: return value type mismatch
#  600 | errcode_t profile_ser_internalize(const char *unused, profile_t *profilep,
#      |           ^
krb5-1.21.3/src/util/profile/prof_init.c:600:11: note: type ‘errcode_t’ should match type ‘krb5_error_code’
krb5-1.21.3/src/util/profile/prof_init.c:600:11: note: ‘profile_ser_internalize’ was previously declared here
krb5-1.21.3/src/util/profile/prof_init.c:600:11: note: code may be misoptimized unless ‘-fno-strict-aliasing’ is used
#   31|   krb5_error_code profile_ser_externalize(krb5_context, profile_t,
#   32|                                           krb5_octet **, size_t *);
#   33|-> krb5_error_code profile_ser_internalize(krb5_context, profile_t *,
#   34|                                           krb5_octet **, size_t *);
#   35|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1054]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: warning[-Wanalyzer-malloc-leak]: leak of ‘context’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: danger: ‘context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  233|   
#  234|       /* Get the size of the default realm */
#  235|->     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
#  236|           goto cleanup;
#  237|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1055]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:245:16: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:239:50: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:239:43: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:240:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:245:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:245:16: danger: ‘<unknown>’ leaks here; was allocated at [(11)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/10)
#  243|           }
#  244|   
#  245|->         kret = krb5_ser_unpack_bytes((krb5_octet *) context->default_realm,
#  246|                                        (size_t) ibuf, &bp, &remain);
#  247|           if (kret)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1056]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:245:16: warning[-Wanalyzer-malloc-leak]: leak of ‘context’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:239:50: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:240:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:245:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:245:16: danger: ‘context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  243|           }
#  244|   
#  245|->         kret = krb5_ser_unpack_bytes((krb5_octet *) context->default_realm,
#  246|                                        (size_t) ibuf, &bp, &remain);
#  247|           if (kret)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1057]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:17: warning[-Wanalyzer-malloc-leak]: leak of ‘context’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:17: danger: ‘context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/4)
#  252|   
#  253|       /* Get the tgs_etypes */
#  254|->     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
#  255|           goto cleanup;
#  256|       count = ibuf;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1058]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:264:25: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:256:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:257:8: branch_true: following ‘true’ branch (when ‘count != 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:258:38: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:258:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:259:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:263:21: branch_true: following ‘true’ branch (when ‘i < count’)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:264:25: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:264:25: danger: ‘<unknown>’ leaks here; was allocated at [(15)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/14)
#  262|           }
#  263|           for (i = 0; i < count; i++) {
#  264|->             if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
#  265|                   goto cleanup;
#  266|               context->tgs_etypes[i] = ibuf;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1059]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:264:25: warning[-Wanalyzer-malloc-leak]: leak of ‘context’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:256:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:257:8: branch_true: following ‘true’ branch (when ‘count != 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:258:38: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:259:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:263:21: branch_true: following ‘true’ branch (when ‘i < count’)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:264:25: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:264:25: danger: ‘context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4)
#  262|           }
#  263|           for (i = 0; i < count; i++) {
#  264|->             if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
#  265|                   goto cleanup;
#  266|               context->tgs_etypes[i] = ibuf;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1060]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:273:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:256:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:257:8: branch_true: following ‘true’ branch (when ‘count != 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:258:38: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:258:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:259:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:273:17: danger: ‘<unknown>’ leaks here; was allocated at [(15)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/14)
#  271|   
#  272|       /* Allowable clockskew */
#  273|->     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
#  274|           goto cleanup;
#  275|       context->clockskew = (krb5_deltat) ibuf;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1061]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:273:17: warning[-Wanalyzer-malloc-leak]: leak of ‘context’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:256:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:257:8: branch_false: following ‘false’ branch (when ‘count == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:270:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:273:17: danger: ‘context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/4)
#  271|   
#  272|       /* Allowable clockskew */
#  273|->     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
#  274|           goto cleanup;
#  275|       context->clockskew = (krb5_deltat) ibuf;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1062]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:278:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:256:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:257:8: branch_true: following ‘true’ branch (when ‘count != 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:258:38: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:258:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:259:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:273:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:275:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:278:17: danger: ‘<unknown>’ leaks here; was allocated at [(15)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/14)
#  276|   
#  277|       /* kdc_default_options */
#  278|->     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
#  279|           goto cleanup;
#  280|       context->kdc_default_options = (krb5_flags) ibuf;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1063]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:278:17: warning[-Wanalyzer-malloc-leak]: leak of ‘context’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:256:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:257:8: branch_false: following ‘false’ branch (when ‘count == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:270:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:273:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:275:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:278:17: danger: ‘context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/4)
#  276|   
#  277|       /* kdc_default_options */
#  278|->     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
#  279|           goto cleanup;
#  280|       context->kdc_default_options = (krb5_flags) ibuf;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1064]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:283:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:256:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:257:8: branch_true: following ‘true’ branch (when ‘count != 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:258:38: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:258:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:259:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:273:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:275:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:278:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:280:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:283:17: danger: ‘<unknown>’ leaks here; was allocated at [(15)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/14)
#  281|   
#  282|       /* library_options */
#  283|->     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
#  284|           goto cleanup;
#  285|       context->library_options = (krb5_flags) ibuf;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1065]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:283:17: warning[-Wanalyzer-malloc-leak]: leak of ‘context’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:256:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:257:8: branch_false: following ‘false’ branch (when ‘count == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:270:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:273:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:275:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:278:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:280:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:283:17: danger: ‘context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/4)
#  281|   
#  282|       /* library_options */
#  283|->     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
#  284|           goto cleanup;
#  285|       context->library_options = (krb5_flags) ibuf;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1066]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:288:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:256:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:257:8: branch_true: following ‘true’ branch (when ‘count != 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:258:38: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:258:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:259:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:273:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:275:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:278:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:280:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:283:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:285:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:288:17: danger: ‘<unknown>’ leaks here; was allocated at [(15)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/14)
#  286|   
#  287|       /* profile_secure */
#  288|->     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
#  289|           goto cleanup;
#  290|       context->profile_secure = (krb5_boolean) ibuf;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1067]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:288:17: warning[-Wanalyzer-malloc-leak]: leak of ‘context’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:256:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:257:8: branch_false: following ‘false’ branch (when ‘count == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:270:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:273:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:275:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:278:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:280:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:283:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:285:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:288:17: danger: ‘context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/4)
#  286|   
#  287|       /* profile_secure */
#  288|->     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
#  289|           goto cleanup;
#  290|       context->profile_secure = (krb5_boolean) ibuf;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1068]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:293:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:256:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:257:8: branch_true: following ‘true’ branch (when ‘count != 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:258:38: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:258:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:259:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:273:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:275:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:278:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:280:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:283:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:285:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:288:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:290:31: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:293:17: danger: ‘<unknown>’ leaks here; was allocated at [(15)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/14)
#  291|   
#  292|       /* fcc_default_format */
#  293|->     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
#  294|           goto cleanup;
#  295|       context->fcc_default_format = (int) ibuf;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1069]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:293:17: warning[-Wanalyzer-malloc-leak]: leak of ‘context’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:256:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:257:8: branch_false: following ‘false’ branch (when ‘count == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:270:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:273:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:275:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:278:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:280:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:283:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:285:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:288:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:290:31: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:293:17: danger: ‘context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/4)
#  291|   
#  292|       /* fcc_default_format */
#  293|->     if ((kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)))
#  294|           goto cleanup;
#  295|       context->fcc_default_format = (int) ibuf;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1070]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:335:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:256:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:257:8: branch_true: following ‘true’ branch (when ‘count != 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:258:38: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:258:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:259:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:263:21: branch_true: following ‘true’ branch (when ‘i < count’)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:264:25: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:264:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:265:17: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:335:9: danger: ‘<unknown>’ leaks here; was allocated at [(15)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/14)
#  333|   cleanup:
#  334|       if (context)
#  335|->         krb5_free_context(context);
#  336|       return(kret);
#  337|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1071]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:335:9: warning[-Wanalyzer-malloc-leak]: leak of ‘context’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:335:9: danger: ‘context’ leaks here; was allocated at [(5)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/4)
#  333|   cleanup:
#  334|       if (context)
#  335|->         krb5_free_context(context);
#  336|       return(kret);
#  337|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1072]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:399:9: warning[-Wanalyzer-malloc-leak]: leak of ‘context’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:209:1: enter_function: entry to ‘k5_internalize_context’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:256:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:257:8: branch_false: following ‘false’ branch (when ‘count == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:270:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:273:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:275:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:278:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:280:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:283:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:285:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:288:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:290:31: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:293:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:295:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:302:16: call_function: calling ‘internalize_oscontext’ from ‘k5_internalize_context’
#  397|       os_ctx = (krb5_os_context) NULL;
#  398|       /* Read our magic number */
#  399|->     if (krb5_ser_unpack_int32(&ibuf, &bp, &remain))
#  400|           ibuf = 0;
#  401|       if (ibuf == KV5M_OS_CONTEXT) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1073]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:411:20: warning[-Wanalyzer-malloc-leak]: leak of ‘context’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:209:1: enter_function: entry to ‘k5_internalize_context’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:256:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:257:8: branch_false: following ‘false’ branch (when ‘count == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:270:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:273:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:275:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:278:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:280:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:283:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:285:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:288:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:290:31: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:293:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:295:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:302:16: call_function: calling ‘internalize_oscontext’ from ‘k5_internalize_context’
#  409|   
#  410|               /* Read out our context */
#  411|->             (void) krb5_ser_unpack_int32(&os_ctx->time_offset, &bp, &remain);
#  412|               (void) krb5_ser_unpack_int32(&os_ctx->usec_offset, &bp, &remain);
#  413|               (void) krb5_ser_unpack_int32(&os_ctx->os_flags, &bp, &remain);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1074]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:411:20: warning[-Wanalyzer-malloc-leak]: leak of ‘os_ctx’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:401:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:406:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:406:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:405:12: branch_true: following ‘true’ branch (when ‘os_ctx’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:407:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:405:13: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:408:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:411:20: danger: ‘os_ctx’ leaks here; was allocated at [(3)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/2)
#  409|   
#  410|               /* Read out our context */
#  411|->             (void) krb5_ser_unpack_int32(&os_ctx->time_offset, &bp, &remain);
#  412|               (void) krb5_ser_unpack_int32(&os_ctx->usec_offset, &bp, &remain);
#  413|               (void) krb5_ser_unpack_int32(&os_ctx->os_flags, &bp, &remain);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1075]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:412:20: warning[-Wanalyzer-malloc-leak]: leak of ‘context’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:209:1: enter_function: entry to ‘k5_internalize_context’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:256:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:257:8: branch_false: following ‘false’ branch (when ‘count == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:270:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:273:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:275:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:278:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:280:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:283:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:285:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:288:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:290:31: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:293:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:295:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:302:16: call_function: calling ‘internalize_oscontext’ from ‘k5_internalize_context’
#  410|               /* Read out our context */
#  411|               (void) krb5_ser_unpack_int32(&os_ctx->time_offset, &bp, &remain);
#  412|->             (void) krb5_ser_unpack_int32(&os_ctx->usec_offset, &bp, &remain);
#  413|               (void) krb5_ser_unpack_int32(&os_ctx->os_flags, &bp, &remain);
#  414|               (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1076]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:413:20: warning[-Wanalyzer-malloc-leak]: leak of ‘context’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:209:1: enter_function: entry to ‘k5_internalize_context’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:256:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:257:8: branch_false: following ‘false’ branch (when ‘count == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:270:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:273:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:275:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:278:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:280:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:283:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:285:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:288:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:290:31: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:293:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:295:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:302:16: call_function: calling ‘internalize_oscontext’ from ‘k5_internalize_context’
#  411|               (void) krb5_ser_unpack_int32(&os_ctx->time_offset, &bp, &remain);
#  412|               (void) krb5_ser_unpack_int32(&os_ctx->usec_offset, &bp, &remain);
#  413|->             (void) krb5_ser_unpack_int32(&os_ctx->os_flags, &bp, &remain);
#  414|               (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  415|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1077]
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:414:20: warning[-Wanalyzer-malloc-leak]: leak of ‘context’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:209:1: enter_function: entry to ‘k5_internalize_context’
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:223:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:230:30: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:231:8: branch_false: following ‘false’ branch (when ‘context’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:235:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:254:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:256:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:257:8: branch_false: following ‘false’ branch (when ‘count == 0’)...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:270:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:273:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:275:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:278:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:280:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:283:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:285:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:288:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:290:31: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:293:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:295:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_ctx.c:302:16: call_function: calling ‘internalize_oscontext’ from ‘k5_internalize_context’
#  412|               (void) krb5_ser_unpack_int32(&os_ctx->usec_offset, &bp, &remain);
#  413|               (void) krb5_ser_unpack_int32(&os_ctx->os_flags, &bp, &remain);
#  414|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  415|   
#  416|               if (ibuf == KV5M_OS_CONTEXT) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1078]
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:117:20: warning[-Wanalyzer-malloc-leak]: leak of ‘keyblock’
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:110:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:114:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:114:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:115:43: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:115:43: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:114:13: branch_true: following ‘true’ branch (when ‘keyblock’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:117:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:117:20: danger: ‘keyblock’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  115|               (keyblock = (krb5_keyblock *) calloc(1, sizeof(krb5_keyblock)))) {
#  116|               /* Get the enctype */
#  117|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  118|               keyblock->enctype = (krb5_enctype) ibuf;
#  119|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1079]
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:121:20: warning[-Wanalyzer-malloc-leak]: leak of ‘keyblock’
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:110:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:114:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:114:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:115:43: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:115:43: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:114:13: branch_true: following ‘true’ branch (when ‘keyblock’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:117:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:121:20: danger: ‘keyblock’ leaks here; was allocated at [(5)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/4)
#  119|   
#  120|               /* Get the length */
#  121|->             (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  122|               keyblock->length = (int) ibuf;
#  123|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1080]
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:126:26: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:110:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:114:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:114:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:115:43: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:114:13: branch_true: following ‘true’ branch (when ‘keyblock’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:117:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:125:54: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:125:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:126:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:126:26: danger: ‘<unknown>’ leaks here; was allocated at [(7)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/6)
#  124|               /* Get the string */
#  125|               if ((keyblock->contents = (krb5_octet *) malloc((size_t) (ibuf)))&&
#  126|->                 !(kret = krb5_ser_unpack_bytes(keyblock->contents,
#  127|                                                  (size_t) ibuf,
#  128|                                                  &bp, &remain))) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1081]
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:126:26: warning[-Wanalyzer-malloc-leak]: leak of ‘keyblock’
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:110:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:114:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:114:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:115:43: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:115:43: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:114:13: branch_true: following ‘true’ branch (when ‘keyblock’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:117:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:125:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:126:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:126:26: danger: ‘keyblock’ leaks here; was allocated at [(5)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/4)
#  124|               /* Get the string */
#  125|               if ((keyblock->contents = (krb5_octet *) malloc((size_t) (ibuf)))&&
#  126|->                 !(kret = krb5_ser_unpack_bytes(keyblock->contents,
#  127|                                                  (size_t) ibuf,
#  128|                                                  &bp, &remain))) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1082]
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:129:24: warning[-Wanalyzer-malloc-leak]: leak of ‘keyblock’
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:110:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:114:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:114:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:115:43: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:115:43: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:114:13: branch_true: following ‘true’ branch (when ‘keyblock’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:117:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:125:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:126:26: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:125:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:129:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_key.c:129:24: danger: ‘keyblock’ leaks here; was allocated at [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4)
#  127|                                                  (size_t) ibuf,
#  128|                                                  &bp, &remain))) {
#  129|->                 kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
#  130|                   if (!kret && (ibuf == KV5M_KEYBLOCK)) {
#  131|                       kret = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1083]
krb5-1.21.3/src/lib/krb5/krb/ser_princ.c:111:12: warning[-Wanalyzer-malloc-leak]: leak of ‘tmpname’
krb5-1.21.3/src/lib/krb5/krb/ser_princ.c:103:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_princ.c:108:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/ser_princ.c:110:22: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/ser_princ.c:110:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/ser_princ.c:111:12: danger: ‘tmpname’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  109|           return kret;
#  110|       tmpname = malloc(ibuf + 1);
#  111|->     kret = krb5_ser_unpack_bytes((krb5_octet *) tmpname, (size_t) ibuf,
#  112|                                    &bp, &remain);
#  113|       if (kret)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1084]
krb5-1.21.3/src/lib/krb5/krb/vfy_increds.c:218:12: warning[-Wanalyzer-malloc-leak]: leak of ‘plist’
krb5-1.21.3/src/lib/krb5/krb/vfy_increds.c:223:1: enter_function: entry to ‘get_host_princs_from_keytab’
krb5-1.21.3/src/lib/krb5/krb/vfy_increds.c:234:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/vfy_increds.c:237:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/vfy_increds.c:238:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/vfy_increds.c:240:19: call_function: calling ‘add_princ_list’ from ‘get_host_princs_from_keytab’
#  216|       *plist = newlist;
#  217|       newlist[i] = newlist[i + 1] = NULL; /* terminate the list */
#  218|->     return krb5_copy_principal(context, princ, &newlist[i]);
#  219|   }
#  220|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1085]
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:323:14: warning[-Wanalyzer-malloc-leak]: leak of ‘key[1]’
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:299:1: enter_function: entry to ‘rtree_capath_vals’
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:311:15: call_function: calling ‘k5memdup0’ from ‘rtree_capath_vals’
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:311:15: return_function: returning to ‘rtree_capath_vals’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:312:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:315:39: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:315:15: call_function: calling ‘k5memdup0’ from ‘rtree_capath_vals’
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:315:15: return_function: returning to ‘rtree_capath_vals’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:316:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:319:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:323:14: danger: ‘key[1]’ leaks here; was allocated at [(7)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/6)
#  321|       key[2] = serverz;
#  322|       key[3] = NULL;
#  323|->     retval = profile_get_values(context->profile, key, vals);
#  324|       switch (retval) {
#  325|       case PROF_NO_SECTION:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1086]
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:323:14: warning[-Wanalyzer-malloc-leak]: leak of ‘key[2]’
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:299:1: enter_function: entry to ‘rtree_capath_vals’
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:311:15: call_function: calling ‘k5memdup0’ from ‘rtree_capath_vals’
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:311:15: return_function: returning to ‘rtree_capath_vals’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:312:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:315:39: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:315:15: call_function: calling ‘k5memdup0’ from ‘rtree_capath_vals’
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:315:15: return_function: returning to ‘rtree_capath_vals’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:316:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:319:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:323:14: danger: ‘key[2]’ leaks here; was allocated at [(18)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/17)
#  321|       key[2] = serverz;
#  322|       key[3] = NULL;
#  323|->     retval = profile_get_values(context->profile, key, vals);
#  324|       switch (retval) {
#  325|       case PROF_NO_SECTION:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1087]
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:438:18: warning[-Wanalyzer-malloc-leak]: leak of ‘rp’
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:394:1: enter_function: entry to ‘rtree_hier_realms’
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:418:5: call_function: calling ‘adjtail’ from ‘rtree_hier_realms’
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:418:5: return_function: returning to ‘rtree_hier_realms’ from ‘adjtail’
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:421:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:422:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:422:14: call_function: calling ‘rtree_hier_tweens’ from ‘rtree_hier_realms’
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:422:14: return_function: returning to ‘rtree_hier_realms’ from ‘rtree_hier_tweens’
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:423:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:425:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:425:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:426:8: branch_false: following ‘false’ branch (when ‘r’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:431:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:431:25: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:437:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:437:35: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:438:18: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/krb/walk_rtree.c:438:18: danger: ‘rp’ leaks here; was allocated at [(21)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/20)
#  436|       /* Copy server realm "tweens" backward. */
#  437|       for (twp = &stweens[nstween]; twp-- > stweens;) {
#  438|->         retval = krb5int_copy_data_contents(context, twp, rp);
#  439|           if (retval) goto error;
#  440|           rp++;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1088]
krb5-1.21.3/src/lib/krb5/os/changepw.c:157:9: warning[-Wanalyzer-malloc-leak]: leak of ‘local_kaddr.contents’
krb5-1.21.3/src/lib/krb5/os/changepw.c:110:1: enter_function: entry to ‘kpasswd_sendto_msg_callback’
krb5-1.21.3/src/lib/krb5/os/changepw.c:126:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/changepw.c:134:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/changepw.c:149:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/changepw.c:152:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/changepw.c:155:32: call_function: calling ‘k5memdup’ from ‘kpasswd_sendto_msg_callback’
krb5-1.21.3/src/lib/krb5/os/changepw.c:155:32: return_function: returning to ‘kpasswd_sendto_msg_callback’ from ‘k5memdup’
krb5-1.21.3/src/lib/krb5/os/changepw.c:157:9: danger: ‘local_kaddr.contents’ leaks here; was allocated at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10)
#  155|           local_kaddr.contents = k5memdup(addrs[0]->contents, addrs[0]->length,
#  156|                                           &code);
#  157|->         krb5_free_addresses(ctx->context, addrs);
#  158|           if (local_kaddr.contents == NULL)
#  159|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1089]
krb5-1.21.3/src/lib/krb5/os/changepw.c:169:17: warning[-Wanalyzer-malloc-leak]: leak of ‘local_kaddr.contents’
krb5-1.21.3/src/lib/krb5/os/changepw.c:110:1: enter_function: entry to ‘kpasswd_sendto_msg_callback’
krb5-1.21.3/src/lib/krb5/os/changepw.c:126:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/changepw.c:134:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/changepw.c:149:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/changepw.c:152:29: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/changepw.c:155:32: call_function: calling ‘k5memdup’ from ‘kpasswd_sendto_msg_callback’
krb5-1.21.3/src/lib/krb5/os/changepw.c:155:32: return_function: returning to ‘kpasswd_sendto_msg_callback’ from ‘k5memdup’
krb5-1.21.3/src/lib/krb5/os/changepw.c:158:12: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/changepw.c:169:17: danger: ‘local_kaddr.contents’ leaks here; was allocated at [(11)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/10)
#  167|   
#  168|   
#  169|->     if ((code = krb5_auth_con_setaddrs(ctx->context, ctx->auth_context,
#  170|                                          &local_kaddr, NULL)))
#  171|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1090]
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:202:15: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:178:1: enter_function: entry to ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:191:12: call_function: calling ‘make_lookup_name’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:191:12: return_function: returning to ‘k5_make_uri_query’ from ‘make_lookup_name’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:192:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:195:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:198:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:203:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:211:15: call_function: inlined call to ‘k5alloc’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:215:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: call_function: calling ‘k5memdup0’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: return_function: returning to ‘k5_make_uri_query’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:219:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: call_function: calling ‘place_srv_entry’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: return_function: returning to ‘k5_make_uri_query’ from ‘place_srv_entry’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:203:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:211:15: call_function: inlined call to ‘k5alloc’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:215:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: call_function: calling ‘k5memdup0’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: return_function: returning to ‘k5_make_uri_query’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:219:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: call_function: calling ‘place_srv_entry’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: return_function: returning to ‘k5_make_uri_query’ from ‘place_srv_entry’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:202:15: danger: ‘<unknown>’ leaks here; was allocated at [(24)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/23)
#  200|   
#  201|       for (;;) {
#  202|->         ret = krb5int_dns_nextans(ds, &base, &rdlen);
#  203|           if (ret < 0 || base == NULL)
#  204|               goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1091]
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:202:15: warning[-Wanalyzer-malloc-leak]: leak of ‘head’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:178:1: enter_function: entry to ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:191:12: call_function: calling ‘make_lookup_name’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:191:12: return_function: returning to ‘k5_make_uri_query’ from ‘make_lookup_name’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:192:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:195:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:198:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:203:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:211:15: call_function: inlined call to ‘k5alloc’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:215:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: call_function: calling ‘k5memdup0’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: return_function: returning to ‘k5_make_uri_query’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:219:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: call_function: calling ‘place_srv_entry’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: return_function: returning to ‘k5_make_uri_query’ from ‘place_srv_entry’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:203:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:211:15: call_function: inlined call to ‘k5alloc’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:215:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: call_function: calling ‘k5memdup0’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: return_function: returning to ‘k5_make_uri_query’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:219:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: call_function: calling ‘place_srv_entry’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: return_function: returning to ‘k5_make_uri_query’ from ‘place_srv_entry’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:202:15: danger: ‘head’ leaks here; was allocated at [(24)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/23)
#  200|   
#  201|       for (;;) {
#  202|->         ret = krb5int_dns_nextans(ds, &base, &rdlen);
#  203|           if (ret < 0 || base == NULL)
#  204|               goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1092]
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:202:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:178:1: enter_function: entry to ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:191:12: call_function: calling ‘make_lookup_name’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:191:12: return_function: returning to ‘k5_make_uri_query’ from ‘make_lookup_name’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:192:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:195:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:198:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:203:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:211:15: call_function: inlined call to ‘k5alloc’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:215:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: call_function: calling ‘k5memdup0’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: return_function: returning to ‘k5_make_uri_query’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:219:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: call_function: calling ‘place_srv_entry’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: return_function: returning to ‘k5_make_uri_query’ from ‘place_srv_entry’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:202:15: danger: ‘ptr’ leaks here; was allocated at [(24)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/23)
#  200|   
#  201|       for (;;) {
#  202|->         ret = krb5int_dns_nextans(ds, &base, &rdlen);
#  203|           if (ret < 0 || base == NULL)
#  204|               goto out;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1093]
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:178:1: enter_function: entry to ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:191:12: call_function: calling ‘make_lookup_name’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:191:12: return_function: returning to ‘k5_make_uri_query’ from ‘make_lookup_name’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:192:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:195:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:198:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:203:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:211:15: call_function: inlined call to ‘k5alloc’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:215:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: call_function: calling ‘k5memdup0’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: return_function: returning to ‘k5_make_uri_query’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:219:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: call_function: calling ‘place_srv_entry’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: return_function: returning to ‘k5_make_uri_query’ from ‘place_srv_entry’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:203:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:211:15: call_function: inlined call to ‘k5alloc’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:215:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: call_function: calling ‘k5memdup0’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: return_function: returning to ‘k5_make_uri_query’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:219:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: call_function: calling ‘place_srv_entry’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: return_function: returning to ‘k5_make_uri_query’ from ‘place_srv_entry’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:203:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:211:15: call_function: inlined call to ‘k5alloc’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:215:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: call_function: calling ‘k5memdup0’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: return_function: returning to ‘k5_make_uri_query’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:219:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: danger: ‘<unknown>’ leaks here; was allocated at [(24)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/23)
#  222|           }
#  223|   
#  224|->         TRACE_DNS_URI_ANS(context, uri->host, uri->priority, uri->weight);
#  225|           place_srv_entry(&head, uri);
#  226|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1094]
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: warning[-Wanalyzer-malloc-leak]: leak of ‘head’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:178:1: enter_function: entry to ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:191:12: call_function: calling ‘make_lookup_name’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:191:12: return_function: returning to ‘k5_make_uri_query’ from ‘make_lookup_name’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:192:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:195:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:198:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:203:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:211:15: call_function: inlined call to ‘k5alloc’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:215:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: call_function: calling ‘k5memdup0’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: return_function: returning to ‘k5_make_uri_query’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:219:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: call_function: calling ‘place_srv_entry’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: return_function: returning to ‘k5_make_uri_query’ from ‘place_srv_entry’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:203:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:211:15: call_function: inlined call to ‘k5alloc’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:215:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: call_function: calling ‘k5memdup0’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: return_function: returning to ‘k5_make_uri_query’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:219:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: danger: ‘head’ leaks here; was allocated at [(24)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/23)
#  222|           }
#  223|   
#  224|->         TRACE_DNS_URI_ANS(context, uri->host, uri->priority, uri->weight);
#  225|           place_srv_entry(&head, uri);
#  226|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1095]
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(p, (long unsigned int)(rdlen + -4), &ret)’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:178:1: enter_function: entry to ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:191:12: call_function: calling ‘make_lookup_name’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:191:12: return_function: returning to ‘k5_make_uri_query’ from ‘make_lookup_name’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:192:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:195:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:198:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:203:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:211:15: call_function: inlined call to ‘k5alloc’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:215:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: call_function: calling ‘k5memdup0’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: return_function: returning to ‘k5_make_uri_query’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:219:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: danger: ‘k5memdup0(p, (long unsigned int)(rdlen + -4), &ret)’ leaks here; was allocated at [(31)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/30)
#  222|           }
#  223|   
#  224|->         TRACE_DNS_URI_ANS(context, uri->host, uri->priority, uri->weight);
#  225|           place_srv_entry(&head, uri);
#  226|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1096]
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:178:1: enter_function: entry to ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:191:12: call_function: calling ‘make_lookup_name’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:191:12: return_function: returning to ‘k5_make_uri_query’ from ‘make_lookup_name’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:192:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:195:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:198:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:203:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:211:15: call_function: inlined call to ‘k5alloc’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:215:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: call_function: calling ‘k5memdup0’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: return_function: returning to ‘k5_make_uri_query’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:219:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: danger: ‘ptr’ leaks here; was allocated at [(24)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/23)
#  222|           }
#  223|   
#  224|->         TRACE_DNS_URI_ANS(context, uri->host, uri->priority, uri->weight);
#  225|           place_srv_entry(&head, uri);
#  226|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1097]
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:229:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:178:1: enter_function: entry to ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:191:12: call_function: calling ‘make_lookup_name’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:191:12: return_function: returning to ‘k5_make_uri_query’ from ‘make_lookup_name’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:192:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:195:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:198:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:203:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:211:15: call_function: inlined call to ‘k5alloc’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:215:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: call_function: calling ‘k5memdup0’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: return_function: returning to ‘k5_make_uri_query’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:219:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: call_function: calling ‘place_srv_entry’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: return_function: returning to ‘k5_make_uri_query’ from ‘place_srv_entry’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:203:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:211:15: call_function: inlined call to ‘k5alloc’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:215:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: call_function: calling ‘k5memdup0’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: return_function: returning to ‘k5_make_uri_query’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:219:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: call_function: calling ‘place_srv_entry’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: return_function: returning to ‘k5_make_uri_query’ from ‘place_srv_entry’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:229:5: danger: ‘<unknown>’ leaks here; was allocated at [(24)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/23)
#  227|   
#  228|   out:
#  229|->     krb5int_dns_fini(ds);
#  230|       free(name);
#  231|       *answers = head;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1098]
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:229:5: warning[-Wanalyzer-malloc-leak]: leak of ‘head’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:178:1: enter_function: entry to ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:191:12: call_function: calling ‘make_lookup_name’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:191:12: return_function: returning to ‘k5_make_uri_query’ from ‘make_lookup_name’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:192:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:195:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:198:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:203:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:211:15: call_function: inlined call to ‘k5alloc’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:215:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: call_function: calling ‘k5memdup0’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: return_function: returning to ‘k5_make_uri_query’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:219:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: call_function: calling ‘place_srv_entry’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: return_function: returning to ‘k5_make_uri_query’ from ‘place_srv_entry’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:203:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:208:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:209:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:211:15: call_function: inlined call to ‘k5alloc’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:215:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: call_function: calling ‘k5memdup0’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:218:21: return_function: returning to ‘k5_make_uri_query’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:219:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:224:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: call_function: calling ‘place_srv_entry’ from ‘k5_make_uri_query’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:225:9: return_function: returning to ‘k5_make_uri_query’ from ‘place_srv_entry’
krb5-1.21.3/src/lib/krb5/os/dnssrv.c:229:5: danger: ‘head’ leaks here; was allocated at [(24)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/23)
#  227|   
#  228|   out:
#  229|->     krb5int_dns_fini(ds);
#  230|       free(name);
#  231|       *answers = head;

Error: COMPILER_WARNING (CWE-563): [#def1099]
krb5-1.21.3/src/lib/krb5/os/expand_path.c:312:24: warning[-Wunused-variable]: unused variable ‘pwx’
#  312 |     struct passwd *pw, pwx;
#      |                        ^~~
#  310|   {
#  311|       uid_t euid = geteuid();
#  312|->     struct passwd *pw, pwx;
#  313|       char pwbuf[BUFSIZ];
#  314|   

Error: COMPILER_WARNING (CWE-563): [#def1100]
krb5-1.21.3/src/lib/krb5/os/expand_path.c: scope_hint: In function ‘expand_username’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:313:10: warning[-Wunused-variable]: unused variable ‘pwbuf’
#  313 |     char pwbuf[BUFSIZ];
#      |          ^~~~~
#  311|       uid_t euid = geteuid();
#  312|       struct passwd *pw, pwx;
#  313|->     char pwbuf[BUFSIZ];
#  314|   
#  315|       if (k5_getpwuid_r(euid, &pwx, pwbuf, sizeof(pwbuf), &pw) != 0) {

Error: CPPCHECK_WARNING (CWE-457): [#def1101]
krb5-1.21.3/src/lib/krb5/os/expand_path.c:315: error[legacyUninitvar]: Uninitialized variable: *(&pw)
#  313|       char pwbuf[BUFSIZ];
#  314|   
#  315|->     if (k5_getpwuid_r(euid, &pwx, pwbuf, sizeof(pwbuf), &pw) != 0) {
#  316|           k5_setmsg(context, ENOENT, _("Can't find username for uid %lu"),
#  317|                     (unsigned long)euid);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1102]
krb5-1.21.3/src/lib/krb5/os/expand_path.c:405:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:452:1: enter_function: entry to ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:471:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_true: following ‘true’ branch (when ‘nargs != 0’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: call_function: inlined call to ‘k5calloc’ from ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:479:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_true: following ‘true’ branch (when ‘nargs > i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:481:31: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:481:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:482:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:32: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_false: following ‘false’ branch (when ‘nargs <= i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:488:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:496:12: branch_false: following ‘false’ branch (when ‘tok_begin’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:500:41: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:504:12: branch_false: following ‘false’ branch (when ‘tok_end’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:511:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:511:15: call_function: calling ‘expand_token’ from ‘k5_expand_path_tokens_extra’
#  403|       if (token[0] != '%' || token[1] != '{' || token_end[0] != '}' ||
#  404|           token_end - token <= 2) {
#  405|->         k5_setmsg(context, EINVAL, _("Invalid token"));
#  406|           return EINVAL;
#  407|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1103]
krb5-1.21.3/src/lib/krb5/os/expand_path.c:405:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:452:1: enter_function: entry to ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:471:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_true: following ‘true’ branch (when ‘nargs != 0’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: call_function: inlined call to ‘k5calloc’ from ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:479:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_false: following ‘false’ branch (when ‘nargs <= i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:488:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:496:12: branch_false: following ‘false’ branch (when ‘tok_begin’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:500:41: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:504:12: branch_false: following ‘false’ branch (when ‘tok_end’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:511:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:511:15: call_function: calling ‘expand_token’ from ‘k5_expand_path_tokens_extra’
#  403|       if (token[0] != '%' || token[1] != '{' || token_end[0] != '}' ||
#  404|           token_end - token <= 2) {
#  405|->         k5_setmsg(context, EINVAL, _("Invalid token"));
#  406|           return EINVAL;
#  407|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1104]
krb5-1.21.3/src/lib/krb5/os/expand_path.c:421:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:452:1: enter_function: entry to ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:471:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_true: following ‘true’ branch (when ‘nargs != 0’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: call_function: inlined call to ‘k5calloc’ from ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:479:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_true: following ‘true’ branch (when ‘nargs > i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:481:31: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:481:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:482:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:32: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_false: following ‘false’ branch (when ‘nargs <= i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:488:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:496:12: branch_false: following ‘false’ branch (when ‘tok_begin’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:500:41: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:504:12: branch_false: following ‘false’ branch (when ‘tok_end’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:511:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:511:15: call_function: calling ‘expand_token’ from ‘k5_expand_path_tokens_extra’
#  419|       }
#  420|   
#  421|->     k5_setmsg(context, EINVAL, _("Invalid token"));
#  422|       return EINVAL;
#  423|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1105]
krb5-1.21.3/src/lib/krb5/os/expand_path.c:421:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:452:1: enter_function: entry to ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:471:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_true: following ‘true’ branch (when ‘nargs != 0’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: call_function: inlined call to ‘k5calloc’ from ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:479:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_true: following ‘true’ branch (when ‘nargs > i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:481:31: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:482:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:32: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_false: following ‘false’ branch (when ‘nargs <= i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:488:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:496:12: branch_false: following ‘false’ branch (when ‘tok_begin’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:500:41: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:504:12: branch_false: following ‘false’ branch (when ‘tok_end’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:511:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:511:15: call_function: calling ‘expand_token’ from ‘k5_expand_path_tokens_extra’
#  419|       }
#  420|   
#  421|->     k5_setmsg(context, EINVAL, _("Invalid token"));
#  422|       return EINVAL;
#  423|   }

Error: GCC_ANALYZER_WARNING (CWE-685): [#def1106]
krb5-1.21.3/src/lib/krb5/os/expand_path.c:468:12: warning[-Wanalyzer-va-list-exhausted]: ‘ap’ has no more arguments (1 consumed)
krb5-1.21.3/src/lib/krb5/os/expand_path.c:430:1: enter_function: entry to ‘k5_expand_path_tokens’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:433:12: call_function: calling ‘k5_expand_path_tokens_extra’ from ‘k5_expand_path_tokens’ with 1 variadic argument
#  466|       /* Count extra tokens. */
#  467|       va_start(ap, path_out);
#  468|->     while (va_arg(ap, const char *) != NULL)
#  469|           nargs++;
#  470|       va_end(ap);

Error: GCC_ANALYZER_WARNING (CWE-685): [#def1107]
krb5-1.21.3/src/lib/krb5/os/expand_path.c:481:31: warning[-Wanalyzer-va-list-exhausted]: ‘ap’ has no more arguments (1 consumed)
krb5-1.21.3/src/lib/krb5/os/expand_path.c:430:1: enter_function: entry to ‘k5_expand_path_tokens’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:433:12: call_function: calling ‘k5_expand_path_tokens_extra’ from ‘k5_expand_path_tokens’ with 1 variadic argument
#  479|           va_start(ap, path_out);
#  480|           for (i = 0; i < nargs; i++) {
#  481|->             extra_tokens[i] = strdup(va_arg(ap, const char *));
#  482|               if (extra_tokens[i] == NULL) {
#  483|                   ret = ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1108]
krb5-1.21.3/src/lib/krb5/os/expand_path.c:497:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:452:1: enter_function: entry to ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:471:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_true: following ‘true’ branch (when ‘nargs != 0’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: call_function: inlined call to ‘k5calloc’ from ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:479:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_true: following ‘true’ branch (when ‘nargs > i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:481:31: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:481:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:482:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:32: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_false: following ‘false’ branch (when ‘nargs <= i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:488:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:496:12: branch_true: following ‘true’ branch (when ‘tok_begin’ is NULL)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:497:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:497:13: danger: ‘<unknown>’ leaks here; was allocated at [(11)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/10)
#  495|           tok_begin = strstr(path_left, "%{");
#  496|           if (tok_begin == NULL) {
#  497|->             k5_buf_add(&buf, path_left);
#  498|               break;
#  499|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1109]
krb5-1.21.3/src/lib/krb5/os/expand_path.c:497:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:452:1: enter_function: entry to ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:471:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_true: following ‘true’ branch (when ‘nargs != 0’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: call_function: inlined call to ‘k5calloc’ from ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:479:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_false: following ‘false’ branch (when ‘nargs <= i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:488:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:496:12: branch_true: following ‘true’ branch (when ‘tok_begin’ is NULL)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:497:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:497:13: danger: ‘ptr’ leaks here; was allocated at [(7)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/6)
#  495|           tok_begin = strstr(path_left, "%{");
#  496|           if (tok_begin == NULL) {
#  497|->             k5_buf_add(&buf, path_left);
#  498|               break;
#  499|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1110]
krb5-1.21.3/src/lib/krb5/os/expand_path.c:500:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:452:1: enter_function: entry to ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:471:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_true: following ‘true’ branch (when ‘nargs != 0’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: call_function: inlined call to ‘k5calloc’ from ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:479:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_true: following ‘true’ branch (when ‘nargs > i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:481:31: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:481:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:482:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:32: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_false: following ‘false’ branch (when ‘nargs <= i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:488:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:496:12: branch_false: following ‘false’ branch (when ‘tok_begin’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:500:41: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:500:9: danger: ‘<unknown>’ leaks here; was allocated at [(11)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/10)
#  498|               break;
#  499|           }
#  500|->         k5_buf_add_len(&buf, path_left, tok_begin - path_left);
#  501|   
#  502|           /* Find the end of this token. */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1111]
krb5-1.21.3/src/lib/krb5/os/expand_path.c:500:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:452:1: enter_function: entry to ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:471:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_true: following ‘true’ branch (when ‘nargs != 0’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: call_function: inlined call to ‘k5calloc’ from ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:479:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_false: following ‘false’ branch (when ‘nargs <= i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:488:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:496:12: branch_false: following ‘false’ branch (when ‘tok_begin’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:500:41: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:500:9: danger: ‘ptr’ leaks here; was allocated at [(7)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/6)
#  498|               break;
#  499|           }
#  500|->         k5_buf_add_len(&buf, path_left, tok_begin - path_left);
#  501|   
#  502|           /* Find the end of this token. */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1112]
krb5-1.21.3/src/lib/krb5/os/expand_path.c:506:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:452:1: enter_function: entry to ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:471:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_true: following ‘true’ branch (when ‘nargs != 0’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: call_function: inlined call to ‘k5calloc’ from ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:479:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_true: following ‘true’ branch (when ‘nargs > i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:481:31: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:481:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:482:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:32: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_false: following ‘false’ branch (when ‘nargs <= i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:488:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:496:12: branch_false: following ‘false’ branch (when ‘tok_begin’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:500:41: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:504:12: branch_true: following ‘true’ branch (when ‘tok_end’ is NULL)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:506:37: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:506:13: danger: ‘<unknown>’ leaks here; was allocated at [(11)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/10)
#  504|           if (tok_end == NULL) {
#  505|               ret = EINVAL;
#  506|->             k5_setmsg(context, ret, _("variable missing }"));
#  507|               goto cleanup;
#  508|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1113]
krb5-1.21.3/src/lib/krb5/os/expand_path.c:506:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:452:1: enter_function: entry to ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:471:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_true: following ‘true’ branch (when ‘nargs != 0’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: call_function: inlined call to ‘k5calloc’ from ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:479:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_false: following ‘false’ branch (when ‘nargs <= i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:488:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:496:12: branch_false: following ‘false’ branch (when ‘tok_begin’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:500:41: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:504:12: branch_true: following ‘true’ branch (when ‘tok_end’ is NULL)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:506:37: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:506:13: danger: ‘ptr’ leaks here; was allocated at [(7)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/6)
#  504|           if (tok_end == NULL) {
#  505|               ret = EINVAL;
#  506|->             k5_setmsg(context, ret, _("variable missing }"));
#  507|               goto cleanup;
#  508|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1114]
krb5-1.21.3/src/lib/krb5/os/expand_path.c:520:12: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:452:1: enter_function: entry to ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:471:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_true: following ‘true’ branch (when ‘nargs != 0’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: call_function: inlined call to ‘k5calloc’ from ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:479:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_true: following ‘true’ branch (when ‘nargs > i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:481:31: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:481:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:482:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:32: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_false: following ‘false’ branch (when ‘nargs <= i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:488:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:496:12: branch_true: following ‘true’ branch (when ‘tok_begin’ is NULL)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:497:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:520:12: danger: ‘<unknown>’ leaks here; was allocated at [(11)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/10)
#  518|       }
#  519|   
#  520|->     path = k5_buf_cstring(&buf);
#  521|       if (path == NULL) {
#  522|           ret = ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1115]
krb5-1.21.3/src/lib/krb5/os/expand_path.c:520:12: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:452:1: enter_function: entry to ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:471:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_true: following ‘true’ branch (when ‘nargs != 0’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: call_function: inlined call to ‘k5calloc’ from ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:479:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_false: following ‘false’ branch (when ‘nargs <= i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:488:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:496:12: branch_true: following ‘true’ branch (when ‘tok_begin’ is NULL)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:497:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:520:12: danger: ‘ptr’ leaks here; was allocated at [(7)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/6)
#  518|       }
#  519|   
#  520|->     path = k5_buf_cstring(&buf);
#  521|       if (path == NULL) {
#  522|           ret = ENOMEM;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1116]
krb5-1.21.3/src/lib/krb5/os/expand_path.c:541:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:452:1: enter_function: entry to ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:471:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_true: following ‘true’ branch (when ‘nargs != 0’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: call_function: inlined call to ‘k5calloc’ from ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:479:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_true: following ‘true’ branch (when ‘nargs > i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:481:31: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:481:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:482:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:32: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_true: following ‘true’ branch (when ‘nargs > i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:481:31: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:482:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:484:17: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:541:5: danger: ‘<unknown>’ leaks here; was allocated at [(11)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/10)
#  539|   
#  540|   cleanup:
#  541|->     k5_buf_free(&buf);
#  542|       free_extra_tokens(extra_tokens);
#  543|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1117]
krb5-1.21.3/src/lib/krb5/os/expand_path.c:541:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:452:1: enter_function: entry to ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:471:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:475:8: branch_true: following ‘true’ branch (when ‘nargs != 0’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:476:24: call_function: inlined call to ‘k5calloc’ from ‘k5_expand_path_tokens_extra’
krb5-1.21.3/src/lib/krb5/os/expand_path.c:479:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:480:21: branch_true: following ‘true’ branch (when ‘nargs > i’)...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:481:31: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:482:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/expand_path.c:484:17: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/expand_path.c:541:5: danger: ‘ptr’ leaks here; was allocated at [(7)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/6)
#  539|   
#  540|   cleanup:
#  541|->     k5_buf_free(&buf);
#  542|       free_extra_tokens(extra_tokens);
#  543|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1118]
krb5-1.21.3/src/lib/krb5/os/hostaddr.c:122:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/os/hostaddr.c:33:1: enter_function: entry to ‘k5_os_hostaddr’
krb5-1.21.3/src/lib/krb5/os/hostaddr.c:41:8: branch_false: following ‘false’ branch (when ‘name’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/hostaddr.c:44:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostaddr.c:71:13: call_function: inlined call to ‘k5calloc’ from ‘k5_os_hostaddr’
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostaddr.c:75:17: branch_true: following ‘true’ branch (when ‘i >= j’)...
krb5-1.21.3/src/lib/krb5/os/hostaddr.c:76:14: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostaddr.c:75:17: branch_false: following ‘false’ branch (when ‘i < j’)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostaddr.c:78:27: branch_true: following ‘true’ branch (when ‘aip’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/hostaddr.c:83:17: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostaddr.c:98:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/hostaddr.c:99:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostaddr.c:118:21: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/hostaddr.c:122:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostaddr.c:122:9: danger: ‘ptr’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  120|               free (addrs[i]);
#  121|           }
#  122|->         krb5_free_addresses(context, addrs);
#  123|       }
#  124|       if (ai)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1119]
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:61:13: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:462:1: enter_function: entry to ‘get_default_realm’
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:469:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:470:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:470:15: call_function: calling ‘load_hostrealm_modules’ from ‘get_default_realm’
#   59|           h = *hp;
#   60|           if (h->vt.fini != NULL)
#   61|->             h->vt.fini(context, h->data);
#   62|           free(h);
#   63|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1120]
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:121:15: warning[-Wanalyzer-malloc-leak]: leak of ‘k5alloc((count + 1) * 8, &ret)’
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:462:1: enter_function: entry to ‘get_default_realm’
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:469:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:470:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:470:15: call_function: calling ‘load_hostrealm_modules’ from ‘get_default_realm’
#  119|           if (handle == NULL)
#  120|               goto cleanup;
#  121|->         ret = (*mod)(context, 1, 1, (krb5_plugin_vtable)&handle->vt);
#  122|           if (ret != 0) {
#  123|               TRACE_HOSTREALM_VTINIT_FAIL(context, ret);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1121]
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:121:15: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:462:1: enter_function: entry to ‘get_default_realm’
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:469:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:470:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:470:15: call_function: calling ‘load_hostrealm_modules’ from ‘get_default_realm’
#  119|           if (handle == NULL)
#  120|               goto cleanup;
#  121|->         ret = (*mod)(context, 1, 1, (krb5_plugin_vtable)&handle->vt);
#  122|           if (ret != 0) {
#  123|               TRACE_HOSTREALM_VTINIT_FAIL(context, ret);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1122]
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:123:13: warning[-Wanalyzer-malloc-leak]: leak of ‘k5alloc((count + 1) * 8, &ret)’
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:462:1: enter_function: entry to ‘get_default_realm’
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:469:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:470:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:470:15: call_function: calling ‘load_hostrealm_modules’ from ‘get_default_realm’
#  121|           ret = (*mod)(context, 1, 1, (krb5_plugin_vtable)&handle->vt);
#  122|           if (ret != 0) {
#  123|->             TRACE_HOSTREALM_VTINIT_FAIL(context, ret);
#  124|               free(handle);
#  125|               continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1123]
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:130:19: warning[-Wanalyzer-malloc-leak]: leak of ‘k5alloc((count + 1) * 8, &ret)’
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:462:1: enter_function: entry to ‘get_default_realm’
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:469:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:470:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:470:15: call_function: calling ‘load_hostrealm_modules’ from ‘get_default_realm’
#  128|           handle->data = NULL;
#  129|           if (handle->vt.init != NULL) {
#  130|->             ret = handle->vt.init(context, &handle->data);
#  131|               if (ret != 0) {
#  132|                   TRACE_HOSTREALM_INIT_FAIL(context, handle->vt.name, ret);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1124]
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:132:17: warning[-Wanalyzer-malloc-leak]: leak of ‘k5alloc((count + 1) * 8, &ret)’
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:462:1: enter_function: entry to ‘get_default_realm’
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:469:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:470:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:470:15: call_function: calling ‘load_hostrealm_modules’ from ‘get_default_realm’
#  130|               ret = handle->vt.init(context, &handle->data);
#  131|               if (ret != 0) {
#  132|->                 TRACE_HOSTREALM_INIT_FAIL(context, handle->vt.name, ret);
#  133|                   free(handle);
#  134|                   continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1125]
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:147:5: warning[-Wanalyzer-malloc-leak]: leak of ‘list’
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:462:1: enter_function: entry to ‘get_default_realm’
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:469:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:470:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm.c:470:15: call_function: calling ‘load_hostrealm_modules’ from ‘get_default_realm’
#  145|   
#  146|   cleanup:
#  147|->     k5_plugin_free_modules(context, modules);
#  148|       free_handles(context, list);
#  149|       return ret;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1126]
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:81:11: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:58:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:62:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:62:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:63:8: branch_false: following ‘false’ branch (when ‘uhost’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:65:21: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:81:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:81:11: danger: ‘p’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#   79|        * a suffix with only one label.
#   80|        */
#   81|->     ret = profile_get_integer(context->profile, KRB5_CONF_LIBDEFAULTS,
#   82|                                 KRB5_CONF_REALM_TRY_DOMAINS, 0, -1, &limit);
#   83|       if (ret)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1127]
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:81:11: warning[-Wanalyzer-malloc-leak]: leak of ‘uhost’
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:58:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:62:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:62:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:63:8: branch_false: following ‘false’ branch (when ‘uhost’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:65:21: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:66:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:65:21: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:66:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:65:21: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:66:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:81:11: danger: ‘uhost’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#   79|        * a suffix with only one label.
#   80|        */
#   81|->     ret = profile_get_integer(context->profile, KRB5_CONF_LIBDEFAULTS,
#   82|                                 KRB5_CONF_REALM_TRY_DOMAINS, 0, -1, &limit);
#   83|       if (ret)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1128]
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:88:13: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:45:1: enter_function: entry to ‘domain_fallback_realm’
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:58:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:62:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:62:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:63:8: branch_false: following ‘false’ branch (when ‘uhost’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:65:21: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:81:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:83:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:86:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:86:35: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:86:12: branch_true: following ‘true’ branch (when ‘dot’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:87:18: call_function: inlined call to ‘string2data’ from ‘domain_fallback_realm’
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:88:13: danger: ‘p’ leaks here; was allocated at [(4)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/3)
#   86|       while (limit-- >= 0 && (dot = strchr(suffix, '.')) != NULL) {
#   87|           drealm = string2data((char *)suffix);
#   88|->         if (k5_locate_kdc(context, &drealm, &slist, FALSE, FALSE) == 0) {
#   89|               k5_free_serverlist(&slist);
#   90|               ret = k5_make_realmlist(suffix, realms_out);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1129]
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:88:13: warning[-Wanalyzer-malloc-leak]: leak of ‘uhost’
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:45:1: enter_function: entry to ‘domain_fallback_realm’
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:58:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:62:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:62:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:63:8: branch_false: following ‘false’ branch (when ‘uhost’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:65:21: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:66:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:65:21: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:66:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:65:21: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:66:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:83:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:86:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:86:35: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:86:12: branch_true: following ‘true’ branch (when ‘dot’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:87:18: call_function: inlined call to ‘string2data’ from ‘domain_fallback_realm’
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:88:13: danger: ‘uhost’ leaks here; was allocated at [(4)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/3)
#   86|       while (limit-- >= 0 && (dot = strchr(suffix, '.')) != NULL) {
#   87|           drealm = string2data((char *)suffix);
#   88|->         if (k5_locate_kdc(context, &drealm, &slist, FALSE, FALSE) == 0) {
#   89|               k5_free_serverlist(&slist);
#   90|               ret = k5_make_realmlist(suffix, realms_out);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1130]
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:102:15: warning[-Wanalyzer-malloc-leak]: leak of ‘p’
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:58:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:62:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:62:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:63:8: branch_false: following ‘false’ branch (when ‘uhost’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:65:21: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:81:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:83:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:101:8: branch_true: following ‘true’ branch (when ‘dot’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:102:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:102:15: danger: ‘p’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  100|       dot = strchr(uhost, '.');
#  101|       if (dot != NULL)
#  102|->         ret = k5_make_realmlist(dot + 1, realms_out);
#  103|       else
#  104|           ret = KRB5_PLUGIN_NO_HANDLE;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1131]
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:102:15: warning[-Wanalyzer-malloc-leak]: leak of ‘uhost’
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:58:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:62:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:62:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:63:8: branch_false: following ‘false’ branch (when ‘uhost’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:65:21: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:66:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:65:21: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:66:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:65:21: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:66:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:83:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:101:8: branch_true: following ‘true’ branch (when ‘dot’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:102:15: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/hostrealm_domain.c:102:15: danger: ‘uhost’ leaks here; was allocated at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#  100|       dot = strchr(uhost, '.');
#  101|       if (dot != NULL)
#  102|->         ret = k5_make_realmlist(dot + 1, realms_out);
#  103|       else
#  104|           ret = KRB5_PLUGIN_NO_HANDLE;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1132]
krb5-1.21.3/src/lib/krb5/os/init_os_ctx.c:357:5: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*pfiles’
krb5-1.21.3/src/lib/krb5/os/init_os_ctx.c:415:1: enter_function: entry to ‘k5_os_init_context’
krb5-1.21.3/src/lib/krb5/os/init_os_ctx.c:435:8: branch_false: following ‘false’ branch (when ‘profile’ is NULL)...
krb5-1.21.3/src/lib/krb5/os/init_os_ctx.c:438:37: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/init_os_ctx.c:438:18: call_function: calling ‘os_init_paths’ from ‘k5_os_init_context’
#  355|       if (newfiles == NULL)
#  356|           return ENOMEM;
#  357|->     memcpy(newfiles + 1, *pfiles, (count-1) * sizeof(*newfiles));
#  358|       newfiles[0] = strdup(file);
#  359|       if (newfiles[0] == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1133]
krb5-1.21.3/src/lib/krb5/os/init_os_ctx.c:387:18: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/os/init_os_ctx.c:415:1: enter_function: entry to ‘k5_os_init_context’
krb5-1.21.3/src/lib/krb5/os/init_os_ctx.c:435:8: branch_false: following ‘false’ branch (when ‘profile’ is NULL)...
krb5-1.21.3/src/lib/krb5/os/init_os_ctx.c:438:37: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/init_os_ctx.c:438:18: call_function: calling ‘os_init_paths’ from ‘k5_os_init_context’
#  385|   
#  386|       if (!retval) {
#  387|->         retval = profile_init_flags((const_profile_filespec_t *) files,
#  388|                                       PROFILE_INIT_ALLOW_MODULE, &ctx->profile);
#  389|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1134]
krb5-1.21.3/src/lib/krb5/os/init_os_ctx.c:387:18: warning[-Wanalyzer-malloc-leak]: leak of ‘files’
krb5-1.21.3/src/lib/krb5/os/init_os_ctx.c:415:1: enter_function: entry to ‘k5_os_init_context’
krb5-1.21.3/src/lib/krb5/os/init_os_ctx.c:435:8: branch_false: following ‘false’ branch (when ‘profile’ is NULL)...
krb5-1.21.3/src/lib/krb5/os/init_os_ctx.c:438:37: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/init_os_ctx.c:438:18: call_function: calling ‘os_init_paths’ from ‘k5_os_init_context’
#  385|   
#  386|       if (!retval) {
#  387|->         retval = profile_init_flags((const_profile_filespec_t *) files,
#  388|                                       PROFILE_INIT_ALLOW_MODULE, &ctx->profile);
#  389|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1135]
krb5-1.21.3/src/lib/krb5/os/localauth.c:220:12: warning[-Wanalyzer-malloc-leak]: leak of ‘residual’
krb5-1.21.3/src/lib/krb5/os/localauth.c:300:1: enter_function: entry to ‘an2ln_auth_to_local’
krb5-1.21.3/src/lib/krb5/os/localauth.c:314:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth.c:316:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth.c:321:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth.c:328:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth.c:329:15: call_function: calling ‘parse_mapping_value’ from ‘an2ln_auth_to_local’
krb5-1.21.3/src/lib/krb5/os/localauth.c:329:15: return_function: returning to ‘an2ln_auth_to_local’ from ‘parse_mapping_value’
krb5-1.21.3/src/lib/krb5/os/localauth.c:330:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth.c:332:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth.c:332:13: call_function: calling ‘find_typed_module’ from ‘an2ln_auth_to_local’
krb5-1.21.3/src/lib/krb5/os/localauth.c:332:13: return_function: returning to ‘an2ln_auth_to_local’ from ‘find_typed_module’
krb5-1.21.3/src/lib/krb5/os/localauth.c:333:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth.c:334:19: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth.c:334:19: call_function: inlined call to ‘an2ln’ from ‘an2ln_auth_to_local’
#  218|       if (h->vt.an2ln == NULL)
#  219|           return KRB5_LNAME_NOTRANS;
#  220|->     return h->vt.an2ln(context, h->data, type, residual, aname, lname_out);
#  221|   }
#  222|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1136]
krb5-1.21.3/src/lib/krb5/os/localauth.c:220:12: warning[-Wanalyzer-malloc-leak]: leak of ‘type’
krb5-1.21.3/src/lib/krb5/os/localauth.c:300:1: enter_function: entry to ‘an2ln_auth_to_local’
krb5-1.21.3/src/lib/krb5/os/localauth.c:314:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth.c:316:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth.c:321:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth.c:328:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth.c:329:15: call_function: calling ‘parse_mapping_value’ from ‘an2ln_auth_to_local’
krb5-1.21.3/src/lib/krb5/os/localauth.c:329:15: return_function: returning to ‘an2ln_auth_to_local’ from ‘parse_mapping_value’
krb5-1.21.3/src/lib/krb5/os/localauth.c:330:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth.c:332:13: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth.c:332:13: call_function: calling ‘find_typed_module’ from ‘an2ln_auth_to_local’
krb5-1.21.3/src/lib/krb5/os/localauth.c:332:13: return_function: returning to ‘an2ln_auth_to_local’ from ‘find_typed_module’
krb5-1.21.3/src/lib/krb5/os/localauth.c:333:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth.c:334:19: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth.c:334:19: call_function: inlined call to ‘an2ln’ from ‘an2ln_auth_to_local’
#  218|       if (h->vt.an2ln == NULL)
#  219|           return KRB5_LNAME_NOTRANS;
#  220|->     return h->vt.an2ln(context, h->data, type, residual, aname, lname_out);
#  221|   }
#  222|   

Error: COMPILER_WARNING (CWE-563): [#def1137]
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:89:37: warning[-Wunused-variable]: unused variable ‘pwbuf’
#   89 |     char *newline, linebuf[BUFSIZ], pwbuf[BUFSIZ];
#      |                                     ^~~~~
#   87|       int authoritative = TRUE, gobble;
#   88|       char *filename = NULL, *princname = NULL;
#   89|->     char *newline, linebuf[BUFSIZ], pwbuf[BUFSIZ];
#   90|       struct stat sbuf;
#   91|       struct passwd pwx, *pwd;

Error: COMPILER_WARNING (CWE-563): [#def1138]
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c: scope_hint: In function ‘userok_k5login’
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:91:19: warning[-Wunused-variable]: unused variable ‘pwx’
#   91 |     struct passwd pwx, *pwd;
#      |                   ^~~
#   89|       char *newline, linebuf[BUFSIZ], pwbuf[BUFSIZ];
#   90|       struct stat sbuf;
#   91|->     struct passwd pwx, *pwd;
#   92|       FILE *fp = NULL;
#   93|   

Error: CPPCHECK_WARNING (CWE-457): [#def1139]
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:101: error[legacyUninitvar]: Uninitialized variable: pwd
#   99|   
#  100|       /* Get the local user's .k5login filename. */
#  101|->     ret = k5_getpwnam_r(lname, &pwx, pwbuf, sizeof(pwbuf), &pwd);
#  102|       if (ret) {
#  103|           ret = EPERM;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1140]
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:124:5: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "r")’
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:83:1: enter_function: entry to ‘userok_k5login’
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:97:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:101:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:101:11: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:106:48: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:106:11: call_function: calling ‘get_k5login_filename’ from ‘userok_k5login’
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:106:11: return_function: returning to ‘userok_k5login’ from ‘get_k5login_filename’
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:107:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:110:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:110:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:115:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:116:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:119:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:119:10: acquire_resource: opened here
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:120:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:124:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:124:5: danger: ‘fopen(filename, "r")’ leaks here; was opened at [(19)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/18)
#  122|           goto cleanup;
#  123|       }
#  124|->     set_cloexec_file(fp);
#  125|   
#  126|       /* For security reasons, the .k5login file must be owned either by

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1141]
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:124:5: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "r")’
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:83:1: enter_function: entry to ‘userok_k5login’
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:97:8: branch_false: following ‘false’ branch (when ‘ret == 0’)...
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:101:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:101:11: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:106:48: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:106:11: call_function: calling ‘get_k5login_filename’ from ‘userok_k5login’
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:106:11: return_function: returning to ‘userok_k5login’ from ‘get_k5login_filename’
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:107:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:110:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:110:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:115:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:116:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:119:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:119:10: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:120:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:124:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_k5login.c:124:5: danger: ‘fopen(filename, "r")’ leaks here; was allocated at [(19)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/18)
#  122|           goto cleanup;
#  123|       }
#  124|->     set_cloexec_file(fp);
#  125|   
#  126|       /* For security reasons, the .k5login file must be owned either by

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1142]
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:100:12: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(startp, (long unsigned int)(endp - startp), &ret)’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:78:1: enter_function: entry to ‘aname_do_match’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:87:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:91:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:93:8: branch_false: following ‘false’ branch (when ‘endp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:95:32: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:95:14: call_function: calling ‘k5memdup0’ from ‘aname_do_match’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:95:14: return_function: returning to ‘aname_do_match’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:96:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:100:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:100:12: danger: ‘k5memdup0(startp, (long unsigned int)(endp - startp), &ret)’ leaks here; was allocated at [(12)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/11)
#   98|   
#   99|       /* Perform the match. */
#  100|->     ret = (regcomp(&re, regstr, REG_EXTENDED) == 0 &&
#  101|              regexec(&re, selstring, 1, &m, 0) == 0 &&
#  102|              m.rm_so == 0 && (size_t)m.rm_eo == strlen(selstring)) ? 0 :

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1143]
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:101:12: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(startp, (long unsigned int)(endp - startp), &ret)’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:78:1: enter_function: entry to ‘aname_do_match’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:87:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:91:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:93:8: branch_false: following ‘false’ branch (when ‘endp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:95:32: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:95:14: call_function: calling ‘k5memdup0’ from ‘aname_do_match’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:95:14: return_function: returning to ‘aname_do_match’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:96:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:100:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:100:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:101:12: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:101:12: danger: ‘k5memdup0(startp, (long unsigned int)(endp - startp), &ret)’ leaks here; was allocated at [(12)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/11)
#   99|       /* Perform the match. */
#  100|       ret = (regcomp(&re, regstr, REG_EXTENDED) == 0 &&
#  101|->            regexec(&re, selstring, 1, &m, 0) == 0 &&
#  102|              m.rm_so == 0 && (size_t)m.rm_eo == strlen(selstring)) ? 0 :
#  103|           KRB5_LNAME_NOTRANS;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1144]
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:104:5: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(startp, (long unsigned int)(endp - startp), &ret)’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:78:1: enter_function: entry to ‘aname_do_match’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:87:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:91:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:93:8: branch_false: following ‘false’ branch (when ‘endp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:95:32: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:95:14: call_function: calling ‘k5memdup0’ from ‘aname_do_match’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:95:14: return_function: returning to ‘aname_do_match’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:96:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:100:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:104:5: danger: ‘k5memdup0(startp, (long unsigned int)(endp - startp), &ret)’ leaks here; was allocated at [(12)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/11)
#  102|              m.rm_so == 0 && (size_t)m.rm_eo == strlen(selstring)) ? 0 :
#  103|           KRB5_LNAME_NOTRANS;
#  104|->     regfree(&re);
#  105|       free(regstr);
#  106|       *contextp = endp + 1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1145]
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:121:9: warning[-Wanalyzer-malloc-leak]: leak of ‘current’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:143:1: enter_function: entry to ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:152:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:153:8: branch_false: following ‘false’ branch (when ‘current’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:157:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:158:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:15: branch_false: following ‘false’ branch (when ‘ep’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:165:21: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:13: branch_false: following ‘false’ branch (when ‘tp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:171:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:173:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:175:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:177:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:181:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:186:15: call_function: calling ‘do_replacement’ from ‘aname_replacer’
#  119|   
#  120|       *outstr = NULL;
#  121|->     if (regcomp(&re, regstr, REG_EXTENDED))
#  122|           return KRB5_LNAME_NOTRANS;
#  123|       k5_buf_init_dynamic(&buf);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1146]
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:121:9: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(cp + 2, (long unsigned int)(ep - <unknown>), &ret)’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:143:1: enter_function: entry to ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:153:8: branch_false: following ‘false’ branch (when ‘current’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:157:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:158:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:15: branch_false: following ‘false’ branch (when ‘ep’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:165:21: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:13: branch_false: following ‘false’ branch (when ‘tp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:171:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:173:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:175:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:177:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:181:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:186:15: call_function: calling ‘do_replacement’ from ‘aname_replacer’
#  119|   
#  120|       *outstr = NULL;
#  121|->     if (regcomp(&re, regstr, REG_EXTENDED))
#  122|           return KRB5_LNAME_NOTRANS;
#  123|       k5_buf_init_dynamic(&buf);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1147]
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:121:9: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(ep + 1, (long unsigned int)(tp - <unknown>), &ret)’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:143:1: enter_function: entry to ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:153:8: branch_false: following ‘false’ branch (when ‘current’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:157:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:158:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:15: branch_false: following ‘false’ branch (when ‘ep’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:165:21: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:13: branch_false: following ‘false’ branch (when ‘tp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:171:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:173:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:175:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:177:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:181:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:186:15: call_function: calling ‘do_replacement’ from ‘aname_replacer’
#  119|   
#  120|       *outstr = NULL;
#  121|->     if (regcomp(&re, regstr, REG_EXTENDED))
#  122|           return KRB5_LNAME_NOTRANS;
#  123|       k5_buf_init_dynamic(&buf);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1148]
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:123:5: warning[-Wanalyzer-malloc-leak]: leak of ‘current’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:143:1: enter_function: entry to ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:152:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:153:8: branch_false: following ‘false’ branch (when ‘current’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:157:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:158:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:15: branch_false: following ‘false’ branch (when ‘ep’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:165:21: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:13: branch_false: following ‘false’ branch (when ‘tp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:171:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:173:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:175:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:177:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:181:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:186:15: call_function: calling ‘do_replacement’ from ‘aname_replacer’
#  121|       if (regcomp(&re, regstr, REG_EXTENDED))
#  122|           return KRB5_LNAME_NOTRANS;
#  123|->     k5_buf_init_dynamic(&buf);
#  124|       while (regexec(&re, instr, 1, &m, 0) == 0) {
#  125|           k5_buf_add_len(&buf, instr, m.rm_so);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1149]
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:123:5: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(cp + 2, (long unsigned int)(ep - <unknown>), &ret)’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:143:1: enter_function: entry to ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:153:8: branch_false: following ‘false’ branch (when ‘current’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:157:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:158:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:15: branch_false: following ‘false’ branch (when ‘ep’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:165:21: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:13: branch_false: following ‘false’ branch (when ‘tp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:171:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:173:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:175:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:177:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:181:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:186:15: call_function: calling ‘do_replacement’ from ‘aname_replacer’
#  121|       if (regcomp(&re, regstr, REG_EXTENDED))
#  122|           return KRB5_LNAME_NOTRANS;
#  123|->     k5_buf_init_dynamic(&buf);
#  124|       while (regexec(&re, instr, 1, &m, 0) == 0) {
#  125|           k5_buf_add_len(&buf, instr, m.rm_so);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1150]
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:123:5: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(ep + 1, (long unsigned int)(tp - <unknown>), &ret)’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:143:1: enter_function: entry to ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:153:8: branch_false: following ‘false’ branch (when ‘current’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:157:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:158:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:15: branch_false: following ‘false’ branch (when ‘ep’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:165:21: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:13: branch_false: following ‘false’ branch (when ‘tp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:171:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:173:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:175:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:177:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:181:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:186:15: call_function: calling ‘do_replacement’ from ‘aname_replacer’
#  121|       if (regcomp(&re, regstr, REG_EXTENDED))
#  122|           return KRB5_LNAME_NOTRANS;
#  123|->     k5_buf_init_dynamic(&buf);
#  124|       while (regexec(&re, instr, 1, &m, 0) == 0) {
#  125|           k5_buf_add_len(&buf, instr, m.rm_so);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1151]
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:124:12: warning[-Wanalyzer-malloc-leak]: leak of ‘current’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:143:1: enter_function: entry to ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:152:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:153:8: branch_false: following ‘false’ branch (when ‘current’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:157:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:158:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:15: branch_false: following ‘false’ branch (when ‘ep’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:165:21: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:13: branch_false: following ‘false’ branch (when ‘tp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:171:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:173:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:175:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:177:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:181:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:186:15: call_function: calling ‘do_replacement’ from ‘aname_replacer’
#  122|           return KRB5_LNAME_NOTRANS;
#  123|       k5_buf_init_dynamic(&buf);
#  124|->     while (regexec(&re, instr, 1, &m, 0) == 0) {
#  125|           k5_buf_add_len(&buf, instr, m.rm_so);
#  126|           k5_buf_add(&buf, repl);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1152]
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:124:12: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(cp + 2, (long unsigned int)(ep - <unknown>), &ret)’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:143:1: enter_function: entry to ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:153:8: branch_false: following ‘false’ branch (when ‘current’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:157:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:158:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:15: branch_false: following ‘false’ branch (when ‘ep’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:165:21: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:13: branch_false: following ‘false’ branch (when ‘tp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:171:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:173:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:175:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:177:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:181:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:186:15: call_function: calling ‘do_replacement’ from ‘aname_replacer’
#  122|           return KRB5_LNAME_NOTRANS;
#  123|       k5_buf_init_dynamic(&buf);
#  124|->     while (regexec(&re, instr, 1, &m, 0) == 0) {
#  125|           k5_buf_add_len(&buf, instr, m.rm_so);
#  126|           k5_buf_add(&buf, repl);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1153]
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:124:12: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(ep + 1, (long unsigned int)(tp - <unknown>), &ret)’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:143:1: enter_function: entry to ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:153:8: branch_false: following ‘false’ branch (when ‘current’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:157:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:158:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:15: branch_false: following ‘false’ branch (when ‘ep’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:165:21: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:13: branch_false: following ‘false’ branch (when ‘tp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:171:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:173:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:175:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:177:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:181:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:186:15: call_function: calling ‘do_replacement’ from ‘aname_replacer’
#  122|           return KRB5_LNAME_NOTRANS;
#  123|       k5_buf_init_dynamic(&buf);
#  124|->     while (regexec(&re, instr, 1, &m, 0) == 0) {
#  125|           k5_buf_add_len(&buf, instr, m.rm_so);
#  126|           k5_buf_add(&buf, repl);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1154]
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:125:9: warning[-Wanalyzer-malloc-leak]: leak of ‘current’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:143:1: enter_function: entry to ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:152:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:153:8: branch_false: following ‘false’ branch (when ‘current’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:157:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:158:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:15: branch_false: following ‘false’ branch (when ‘ep’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:165:21: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:13: branch_false: following ‘false’ branch (when ‘tp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:171:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:173:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:175:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:177:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:181:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:186:15: call_function: calling ‘do_replacement’ from ‘aname_replacer’
#  123|       k5_buf_init_dynamic(&buf);
#  124|       while (regexec(&re, instr, 1, &m, 0) == 0) {
#  125|->         k5_buf_add_len(&buf, instr, m.rm_so);
#  126|           k5_buf_add(&buf, repl);
#  127|           instr += m.rm_eo;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1155]
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:125:9: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(cp + 2, (long unsigned int)(ep - <unknown>), &ret)’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:143:1: enter_function: entry to ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:153:8: branch_false: following ‘false’ branch (when ‘current’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:157:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:158:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:15: branch_false: following ‘false’ branch (when ‘ep’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:165:21: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:13: branch_false: following ‘false’ branch (when ‘tp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:171:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:173:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:175:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:177:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:181:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:186:15: call_function: calling ‘do_replacement’ from ‘aname_replacer’
#  123|       k5_buf_init_dynamic(&buf);
#  124|       while (regexec(&re, instr, 1, &m, 0) == 0) {
#  125|->         k5_buf_add_len(&buf, instr, m.rm_so);
#  126|           k5_buf_add(&buf, repl);
#  127|           instr += m.rm_eo;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1156]
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:125:9: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(ep + 1, (long unsigned int)(tp - <unknown>), &ret)’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:143:1: enter_function: entry to ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:153:8: branch_false: following ‘false’ branch (when ‘current’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:157:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:158:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:15: branch_false: following ‘false’ branch (when ‘ep’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:165:21: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:13: branch_false: following ‘false’ branch (when ‘tp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:171:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:173:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:175:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:177:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:181:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:186:15: call_function: calling ‘do_replacement’ from ‘aname_replacer’
#  123|       k5_buf_init_dynamic(&buf);
#  124|       while (regexec(&re, instr, 1, &m, 0) == 0) {
#  125|->         k5_buf_add_len(&buf, instr, m.rm_so);
#  126|           k5_buf_add(&buf, repl);
#  127|           instr += m.rm_eo;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1157]
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:126:9: warning[-Wanalyzer-malloc-leak]: leak of ‘current’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:143:1: enter_function: entry to ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:152:15: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:153:8: branch_false: following ‘false’ branch (when ‘current’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:157:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:158:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:15: branch_false: following ‘false’ branch (when ‘ep’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:165:21: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:13: branch_false: following ‘false’ branch (when ‘tp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:171:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:173:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:175:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:177:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:181:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:186:15: call_function: calling ‘do_replacement’ from ‘aname_replacer’
#  124|       while (regexec(&re, instr, 1, &m, 0) == 0) {
#  125|           k5_buf_add_len(&buf, instr, m.rm_so);
#  126|->         k5_buf_add(&buf, repl);
#  127|           instr += m.rm_eo;
#  128|           if (!doall)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1158]
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:126:9: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(cp + 2, (long unsigned int)(ep - <unknown>), &ret)’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:143:1: enter_function: entry to ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:153:8: branch_false: following ‘false’ branch (when ‘current’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:157:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:158:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:15: branch_false: following ‘false’ branch (when ‘ep’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:165:21: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:13: branch_false: following ‘false’ branch (when ‘tp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:171:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:173:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:175:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:177:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:181:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:186:15: call_function: calling ‘do_replacement’ from ‘aname_replacer’
#  124|       while (regexec(&re, instr, 1, &m, 0) == 0) {
#  125|           k5_buf_add_len(&buf, instr, m.rm_so);
#  126|->         k5_buf_add(&buf, repl);
#  127|           instr += m.rm_eo;
#  128|           if (!doall)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1159]
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:126:9: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(ep + 1, (long unsigned int)(tp - <unknown>), &ret)’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:143:1: enter_function: entry to ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:153:8: branch_false: following ‘false’ branch (when ‘current’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:157:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:158:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:15: branch_false: following ‘false’ branch (when ‘ep’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:165:21: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:164:13: branch_false: following ‘false’ branch (when ‘tp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:171:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:172:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:173:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:175:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: call_function: calling ‘k5memdup0’ from ‘aname_replacer’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:176:16: return_function: returning to ‘aname_replacer’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:177:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:181:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/localauth_rule.c:186:15: call_function: calling ‘do_replacement’ from ‘aname_replacer’
#  124|       while (regexec(&re, instr, 1, &m, 0) == 0) {
#  125|           k5_buf_add_len(&buf, instr, m.rm_so);
#  126|->         k5_buf_add(&buf, repl);
#  127|           instr += m.rm_eo;
#  128|           if (!doall)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1160]
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:175:8: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(hostname)’
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:700:1: enter_function: entry to ‘dns_locate_server_srv’
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:708:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:711:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:732:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:733:16: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:733:16: call_function: calling ‘locate_srv_dns_1’ from ‘dns_locate_server_srv’
#  173|       if (entry->hostname == NULL)
#  174|           goto oom;
#  175|->     if (uri_path != NULL) {
#  176|           entry->uri_path = strdup(uri_path);
#  177|           if (entry->uri_path == NULL)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1161]
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:177:12: warning[-Wanalyzer-malloc-leak]: leak of ‘strdup(uri_path)’
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:599:1: enter_function: entry to ‘locate_uri’
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:612:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:615:27: branch_true: following ‘true’ branch (when ‘entry’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:617:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:619:9: call_function: calling ‘parse_uri_fields’ from ‘locate_uri’
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:619:9: return_function: returning to ‘locate_uri’ from ‘parse_uri_fields’
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:620:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:625:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:629:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:630:13: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:632:13: call_function: calling ‘parse_uri_if_https’ from ‘locate_uri’
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:632:13: return_function: returning to ‘locate_uri’ from ‘parse_uri_if_https’
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:633:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:637:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:638:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:641:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:641:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:646:15: call_function: calling ‘add_host_to_list’ from ‘locate_uri’
#  175|       if (uri_path != NULL) {
#  176|           entry->uri_path = strdup(uri_path);
#  177|->         if (entry->uri_path == NULL)
#  178|               goto oom;
#  179|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1162]
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:438:16: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*realm.data, (long unsigned int)*realm.length, & code)’
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:752:1: enter_function: entry to ‘locate_server’
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:763:11: call_function: calling ‘module_locate_server’ from ‘locate_server’
#  436|           /* For now, don't keep the plugin data alive.  For long-lived
#  437|            * contexts, it may be desirable to change that later. */
#  438|->         code = vtbl->init(ctx, &blob);
#  439|           if (code)
#  440|               continue;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1163]
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:443:16: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(*realm.data, (long unsigned int)*realm.length, & code)’
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:752:1: enter_function: entry to ‘locate_server’
krb5-1.21.3/src/lib/krb5/os/locate_kdc.c:763:11: call_function: calling ‘module_locate_server’ from ‘locate_server’
#  441|   
#  442|           socktype = (transport == TCP) ? SOCK_STREAM : SOCK_DGRAM;
#  443|->         code = vtbl->lookup(blob, svc, realmz, socktype, AF_UNSPEC,
#  444|                               module_callback, &cbdata);
#  445|           /* Also ask for TCP addresses if we got UDP addresses and want both. */

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1164]
krb5-1.21.3/src/lib/krb5/os/prompter.c:65:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
krb5-1.21.3/src/lib/krb5/os/prompter.c:62:10: acquire_resource: opened here
krb5-1.21.3/src/lib/krb5/os/prompter.c:63:8: branch_false: following ‘false’ branch (when ‘fd >= 0’)...
krb5-1.21.3/src/lib/krb5/os/prompter.c:65:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/prompter.c:65:5: danger: ‘fd’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   63|       if (fd < 0)
#   64|           return KRB5_LIBOS_CANTREADPWD;
#   65|->     set_cloexec_fd(fd);
#   66|       fp = fdopen(fd, "r");
#   67|       if (fp == NULL)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1165]
krb5-1.21.3/src/lib/krb5/os/prompter.c:85:15: warning[-Wanalyzer-malloc-leak]: leak of ‘fp’
krb5-1.21.3/src/lib/krb5/os/prompter.c:32:1: enter_function: entry to ‘krb5_prompter_posix’
krb5-1.21.3/src/lib/krb5/os/prompter.c:63:8: branch_false: following ‘false’ branch (when ‘fd >= 0’)...
krb5-1.21.3/src/lib/krb5/os/prompter.c:65:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/prompter.c:66:10: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/prompter.c:67:8: branch_false: following ‘false’ branch (when ‘fp’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/prompter.c:69:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/prompter.c:69:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/prompter.c:72:17: branch_true: following ‘true’ branch (when ‘i < num_prompts’)...
krb5-1.21.3/src/lib/krb5/os/prompter.c:75:20: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/prompter.c:75:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/prompter.c:78:19: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/prompter.c:78:19: call_function: calling ‘setup_tty’ from ‘krb5_prompter_posix’
krb5-1.21.3/src/lib/krb5/os/prompter.c:78:19: return_function: returning to ‘krb5_prompter_posix’ from ‘setup_tty’
krb5-1.21.3/src/lib/krb5/os/prompter.c:79:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/prompter.c:83:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/prompter.c:85:15: danger: ‘fp’ leaks here; was allocated at [(4)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/3)
#   83|           (void)fputs(prompts[i].prompt, stdout);
#   84|           (void)fputs(": ", stdout);
#   85|->         (void)fflush(stdout);
#   86|           (void)memset(prompts[i].reply->data, 0, prompts[i].reply->length);
#   87|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1166]
krb5-1.21.3/src/lib/krb5/os/read_msg.c:55:21: warning[-Wanalyzer-malloc-leak]: leak of ‘buf’
krb5-1.21.3/src/lib/krb5/os/read_msg.c:40:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/read_msg.c:42:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/read_msg.c:48:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/read_msg.c:52:21: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/read_msg.c:52:21: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/read_msg.c:52:12: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/read_msg.c:55:21: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/read_msg.c:55:21: danger: ‘buf’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#   53|               return(ENOMEM);
#   54|           }
#   55|->         if ((len2 = krb5_net_read(context, fd, buf, ilen)) != ilen) {
#   56|               free(buf);
#   57|               return((len2 < 0) ? errno : ECONNABORTED);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1167]
krb5-1.21.3/src/lib/krb5/os/read_pwd.c:64:14: warning[-Wanalyzer-malloc-leak]: leak of ‘verify_data.data’
krb5-1.21.3/src/lib/krb5/os/read_pwd.c:41:1: enter_function: entry to ‘krb5_read_password’
krb5-1.21.3/src/lib/krb5/os/read_pwd.c:55:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/read_pwd.c:58:14: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/read_pwd.c:58:14: call_function: calling ‘alloc_data’ from ‘krb5_read_password’
krb5-1.21.3/src/lib/krb5/os/read_pwd.c:58:14: return_function: returning to ‘krb5_read_password’ from ‘alloc_data’
krb5-1.21.3/src/lib/krb5/os/read_pwd.c:59:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/read_pwd.c:61:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/read_pwd.c:64:14: danger: ‘verify_data.data’ leaks here; was allocated at [(6)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/5)
#   62|       vprompt.hidden = 1;
#   63|       vprompt.reply = &verify_data;
#   64|->     retval = krb5_prompter_posix(NULL, NULL, NULL, NULL, 1, &vprompt);
#   65|       if (retval)
#   66|           goto done;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1168]
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:852:5: warning[-Wanalyzer-malloc-leak]: leak of ‘sel_state’
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1496:1: enter_function: entry to ‘k5_sendto’
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1517:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1526:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1526:17: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1527:8: branch_false: following ‘false’ branch (when ‘sel_state’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1531:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1536:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1538:32: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1539:18: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1539:18: call_function: calling ‘resolve_server’ from ‘k5_sendto’
#  850|       if (SNPRINTF_OVERFLOW(result, sizeof(portbuf)))
#  851|           return EINVAL;
#  852|->     TRACE_SENDTO_KDC_RESOLVING(context, entry->hostname);
#  853|       err = getaddrinfo(entry->hostname, portbuf, &hint, &addrs);
#  854|       if (err)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1169]
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:853:11: warning[-Wanalyzer-malloc-leak]: leak of ‘sel_state’
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1496:1: enter_function: entry to ‘k5_sendto’
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1517:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1526:17: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1526:17: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1527:8: branch_false: following ‘false’ branch (when ‘sel_state’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1531:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1536:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1538:32: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1539:18: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1539:18: call_function: calling ‘resolve_server’ from ‘k5_sendto’
#  851|           return EINVAL;
#  852|       TRACE_SENDTO_KDC_RESOLVING(context, entry->hostname);
#  853|->     err = getaddrinfo(entry->hostname, portbuf, &hint, &addrs);
#  854|       if (err)
#  855|           return translate_ai_error(err);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1170]
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:895:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘fd’
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:994:1: enter_function: entry to ‘maybe_send’
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1002:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1003:16: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1003:16: call_function: calling ‘start_connection’ from ‘maybe_send’
#  893|       if (fd == INVALID_SOCKET)
#  894|           return -1;              /* try other hosts */
#  895|->     set_cloexec_fd(fd);
#  896|       /* Make it non-blocking.  */
#  897|       ioctlsocket(fd, FIONBIO, (const void *) &one);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1171]
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1238:11: warning[-Wanalyzer-malloc-leak]: leak of ‘names[1]’
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1218:1: enter_function: entry to ‘setup_tls’
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1229:16: call_function: calling ‘k5memdup0’ from ‘setup_tls’
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1229:16: return_function: returning to ‘setup_tls’ from ‘k5memdup0’
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1230:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1234:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/sendto_kdc.c:1238:11: danger: ‘names[1]’ leaks here; was allocated at [(9)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/8)
# 1236|       names[2] = KRB5_CONF_HTTP_ANCHORS;
# 1237|       names[3] = NULL;
# 1238|->     ret = profile_get_values(context->profile, names, &anchors);
# 1239|       if (ret != 0 && ret != PROF_NO_RELATION)
# 1240|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1172]
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:48:11: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(host.data, (long unsigned int)host.length, & ret)’
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:271:1: enter_function: entry to ‘k5_canonprinc’
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:281:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:289:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:305:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:305:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:307:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:307:12: call_function: calling ‘canonicalize_princ’ from ‘k5_canonprinc’
#   46|       int value;
#   47|   
#   48|->     ret = profile_get_boolean(context->profile, KRB5_CONF_LIBDEFAULTS,
#   49|                                 KRB5_CONF_RDNS, NULL, DEFAULT_RDNS_LOOKUP,
#   50|                                 &value);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1173]
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:66:11: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(host.data, (long unsigned int)host.length, & ret)’
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:271:1: enter_function: entry to ‘k5_canonprinc’
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:281:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:289:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:305:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:305:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:307:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:307:12: call_function: calling ‘canonicalize_princ’ from ‘k5_canonprinc’
#   64|       const char *domain;
#   65|   
#   66|->     ret = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
#   67|                                KRB5_CONF_QUALIFY_SHORTNAME, NULL, NULL,
#   68|                                &prof_domain);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1174]
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:74:21: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(host.data, (long unsigned int)host.length, & ret)’
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:271:1: enter_function: entry to ‘k5_canonprinc’
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:281:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:289:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:305:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:305:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:307:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:307:12: call_function: calling ‘canonicalize_princ’ from ‘k5_canonprinc’
#   72|   #ifdef KRB5_DNS_LOOKUP
#   73|       if (prof_domain == NULL)
#   74|->         os_domain = k5_primary_domain();
#   75|   #endif
#   76|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1175]
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:83:5: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(host.data, (long unsigned int)host.length, & ret)’
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:311:1: enter_function: entry to ‘k5_sname_compare’
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:319:19: call_function: calling ‘k5_canonprinc’ from ‘k5_sname_compare’
#   81|       }
#   82|   
#   83|->     profile_release_string(prof_domain);
#   84|       free(os_domain);
#   85|       return fqdn;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1176]
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:104:15: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(host.data, (long unsigned int)host.length, & ret)’
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:271:1: enter_function: entry to ‘k5_canonprinc’
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:281:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:289:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:305:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:305:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:307:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:307:12: call_function: calling ‘canonicalize_princ’ from ‘k5_canonprinc’
#  102|           memset(&hint, 0, sizeof(hint));
#  103|           hint.ai_flags = AI_CANONNAME;
#  104|->         err = getaddrinfo(host, 0, &hint, &ai);
#  105|           if (err == EAI_MEMORY)
#  106|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1177]
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:112:19: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(host.data, (long unsigned int)host.length, & ret)’
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:271:1: enter_function: entry to ‘k5_canonprinc’
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:281:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:289:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:305:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:305:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:307:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:307:12: call_function: calling ‘canonicalize_princ’ from ‘k5_canonprinc’
#  110|           if (!err && use_reverse_dns(context)) {
#  111|               /* Try a reverse lookup of the address. */
#  112|->             err = getnameinfo(ai->ai_addr, ai->ai_addrlen, namebuf,
#  113|                                 sizeof(namebuf), NULL, 0, NI_NAMEREQD);
#  114|               if (err == EAI_MEMORY)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1178]
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:233:15: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(host.data, (long unsigned int)host.length, & ret)’
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:331:1: enter_function: entry to ‘krb5_sname_to_principal’
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:344:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:348:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:361:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:363:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:374:11: call_function: calling ‘canonicalize_princ’ from ‘krb5_sname_to_principal’
#  231|       /* If the realm is unknown, look up the realm of the expanded hostname. */
#  232|       if (iter->princ->realm.length == 0 && !iter->no_hostrealm) {
#  233|->         ret = krb5_get_host_realm(context, canonhost, &hrealms);
#  234|           if (ret)
#  235|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1179]
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:242:19: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(host.data, (long unsigned int)host.length, & ret)’
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:331:1: enter_function: entry to ‘krb5_sname_to_principal’
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:344:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:348:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:361:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:363:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/sn2princ.c:374:11: call_function: calling ‘canonicalize_princ’ from ‘krb5_sname_to_principal’
#  240|           free(iter->realm);
#  241|           if (*hrealms[0] == '\0' && iter->subst_defrealm) {
#  242|->             ret = krb5_get_default_realm(context, &iter->realm);
#  243|               if (ret)
#  244|                   goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def1180]
krb5-1.21.3/src/lib/krb5/os/trace.c:67:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
krb5-1.21.3/src/lib/krb5/os/trace.c:400:1: enter_function: entry to ‘krb5int_trace’
krb5-1.21.3/src/lib/krb5/os/trace.c:408:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/trace.c:410:5: acquire_resource: ‘va_start’ called here
krb5-1.21.3/src/lib/krb5/os/trace.c:411:11: call_function: calling ‘trace_format’ from ‘krb5int_trace’
#   65|   
#   66|       if (buf_is_printable(p, len)) {
#   67|->         k5_buf_add_len(buf, p, len);
#   68|       } else {
#   69|           for (i = 0; i < len; i++) {

Error: GCC_ANALYZER_WARNING (CWE-404): [#def1181]
krb5-1.21.3/src/lib/krb5/os/trace.c:71:17: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
krb5-1.21.3/src/lib/krb5/os/trace.c:400:1: enter_function: entry to ‘krb5int_trace’
krb5-1.21.3/src/lib/krb5/os/trace.c:408:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/trace.c:410:5: acquire_resource: ‘va_start’ called here
krb5-1.21.3/src/lib/krb5/os/trace.c:411:11: call_function: calling ‘trace_format’ from ‘krb5int_trace’
#   69|           for (i = 0; i < len; i++) {
#   70|               if (buf_is_printable(p + i, 1)) {
#   71|->                 k5_buf_add_len(buf, p + i, 1);
#   72|               } else {
#   73|                   snprintf(text, sizeof(text), "\\x%02x",

Error: COMPILER_WARNING (CWE-252): [#def1182]
krb5-1.21.3/src/lib/krb5/os/trace.c: scope_hint: In function ‘hash_bytes’
krb5-1.21.3/src/lib/krb5/os/trace.c:100:16: warning[-Wunused-result]: ignoring return value of ‘asprintf’ declared with attribute ‘warn_unused_result’
#  100 |         (void) asprintf(&s, "%02X%02X", cksum.contents[0], cksum.contents[1]);
#      |                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   98|           return NULL;
#   99|       if (cksum.length >= 2)
#  100|->         (void) asprintf(&s, "%02X%02X", cksum.contents[0], cksum.contents[1]);
#  101|       krb5_free_checksum_contents(context, &cksum);
#  102|       return s;

Error: GCC_ANALYZER_WARNING (CWE-404): [#def1183]
krb5-1.21.3/src/lib/krb5/os/trace.c:197:5: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
krb5-1.21.3/src/lib/krb5/os/trace.c:400:1: enter_function: entry to ‘krb5int_trace’
krb5-1.21.3/src/lib/krb5/os/trace.c:408:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/trace.c:410:5: acquire_resource: ‘va_start’ called here
krb5-1.21.3/src/lib/krb5/os/trace.c:411:11: call_function: calling ‘trace_format’ from ‘krb5int_trace’
#  195|       krb5_enctype *etypes, etype;
#  196|   
#  197|->     k5_buf_init_dynamic(&buf);
#  198|       while (TRUE) {
#  199|           /* Advance to the next word in braces. */

Error: GCC_ANALYZER_WARNING (CWE-404): [#def1184]
krb5-1.21.3/src/lib/krb5/os/trace.c:201:9: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
krb5-1.21.3/src/lib/krb5/os/trace.c:400:1: enter_function: entry to ‘krb5int_trace’
krb5-1.21.3/src/lib/krb5/os/trace.c:408:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/trace.c:410:5: acquire_resource: ‘va_start’ called here
krb5-1.21.3/src/lib/krb5/os/trace.c:411:11: call_function: calling ‘trace_format’ from ‘krb5int_trace’
#  199|           /* Advance to the next word in braces. */
#  200|           len = strcspn(fmt, "{");
#  201|->         k5_buf_add_len(&buf, fmt, len);
#  202|           if (fmt[len] == '\0')
#  203|               break;

Error: GCC_ANALYZER_WARNING (CWE-686): [#def1185]
krb5-1.21.3/src/lib/krb5/os/trace.c:214:13: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘int’ but received ‘char *’ for variadic argument 2 of ‘ap’
krb5-1.21.3/src/lib/krb5/os/trace.c:400:1: enter_function: entry to ‘krb5int_trace’
krb5-1.21.3/src/lib/krb5/os/trace.c:408:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/trace.c:411:11: call_function: calling ‘trace_format’ from ‘krb5int_trace’
#  212|           /* Process the format word. */
#  213|           if (strcmp(tmpbuf, "int") == 0) {
#  214|->             k5_buf_add_fmt(&buf, "%d", va_arg(ap, int));
#  215|           } else if (strcmp(tmpbuf, "long") == 0) {
#  216|               k5_buf_add_fmt(&buf, "%ld", va_arg(ap, long));

Error: GCC_ANALYZER_WARNING (CWE-404): [#def1186]
krb5-1.21.3/src/lib/krb5/os/trace.c:214:13: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
krb5-1.21.3/src/lib/krb5/os/trace.c:400:1: enter_function: entry to ‘krb5int_trace’
krb5-1.21.3/src/lib/krb5/os/trace.c:408:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/trace.c:410:5: acquire_resource: ‘va_start’ called here
krb5-1.21.3/src/lib/krb5/os/trace.c:411:11: call_function: calling ‘trace_format’ from ‘krb5int_trace’
#  212|           /* Process the format word. */
#  213|           if (strcmp(tmpbuf, "int") == 0) {
#  214|->             k5_buf_add_fmt(&buf, "%d", va_arg(ap, int));
#  215|           } else if (strcmp(tmpbuf, "long") == 0) {
#  216|               k5_buf_add_fmt(&buf, "%ld", va_arg(ap, long));

Error: GCC_ANALYZER_WARNING (CWE-686): [#def1187]
krb5-1.21.3/src/lib/krb5/os/trace.c:216:13: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘long int’ but received ‘char *’ for variadic argument 2 of ‘ap’
krb5-1.21.3/src/lib/krb5/os/trace.c:400:1: enter_function: entry to ‘krb5int_trace’
krb5-1.21.3/src/lib/krb5/os/trace.c:408:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/trace.c:411:11: call_function: calling ‘trace_format’ from ‘krb5int_trace’
#  214|               k5_buf_add_fmt(&buf, "%d", va_arg(ap, int));
#  215|           } else if (strcmp(tmpbuf, "long") == 0) {
#  216|->             k5_buf_add_fmt(&buf, "%ld", va_arg(ap, long));
#  217|           } else if (strcmp(tmpbuf, "str") == 0) {
#  218|               p = va_arg(ap, const char *);

Error: GCC_ANALYZER_WARNING (CWE-686): [#def1188]
krb5-1.21.3/src/lib/krb5/os/trace.c:216:13: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘long int’ but received ‘unsigned int’ for variadic argument 1 of ‘ap’
krb5-1.21.3/src/lib/krb5/os/trace.c:400:1: enter_function: entry to ‘krb5int_trace’
krb5-1.21.3/src/lib/krb5/os/trace.c:408:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/trace.c:411:11: call_function: calling ‘trace_format’ from ‘krb5int_trace’
#  214|               k5_buf_add_fmt(&buf, "%d", va_arg(ap, int));
#  215|           } else if (strcmp(tmpbuf, "long") == 0) {
#  216|->             k5_buf_add_fmt(&buf, "%ld", va_arg(ap, long));
#  217|           } else if (strcmp(tmpbuf, "str") == 0) {
#  218|               p = va_arg(ap, const char *);

Error: GCC_ANALYZER_WARNING (CWE-404): [#def1189]
krb5-1.21.3/src/lib/krb5/os/trace.c:216:13: warning[-Wanalyzer-va-list-leak]: missing call to ‘va_end’
krb5-1.21.3/src/lib/krb5/os/trace.c:400:1: enter_function: entry to ‘krb5int_trace’
krb5-1.21.3/src/lib/krb5/os/trace.c:408:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/trace.c:410:5: acquire_resource: ‘va_start’ called here
krb5-1.21.3/src/lib/krb5/os/trace.c:411:11: call_function: calling ‘trace_format’ from ‘krb5int_trace’
#  214|               k5_buf_add_fmt(&buf, "%d", va_arg(ap, int));
#  215|           } else if (strcmp(tmpbuf, "long") == 0) {
#  216|->             k5_buf_add_fmt(&buf, "%ld", va_arg(ap, long));
#  217|           } else if (strcmp(tmpbuf, "str") == 0) {
#  218|               p = va_arg(ap, const char *);

Error: GCC_ANALYZER_WARNING (CWE-686): [#def1190]
krb5-1.21.3/src/lib/krb5/os/trace.c:218:13: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘const char *’ but received ‘unsigned int’ for variadic argument 1 of ‘ap’
krb5-1.21.3/src/lib/krb5/os/trace.c:400:1: enter_function: entry to ‘krb5int_trace’
krb5-1.21.3/src/lib/krb5/os/trace.c:408:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/trace.c:411:11: call_function: calling ‘trace_format’ from ‘krb5int_trace’
#  216|               k5_buf_add_fmt(&buf, "%ld", va_arg(ap, long));
#  217|           } else if (strcmp(tmpbuf, "str") == 0) {
#  218|->             p = va_arg(ap, const char *);
#  219|               buf_add_printable(&buf, (p == NULL) ? "(null)" : p);
#  220|           } else if (strcmp(tmpbuf, "lenstr") == 0) {

Error: GCC_ANALYZER_WARNING (CWE-686): [#def1191]
krb5-1.21.3/src/lib/krb5/os/trace.c:221:13: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘size_t’ {{aka ‘long unsigned int’}} but received ‘char *’ for variadic argument 2 of ‘ap’
krb5-1.21.3/src/lib/krb5/os/trace.c:400:1: enter_function: entry to ‘krb5int_trace’
krb5-1.21.3/src/lib/krb5/os/trace.c:408:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/trace.c:411:11: call_function: calling ‘trace_format’ from ‘krb5int_trace’
#  219|               buf_add_printable(&buf, (p == NULL) ? "(null)" : p);
#  220|           } else if (strcmp(tmpbuf, "lenstr") == 0) {
#  221|->             len = va_arg(ap, size_t);
#  222|               p = va_arg(ap, const char *);
#  223|               if (p == NULL && len != 0)

Error: GCC_ANALYZER_WARNING (CWE-686): [#def1192]
krb5-1.21.3/src/lib/krb5/os/trace.c:221:13: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘size_t’ {{aka ‘long unsigned int’}} but received ‘unsigned int’ for variadic argument 1 of ‘ap’
krb5-1.21.3/src/lib/krb5/os/trace.c:400:1: enter_function: entry to ‘krb5int_trace’
krb5-1.21.3/src/lib/krb5/os/trace.c:408:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/trace.c:411:11: call_function: calling ‘trace_format’ from ‘krb5int_trace’
#  219|               buf_add_printable(&buf, (p == NULL) ? "(null)" : p);
#  220|           } else if (strcmp(tmpbuf, "lenstr") == 0) {
#  221|->             len = va_arg(ap, size_t);
#  222|               p = va_arg(ap, const char *);
#  223|               if (p == NULL && len != 0)

Error: GCC_ANALYZER_WARNING (CWE-686): [#def1193]
krb5-1.21.3/src/lib/krb5/os/trace.c:228:13: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘size_t’ {{aka ‘long unsigned int’}} but received ‘char *’ for variadic argument 2 of ‘ap’
krb5-1.21.3/src/lib/krb5/os/trace.c:400:1: enter_function: entry to ‘krb5int_trace’
krb5-1.21.3/src/lib/krb5/os/trace.c:408:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/trace.c:411:11: call_function: calling ‘trace_format’ from ‘krb5int_trace’
#  226|                   buf_add_printable_len(&buf, p, len);
#  227|           } else if (strcmp(tmpbuf, "hexlenstr") == 0) {
#  228|->             len = va_arg(ap, size_t);
#  229|               p = va_arg(ap, const char *);
#  230|               if (p == NULL && len != 0)

Error: GCC_ANALYZER_WARNING (CWE-686): [#def1194]
krb5-1.21.3/src/lib/krb5/os/trace.c:228:13: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘size_t’ {{aka ‘long unsigned int’}} but received ‘unsigned int’ for variadic argument 1 of ‘ap’
krb5-1.21.3/src/lib/krb5/os/trace.c:400:1: enter_function: entry to ‘krb5int_trace’
krb5-1.21.3/src/lib/krb5/os/trace.c:408:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/trace.c:411:11: call_function: calling ‘trace_format’ from ‘krb5int_trace’
#  226|                   buf_add_printable_len(&buf, p, len);
#  227|           } else if (strcmp(tmpbuf, "hexlenstr") == 0) {
#  228|->             len = va_arg(ap, size_t);
#  229|               p = va_arg(ap, const char *);
#  230|               if (p == NULL && len != 0)

Error: GCC_ANALYZER_WARNING (CWE-686): [#def1195]
krb5-1.21.3/src/lib/krb5/os/trace.c:237:13: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘size_t’ {{aka ‘long unsigned int’}} but received ‘char *’ for variadic argument 2 of ‘ap’
krb5-1.21.3/src/lib/krb5/os/trace.c:400:1: enter_function: entry to ‘krb5int_trace’
krb5-1.21.3/src/lib/krb5/os/trace.c:408:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/trace.c:411:11: call_function: calling ‘trace_format’ from ‘krb5int_trace’
#  235|               }
#  236|           } else if (strcmp(tmpbuf, "hashlenstr") == 0) {
#  237|->             len = va_arg(ap, size_t);
#  238|               p = va_arg(ap, const char *);
#  239|               if (p == NULL && len != 0)

Error: GCC_ANALYZER_WARNING (CWE-686): [#def1196]
krb5-1.21.3/src/lib/krb5/os/trace.c:237:13: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘size_t’ {{aka ‘long unsigned int’}} but received ‘unsigned int’ for variadic argument 1 of ‘ap’
krb5-1.21.3/src/lib/krb5/os/trace.c:400:1: enter_function: entry to ‘krb5int_trace’
krb5-1.21.3/src/lib/krb5/os/trace.c:408:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/trace.c:411:11: call_function: calling ‘trace_format’ from ‘krb5int_trace’
#  235|               }
#  236|           } else if (strcmp(tmpbuf, "hashlenstr") == 0) {
#  237|->             len = va_arg(ap, size_t);
#  238|               p = va_arg(ap, const char *);
#  239|               if (p == NULL && len != 0)

Error: GCC_ANALYZER_WARNING (CWE-686): [#def1197]
krb5-1.21.3/src/lib/krb5/os/trace.c:248:13: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘struct remote_address *’ but received ‘unsigned int’ for variadic argument 1 of ‘ap’
krb5-1.21.3/src/lib/krb5/os/trace.c:400:1: enter_function: entry to ‘krb5int_trace’
krb5-1.21.3/src/lib/krb5/os/trace.c:408:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/trace.c:411:11: call_function: calling ‘trace_format’ from ‘krb5int_trace’
#  246|               }
#  247|           } else if (strcmp(tmpbuf, "raddr") == 0) {
#  248|->             ra = va_arg(ap, struct remote_address *);
#  249|               if (ra->transport == UDP)
#  250|                   k5_buf_add(&buf, "dgram");

Error: GCC_ANALYZER_WARNING (CWE-686): [#def1198]
krb5-1.21.3/src/lib/krb5/os/trace.c:268:13: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘const krb5_data *’ {{aka ‘const struct _krb5_data *’}} but received ‘unsigned int’ for variadic argument 1 of ‘ap’
krb5-1.21.3/src/lib/krb5/os/trace.c:400:1: enter_function: entry to ‘krb5int_trace’
krb5-1.21.3/src/lib/krb5/os/trace.c:408:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/trace.c:411:11: call_function: calling ‘trace_format’ from ‘krb5int_trace’
#  266|                   k5_buf_add_fmt(&buf, " %s:%s", addrbuf, portbuf);
#  267|           } else if (strcmp(tmpbuf, "data") == 0) {
#  268|->             d = va_arg(ap, krb5_data *);
#  269|               if (d == NULL || (d->length != 0 && d->data == NULL))
#  270|                   k5_buf_add(&buf, "(null)");

Error: GCC_ANALYZER_WARNING (CWE-686): [#def1199]
krb5-1.21.3/src/lib/krb5/os/trace.c:274:13: warning[-Wanalyzer-va-arg-type-mismatch]: ‘va_arg’ expected ‘const krb5_data *’ {{aka ‘const struct _krb5_data *’}} but received ‘unsigned int’ for variadic argument 1 of ‘ap’
krb5-1.21.3/src/lib/krb5/os/trace.c:400:1: enter_function: entry to ‘krb5int_trace’
krb5-1.21.3/src/lib/krb5/os/trace.c:408:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/trace.c:411:11: call_function: calling ‘trace_format’ from ‘krb5int_trace’
#  272|                   buf_add_printable_len(&buf, d->data, d->length);
#  273|           } else if (strcmp(tmpbuf, "hexdata") == 0) {
#  274|->             d = va_arg(ap, krb5_data *);
#  275|               if (d == NULL)
#  276|                   k5_buf_add(&buf, "(null)");

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1200]
krb5-1.21.3/src/lib/krb5/os/trace.c:433:9: warning[-Wanalyzer-malloc-leak]: leak of ‘fd’
krb5-1.21.3/src/lib/krb5/os/trace.c:455:1: enter_function: entry to ‘krb5_set_trace_filename’
krb5-1.21.3/src/lib/krb5/os/trace.c:460:10: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/trace.c:461:8: branch_false: following ‘false’ branch (when ‘fd’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/trace.c:463:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/trace.c:464:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/os/trace.c:469:12: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/trace.c:469:12: call_function: calling ‘krb5_set_trace_callback’ from ‘krb5_set_trace_filename’
#  431|       /* Allow the old callback to destroy its data if necessary. */
#  432|       if (context->trace_callback != NULL)
#  433|->         context->trace_callback(context, NULL, context->trace_callback_data);
#  434|       context->trace_callback = fn;
#  435|       context->trace_callback_data = cb_data;

Error: COMPILER_WARNING (CWE-252): [#def1201]
krb5-1.21.3/src/lib/krb5/os/trace.c: scope_hint: In function ‘file_trace_cb’
krb5-1.21.3/src/lib/krb5/os/trace.c:451:12: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
#  451 |     (void) write(*fd, info->message, strlen(info->message));
#      |            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  449|       }
#  450|   
#  451|->     (void) write(*fd, info->message, strlen(info->message));
#  452|   }
#  453|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1202]
krb5-1.21.3/src/lib/krb5/os/trace.c:463:11: warning[-Wanalyzer-malloc-leak]: leak of ‘fd’
krb5-1.21.3/src/lib/krb5/os/trace.c:460:10: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/os/trace.c:461:8: branch_false: following ‘false’ branch (when ‘fd’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/os/trace.c:463:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/os/trace.c:463:11: danger: ‘fd’ leaks here; was allocated at [(1)](sarif:/runs/0/results/30/codeFlows/0/threadFlows/0/locations/0)
#  461|       if (fd == NULL)
#  462|           return ENOMEM;
#  463|->     *fd = THREEPARAMOPEN(filename, O_WRONLY|O_CREAT|O_APPEND, 0600);
#  464|       if (*fd == -1) {
#  465|           free(fd);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1203]
krb5-1.21.3/src/lib/krb5/rcache/memrcache.c:64:11: warning[-Wanalyzer-malloc-leak]: leak of ‘entry’
krb5-1.21.3/src/lib/krb5/rcache/memrcache.c:59:13: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/rcache/memrcache.c:60:8: branch_false: following ‘false’ branch (when ‘entry’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/rcache/memrcache.c:62:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/rcache/memrcache.c:64:11: danger: ‘entry’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   62|       entry->timestamp = now;
#   63|   
#   64|->     ret = krb5int_copy_data_contents(context, tag, &entry->tag);
#   65|       if (ret)
#   66|           goto error;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1204]
krb5-1.21.3/src/lib/krb5/rcache/memrcache.c:113:11: warning[-Wanalyzer-malloc-leak]: leak of ‘mrc’
krb5-1.21.3/src/lib/krb5/rcache/memrcache.c:107:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/rcache/memrcache.c:110:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/rcache/memrcache.c:110:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/rcache/memrcache.c:111:8: branch_false: following ‘false’ branch (when ‘mrc’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/rcache/memrcache.c:113:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/rcache/memrcache.c:113:11: danger: ‘mrc’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  111|       if (mrc == NULL)
#  112|           return ENOMEM;
#  113|->     ret = k5_hashtab_create(seed, 64, &mrc->hash_table);
#  114|       if (ret) {
#  115|           free(mrc);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1205]
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:102:11: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:72:1: enter_function: entry to ‘k5_rc_resolve’
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:83:8: branch_false: following ‘false’ branch (when ‘sep’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:85:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:87:24: branch_true: following ‘true’ branch (when ‘t’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:88:21: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:91:8: branch_false: following ‘false’ branch (when ‘t’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:94:10: call_function: inlined call to ‘k5alloc’ from ‘k5_rc_resolve’
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:97:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:97:16: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:98:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:102:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:102:11: danger: ‘<unknown>’ leaks here; was allocated at [(13)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/12)
#  100|           goto error;
#  101|       }
#  102|->     ret = t->ops->resolve(context, sep + 1, &rc->data);
#  103|       if (ret)
#  104|           goto error;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1206]
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:102:11: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:72:1: enter_function: entry to ‘k5_rc_resolve’
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:83:8: branch_false: following ‘false’ branch (when ‘sep’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:85:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:87:24: branch_true: following ‘true’ branch (when ‘t’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:88:21: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:91:8: branch_false: following ‘false’ branch (when ‘t’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:94:10: call_function: inlined call to ‘k5alloc’ from ‘k5_rc_resolve’
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:97:16: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:98:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:102:11: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/rcache/rc_base.c:102:11: danger: ‘ptr’ leaks here; was allocated at [(11)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/10)
#  100|           goto error;
#  101|       }
#  102|->     ret = t->ops->resolve(context, sep + 1, &rc->data);
#  103|       if (ret)
#  104|           goto error;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1207]
krb5-1.21.3/src/lib/krb5/unicode/ucdata.c:949:17: warning[-Wanalyzer-malloc-leak]: leak of ‘*out’
krb5-1.21.3/src/lib/krb5/unicode/ucdata.c:1008:1: enter_function: entry to ‘uccompatdecomp’
krb5-1.21.3/src/lib/krb5/unicode/ucdata.c:1011:12: call_function: calling ‘uccanoncompatdecomp’ from ‘uccompatdecomp’
#  947|               if ( size - i < num) {
#  948|                   size = inlen + i - j + num - 1;
#  949|->                 *out = (krb5_ui_4 *) realloc(*out, size * sizeof(**out));
#  950|                   if (*out == NULL)
#  951|                       return *outlen = -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1208]
krb5-1.21.3/src/lib/krb5/unicode/ucdata.c:969:17: warning[-Wanalyzer-malloc-leak]: leak of ‘*out’
krb5-1.21.3/src/lib/krb5/unicode/ucdata.c:1008:1: enter_function: entry to ‘uccompatdecomp’
krb5-1.21.3/src/lib/krb5/unicode/ucdata.c:1011:12: call_function: calling ‘uccanoncompatdecomp’ from ‘uccompatdecomp’
#  967|               if (size - i < num) {
#  968|                   size = inlen + i - j + num - 1;
#  969|->                 *out = (krb5_ui_4 *) realloc(*out, size * sizeof(**out));
#  970|                   if (*out == NULL)
#  971|                       return *outlen = -1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1209]
krb5-1.21.3/src/lib/krb5/unicode/ucdata.c:980:17: warning[-Wanalyzer-malloc-leak]: leak of ‘*out’
krb5-1.21.3/src/lib/krb5/unicode/ucdata.c:1008:1: enter_function: entry to ‘uccompatdecomp’
krb5-1.21.3/src/lib/krb5/unicode/ucdata.c:1011:12: call_function: calling ‘uccanoncompatdecomp’ from ‘uccompatdecomp’
#  978|               if (size - i < 1) {
#  979|                   size = inlen + i - j;
#  980|->                 *out = (krb5_ui_4 *) realloc(*out, size * sizeof(**out));
#  981|                   if (*out == NULL)
#  982|                       return *outlen = -1;

Error: GCC_ANALYZER_WARNING (CWE-122): [#def1210]
krb5-1.21.3/src/lib/krb5/unicode/ucdata.c:980:38: warning[-Wanalyzer-out-of-bounds]: heap-based buffer overflow
krb5-1.21.3/src/lib/krb5/unicode/ucdata.c:1001:1: enter_function: entry to ‘uccanondecomp’
krb5-1.21.3/src/lib/krb5/unicode/ucdata.c:1004:12: call_function: calling ‘uccanoncompatdecomp’ from ‘uccanondecomp’
#  978|               if (size - i < 1) {
#  979|                   size = inlen + i - j;
#  980|->                 *out = (krb5_ui_4 *) realloc(*out, size * sizeof(**out));
#  981|                   if (*out == NULL)
#  982|                       return *outlen = -1;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1211]
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:33:20: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*u2’
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:94:1: enter_function: entry to ‘krb5int_utf8_normcmp’
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:107:8: branch_false: following ‘false’ branch (when ‘data1’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:110:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:110:15: branch_false: following ‘false’ branch (when ‘data2’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:113:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:117:8: branch_false: following ‘false’ branch (when ‘len != 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:120:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:171:8: branch_false: following ‘false’ branch (when ‘ucs’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:180:27: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:188:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:188:8: branch_false: following ‘false’ branch (when ‘norm1 == 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:197:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:202:27: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:211:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:211:8: branch_true: following ‘true’ branch (when ‘norm2 != 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:212:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:220:11: branch_false: following ‘false’ branch (when ‘casefold == 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:222:47: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:222:11: call_function: calling ‘krb5int_ucstrncmp’ from ‘krb5int_utf8_normcmp’
#   31|   {
#   32|       for (; 0 < n; ++u1, ++u2, --n) {
#   33|-> 	if (*u1 != *u2) {
#   34|   	    return *u1 < *u2 ? -1 : +1;
#   35|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1212]
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:50:28: warning[-Wanalyzer-malloc-leak]: leak of ‘ucsout2’
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:94:1: enter_function: entry to ‘krb5int_utf8_normcmp’
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:107:8: branch_false: following ‘false’ branch (when ‘data1’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:110:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:110:15: branch_false: following ‘false’ branch (when ‘data2’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:113:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:117:8: branch_false: following ‘false’ branch (when ‘len != 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:120:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:170:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:171:8: branch_false: following ‘false’ branch (when ‘ucs’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:180:27: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:188:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:188:8: branch_false: following ‘false’ branch (when ‘norm1 == 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:197:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:202:27: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:211:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:211:8: branch_true: following ‘true’ branch (when ‘norm2 != 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:212:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:220:11: branch_true: following ‘true’ branch (when ‘casefold != 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:221:51: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:221:11: call_function: calling ‘krb5int_ucstrncasecmp’ from ‘krb5int_utf8_normcmp’
#   48|   {
#   49|       for (; 0 < n; ++u1, ++u2, --n) {
#   50|-> 	krb5_unicode uu1 = uctolower(*u1);
#   51|   	krb5_unicode uu2 = uctolower(*u2);
#   52|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1213]
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:51:28: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*u2’
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:94:1: enter_function: entry to ‘krb5int_utf8_normcmp’
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:107:8: branch_false: following ‘false’ branch (when ‘data1’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:110:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:110:15: branch_false: following ‘false’ branch (when ‘data2’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:113:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:117:8: branch_false: following ‘false’ branch (when ‘len != 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:120:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:171:8: branch_false: following ‘false’ branch (when ‘ucs’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:180:27: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:188:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:188:8: branch_false: following ‘false’ branch (when ‘norm1 == 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:197:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:202:27: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:211:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:211:8: branch_true: following ‘true’ branch (when ‘norm2 != 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:212:9: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:220:11: branch_true: following ‘true’ branch (when ‘casefold != 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:221:51: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:221:11: call_function: calling ‘krb5int_ucstrncasecmp’ from ‘krb5int_utf8_normcmp’
#   49|       for (; 0 < n; ++u1, ++u2, --n) {
#   50|   	krb5_unicode uu1 = uctolower(*u1);
#   51|-> 	krb5_unicode uu2 = uctolower(*u2);
#   52|   
#   53|   	if (uu1 != uu2) {

Error: GCC_ANALYZER_WARNING (CWE-465): [#def1214]
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:77:12: warning[-Wanalyzer-deref-before-check]: check of ‘*data.data’ for NULL after already dereferencing it
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:65:1: enter_function: entry to ‘k5_utf8_validate’
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:72:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:76:17: call_function: calling ‘k5_input_get_bytes’ from ‘k5_utf8_validate’
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:76:17: return_function: returning to ‘k5_utf8_validate’ from ‘k5_input_get_bytes’
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:77:12: danger: pointer ‘*data.data’ is checked for NULL here but it was already dereferenced at [(4)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/3)
#   75|   	    return FALSE;
#   76|   	bytes = k5_input_get_bytes(&in, len);
#   77|-> 	if (bytes == NULL)
#   78|   	    return FALSE;
#   79|   	if (KRB5_UTF8_CHARLEN2(bytes, tmplen) != len)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1215]
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:181:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ucs’
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:107:8: branch_false: following ‘false’ branch (when ‘data1’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:110:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:110:15: branch_false: following ‘false’ branch (when ‘data2’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:113:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:117:8: branch_false: following ‘false’ branch (when ‘len != 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:120:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:153:8: branch_false: following ‘false’ branch (when ‘i <= 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:170:20: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:170:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:171:8: branch_false: following ‘false’ branch (when ‘ucs’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:180:27: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:181:46: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:181:13: danger: ‘ucs’ leaks here; was allocated at [(9)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/8)
#  179|       /* convert and normalize 1st string */
#  180|       for (i = 0, ulen = 0; i < l1; i += len, ulen++) {
#  181|-> 	if (krb5int_utf8_to_ucs4(s1 + i, &ucs[ulen]) == -1) {
#  182|   	    free(ucs);
#  183|   	    return -1;		/* what to do??? */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1216]
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:197:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ucs’
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:107:8: branch_false: following ‘false’ branch (when ‘data1’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:110:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:110:15: branch_false: following ‘false’ branch (when ‘data2’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:113:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:117:8: branch_false: following ‘false’ branch (when ‘len != 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:120:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:153:8: branch_false: following ‘false’ branch (when ‘i <= 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:170:20: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:170:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:171:8: branch_false: following ‘false’ branch (when ‘ucs’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:180:27: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:188:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:188:8: branch_false: following ‘false’ branch (when ‘norm1 == 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:197:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:197:9: danger: ‘ucs’ leaks here; was allocated at [(9)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/8)
#  195|   	}
#  196|       } else {
#  197|-> 	uccompatdecomp(ucs, ulen, &ucsout1, &l1);
#  198|   	l1 = uccanoncomp(ucsout1, l1);
#  199|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1217]
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:198:14: warning[-Wanalyzer-malloc-leak]: leak of ‘ucs’
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:107:8: branch_false: following ‘false’ branch (when ‘data1’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:110:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:110:15: branch_false: following ‘false’ branch (when ‘data2’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:113:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:117:8: branch_false: following ‘false’ branch (when ‘len != 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:120:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:153:8: branch_false: following ‘false’ branch (when ‘i <= 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:170:20: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:170:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:171:8: branch_false: following ‘false’ branch (when ‘ucs’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:180:27: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:188:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:188:8: branch_false: following ‘false’ branch (when ‘norm1 == 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:197:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:198:14: danger: ‘ucs’ leaks here; was allocated at [(9)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/8)
#  196|       } else {
#  197|   	uccompatdecomp(ucs, ulen, &ucsout1, &l1);
#  198|-> 	l1 = uccanoncomp(ucsout1, l1);
#  199|       }
#  200|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1218]
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:203:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ucs’
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:107:8: branch_false: following ‘false’ branch (when ‘data1’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:110:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:110:15: branch_false: following ‘false’ branch (when ‘data2’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:113:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:117:8: branch_false: following ‘false’ branch (when ‘len != 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:120:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:153:8: branch_false: following ‘false’ branch (when ‘i <= 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:170:20: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:170:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:171:8: branch_false: following ‘false’ branch (when ‘ucs’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:180:27: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:188:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:188:8: branch_false: following ‘false’ branch (when ‘norm1 == 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:197:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:202:27: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:203:46: branch_true: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:203:13: danger: ‘ucs’ leaks here; was allocated at [(9)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/8)
#  201|       /* convert and normalize 2nd string */
#  202|       for (i = 0, ulen = 0; i < l2; i += len, ulen++) {
#  203|-> 	if (krb5int_utf8_to_ucs4(s2 + i, &ucs[ulen]) == -1) {
#  204|   	    free(ucsout1);
#  205|   	    free(ucs);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1219]
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:215:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ucs’
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:107:8: branch_false: following ‘false’ branch (when ‘data1’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:110:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:110:15: branch_false: following ‘false’ branch (when ‘data2’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:113:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:117:8: branch_false: following ‘false’ branch (when ‘len != 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:120:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:153:8: branch_false: following ‘false’ branch (when ‘i <= 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:170:20: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:170:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:171:8: branch_false: following ‘false’ branch (when ‘ucs’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:180:27: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:188:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:188:8: branch_false: following ‘false’ branch (when ‘norm1 == 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:197:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:202:27: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:211:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:211:8: branch_false: following ‘false’ branch (when ‘norm2 == 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:215:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:215:9: danger: ‘ucs’ leaks here; was allocated at [(9)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/8)
#  213|   	l2 = ulen;
#  214|       } else {
#  215|-> 	uccompatdecomp(ucs, ulen, &ucsout2, &l2);
#  216|   	l2 = uccanoncomp(ucsout2, l2);
#  217|   	free(ucs);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1220]
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:216:14: warning[-Wanalyzer-malloc-leak]: leak of ‘ucs’
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:107:8: branch_false: following ‘false’ branch (when ‘data1’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:110:15: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:110:15: branch_false: following ‘false’ branch (when ‘data2’ is non-NULL)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:113:10: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:117:8: branch_false: following ‘false’ branch (when ‘len != 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:120:5: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:170:11: acquire_memory: allocated here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:171:8: branch_false: following ‘false’ branch (when ‘ucs’ is non-NULL)...
 branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:180:27: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:188:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:188:8: branch_false: following ‘false’ branch (when ‘norm1 == 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:197:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:202:27: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:211:8: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:211:8: branch_false: following ‘false’ branch (when ‘norm2 == 0’)...
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:215:9: branch_false: ...to here
krb5-1.21.3/src/lib/krb5/unicode/ucstr.c:216:14: danger: ‘ucs’ leaks here; was allocated at [(7)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/6)
#  214|       } else {
#  215|   	uccompatdecomp(ucs, ulen, &ucsout2, &l2);
#  216|-> 	l2 = uccanoncomp(ucsout2, l2);
#  217|   	free(ucs);
#  218|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1221]
krb5-1.21.3/src/lib/rpc/auth_gss.c:183:21: warning[-Wanalyzer-malloc-leak]: leak of ‘auth’
krb5-1.21.3/src/lib/rpc/auth_gss.c:171:21: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_gss.c:171:12: branch_false: following ‘false’ branch (when ‘auth’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_gss.c:176:19: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_gss.c:176:12: branch_false: following ‘false’ branch (when ‘gd’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_gss.c:182:12: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_gss.c:182:12: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_gss.c:183:21: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/auth_gss.c:183:21: danger: ‘auth’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  181|   	}
#  182|   	if (name != GSS_C_NO_NAME) {
#  183|-> 		if (gss_duplicate_name(&min_stat, name, &gd->name)
#  184|   						!= GSS_S_COMPLETE) {
#  185|   			rpc_createerr.cf_stat = RPC_SYSTEMERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1222]
krb5-1.21.3/src/lib/rpc/auth_gss.c:183:21: warning[-Wanalyzer-malloc-leak]: leak of ‘gd’
krb5-1.21.3/src/lib/rpc/auth_gss.c:171:12: branch_false: following ‘false’ branch (when ‘auth’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_gss.c:176:19: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_gss.c:176:19: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_gss.c:176:12: branch_false: following ‘false’ branch (when ‘gd’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_gss.c:182:12: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_gss.c:182:12: branch_true: following ‘true’ branch (when ‘name’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_gss.c:183:21: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/auth_gss.c:183:21: danger: ‘gd’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  181|   	}
#  182|   	if (name != GSS_C_NO_NAME) {
#  183|-> 		if (gss_duplicate_name(&min_stat, name, &gd->name)
#  184|   						!= GSS_S_COMPLETE) {
#  185|   			rpc_createerr.cf_stat = RPC_SYSTEMERROR;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1223]
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:500:6: warning[-Wanalyzer-malloc-leak]: leak of ‘auth’
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:127:7: enter_function: entry to ‘gssrpc_auth_gssapi_create’
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:167:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:169:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:179:6: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:186:6: call_function: calling ‘marshall_new_creds’ from ‘gssrpc_auth_gssapi_create’
#  498|        XDR xdrs;
#  499|   
#  500|->      PRINTF(("marshall_new_creds: starting\n"));
#  501|   
#  502|        creds.version = 2;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1224]
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:500:6: warning[-Wanalyzer-malloc-leak]: leak of ‘pdata’
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:127:7: enter_function: entry to ‘gssrpc_auth_gssapi_create’
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:168:42: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:169:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:179:6: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:186:6: call_function: calling ‘marshall_new_creds’ from ‘gssrpc_auth_gssapi_create’
#  498|        XDR xdrs;
#  499|   
#  500|->      PRINTF(("marshall_new_creds: starting\n"));
#  501|   
#  502|        creds.version = 2;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1225]
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:512:6: warning[-Wanalyzer-malloc-leak]: leak of ‘auth’
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:127:7: enter_function: entry to ‘gssrpc_auth_gssapi_create’
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:167:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:169:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:179:6: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:186:6: call_function: calling ‘marshall_new_creds’ from ‘gssrpc_auth_gssapi_create’
#  510|        }
#  511|   
#  512|->      xdrmem_create(&xdrs, (caddr_t) AUTH_PRIVATE(auth)->cred_buf,
#  513|   		   MAX_AUTH_BYTES, XDR_ENCODE);
#  514|        if (! xdr_authgssapi_creds(&xdrs, &creds)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1226]
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:512:6: warning[-Wanalyzer-malloc-leak]: leak of ‘pdata’
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:127:7: enter_function: entry to ‘gssrpc_auth_gssapi_create’
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:168:42: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:169:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:179:6: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:186:6: call_function: calling ‘marshall_new_creds’ from ‘gssrpc_auth_gssapi_create’
#  510|        }
#  511|   
#  512|->      xdrmem_create(&xdrs, (caddr_t) AUTH_PRIVATE(auth)->cred_buf,
#  513|   		   MAX_AUTH_BYTES, XDR_ENCODE);
#  514|        if (! xdr_authgssapi_creds(&xdrs, &creds)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1227]
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:514:12: warning[-Wanalyzer-malloc-leak]: leak of ‘auth’
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:127:7: enter_function: entry to ‘gssrpc_auth_gssapi_create’
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:167:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:169:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:179:6: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:186:6: call_function: calling ‘marshall_new_creds’ from ‘gssrpc_auth_gssapi_create’
#  512|        xdrmem_create(&xdrs, (caddr_t) AUTH_PRIVATE(auth)->cred_buf,
#  513|   		   MAX_AUTH_BYTES, XDR_ENCODE);
#  514|->      if (! xdr_authgssapi_creds(&xdrs, &creds)) {
#  515|   	  PRINTF(("marshall_new_creds: failed encoding auth_gssapi_creds\n"));
#  516|   	  XDR_DESTROY(&xdrs);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1228]
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:515:11: warning[-Wanalyzer-malloc-leak]: leak of ‘auth’
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:127:7: enter_function: entry to ‘gssrpc_auth_gssapi_create’
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:167:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:169:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:179:6: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:186:6: call_function: calling ‘marshall_new_creds’ from ‘gssrpc_auth_gssapi_create’
#  513|   		   MAX_AUTH_BYTES, XDR_ENCODE);
#  514|        if (! xdr_authgssapi_creds(&xdrs, &creds)) {
#  515|-> 	  PRINTF(("marshall_new_creds: failed encoding auth_gssapi_creds\n"));
#  516|   	  XDR_DESTROY(&xdrs);
#  517|   	  return FALSE;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1229]
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:516:11: warning[-Wanalyzer-malloc-leak]: leak of ‘auth’
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:127:7: enter_function: entry to ‘gssrpc_auth_gssapi_create’
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:167:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:169:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:179:6: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:186:6: call_function: calling ‘marshall_new_creds’ from ‘gssrpc_auth_gssapi_create’
#  514|        if (! xdr_authgssapi_creds(&xdrs, &creds)) {
#  515|   	  PRINTF(("marshall_new_creds: failed encoding auth_gssapi_creds\n"));
#  516|-> 	  XDR_DESTROY(&xdrs);
#  517|   	  return FALSE;
#  518|        }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1230]
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:519:37: warning[-Wanalyzer-malloc-leak]: leak of ‘auth’
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:127:7: enter_function: entry to ‘gssrpc_auth_gssapi_create’
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:167:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:169:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:179:6: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:186:6: call_function: calling ‘marshall_new_creds’ from ‘gssrpc_auth_gssapi_create’
#  517|   	  return FALSE;
#  518|        }
#  519|->      AUTH_PRIVATE(auth)->cred_len = xdr_getpos(&xdrs);
#  520|        XDR_DESTROY(&xdrs);
#  521|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1231]
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:520:6: warning[-Wanalyzer-malloc-leak]: leak of ‘auth’
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:127:7: enter_function: entry to ‘gssrpc_auth_gssapi_create’
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:167:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:169:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:179:6: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_gssapi.c:186:6: call_function: calling ‘marshall_new_creds’ from ‘gssrpc_auth_gssapi_create’
#  518|        }
#  519|        AUTH_PRIVATE(auth)->cred_len = xdr_getpos(&xdrs);
#  520|->      XDR_DESTROY(&xdrs);
#  521|   
#  522|        PRINTF(("marshall_new_creds: auth_gssapi_creds is %d bytes\n",

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1232]
krb5-1.21.3/src/lib/rpc/auth_unix.c:119:24: warning[-Wanalyzer-malloc-leak]: leak of ‘auth’
krb5-1.21.3/src/lib/rpc/auth_unix.c:115:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_unix.c:117:12: branch_false: following ‘false’ branch (when ‘auth’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:122:31: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:124:12: branch_true: following ‘true’ branch (when ‘au’ is NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:125:23: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:119:24: danger: ‘auth’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  117|   	if (auth == NULL) {
#  118|   		(void)fprintf(stderr, "authunix_create: out of memory\n");
#  119|-> 		return (NULL);
#  120|   	}
#  121|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1233]
krb5-1.21.3/src/lib/rpc/auth_unix.c:119:24: warning[-Wanalyzer-malloc-leak]: leak of ‘au’
krb5-1.21.3/src/lib/rpc/auth_unix.c:117:12: branch_false: following ‘false’ branch (when ‘auth’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:122:31: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:122:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_unix.c:124:12: branch_false: following ‘false’ branch (when ‘au’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:129:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:149:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/auth_unix.c:151:43: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:156:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/auth_unix.c:157:23: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:119:24: danger: ‘au’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  117|   	if (auth == NULL) {
#  118|   		(void)fprintf(stderr, "authunix_create: out of memory\n");
#  119|-> 		return (NULL);
#  120|   	}
#  121|   #endif

Error: CPPCHECK_WARNING (CWE-401): [#def1234]
krb5-1.21.3/src/lib/rpc/auth_unix.c:126: error[memleak]: Memory leak: auth
#  124|   	if (au == NULL) {
#  125|   		(void)fprintf(stderr, "authunix_create: out of memory\n");
#  126|-> 		return (NULL);
#  127|   	}
#  128|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1235]
krb5-1.21.3/src/lib/rpc/auth_unix.c:148:9: warning[-Wanalyzer-malloc-leak]: leak of ‘auth’
krb5-1.21.3/src/lib/rpc/auth_unix.c:115:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_unix.c:117:12: branch_false: following ‘false’ branch (when ‘auth’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:122:31: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:124:12: branch_false: following ‘false’ branch (when ‘au’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:129:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:148:9: danger: ‘auth’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  146|   	 * Serialize the parameters into origcred
#  147|   	 */
#  148|-> 	xdrmem_create(&xdrs, mymem, MAX_AUTH_BYTES, XDR_ENCODE);
#  149|   	if (! xdr_authunix_parms(&xdrs, &aup))
#  150|   		abort();

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1236]
krb5-1.21.3/src/lib/rpc/auth_unix.c:148:9: warning[-Wanalyzer-malloc-leak]: leak of ‘au’
krb5-1.21.3/src/lib/rpc/auth_unix.c:117:12: branch_false: following ‘false’ branch (when ‘auth’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:122:31: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:122:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_unix.c:124:12: branch_false: following ‘false’ branch (when ‘au’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:129:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:148:9: danger: ‘au’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  146|   	 * Serialize the parameters into origcred
#  147|   	 */
#  148|-> 	xdrmem_create(&xdrs, mymem, MAX_AUTH_BYTES, XDR_ENCODE);
#  149|   	if (! xdr_authunix_parms(&xdrs, &aup))
#  150|   		abort();

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1237]
krb5-1.21.3/src/lib/rpc/auth_unix.c:149:15: warning[-Wanalyzer-malloc-leak]: leak of ‘auth’
krb5-1.21.3/src/lib/rpc/auth_unix.c:115:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_unix.c:117:12: branch_false: following ‘false’ branch (when ‘auth’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:122:31: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:124:12: branch_false: following ‘false’ branch (when ‘au’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:129:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:149:15: danger: ‘auth’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  147|   	 */
#  148|   	xdrmem_create(&xdrs, mymem, MAX_AUTH_BYTES, XDR_ENCODE);
#  149|-> 	if (! xdr_authunix_parms(&xdrs, &aup))
#  150|   		abort();
#  151|   	au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1238]
krb5-1.21.3/src/lib/rpc/auth_unix.c:149:15: warning[-Wanalyzer-malloc-leak]: leak of ‘au’
krb5-1.21.3/src/lib/rpc/auth_unix.c:117:12: branch_false: following ‘false’ branch (when ‘auth’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:122:31: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:122:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_unix.c:124:12: branch_false: following ‘false’ branch (when ‘au’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:129:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:149:15: danger: ‘au’ leaks here; was allocated at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#  147|   	 */
#  148|   	xdrmem_create(&xdrs, mymem, MAX_AUTH_BYTES, XDR_ENCODE);
#  149|-> 	if (! xdr_authunix_parms(&xdrs, &aup))
#  150|   		abort();
#  151|   	au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1239]
krb5-1.21.3/src/lib/rpc/auth_unix.c:151:43: warning[-Wanalyzer-malloc-leak]: leak of ‘auth’
krb5-1.21.3/src/lib/rpc/auth_unix.c:115:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_unix.c:117:12: branch_false: following ‘false’ branch (when ‘auth’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:122:31: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:124:12: branch_false: following ‘false’ branch (when ‘au’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:129:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:149:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/auth_unix.c:151:43: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:151:43: danger: ‘auth’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  149|   	if (! xdr_authunix_parms(&xdrs, &aup))
#  150|   		abort();
#  151|-> 	au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs);
#  152|   	au->au_origcred.oa_flavor = AUTH_UNIX;
#  153|   #ifdef KERNEL

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1240]
krb5-1.21.3/src/lib/rpc/auth_unix.c:151:43: warning[-Wanalyzer-malloc-leak]: leak of ‘au’
krb5-1.21.3/src/lib/rpc/auth_unix.c:117:12: branch_false: following ‘false’ branch (when ‘auth’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:122:31: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:122:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_unix.c:124:12: branch_false: following ‘false’ branch (when ‘au’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:129:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:149:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/auth_unix.c:151:43: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:151:43: danger: ‘au’ leaks here; was allocated at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2)
#  149|   	if (! xdr_authunix_parms(&xdrs, &aup))
#  150|   		abort();
#  151|-> 	au->au_origcred.oa_length = len = XDR_GETPOS(&xdrs);
#  152|   	au->au_origcred.oa_flavor = AUTH_UNIX;
#  153|   #ifdef KERNEL

Error: CPPCHECK_WARNING (CWE-401): [#def1241]
krb5-1.21.3/src/lib/rpc/auth_unix.c:158: error[memleak]: Memory leak: auth
#  156|   	if ((au->au_origcred.oa_base = mem_alloc((u_int) len)) == NULL) {
#  157|   		(void)fprintf(stderr, "authunix_create: out of memory\n");
#  158|-> 		return (NULL);
#  159|   	}
#  160|   #endif

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1242]
krb5-1.21.3/src/lib/rpc/auth_unix.c:315:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/rpc/auth_unix.c:98:1: enter_function: entry to ‘gssrpc_authunix_create’
krb5-1.21.3/src/lib/rpc/auth_unix.c:117:12: branch_false: following ‘false’ branch (when ‘auth’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:122:31: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:124:12: branch_false: following ‘false’ branch (when ‘au’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:129:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:149:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/auth_unix.c:151:43: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:156:40: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_unix.c:156:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/auth_unix.c:161:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:167:9: call_function: calling ‘marshal_new_auth’ from ‘gssrpc_authunix_create’
#  313|   	struct audata *au = AUTH_PRIVATE(auth);
#  314|   
#  315|-> 	xdrmem_create(xdrs, au->au_marshed, MAX_AUTH_BYTES, XDR_ENCODE);
#  316|   	if ((! xdr_opaque_auth(xdrs, &(auth->ah_cred))) ||
#  317|   	    (! xdr_opaque_auth(xdrs, &(auth->ah_verf)))) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1243]
krb5-1.21.3/src/lib/rpc/auth_unix.c:315:9: warning[-Wanalyzer-malloc-leak]: leak of ‘auth’
krb5-1.21.3/src/lib/rpc/auth_unix.c:98:1: enter_function: entry to ‘gssrpc_authunix_create’
krb5-1.21.3/src/lib/rpc/auth_unix.c:115:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_unix.c:117:12: branch_false: following ‘false’ branch (when ‘auth’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:122:31: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:124:12: branch_false: following ‘false’ branch (when ‘au’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:129:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:149:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/auth_unix.c:151:43: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:156:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/auth_unix.c:161:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:167:9: call_function: calling ‘marshal_new_auth’ from ‘gssrpc_authunix_create’
#  313|   	struct audata *au = AUTH_PRIVATE(auth);
#  314|   
#  315|-> 	xdrmem_create(xdrs, au->au_marshed, MAX_AUTH_BYTES, XDR_ENCODE);
#  316|   	if ((! xdr_opaque_auth(xdrs, &(auth->ah_cred))) ||
#  317|   	    (! xdr_opaque_auth(xdrs, &(auth->ah_verf)))) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1244]
krb5-1.21.3/src/lib/rpc/auth_unix.c:315:9: warning[-Wanalyzer-malloc-leak]: leak of ‘au’
krb5-1.21.3/src/lib/rpc/auth_unix.c:98:1: enter_function: entry to ‘gssrpc_authunix_create’
krb5-1.21.3/src/lib/rpc/auth_unix.c:117:12: branch_false: following ‘false’ branch (when ‘auth’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:122:31: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:122:31: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_unix.c:124:12: branch_false: following ‘false’ branch (when ‘au’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:129:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:149:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/auth_unix.c:151:43: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:156:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/auth_unix.c:161:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:167:9: call_function: calling ‘marshal_new_auth’ from ‘gssrpc_authunix_create’
#  313|   	struct audata *au = AUTH_PRIVATE(auth);
#  314|   
#  315|-> 	xdrmem_create(xdrs, au->au_marshed, MAX_AUTH_BYTES, XDR_ENCODE);
#  316|   	if ((! xdr_opaque_auth(xdrs, &(auth->ah_cred))) ||
#  317|   	    (! xdr_opaque_auth(xdrs, &(auth->ah_verf)))) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1245]
krb5-1.21.3/src/lib/rpc/auth_unix.c:316:16: warning[-Wanalyzer-malloc-leak]: leak of ‘auth’
krb5-1.21.3/src/lib/rpc/auth_unix.c:98:1: enter_function: entry to ‘gssrpc_authunix_create’
krb5-1.21.3/src/lib/rpc/auth_unix.c:115:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/auth_unix.c:117:12: branch_false: following ‘false’ branch (when ‘auth’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:122:31: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:124:12: branch_false: following ‘false’ branch (when ‘au’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/auth_unix.c:129:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:149:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/auth_unix.c:151:43: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:156:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/auth_unix.c:161:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/auth_unix.c:167:9: call_function: calling ‘marshal_new_auth’ from ‘gssrpc_authunix_create’
#  314|   
#  315|   	xdrmem_create(xdrs, au->au_marshed, MAX_AUTH_BYTES, XDR_ENCODE);
#  316|-> 	if ((! xdr_opaque_auth(xdrs, &(auth->ah_cred))) ||
#  317|   	    (! xdr_opaque_auth(xdrs, &(auth->ah_verf)))) {
#  318|   		perror("auth_none.c - Fatal marshalling problem");

Error: GCC_ANALYZER_WARNING (CWE-688): [#def1246]
krb5-1.21.3/src/lib/rpc/clnt_perror.c:180:16: warning[-Wanalyzer-null-argument]: use of NULL ‘buf’ where non-null expected
krb5-1.21.3/src/lib/rpc/clnt_perror.c:178:1: enter_function: entry to ‘gssrpc_clnt_perror’
krb5-1.21.3/src/lib/rpc/clnt_perror.c:180:16: call_function: calling ‘gssrpc_clnt_sperror’ from ‘gssrpc_clnt_perror’
krb5-1.21.3/src/lib/rpc/clnt_perror.c:180:16: return_function: returning to ‘gssrpc_clnt_perror’ from ‘gssrpc_clnt_sperror’
krb5-1.21.3/src/lib/rpc/clnt_perror.c:180:16: danger: argument 1 (‘gssrpc_clnt_sperror(rpch,  s)’) NULL where non-null expected
#argument 1 of ‘__builtin_fputs’ must be non-null
#  178|   clnt_perror(CLIENT *rpch, char *s)
#  179|   {
#  180|-> 	(void) fprintf(stderr,"%s",clnt_sperror(rpch,s));
#  181|   }
#  182|   

Error: GCC_ANALYZER_WARNING (CWE-688): [#def1247]
krb5-1.21.3/src/lib/rpc/clnt_perror.c:311:16: warning[-Wanalyzer-null-argument]: use of NULL ‘buf’ where non-null expected
krb5-1.21.3/src/lib/rpc/clnt_perror.c:309:1: enter_function: entry to ‘gssrpc_clnt_pcreateerror’
krb5-1.21.3/src/lib/rpc/clnt_perror.c:311:16: call_function: calling ‘gssrpc_clnt_spcreateerror’ from ‘gssrpc_clnt_pcreateerror’
krb5-1.21.3/src/lib/rpc/clnt_perror.c:311:16: return_function: returning to ‘gssrpc_clnt_pcreateerror’ from ‘gssrpc_clnt_spcreateerror’
krb5-1.21.3/src/lib/rpc/clnt_perror.c:311:16: danger: argument 1 (‘gssrpc_clnt_spcreateerror(s)’) NULL where non-null expected
#argument 1 of ‘__builtin_fputs’ must be non-null
#  309|   clnt_pcreateerror(char *s)
#  310|   {
#  311|-> 	(void) fprintf(stderr,"%s",clnt_spcreateerror(s));
#  312|   }
#  313|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1248]
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:157:29: warning[-Wanalyzer-malloc-leak]: leak of ‘ct’
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:138:12: branch_false: following ‘false’ branch (when ‘h’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:144:32: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:144:32: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:145:12: branch_false: following ‘false’ branch (when ‘ct’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:155:12: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:155:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:157:29: danger: ‘ct’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  155|   	if (raddr != NULL && raddr->sin_port == 0) {
#  156|   		u_short port;
#  157|-> 		if ((port = pmap_getport(raddr, prog, vers, IPPROTO_TCP)) == 0) {
#  158|   			mem_free((caddr_t)ct, sizeof(struct ct_data));
#  159|   			mem_free((caddr_t)h, sizeof(CLIENT));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1249]
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:157:29: warning[-Wanalyzer-malloc-leak]: leak of ‘h’
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:137:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:138:12: branch_false: following ‘false’ branch (when ‘h’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:144:32: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:145:12: branch_false: following ‘false’ branch (when ‘ct’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:155:12: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:155:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:157:29: danger: ‘h’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  155|   	if (raddr != NULL && raddr->sin_port == 0) {
#  156|   		u_short port;
#  157|-> 		if ((port = pmap_getport(raddr, prog, vers, IPPROTO_TCP)) == 0) {
#  158|   			mem_free((caddr_t)ct, sizeof(struct ct_data));
#  159|   			mem_free((caddr_t)h, sizeof(CLIENT));

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1250]
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:170:23: warning[-Wanalyzer-malloc-leak]: leak of ‘ct’
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:138:12: branch_false: following ‘false’ branch (when ‘h’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:144:32: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:144:32: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:145:12: branch_false: following ‘false’ branch (when ‘ct’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:155:12: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:168:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:169:26: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:170:23: danger: ‘ct’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  168|   	if (*sockp < 0) {
#  169|   		*sockp = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
#  170|-> 		(void)bindresvport_sa(*sockp, NULL);
#  171|   		if (*sockp < 0 || raddr == NULL ||
#  172|   		    connect(*sockp, (struct sockaddr *)raddr,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1251]
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:170:23: warning[-Wanalyzer-malloc-leak]: leak of ‘h’
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:137:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:138:12: branch_false: following ‘false’ branch (when ‘h’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:144:32: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:145:12: branch_false: following ‘false’ branch (when ‘ct’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:155:12: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:168:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:169:26: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:170:23: danger: ‘h’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  168|   	if (*sockp < 0) {
#  169|   		*sockp = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
#  170|-> 		(void)bindresvport_sa(*sockp, NULL);
#  171|   		if (*sockp < 0 || raddr == NULL ||
#  172|   		    connect(*sockp, (struct sockaddr *)raddr,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1252]
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:171:21: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘*sockp’
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:138:12: branch_false: following ‘false’ branch (when ‘h’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:144:32: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:145:12: branch_false: following ‘false’ branch (when ‘ct’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:155:12: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:168:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:169:26: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:171:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:171:21: danger: ‘*sockp’ leaks here
#  169|   		*sockp = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
#  170|   		(void)bindresvport_sa(*sockp, NULL);
#  171|-> 		if (*sockp < 0 || raddr == NULL ||
#  172|   		    connect(*sockp, (struct sockaddr *)raddr,
#  173|   			    sizeof(*raddr)) < 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1253]
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:176:31: warning[-Wanalyzer-malloc-leak]: leak of ‘ct’
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:138:12: branch_false: following ‘false’ branch (when ‘h’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:144:32: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:144:32: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:145:12: branch_false: following ‘false’ branch (when ‘ct’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:155:12: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:168:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:169:26: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:176:31: danger: ‘ct’ leaks here; was allocated at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#  174|   			rpc_createerr.cf_stat = RPC_SYSTEMERROR;
#  175|   			rpc_createerr.cf_error.re_errno = errno;
#  176|->                         (void)closesocket(*sockp);
#  177|   			goto fooy;
#  178|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1254]
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:176:31: warning[-Wanalyzer-malloc-leak]: leak of ‘h’
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:137:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:138:12: branch_false: following ‘false’ branch (when ‘h’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:144:32: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:145:12: branch_false: following ‘false’ branch (when ‘ct’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:155:12: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:168:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:169:26: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:176:31: danger: ‘h’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  174|   			rpc_createerr.cf_stat = RPC_SYSTEMERROR;
#  175|   			rpc_createerr.cf_error.re_errno = errno;
#  176|->                         (void)closesocket(*sockp);
#  177|   			goto fooy;
#  178|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1255]
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:215:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ct’
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:138:12: branch_false: following ‘false’ branch (when ‘h’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:144:32: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:144:32: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:145:12: branch_false: following ‘false’ branch (when ‘ct’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:155:12: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:215:9: danger: ‘ct’ leaks here; was allocated at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
#  213|   	 * pre-serialize the staic part of the call msg and stash it away
#  214|   	 */
#  215|-> 	xdrmem_create(&(ct->ct_xdrs), ct->ct_u.ct_mcall, MCALL_MSG_SIZE,
#  216|   	    XDR_ENCODE);
#  217|   	if (! xdr_callhdr(&(ct->ct_xdrs), &call_msg)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1256]
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:215:9: warning[-Wanalyzer-malloc-leak]: leak of ‘h’
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:137:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:138:12: branch_false: following ‘false’ branch (when ‘h’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:144:32: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:145:12: branch_false: following ‘false’ branch (when ‘ct’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:155:12: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:215:9: danger: ‘h’ leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  213|   	 * pre-serialize the staic part of the call msg and stash it away
#  214|   	 */
#  215|-> 	xdrmem_create(&(ct->ct_xdrs), ct->ct_u.ct_mcall, MCALL_MSG_SIZE,
#  216|   	    XDR_ENCODE);
#  217|   	if (! xdr_callhdr(&(ct->ct_xdrs), &call_msg)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1257]
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:217:15: warning[-Wanalyzer-malloc-leak]: leak of ‘h’
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:137:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:138:12: branch_false: following ‘false’ branch (when ‘h’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:144:32: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:145:12: branch_false: following ‘false’ branch (when ‘ct’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:155:12: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:217:15: danger: ‘h’ leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  215|   	xdrmem_create(&(ct->ct_xdrs), ct->ct_u.ct_mcall, MCALL_MSG_SIZE,
#  216|   	    XDR_ENCODE);
#  217|-> 	if (! xdr_callhdr(&(ct->ct_xdrs), &call_msg)) {
#  218|   		if (ct->ct_closeit)
#  219|                           (void)closesocket(*sockp);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1258]
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:219:31: warning[-Wanalyzer-malloc-leak]: leak of ‘h’
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:137:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:138:12: branch_false: following ‘false’ branch (when ‘h’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:144:32: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:145:12: branch_false: following ‘false’ branch (when ‘ct’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:155:12: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:217:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:218:21: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:218:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:219:31: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:219:31: danger: ‘h’ leaks here; was allocated at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
#  217|   	if (! xdr_callhdr(&(ct->ct_xdrs), &call_msg)) {
#  218|   		if (ct->ct_closeit)
#  219|->                         (void)closesocket(*sockp);
#  220|   		goto fooy;
#  221|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1259]
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:222:23: warning[-Wanalyzer-malloc-leak]: leak of ‘h’
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:137:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:138:12: branch_false: following ‘false’ branch (when ‘h’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:144:32: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:145:12: branch_false: following ‘false’ branch (when ‘ct’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:155:12: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:217:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:222:23: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:222:23: danger: ‘h’ leaks here; was allocated at [(1)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/0)
#  220|   		goto fooy;
#  221|   	}
#  222|-> 	ct->ct_mpos = XDR_GETPOS(&(ct->ct_xdrs));
#  223|   	XDR_DESTROY(&(ct->ct_xdrs));
#  224|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1260]
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:223:9: warning[-Wanalyzer-malloc-leak]: leak of ‘h’
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:137:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:138:12: branch_false: following ‘false’ branch (when ‘h’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:144:32: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:145:12: branch_false: following ‘false’ branch (when ‘ct’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:155:12: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:217:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:222:23: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:223:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:223:9: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:223:9: danger: ‘h’ leaks here; was allocated at [(1)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/0)
#  221|   	}
#  222|   	ct->ct_mpos = XDR_GETPOS(&(ct->ct_xdrs));
#  223|-> 	XDR_DESTROY(&(ct->ct_xdrs));
#  224|   
#  225|   	/*

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1261]
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:229:9: warning[-Wanalyzer-malloc-leak]: leak of ‘h’
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:137:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:138:12: branch_false: following ‘false’ branch (when ‘h’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:144:32: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:145:12: branch_false: following ‘false’ branch (when ‘ct’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:155:12: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:217:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:222:23: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:223:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:229:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:229:9: danger: ‘h’ leaks here; was allocated at [(1)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/0)
#  227|   	 * and authnone for authentication.
#  228|   	 */
#  229|-> 	xdrrec_create(&(ct->ct_xdrs), sendsz, recvsz,
#  230|   	    (caddr_t)ct, readtcp, writetcp);
#  231|   	h->cl_ops = &tcp_ops;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1262]
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:233:22: warning[-Wanalyzer-malloc-leak]: leak of ‘h’
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:137:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:138:12: branch_false: following ‘false’ branch (when ‘h’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:144:32: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:145:12: branch_false: following ‘false’ branch (when ‘ct’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:155:12: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:217:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:222:23: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_tcp.c:233:22: danger: ‘h’ leaks here; was allocated at [(1)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/0)
#  231|   	h->cl_ops = &tcp_ops;
#  232|   	h->cl_private = (caddr_t) ct;
#  233|-> 	h->cl_auth = authnone_create();
#  234|   	return (h);
#  235|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1263]
krb5-1.21.3/src/lib/rpc/clnt_udp.c:155:21: warning[-Wanalyzer-malloc-leak]: leak of ‘cl’
krb5-1.21.3/src/lib/rpc/clnt_udp.c:133:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:134:12: branch_false: following ‘false’ branch (when ‘cl’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:140:19: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:143:12: branch_false: following ‘false’ branch (when ‘cu’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:149:25: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:152:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:155:21: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:155:21: danger: ‘cl’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  153|   		u_short port;
#  154|   		if ((port =
#  155|-> 		    pmap_getport(raddr, program, version, IPPROTO_UDP)) == 0) {
#  156|   			goto fooy;
#  157|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1264]
krb5-1.21.3/src/lib/rpc/clnt_udp.c:155:21: warning[-Wanalyzer-malloc-leak]: leak of ‘cu’
krb5-1.21.3/src/lib/rpc/clnt_udp.c:134:12: branch_false: following ‘false’ branch (when ‘cl’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:140:19: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:142:32: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:143:12: branch_false: following ‘false’ branch (when ‘cu’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:149:25: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:152:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:155:21: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:155:21: danger: ‘cu’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  153|   		u_short port;
#  154|   		if ((port =
#  155|-> 		    pmap_getport(raddr, program, version, IPPROTO_UDP)) == 0) {
#  156|   			goto fooy;
#  157|   		}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1265]
krb5-1.21.3/src/lib/rpc/clnt_udp.c:174:9: warning[-Wanalyzer-malloc-leak]: leak of ‘cl’
krb5-1.21.3/src/lib/rpc/clnt_udp.c:133:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:134:12: branch_false: following ‘false’ branch (when ‘cl’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:140:19: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:143:12: branch_false: following ‘false’ branch (when ‘cu’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:149:25: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:174:9: danger: ‘cl’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  172|   	call_msg.rm_call.cb_prog = program;
#  173|   	call_msg.rm_call.cb_vers = version;
#  174|-> 	xdrmem_create(&(cu->cu_outxdrs), cu->cu_outbuf,
#  175|   	    sendsz, XDR_ENCODE);
#  176|   	if (! xdr_callhdr(&(cu->cu_outxdrs), &call_msg)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1266]
krb5-1.21.3/src/lib/rpc/clnt_udp.c:174:9: warning[-Wanalyzer-malloc-leak]: leak of ‘cu’
krb5-1.21.3/src/lib/rpc/clnt_udp.c:134:12: branch_false: following ‘false’ branch (when ‘cl’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:140:19: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:142:32: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:143:12: branch_false: following ‘false’ branch (when ‘cu’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:149:25: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:174:9: danger: ‘cu’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  172|   	call_msg.rm_call.cb_prog = program;
#  173|   	call_msg.rm_call.cb_vers = version;
#  174|-> 	xdrmem_create(&(cu->cu_outxdrs), cu->cu_outbuf,
#  175|   	    sendsz, XDR_ENCODE);
#  176|   	if (! xdr_callhdr(&(cu->cu_outxdrs), &call_msg)) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1267]
krb5-1.21.3/src/lib/rpc/clnt_udp.c:176:15: warning[-Wanalyzer-malloc-leak]: leak of ‘cl’
krb5-1.21.3/src/lib/rpc/clnt_udp.c:133:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:134:12: branch_false: following ‘false’ branch (when ‘cl’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:140:19: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:143:12: branch_false: following ‘false’ branch (when ‘cu’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:149:25: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:176:15: danger: ‘cl’ leaks here; was allocated at [(1)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/0)
#  174|   	xdrmem_create(&(cu->cu_outxdrs), cu->cu_outbuf,
#  175|   	    sendsz, XDR_ENCODE);
#  176|-> 	if (! xdr_callhdr(&(cu->cu_outxdrs), &call_msg)) {
#  177|   		goto fooy;
#  178|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1268]
krb5-1.21.3/src/lib/rpc/clnt_udp.c:179:25: warning[-Wanalyzer-malloc-leak]: leak of ‘cl’
krb5-1.21.3/src/lib/rpc/clnt_udp.c:133:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:134:12: branch_false: following ‘false’ branch (when ‘cl’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:140:19: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:143:12: branch_false: following ‘false’ branch (when ‘cu’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:149:25: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:176:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:179:25: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:179:25: danger: ‘cl’ leaks here; was allocated at [(1)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/0)
#  177|   		goto fooy;
#  178|   	}
#  179|-> 	cu->cu_xdrpos = XDR_GETPOS(&(cu->cu_outxdrs));
#  180|   	if (*sockp < 0) {
#  181|   		int dontblock = 1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1269]
krb5-1.21.3/src/lib/rpc/clnt_udp.c:190:23: warning[-Wanalyzer-malloc-leak]: leak of ‘cl’
krb5-1.21.3/src/lib/rpc/clnt_udp.c:133:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:134:12: branch_false: following ‘false’ branch (when ‘cl’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:140:19: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:143:12: branch_false: following ‘false’ branch (when ‘cu’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:149:25: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:176:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:179:25: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:180:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:181:21: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:184:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:190:23: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:190:23: danger: ‘cl’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  188|   		}
#  189|   		/* attempt to bind to prov port */
#  190|-> 		(void)bindresvport_sa(*sockp, NULL);
#  191|   		/* the sockets rpc controls are non-blocking */
#  192|   		(void)ioctl(*sockp, FIONBIO, (char *) &dontblock);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1270]
krb5-1.21.3/src/lib/rpc/clnt_udp.c:204:23: warning[-Wanalyzer-malloc-leak]: leak of ‘cl’
krb5-1.21.3/src/lib/rpc/clnt_udp.c:133:24: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:134:12: branch_false: following ‘false’ branch (when ‘cl’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:140:19: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:143:12: branch_false: following ‘false’ branch (when ‘cu’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:149:25: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:176:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:179:25: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:197:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:199:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:200:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/clnt_udp.c:203:23: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/clnt_udp.c:204:23: danger: ‘cl’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  202|   
#  203|   	cu->cu_sock = *sockp;
#  204|-> 	cl->cl_auth = authnone_create();
#  205|   	return (cl);
#  206|   fooy:

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1271]
krb5-1.21.3/src/lib/rpc/pmap_rmt.c:280:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/lib/rpc/pmap_rmt.c:275:21: acquire_resource: datagram socket created here
krb5-1.21.3/src/lib/rpc/pmap_rmt.c:275:12: branch_false: following ‘false’ branch (when ‘sock >= 0’)...
krb5-1.21.3/src/lib/rpc/pmap_rmt.c:280:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/pmap_rmt.c:280:9: danger: ‘sock’ leaks here
#  278|   		goto done_broad;
#  279|   	}
#  280|-> 	set_cloexec_fd(sock);
#  281|   #ifdef SO_BROADCAST
#  282|   	if (setsockopt(sock, SOL_SOCKET, SO_BROADCAST, (char *) &on,

Error: GCC_ANALYZER_WARNING (CWE-688): [#def1272]
krb5-1.21.3/src/lib/rpc/svc.c:109:17: warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL ‘xports’ where non-null expected
krb5-1.21.3/src/lib/rpc/svc.c:106:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/svc.c:108:25: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/svc.c:108:25: acquire_memory: this call could return NULL
krb5-1.21.3/src/lib/rpc/svc.c:109:17: danger: argument 1 (‘malloc(8192)’) from [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2) could be NULL where non-null expected
#argument 1 of ‘__builtin_memset’ must be non-null
#  107|   		xports = (SVCXPRT **)
#  108|   			mem_alloc(FD_SETSIZE * sizeof(SVCXPRT *));
#  109|-> 		memset(xports, 0, FD_SETSIZE * sizeof(SVCXPRT *));
#  110|   	}
#  111|   	if (sock < FD_SETSIZE) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1273]
krb5-1.21.3/src/lib/rpc/svc.c:463:17: warning[-Wanalyzer-malloc-leak]: leak of ‘cookedcred’
krb5-1.21.3/src/lib/rpc/svc.c:460:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc.c:462:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/svc.c:463:17: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/svc.c:463:17: danger: ‘cookedcred’ leaks here; was allocated at [(1)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/0)
#  461|   
#  462|   	if (rawcred == NULL || rawverf == NULL || cookedcred == NULL)
#  463|-> 		return;
#  464|   
#  465|   	msg.rm_call.cb_cred.oa_base = rawcred;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1274]
krb5-1.21.3/src/lib/rpc/svc.c:463:17: warning[-Wanalyzer-malloc-leak]: leak of ‘rawcred’
krb5-1.21.3/src/lib/rpc/svc.c:458:19: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc.c:462:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/svc.c:463:17: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/svc.c:463:17: danger: ‘rawcred’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  461|   
#  462|   	if (rawcred == NULL || rawverf == NULL || cookedcred == NULL)
#  463|-> 		return;
#  464|   
#  465|   	msg.rm_call.cb_cred.oa_base = rawcred;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1275]
krb5-1.21.3/src/lib/rpc/svc.c:463:17: warning[-Wanalyzer-malloc-leak]: leak of ‘rawverf’
krb5-1.21.3/src/lib/rpc/svc.c:459:19: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc.c:462:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/svc.c:463:17: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/svc.c:463:17: danger: ‘rawverf’ leaks here; was allocated at [(1)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/0)
#  461|   
#  462|   	if (rawcred == NULL || rawverf == NULL || cookedcred == NULL)
#  463|-> 		return;
#  464|   
#  465|   	msg.rm_call.cb_cred.oa_base = rawcred;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1276]
krb5-1.21.3/src/lib/rpc/svc.c:473:22: warning[-Wanalyzer-malloc-leak]: leak of ‘cookedcred’
krb5-1.21.3/src/lib/rpc/svc.c:460:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc.c:462:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc.c:462:13: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc.c:462:13: branch_false: following ‘false’ branch (when ‘cookedcred’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc.c:465:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc.c:473:22: danger: ‘cookedcred’ leaks here; was allocated at [(1)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/0)
#  471|   		enum auth_stat why;
#  472|   
#  473|-> 		if (!SVC_RECV(xprt, &msg))
#  474|   			goto call_done;
#  475|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1277]
krb5-1.21.3/src/lib/rpc/svc.c:473:22: warning[-Wanalyzer-malloc-leak]: leak of ‘rawcred’
krb5-1.21.3/src/lib/rpc/svc.c:458:19: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc.c:462:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc.c:473:22: danger: ‘rawcred’ leaks here; was allocated at [(1)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/0)
#  471|   		enum auth_stat why;
#  472|   
#  473|-> 		if (!SVC_RECV(xprt, &msg))
#  474|   			goto call_done;
#  475|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1278]
krb5-1.21.3/src/lib/rpc/svc.c:473:22: warning[-Wanalyzer-malloc-leak]: leak of ‘rawverf’
krb5-1.21.3/src/lib/rpc/svc.c:459:19: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc.c:462:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc.c:473:22: danger: ‘rawverf’ leaks here; was allocated at [(1)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/0)
#  471|   		enum auth_stat why;
#  472|   
#  473|-> 		if (!SVC_RECV(xprt, &msg))
#  474|   			goto call_done;
#  475|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1279]
krb5-1.21.3/src/lib/rpc/svc.c:487:23: warning[-Wanalyzer-malloc-leak]: leak of ‘cookedcred’
krb5-1.21.3/src/lib/rpc/svc.c:460:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc.c:462:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc.c:462:13: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc.c:462:13: branch_false: following ‘false’ branch (when ‘cookedcred’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc.c:465:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc.c:487:23: danger: ‘cookedcred’ leaks here; was allocated at [(1)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/0)
#  485|   
#  486|   		/* first authenticate the message */
#  487|-> 		why = gssrpc__authenticate(&r, &msg, &no_dispatch);
#  488|   		if (why != AUTH_OK) {
#  489|   			svcerr_auth(xprt, why);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1280]
krb5-1.21.3/src/lib/rpc/svc.c:524:29: warning[-Wanalyzer-malloc-leak]: leak of ‘cookedcred’
krb5-1.21.3/src/lib/rpc/svc.c:460:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc.c:462:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc.c:462:13: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc.c:462:13: branch_false: following ‘false’ branch (when ‘cookedcred’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc.c:465:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc.c:473:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/svc.c:474:25: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/svc.c:524:29: danger: ‘cookedcred’ leaks here; was allocated at [(1)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/0)
#  522|   
#  523|   	call_done:
#  524|-> 		if ((stat = SVC_STAT(xprt)) == XPRT_DIED){
#  525|   			SVC_DESTROY(xprt);
#  526|   			break;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1281]
krb5-1.21.3/src/lib/rpc/svc.c:525:25: warning[-Wanalyzer-malloc-leak]: leak of ‘cookedcred’
krb5-1.21.3/src/lib/rpc/svc.c:460:22: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc.c:462:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc.c:462:13: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc.c:462:13: branch_false: following ‘false’ branch (when ‘cookedcred’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc.c:465:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc.c:473:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/svc.c:474:25: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/svc.c:525:25: danger: ‘cookedcred’ leaks here; was allocated at [(1)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/0)
#  523|   	call_done:
#  524|   		if ((stat = SVC_STAT(xprt)) == XPRT_DIED){
#  525|-> 			SVC_DESTROY(xprt);
#  526|   			break;
#  527|   		} else if ((xprt->xp_auth != NULL) &&

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1282]
krb5-1.21.3/src/lib/rpc/svc_auth_gss.c:409:32: warning[-Wanalyzer-malloc-leak]: leak of ‘auth’
krb5-1.21.3/src/lib/rpc/svc_auth_gss.c:407:29: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc_auth_gss.c:407:20: branch_false: following ‘false’ branch (when ‘auth’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_auth_gss.c:411:27: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_auth_gss.c:411:20: branch_true: following ‘true’ branch (when ‘gd’ is NULL)...
krb5-1.21.3/src/lib/rpc/svc_auth_gss.c:412:25: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/svc_auth_gss.c:409:32: danger: ‘auth’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  407|   		if ((auth = calloc(sizeof(*auth), 1)) == NULL) {
#  408|   			fprintf(stderr, "svcauth_gss: out_of_memory\n");
#  409|-> 			return (AUTH_FAILED);
#  410|   		}
#  411|   		if ((gd = calloc(sizeof(*gd), 1)) == NULL) {

Error: CPPCHECK_WARNING (CWE-401): [#def1283]
krb5-1.21.3/src/lib/rpc/svc_auth_gss.c:413: error[memleak]: Memory leak: auth
#  411|   		if ((gd = calloc(sizeof(*gd), 1)) == NULL) {
#  412|   			fprintf(stderr, "svcauth_gss: out_of_memory\n");
#  413|-> 			return (AUTH_FAILED);
#  414|   		}
#  415|   		auth->svc_ah_ops = &svc_auth_gss_ops;

Error: GCC_ANALYZER_WARNING (CWE-415): [#def1284]
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:674:11: warning[-Wanalyzer-double-free]: double-‘free’ of ‘c’
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:663:13: enter_function: entry to ‘cleanup’
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:670:13: branch_true: following ‘true’ branch (when ‘c’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:672:11: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:673:11: call_function: calling ‘destroy_client’ from ‘cleanup’
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:673:11: return_function: returning to ‘cleanup’ from ‘destroy_client’
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:674:11: danger: second ‘free’ here; first ‘free’ was at [(10)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/9)
#  672|   	  c = c->next;
#  673|   	  destroy_client(c2->client);
#  674|-> 	  free(c2);
#  675|        }
#  676|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1285]
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:721:9: warning[-Wanalyzer-malloc-leak]: leak of ‘client_data’
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:702:45: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:703:9: branch_false: following ‘false’ branch (when ‘client_data’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:705:6: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:721:9: branch_true: following ‘true’ branch (when ‘c’ is NULL)...
 branch_true: ...to here
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:721:9: danger: ‘client_data’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#  719|   
#  720|        c = (client_list *) malloc(sizeof(client_list));
#  721|->      if (c == NULL)
#  722|   	  return NULL;
#  723|        c->client = client_data;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1286]
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:1004:20: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:929:8: enter_function: entry to ‘gssrpc_svcauth_gssapi_set_names’
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:937:9: branch_false: following ‘false’ branch (when ‘num != 0’)...
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:942:6: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:945:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:947:40: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:948:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:949:11: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/svc_auth_gssapi.c:986:6: call_function: calling ‘gssrpc_svcauth_gssapi_unset_names’ from ‘gssrpc_svcauth_gssapi_set_names’
# 1002|        if (server_creds_list) {
# 1003|   	  for (i = 0; i < server_creds_count; i++)
# 1004|-> 	       if (server_creds_list[i])
# 1005|   		    gss_release_cred(&minor_stat, &server_creds_list[i]);
# 1006|   	  free(server_creds_list);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1287]
krb5-1.21.3/src/lib/rpc/svc_tcp.c:153:32: warning[-Wanalyzer-malloc-leak]: leak of ‘r’
krb5-1.21.3/src/lib/rpc/svc_tcp.c:161:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:167:13: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:172:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:178:13: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:178:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:184:38: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:184:38: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:185:12: branch_false: following ‘false’ branch (when ‘r’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:189:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:192:12: branch_true: following ‘true’ branch (when ‘xprt’ is NULL)...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:193:24: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:153:32: danger: ‘r’ leaks here; was allocated at [(8)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/7)
#  151|   		if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) {
#  152|   			perror("svctcp_.c - udp socket creation problem");
#  153|-> 			return ((SVCXPRT *)NULL);
#  154|   		}
#  155|   		set_cloexec_fd(sock);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1288]
krb5-1.21.3/src/lib/rpc/svc_tcp.c:155:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/lib/rpc/svc_tcp.c:150:12: branch_true: following ‘true’ branch (when ‘sock == -1’)...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:151:29: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:151:29: acquire_resource: stream socket created here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:151:20: branch_false: following ‘false’ branch (when ‘sock >= 0’)...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:155:17: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:155:17: danger: ‘sock’ leaks here
#  153|   			return ((SVCXPRT *)NULL);
#  154|   		}
#  155|-> 		set_cloexec_fd(sock);
#  156|   		madesock = TRUE;
#  157|   		memset(&ss, 0, sizeof(ss));

Error: CPPCHECK_WARNING (CWE-401): [#def1289]
krb5-1.21.3/src/lib/rpc/svc_tcp.c:194: error[memleak]: Memory leak: r
#  192|   	if (xprt == NULL) {
#  193|   		(void) fprintf(stderr, "svctcp_create: out of memory\n");
#  194|-> 		return (NULL);
#  195|   	}
#  196|   	xprt->xp_p2 = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1290]
krb5-1.21.3/src/lib/rpc/svc_tcp.c:204:9: warning[-Wanalyzer-malloc-leak]: leak of ‘r’
krb5-1.21.3/src/lib/rpc/svc_tcp.c:161:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:167:13: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:172:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:178:13: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:178:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:184:38: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:184:38: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:185:12: branch_false: following ‘false’ branch (when ‘r’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:189:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:192:12: branch_false: following ‘false’ branch (when ‘xprt’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:196:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:204:9: danger: ‘r’ leaks here; was allocated at [(8)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/7)
#  202|   	xprt->xp_sock = sock;
#  203|   	xprt->xp_laddrlen = 0;
#  204|-> 	xprt_register(xprt);
#  205|   	return (xprt);
#  206|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1291]
krb5-1.21.3/src/lib/rpc/svc_tcp.c:204:9: warning[-Wanalyzer-malloc-leak]: leak of ‘xprt’
krb5-1.21.3/src/lib/rpc/svc_tcp.c:161:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:167:13: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:172:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:178:13: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:178:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:184:38: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:185:12: branch_false: following ‘false’ branch (when ‘r’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:189:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:191:27: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:192:12: branch_false: following ‘false’ branch (when ‘xprt’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:196:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:204:9: danger: ‘xprt’ leaks here; was allocated at [(10)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/9)
#  202|   	xprt->xp_sock = sock;
#  203|   	xprt->xp_laddrlen = 0;
#  204|-> 	xprt_register(xprt);
#  205|   	return (xprt);
#  206|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1292]
krb5-1.21.3/src/lib/rpc/svc_tcp.c:257:9: warning[-Wanalyzer-malloc-leak]: leak of ‘cd’
krb5-1.21.3/src/lib/rpc/svc_tcp.c:232:12: branch_false: following ‘false’ branch (when ‘fd <= 1023’)...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:244:27: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:245:12: branch_false: following ‘false’ branch (when ‘xprt’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:249:33: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:249:33: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:250:12: branch_false: following ‘false’ branch (when ‘cd’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:256:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:257:9: danger: ‘cd’ leaks here; was allocated at [(5)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/4)
#  255|   	}
#  256|   	cd->strm_stat = XPRT_IDLE;
#  257|-> 	xdrrec_create(&(cd->xdrs), sendsize, recvsize,
#  258|   	    (caddr_t)xprt, readtcp, writetcp);
#  259|   	xprt->xp_p2 = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1293]
krb5-1.21.3/src/lib/rpc/svc_tcp.c:257:9: warning[-Wanalyzer-malloc-leak]: leak of ‘xprt’
krb5-1.21.3/src/lib/rpc/svc_tcp.c:232:12: branch_false: following ‘false’ branch (when ‘fd <= 1023’)...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:244:27: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:244:27: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:245:12: branch_false: following ‘false’ branch (when ‘xprt’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:249:33: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:250:12: branch_false: following ‘false’ branch (when ‘cd’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_tcp.c:256:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_tcp.c:257:9: danger: ‘xprt’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  255|   	}
#  256|   	cd->strm_stat = XPRT_IDLE;
#  257|-> 	xdrrec_create(&(cd->xdrs), sendsize, recvsize,
#  258|   	    (caddr_t)xprt, readtcp, writetcp);
#  259|   	xprt->xp_p2 = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1294]
krb5-1.21.3/src/lib/rpc/svc_udp.c:125:32: warning[-Wanalyzer-malloc-leak]: leak of ‘su’
krb5-1.21.3/src/lib/rpc/svc_udp.c:133:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:139:13: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:144:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:150:27: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:151:12: branch_false: following ‘false’ branch (when ‘xprt’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_udp.c:155:36: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:155:36: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc_udp.c:156:12: branch_false: following ‘false’ branch (when ‘su’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_udp.c:160:25: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:161:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:162:23: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:125:32: danger: ‘su’ leaks here; was allocated at [(7)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/6)
#  123|   		if ((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
#  124|   			perror("svcudp_create: socket creation problem");
#  125|-> 			return ((SVCXPRT *)NULL);
#  126|   		}
#  127|   		set_cloexec_fd(sock);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1295]
krb5-1.21.3/src/lib/rpc/svc_udp.c:125:32: warning[-Wanalyzer-malloc-leak]: leak of ‘xprt’
krb5-1.21.3/src/lib/rpc/svc_udp.c:133:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:139:13: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:144:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:150:27: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:150:27: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc_udp.c:151:12: branch_false: following ‘false’ branch (when ‘xprt’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_udp.c:155:36: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:156:12: branch_true: following ‘true’ branch (when ‘su’ is NULL)...
krb5-1.21.3/src/lib/rpc/svc_udp.c:157:23: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:125:32: danger: ‘xprt’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  123|   		if ((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
#  124|   			perror("svcudp_create: socket creation problem");
#  125|-> 			return ((SVCXPRT *)NULL);
#  126|   		}
#  127|   		set_cloexec_fd(sock);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1296]
krb5-1.21.3/src/lib/rpc/svc_udp.c:127:17: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/lib/rpc/svc_udp.c:122:12: branch_true: following ‘true’ branch (when ‘sock == -1’)...
krb5-1.21.3/src/lib/rpc/svc_udp.c:123:29: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:123:29: acquire_resource: datagram socket created here
krb5-1.21.3/src/lib/rpc/svc_udp.c:123:20: branch_false: following ‘false’ branch (when ‘sock >= 0’)...
krb5-1.21.3/src/lib/rpc/svc_udp.c:127:17: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:127:17: danger: ‘sock’ leaks here
#  125|   			return ((SVCXPRT *)NULL);
#  126|   		}
#  127|-> 		set_cloexec_fd(sock);
#  128|   		madesock = TRUE;
#  129|   		memset(&ss, 0, sizeof(ss));

Error: CPPCHECK_WARNING (CWE-401): [#def1297]
krb5-1.21.3/src/lib/rpc/svc_udp.c:158: error[memleak]: Memory leak: xprt
#  156|   	if (su == NULL) {
#  157|   		(void)fprintf(stderr, "svcudp_create: out of memory\n");
#  158|-> 		return (NULL);
#  159|   	}
#  160|   	su->su_iosz = ((MAX(sendsz, recvsz) + 3) / 4) * 4;

Error: CPPCHECK_WARNING (CWE-401): [#def1298]
krb5-1.21.3/src/lib/rpc/svc_udp.c:163: error[memleak]: Memory leak: su
#  161|   	if ((rpc_buffer(xprt) = mem_alloc(su->su_iosz)) == NULL) {
#  162|   		(void)fprintf(stderr, "svcudp_create: out of memory\n");
#  163|-> 		return (NULL);
#  164|   	}
#  165|   	xdrmem_create(

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1299]
krb5-1.21.3/src/lib/rpc/svc_udp.c:165:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/rpc/svc_udp.c:133:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:139:13: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:144:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:150:27: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:151:12: branch_false: following ‘false’ branch (when ‘xprt’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_udp.c:155:36: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:156:12: branch_false: following ‘false’ branch (when ‘su’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_udp.c:160:25: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:161:33: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc_udp.c:161:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:165:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:165:9: danger: ‘<unknown>’ leaks here; was allocated at [(9)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/8)
#  163|   		return (NULL);
#  164|   	}
#  165|-> 	xdrmem_create(
#  166|   	    &(su->su_xdrs), rpc_buffer(xprt), su->su_iosz, XDR_DECODE);
#  167|   	su->su_cache = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1300]
krb5-1.21.3/src/lib/rpc/svc_udp.c:165:9: warning[-Wanalyzer-malloc-leak]: leak of ‘su’
krb5-1.21.3/src/lib/rpc/svc_udp.c:133:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:139:13: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:144:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:150:27: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:151:12: branch_false: following ‘false’ branch (when ‘xprt’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_udp.c:155:36: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:155:36: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc_udp.c:156:12: branch_false: following ‘false’ branch (when ‘su’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_udp.c:160:25: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:161:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:165:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:165:9: danger: ‘su’ leaks here; was allocated at [(7)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/6)
#  163|   		return (NULL);
#  164|   	}
#  165|-> 	xdrmem_create(
#  166|   	    &(su->su_xdrs), rpc_buffer(xprt), su->su_iosz, XDR_DECODE);
#  167|   	su->su_cache = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1301]
krb5-1.21.3/src/lib/rpc/svc_udp.c:165:9: warning[-Wanalyzer-malloc-leak]: leak of ‘xprt’
krb5-1.21.3/src/lib/rpc/svc_udp.c:133:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:139:13: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:144:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:150:27: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:150:27: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc_udp.c:151:12: branch_false: following ‘false’ branch (when ‘xprt’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_udp.c:155:36: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:156:12: branch_false: following ‘false’ branch (when ‘su’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_udp.c:160:25: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:161:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:165:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:165:9: danger: ‘xprt’ leaks here; was allocated at [(5)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/4)
#  163|   		return (NULL);
#  164|   	}
#  165|-> 	xdrmem_create(
#  166|   	    &(su->su_xdrs), rpc_buffer(xprt), su->su_iosz, XDR_DECODE);
#  167|   	su->su_cache = NULL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1302]
krb5-1.21.3/src/lib/rpc/svc_udp.c:174:9: warning[-Wanalyzer-malloc-leak]: leak of ‘xprt’
krb5-1.21.3/src/lib/rpc/svc_udp.c:133:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:139:13: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:144:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:150:27: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:150:27: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc_udp.c:151:12: branch_false: following ‘false’ branch (when ‘xprt’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_udp.c:155:36: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:156:12: branch_false: following ‘false’ branch (when ‘su’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_udp.c:160:25: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:161:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:165:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:174:9: danger: ‘xprt’ leaks here; was allocated at [(5)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/4)
#  172|   	xprt->xp_port = sa_getport(sa);
#  173|   	xprt->xp_sock = sock;
#  174|-> 	xprt_register(xprt);
#  175|   	return (xprt);
#  176|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1303]
krb5-1.21.3/src/lib/rpc/svc_udp.c:427:17: warning[-Wanalyzer-malloc-leak]: leak of ‘uc’
krb5-1.21.3/src/lib/rpc/svc_udp.c:414:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:418:14: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:418:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc_udp.c:419:12: branch_false: following ‘false’ branch (when ‘uc’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_udp.c:423:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:426:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:427:17: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:427:17: danger: ‘uc’ leaks here; was allocated at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
#  425|   	uc->uc_entries = ALLOC(cache_ptr, size * SPARSENESS);
#  426|   	if (uc->uc_entries == NULL) {
#  427|-> 		CACHE_PERROR("enablecache: could not allocate cache data");
#  428|   		return(0);
#  429|   	}

Error: CPPCHECK_WARNING (CWE-401): [#def1304]
krb5-1.21.3/src/lib/rpc/svc_udp.c:428: error[memleak]: Memory leak: uc
#  426|   	if (uc->uc_entries == NULL) {
#  427|   		CACHE_PERROR("enablecache: could not allocate cache data");
#  428|-> 		return(0);
#  429|   	}
#  430|   	BZERO(uc->uc_entries, cache_ptr, size * SPARSENESS);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1305]
krb5-1.21.3/src/lib/rpc/svc_udp.c:433:17: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/lib/rpc/svc_udp.c:414:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:418:14: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:419:12: branch_false: following ‘false’ branch (when ‘uc’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_udp.c:423:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:425:26: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc_udp.c:426:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:430:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:432:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:433:17: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:433:17: danger: ‘<unknown>’ leaks here; was allocated at [(5)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/4)
#  431|   	uc->uc_fifo = ALLOC(cache_ptr, size);
#  432|   	if (uc->uc_fifo == NULL) {
#  433|-> 		CACHE_PERROR("enablecache: could not allocate cache fifo");
#  434|   		return(0);
#  435|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1306]
krb5-1.21.3/src/lib/rpc/svc_udp.c:433:17: warning[-Wanalyzer-malloc-leak]: leak of ‘uc’
krb5-1.21.3/src/lib/rpc/svc_udp.c:414:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:418:14: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:418:14: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc_udp.c:419:12: branch_false: following ‘false’ branch (when ‘uc’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_udp.c:423:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:426:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:430:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:432:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/lib/rpc/svc_udp.c:433:17: branch_true: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:433:17: danger: ‘uc’ leaks here; was allocated at [(3)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/2)
#  431|   	uc->uc_fifo = ALLOC(cache_ptr, size);
#  432|   	if (uc->uc_fifo == NULL) {
#  433|-> 		CACHE_PERROR("enablecache: could not allocate cache fifo");
#  434|   		return(0);
#  435|   	}

Error: CPPCHECK_WARNING (CWE-401): [#def1307]
krb5-1.21.3/src/lib/rpc/svc_udp.c:434: error[memleak]: Memory leak: uc
#  432|   	if (uc->uc_fifo == NULL) {
#  433|   		CACHE_PERROR("enablecache: could not allocate cache fifo");
#  434|-> 		return(0);
#  435|   	}
#  436|   	BZERO(uc->uc_fifo, cache_ptr, size);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1308]
krb5-1.21.3/src/lib/rpc/svc_udp.c:494:9: warning[-Wanalyzer-malloc-leak]: leak of ‘victim’
krb5-1.21.3/src/lib/rpc/svc_udp.c:462:12: branch_false: following ‘false’ branch (when ‘victim’ is NULL)...
krb5-1.21.3/src/lib/rpc/svc_udp.c:475:26: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:475:26: acquire_memory: allocated here
krb5-1.21.3/src/lib/rpc/svc_udp.c:476:20: branch_false: following ‘false’ branch (when ‘victim’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_udp.c:480:26: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:481:20: branch_false: following ‘false’ branch (when ‘newbuf’ is non-NULL)...
krb5-1.21.3/src/lib/rpc/svc_udp.c:491:9: branch_false: ...to here
krb5-1.21.3/src/lib/rpc/svc_udp.c:494:9: danger: ‘victim’ leaks here; was allocated at [(3)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/2)
#  492|   	victim->cache_reply = rpc_buffer(xprt);
#  493|   	rpc_buffer(xprt) = newbuf;
#  494|-> 	xdrmem_create(&(su->su_xdrs), rpc_buffer(xprt), su->su_iosz, XDR_ENCODE);
#  495|   	victim->cache_xid = su->su_xid;
#  496|   	victim->cache_proc = uc->uc_proc;

Error: COMPILER_WARNING (CWE-252): [#def1309]
krb5-1.21.3/src/lib/rpc/unit-test/server.c: scope_hint: In function ‘rpc_test_echo_1_svc’
krb5-1.21.3/src/lib/rpc/unit-test/server.c:161:6: warning[-Wunused-result]: ignoring return value of ‘asprintf’ declared with attribute ‘warn_unused_result’
#  161 |      asprintf(&res, "Echo: %s", *arg);
#      |      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  159|        if (res)
#  160|   	  free(res);
#  161|->      asprintf(&res, "Echo: %s", *arg);
#  162|        return &res;
#  163|   }

Error: CPPCHECK_WARNING (CWE-401): [#def1310]
krb5-1.21.3/src/lib/rpc/xdr_rec.c:167: error[memleak]: Memory leak: rstrm
#  165|   	if (rstrm->the_buffer == NULL) {
#  166|   		(void)fprintf(stderr, "xdrrec_create: out of memory\n");
#  167|-> 		return;
#  168|   	}
#  169|   	for (rstrm->out_base = rstrm->the_buffer;

Error: CPPCHECK_WARNING (CWE-457): [#def1311]
krb5-1.21.3/src/lib/rpc/xdr_rec.c:215: error[uninitvar]: Uninitialized variable: mylong
#  213|   		rstrm->in_finger += BYTES_PER_XDR_UNIT;
#  214|   	} else {
#  215|-> 		if (! xdrrec_getbytes(xdrs, (caddr_t)&mylong,
#  216|   				      BYTES_PER_XDR_UNIT))
#  217|   			return (FALSE);

Error: CPPCHECK_WARNING (CWE-457): [#def1312]
krb5-1.21.3/src/lib/rpc/xdr_rec.c:537: error[uninitvar]: Uninitialized variable: header
#  535|   	uint32_t header;
#  536|   
#  537|-> 	if (! get_input_bytes(rstrm, (caddr_t)&header, sizeof(header)))
#  538|   		return (FALSE);
#  539|   	header = ntohl(header);

Error: CPPCHECK_WARNING (CWE-457): [#def1313]
krb5-1.21.3/src/lib/rpc/xdr_stdio.c:104: error[uninitvar]: Uninitialized variable: tmp
#  102|   {
#  103|           uint32_t tmp;
#  104|-> 	if (fread((caddr_t)&tmp,
#  105|   		  sizeof(uint32_t), 1, (FILE *)xdrs->x_private) != 1)
#  106|   		return (FALSE);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1314]
krb5-1.21.3/src/plugins/authdata/greet_client/greet.c:329:16: warning[-Wanalyzer-malloc-leak]: leak of ‘contents’
krb5-1.21.3/src/plugins/authdata/greet_client/greet.c:320:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/authdata/greet_client/greet.c:324:9: branch_false: ...to here
krb5-1.21.3/src/plugins/authdata/greet_client/greet.c:324:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/authdata/greet_client/greet.c:325:20: branch_true: ...to here
krb5-1.21.3/src/plugins/authdata/greet_client/greet.c:325:20: acquire_memory: allocated here
krb5-1.21.3/src/plugins/authdata/greet_client/greet.c:326:12: branch_false: following ‘false’ branch (when ‘contents’ is non-NULL)...
krb5-1.21.3/src/plugins/authdata/greet_client/greet.c:329:16: branch_false: ...to here
krb5-1.21.3/src/plugins/authdata/greet_client/greet.c:329:16: danger: ‘contents’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  327|               return ENOMEM;
#  328|   
#  329|->         code = krb5_ser_unpack_bytes(contents, (size_t)length, &bp, &remain);
#  330|           if (code != 0) {
#  331|               free(contents);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1315]
krb5-1.21.3/src/plugins/hostrealm/test/main.c:72:12: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/hostrealm/test/main.c:54:1: enter_function: entry to ‘split_comps’
krb5-1.21.3/src/plugins/hostrealm/test/main.c:68:16: branch_false: following ‘false’ branch (when ‘q’ is non-NULL)...
krb5-1.21.3/src/plugins/hostrealm/test/main.c:68:55: branch_false: ...to here
krb5-1.21.3/src/plugins/hostrealm/test/main.c:68:42: call_function: calling ‘k5memdup0’ from ‘split_comps’
krb5-1.21.3/src/plugins/hostrealm/test/main.c:68:42: return_function: returning to ‘split_comps’ from ‘k5memdup0’
krb5-1.21.3/src/plugins/hostrealm/test/main.c:69:12: branch_false: following ‘false’ branch (when ‘word’ is non-NULL)...
krb5-1.21.3/src/plugins/hostrealm/test/main.c:71:32: branch_false: ...to here
krb5-1.21.3/src/plugins/hostrealm/test/main.c:72:12: branch_false: following ‘false’ branch (when ‘newptr’ is non-NULL)...
krb5-1.21.3/src/plugins/hostrealm/test/main.c:75:14: branch_false: ...to here
krb5-1.21.3/src/plugins/hostrealm/test/main.c:78:12: branch_false: following ‘false’ branch (when ‘q’ is non-NULL)...
krb5-1.21.3/src/plugins/hostrealm/test/main.c:80:9: branch_false: ...to here
krb5-1.21.3/src/plugins/hostrealm/test/main.c:68:16: branch_true: following ‘true’ branch (when ‘q’ is NULL)...
krb5-1.21.3/src/plugins/hostrealm/test/main.c:68:30: branch_true: ...to here
krb5-1.21.3/src/plugins/hostrealm/test/main.c:69:12: branch_false: following ‘false’ branch (when ‘word’ is non-NULL)...
krb5-1.21.3/src/plugins/hostrealm/test/main.c:71:32: branch_false: ...to here
krb5-1.21.3/src/plugins/hostrealm/test/main.c:72:12: danger: ‘<unknown>’ leaks here; was allocated at [(10)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/9)
#   70|               goto oom;
#   71|           newptr = realloc(list, (count + 2) * sizeof(*list));
#   72|->         if (newptr == NULL)
#   73|               goto oom;
#   74|           list = newptr;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1316]
krb5-1.21.3/src/plugins/hostrealm/test/main.c:86:5: warning[-Wanalyzer-malloc-leak]: leak of ‘word’
krb5-1.21.3/src/plugins/hostrealm/test/main.c:54:1: enter_function: entry to ‘split_comps’
krb5-1.21.3/src/plugins/hostrealm/test/main.c:68:16: branch_false: following ‘false’ branch (when ‘q’ is non-NULL)...
krb5-1.21.3/src/plugins/hostrealm/test/main.c:68:55: branch_false: ...to here
krb5-1.21.3/src/plugins/hostrealm/test/main.c:68:42: call_function: calling ‘k5memdup0’ from ‘split_comps’
krb5-1.21.3/src/plugins/hostrealm/test/main.c:68:42: return_function: returning to ‘split_comps’ from ‘k5memdup0’
krb5-1.21.3/src/plugins/hostrealm/test/main.c:69:12: branch_false: following ‘false’ branch (when ‘word’ is non-NULL)...
krb5-1.21.3/src/plugins/hostrealm/test/main.c:71:32: branch_false: ...to here
krb5-1.21.3/src/plugins/hostrealm/test/main.c:72:12: branch_true: following ‘true’ branch (when ‘newptr’ is NULL)...
krb5-1.21.3/src/plugins/hostrealm/test/main.c:73:13: branch_true: ...to here
krb5-1.21.3/src/plugins/hostrealm/test/main.c:86:5: danger: ‘word’ leaks here; was allocated at [(10)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/9)
#   84|   
#   85|   oom:
#   86|->     krb5_free_host_realm(context, list);
#   87|       free(word);
#   88|       return ENOMEM;

Error: COMPILER_WARNING: [#def1317]
krb5-1.21.3/src/plugins/kadm5_auth/test/main.c: scope_hint: In function ‘welcomer_end’
krb5-1.21.3/src/plugins/kadm5_auth/test/main.c:257:33: warning[-Wformat-truncation=]: ‘%d’ directive output may be truncated writing between 1 and 11 bytes into a region of size 10
#  257 |     snprintf(buf, sizeof(buf), "%d", atoi(val) + 1);
#      |                                 ^~
krb5-1.21.3/src/plugins/kadm5_auth/test/main.c:257:32: note: directive argument in the range [-2147483647, 2147483647]
#  257 |     snprintf(buf, sizeof(buf), "%d", atoi(val) + 1);
#      |                                ^~~~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 2 and 12 bytes into a destination of size 10
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  255|       if (krb5_dbe_get_string(context, ent, "ends", &val) != 0 || val == NULL)
#  256|           goto cleanup;
#  257|->     snprintf(buf, sizeof(buf), "%d", atoi(val) + 1);
#  258|       if (krb5_dbe_set_string(context, ent, "ends", buf) != 0)
#  259|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1318]
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:146:21: warning[-Wanalyzer-malloc-leak]: leak of ‘db’
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:70:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:73:28: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:73:28: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:74:8: branch_false: following ‘false’ branch (when ‘db’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:77:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:120:12: branch_true: following ‘true’ branch (when ‘lockp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:121:20: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:126:8: branch_false: following ‘false’ branch (when ‘lockp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:145:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:145:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:146:21: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:146:21: danger: ‘db’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  144|       /* now initialize lockp->lockinfo if necessary */
#  145|       if (lockp->lockinfo.lockfile == NULL) {
#  146|->         if ((code = krb5int_init_context_kdc(&lockp->lockinfo.context))) {
#  147|               free(db);
#  148|               return((krb5_error_code) code);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1319]
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:155:41: warning[-Wanalyzer-malloc-leak]: leak of ‘db’
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:70:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:73:28: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:73:28: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:74:8: branch_false: following ‘false’ branch (when ‘db’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:77:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:145:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:146:21: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:146:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:155:41: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:155:41: danger: ‘db’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  153|            * POSIX systems
#  154|            */
#  155|->         if ((lockp->lockinfo.lockfile = WRITABLEFOPEN(lockfilename, "r+")) == NULL) {
#  156|               /*
#  157|                * maybe someone took away write permission so we could only

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1320]
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:166:9: warning[-Wanalyzer-malloc-leak]: leak of ‘db’
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:70:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:73:28: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:73:28: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:74:8: branch_false: following ‘false’ branch (when ‘db’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:77:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:145:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:146:21: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:146:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:155:41: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:166:9: danger: ‘db’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  164|               }
#  165|           }
#  166|->         set_cloexec_file(lockp->lockinfo.lockfile);
#  167|           lockp->lockinfo.lockmode = lockp->lockinfo.lockcnt = 0;
#  168|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1321]
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:306:16: warning[-Wanalyzer-malloc-leak]: leak of ‘fdopen(krb5int_labeled_open(*db_20(D)->lock.filename, 194, 384), "w+")’
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:295:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:298:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:298:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:299:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:299:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:301:18: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:303:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:305:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:306:39: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/adb_openclose.c:306:16: danger: ‘fdopen(krb5int_labeled_open(*db_20(D)->lock.filename, 194, 384), "w+")’ leaks here; was allocated at [(9)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/8)
#  304|                   return OSA_ADB_NOLOCKFILE;
#  305|               set_cloexec_fd(fd);
#  306|->             if ((db->lock->lockfile = fdopen(fd, "w+")) == NULL)
#  307|                   return OSA_ADB_NOLOCKFILE;
#  308|           } else if ((ret = krb5_lock_file(db->lock->context,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1322]
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:217:5: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup(dbdata.data,  dbdata.size, & ret)’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:180:1: enter_function: entry to ‘osa_adb_get_policy’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:191:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:193:7: branch_false: following ‘false’ branch (when ‘name’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:197:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:211:13: call_function: inlined call to ‘k5alloc’ from ‘osa_adb_get_policy’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:214:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:214:20: call_function: calling ‘k5memdup’ from ‘osa_adb_get_policy’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:214:20: return_function: returning to ‘osa_adb_get_policy’ from ‘k5memdup’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:215:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:217:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:217:5: danger: ‘k5memdup(dbdata.data,  dbdata.size, & ret)’ leaks here; was allocated at [(17)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/16)
#  215|       if (aligned_data == NULL)
#  216|           goto error;
#  217|->     xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
#  218|       if (!xdr_osa_policy_ent_rec(&xdrs, entry)) {
#  219|           ret = OSA_ADB_FAILURE;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1323]
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:217:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:180:1: enter_function: entry to ‘osa_adb_get_policy’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:191:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:193:7: branch_false: following ‘false’ branch (when ‘name’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:197:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:211:13: call_function: inlined call to ‘k5alloc’ from ‘osa_adb_get_policy’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:214:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:214:20: call_function: calling ‘k5memdup’ from ‘osa_adb_get_policy’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:214:20: return_function: returning to ‘osa_adb_get_policy’ from ‘k5memdup’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:215:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:217:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:217:5: danger: ‘ptr’ leaks here; was allocated at [(10)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/9)
#  215|       if (aligned_data == NULL)
#  216|           goto error;
#  217|->     xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
#  218|       if (!xdr_osa_policy_ent_rec(&xdrs, entry)) {
#  219|           ret = OSA_ADB_FAILURE;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1324]
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:218:10: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:180:1: enter_function: entry to ‘osa_adb_get_policy’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:191:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:193:7: branch_false: following ‘false’ branch (when ‘name’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:197:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:211:13: call_function: inlined call to ‘k5alloc’ from ‘osa_adb_get_policy’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:214:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:214:20: call_function: calling ‘k5memdup’ from ‘osa_adb_get_policy’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:214:20: return_function: returning to ‘osa_adb_get_policy’ from ‘k5memdup’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:215:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:217:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:218:10: danger: ‘ptr’ leaks here; was allocated at [(10)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/9)
#  216|           goto error;
#  217|       xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
#  218|->     if (!xdr_osa_policy_ent_rec(&xdrs, entry)) {
#  219|           ret = OSA_ADB_FAILURE;
#  220|           goto error;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1325]
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:350:9: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup(dbdata.data,  dbdata.size, & ret)’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:322:1: enter_function: entry to ‘osa_adb_iter_policy’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:332:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:334:7: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:339:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:340:17: call_function: inlined call to ‘k5alloc’ from ‘osa_adb_iter_policy’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:344:24: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:344:24: call_function: calling ‘k5memdup’ from ‘osa_adb_iter_policy’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:344:24: return_function: returning to ‘osa_adb_iter_policy’ from ‘k5memdup’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:345:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:350:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:350:9: danger: ‘k5memdup(dbdata.data,  dbdata.size, & ret)’ leaks here; was allocated at [(17)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/16)
#  348|           }
#  349|   
#  350|->         xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
#  351|           if(!xdr_osa_policy_ent_rec(&xdrs, entry)) {
#  352|               xdr_destroy(&xdrs);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1326]
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:350:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:322:1: enter_function: entry to ‘osa_adb_iter_policy’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:332:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:334:7: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:339:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:340:17: call_function: inlined call to ‘k5alloc’ from ‘osa_adb_iter_policy’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:344:24: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:344:24: call_function: calling ‘k5memdup’ from ‘osa_adb_iter_policy’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:344:24: return_function: returning to ‘osa_adb_iter_policy’ from ‘k5memdup’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:345:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:350:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:350:9: danger: ‘ptr’ leaks here; was allocated at [(10)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/9)
#  348|           }
#  349|   
#  350|->         xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
#  351|           if(!xdr_osa_policy_ent_rec(&xdrs, entry)) {
#  352|               xdr_destroy(&xdrs);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1327]
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:351:13: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:322:1: enter_function: entry to ‘osa_adb_iter_policy’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:332:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:334:7: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:339:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:340:17: call_function: inlined call to ‘k5alloc’ from ‘osa_adb_iter_policy’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:344:24: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:344:24: call_function: calling ‘k5memdup’ from ‘osa_adb_iter_policy’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:344:24: return_function: returning to ‘osa_adb_iter_policy’ from ‘k5memdup’
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:345:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:350:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/adb_policy.c:351:13: danger: ‘ptr’ leaks here; was allocated at [(10)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/9)
#  349|   
#  350|           xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
#  351|->         if(!xdr_osa_policy_ent_rec(&xdrs, entry)) {
#  352|               xdr_destroy(&xdrs);
#  353|               free(aligned_data);

Error: GCC_ANALYZER_WARNING (CWE-688): [#def1328]
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:232:27: warning[-Wanalyzer-null-argument]: use of NULL ‘opt’ where non-null expected
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1227:1: enter_function: entry to ‘krb5_db2_destroy’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1240:14: call_function: calling ‘configure_context’ from ‘krb5_db2_destroy’
#  230|               }
#  231|           }
#  232|->         else if (!opt && !strcmp(val, "temporary")) {
#  233|               dbc->tempdb = 1;
#  234|           } else if (!opt && !strcmp(val, "merge_nra")) {

Error: GCC_ANALYZER_WARNING (CWE-688): [#def1329]
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:232:27: warning[-Wanalyzer-null-argument]: use of NULL ‘val’ where non-null expected
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1227:1: enter_function: entry to ‘krb5_db2_destroy’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1240:14: call_function: calling ‘configure_context’ from ‘krb5_db2_destroy’
#  230|               }
#  231|           }
#  232|->         else if (!opt && !strcmp(val, "temporary")) {
#  233|               dbc->tempdb = 1;
#  234|           } else if (!opt && !strcmp(val, "merge_nra")) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1330]
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:244:13: warning[-Wanalyzer-malloc-leak]: leak of ‘opt’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1202:1: enter_function: entry to ‘krb5_db2_create’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1211:14: call_function: calling ‘configure_context’ from ‘krb5_db2_create’
#  242|           } else {
#  243|               status = EINVAL;
#  244|->             k5_setmsg(context, status,
#  245|                         _("Unsupported argument \"%s\" for db2"),
#  246|                         opt ? opt : val);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1331]
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:244:13: warning[-Wanalyzer-malloc-leak]: leak of ‘val’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1227:1: enter_function: entry to ‘krb5_db2_destroy’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1240:14: call_function: calling ‘configure_context’ from ‘krb5_db2_destroy’
#  242|           } else {
#  243|               status = EINVAL;
#  244|->             k5_setmsg(context, status,
#  245|                         _("Unsupported argument \"%s\" for db2"),
#  246|                         opt ? opt : val);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1332]
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:253:18: warning[-Wanalyzer-malloc-leak]: leak of ‘val’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1227:1: enter_function: entry to ‘krb5_db2_destroy’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1240:14: call_function: calling ‘configure_context’ from ‘krb5_db2_destroy’
#  251|       if (dbc->db_name == NULL) {
#  252|           /* Check for database_name in the db_module section. */
#  253|->         status = profile_get_string(profile, KDB_MODULE_SECTION, conf_section,
#  254|                                       KDB_DB2_DATABASE_NAME, NULL, &pval);
#  255|           if (status == 0 && pval == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1333]
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:257:22: warning[-Wanalyzer-malloc-leak]: leak of ‘val’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1227:1: enter_function: entry to ‘krb5_db2_destroy’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1240:14: call_function: calling ‘configure_context’ from ‘krb5_db2_destroy’
#  255|           if (status == 0 && pval == NULL) {
#  256|               /* For compatibility, check for database_name in the realm. */
#  257|->             status = profile_get_string(profile, KDB_REALM_SECTION,
#  258|                                           KRB5_DB_GET_REALM(context),
#  259|                                           KDB_DB2_DATABASE_NAME,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1334]
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:267:14: warning[-Wanalyzer-malloc-leak]: leak of ‘val’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1227:1: enter_function: entry to ‘krb5_db2_destroy’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1240:14: call_function: calling ‘configure_context’ from ‘krb5_db2_destroy’
#  265|       }
#  266|   
#  267|->     status = profile_get_boolean(profile, KDB_MODULE_SECTION, conf_section,
#  268|                                    KRB5_CONF_DISABLE_LAST_SUCCESS, FALSE, &bval);
#  269|       if (status != 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1335]
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:273:14: warning[-Wanalyzer-malloc-leak]: leak of ‘val’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1227:1: enter_function: entry to ‘krb5_db2_destroy’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1240:14: call_function: calling ‘configure_context’ from ‘krb5_db2_destroy’
#  271|       dbc->disable_last_success = bval;
#  272|   
#  273|->     status = profile_get_boolean(profile, KDB_MODULE_SECTION, conf_section,
#  274|                                    KRB5_CONF_DISABLE_LOCKOUT, FALSE, &bval);
#  275|       if (status != 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1336]
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:369:10: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1463:1: enter_function: entry to ‘krb5_db2_promote_db’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1471:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1474:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1476:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1476:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1488:16: call_function: inlined call to ‘k5alloc’ from ‘krb5_db2_promote_db’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1491:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1495:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1497:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1498:14: call_function: calling ‘ctx_create_db’ from ‘krb5_db2_promote_db’
#  367|   
#  368|       /* Try our best guess at the database type. */
#  369|->     db = dbopen(fname, flags, mode,
#  370|                   dbc->hashfirst ? DB_HASH : DB_BTREE,
#  371|                   dbc->hashfirst ? (void *) &hashi : (void *) &bti);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1337]
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:374:14: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1463:1: enter_function: entry to ‘krb5_db2_promote_db’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1471:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1474:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1476:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1476:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1488:16: call_function: inlined call to ‘k5alloc’ from ‘krb5_db2_promote_db’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1491:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1495:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1497:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1498:14: call_function: calling ‘ctx_create_db’ from ‘krb5_db2_promote_db’
#  372|   
#  373|       if (db == NULL && IS_EFTYPE(errno)) {
#  374|->         db = dbopen(fname, flags, mode,
#  375|                       dbc->hashfirst ? DB_BTREE : DB_HASH,
#  376|                       dbc->hashfirst ? (void *) &bti : (void *) &hashi);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1338]
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:387:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1463:1: enter_function: entry to ‘krb5_db2_promote_db’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1471:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1474:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1476:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1476:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1488:16: call_function: inlined call to ‘k5alloc’ from ‘krb5_db2_promote_db’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1491:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1495:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1497:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1498:14: call_function: calling ‘ctx_create_db’ from ‘krb5_db2_promote_db’
#  385|   
#  386|       if (db == NULL) {
#  387|->         k5_prependmsg(context, errno, _("Cannot open DB2 database '%s'"),
#  388|                         fname);
#  389|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1339]
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:697:23: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1463:1: enter_function: entry to ‘krb5_db2_promote_db’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1471:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1474:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1476:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1476:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1488:16: call_function: inlined call to ‘k5alloc’ from ‘krb5_db2_promote_db’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1491:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1495:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1497:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1498:14: call_function: calling ‘ctx_create_db’ from ‘krb5_db2_promote_db’
#  695|           return retval;
#  696|   
#  697|->     dbc->db_lf_file = THREEPARAMOPEN(dbc->db_lf_name,
#  698|                                        O_CREAT | O_RDWR | O_TRUNC, 0600);
#  699|       if (dbc->db_lf_file < 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1340]
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:703:14: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1463:1: enter_function: entry to ‘krb5_db2_promote_db’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1471:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1474:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1476:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1476:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1488:16: call_function: inlined call to ‘k5alloc’ from ‘krb5_db2_promote_db’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1491:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1495:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1497:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1498:14: call_function: calling ‘ctx_create_db’ from ‘krb5_db2_promote_db’
#  701|           goto cleanup;
#  702|       }
#  703|->     retval = krb5_lock_file(context, dbc->db_lf_file, KRB5_LOCKMODE_EXCLUSIVE);
#  704|       if (retval != 0)
#  705|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1341]
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:706:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1463:1: enter_function: entry to ‘krb5_db2_promote_db’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1471:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1474:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1476:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1476:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1488:16: call_function: inlined call to ‘k5alloc’ from ‘krb5_db2_promote_db’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1491:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1495:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1497:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1498:14: call_function: calling ‘ctx_create_db’ from ‘krb5_db2_promote_db’
#  704|       if (retval != 0)
#  705|           goto cleanup;
#  706|->     set_cloexec_fd(dbc->db_lf_file);
#  707|       dbc->db_lock_mode = KRB5_LOCKMODE_EXCLUSIVE;
#  708|       dbc->db_locks_held = 1;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1342]
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:723:14: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1463:1: enter_function: entry to ‘krb5_db2_promote_db’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1471:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1474:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1476:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1476:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1488:16: call_function: inlined call to ‘k5alloc’ from ‘krb5_db2_promote_db’
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1491:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1495:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1497:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_db2.c:1498:14: call_function: calling ‘ctx_create_db’ from ‘krb5_db2_promote_db’
#  721|   
#  722|       /* Create the policy database, initialize a handle to it, and lock it. */
#  723|->     retval = osa_adb_create_db(polname, plockname, OSA_ADB_POLICY_DB_MAGIC);
#  724|       if (retval)
#  725|           goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1343]
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:342:19: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:225:1: enter_function: entry to ‘krb5_decode_princ_entry’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:237:13: call_function: inlined call to ‘k5alloc’ from ‘krb5_decode_princ_entry’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:251:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:253:8: branch_false: following ‘false’ branch (when ‘sizeleft > 37’)...
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:260:5: call_function: inlined call to ‘load_16_le’ from ‘krb5_decode_princ_entry’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:299:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:305:5: call_function: inlined call to ‘load_16_le’ from ‘krb5_decode_princ_entry’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:308:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:314:8: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:314:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:315:27: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:316:25: call_function: calling ‘k5memdup’ from ‘krb5_decode_princ_entry’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:316:25: return_function: returning to ‘krb5_decode_princ_entry’ from ‘k5memdup’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:317:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:319:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:326:8: branch_false: following ‘false’ branch (when ‘sizeleft > 39’)...
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:330:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:336:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:342:19: danger: ‘<unknown>’ leaks here; was allocated at [(21)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/20)
#  340|       }
#  341|   
#  342|->     if ((retval = krb5_parse_name(context, (char *)nextloc, &(entry->princ))))
#  343|           goto error_out;
#  344|       sizeleft -= i;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1344]
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:342:19: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:225:1: enter_function: entry to ‘krb5_decode_princ_entry’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:237:13: call_function: inlined call to ‘k5alloc’ from ‘krb5_decode_princ_entry’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:251:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:253:8: branch_false: following ‘false’ branch (when ‘sizeleft > 37’)...
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:260:5: call_function: inlined call to ‘load_16_le’ from ‘krb5_decode_princ_entry’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:299:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:305:5: call_function: inlined call to ‘load_16_le’ from ‘krb5_decode_princ_entry’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:308:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:314:8: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:314:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:326:8: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:326:8: branch_false: following ‘false’ branch (when ‘sizeleft > 39’)...
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:330:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:336:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:342:19: danger: ‘ptr’ leaks here; was allocated at [(4)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/3)
#  340|       }
#  341|   
#  342|->     if ((retval = krb5_parse_name(context, (char *)nextloc, &(entry->princ))))
#  343|           goto error_out;
#  344|       sizeleft -= i;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1345]
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:440:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:225:1: enter_function: entry to ‘krb5_decode_princ_entry’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:237:13: call_function: inlined call to ‘k5alloc’ from ‘krb5_decode_princ_entry’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:251:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:253:8: branch_false: following ‘false’ branch (when ‘sizeleft > 37’)...
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:260:5: call_function: inlined call to ‘load_16_le’ from ‘krb5_decode_princ_entry’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:299:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:305:5: call_function: inlined call to ‘load_16_le’ from ‘krb5_decode_princ_entry’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:308:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:314:8: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:314:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:315:27: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:316:25: call_function: calling ‘k5memdup’ from ‘krb5_decode_princ_entry’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:316:25: return_function: returning to ‘krb5_decode_princ_entry’ from ‘k5memdup’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:317:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:319:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:440:5: danger: ‘<unknown>’ leaks here; was allocated at [(21)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/20)
#  438|   
#  439|   error_out:
#  440|->     krb5_db_free_principal(context, entry);
#  441|       return retval;
#  442|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1346]
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:440:5: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:225:1: enter_function: entry to ‘krb5_decode_princ_entry’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:237:13: call_function: inlined call to ‘k5alloc’ from ‘krb5_decode_princ_entry’
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:251:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:253:8: branch_true: following ‘true’ branch (when ‘sizeleft <= 37’)...
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:254:9: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/kdb_xdr.c:440:5: danger: ‘ptr’ leaks here; was allocated at [(4)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/3)
#  438|   
#  439|   error_out:
#  440|->     krb5_db_free_principal(context, entry);
#  441|       return retval;
#  442|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1347]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:205:33: warning[-Wanalyzer-malloc-leak]: leak of ‘dbp’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:159:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:12: branch_false: following ‘false’ branch (when ‘t’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:165:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:173:38: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:173:12: branch_false: following ‘false’ branch (when ‘dbp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:175:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:176:12: branch_false: following ‘false’ branch (when ‘<unknown> == 1234’)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:180:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:193:12: branch_true: following ‘true’ branch (when ‘fname’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:194:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:205:33: danger: ‘dbp’ leaks here; was allocated at [(5)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/4)
#  203|   		}
#  204|   
#  205|-> 		if ((t->bt_fd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0)
#  206|   			goto err;
#  207|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1348]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:205:33: warning[-Wanalyzer-malloc-leak]: leak of ‘t’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:159:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:27: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:12: branch_false: following ‘false’ branch (when ‘t’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:165:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:173:12: branch_false: following ‘false’ branch (when ‘dbp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:175:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:176:12: branch_false: following ‘false’ branch (when ‘<unknown> == 1234’)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:180:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:193:12: branch_true: following ‘true’ branch (when ‘fname’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:194:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:205:33: danger: ‘t’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  203|   		}
#  204|   
#  205|-> 		if ((t->bt_fd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0)
#  206|   			goto err;
#  207|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1349]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:216:13: warning[-Wanalyzer-malloc-leak]: leak of ‘dbp’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:159:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:12: branch_false: following ‘false’ branch (when ‘t’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:165:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:173:38: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:173:12: branch_false: following ‘false’ branch (when ‘dbp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:175:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:176:12: branch_false: following ‘false’ branch (when ‘<unknown> == 1234’)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:180:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:193:12: branch_true: following ‘true’ branch (when ‘fname’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:194:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:205:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:216:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:216:13: danger: ‘dbp’ leaks here; was allocated at [(5)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/4)
#  214|   	}
#  215|   
#  216|-> 	if (fcntl(t->bt_fd, F_SETFD, 1) == -1)
#  217|   		goto err;
#  218|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1350]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:216:13: warning[-Wanalyzer-malloc-leak]: leak of ‘t’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:159:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:27: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:12: branch_false: following ‘false’ branch (when ‘t’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:165:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:173:12: branch_false: following ‘false’ branch (when ‘dbp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:175:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:176:12: branch_false: following ‘false’ branch (when ‘<unknown> == 1234’)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:180:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:193:12: branch_true: following ‘true’ branch (when ‘fname’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:194:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:205:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:216:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:216:13: danger: ‘t’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  214|   	}
#  215|   
#  216|-> 	if (fcntl(t->bt_fd, F_SETFD, 1) == -1)
#  217|   		goto err;
#  218|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1351]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:309:13: warning[-Wanalyzer-malloc-leak]: leak of ‘dbp’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:159:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:12: branch_false: following ‘false’ branch (when ‘t’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:165:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:173:38: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:173:12: branch_false: following ‘false’ branch (when ‘dbp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:175:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:205:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:216:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:216:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:219:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:219:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:221:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:309:13: danger: ‘dbp’ leaks here; was allocated at [(5)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/4)
#  307|   	/* Initialize the buffer pool. */
#  308|   	if ((t->bt_mp =
#  309|-> 	    mpool_open(NULL, t->bt_fd, t->bt_psize, ncache)) == NULL)
#  310|   		goto err;
#  311|   	if (!F_ISSET(t, B_INMEM))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1352]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:309:13: warning[-Wanalyzer-malloc-leak]: leak of ‘t’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:159:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:27: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:12: branch_false: following ‘false’ branch (when ‘t’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:165:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:173:12: branch_false: following ‘false’ branch (when ‘dbp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:175:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:205:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:216:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:216:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:219:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:219:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:221:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:309:13: danger: ‘t’ leaks here; was allocated at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#  307|   	/* Initialize the buffer pool. */
#  308|   	if ((t->bt_mp =
#  309|-> 	    mpool_open(NULL, t->bt_fd, t->bt_psize, ncache)) == NULL)
#  310|   		goto err;
#  311|   	if (!F_ISSET(t, B_INMEM))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1353]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:312:17: warning[-Wanalyzer-malloc-leak]: leak of ‘dbp’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:159:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:12: branch_false: following ‘false’ branch (when ‘t’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:165:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:173:38: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:173:12: branch_false: following ‘false’ branch (when ‘dbp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:175:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:205:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:216:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:216:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:219:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:219:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:221:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:308:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:311:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:311:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:312:17: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:312:17: danger: ‘dbp’ leaks here; was allocated at [(5)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/4)
#  310|   		goto err;
#  311|   	if (!F_ISSET(t, B_INMEM))
#  312|-> 		mpool_filter(t->bt_mp, __bt_pgin, __bt_pgout, t);
#  313|   
#  314|   	/* Create a root page if new tree. */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1354]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:312:17: warning[-Wanalyzer-malloc-leak]: leak of ‘t’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:159:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:27: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:12: branch_false: following ‘false’ branch (when ‘t’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:165:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:173:12: branch_false: following ‘false’ branch (when ‘dbp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:175:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:205:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:216:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:216:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:219:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:219:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:221:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:308:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:311:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:311:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:312:17: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:312:17: danger: ‘t’ leaks here; was allocated at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2)
#  310|   		goto err;
#  311|   	if (!F_ISSET(t, B_INMEM))
#  312|-> 		mpool_filter(t->bt_mp, __bt_pgin, __bt_pgout, t);
#  313|   
#  314|   	/* Create a root page if new tree. */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1355]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:338:31: warning[-Wanalyzer-malloc-leak]: leak of ‘t’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:159:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:27: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:12: branch_false: following ‘false’ branch (when ‘t’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:165:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:173:12: branch_false: following ‘false’ branch (when ‘dbp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:175:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:205:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:216:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:216:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:219:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:219:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:221:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:308:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:310:17: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:335:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:336:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:337:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:338:31: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:338:31: danger: ‘t’ leaks here; was allocated at [(3)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/2)
#  336|   			free(t->bt_dbp);
#  337|   		if (t->bt_fd != -1)
#  338|-> 			(void)close(t->bt_fd);
#  339|   		free(t);
#  340|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1356]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:424:19: warning[-Wanalyzer-malloc-leak]: leak of ‘dbp’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:93:1: enter_function: entry to ‘__kdb2_bt_open’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:159:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:12: branch_false: following ‘false’ branch (when ‘t’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:165:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:173:38: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:173:12: branch_false: following ‘false’ branch (when ‘dbp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:175:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:176:12: branch_false: following ‘false’ branch (when ‘<unknown> == 1234’)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:180:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:193:12: branch_false: following ‘false’ branch (when ‘fname’ is NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:209:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:209:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:211:33: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:211:33: call_function: calling ‘tmp’ from ‘__kdb2_bt_open’
#  422|   	oset = sigblock(~0);
#  423|   #endif
#  424|-> 	if ((fd = mkstemp(path)) != -1)
#  425|   		(void)unlink(path);
#  426|   	set_cloexec_fd(fd);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1357]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:424:19: warning[-Wanalyzer-malloc-leak]: leak of ‘t’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:93:1: enter_function: entry to ‘__kdb2_bt_open’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:159:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:27: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:12: branch_false: following ‘false’ branch (when ‘t’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:165:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:173:12: branch_false: following ‘false’ branch (when ‘dbp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:175:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:176:12: branch_false: following ‘false’ branch (when ‘<unknown> == 1234’)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:180:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:193:12: branch_false: following ‘false’ branch (when ‘fname’ is NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:209:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:209:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:211:33: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:211:33: call_function: calling ‘tmp’ from ‘__kdb2_bt_open’
#  422|   	oset = sigblock(~0);
#  423|   #endif
#  424|-> 	if ((fd = mkstemp(path)) != -1)
#  425|   		(void)unlink(path);
#  426|   	set_cloexec_fd(fd);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1358]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:426:9: warning[-Wanalyzer-malloc-leak]: leak of ‘dbp’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:93:1: enter_function: entry to ‘__kdb2_bt_open’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:159:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:12: branch_false: following ‘false’ branch (when ‘t’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:165:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:173:38: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:173:12: branch_false: following ‘false’ branch (when ‘dbp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:175:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:176:12: branch_false: following ‘false’ branch (when ‘<unknown> == 1234’)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:180:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:193:12: branch_false: following ‘false’ branch (when ‘fname’ is NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:209:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:209:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:211:33: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:211:33: call_function: calling ‘tmp’ from ‘__kdb2_bt_open’
#  424|   	if ((fd = mkstemp(path)) != -1)
#  425|   		(void)unlink(path);
#  426|-> 	set_cloexec_fd(fd);
#  427|   #ifdef SIG_BLOCK
#  428|   	(void)sigprocmask(SIG_SETMASK, &oset, NULL);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1359]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:426:9: warning[-Wanalyzer-malloc-leak]: leak of ‘t’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:93:1: enter_function: entry to ‘__kdb2_bt_open’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:159:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:27: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:163:12: branch_false: following ‘false’ branch (when ‘t’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:165:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:173:12: branch_false: following ‘false’ branch (when ‘dbp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:175:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:176:12: branch_false: following ‘false’ branch (when ‘<unknown> == 1234’)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:180:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:193:12: branch_false: following ‘false’ branch (when ‘fname’ is NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:209:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:209:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:211:33: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_open.c:211:33: call_function: calling ‘tmp’ from ‘__kdb2_bt_open’
#  424|   	if ((fd = mkstemp(path)) != -1)
#  425|   		(void)unlink(path);
#  426|-> 	set_cloexec_fd(fd);
#  427|   #ifdef SIG_BLOCK
#  428|   	(void)sigprocmask(SIG_SETMASK, &oset, NULL);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1360]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c:400:27: warning[-Wanalyzer-malloc-leak]: leak of ‘l’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c:352:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c:354:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c:384:26: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c:384:12: branch_false: following ‘false’ branch (when ‘l’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c:389:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c:399:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c:400:27: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c:400:27: danger: ‘l’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  398|   	/* Fix up the previous pointer of the page after the split page. */
#  399|   	if (h->nextpg != P_INVALID) {
#  400|-> 		if ((tp = mpool_get(t->bt_mp, h->nextpg, 0)) == NULL) {
#  401|   			free(l);
#  402|   			/* XXX mpool_free(t->bt_mp, r->pgno); */

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1361]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c:406:17: warning[-Wanalyzer-malloc-leak]: leak of ‘l’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c:352:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c:354:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c:384:26: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c:384:12: branch_false: following ‘false’ branch (when ‘l’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c:389:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c:399:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c:400:27: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c:400:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c:405:30: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/btree/bt_split.c:406:17: danger: ‘l’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  404|   		}
#  405|   		tp->prevpg = r->pgno;
#  406|-> 		mpool_put(t->bt_mp, tp, MPOOL_DIRTY);
#  407|   	}
#  408|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1362]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:109:24: warning[-Wanalyzer-malloc-leak]: leak of ‘hashp’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:98:1: enter_function: entry to ‘__kdb2_hash_open’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:107:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:111:31: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:111:12: branch_false: following ‘false’ branch (when ‘hashp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:113:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:131:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:133:23: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:137:12: branch_true: following ‘true’ branch (when ‘new_table != 0’)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:138:31: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:138:31: call_function: calling ‘init_hash’ from ‘__kdb2_hash_open’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:138:31: return_function: returning to ‘__kdb2_hash_open’ from ‘init_hash’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:138:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:139:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:252:12: branch_false: following ‘false’ branch (when ‘hashp’ is NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:255:1: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:109:24: danger: ‘hashp’ leaks here; was allocated at [(4)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/3)
#  107|   	if (!file || (flags & O_ACCMODE) == O_WRONLY) {
#  108|   		errno = EINVAL;
#  109|-> 		return (NULL);
#  110|   	}
#  111|   	if (!(hashp = (HTAB *)calloc(1, sizeof(HTAB))))

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1363]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:131:34: warning[-Wanalyzer-malloc-leak]: leak of ‘hashp’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:107:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:111:31: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:111:12: branch_false: following ‘false’ branch (when ‘hashp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:113:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:124:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:125:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:131:34: danger: ‘hashp’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  129|   	}
#  130|   	if (file) {
#  131|-> 		if ((hashp->fp = THREEPARAMOPEN(file, flags|O_BINARY, mode)) == -1)
#  132|   			RETURN_ERROR(errno, error0);
#  133|   		(void)fcntl(hashp->fp, F_SETFD, 1);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1364]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:133:23: warning[-Wanalyzer-malloc-leak]: leak of ‘hashp’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:107:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:111:31: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:111:12: branch_false: following ‘false’ branch (when ‘hashp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:113:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:124:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:125:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:131:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:133:23: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:133:23: danger: ‘hashp’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  131|   		if ((hashp->fp = THREEPARAMOPEN(file, flags|O_BINARY, mode)) == -1)
#  132|   			RETURN_ERROR(errno, error0);
#  133|-> 		(void)fcntl(hashp->fp, F_SETFD, 1);
#  134|   	}
#  135|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1365]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:160:21: warning[-Wanalyzer-malloc-leak]: leak of ‘hashp’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:98:1: enter_function: entry to ‘__kdb2_hash_open’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:107:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:111:31: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:111:12: branch_false: following ‘false’ branch (when ‘hashp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:113:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:124:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:125:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:131:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:133:23: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:137:12: branch_false: following ‘false’ branch (when ‘new_table == 0’)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:142:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:148:21: call_function: calling ‘hget_header’ from ‘__kdb2_hash_open’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:148:21: return_function: returning to ‘__kdb2_hash_open’ from ‘hget_header’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:148:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:154:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:154:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:157:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:157:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:160:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:160:21: danger: ‘hashp’ leaks here; was allocated at [(4)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/3)
#  158|   		    hashp->hdr.version != OLDHASHVERSION)
#  159|   			RETURN_ERROR(EFTYPE, error1);
#  160|-> 		if (hashp->hash(CHARKEY, sizeof(CHARKEY))
#  161|   		    != hashp->hdr.h_charkey)
#  162|   			RETURN_ERROR(EFTYPE, error1);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1366]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:186:21: warning[-Wanalyzer-malloc-leak]: leak of ‘hashp’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:98:1: enter_function: entry to ‘__kdb2_hash_open’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:107:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:111:31: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:111:12: branch_false: following ‘false’ branch (when ‘hashp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:113:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:124:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:125:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:131:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:133:23: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:137:12: branch_false: following ‘false’ branch (when ‘new_table == 0’)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:142:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:148:21: call_function: calling ‘hget_header’ from ‘__kdb2_hash_open’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:148:21: return_function: returning to ‘__kdb2_hash_open’ from ‘hget_header’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:148:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:154:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:154:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:157:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:157:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:160:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:160:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:170:45: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:186:21: danger: ‘hashp’ leaks here; was allocated at [(4)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/3)
#  184|   	else
#  185|   		csize = DEF_CACHESIZE / hashp->hdr.bsize;
#  186|-> 	hashp->mp = mpool_open(&mpool_key, hashp->fp, hashp->hdr.bsize, csize);
#  187|   
#  188|   	if (!hashp->mp)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1367]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:190:9: warning[-Wanalyzer-malloc-leak]: leak of ‘hashp’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:98:1: enter_function: entry to ‘__kdb2_hash_open’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:107:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:111:31: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:111:12: branch_false: following ‘false’ branch (when ‘hashp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:113:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:124:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:125:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:131:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:133:23: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:137:12: branch_false: following ‘false’ branch (when ‘new_table == 0’)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:142:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:148:21: call_function: calling ‘hget_header’ from ‘__kdb2_hash_open’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:148:21: return_function: returning to ‘__kdb2_hash_open’ from ‘hget_header’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:148:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:154:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:154:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:157:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:157:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:160:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:160:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:170:45: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:188:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:190:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:190:9: danger: ‘hashp’ leaks here; was allocated at [(4)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/3)
#  188|   	if (!hashp->mp)
#  189|   		RETURN_ERROR(errno, error1);
#  190|-> 	mpool_filter(hashp->mp, __pgin_routine, __pgout_routine, hashp);
#  191|   
#  192|   	/*

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1368]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:253:23: warning[-Wanalyzer-malloc-leak]: leak of ‘hashp’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:98:1: enter_function: entry to ‘__kdb2_hash_open’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:107:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:111:31: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:111:12: branch_false: following ‘false’ branch (when ‘hashp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:113:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:124:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:125:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:131:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:133:23: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:137:12: branch_false: following ‘false’ branch (when ‘new_table == 0’)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:142:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:148:21: call_function: calling ‘hget_header’ from ‘__kdb2_hash_open’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:148:21: return_function: returning to ‘__kdb2_hash_open’ from ‘hget_header’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:148:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:151:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:252:12: branch_true: following ‘true’ branch (when ‘hashp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:253:29: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:253:23: danger: ‘hashp’ leaks here; was allocated at [(4)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/3)
#  251|   error1:
#  252|   	if (hashp != NULL)
#  253|-> 		(void)close(hashp->fp);
#  254|   
#  255|   error0:

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1369]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:314:37: warning[-Wanalyzer-malloc-leak]: leak of ‘hashp’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:98:1: enter_function: entry to ‘__kdb2_hash_open’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:107:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:111:31: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:111:12: branch_false: following ‘false’ branch (when ‘hashp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:113:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:131:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:133:23: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:137:12: branch_true: following ‘true’ branch (when ‘new_table != 0’)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:138:31: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:138:31: call_function: calling ‘init_hash’ from ‘__kdb2_hash_open’
#  312|   		if (hashp->hdr.bsize > MAX_BSIZE)
#  313|   		    hashp->hdr.bsize = MAX_BSIZE;
#  314|-> 		hashp->hdr.bshift = __log2(hashp->hdr.bsize);
#  315|   	}
#  316|   	if (info) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1370]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:319:45: warning[-Wanalyzer-malloc-leak]: leak of ‘hashp’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:98:1: enter_function: entry to ‘__kdb2_hash_open’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:107:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:111:31: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:111:12: branch_false: following ‘false’ branch (when ‘hashp’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:113:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:131:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:133:23: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:137:12: branch_true: following ‘true’ branch (when ‘new_table != 0’)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:138:31: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash.c:138:31: call_function: calling ‘init_hash’ from ‘__kdb2_hash_open’
#  317|   		if (info->bsize) {
#  318|   			/* Round pagesize up to power of 2 */
#  319|-> 			hashp->hdr.bshift = __log2(info->bsize);
#  320|   			hashp->hdr.bsize = 1 << hashp->hdr.bshift;
#  321|   			if (hashp->hdr.bsize > MAX_BSIZE) {

Error: COMPILER_WARNING (CWE-252): [#def1371]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash_page.c: scope_hint: In function ‘overflow_page’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash_page.c:1056:31: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 1056 |                         (void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1);
#      |                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1054|   	if (offset > SPLITMASK) {
# 1055|   		if (++splitnum >= NCACHED) {
# 1056|-> 			(void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1);
# 1057|   			return (0);
# 1058|   		}

Error: COMPILER_WARNING (CWE-252): [#def1372]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash_page.c:1068:31: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 1068 |                         (void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1);
#      |                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1066|   		free_page++;
# 1067|   		if (free_page >= NCACHED) {
# 1068|-> 			(void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1);
# 1069|   			return (0);
# 1070|   		}

Error: COMPILER_WARNING (CWE-252): [#def1373]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash_page.c:1092:39: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 1092 |                                 (void)write(STDERR_FILENO,
#      |                                       ^~~~~~~~~~~~~~~~~~~~
# 1093 |                                     OVMSG, sizeof(OVMSG) - 1);
#      |                                     ~~~~~~~~~~~~~~~~~~~~~~~~~
# 1090|   		if (offset > SPLITMASK) {
# 1091|   			if (++splitnum >= NCACHED) {
# 1092|-> 				(void)write(STDERR_FILENO,
# 1093|   				    OVMSG, sizeof(OVMSG) - 1);
# 1094|   				return (0);

Error: COMPILER_WARNING (CWE-252): [#def1374]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash_page.c:1119:23: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 1119 |                 (void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1);
#      |                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1117|   
# 1118|   	if (OADDR_TO_PAGE(addr) > MAX_PAGES(hashp)) {
# 1119|-> 		(void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1);
# 1120|   		return (0);
# 1121|   	}

Error: COMPILER_WARNING (CWE-252): [#def1375]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/hash/hash_page.c:1152:23: warning[-Wunused-result]: ignoring return value of ‘write’ declared with attribute ‘warn_unused_result’
# 1152 |                 (void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1);
#      |                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 1150|   
# 1151|   	if (OADDR_TO_PAGE(addr) > MAX_PAGES(hashp)) {
# 1152|-> 		(void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1);
# 1153|   		return (0);
# 1154|   	}

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1376]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:90:28: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:82:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:83:20: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:86:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:86:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:87:44: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:87:44: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:88:29: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:88:29: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:90:28: danger: ‘<unknown>’ leaks here; was allocated at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#   88|   			    malloc(t->bt_reclen) :
#   89|   			    realloc(t->bt_rdata.data, t->bt_reclen);
#   90|-> 			if (t->bt_rdata.data == NULL)
#   91|   				return (RET_ERROR);
#   92|   			t->bt_rdata.size = t->bt_reclen;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1377]
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:204:21: warning[-Wanalyzer-malloc-leak]: leak of ‘tdata.data’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:62:1: enter_function: entry to ‘__kdb2_rec_put’
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:122:20: branch_false: following ‘false’ branch (when ‘nrec != 0’)...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:140:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:140:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:141:22: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:144:20: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:145:29: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:145:28: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:147:37: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:147:37: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:146:36: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:149:33: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:155:32: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:156:37: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/db2/libdb2/recno/rec_put.c:156:37: call_function: calling ‘__kdb2_rec_iput’ from ‘__kdb2_rec_put’
#  202|   	 */
#  203|   	if (data->size > t->bt_ovflsize) {
#  204|-> 		if (__ovfl_put(t, data, &pg) == RET_ERROR)
#  205|   			return (RET_ERROR);
#  206|   		tdata.data = db;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1378]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c:118:12: warning[-Wanalyzer-malloc-leak]: leak of ‘*plist’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c:106:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c:111:8: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c:114:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c:115:21: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c:117:18: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c:118:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c:122:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c:115:21: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c:117:18: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c:118:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c:122:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c:115:21: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c:117:18: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c:117:18: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c:118:12: danger: ‘*plist’ leaks here; was allocated at [(15)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/14)
#  116|            plist++, count++) {
#  117|           *plist = strdup(token);
#  118|->         if (*plist == NULL) {
#  119|               retval = ENOMEM;
#  120|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1379]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:65:18: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:93:1: enter_function: entry to ‘kdb5_ldap_create_policy’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:106:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:112:8: branch_false: following ‘false’ branch (when ‘policyparams’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:118:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_true: following ‘true’ branch (when ‘i < argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:28: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:265:36: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:265:36: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:266:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_false: following ‘false’ branch (when ‘i >= argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:275:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:275:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:278:19: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:278:19: call_function: calling ‘init_ldap_realm’ from ‘kdb5_ldap_create_policy’
#   63|   
#   64|       if (ldap_context->container_dn == NULL) {
#   65|->         retval = krb5_ldap_read_krbcontainer_dn(util_context,
#   66|                                                   &ldap_context->container_dn);
#   67|           if (retval != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1380]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:65:18: warning[-Wanalyzer-malloc-leak]: leak of ‘policyparams’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:93:1: enter_function: entry to ‘kdb5_ldap_create_policy’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:106:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:112:8: branch_false: following ‘false’ branch (when ‘policyparams’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:118:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_true: following ‘true’ branch (when ‘i < argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:28: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:265:36: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:266:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_false: following ‘false’ branch (when ‘i >= argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:275:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:275:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:278:19: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:278:19: call_function: calling ‘init_ldap_realm’ from ‘kdb5_ldap_create_policy’
#   63|   
#   64|       if (ldap_context->container_dn == NULL) {
#   65|->         retval = krb5_ldap_read_krbcontainer_dn(util_context,
#   66|                                                   &ldap_context->container_dn);
#   67|           if (retval != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1381]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:65:18: warning[-Wanalyzer-malloc-leak]: leak of ‘policy’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:677:1: enter_function: entry to ‘kdb5_ldap_view_policy’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:686:8: branch_false: following ‘false’ branch (when ‘argc == 2’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:690:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:690:14: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:691:8: branch_false: following ‘false’ branch (when ‘policy’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:697:19: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:697:19: call_function: calling ‘init_ldap_realm’ from ‘kdb5_ldap_view_policy’
#   63|   
#   64|       if (ldap_context->container_dn == NULL) {
#   65|->         retval = krb5_ldap_read_krbcontainer_dn(util_context,
#   66|                                                   &ldap_context->container_dn);
#   67|           if (retval != 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1382]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:68:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:93:1: enter_function: entry to ‘kdb5_ldap_create_policy’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:106:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:112:8: branch_false: following ‘false’ branch (when ‘policyparams’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:118:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_true: following ‘true’ branch (when ‘i < argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:28: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:265:36: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:265:36: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:266:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_false: following ‘false’ branch (when ‘i >= argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:275:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:275:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:278:19: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:278:19: call_function: calling ‘init_ldap_realm’ from ‘kdb5_ldap_create_policy’
#   66|                                                   &ldap_context->container_dn);
#   67|           if (retval != 0) {
#   68|->             com_err(progname, retval,
#   69|                       _("while reading kerberos container information"));
#   70|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1383]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:68:13: warning[-Wanalyzer-malloc-leak]: leak of ‘policyparams’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:93:1: enter_function: entry to ‘kdb5_ldap_create_policy’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:106:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:112:8: branch_false: following ‘false’ branch (when ‘policyparams’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:118:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_true: following ‘true’ branch (when ‘i < argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:28: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:265:36: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:266:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_false: following ‘false’ branch (when ‘i >= argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:275:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:275:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:278:19: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:278:19: call_function: calling ‘init_ldap_realm’ from ‘kdb5_ldap_create_policy’
#   66|                                                   &ldap_context->container_dn);
#   67|           if (retval != 0) {
#   68|->             com_err(progname, retval,
#   69|                       _("while reading kerberos container information"));
#   70|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1384]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:68:13: warning[-Wanalyzer-malloc-leak]: leak of ‘policy’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:677:1: enter_function: entry to ‘kdb5_ldap_view_policy’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:686:8: branch_false: following ‘false’ branch (when ‘argc == 2’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:690:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:690:14: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:691:8: branch_false: following ‘false’ branch (when ‘policy’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:697:19: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:697:19: call_function: calling ‘init_ldap_realm’ from ‘kdb5_ldap_view_policy’
#   66|                                                   &ldap_context->container_dn);
#   67|           if (retval != 0) {
#   68|->             com_err(progname, retval,
#   69|                       _("while reading kerberos container information"));
#   70|               goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1385]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:75:18: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:93:1: enter_function: entry to ‘kdb5_ldap_create_policy’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:106:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:112:8: branch_false: following ‘false’ branch (when ‘policyparams’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:118:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_true: following ‘true’ branch (when ‘i < argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:28: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:265:36: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:265:36: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:266:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_false: following ‘false’ branch (when ‘i >= argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:275:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:275:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:278:19: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:278:19: call_function: calling ‘init_ldap_realm’ from ‘kdb5_ldap_create_policy’
#   73|   
#   74|       if (ldap_context->lrparams == NULL) {
#   75|->         retval = krb5_ldap_read_realm_params(util_context,
#   76|                                                global_params.realm,
#   77|                                                &(ldap_context->lrparams),

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1386]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:75:18: warning[-Wanalyzer-malloc-leak]: leak of ‘policyparams’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:93:1: enter_function: entry to ‘kdb5_ldap_create_policy’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:106:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:112:8: branch_false: following ‘false’ branch (when ‘policyparams’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:118:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_true: following ‘true’ branch (when ‘i < argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:28: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:265:36: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:266:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_false: following ‘false’ branch (when ‘i >= argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:275:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:275:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:278:19: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:278:19: call_function: calling ‘init_ldap_realm’ from ‘kdb5_ldap_create_policy’
#   73|   
#   74|       if (ldap_context->lrparams == NULL) {
#   75|->         retval = krb5_ldap_read_realm_params(util_context,
#   76|                                                global_params.realm,
#   77|                                                &(ldap_context->lrparams),

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1387]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:75:18: warning[-Wanalyzer-malloc-leak]: leak of ‘policy’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:677:1: enter_function: entry to ‘kdb5_ldap_view_policy’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:686:8: branch_false: following ‘false’ branch (when ‘argc == 2’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:690:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:690:14: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:691:8: branch_false: following ‘false’ branch (when ‘policy’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:697:19: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:697:19: call_function: calling ‘init_ldap_realm’ from ‘kdb5_ldap_view_policy’
#   73|   
#   74|       if (ldap_context->lrparams == NULL) {
#   75|->         retval = krb5_ldap_read_realm_params(util_context,
#   76|                                                global_params.realm,
#   77|                                                &(ldap_context->lrparams),

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1388]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:126:20: warning[-Wanalyzer-malloc-leak]: leak of ‘policyparams’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:106:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:112:8: branch_false: following ‘false’ branch (when ‘policyparams’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:118:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_true: following ‘true’ branch (when ‘i < argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:12: branch_true: following ‘true’ branch (when the strings are equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:123:16: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:123:16: branch_false: following ‘false’ branch (when ‘argc > i’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:126:33: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:126:20: danger: ‘policyparams’ leaks here; was allocated at [(3)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/2)
#  124|                   goto err_usage;
#  125|   
#  126|->             date = get_date(argv[i]);
#  127|               if (date == (time_t)(-1)) {
#  128|                   retval = EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1389]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:129:17: warning[-Wanalyzer-malloc-leak]: leak of ‘policyparams’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:106:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:112:8: branch_false: following ‘false’ branch (when ‘policyparams’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:118:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_true: following ‘true’ branch (when ‘i < argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:12: branch_true: following ‘true’ branch (when the strings are equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:123:16: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:123:16: branch_false: following ‘false’ branch (when ‘argc > i’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:126:33: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:127:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:129:37: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:129:17: danger: ‘policyparams’ leaks here; was allocated at [(3)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/2)
#  127|               if (date == (time_t)(-1)) {
#  128|                   retval = EINVAL;
#  129|->                 com_err(me, retval, _("while providing time specification"));
#  130|                   goto err_nomsg;
#  131|               }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1390]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:140:20: warning[-Wanalyzer-malloc-leak]: leak of ‘policyparams’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:106:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:112:8: branch_false: following ‘false’ branch (when ‘policyparams’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:118:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_true: following ‘true’ branch (when ‘i < argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:19: branch_true: following ‘true’ branch (when the strings are equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:137:16: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:137:16: branch_false: following ‘false’ branch (when ‘argc > i’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:140:33: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:140:20: danger: ‘policyparams’ leaks here; was allocated at [(3)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/2)
#  138|                   goto err_usage;
#  139|   
#  140|->             date = get_date(argv[i]);
#  141|               if (date == (time_t)(-1)) {
#  142|                   retval = EINVAL;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1391]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:143:17: warning[-Wanalyzer-malloc-leak]: leak of ‘policyparams’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:106:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:112:8: branch_false: following ‘false’ branch (when ‘policyparams’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:118:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_true: following ‘true’ branch (when ‘i < argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:19: branch_true: following ‘true’ branch (when the strings are equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:137:16: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:137:16: branch_false: following ‘false’ branch (when ‘argc > i’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:140:33: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:141:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:143:37: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:143:17: danger: ‘policyparams’ leaks here; was allocated at [(3)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/2)
#  141|               if (date == (time_t)(-1)) {
#  142|                   retval = EINVAL;
#  143|->                 com_err(me, retval, _("while providing time specification"));
#  144|                   goto err_nomsg;
#  145|               }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1392]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:268:17: warning[-Wanalyzer-malloc-leak]: leak of ‘policyparams’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:106:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:112:8: branch_false: following ‘false’ branch (when ‘policyparams’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:118:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_true: following ‘true’ branch (when ‘i < argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:28: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:265:36: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:266:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:268:37: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:268:17: danger: ‘policyparams’ leaks here; was allocated at [(3)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/2)
#  266|               if (policyparams->policy == NULL) {
#  267|                   retval = ENOMEM;
#  268|->                 com_err(me, retval, _("while creating policy object"));
#  269|                   goto err_nomsg;
#  270|               }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1393]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:279:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:106:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:112:8: branch_false: following ‘false’ branch (when ‘policyparams’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:118:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_true: following ‘true’ branch (when ‘i < argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:28: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:265:36: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:265:36: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:266:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_false: following ‘false’ branch (when ‘i >= argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:275:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:275:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:278:19: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:278:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:279:29: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:279:9: danger: ‘<unknown>’ leaks here; was allocated at [(37)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/36)
#  277|   
#  278|       if ((retval = init_ldap_realm (argc, argv))) {
#  279|->         com_err(me, retval, _("while reading realm information"));
#  280|           goto err_nomsg;
#  281|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1394]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:279:9: warning[-Wanalyzer-malloc-leak]: leak of ‘policyparams’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:106:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:112:8: branch_false: following ‘false’ branch (when ‘policyparams’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:118:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_true: following ‘true’ branch (when ‘i < argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:28: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:265:36: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:266:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_false: following ‘false’ branch (when ‘i >= argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:275:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:275:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:278:19: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:278:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:279:29: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:279:9: danger: ‘policyparams’ leaks here; was allocated at [(3)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/2)
#  277|   
#  278|       if ((retval = init_ldap_realm (argc, argv))) {
#  279|->         com_err(me, retval, _("while reading realm information"));
#  280|           goto err_nomsg;
#  281|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1395]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:284:19: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:106:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:112:8: branch_false: following ‘false’ branch (when ‘policyparams’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:118:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_true: following ‘true’ branch (when ‘i < argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:28: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:265:36: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:265:36: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:266:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_false: following ‘false’ branch (when ‘i >= argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:275:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:275:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:278:19: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:278:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:284:19: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:284:19: danger: ‘<unknown>’ leaks here; was allocated at [(37)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/36)
#  282|   
#  283|       /* Create object with all attributes provided */
#  284|->     if ((retval = krb5_ldap_create_policy(util_context, policyparams, mask)) != 0)
#  285|           goto cleanup;
#  286|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1396]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:284:19: warning[-Wanalyzer-malloc-leak]: leak of ‘policyparams’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:106:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:112:8: branch_false: following ‘false’ branch (when ‘policyparams’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:118:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_true: following ‘true’ branch (when ‘i < argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:122:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:136:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:28: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:150:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:159:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:168:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:177:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:186:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:195:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:204:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:213:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:222:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:231:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:240:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:249:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:261:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:265:36: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:266:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:121:17: branch_false: following ‘false’ branch (when ‘i >= argc’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:275:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:275:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:278:19: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:278:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:284:19: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:284:19: danger: ‘policyparams’ leaks here; was allocated at [(3)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/2)
#  282|   
#  283|       /* Create object with all attributes provided */
#  284|->     if ((retval = krb5_ldap_create_policy(util_context, policyparams, mask)) != 0)
#  285|           goto cleanup;
#  286|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1397]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:297:5: warning[-Wanalyzer-malloc-leak]: leak of ‘policyparams’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:106:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:111:47: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:112:8: branch_false: following ‘false’ branch (when ‘policyparams’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:118:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:275:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:276:9: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c:297:5: danger: ‘policyparams’ leaks here; was allocated at [(3)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/2)
#  295|   cleanup:
#  296|       /* Clean-up structure */
#  297|->     krb5_ldap_free_policy (util_context, policyparams);
#  298|   
#  299|       if (print_usage)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1398]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:253:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(tmp_file, "w")’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:113:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:118:8: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:121:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:122:36: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:121:17: branch_false: following ‘false’ branch (when ‘service_object’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:158:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:168:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:174:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:174:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:182:11: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:184:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:192:16: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:194:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:199:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:203:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:204:20: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:204:12: branch_true: following ‘true’ branch (when ‘str’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:206:23: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:212:8: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:241:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:241:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:247:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:251:19: acquire_resource: opened here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:253:9: danger: ‘fopen(tmp_file, "w")’ leaks here; was opened at [(24)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/23)
#  251|           newfile = fopen(tmp_file, "w");
#  252|   #ifdef USE_SELINUX
#  253|->         krb5int_pop_fscreatecon(selabel);
#  254|   #endif
#  255|           umask (omask);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1399]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:261:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(tmp_file, "w")’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:113:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:118:8: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:121:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:122:36: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:121:17: branch_false: following ‘false’ branch (when ‘service_object’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:158:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:168:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:174:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:174:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:182:11: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:184:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:192:16: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:194:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:199:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:203:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:204:20: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:204:12: branch_true: following ‘true’ branch (when ‘str’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:206:23: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:212:8: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:241:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:241:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:247:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:251:19: acquire_resource: opened here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:256:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:261:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:261:9: danger: ‘fopen(tmp_file, "w")’ leaks here; was opened at [(24)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/23)
#  259|               goto cleanup;
#  260|           }
#  261|->         set_cloexec_file(newfile);
#  262|   
#  263|           fseek(pfile, 0, SEEK_SET);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1400]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:263:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(tmp_file, "w")’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:113:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:118:8: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:121:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:122:36: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:121:17: branch_false: following ‘false’ branch (when ‘service_object’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:158:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:168:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:174:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:174:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:182:11: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:184:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:192:16: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:194:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:199:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:203:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:204:20: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:204:12: branch_true: following ‘true’ branch (when ‘str’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:206:23: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:212:8: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:241:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:241:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:247:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:251:19: acquire_resource: opened here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:256:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:261:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:263:9: danger: ‘fopen(tmp_file, "w")’ leaks here; was opened at [(24)](sarif:/runs/0/results/22/codeFlows/0/threadFlows/0/locations/23)
#  261|           set_cloexec_file(newfile);
#  262|   
#  263|->         fseek(pfile, 0, SEEK_SET);
#  264|           while (fgets(line, MAX_LEN, pfile) != NULL) {
#  265|               if (((str = strstr(line, service_object)) != NULL) &&

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1401]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:268:21: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(tmp_file, "w")’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:113:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:118:8: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:121:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:122:36: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:121:17: branch_false: following ‘false’ branch (when ‘service_object’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:158:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:168:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:174:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:174:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:182:11: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:184:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:192:16: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:194:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:199:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:203:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:204:20: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:204:12: branch_true: following ‘true’ branch (when ‘str’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:206:23: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:212:8: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:241:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:241:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:247:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:251:19: acquire_resource: opened here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:256:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:261:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:264:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:265:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:265:16: branch_true: following ‘true’ branch (when ‘str’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:266:23: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:268:21: danger: ‘fopen(tmp_file, "w")’ leaks here; was opened at [(24)](sarif:/runs/0/results/24/codeFlows/0/threadFlows/0/locations/23)
#  266|                   (line[strlen(service_object)] == '#')) {
#  267|                   if (fprintf(newfile, "%s#{HEX}%s\n", service_object, hexpasswd) < 0) {
#  268|->                     com_err(me, errno, _("Failed to write service object "
#  269|                                            "password to file"));
#  270|                       fclose(newfile);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1402]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:277:21: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(tmp_file, "w")’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:113:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:118:8: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:121:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:122:36: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:121:17: branch_false: following ‘false’ branch (when ‘service_object’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:158:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:168:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:174:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:174:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:182:11: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:184:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:192:16: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:194:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:199:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:203:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:204:20: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:204:12: branch_true: following ‘true’ branch (when ‘str’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:206:23: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:212:8: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:241:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:241:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:247:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:251:19: acquire_resource: opened here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:256:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:261:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:264:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:265:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:265:16: branch_false: following ‘false’ branch (when ‘str’ is NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:276:21: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:277:21: danger: ‘fopen(tmp_file, "w")’ leaks here; was opened at [(24)](sarif:/runs/0/results/26/codeFlows/0/threadFlows/0/locations/23)
#  275|               } else {
#  276|                   if (fprintf (newfile, "%s", line) < 0) {
#  277|->                     com_err(me, errno, _("Failed to write service object "
#  278|                                            "password to file"));
#  279|                       fclose(newfile);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1403]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:288:13: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(tmp_file, "w")’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:113:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:118:8: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:121:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:122:36: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:121:17: branch_false: following ‘false’ branch (when ‘service_object’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:158:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:168:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:174:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:174:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:182:11: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:184:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:192:16: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:194:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:199:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:203:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:204:20: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:204:12: branch_true: following ‘true’ branch (when ‘str’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:206:23: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:212:8: branch_false: following ‘false’ branch (when ‘str’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:241:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:241:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:247:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:251:19: acquire_resource: opened here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:256:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:261:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:287:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:289:21: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c:288:13: danger: ‘fopen(tmp_file, "w")’ leaks here; was opened at [(24)](sarif:/runs/0/results/28/codeFlows/0/threadFlows/0/locations/23)
#  286|   
#  287|           if (!feof(pfile)) {
#  288|->             com_err(me, errno,
#  289|                       _("Error reading service object password file"));
#  290|               fclose(newfile);

Error: COMPILER_WARNING: [#def1404]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c: scope_hint: In function ‘extended_com_err_fn’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:230:5: warning[-Wsuggest-attribute=format]: function ‘extended_com_err_fn’ might be a candidate for ‘gnu_printf’ format attribute
#  230 |     vfprintf (stderr, fmt, args);
#      |     ^~~~~~~~
#  228|       fprintf (stderr, "%s: %s ", myprog, emsg);
#  229|       krb5_free_error_message (util_context, emsg);
#  230|->     vfprintf (stderr, fmt, args);
#  231|       fprintf (stderr, "\n");
#  232|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1405]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:292:27: warning[-Wanalyzer-malloc-leak]: leak of ‘cmd_argv’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:263:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:270:8: branch_false: following ‘false’ branch (when ‘cmd_argv’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:275:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:281:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:282:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:288:19: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:292:27: danger: ‘cmd_argv’ leaks here; was allocated at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  290|               global_params.mask |= KADM5_CONFIG_REALM;
#  291|               /* not sure this is really necessary */
#  292|->             if ((retval = krb5_set_default_realm(util_context,
#  293|                                                    global_params.realm))) {
#  294|                   com_err(progname, retval,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1406]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:294:17: warning[-Wanalyzer-malloc-leak]: leak of ‘cmd_argv’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:263:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:270:8: branch_false: following ‘false’ branch (when ‘cmd_argv’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:275:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:281:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:282:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:288:19: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:292:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:295:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:294:17: danger: ‘cmd_argv’ leaks here; was allocated at [(3)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/2)
#  292|               if ((retval = krb5_set_default_realm(util_context,
#  293|                                                    global_params.realm))) {
#  294|->                 com_err(progname, retval,
#  295|                           _("while setting default realm name"));
#  296|                   exit_status++;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1407]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:300:17: warning[-Wanalyzer-malloc-leak]: leak of ‘cmd_argv’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:263:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:270:8: branch_false: following ‘false’ branch (when ‘cmd_argv’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:275:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:281:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:282:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:299:19: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:300:17: danger: ‘cmd_argv’ leaks here; was allocated at [(3)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/2)
#  298|               }
#  299|           } else if (strcmp(*argv, "-k") == 0 && ARG_VAL) {
#  300|->             if (krb5_string_to_enctype(koptarg, &global_params.enctype)) {
#  301|                   com_err(progname, EINVAL,
#  302|                           _(": %s is an invalid enctype"), koptarg);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1408]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:301:17: warning[-Wanalyzer-malloc-leak]: leak of ‘cmd_argv’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:263:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:270:8: branch_false: following ‘false’ branch (when ‘cmd_argv’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:275:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:281:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:282:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:299:19: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:300:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:302:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:301:17: danger: ‘cmd_argv’ leaks here; was allocated at [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  299|           } else if (strcmp(*argv, "-k") == 0 && ARG_VAL) {
#  300|               if (krb5_string_to_enctype(koptarg, &global_params.enctype)) {
#  301|->                 com_err(progname, EINVAL,
#  302|                           _(": %s is an invalid enctype"), koptarg);
#  303|                   exit_status++;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1409]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:310:17: warning[-Wanalyzer-malloc-leak]: leak of ‘cmd_argv’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:263:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:270:8: branch_false: following ‘false’ branch (when ‘cmd_argv’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:275:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:281:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:282:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:309:16: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:311:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:310:17: danger: ‘cmd_argv’ leaks here; was allocated at [(3)](sarif:/runs/0/results/4/codeFlows/0/threadFlows/0/locations/2)
#  308|               global_params.kvno = (krb5_kvno) atoi(koptarg);
#  309|               if (global_params.kvno == IGNORE_VNO) {
#  310|->                 com_err(progname, EINVAL,
#  311|                           _(": %s is an invalid mkeyVNO"), koptarg);
#  312|                   exit_status++;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1410]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:337:17: warning[-Wanalyzer-malloc-leak]: leak of ‘cmd_argv’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:263:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:270:8: branch_false: following ‘false’ branch (when ‘cmd_argv’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:275:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:281:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:282:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:322:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:326:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:334:19: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:336:16: branch_true: following ‘true’ branch (when ‘passwd’ is NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:337:43: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:337:17: danger: ‘cmd_argv’ leaks here; was allocated at [(3)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/2)
#  335|               passwd = strdup(koptarg);
#  336|               if (passwd == NULL) {
#  337|->                 com_err(progname, ENOMEM, _("while reading ldap parameters"));
#  338|                   exit_status++;
#  339|                   goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1411]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:392:18: warning[-Wanalyzer-malloc-leak]: leak of ‘cmd_argv’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:263:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:270:8: branch_false: following ‘false’ branch (when ‘cmd_argv’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:275:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:365:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:375:8: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:375:8: branch_false: following ‘false’ branch (when ‘print_help_message == 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:385:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:390:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:391:15: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:392:18: danger: ‘cmd_argv’ leaks here; was allocated at [(3)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/2)
#  390|       if (!util_context->default_realm) {
#  391|           char *temp = NULL;
#  392|->         retval = krb5_get_default_realm(util_context, &temp);
#  393|           if (retval) {
#  394|               if (realm_name_required) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1412]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:395:17: warning[-Wanalyzer-malloc-leak]: leak of ‘cmd_argv’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:263:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:270:8: branch_false: following ‘false’ branch (when ‘cmd_argv’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:275:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:365:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:375:8: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:375:8: branch_false: following ‘false’ branch (when ‘print_help_message == 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:385:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:390:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:391:15: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:393:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:394:16: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:394:16: branch_true: following ‘true’ branch (when ‘realm_name_required != 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:395:44: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:395:17: danger: ‘cmd_argv’ leaks here; was allocated at [(3)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/2)
#  393|           if (retval) {
#  394|               if (realm_name_required) {
#  395|->                 com_err (progname, retval, _("while getting default realm"));
#  396|                   exit_status++;
#  397|                   goto cleanup;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1413]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:400:9: warning[-Wanalyzer-malloc-leak]: leak of ‘cmd_argv’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:263:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:270:8: branch_false: following ‘false’ branch (when ‘cmd_argv’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:275:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:365:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:375:8: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:375:8: branch_false: following ‘false’ branch (when ‘print_help_message == 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:385:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:390:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:391:15: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:400:9: danger: ‘cmd_argv’ leaks here; was allocated at [(3)](sarif:/runs/0/results/8/codeFlows/0/threadFlows/0/locations/2)
#  398|               }
#  399|           }
#  400|->         krb5_free_default_realm(util_context, temp);
#  401|       }
#  402|       /* If we have the realm name, we can safely say that

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1414]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:408:14: warning[-Wanalyzer-malloc-leak]: leak of ‘cmd_argv’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:263:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:270:8: branch_false: following ‘false’ branch (when ‘cmd_argv’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:275:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:365:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:375:8: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:375:8: branch_false: following ‘false’ branch (when ‘print_help_message == 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:385:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:408:14: danger: ‘cmd_argv’ leaks here; was allocated at [(3)](sarif:/runs/0/results/9/codeFlows/0/threadFlows/0/locations/2)
#  406|           realm_name_required = TRUE;
#  407|   
#  408|->     retval = profile_get_string(util_context->profile, KDB_REALM_SECTION,
#  409|                                   util_context->default_realm, KDB_MODULE_POINTER,
#  410|                                   NULL,

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1415]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:414:18: warning[-Wanalyzer-malloc-leak]: leak of ‘cmd_argv’
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:263:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:269:26: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:270:8: branch_false: following ‘false’ branch (when ‘cmd_argv’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:275:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:365:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:375:8: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:375:8: branch_false: following ‘false’ branch (when ‘print_help_message == 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:385:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:413:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:414:49: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:414:18: danger: ‘cmd_argv’ leaks here; was allocated at [(3)](sarif:/runs/0/results/10/codeFlows/0/threadFlows/0/locations/2)
#  412|   
#  413|       if (!(value)) {
#  414|->         retval = profile_get_string(util_context->profile, KDB_MODULE_DEF_SECTION,
#  415|                                       KDB_MODULE_POINTER, NULL,
#  416|                                       NULL,

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1416]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/y.tab.c:1224:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘yyss’
krb5-1.21.3/src/kadmin/cli/getdate.y:864:1: enter_function: entry to ‘get_date_rel’
krb5-1.21.3/src/kadmin/cli/getdate.y:880:12: branch_false: following ‘false’ branch (when ‘tm’ is non-NULL)...
krb5-1.21.3/src/kadmin/cli/getdate.y:882:9: branch_false: ...to here
krb5-1.21.3/src/kadmin/cli/getdate.y:884:12: branch_false: following ‘false’ branch (when ‘tm’ is non-NULL)...
krb5-1.21.3/src/kadmin/cli/getdate.y:886:24: branch_false: ...to here
krb5-1.21.3/src/kadmin/cli/getdate.y:890:8: branch_false: following ‘false’ branch (when ‘tm’ is non-NULL)...
krb5-1.21.3/src/kadmin/cli/getdate.y:892:14: branch_false: ...to here
krb5-1.21.3/src/kadmin/cli/getdate.y:948:9: call_function: calling ‘getdate_yyparse’ from ‘get_date_rel’
# 1222|           if (! yyptr)
# 1223|             YYNOMEM;
# 1224|->         YYSTACK_RELOCATE (yyss_alloc, yyss);
# 1225|           YYSTACK_RELOCATE (yyvs_alloc, yyvs);
# 1226|   #  undef YYSTACK_RELOCATE

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1417]
krb5-1.21.3/src/plugins/kdb/ldap/ldap_util/y.tab.c:1351:3: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
krb5-1.21.3/src/kadmin/cli/getdate.y:1016:1: enter_function: entry to ‘get_date’
krb5-1.21.3/src/kadmin/cli/getdate.y:1018:12: call_function: calling ‘get_date_rel’ from ‘get_date’
# 1349|        unconditionally makes the parser a bit smaller, and it avoids a
# 1350|        GCC warning that YYVAL may be used uninitialized.  */
# 1351|->   yyval = yyvsp[1-yylen];
# 1352|   
# 1353|   

Error: COMPILER_WARNING: [#def1418]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c: scope_hint: In function ‘krb5_ldap_get_age’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:46:1: warning[-Wold-style-definition]: old-style function definition
#   46 | krb5_ldap_get_age(context, db_name, age)
#      | ^~~~~~~~~~~~~~~~~
#   44|    */
#   45|   krb5_error_code
#   46|-> krb5_ldap_get_age(context, db_name, age)
#   47|       krb5_context context;
#   48|       char *db_name;

Error: COMPILER_WARNING: [#def1419]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c:46:1: warning[-Wold-style-definition]: old-style function definition
#   44|    */
#   45|   krb5_error_code
#   46|-> krb5_ldap_get_age(context, db_name, age)
#   47|       krb5_context context;
#   48|       char *db_name;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1420]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:179:10: warning[-Wanalyzer-malloc-leak]: leak of ‘server’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:174:14: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:175:8: branch_false: following ‘false’ branch (when ‘server’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:177:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c:179:10: danger: ‘server’ leaks here; was allocated at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  177|       server->server_info = info;
#  178|   
#  179|->     st = ldap_initialize(&server->ldap_handle, info->server_name);
#  180|       if (st) {
#  181|           free(server);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1421]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:108:19: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:53:1: enter_function: entry to ‘krb5_ldap_create’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:63:20: call_function: inlined call to ‘k5alloc’ from ‘krb5_ldap_create’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:66:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:70:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:75:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:76:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:80:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:81:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:86:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:88:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:92:44: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:93:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:96:42: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:97:8: branch_false: following ‘false’ branch (when ‘rparams’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:101:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:102:27: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:103:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:108:19: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:108:19: danger: ‘<unknown>’ leaks here; was allocated at [(18)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/17)
#  106|       }
#  107|   
#  108|->     if ((status = krb5_ldap_create_realm(context, rparams, mask)))
#  109|           goto cleanup;
#  110|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1422]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:108:19: warning[-Wanalyzer-malloc-leak]: leak of ‘rparams’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:53:1: enter_function: entry to ‘krb5_ldap_create’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:63:20: call_function: inlined call to ‘k5alloc’ from ‘krb5_ldap_create’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:66:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:70:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:75:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:76:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:80:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:81:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:86:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:88:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:92:44: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:93:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:96:42: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:96:42: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:97:8: branch_false: following ‘false’ branch (when ‘rparams’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:101:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:103:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:108:19: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:108:19: danger: ‘rparams’ leaks here; was allocated at [(16)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/15)
#  106|       }
#  107|   
#  108|->     if ((status = krb5_ldap_create_realm(context, rparams, mask)))
#  109|           goto cleanup;
#  110|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1423]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:120:9: warning[-Wanalyzer-malloc-leak]: leak of ‘rparams’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:53:1: enter_function: entry to ‘krb5_ldap_create’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:63:20: call_function: inlined call to ‘k5alloc’ from ‘krb5_ldap_create’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:66:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:70:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:75:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:76:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:80:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:81:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:86:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:88:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:92:44: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:93:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:96:42: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:96:42: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:97:8: branch_false: following ‘false’ branch (when ‘rparams’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:101:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:103:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:105:9: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c:120:9: danger: ‘rparams’ leaks here; was allocated at [(16)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/15)
#  118|   cleanup:
#  119|       if (rparams)
#  120|->         krb5_ldap_free_realm_params(rparams);
#  121|   
#  122|       if (status)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1424]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:686:16: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:640:1: enter_function: entry to ‘decode_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:656:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:658:15: call_function: inlined call to ‘load_16_be’ from ‘decode_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:659:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:661:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:686:16: branch_false: following ‘false’ branch (when ‘newlist’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:689:33: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:689:33: call_function: calling ‘k5memdup0’ from ‘decode_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:689:33: return_function: returning to ‘decode_tl_data’ from ‘k5memdup0’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:690:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:692:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:656:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:658:15: call_function: inlined call to ‘load_16_be’ from ‘decode_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:659:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:661:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:686:16: danger: ‘<unknown>’ leaks here; was allocated at [(15)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/14)
#  684|           case KDB_TL_LINKDN:
#  685|               newlist = realloc(dnlist, (linkcount + 2) * sizeof(char *));
#  686|->             if (newlist == NULL)
#  687|                   goto oom;
#  688|               dnlist = newlist;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1425]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:708:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:640:1: enter_function: entry to ‘decode_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:656:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:658:15: call_function: inlined call to ‘load_16_be’ from ‘decode_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:659:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:661:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:686:16: branch_false: following ‘false’ branch (when ‘newlist’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:689:33: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:689:33: call_function: calling ‘k5memdup0’ from ‘decode_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:689:33: return_function: returning to ‘decode_tl_data’ from ‘k5memdup0’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:690:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:692:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:656:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:658:15: call_function: inlined call to ‘load_16_be’ from ‘decode_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:659:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:661:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:686:16: branch_false: following ‘false’ branch (when ‘newlist’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:689:33: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:689:33: call_function: calling ‘k5memdup0’ from ‘decode_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:689:33: return_function: returning to ‘decode_tl_data’ from ‘k5memdup0’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:690:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:692:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:656:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:658:15: call_function: inlined call to ‘load_16_be’ from ‘decode_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:659:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:661:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:686:16: branch_true: following ‘true’ branch (when ‘newlist’ is NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:687:17: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:706:17: branch_true: following ‘true’ branch (when ‘i < linkcount’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:707:20: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:708:5: danger: ‘<unknown>’ leaks here; was allocated at [(38)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/37)
#  706|       for (i = 0; i < linkcount; i++)
#  707|           free(dnlist[i]);
#  708|->     free(dnlist);
#  709|       return ENOMEM;
#  710|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1426]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:734:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:716:1: enter_function: entry to ‘get_int_from_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:728:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:731:9: call_function: calling ‘decode_tl_data’ from ‘get_int_from_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:731:9: return_function: returning to ‘get_int_from_tl_data’ from ‘decode_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:731:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:732:9: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:734:9: danger: ‘<unknown>’ leaks here; was allocated at [(19)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/18)
#  732|           intptr = ptr;
#  733|           *intval = *intptr;
#  734|->         free(intptr);
#  735|       }
#  736|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1427]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:919:18: warning[-Wanalyzer-malloc-leak]: leak of ‘userinfo_tl_data.tl_data_contents’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1411:1: enter_function: entry to ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1432:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1436:16: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1437:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1438:15: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1439:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1442:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1451:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1457:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1458:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1459:25: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1460:21: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1462:27: call_function: calling ‘store_tl_data’ from ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1462:27: return_function: returning to ‘populate_krb5_db_entry’ from ‘store_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1464:24: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1473:15: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1473:15: call_function: calling ‘store_tl_data’ from ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1473:15: return_function: returning to ‘populate_krb5_db_entry’ from ‘store_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1474:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1476:15: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1476:15: call_function: calling ‘store_tl_data’ from ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1476:15: return_function: returning to ‘populate_krb5_db_entry’ from ‘store_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1477:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1481:11: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1481:11: call_function: calling ‘get_time’ from ‘populate_krb5_db_entry’
#  917|           return EINVAL;
#  918|       }
#  919|->     *epochtime = krb5int_gmt_mktime(&tme);
#  920|       return 0;
#  921|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1428]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:976:14: warning[-Wanalyzer-malloc-leak]: leak of ‘userinfo_tl_data.tl_data_contents’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1411:1: enter_function: entry to ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1432:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1436:16: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1437:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1438:15: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1439:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1442:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1451:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1457:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1458:12: branch_true: following ‘true’ branch...
 branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1459:25: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1460:21: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1462:27: call_function: calling ‘store_tl_data’ from ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1462:27: return_function: returning to ‘populate_krb5_db_entry’ from ‘store_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1464:24: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1473:15: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1473:15: call_function: calling ‘store_tl_data’ from ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1473:15: return_function: returning to ‘populate_krb5_db_entry’ from ‘store_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1474:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1476:15: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1476:15: call_function: calling ‘store_tl_data’ from ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1476:15: return_function: returning to ‘populate_krb5_db_entry’ from ‘store_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1477:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1481:11: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1481:11: call_function: calling ‘get_time’ from ‘populate_krb5_db_entry’
#  974|       *attr_present = FALSE;
#  975|   
#  976|->     values = ldap_get_values(ld, ent, attribute);
#  977|       if (values == NULL)
#  978|           return 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1429]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1195:9: warning[-Wanalyzer-malloc-leak]: leak of ‘*<unknown>’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1152:1: enter_function: entry to ‘krb5_ldap_get_reference_count’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1164:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1169:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1169:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1170:8: branch_false: following ‘false’ branch (when ‘ld’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1175:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1179:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1184:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1184:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: call_function: calling ‘krb5_get_subtree_info’ from ‘krb5_ldap_get_reference_count’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: return_function: returning to ‘krb5_ldap_get_reference_count’ from ‘krb5_get_subtree_info’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1191:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1194:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1194:29: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1195:9: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1195:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1195:9: danger: ‘*<unknown>’ leaks here; was allocated at [(17)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/16)
# 1193|   
# 1194|       for (i = 0, *count = 0; i < ntrees; i++) {
# 1195|->         LDAP_SEARCH(subtree[i], LDAP_SCOPE_SUBTREE, filter, refcntattr);
# 1196|           n = ldap_count_entries(ld, result);
# 1197|           if (n == -1) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1430]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1195:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1152:1: enter_function: entry to ‘krb5_ldap_get_reference_count’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1164:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1169:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1169:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1170:8: branch_false: following ‘false’ branch (when ‘ld’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1175:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1179:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1184:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1184:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: call_function: calling ‘krb5_get_subtree_info’ from ‘krb5_ldap_get_reference_count’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: return_function: returning to ‘krb5_ldap_get_reference_count’ from ‘krb5_get_subtree_info’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1191:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1194:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1194:29: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1195:9: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1195:9: danger: ‘<unknown>’ leaks here; was allocated at [(17)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/16)
# 1193|   
# 1194|       for (i = 0, *count = 0; i < ntrees; i++) {
# 1195|->         LDAP_SEARCH(subtree[i], LDAP_SCOPE_SUBTREE, filter, refcntattr);
# 1196|           n = ldap_count_entries(ld, result);
# 1197|           if (n == -1) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1431]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1195:9: warning[-Wanalyzer-malloc-leak]: leak of ‘subtree’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1152:1: enter_function: entry to ‘krb5_ldap_get_reference_count’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1164:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1169:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1169:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1170:8: branch_false: following ‘false’ branch (when ‘ld’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1175:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1179:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1184:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1184:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: call_function: calling ‘krb5_get_subtree_info’ from ‘krb5_ldap_get_reference_count’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: return_function: returning to ‘krb5_ldap_get_reference_count’ from ‘krb5_get_subtree_info’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1191:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1194:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1194:29: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1195:9: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1195:9: danger: ‘subtree’ leaks here; was allocated at [(15)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/14)
# 1193|   
# 1194|       for (i = 0, *count = 0; i < ntrees; i++) {
# 1195|->         LDAP_SEARCH(subtree[i], LDAP_SCOPE_SUBTREE, filter, refcntattr);
# 1196|           n = ldap_count_entries(ld, result);
# 1197|           if (n == -1) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1432]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1196:13: warning[-Wanalyzer-malloc-leak]: leak of ‘subtree’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1152:1: enter_function: entry to ‘krb5_ldap_get_reference_count’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1164:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1169:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1169:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1170:8: branch_false: following ‘false’ branch (when ‘ld’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1175:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1179:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1184:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1184:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: call_function: calling ‘krb5_get_subtree_info’ from ‘krb5_ldap_get_reference_count’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: return_function: returning to ‘krb5_ldap_get_reference_count’ from ‘krb5_get_subtree_info’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1191:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1194:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1194:29: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1195:9: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1195:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1196:13: danger: ‘subtree’ leaks here; was allocated at [(15)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/14)
# 1194|       for (i = 0, *count = 0; i < ntrees; i++) {
# 1195|           LDAP_SEARCH(subtree[i], LDAP_SCOPE_SUBTREE, filter, refcntattr);
# 1196|->         n = ldap_count_entries(ld, result);
# 1197|           if (n == -1) {
# 1198|               int ret, errcode = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1433]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1199:19: warning[-Wanalyzer-malloc-leak]: leak of ‘subtree’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1152:1: enter_function: entry to ‘krb5_ldap_get_reference_count’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1164:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1169:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1169:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1170:8: branch_false: following ‘false’ branch (when ‘ld’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1175:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1179:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1184:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1184:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: call_function: calling ‘krb5_get_subtree_info’ from ‘krb5_ldap_get_reference_count’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: return_function: returning to ‘krb5_ldap_get_reference_count’ from ‘krb5_get_subtree_info’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1191:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1194:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1194:29: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1195:9: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1195:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1197:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1198:22: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1199:19: danger: ‘subtree’ leaks here; was allocated at [(15)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/14)
# 1197|           if (n == -1) {
# 1198|               int ret, errcode = 0;
# 1199|->             ret = ldap_parse_result(ld, result, &errcode, NULL, NULL, NULL,
# 1200|                                       NULL, 0);
# 1201|               if (ret != LDAP_SUCCESS)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1434]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1203:18: warning[-Wanalyzer-malloc-leak]: leak of ‘subtree’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1152:1: enter_function: entry to ‘krb5_ldap_get_reference_count’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1164:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1169:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1169:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1170:8: branch_false: following ‘false’ branch (when ‘ld’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1175:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1179:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1184:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1184:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: call_function: calling ‘krb5_get_subtree_info’ from ‘krb5_ldap_get_reference_count’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: return_function: returning to ‘krb5_ldap_get_reference_count’ from ‘krb5_get_subtree_info’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1191:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1194:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1194:29: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1195:9: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1195:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1197:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1198:22: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1203:18: danger: ‘subtree’ leaks here; was allocated at [(15)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/14)
# 1201|               if (ret != LDAP_SUCCESS)
# 1202|                   errcode = ret;
# 1203|->             st = translate_ldap_error(errcode, OP_SEARCH);
# 1204|               goto cleanup;
# 1205|           }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1435]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1207:9: warning[-Wanalyzer-malloc-leak]: leak of ‘subtree’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1152:1: enter_function: entry to ‘krb5_ldap_get_reference_count’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1164:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1169:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1169:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1170:8: branch_false: following ‘false’ branch (when ‘ld’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1175:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1179:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1184:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1184:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: call_function: calling ‘krb5_get_subtree_info’ from ‘krb5_ldap_get_reference_count’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: return_function: returning to ‘krb5_ldap_get_reference_count’ from ‘krb5_get_subtree_info’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1191:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1194:17: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1194:29: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1195:9: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1195:9: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1197:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1207:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1207:9: danger: ‘subtree’ leaks here; was allocated at [(15)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/14)
# 1205|           }
# 1206|   
# 1207|->         ldap_msgfree(result);
# 1208|           result = NULL;
# 1209|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1436]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1258:11: warning[-Wanalyzer-malloc-leak]: leak of ‘k5memdup0(policy_dn,  plen, & ret)’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1228:1: enter_function: entry to ‘krb5_ldap_policydn_to_name’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1240:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1243:8: branch_false: following ‘false’ branch (when ‘realmdn’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1247:12: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1249:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1252:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1255:11: call_function: calling ‘k5memdup0’ from ‘krb5_ldap_policydn_to_name’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1255:11: return_function: returning to ‘krb5_ldap_policydn_to_name’ from ‘k5memdup0’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1256:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1258:11: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1258:11: danger: ‘k5memdup0(policy_dn,  plen, & ret)’ leaks here; was allocated at [(15)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/14)
# 1256|       if (rdn == NULL)
# 1257|           return ret;
# 1258|->     ret = ldap_str2dn(rdn, &dn, LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PEDANTIC);
# 1259|       free(rdn);
# 1260|       if (ret)

Error: GCC_ANALYZER_WARNING (CWE-127): [#def1437]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1335:29: warning[-Wanalyzer-out-of-bounds]: heap-based buffer under-read
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:520:1: enter_function: entry to ‘krb5_get_subtree_info’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:535:15: call_function: inlined call to ‘k5calloc’ from ‘krb5_get_subtree_info’
 branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:549:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:554:8: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:554:8: branch_false: following ‘false’ branch (when ‘containerref’ is NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:562:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:562:5: call_function: calling ‘remove_overlapping_subtrees’ from ‘krb5_get_subtree_info’
# 1333|                   (sscope == 2 && is_subtree(list[j], jlen, list[i], ilen))) {
# 1334|                   free(list[j]);
# 1335|->                 list[j--] = list[count - 1];
# 1336|                   list[--count] = NULL;
# 1337|               } else if (sscope == 2 &&

Error: GCC_ANALYZER_WARNING (CWE-124): [#def1438]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1336:17: warning[-Wanalyzer-out-of-bounds]: heap-based buffer underwrite
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:520:1: enter_function: entry to ‘krb5_get_subtree_info’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:535:15: call_function: inlined call to ‘k5calloc’ from ‘krb5_get_subtree_info’
 branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:549:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:554:8: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:554:8: branch_false: following ‘false’ branch (when ‘containerref’ is NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:562:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:562:5: call_function: calling ‘remove_overlapping_subtrees’ from ‘krb5_get_subtree_info’
# 1334|                   free(list[j]);
# 1335|                   list[j--] = list[count - 1];
# 1336|->                 list[--count] = NULL;
# 1337|               } else if (sscope == 2 &&
# 1338|                          is_subtree(list[i], ilen, list[j], jlen)) {

Error: GCC_ANALYZER_WARNING (CWE-127): [#def1439]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1340:29: warning[-Wanalyzer-out-of-bounds]: heap-based buffer under-read
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1152:1: enter_function: entry to ‘krb5_ldap_get_reference_count’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1164:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1169:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1169:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1170:8: branch_false: following ‘false’ branch (when ‘ld’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1175:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1179:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1184:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1184:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: call_function: calling ‘krb5_get_subtree_info’ from ‘krb5_ldap_get_reference_count’
# 1338|                          is_subtree(list[i], ilen, list[j], jlen)) {
# 1339|                   free(list[i]);
# 1340|->                 list[i--] = list[count - 1];
# 1341|                   list[--count] = NULL;
# 1342|                   break;

Error: GCC_ANALYZER_WARNING (CWE-124): [#def1440]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1341:17: warning[-Wanalyzer-out-of-bounds]: heap-based buffer underwrite
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1152:1: enter_function: entry to ‘krb5_ldap_get_reference_count’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1164:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1169:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1169:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1170:8: branch_false: following ‘false’ branch (when ‘ld’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1175:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1179:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1184:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1184:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1190:10: call_function: calling ‘krb5_get_subtree_info’ from ‘krb5_ldap_get_reference_count’
# 1339|                   free(list[i]);
# 1340|                   list[i--] = list[count - 1];
# 1341|->                 list[--count] = NULL;
# 1342|                   break;
# 1343|               }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1441]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1686:5: warning[-Wanalyzer-malloc-leak]: leak of ‘userinfo_tl_data.tl_data_contents’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1411:1: enter_function: entry to ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1432:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1436:16: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1437:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1438:15: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1439:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1442:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1451:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1457:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1473:15: call_function: calling ‘store_tl_data’ from ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1473:15: return_function: returning to ‘populate_krb5_db_entry’ from ‘store_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1476:15: call_function: calling ‘store_tl_data’ from ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1476:15: return_function: returning to ‘populate_krb5_db_entry’ from ‘store_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1477:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1478:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1686:5: danger: ‘userinfo_tl_data.tl_data_contents’ leaks here; was allocated at [(20)](sarif:/runs/0/results/37/codeFlows/0/threadFlows/0/locations/19)
# 1684|   
# 1685|   cleanup:
# 1686|->     ldap_memfree(dn);
# 1687|       ldap_value_free_len(ber_key_data);
# 1688|       ldap_value_free_len(ber_tl_data);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1442]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1687:5: warning[-Wanalyzer-malloc-leak]: leak of ‘userinfo_tl_data.tl_data_contents’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1411:1: enter_function: entry to ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1432:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1436:16: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1437:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1438:15: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1439:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1442:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1451:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1457:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1473:15: call_function: calling ‘store_tl_data’ from ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1473:15: return_function: returning to ‘populate_krb5_db_entry’ from ‘store_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1476:15: call_function: calling ‘store_tl_data’ from ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1476:15: return_function: returning to ‘populate_krb5_db_entry’ from ‘store_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1477:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1478:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1687:5: danger: ‘userinfo_tl_data.tl_data_contents’ leaks here; was allocated at [(20)](sarif:/runs/0/results/38/codeFlows/0/threadFlows/0/locations/19)
# 1685|   cleanup:
# 1686|       ldap_memfree(dn);
# 1687|->     ldap_value_free_len(ber_key_data);
# 1688|       ldap_value_free_len(ber_tl_data);
# 1689|       ldap_value_free(pnvalues);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1443]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1688:5: warning[-Wanalyzer-malloc-leak]: leak of ‘userinfo_tl_data.tl_data_contents’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1411:1: enter_function: entry to ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1432:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1436:16: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1437:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1438:15: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1439:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1442:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1451:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1457:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1473:15: call_function: calling ‘store_tl_data’ from ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1473:15: return_function: returning to ‘populate_krb5_db_entry’ from ‘store_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1476:15: call_function: calling ‘store_tl_data’ from ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1476:15: return_function: returning to ‘populate_krb5_db_entry’ from ‘store_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1477:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1478:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1688:5: danger: ‘userinfo_tl_data.tl_data_contents’ leaks here; was allocated at [(20)](sarif:/runs/0/results/39/codeFlows/0/threadFlows/0/locations/19)
# 1686|       ldap_memfree(dn);
# 1687|       ldap_value_free_len(ber_key_data);
# 1688|->     ldap_value_free_len(ber_tl_data);
# 1689|       ldap_value_free(pnvalues);
# 1690|       ldap_value_free(ocvalues);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1444]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1689:5: warning[-Wanalyzer-malloc-leak]: leak of ‘userinfo_tl_data.tl_data_contents’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1411:1: enter_function: entry to ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1432:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1436:16: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1437:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1438:15: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1439:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1442:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1451:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1457:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1473:15: call_function: calling ‘store_tl_data’ from ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1473:15: return_function: returning to ‘populate_krb5_db_entry’ from ‘store_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1476:15: call_function: calling ‘store_tl_data’ from ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1476:15: return_function: returning to ‘populate_krb5_db_entry’ from ‘store_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1477:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1478:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1689:5: danger: ‘userinfo_tl_data.tl_data_contents’ leaks here; was allocated at [(20)](sarif:/runs/0/results/40/codeFlows/0/threadFlows/0/locations/19)
# 1687|       ldap_value_free_len(ber_key_data);
# 1688|       ldap_value_free_len(ber_tl_data);
# 1689|->     ldap_value_free(pnvalues);
# 1690|       ldap_value_free(ocvalues);
# 1691|       ldap_value_free(link_references);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1445]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1690:5: warning[-Wanalyzer-malloc-leak]: leak of ‘userinfo_tl_data.tl_data_contents’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1411:1: enter_function: entry to ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1432:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1436:16: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1437:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1438:15: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1439:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1442:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1451:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1457:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1473:15: call_function: calling ‘store_tl_data’ from ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1473:15: return_function: returning to ‘populate_krb5_db_entry’ from ‘store_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1476:15: call_function: calling ‘store_tl_data’ from ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1476:15: return_function: returning to ‘populate_krb5_db_entry’ from ‘store_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1477:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1478:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1690:5: danger: ‘userinfo_tl_data.tl_data_contents’ leaks here; was allocated at [(20)](sarif:/runs/0/results/41/codeFlows/0/threadFlows/0/locations/19)
# 1688|       ldap_value_free_len(ber_tl_data);
# 1689|       ldap_value_free(pnvalues);
# 1690|->     ldap_value_free(ocvalues);
# 1691|       ldap_value_free(link_references);
# 1692|       ldap_value_free(a2d2);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1446]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1691:5: warning[-Wanalyzer-malloc-leak]: leak of ‘userinfo_tl_data.tl_data_contents’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1411:1: enter_function: entry to ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1432:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1436:16: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1437:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1438:15: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1439:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1442:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1451:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1457:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1473:15: call_function: calling ‘store_tl_data’ from ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1473:15: return_function: returning to ‘populate_krb5_db_entry’ from ‘store_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1476:15: call_function: calling ‘store_tl_data’ from ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1476:15: return_function: returning to ‘populate_krb5_db_entry’ from ‘store_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1477:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1478:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1691:5: danger: ‘userinfo_tl_data.tl_data_contents’ leaks here; was allocated at [(20)](sarif:/runs/0/results/42/codeFlows/0/threadFlows/0/locations/19)
# 1689|       ldap_value_free(pnvalues);
# 1690|       ldap_value_free(ocvalues);
# 1691|->     ldap_value_free(link_references);
# 1692|       ldap_value_free(a2d2);
# 1693|       free(userinfo_tl_data.tl_data_contents);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1447]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1692:5: warning[-Wanalyzer-malloc-leak]: leak of ‘userinfo_tl_data.tl_data_contents’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1411:1: enter_function: entry to ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1432:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1436:16: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1437:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1438:15: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1439:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1442:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1451:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1457:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1473:15: call_function: calling ‘store_tl_data’ from ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1473:15: return_function: returning to ‘populate_krb5_db_entry’ from ‘store_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1476:15: call_function: calling ‘store_tl_data’ from ‘populate_krb5_db_entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1476:15: return_function: returning to ‘populate_krb5_db_entry’ from ‘store_tl_data’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1477:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1478:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c:1692:5: danger: ‘userinfo_tl_data.tl_data_contents’ leaks here; was allocated at [(20)](sarif:/runs/0/results/43/codeFlows/0/threadFlows/0/locations/19)
# 1690|       ldap_value_free(ocvalues);
# 1691|       ldap_value_free(link_references);
# 1692|->     ldap_value_free(a2d2);
# 1693|       free(userinfo_tl_data.tl_data_contents);
# 1694|       free(pwdpolicydn);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1448]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:191:26: warning[-Wanalyzer-malloc-leak]: leak of ‘princ_name’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:133:1: enter_function: entry to ‘krb5_ldap_iterate’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:153:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:171:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:173:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:173:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:175:15: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:175:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:178:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:178:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:178:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:180:18: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:182:9: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:182:9: branch_false: following ‘false’ branch (when ‘st == 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:183:18: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:183:48: branch_true: following ‘true’ branch (when ‘ent’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:184:20: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:187:16: branch_true: following ‘true’ branch (when ‘values’ is non-NULL)...
 branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:188:27: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:189:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:189:25: call_function: calling ‘krb5_ldap_parse_principal_name’ from ‘krb5_ldap_iterate’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:189:25: return_function: returning to ‘krb5_ldap_iterate’ from ‘krb5_ldap_parse_principal_name’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:189:24: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:191:26: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:191:26: danger: ‘princ_name’ leaks here; was allocated at [(26)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/25)
#  189|                       if (krb5_ldap_parse_principal_name(values[i], &princ_name) != 0)
#  190|                           continue;
#  191|->                     st = krb5_parse_name(context, princ_name, &principal);
#  192|                       free(princ_name);
#  193|                       if (st)

Error: GCC_ANALYZER_WARNING (CWE-476): [#def1449]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:220:13: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘subtree’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:139:32: release_memory: ‘subtree’ is NULL
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:153:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:216:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:219:11: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:220:20: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:220:20: release_memory: ‘subtree’ is NULL
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:220:20: release_memory: ‘subtree’ is NULL
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c:220:13: danger: dereference of NULL ‘subtree + (long unsigned int)(ntree + 4294967295) * 8’
#  218|   
#  219|       for (;ntree; --ntree)
#  220|->         if (subtree[ntree-1])
#  221|               free (subtree[ntree-1]);
#  222|       free(subtree);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1450]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:207:23: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:106:1: enter_function: entry to ‘krb5_ldap_get_principal’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:127:8: branch_false: following ‘false’ branch (when ‘searchfor’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:130:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:133:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:135:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:141:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:141:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:144:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:144:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:147:16: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:148:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:153:33: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:154:8: branch_false: following ‘false’ branch (when ‘filter’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:158:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:160:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:163:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:163:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:163:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:164:18: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:166:9: branch_false: following ‘false’ branch (when ‘st == 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:167:18: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:167:48: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:170:25: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:189:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:204:21: call_function: inlined call to ‘k5alloc’ from ‘krb5_ldap_get_principal’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:208:53: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:207:23: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:207:23: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:207:23: danger: ‘ptr’ leaks here; was allocated at [(30)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/29)
#  205|               if (entry == NULL)
#  206|                   goto cleanup;
#  207|->             if ((st = populate_krb5_db_entry(context, ldap_context, ld, ent,
#  208|                                                cprinc ? cprinc : searchfor,
#  209|                                                entry)) != 0)

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1451]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:378:11: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:563:1: enter_function: entry to ‘krb5_encode_histkey’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:569:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:572:20: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:572:11: call_function: inlined call to ‘k5calloc’ from ‘krb5_encode_histkey’
 branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:576:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:577:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:577:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:583:62: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:581:15: call_function: calling ‘encode_keys’ from ‘krb5_encode_histkey’
#  376|        * code.
#  377|        */
#  378|->     err = kldap_ensure_initialized ();
#  379|       if (err)
#  380|           return err;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1452]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:378:11: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:504:1: enter_function: entry to ‘krb5_encode_krbsecretkey’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:513:8: branch_false: following ‘false’ branch (when ‘n_key_data >= 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:517:8: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:517:8: branch_true: following ‘true’ branch (when ‘n_key_data != 0’)...
 branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:524:11: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:525:8: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:529:8: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:532:8: branch_false: following ‘false’ branch (when ‘n_key_data != 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:535:16: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:536:34: branch_true: following ‘true’ branch (when ‘i < n_key_data’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:537:18: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:538:19: call_function: calling ‘encode_keys’ from ‘krb5_encode_krbsecretkey’
#  376|        * code.
#  377|        */
#  378|->     err = kldap_ensure_initialized ();
#  379|       if (err)
#  380|           return err;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1453]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:387:12: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:448:1: enter_function: entry to ‘encode_keys’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:458:8: branch_false: following ‘false’ branch (when ‘n_key_data > 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:464:16: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:464:16: call_function: inlined call to ‘k5calloc’ from ‘encode_keys’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:467:35: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:471:17: branch_true: following ‘true’ branch (when ‘i < n_key_data’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:472:21: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:472:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:471:33: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:480:12: call_function: inlined call to ‘k5alloc’ from ‘encode_keys’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:484:11: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:484:11: call_function: calling ‘asn1_encode_sequence_of_keys’ from ‘encode_keys’
#  385|       val.kvno = key_data[0].key_data_kvno;
#  386|   
#  387|->     return accessor.asn1_ldap_encode_sequence_of_keys(&val, code);
#  388|   }
#  389|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1454]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:387:12: warning[-Wanalyzer-malloc-leak]: leak of ‘ret’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:504:1: enter_function: entry to ‘krb5_encode_krbsecretkey’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:513:8: branch_false: following ‘false’ branch (when ‘n_key_data >= 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:517:8: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:517:8: branch_true: following ‘true’ branch (when ‘n_key_data != 0’)...
 branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:524:11: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:525:8: branch_false: following ‘false’ branch (when ‘ret’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:529:8: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:532:8: branch_false: following ‘false’ branch (when ‘n_key_data != 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:535:16: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:536:34: branch_true: following ‘true’ branch (when ‘i < n_key_data’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:537:18: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:538:19: call_function: calling ‘encode_keys’ from ‘krb5_encode_krbsecretkey’
#  385|       val.kvno = key_data[0].key_data_kvno;
#  386|   
#  387|->     return accessor.asn1_ldap_encode_sequence_of_keys(&val, code);
#  388|   }
#  389|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1455]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:403:11: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1575:1: enter_function: entry to ‘decode_keys’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1593:15: call_function: inlined call to ‘k5calloc’ from ‘decode_keys’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1596:24: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1598:41: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1601:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1601:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1603:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1606:15: call_function: calling ‘asn1_decode_sequence_of_keys’ from ‘decode_keys’
#  401|        * code.
#  402|        */
#  403|->     err = kldap_ensure_initialized ();
#  404|       if (err)
#  405|           return err;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1456]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:407:11: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1575:1: enter_function: entry to ‘decode_keys’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1593:15: call_function: inlined call to ‘k5calloc’ from ‘decode_keys’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1596:24: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1598:41: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1601:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1601:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1603:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1606:15: call_function: calling ‘asn1_decode_sequence_of_keys’ from ‘decode_keys’
#  405|           return err;
#  406|   
#  407|->     err = accessor.asn1_ldap_decode_sequence_of_keys(in, &p);
#  408|       if (err)
#  409|           return err;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1457]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1552:9: warning[-Wanalyzer-malloc-leak]: leak of ‘keysets’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1629:1: enter_function: entry to ‘krb5_decode_krbsecretkey’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1637:11: call_function: calling ‘decode_keys’ from ‘krb5_decode_krbsecretkey’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1637:11: return_function: returning to ‘krb5_decode_krbsecretkey’ from ‘decode_keys’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1638:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1644:16: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1644:16: call_function: inlined call to ‘k5calloc’ from ‘krb5_decode_krbsecretkey’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1646:9: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1665:5: call_function: inlined call to ‘free_ldap_seqof_key_data’ from ‘krb5_decode_krbsecretkey’
 branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1665:5: call_function: inlined call to ‘free_ldap_seqof_key_data’ from ‘krb5_decode_krbsecretkey’
# 1550|   
# 1551|       for (i = 0; i < n_keysets; i++)
# 1552|->         k5_free_key_data(keysets[i].n_key_data, keysets[i].key_data);
# 1553|       free(keysets);
# 1554|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1458]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1552:9: warning[-Wanalyzer-malloc-leak]: leak of ‘ptr’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1575:1: enter_function: entry to ‘decode_keys’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1593:15: call_function: inlined call to ‘k5calloc’ from ‘decode_keys’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1596:24: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1598:41: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1601:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1601:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1603:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1607:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1608:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1624:5: call_function: inlined call to ‘free_ldap_seqof_key_data’ from ‘decode_keys’
 branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1624:5: call_function: inlined call to ‘free_ldap_seqof_key_data’ from ‘decode_keys’
# 1550|   
# 1551|       for (i = 0; i < n_keysets; i++)
# 1552|->         k5_free_key_data(keysets[i].n_key_data, keysets[i].key_data);
# 1553|       free(keysets);
# 1554|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1459]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1719:5: warning[-Wanalyzer-malloc-leak]: leak of ‘keysets’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1688:1: enter_function: entry to ‘krb5_decode_histkey’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1695:11: call_function: calling ‘decode_keys’ from ‘krb5_decode_histkey’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1695:11: return_function: returning to ‘krb5_decode_histkey’ from ‘decode_keys’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1696:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1702:27: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1702:27: call_function: inlined call to ‘k5calloc’ from ‘krb5_decode_histkey’
 branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1703:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1705:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1711:17: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1719:32: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c:1719:5: danger: ‘keysets’ leaks here; was allocated at [(7)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/6)
# 1717|   
# 1718|       /* Sort the principal entries by kvno in ascending order. */
# 1719|->     qsort(princ_ent->old_keys, princ_ent->old_key_len, sizeof(osa_pw_hist_ent),
# 1720|             &compare_osa_pw_hist_ent);
# 1721|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1460]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:240:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:415:1: enter_function: entry to ‘krb5_ldap_iterate_password_policy’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:431:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:432:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:432:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:434:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:439:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:439:5: branch_false: following ‘false’ branch (when ‘st == 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:440:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:440:44: branch_true: following ‘true’ branch (when ‘ent’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:443:14: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:444:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:446:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:446:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:449:36: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:450:9: branch_false: following ‘false’ branch (when ‘entry’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:451:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:452:19: call_function: calling ‘populate_policy’ from ‘krb5_ldap_iterate_password_policy’
#  238|       int val;
#  239|   
#  240|->     krb5_ldap_get_value(ld, ent, name, &val);
#  241|       *out = val;
#  242|   }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1461]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:240:5: warning[-Wanalyzer-malloc-leak]: leak of ‘entry’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:415:1: enter_function: entry to ‘krb5_ldap_iterate_password_policy’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:431:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:432:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:432:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:434:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:439:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:439:5: branch_false: following ‘false’ branch (when ‘st == 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:440:14: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:440:44: branch_true: following ‘true’ branch (when ‘ent’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:443:14: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:444:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:446:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:446:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:449:36: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:449:36: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:450:9: branch_false: following ‘false’ branch (when ‘entry’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:451:9: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c:452:19: call_function: calling ‘populate_policy’ from ‘krb5_ldap_iterate_password_policy’
#  238|       int val;
#  239|   
#  240|->     krb5_ldap_get_value(ld, ent, name, &val);
#  241|       *out = val;
#  242|   }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1462]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:82:5: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "r")’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:75:10: acquire_resource: opened here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:76:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:82:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:82:5: danger: ‘fopen(filename, "r")’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#   80|           return ret;
#   81|       }
#   82|->     set_cloexec_file(fp);
#   83|   
#   84|       while (fgets(line, RECORDLEN, fp) != NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1463]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:82:5: warning[-Wanalyzer-malloc-leak]: leak of ‘fopen(filename, "r")’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:75:10: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:76:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:82:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c:82:5: danger: ‘fopen(filename, "r")’ leaks here; was allocated at [(1)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/0)
#   80|           return ret;
#   81|       }
#   82|->     set_cloexec_file(fp);
#   83|   
#   84|       while (fgets(line, RECORDLEN, fp) != NULL) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1464]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:247:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:217:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:230:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:231:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:235:5: branch_false: following ‘false’ branch (when ‘lpolicy’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:236:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:243:24: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:243:24: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:244:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:245:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:247:5: danger: ‘<unknown>’ leaks here; was allocated at [(15)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/14)
#  245|       lpolicy->tl_data->tl_data_type = KDB_TL_USER_INFO;
#  246|   
#  247|->     LDAP_SEARCH(policy_dn, LDAP_SCOPE_BASE, "(objectclass=krbTicketPolicy)", attributes);
#  248|   
#  249|       *omask = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1465]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:247:5: warning[-Wanalyzer-malloc-leak]: leak of ‘lpolicy’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:217:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:230:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:231:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:234:42: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:235:5: branch_false: following ‘false’ branch (when ‘lpolicy’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:236:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:243:24: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:244:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:245:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:247:5: danger: ‘lpolicy’ leaks here; was allocated at [(11)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/10)
#  245|       lpolicy->tl_data->tl_data_type = KDB_TL_USER_INFO;
#  246|   
#  247|->     LDAP_SEARCH(policy_dn, LDAP_SCOPE_BASE, "(objectclass=krbTicketPolicy)", attributes);
#  248|   
#  249|       *omask = 0;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1466]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:251:9: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:217:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:230:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:231:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:235:5: branch_false: following ‘false’ branch (when ‘lpolicy’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:236:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:243:24: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:243:24: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:244:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:245:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:247:5: branch_false: following ‘false’ branch (when ‘st == 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:249:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:251:9: danger: ‘<unknown>’ leaks here; was allocated at [(15)](sarif:/runs/0/results/12/codeFlows/0/threadFlows/0/locations/14)
#  249|       *omask = 0;
#  250|   
#  251|->     ent=ldap_first_entry(ld, result);
#  252|       if (ent != NULL) {
#  253|           if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", &val) == 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1467]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:251:9: warning[-Wanalyzer-malloc-leak]: leak of ‘lpolicy’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:217:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:230:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:231:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:234:42: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:235:5: branch_false: following ‘false’ branch (when ‘lpolicy’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:236:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:243:24: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:244:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:245:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:247:5: branch_false: following ‘false’ branch (when ‘st == 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:249:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:251:9: danger: ‘lpolicy’ leaks here; was allocated at [(11)](sarif:/runs/0/results/13/codeFlows/0/threadFlows/0/locations/10)
#  249|       *omask = 0;
#  250|   
#  251|->     ent=ldap_first_entry(ld, result);
#  252|       if (ent != NULL) {
#  253|           if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", &val) == 0) {

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1468]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:253:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:217:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:230:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:231:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:235:5: branch_false: following ‘false’ branch (when ‘lpolicy’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:236:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:243:24: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:243:24: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:244:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:245:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:247:5: branch_false: following ‘false’ branch (when ‘st == 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:249:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:252:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:253:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:253:13: danger: ‘<unknown>’ leaks here; was allocated at [(15)](sarif:/runs/0/results/15/codeFlows/0/threadFlows/0/locations/14)
#  251|       ent=ldap_first_entry(ld, result);
#  252|       if (ent != NULL) {
#  253|->         if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", &val) == 0) {
#  254|               lpolicy->maxtktlife = val;
#  255|               *omask |= LDAP_POLICY_MAXTKTLIFE;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1469]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:253:13: warning[-Wanalyzer-malloc-leak]: leak of ‘lpolicy’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:217:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:230:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:231:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:234:42: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:235:5: branch_false: following ‘false’ branch (when ‘lpolicy’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:236:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:243:24: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:244:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:245:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:247:5: branch_false: following ‘false’ branch (when ‘st == 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:249:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:252:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:253:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:253:13: danger: ‘lpolicy’ leaks here; was allocated at [(11)](sarif:/runs/0/results/14/codeFlows/0/threadFlows/0/locations/10)
#  251|       ent=ldap_first_entry(ld, result);
#  252|       if (ent != NULL) {
#  253|->         if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", &val) == 0) {
#  254|               lpolicy->maxtktlife = val;
#  255|               *omask |= LDAP_POLICY_MAXTKTLIFE;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1470]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:257:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:217:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:230:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:231:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:235:5: branch_false: following ‘false’ branch (when ‘lpolicy’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:236:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:243:24: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:243:24: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:244:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:245:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:247:5: branch_false: following ‘false’ branch (when ‘st == 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:249:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:252:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:253:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:253:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:257:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:257:13: danger: ‘<unknown>’ leaks here; was allocated at [(15)](sarif:/runs/0/results/17/codeFlows/0/threadFlows/0/locations/14)
#  255|               *omask |= LDAP_POLICY_MAXTKTLIFE;
#  256|           }
#  257|->         if (krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", &val) == 0) {
#  258|               lpolicy->maxrenewlife = val;
#  259|               *omask |= LDAP_POLICY_MAXRENEWLIFE;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1471]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:257:13: warning[-Wanalyzer-malloc-leak]: leak of ‘lpolicy’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:217:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:230:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:231:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:234:42: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:235:5: branch_false: following ‘false’ branch (when ‘lpolicy’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:236:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:243:24: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:244:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:245:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:247:5: branch_false: following ‘false’ branch (when ‘st == 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:249:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:252:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:253:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:253:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:257:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:257:13: danger: ‘lpolicy’ leaks here; was allocated at [(11)](sarif:/runs/0/results/16/codeFlows/0/threadFlows/0/locations/10)
#  255|               *omask |= LDAP_POLICY_MAXTKTLIFE;
#  256|           }
#  257|->         if (krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", &val) == 0) {
#  258|               lpolicy->maxrenewlife = val;
#  259|               *omask |= LDAP_POLICY_MAXRENEWLIFE;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1472]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:261:13: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:217:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:230:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:231:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:235:5: branch_false: following ‘false’ branch (when ‘lpolicy’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:236:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:243:24: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:243:24: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:244:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:245:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:247:5: branch_false: following ‘false’ branch (when ‘st == 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:249:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:252:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:253:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:253:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:257:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:257:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:261:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:261:13: danger: ‘<unknown>’ leaks here; was allocated at [(15)](sarif:/runs/0/results/18/codeFlows/0/threadFlows/0/locations/14)
#  259|               *omask |= LDAP_POLICY_MAXRENEWLIFE;
#  260|           }
#  261|->         if (krb5_ldap_get_value(ld, ent, "krbticketflags", &val) == 0) {
#  262|               lpolicy->tktflags = val;
#  263|               *omask |= LDAP_POLICY_TKTFLAGS;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1473]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:261:13: warning[-Wanalyzer-malloc-leak]: leak of ‘lpolicy’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:217:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:230:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:231:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:234:42: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:235:5: branch_false: following ‘false’ branch (when ‘lpolicy’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:236:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:243:24: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:244:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:245:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:247:5: branch_false: following ‘false’ branch (when ‘st == 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:249:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:252:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:253:13: branch_true: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:253:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:257:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:257:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:261:13: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:261:13: danger: ‘lpolicy’ leaks here; was allocated at [(11)](sarif:/runs/0/results/19/codeFlows/0/threadFlows/0/locations/10)
#  259|               *omask |= LDAP_POLICY_MAXRENEWLIFE;
#  260|           }
#  261|->         if (krb5_ldap_get_value(ld, ent, "krbticketflags", &val) == 0) {
#  262|               lpolicy->tktflags = val;
#  263|               *omask |= LDAP_POLICY_TKTFLAGS;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1474]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:268:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:217:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:230:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:231:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:235:5: branch_false: following ‘false’ branch (when ‘lpolicy’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:236:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:243:24: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:243:24: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:244:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:245:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:247:5: branch_false: following ‘false’ branch (when ‘st == 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:249:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:268:5: danger: ‘<unknown>’ leaks here; was allocated at [(15)](sarif:/runs/0/results/20/codeFlows/0/threadFlows/0/locations/14)
#  266|   
#  267|       lpolicy->mask = *omask;
#  268|->     store_tl_data(lpolicy->tl_data, KDB_TL_MASK, omask);
#  269|       *policy = lpolicy;
#  270|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1475]
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:268:5: warning[-Wanalyzer-malloc-leak]: leak of ‘lpolicy’
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:217:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:223:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:224:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:226:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:230:10: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:231:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:234:42: acquire_memory: allocated here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:235:5: branch_false: following ‘false’ branch (when ‘lpolicy’ is non-NULL)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:236:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:238:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:243:24: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:244:5: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:245:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:247:5: branch_false: following ‘false’ branch (when ‘st == 0’)...
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:249:5: branch_false: ...to here
krb5-1.21.3/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c:268:5: danger: ‘lpolicy’ leaks here; was allocated at [(11)](sarif:/runs/0/results/21/codeFlows/0/threadFlows/0/locations/10)
#  266|   
#  267|       lpolicy->mask = *omask;
#  268|->     store_tl_data(lpolicy->tl_data, KDB_TL_MASK, omask);
#  269|       *policy = lpolicy;
#  270|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1476]
krb5-1.21.3/src/plugins/kdb/test/kdb_test.c:213:16: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘rndin.data’
krb5-1.21.3/src/plugins/kdb/test/kdb_test.c:518:1: enter_function: entry to ‘test_get_s4u_x509_principal’
krb5-1.21.3/src/plugins/kdb/test/kdb_test.c:528:5: call_function: calling ‘lookup_princ_by_cert’ from ‘test_get_s4u_x509_principal’
krb5-1.21.3/src/plugins/kdb/test/kdb_test.c:528:5: return_function: returning to ‘test_get_s4u_x509_principal’ from ‘lookup_princ_by_cert’
krb5-1.21.3/src/plugins/kdb/test/kdb_test.c:530:11: call_function: calling ‘test_get_principal’ from ‘test_get_s4u_x509_principal’
#  211|       for (pos = 0; pos < keybytes; pos += n) {
#  212|           n = (cksum.length < keybytes - pos) ? cksum.length : keybytes - pos;
#  213|->         memcpy(rndin.data + pos, cksum.contents, n);
#  214|       }
#  215|   

Error: CPPCHECK_WARNING (CWE-401): [#def1477]
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:3434: error[memleak]: Memory leak: rdat.data
# 3432|           if (asprintf(&prompt, "%.*s PIN%s", (int) sizeof (tip->label),
# 3433|                        tip->label, warning) < 0)
# 3434|->             return ENOMEM;
# 3435|           rdat.data = malloc(tip->ulMaxPinLen + 2);
# 3436|           rdat.length = tip->ulMaxPinLen + 1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1478]
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4043:5: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(*idopts.cert_filename, "rb")’
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4028:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4033:9: branch_false: ...to here
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4033:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4038:10: branch_false: ...to here
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4038:10: acquire_resource: opened here
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4039:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4043:5: branch_false: ...to here
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4043:5: danger: ‘fopen(*idopts.cert_filename, "rb")’ leaks here; was opened at [(5)](sarif:/runs/0/results/41/codeFlows/0/threadFlows/0/locations/4)
# 4041|           goto cleanup;
# 4042|       }
# 4043|->     set_cloexec_file(fp);
# 4044|   
# 4045|       p12 = d2i_PKCS12_fp(fp, NULL);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1479]
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4045:11: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(*idopts.cert_filename, "rb")’
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4028:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4033:9: branch_false: ...to here
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4033:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4038:10: branch_false: ...to here
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4038:10: acquire_resource: opened here
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4039:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4043:5: branch_false: ...to here
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4045:11: danger: ‘fopen(*idopts.cert_filename, "rb")’ leaks here; was opened at [(5)](sarif:/runs/0/results/43/codeFlows/0/threadFlows/0/locations/4)
# 4043|       set_cloexec_file(fp);
# 4044|   
# 4045|->     p12 = d2i_PKCS12_fp(fp, NULL);
# 4046|       fclose(fp);
# 4047|       if (p12 == NULL) {

Error: COMPILER_WARNING: [#def1480]
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c: scope_hint: In function ‘pkinit_get_certs_dir.isra.0’
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4300:50: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing likely 5 or more bytes into a region of size between 1 and 1023
# 4300 |         snprintf(certname, sizeof(certname), "%s/%s", dirname, dentry->d_name);
#      |                                                  ^~
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4300:46: note: assuming directive output of 5 bytes
# 4300 |         snprintf(certname, sizeof(certname), "%s/%s", dirname, dentry->d_name);
#      |                                              ^~~~~~~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output 2 or more bytes (assuming 1029) into a destination of size 1024
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
# 4298|               continue;
# 4299|           }
# 4300|->         snprintf(certname, sizeof(certname), "%s/%s", dirname, dentry->d_name);
# 4301|           snprintf(keyname, sizeof(keyname), "%s/%s", dirname, dentry->d_name);
# 4302|           len = strlen(keyname);

Error: COMPILER_WARNING: [#def1481]
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c: scope_hint: In function ‘load_cas_and_crls_dir.isra.0’
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5144:50: warning[-Wformat-truncation=]: ‘%s’ directive output may be truncated writing up to 255 bytes into a region of size between 1 and 1023
# 5144 |         snprintf(filename, sizeof(filename), "%s/%s", dirname, dentry->d_name);
#      |                                                  ^~
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 2 and 1279 bytes into a destination of size 1024
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
# 5142|           if (dentry->d_name[0] == '.')
# 5143|               continue;
# 5144|->         snprintf(filename, sizeof(filename), "%s/%s", dirname, dentry->d_name);
# 5145|   
# 5146|           retval = load_cas_and_crls(context, plg_cryptoctx, req_cryptoctx,

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1482]
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_lib.c:293:5: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(filename, "w")’
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_lib.c:287:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_lib.c:290:14: branch_false: ...to here
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_lib.c:290:14: acquire_resource: opened here
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_lib.c:290:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_lib.c:293:5: branch_false: ...to here
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_lib.c:293:5: danger: ‘fopen(filename, "w")’ leaks here; was opened at [(3)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/2)
#  291|           return;
#  292|   
#  293|->     set_cloexec_file(f);
#  294|   
#  295|       for (i = 0; i < len; i++)

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1483]
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_matching.c:295:5: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘kw_type’
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_matching.c:618:1: enter_function: entry to ‘pkinit_cert_matching’
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_matching.c:636:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_matching.c:644:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_matching.c:645:9: branch_true: ...to here
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_matching.c:648:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_matching.c:652:47: branch_false: ...to here
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_matching.c:652:18: call_function: calling ‘parse_rule_set’ from ‘pkinit_cert_matching’
#  293|       }
#  294|       rc->next = NULL;
#  295|->     rc->kw_type = kw_type;
#  296|       rc->kwval_type = kwval_type;
#  297|   

Error: GCC_ANALYZER_WARNING (CWE-476): [#def1484]
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_srv.c:610:13: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘reqctx’
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_srv.c:416:1: enter_function: entry to ‘pkinit_server_verify_padata’
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_srv.c:433:28: release_memory: ‘reqctx’ is NULL
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_srv.c:444:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_srv.c:450:8: branch_false: following ‘false’ branch (when ‘moddata’ is non-NULL)...
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_srv.c:455:14: branch_false: ...to here
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_srv.c:455:14: call_function: calling ‘pkinit_find_realm_context’ from ‘pkinit_server_verify_padata’
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_srv.c:455:14: return_function: returning to ‘pkinit_server_verify_padata’ from ‘pkinit_find_realm_context’
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_srv.c:456:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_srv.c:465:14: branch_false: ...to here
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_srv.c:466:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_srv.c:467:9: branch_true: ...to here
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_srv.c:608:9: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_srv.c:610:13: branch_true: ...to here
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_srv.c:610:67: release_memory: ‘reqctx’ is NULL
krb5-1.21.3/src/plugins/preauth/pkinit/pkinit_srv.c:610:13: danger: dereference of NULL ‘reqctx’
#  608|       if (retval && data->pa_type == KRB5_PADATA_PK_AS_REQ) {
#  609|           pkiDebug("pkinit_verify_padata failed: creating e-data\n");
#  610|->         if (pkinit_create_edata(context, plgctx->cryptoctx, reqctx->cryptoctx,
#  611|                                   plgctx->idctx, plgctx->opts, retval, &e_data))
#  612|               pkiDebug("pkinit_create_edata failed\n");

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1485]
krb5-1.21.3/src/plugins/preauth/spake/spake_kdc.c:401:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘stage’
krb5-1.21.3/src/plugins/preauth/spake/spake_kdc.c:514:1: enter_function: entry to ‘spake_verify’
krb5-1.21.3/src/plugins/preauth/spake/spake_kdc.c:526:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/preauth/spake/spake_kdc.c:528:24: branch_false: ...to here
krb5-1.21.3/src/plugins/preauth/spake/spake_kdc.c:528:15: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/preauth/spake/spake_kdc.c:531:15: branch_false: ...to here
krb5-1.21.3/src/plugins/preauth/spake/spake_kdc.c:531:15: branch_true: following ‘true’ branch...
krb5-1.21.3/src/plugins/preauth/spake/spake_kdc.c:533:26: branch_true: ...to here
krb5-1.21.3/src/plugins/preauth/spake/spake_kdc.c:532:9: call_function: calling ‘verify_response’ from ‘spake_verify’
#  399|       if (ret)
#  400|           goto cleanup;
#  401|->     if (stage != 0) {
#  402|           /* The received cookie wasn't sent with a challenge. */
#  403|           ret = KRB5KDC_ERR_PREAUTH_FAILED;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1486]
krb5-1.21.3/src/plugins/pwqual/test/main.c:62:10: warning[-Wanalyzer-malloc-leak]: leak of ‘dict’
krb5-1.21.3/src/plugins/pwqual/test/main.c:109:1: enter_function: entry to ‘combo_open’
krb5-1.21.3/src/plugins/pwqual/test/main.c:118:12: acquire_memory: allocated here
krb5-1.21.3/src/plugins/pwqual/test/main.c:119:8: branch_false: following ‘false’ branch (when ‘dict’ is non-NULL)...
krb5-1.21.3/src/plugins/pwqual/test/main.c:121:5: branch_false: ...to here
krb5-1.21.3/src/plugins/pwqual/test/main.c:125:11: call_function: calling ‘init_dict’ from ‘combo_open’
#   60|       if (dict_file == NULL)
#   61|           return 0;
#   62|->     fd = open(dict_file, O_RDONLY);
#   63|       if (fd == -1)
#   64|           return (errno == ENOENT) ? 0 : errno;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1487]
krb5-1.21.3/src/plugins/pwqual/test/main.c:66:9: warning[-Wanalyzer-malloc-leak]: leak of ‘dict’
krb5-1.21.3/src/plugins/pwqual/test/main.c:109:1: enter_function: entry to ‘combo_open’
krb5-1.21.3/src/plugins/pwqual/test/main.c:118:12: acquire_memory: allocated here
krb5-1.21.3/src/plugins/pwqual/test/main.c:119:8: branch_false: following ‘false’ branch (when ‘dict’ is non-NULL)...
krb5-1.21.3/src/plugins/pwqual/test/main.c:121:5: branch_false: ...to here
krb5-1.21.3/src/plugins/pwqual/test/main.c:125:11: call_function: calling ‘init_dict’ from ‘combo_open’
#   64|           return (errno == ENOENT) ? 0 : errno;
#   65|       if (fstat(fd, &sb) == -1) {
#   66|->         close(fd);
#   67|           return errno;
#   68|       }

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1488]
krb5-1.21.3/src/plugins/pwqual/test/main.c:74:5: warning[-Wanalyzer-malloc-leak]: leak of ‘<unknown>’
krb5-1.21.3/src/plugins/pwqual/test/main.c:109:1: enter_function: entry to ‘combo_open’
krb5-1.21.3/src/plugins/pwqual/test/main.c:119:8: branch_false: following ‘false’ branch (when ‘dict’ is non-NULL)...
krb5-1.21.3/src/plugins/pwqual/test/main.c:121:5: branch_false: ...to here
krb5-1.21.3/src/plugins/pwqual/test/main.c:125:11: call_function: calling ‘init_dict’ from ‘combo_open’
#   72|       if (read(fd, dict->word_block, sb.st_size) != sb.st_size)
#   73|           return errno;
#   74|->     close(fd);
#   75|       dict->word_block[sb.st_size] = '\0';
#   76|   

Error: GCC_ANALYZER_WARNING (CWE-401): [#def1489]
krb5-1.21.3/src/plugins/pwqual/test/main.c:74:5: warning[-Wanalyzer-malloc-leak]: leak of ‘dict’
krb5-1.21.3/src/plugins/pwqual/test/main.c:109:1: enter_function: entry to ‘combo_open’
krb5-1.21.3/src/plugins/pwqual/test/main.c:118:12: acquire_memory: allocated here
krb5-1.21.3/src/plugins/pwqual/test/main.c:119:8: branch_false: following ‘false’ branch (when ‘dict’ is non-NULL)...
krb5-1.21.3/src/plugins/pwqual/test/main.c:121:5: branch_false: ...to here
krb5-1.21.3/src/plugins/pwqual/test/main.c:125:11: call_function: calling ‘init_dict’ from ‘combo_open’
#   72|       if (read(fd, dict->word_block, sb.st_size) != sb.st_size)
#   73|           return errno;
#   74|->     close(fd);
#   75|       dict->word_block[sb.st_size] = '\0';
#   76|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1490]
krb5-1.21.3/src/plugins/tls/k5tls/openssl.c:354:10: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(path, "r")’
krb5-1.21.3/src/plugins/tls/k5tls/openssl.c:351:10: acquire_resource: opened here
krb5-1.21.3/src/plugins/tls/k5tls/openssl.c:352:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/plugins/tls/k5tls/openssl.c:354:10: branch_false: ...to here
krb5-1.21.3/src/plugins/tls/k5tls/openssl.c:354:10: danger: ‘fopen(path, "r")’ leaks here; was opened at [(1)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/0)
#  352|       if (fp == NULL)
#  353|           return errno;
#  354|->     sk = PEM_X509_INFO_read(fp, NULL, NULL, NULL);
#  355|       fclose(fp);
#  356|       if (sk == NULL)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1491]
krb5-1.21.3/src/tests/asn.1/trval.c:148:18: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(*argv, "r")’
krb5-1.21.3/src/tests/asn.1/t_trval.c:63:1: enter_function: entry to ‘main’
krb5-1.21.3/src/tests/asn.1/t_trval.c:69:12: branch_true: following ‘true’ branch (when ‘argc > 0’)...
krb5-1.21.3/src/tests/asn.1/t_trval.c:70:9: branch_true: ...to here
krb5-1.21.3/src/tests/asn.1/t_trval.c:71:12: branch_true: following ‘true’ branch (when ‘optflg != 0’)...
krb5-1.21.3/src/tests/asn.1/t_trval.c:71:24: branch_true: ...to here
krb5-1.21.3/src/tests/asn.1/t_trval.c:71:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/asn.1/t_trval.c:94:23: branch_false: ...to here
krb5-1.21.3/src/tests/asn.1/t_trval.c:94:23: acquire_resource: opened here
krb5-1.21.3/src/tests/asn.1/t_trval.c:94:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/asn.1/t_trval.c:98:17: branch_false: ...to here
krb5-1.21.3/src/tests/asn.1/t_trval.c:98:17: call_function: calling ‘trval’ from ‘main’
#  146|       p = (unsigned char *)malloc(maxlen);
#  147|       len = 0;
#  148|->     while ((cc = fgetc(fin)) != EOF) {
#  149|           if ((unsigned int) len == maxlen) {
#  150|               maxlen += BUFSIZ;

Error: CPPCHECK_WARNING (CWE-401): [#def1492]
krb5-1.21.3/src/tests/asn.1/trval.c:151: error[memleakOnRealloc]: Common realloc mistake: 'p' nulled but not freed upon failure
#  149|           if ((unsigned int) len == maxlen) {
#  150|               maxlen += BUFSIZ;
#  151|->             p = (unsigned char *)realloc(p, maxlen);
#  152|           }
#  153|           if (do_hex) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def1493]
krb5-1.21.3/src/tests/asn.1/trval.c:163:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘p’
krb5-1.21.3/src/tests/asn.1/t_trval.c:63:1: enter_function: entry to ‘main’
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:8: branch_true: following ‘true’ branch (when ‘optflg != 0’)...
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:21: branch_true: ...to here
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:21: call_function: calling ‘trval’ from ‘main’
#  161|               cc = (n1 << 4) + n2;
#  162|           }
#  163|->         p[len++] = cc;
#  164|       }
#  165|       fprintf(fout, "<%d>", len);

Error: GCC_ANALYZER_WARNING (CWE-476): [#def1494]
krb5-1.21.3/src/tests/asn.1/trval.c:190:11: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘enc’
krb5-1.21.3/src/tests/asn.1/t_trval.c:63:1: enter_function: entry to ‘main’
krb5-1.21.3/src/tests/asn.1/t_trval.c:69:12: branch_true: following ‘true’ branch (when ‘argc > 0’)...
krb5-1.21.3/src/tests/asn.1/t_trval.c:70:9: branch_true: ...to here
krb5-1.21.3/src/tests/asn.1/t_trval.c:71:12: branch_true: following ‘true’ branch (when ‘optflg != 0’)...
krb5-1.21.3/src/tests/asn.1/t_trval.c:71:24: branch_true: ...to here
krb5-1.21.3/src/tests/asn.1/t_trval.c:71:13: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/asn.1/t_trval.c:94:23: branch_false: ...to here
krb5-1.21.3/src/tests/asn.1/t_trval.c:94:16: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/asn.1/t_trval.c:98:17: branch_false: ...to here
krb5-1.21.3/src/tests/asn.1/t_trval.c:98:17: call_function: calling ‘trval’ from ‘main’
#  188|   
#  189|   context_restart:
#  190|->     eid = enc[0];
#  191|       elen = enc[1];
#  192|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1495]
krb5-1.21.3/src/tests/asn.1/trval.c:190:11: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*enc’
krb5-1.21.3/src/tests/asn.1/t_trval.c:63:1: enter_function: entry to ‘main’
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:8: branch_true: following ‘true’ branch (when ‘optflg != 0’)...
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:21: branch_true: ...to here
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:21: call_function: calling ‘trval’ from ‘main’
#  188|   
#  189|   context_restart:
#  190|->     eid = enc[0];
#  191|       elen = enc[1];
#  192|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1496]
krb5-1.21.3/src/tests/asn.1/trval.c:254:30: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*enc’
krb5-1.21.3/src/tests/asn.1/t_trval.c:63:1: enter_function: entry to ‘main’
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:8: branch_true: following ‘true’ branch (when ‘optflg != 0’)...
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:21: branch_true: ...to here
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:21: call_function: calling ‘trval’ from ‘main’
#  252|   
#  253|       if (print_id_and_len)
#  254|->         fprintf(fp, "%02x ", enc[0]);
#  255|       rlen = enc[0];
#  256|       for (i=1; i<len; i++) {

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1497]
krb5-1.21.3/src/tests/asn.1/trval.c:255:12: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*enc’
krb5-1.21.3/src/tests/asn.1/t_trval.c:63:1: enter_function: entry to ‘main’
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:8: branch_true: following ‘true’ branch (when ‘optflg != 0’)...
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:21: branch_true: ...to here
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:21: call_function: calling ‘trval’ from ‘main’
#  253|       if (print_id_and_len)
#  254|           fprintf(fp, "%02x ", enc[0]);
#  255|->     rlen = enc[0];
#  256|       for (i=1; i<len; i++) {
#  257|           if (print_id_and_len)

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1498]
krb5-1.21.3/src/tests/asn.1/trval.c:278:16: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
krb5-1.21.3/src/tests/asn.1/t_trval.c:63:1: enter_function: entry to ‘main’
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:8: branch_true: following ‘true’ branch (when ‘optflg != 0’)...
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:21: branch_true: ...to here
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:21: call_function: calling ‘trval’ from ‘main’
#  276|       for (i=1; i < len; i++) {
#  277|           num = num << 8;
#  278|->         num += enc[i];
#  279|       }
#  280|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1499]
krb5-1.21.3/src/tests/asn.1/trval.c:282:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*enc’
krb5-1.21.3/src/tests/asn.1/t_trval.c:63:1: enter_function: entry to ‘main’
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:8: branch_true: following ‘true’ branch (when ‘optflg != 0’)...
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:21: branch_true: ...to here
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:21: call_function: calling ‘trval’ from ‘main’
#  280|   
#  281|       fprintf(fp, " 0x%lx", num);
#  282|->     if (enc[0])
#  283|           fprintf(fp, " (%d unused bits)", enc[0]);
#  284|       return 1;

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1500]
krb5-1.21.3/src/tests/asn.1/trval.c:299:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*enc’
krb5-1.21.3/src/tests/asn.1/t_trval.c:63:1: enter_function: entry to ‘main’
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:8: branch_true: following ‘true’ branch (when ‘optflg != 0’)...
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:21: branch_true: ...to here
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:21: call_function: calling ‘trval’ from ‘main’
#  297|           return 0;
#  298|   
#  299|->     if (enc[0] & 0x80)
#  300|           num = -1;
#  301|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1501]
krb5-1.21.3/src/tests/asn.1/trval.c:328:14: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
krb5-1.21.3/src/tests/asn.1/t_trval.c:63:1: enter_function: entry to ‘main’
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:8: branch_true: following ‘true’ branch (when ‘optflg != 0’)...
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:21: branch_true: ...to here
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:21: call_function: calling ‘trval’ from ‘main’
#  326|   
#  327|       for (i=0; i < len; i++)
#  328|->         if (!isprint(enc[i]))
#  329|               return 0;
#  330|       fprintf(fp, " \"%.*s\"", len, enc);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1502]
krb5-1.21.3/src/tests/asn.1/trval.c:359:30: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
krb5-1.21.3/src/tests/asn.1/t_trval.c:63:1: enter_function: entry to ‘main’
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:8: branch_true: following ‘true’ branch (when ‘optflg != 0’)...
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:21: branch_true: ...to here
krb5-1.21.3/src/tests/asn.1/t_trval.c:102:21: call_function: calling ‘trval’ from ‘main’
#  357|               for (i=0; i<lev; i++) fprintf(fp, "   ");
#  358|           }
#  359|->         fprintf(fp, "%02x ", enc[n]);
#  360|           if ((n % width) == (width-1)) {
#  361|               fprintf(fp, "    ");

Error: COMPILER_WARNING: [#def1503]
krb5-1.21.3/src/tests/create/kdb5_mkdums.c: scope_hint: In function ‘main’
krb5-1.21.3/src/tests/create/kdb5_mkdums.c:188:13: warning[-Wstringop-truncation]: ‘__strncat_chk’ output may be truncated copying between 0 and 4095 bytes from a string of length 8191
#  188 |             strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp));
#      |             ^
#  186|                               principal_string, i);
#  187|               tmp2[sizeof(tmp2) - 1] = '\0';
#  188|->             strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp));
#  189|               str_newprinc = tmp;
#  190|               add_princ(test_context, str_newprinc);

Error: CPPCHECK_WARNING (CWE-401): [#def1504]
krb5-1.21.3/src/tests/create/kdb5_mkdums.c:223: error[memleak]: Memory leak: newentry
#  221|       if ((retval = krb5_parse_name(context, princ_name, &newprinc))) {
#  222|           com_err(progname, retval, "while parsing '%s'", princ_name);
#  223|->         return;
#  224|       }
#  225|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1505]
krb5-1.21.3/src/tests/gss-threads/gss-client.c:146:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘s’
krb5-1.21.3/src/tests/gss-threads/gss-client.c:141:9: acquire_resource: stream socket created here
krb5-1.21.3/src/tests/gss-threads/gss-client.c:142:8: branch_false: following ‘false’ branch (when ‘s >= 0’)...
krb5-1.21.3/src/tests/gss-threads/gss-client.c:146:9: branch_false: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-client.c:146:9: danger: ‘s’ leaks here
#  144|           return -1;
#  145|       }
#  146|->     if (connect(s, (struct sockaddr *)&saddr, sizeof(saddr)) < 0) {
#  147|           perror("connecting to server");
#  148|           (void)closesocket(s);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1506]
krb5-1.21.3/src/tests/gss-threads/gss-server.c:323:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘s’
krb5-1.21.3/src/tests/gss-threads/gss-server.c:310:9: acquire_resource: stream socket created here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:311:8: branch_false: following ‘false’ branch (when ‘s >= 0’)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:316:11: branch_false: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:317:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:322:9: branch_false: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:322:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:323:9: branch_true: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:323:9: danger: ‘s’ leaks here
#  321|       }
#  322|       if (listen(s, 5) < 0) {
#  323|->         perror("listening on socket");
#  324|           (void)close(s);
#  325|           return -1;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1507]
krb5-1.21.3/src/tests/gss-threads/gss-server.c:324:15: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘s’
krb5-1.21.3/src/tests/gss-threads/gss-server.c:310:9: acquire_resource: stream socket created here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:311:8: branch_false: following ‘false’ branch (when ‘s >= 0’)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:316:11: branch_false: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:317:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:322:9: branch_false: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:322:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:323:9: branch_true: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:324:15: danger: ‘s’ leaks here
#  322|       if (listen(s, 5) < 0) {
#  323|           perror("listening on socket");
#  324|->         (void)close(s);
#  325|           return -1;
#  326|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1508]
krb5-1.21.3/src/tests/gss-threads/gss-server.c:734:17: warning[-Wanalyzer-file-leak]: leak of FILE ‘logfile’
krb5-1.21.3/src/tests/gss-threads/gss-server.c:702:12: branch_true: following ‘true’ branch (when ‘argc != 0’)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:703:13: branch_true: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:703:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:709:20: branch_false: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:709:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:715:20: branch_false: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:715:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:717:20: branch_false: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:717:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:719:20: branch_false: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:719:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:721:20: branch_false: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:721:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:723:20: branch_false: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:723:19: branch_true: following ‘true’ branch (when the strings are equal)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:724:13: branch_true: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:726:16: branch_false: following ‘false’ branch (when ‘argc != 0’)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:733:18: branch_false: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:733:16: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:736:27: branch_false: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:736:27: acquire_resource: opened here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:738:20: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:702:12: branch_true: following ‘true’ branch (when ‘argc != 0’)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:703:13: branch_true: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:703:12: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:709:20: branch_false: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:709:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:715:20: branch_false: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:715:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:717:20: branch_false: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:717:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:719:20: branch_false: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:719:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:721:20: branch_false: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:721:19: branch_false: following ‘false’ branch (when the strings are non-equal)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:723:20: branch_false: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:723:19: branch_true: following ‘true’ branch (when the strings are equal)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:724:13: branch_true: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:726:16: branch_false: following ‘false’ branch (when ‘argc != 0’)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:733:18: branch_false: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:733:16: branch_true: following ‘true’ branch (when the strings are equal)...
krb5-1.21.3/src/tests/gss-threads/gss-server.c:734:27: branch_true: ...to here
krb5-1.21.3/src/tests/gss-threads/gss-server.c:734:17: danger: ‘logfile’ leaks here; was opened at [(21)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/20)
#  732|                */
#  733|               if (!strcmp(*argv, "/dev/null")) {
#  734|->                 logfile = display_file = NULL;
#  735|               } else {
#  736|                   logfile = fopen(*argv, "a");

Error: GCC_ANALYZER_WARNING (CWE-476): [#def1509]
krb5-1.21.3/src/tests/gssapi/t_credstore.c:86:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘store.elements’
krb5-1.21.3/src/tests/gssapi/t_credstore.c:55:18: branch_true: following ‘true’ branch...
krb5-1.21.3/src/tests/gssapi/t_credstore.c:55:35: branch_true: ...to here
krb5-1.21.3/src/tests/gssapi/t_credstore.c:72:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/gssapi/t_credstore.c:74:9: branch_false: ...to here
krb5-1.21.3/src/tests/gssapi/t_credstore.c:74:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/gssapi/t_credstore.c:76:5: branch_false: ...to here
krb5-1.21.3/src/tests/gssapi/t_credstore.c:79:22: acquire_memory: allocated here
krb5-1.21.3/src/tests/gssapi/t_credstore.c:80:8: release_memory: assuming ‘store.elements’ is NULL
krb5-1.21.3/src/tests/gssapi/t_credstore.c:80:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/tests/gssapi/t_credstore.c:81:9: branch_true: ...to here
krb5-1.21.3/src/tests/gssapi/t_credstore.c:83:12: branch_true: following ‘true’ branch...
krb5-1.21.3/src/tests/gssapi/t_credstore.c:84:13: branch_true: ...to here
krb5-1.21.3/src/tests/gssapi/t_credstore.c:84:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/gssapi/t_credstore.c:86:9: branch_false: ...to here
krb5-1.21.3/src/tests/gssapi/t_credstore.c:86:9: danger: dereference of NULL ‘store.elements + (long unsigned int)store.count * 16’
#   84|           if (*(argv + 1) == NULL)
#   85|               usage();
#   86|->         store.elements[store.count].key = *argv;
#   87|           store.elements[store.count].value = *(argv + 1);
#   88|           store.count++;

Error: GCC_ANALYZER_WARNING (CWE-126): [#def1510]
krb5-1.21.3/src/tests/gssapi/t_imp_name.c:57:18: warning[-Wanalyzer-out-of-bounds]: buffer over-read
krb5-1.21.3/src/tests/gssapi/t_imp_name.c:87:1: enter_function: entry to ‘main’
krb5-1.21.3/src/tests/gssapi/t_imp_name.c:89:5: call_function: calling ‘test_import_name’ from ‘main’
#   55|   buf_eq_str(gss_buffer_t buf, const char *str, int buf_includes_nullterm)
#   56|   {
#   57|->     size_t len = strlen(str) + (buf_includes_nullterm ? 1 : 0);
#   58|   
#   59|       return (buf->length == len && memcmp(buf->value, str, len) == 0);

Error: CPPCHECK_WARNING (CWE-415): [#def1511]
krb5-1.21.3/src/tests/gssapi/t_invalid.c:411: error[doubleFree]: Memory pointed to by 'value' is freed twice.
#  409|       if (major != GSS_S_DEFECTIVE_TOKEN)
#  410|           abort();
#  411|->     free(in.value);
#  412|       (void)gss_release_buffer(&minor, &out);
#  413|   

Error: CPPCHECK_WARNING (CWE-415): [#def1512]
krb5-1.21.3/src/tests/gssapi/t_invalid.c:420: error[doubleFree]: Memory pointed to by 'value' is freed twice.
#  418|       if (major != GSS_S_DEFECTIVE_TOKEN)
#  419|           abort();
#  420|->     free(in.value);
#  421|   }
#  422|   

Error: CPPCHECK_WARNING (CWE-415): [#def1513]
krb5-1.21.3/src/tests/gssapi/t_invalid.c:455: error[doubleFree]: Memory pointed to by 'value' is freed twice.
#  453|       if (major != GSS_S_DEFECTIVE_TOKEN)
#  454|           abort();
#  455|->     free(iov.buffer.value);
#  456|   
#  457|       /* IOV MIC token, 16-23 bytes */

Error: CPPCHECK_WARNING (CWE-415): [#def1514]
krb5-1.21.3/src/tests/gssapi/t_invalid.c:468: error[doubleFree]: Memory pointed to by 'value' is freed twice.
#  466|       if (major != GSS_S_DEFECTIVE_TOKEN)
#  467|           abort();
#  468|->     free(iov.buffer.value);
#  469|   }
#  470|   

Error: CPPCHECK_WARNING (CWE-415): [#def1515]
krb5-1.21.3/src/tests/gssapi/t_invalid.c:500: error[doubleFree]: Memory pointed to by 'value' is freed twice.
#  498|       if (major != GSS_S_DEFECTIVE_TOKEN)
#  499|           abort();
#  500|->     free(in.value);
#  501|       (void)gss_release_buffer(&minor, &out);
#  502|   

Error: CPPCHECK_WARNING (CWE-415): [#def1516]
krb5-1.21.3/src/tests/gssapi/t_invalid.c:511: error[doubleFree]: Memory pointed to by 'value' is freed twice.
#  509|       if (major != GSS_S_DEFECTIVE_TOKEN)
#  510|           abort();
#  511|->     free(in.value);
#  512|   }
#  513|   

Error: CPPCHECK_WARNING (CWE-682): [#def1517]
krb5-1.21.3/src/tests/gssapi/t_iov.c:60: error[nullPointerArithmeticOutOfMemory]: If memory allocation fails: pointer addition with NULL pointer.
#   58|           if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_SIGN_ONLY)
#   59|               continue;
#   60|->         memcpy(buf + len, iov[i].buffer.value, iov[i].buffer.length);
#   61|           len += iov[i].buffer.length;
#   62|       }

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1518]
krb5-1.21.3/src/tests/gssapi/t_spnego.c:89:5: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘&lenbuf’
krb5-1.21.3/src/tests/gssapi/t_spnego.c:144:1: enter_function: entry to ‘test_mskrb_oid’
krb5-1.21.3/src/tests/gssapi/t_spnego.c:160:5: branch_true: following ‘true’ branch...
krb5-1.21.3/src/tests/gssapi/t_spnego.c:161:5: branch_true: ...to here
krb5-1.21.3/src/tests/gssapi/t_spnego.c:161:5: call_function: calling ‘create_mskrb5_spnego_token’ from ‘test_mskrb_oid’
#   87|       assert(wrapped != NULL);
#   88|       *wrapped = tag;
#   89|->     memcpy(wrapped + 1, lenbuf, llen);
#   90|       memcpy(wrapped + 1 + llen, *tok, *len);
#   91|       free(*tok);

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1519]
krb5-1.21.3/src/tests/hammer/kdc5_hammer.c:182:27: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘prefix[0]’
krb5-1.21.3/src/tests/hammer/kdc5_hammer.c:130:12: branch_true: following ‘true’ branch (when ‘option != -1’)...
krb5-1.21.3/src/tests/hammer/kdc5_hammer.c:131:9: branch_true: ...to here
krb5-1.21.3/src/tests/hammer/kdc5_hammer.c:130:12: branch_false: following ‘false’ branch (when ‘option == -1’)...
krb5-1.21.3/src/tests/hammer/kdc5_hammer.c:182:8: branch_false: ...to here
krb5-1.21.3/src/tests/hammer/kdc5_hammer.c:182:8: branch_false: following ‘false’ branch (when ‘num_to_check != 0’)...
krb5-1.21.3/src/tests/hammer/kdc5_hammer.c:182:27: branch_false: ...to here
krb5-1.21.3/src/tests/hammer/kdc5_hammer.c:182:27: danger: use of uninitialized value ‘prefix[0]’ here
#  180|       }
#  181|   
#  182|->     if (!(num_to_check && prefix[0])) usage(prog, 1);
#  183|   
#  184|       if (!cur_realm) {

Error: COMPILER_WARNING: [#def1520]
krb5-1.21.3/src/tests/hammer/kdc5_hammer.c: scope_hint: In function ‘main’
krb5-1.21.3/src/tests/hammer/kdc5_hammer.c:210:54: warning[-Wformat-truncation=]: ‘%d’ directive output may be truncated writing between 1 and 10 bytes into a region of size between 0 and 8192
#  210 |           (void) snprintf(ctmp2, sizeof(ctmp2), "%s%s%d-DEPTH-%d",
#      |                                                      ^~
krb5-1.21.3/src/tests/hammer/kdc5_hammer.c:210:49: note: directive argument in the range [1, 2147483647]
#  210 |           (void) snprintf(ctmp2, sizeof(ctmp2), "%s%s%d-DEPTH-%d",
#      |                                                 ^~~~~~~~~~~~~~~~~
krb5-1.21.3/src/tests/hammer/kdc5_hammer.c:210:49: note: directive argument in the range [1, 2147483647]
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 10 and 8220 bytes into a destination of size 8192
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  208|   	ctmp[0] = '\0';
#  209|   	for (i = 1; i <= depth; i++) {
#  210|-> 	  (void) snprintf(ctmp2, sizeof(ctmp2), "%s%s%d-DEPTH-%d",
#  211|   			  (i != 1) ? "/" : "", prefix, n, i);
#  212|   	  ctmp2[sizeof(ctmp2) - 1] = '\0';

Error: COMPILER_WARNING: [#def1521]
krb5-1.21.3/src/tests/hammer/kdc5_hammer.c: scope_hint: In function ‘main’
krb5-1.21.3/src/tests/hammer/kdc5_hammer.c:226:56: warning[-Wformat-truncation=]: ‘%d’ directive output may be truncated writing between 1 and 10 bytes into a region of size between 0 and 8192
#  226 |             (void) snprintf(stmp2, sizeof(stmp2), "%s%s%d-DEPTH-%d",
#      |                                                        ^~
krb5-1.21.3/src/tests/hammer/kdc5_hammer.c:226:51: note: directive argument in the range [1, 2147483647]
#  226 |             (void) snprintf(stmp2, sizeof(stmp2), "%s%s%d-DEPTH-%d",
#      |                                                   ^~~~~~~~~~~~~~~~~
krb5-1.21.3/src/tests/hammer/kdc5_hammer.c:226:51: note: directive argument in the range [1, 2147483647]
/usr/include/bits/stdio2.h:68:10: note: ‘__snprintf_chk’ output between 10 and 8220 bytes into a destination of size 8192
#   68 |   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
#      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   69 |                                    __glibc_objsize (__s), __fmt,
#      |                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#   70 |                                    __va_arg_pack ());
#      |                                    ~~~~~~~~~~~~~~~~~
#  224|   	  stmp[0] = '\0';
#  225|   	  for (j = 1; j <= depth; j++) {
#  226|-> 	    (void) snprintf(stmp2, sizeof(stmp2), "%s%s%d-DEPTH-%d",
#  227|   			    (j != 1) ? "/" : "", prefix, n, j);
#  228|   	    stmp2[sizeof (stmp2) - 1] = '\0';

Error: COMPILER_WARNING (CWE-563): [#def1522]
krb5-1.21.3/src/tests/misc/test_getpw.c:38:25: warning[-Wunused-variable]: unused variable ‘pwx’
#   38 |     struct passwd *pwd, pwx;
#      |                         ^~~
#   36|   {
#   37|       uid_t my_uid;
#   38|->     struct passwd *pwd, pwx;
#   39|       char pwbuf[BUFSIZ];
#   40|       int x;

Error: COMPILER_WARNING (CWE-563): [#def1523]
krb5-1.21.3/src/tests/misc/test_getpw.c: scope_hint: In function ‘main’
krb5-1.21.3/src/tests/misc/test_getpw.c:39:10: warning[-Wunused-variable]: unused variable ‘pwbuf’
#   39 |     char pwbuf[BUFSIZ];
#      |          ^~~~~
#   37|       uid_t my_uid;
#   38|       struct passwd *pwd, pwx;
#   39|->     char pwbuf[BUFSIZ];
#   40|       int x;
#   41|   

Error: CPPCHECK_WARNING (CWE-457): [#def1524]
krb5-1.21.3/src/tests/misc/test_getpw.c:45: error[legacyUninitvar]: Uninitialized variable: pwd
#   43|       printf("my uid: %ld\n", (long) my_uid);
#   44|   
#   45|->     x = k5_getpwuid_r(my_uid, &pwx, pwbuf, sizeof(pwbuf), &pwd);
#   46|       printf("k5_getpwuid_r returns %d\n", x);
#   47|       if (x != 0)

Error: COMPILER_WARNING: [#def1525]
krb5-1.21.3/src/tests/softpkcs11/main.c: scope_hint: In function ‘application_error’
krb5-1.21.3/src/tests/softpkcs11/main.c:161:5: warning[-Wsuggest-attribute=format]: function ‘application_error’ might be a candidate for ‘gnu_printf’ format attribute
#  161 |     vprintf(fmt, ap);
#      |     ^~~~~~~
#  159|       va_list ap;
#  160|       va_start(ap, fmt);
#  161|->     vprintf(fmt, ap);
#  162|       va_end(ap);
#  163|       if (soft_token.flags.app_error_fatal)

Error: COMPILER_WARNING: [#def1526]
krb5-1.21.3/src/tests/softpkcs11/main.c: scope_hint: In function ‘st_logf’
krb5-1.21.3/src/tests/softpkcs11/main.c:174:5: warning[-Wsuggest-attribute=format]: function ‘st_logf’ might be a candidate for ‘gnu_printf’ format attribute
#  174 |     vfprintf(soft_token.logfile, fmt, ap);
#      |     ^~~~~~~~
#  172|           return;
#  173|       va_start(ap, fmt);
#  174|->     vfprintf(soft_token.logfile, fmt, ap);
#  175|       va_end(ap);
#  176|       fflush(soft_token.logfile);

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1527]
krb5-1.21.3/src/tests/softpkcs11/main.c:176:5: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fn, "r")’
krb5-1.21.3/src/tests/softpkcs11/main.c:892:1: enter_function: entry to ‘C_Initialize’
krb5-1.21.3/src/tests/softpkcs11/main.c:903:17: branch_true: following ‘true’ branch (when ‘i != 10’)...
krb5-1.21.3/src/tests/softpkcs11/main.c:904:9: branch_true: ...to here
krb5-1.21.3/src/tests/softpkcs11/main.c:936:10: call_function: calling ‘get_rcfilename’ from ‘C_Initialize’
krb5-1.21.3/src/tests/softpkcs11/main.c:936:10: return_function: returning to ‘C_Initialize’ from ‘get_rcfilename’
krb5-1.21.3/src/tests/softpkcs11/main.c:937:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/softpkcs11/main.c:939:5: branch_false: ...to here
krb5-1.21.3/src/tests/softpkcs11/main.c:939:5: call_function: calling ‘read_conf_file’ from ‘C_Initialize’
#  174|       vfprintf(soft_token.logfile, fmt, ap);
#  175|       va_end(ap);
#  176|->     fflush(soft_token.logfile);
#  177|   }
#  178|   

Error: COMPILER_WARNING: [#def1528]
krb5-1.21.3/src/tests/softpkcs11/main.c: scope_hint: In function ‘snprintf_fill’
krb5-1.21.3/src/tests/softpkcs11/main.c:185:5: warning[-Wsuggest-attribute=format]: function ‘snprintf_fill’ might be a candidate for ‘gnu_printf’ format attribute
#  185 |     len = vsnprintf(str, size, fmt, ap);
#      |     ^~~
#  183|       va_list ap;
#  184|       va_start(ap, fmt);
#  185|->     len = vsnprintf(str, size, fmt, ap);
#  186|       va_end(ap);
#  187|       if (len < 0 || len > size)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1529]
krb5-1.21.3/src/tests/softpkcs11/main.c:538:16: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(cert_file, "r")’
krb5-1.21.3/src/tests/softpkcs11/main.c:892:1: enter_function: entry to ‘C_Initialize’
krb5-1.21.3/src/tests/softpkcs11/main.c:903:17: branch_true: following ‘true’ branch (when ‘i != 10’)...
krb5-1.21.3/src/tests/softpkcs11/main.c:904:9: branch_true: ...to here
krb5-1.21.3/src/tests/softpkcs11/main.c:936:10: call_function: calling ‘get_rcfilename’ from ‘C_Initialize’
krb5-1.21.3/src/tests/softpkcs11/main.c:936:10: return_function: returning to ‘C_Initialize’ from ‘get_rcfilename’
krb5-1.21.3/src/tests/softpkcs11/main.c:937:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/softpkcs11/main.c:939:5: branch_false: ...to here
krb5-1.21.3/src/tests/softpkcs11/main.c:939:5: call_function: calling ‘read_conf_file’ from ‘C_Initialize’
#  536|           }
#  537|   
#  538|->         cert = PEM_read_X509(f, NULL, NULL, NULL);
#  539|           fclose(f);
#  540|           if (cert == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1530]
krb5-1.21.3/src/tests/softpkcs11/main.c:538:16: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fn, "r")’
krb5-1.21.3/src/tests/softpkcs11/main.c:892:1: enter_function: entry to ‘C_Initialize’
krb5-1.21.3/src/tests/softpkcs11/main.c:903:17: branch_true: following ‘true’ branch (when ‘i != 10’)...
krb5-1.21.3/src/tests/softpkcs11/main.c:904:9: branch_true: ...to here
krb5-1.21.3/src/tests/softpkcs11/main.c:936:10: call_function: calling ‘get_rcfilename’ from ‘C_Initialize’
krb5-1.21.3/src/tests/softpkcs11/main.c:936:10: return_function: returning to ‘C_Initialize’ from ‘get_rcfilename’
krb5-1.21.3/src/tests/softpkcs11/main.c:937:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/softpkcs11/main.c:939:5: branch_false: ...to here
krb5-1.21.3/src/tests/softpkcs11/main.c:939:5: call_function: calling ‘read_conf_file’ from ‘C_Initialize’
#  536|           }
#  537|   
#  538|->         cert = PEM_read_X509(f, NULL, NULL, NULL);
#  539|           fclose(f);
#  540|           if (cert == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1531]
krb5-1.21.3/src/tests/softpkcs11/main.c:545:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fn, "r")’
krb5-1.21.3/src/tests/softpkcs11/main.c:892:1: enter_function: entry to ‘C_Initialize’
krb5-1.21.3/src/tests/softpkcs11/main.c:903:17: branch_true: following ‘true’ branch (when ‘i != 10’)...
krb5-1.21.3/src/tests/softpkcs11/main.c:904:9: branch_true: ...to here
krb5-1.21.3/src/tests/softpkcs11/main.c:936:10: call_function: calling ‘get_rcfilename’ from ‘C_Initialize’
krb5-1.21.3/src/tests/softpkcs11/main.c:936:10: return_function: returning to ‘C_Initialize’ from ‘get_rcfilename’
krb5-1.21.3/src/tests/softpkcs11/main.c:937:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/softpkcs11/main.c:939:5: branch_false: ...to here
krb5-1.21.3/src/tests/softpkcs11/main.c:939:5: call_function: calling ‘read_conf_file’ from ‘C_Initialize’
#  543|           }
#  544|   
#  545|->         OPENSSL_ASN1_MALLOC_ENCODE(X509, cert_data, cert_length, cert, ret);
#  546|           if (ret)
#  547|               goto out;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1532]
krb5-1.21.3/src/tests/softpkcs11/main.c:549:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(fn, "r")’
krb5-1.21.3/src/tests/softpkcs11/main.c:892:1: enter_function: entry to ‘C_Initialize’
krb5-1.21.3/src/tests/softpkcs11/main.c:903:17: branch_true: following ‘true’ branch (when ‘i != 10’)...
krb5-1.21.3/src/tests/softpkcs11/main.c:904:9: branch_true: ...to here
krb5-1.21.3/src/tests/softpkcs11/main.c:936:10: call_function: calling ‘get_rcfilename’ from ‘C_Initialize’
krb5-1.21.3/src/tests/softpkcs11/main.c:936:10: return_function: returning to ‘C_Initialize’ from ‘get_rcfilename’
krb5-1.21.3/src/tests/softpkcs11/main.c:937:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/softpkcs11/main.c:939:5: branch_false: ...to here
krb5-1.21.3/src/tests/softpkcs11/main.c:939:5: call_function: calling ‘read_conf_file’ from ‘C_Initialize’
#  547|               goto out;
#  548|   
#  549|->         OPENSSL_ASN1_MALLOC_ENCODE(X509_NAME, issuer_data, issuer_length,
#  550|                                      X509_get_issuer_name(cert), ret);
#  551|           if (ret)

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1533]
krb5-1.21.3/src/tests/softpkcs11/main.c:1245:32: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(*o.u.private_key.file, "r")’
krb5-1.21.3/src/tests/softpkcs11/main.c:1211:1: enter_function: entry to ‘C_Login’
krb5-1.21.3/src/tests/softpkcs11/main.c:1221:5: call_function: calling ‘verify_session_handle’ from ‘C_Login’
krb5-1.21.3/src/tests/softpkcs11/main.c:1221:5: return_function: returning to ‘C_Login’ from ‘verify_session_handle’
krb5-1.21.3/src/tests/softpkcs11/main.c:1223:8: branch_false: following ‘false’ branch (when ‘pPin’ is NULL)...
 branch_false: ...to here
krb5-1.21.3/src/tests/softpkcs11/main.c:1229:17: branch_true: following ‘true’ branch...
krb5-1.21.3/src/tests/softpkcs11/main.c:1230:31: branch_true: ...to here
krb5-1.21.3/src/tests/softpkcs11/main.c:1233:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/softpkcs11/main.c:1236:13: branch_false: ...to here
krb5-1.21.3/src/tests/softpkcs11/main.c:1236:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/softpkcs11/main.c:1239:19: branch_false: ...to here
krb5-1.21.3/src/tests/softpkcs11/main.c:1239:13: acquire_resource: opened here
krb5-1.21.3/src/tests/softpkcs11/main.c:1240:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/softpkcs11/main.c:1245:32: branch_false: ...to here
krb5-1.21.3/src/tests/softpkcs11/main.c:1245:32: danger: ‘fopen(*o.u.private_key.file, "r")’ leaks here; was opened at [(17)](sarif:/runs/0/results/23/codeFlows/0/threadFlows/0/locations/16)
# 1243|           }
# 1244|   
# 1245|->         o->u.private_key.key = PEM_read_PrivateKey(f, NULL, NULL, pin);
# 1246|           fclose(f);
# 1247|           if (o->u.private_key.key == NULL) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1534]
krb5-1.21.3/src/tests/t_inetd.c:107:9: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/tests/t_inetd.c:81:7: branch_false: following ‘false’ branch (when ‘argc > 3’)...
krb5-1.21.3/src/tests/t_inetd.c:83:8: branch_false: ...to here
krb5-1.21.3/src/tests/t_inetd.c:83:7: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/t_inetd.c:85:12: branch_false: ...to here
krb5-1.21.3/src/tests/t_inetd.c:88:17: acquire_resource: stream socket created here
krb5-1.21.3/src/tests/t_inetd.c:88:8: branch_false: following ‘false’ branch (when ‘sock >= 0’)...
krb5-1.21.3/src/tests/t_inetd.c:93:12: branch_false: ...to here
krb5-1.21.3/src/tests/t_inetd.c:101:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/t_inetd.c:106:9: branch_false: ...to here
krb5-1.21.3/src/tests/t_inetd.c:106:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/tests/t_inetd.c:107:27: branch_true: ...to here
krb5-1.21.3/src/tests/t_inetd.c:107:9: danger: ‘sock’ leaks here
#  105|   
#  106|       if (listen(sock, 1) == -1) {
#  107|->         com_err(progname, errno, "listening");
#  108|           exit(3);
#  109|       }

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1535]
krb5-1.21.3/src/tests/t_inetd.c:112:5: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/tests/t_inetd.c:81:7: branch_false: following ‘false’ branch (when ‘argc > 3’)...
krb5-1.21.3/src/tests/t_inetd.c:83:8: branch_false: ...to here
krb5-1.21.3/src/tests/t_inetd.c:83:7: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/t_inetd.c:85:12: branch_false: ...to here
krb5-1.21.3/src/tests/t_inetd.c:88:17: acquire_resource: stream socket created here
krb5-1.21.3/src/tests/t_inetd.c:88:8: branch_false: following ‘false’ branch (when ‘sock >= 0’)...
krb5-1.21.3/src/tests/t_inetd.c:93:12: branch_false: ...to here
krb5-1.21.3/src/tests/t_inetd.c:101:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/t_inetd.c:106:9: branch_false: ...to here
krb5-1.21.3/src/tests/t_inetd.c:106:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/t_inetd.c:111:5: branch_false: ...to here
krb5-1.21.3/src/tests/t_inetd.c:112:5: danger: ‘sock’ leaks here
#  110|   
#  111|       printf("Ready!\n");
#  112|->     fflush(stdout);
#  113|       if ((acc = accept(sock, (struct sockaddr *)&f_inaddr,
#  114|                         &namelen)) == -1) {

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1536]
krb5-1.21.3/src/tests/t_inetd.c:113:16: warning[-Wanalyzer-fd-leak]: leak of file descriptor ‘sock’
krb5-1.21.3/src/tests/t_inetd.c:81:7: branch_false: following ‘false’ branch (when ‘argc > 3’)...
krb5-1.21.3/src/tests/t_inetd.c:83:8: branch_false: ...to here
krb5-1.21.3/src/tests/t_inetd.c:83:7: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/t_inetd.c:85:12: branch_false: ...to here
krb5-1.21.3/src/tests/t_inetd.c:88:17: acquire_resource: stream socket created here
krb5-1.21.3/src/tests/t_inetd.c:88:8: branch_false: following ‘false’ branch (when ‘sock >= 0’)...
krb5-1.21.3/src/tests/t_inetd.c:93:12: branch_false: ...to here
krb5-1.21.3/src/tests/t_inetd.c:101:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/t_inetd.c:106:9: branch_false: ...to here
krb5-1.21.3/src/tests/t_inetd.c:106:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/tests/t_inetd.c:111:5: branch_false: ...to here
krb5-1.21.3/src/tests/t_inetd.c:113:16: danger: ‘sock’ leaks here
#  111|       printf("Ready!\n");
#  112|       fflush(stdout);
#  113|->     if ((acc = accept(sock, (struct sockaddr *)&f_inaddr,
#  114|                         &namelen)) == -1) {
#  115|           com_err(progname, errno, "accepting");

Error: COMPILER_WARNING: [#def1537]
krb5-1.21.3/src/tests/verify/kdb5_verify.c: scope_hint: In function ‘main’
krb5-1.21.3/src/tests/verify/kdb5_verify.c:189:13: warning[-Wstringop-truncation]: ‘__strncat_chk’ output may be truncated copying between 0 and 4095 bytes from a string of length 8191
#  189 |             strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp));
#      |             ^
#  187|                               principal_string, i);
#  188|               tmp2[sizeof(tmp2) - 1] = '\0';
#  189|->             strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp));
#  190|               str_princ = tmp;
#  191|               if (check_princ(context, str_princ)) errors++;

Error: COMPILER_WARNING (CWE-563): [#def1538]
krb5-1.21.3/src/util/profile/prof_file.c:190:32: warning[-Wunused-variable]: unused variable ‘pwx’
#  190 |             struct passwd *pw, pwx;
#      |                                ^~~
#  188|           if (home_env == NULL) {
#  189|               uid_t uid;
#  190|->             struct passwd *pw, pwx;
#  191|               char pwbuf[BUFSIZ];
#  192|   

Error: COMPILER_WARNING (CWE-563): [#def1539]
krb5-1.21.3/src/util/profile/prof_file.c: scope_hint: In function ‘profile_open_file’
krb5-1.21.3/src/util/profile/prof_file.c:191:18: warning[-Wunused-variable]: unused variable ‘pwbuf’
#  191 |             char pwbuf[BUFSIZ];
#      |                  ^~~~~
#  189|               uid_t uid;
#  190|               struct passwd *pw, pwx;
#  191|->             char pwbuf[BUFSIZ];
#  192|   
#  193|               uid = getuid();

Error: CPPCHECK_WARNING (CWE-457): [#def1540]
krb5-1.21.3/src/util/profile/prof_file.c:194: error[legacyUninitvar]: Uninitialized variable: *(&pw)
#  192|   
#  193|               uid = getuid();
#  194|->             if (!k5_getpwuid_r(uid, &pwx, pwbuf, sizeof(pwbuf), &pw)
#  195|                   && pw != NULL && pw->pw_dir[0] != 0)
#  196|                   home_env = pw->pw_dir;

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1541]
krb5-1.21.3/src/util/profile/prof_file.c:330:9: warning[-Wanalyzer-file-leak]: leak of FILE ‘fopen(&*data.filespec, "r")’
krb5-1.21.3/src/util/profile/prof_file.c:285:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/util/profile/prof_file.c:288:5: branch_false: ...to here
krb5-1.21.3/src/util/profile/prof_file.c:325:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/util/profile/prof_file.c:326:9: branch_true: ...to here
krb5-1.21.3/src/util/profile/prof_file.c:327:13: acquire_resource: opened here
krb5-1.21.3/src/util/profile/prof_file.c:328:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/util/profile/prof_file.c:330:9: branch_false: ...to here
krb5-1.21.3/src/util/profile/prof_file.c:330:9: danger: ‘fopen(&*data.filespec, "r")’ leaks here; was opened at [(5)](sarif:/runs/0/results/7/codeFlows/0/threadFlows/0/locations/4)
#  328|           if (f == NULL)
#  329|               return (errno != 0) ? errno : ENOENT;
#  330|->         set_cloexec_file(f);
#  331|       }
#  332|   

Error: GCC_ANALYZER_WARNING (CWE-775): [#def1542]
krb5-1.21.3/src/util/profile/prof_file.c:339:18: warning[-Wanalyzer-file-leak]: leak of FILE ‘f’
krb5-1.21.3/src/util/profile/prof_file.c:285:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/util/profile/prof_file.c:288:5: branch_false: ...to here
krb5-1.21.3/src/util/profile/prof_file.c:325:8: branch_true: following ‘true’ branch...
krb5-1.21.3/src/util/profile/prof_file.c:326:9: branch_true: ...to here
krb5-1.21.3/src/util/profile/prof_file.c:327:13: acquire_resource: opened here
krb5-1.21.3/src/util/profile/prof_file.c:328:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/util/profile/prof_file.c:330:9: branch_false: ...to here
krb5-1.21.3/src/util/profile/prof_file.c:336:8: branch_false: following ‘false’ branch...
krb5-1.21.3/src/util/profile/prof_file.c:339:18: branch_false: ...to here
krb5-1.21.3/src/util/profile/prof_file.c:339:18: danger: ‘f’ leaks here; was opened at [(5)](sarif:/runs/0/results/11/codeFlows/0/threadFlows/0/locations/4)
#  337|           retval = profile_process_directory(data->filespec, &data->root);
#  338|       } else {
#  339|->         retval = profile_parse_file(f, &data->root, ret_modspec);
#  340|           (void)fclose(f);
#  341|       }

Error: GCC_ANALYZER_WARNING (CWE-688): [#def1543]
krb5-1.21.3/src/util/support/dir_filenames.c:130:5: warning[-Wanalyzer-null-argument]: use of NULL ‘fnames’ where non-null expected
krb5-1.21.3/src/util/support/dir_filenames.c:112:12: release_memory: ‘fnames’ is NULL
krb5-1.21.3/src/util/support/dir_filenames.c:115:5: release_memory: ‘fnames’ is NULL
krb5-1.21.3/src/util/support/dir_filenames.c:118:8: branch_false: following ‘false’ branch...
 branch_false: ...to here
krb5-1.21.3/src/util/support/dir_filenames.c:121:12: branch_false: following ‘false’ branch...
krb5-1.21.3/src/util/support/dir_filenames.c:129:5: branch_false: ...to here
krb5-1.21.3/src/util/support/dir_filenames.c:130:5: release_memory: ‘fnames’ is NULL
krb5-1.21.3/src/util/support/dir_filenames.c:131:5: release_memory: ‘fnames’ is NULL
krb5-1.21.3/src/util/support/dir_filenames.c:130:5: danger: argument 1 (‘fnames’) NULL where non-null expected
#  128|   
#  129|       closedir(dir);
#  130|->     qsort(fnames, n_fnames, sizeof(*fnames), compare_with_strcmp);
#  131|       *fnames_out = fnames;
#  132|       return 0;